Adding debian version 6.10.3-1.debian/6.10.3-1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

15 files changed, 154 insertions, 13 deletions

diff --git a/debian/templates/image.NEWS.in b/debian/linux-image-6.10.3-powerpc64-64k.NEWS
index f8e1fc0229..788dab7828 100644
--- a/debian/templates/image.NEWS.in
+++ b/debian/linux-image-6.10.3-powerpc64-64k.NEWS
@@ -1,3 +1,28 @@
+linux (6.10-1~exp2) unstable; urgency=medium
+
+  * From Linux 6.10, the default kernel on ppc64 and ppc64el
+    architectures uses 4k page size.
+
+    After rebooting, you need to re-create all swap files or partitions.
+    They depend on the page size and will be not longer usable.  See
+    mkswap(8) on how to do that.
+
+    Some file systems might be incompatible with the smaller page size.
+    At least btrfs created with default settings is known to be affected
+    and they will not work with this kernel any more.
+
+    A btrfs file system can be checked with file(1) (use file -s).  It
+    will show:
+    BTRFS Filesystem sectorsize 65536
+    If this number is larger then 4096, the file system can not be
+    mounted with the default kernel anymore.
+
+    If you are affected and require the 64k page size of older kernels,
+    you can install linux-image-powerpc64-64k or
+    linux-image-powerpc64el-64k packages.
+
+ -- Bastian Blank <waldi@debian.org>  Thu, 11 Jul 2024 11:12:35 +0200
+
 linux (5.10.46-4) unstable; urgency=medium
 
   * From Linux 5.10.46-4, unprivileged calls to bpf() are disabled by
diff --git a/debian/templates/docs.meta.control.in b/debian/templates/docs.meta.control.in
index c97e3db3b0..3914592361 100644
--- a/debian/templates/docs.meta.control.in
+++ b/debian/templates/docs.meta.control.in
@@ -1,6 +1,6 @@
 Package: @source_basename@-doc@source_suffix@
 Meta-Rules-Target: meta
-Meta-Rules-Makeflags-INSTALLDOCS_LINK_DOC: @source_basename@-doc-@version@
+Meta-Rules-Makeflags: INSTALLDOCS_LINK_DOC=@source_basename@-doc-@version@
 Build-Profiles: <!nodoc !pkg.linux.nometa !pkg.linux.quick>
 Section: doc
 Architecture: all
diff --git a/debian/templates/headers.meta.control.in b/debian/templates/headers.meta.control.in
index d5df832857..e91e0e336f 100644
--- a/debian/templates/headers.meta.control.in
+++ b/debian/templates/headers.meta.control.in
@@ -1,6 +1,6 @@
 Package: linux-headers@source_suffix@@localversion@
 Meta-Rules-Target: meta
-Meta-Rules-Makeflags-INSTALLDOCS_LINK_DOC: linux-headers-@abiname@@localversion@
+Meta-Rules-Makeflags: INSTALLDOCS_LINK_DOC=linux-headers-@abiname@@localversion@
 Build-Profiles: <!pkg.linux.nokernel !pkg.linux.nometa>
 Depends: linux-headers-@abiname@@localversion@ (= ${binary:Version}), ${misc:Depends}
 Description: Header files for Linux @flavour@ configuration (meta-package)
diff --git a/debian/templates/image-dbg.meta.control.in b/debian/templates/image-dbg.meta.control.in
index b2af08dd11..1185f22bc1 100644
--- a/debian/templates/image-dbg.meta.control.in
+++ b/debian/templates/image-dbg.meta.control.in
@@ -1,6 +1,6 @@
 Package: linux-image@source_suffix@@localversion@-dbg
 Meta-Rules-Target: meta
-Meta-Rules-Makeflags-INSTALLDOCS_LINK_DOC: linux-image-@abiname@@localversion@-dbg
+Meta-Rules-Makeflags: INSTALLDOCS_LINK_DOC=linux-image-@abiname@@localversion@-dbg
 Build-Profiles: <!pkg.linux.nokernel !pkg.linux.nokerneldbg !pkg.linux.nometa !pkg.linux.quick>
 Depends: linux-image-@abiname@@localversion@-dbg (= ${binary:Version}), ${misc:Depends}
 Provides: linux-latest-image-dbg
diff --git a/debian/templates/image-extra-dev.control.in b/debian/templates/image-extra-dev.control.in
new file mode 100644
index 0000000000..beaca6a66e
--- /dev/null
+++ b/debian/templates/image-extra-dev.control.in
@@ -0,0 +1,8 @@
+Package: linux-bpf-dev
+Meta-Rules-Target: bpf-dev
+Build-Profiles: <!pkg.linux.nokernel !pkg.linux.quick>
+Section: devel
+Depends: ${misc:Depends}
+Description: Headers for BPF development
+ The vmlinux.h header is provided to allow userspace to build BPF CO-RE
+ programs targeting the packaged kernel.
diff --git a/debian/templates/image-unsigned.NEWS.in b/debian/templates/image-unsigned.NEWS.in
deleted file mode 120000
index e70f537c2f..0000000000
--- a/debian/templates/image-unsigned.NEWS.in
+++ /dev/null
@@ -1 +0,0 @@
-image.NEWS.in
\ No newline at end of file
diff --git a/debian/templates/image-unsigned.NEWS.j2 b/debian/templates/image-unsigned.NEWS.j2
new file mode 120000
index 0000000000..0833b655bd
--- /dev/null
+++ b/debian/templates/image-unsigned.NEWS.j2
@@ -0,0 +1 @@
+image.NEWS.j2
\ No newline at end of file
diff --git a/debian/templates/image.NEWS.j2 b/debian/templates/image.NEWS.j2
new file mode 100644
index 0000000000..d07bf6f64f
--- /dev/null
+++ b/debian/templates/image.NEWS.j2
@@ -0,0 +1,110 @@
+{% if arch in ('ppc64', 'ppc64el') %}
+linux (6.10-1~exp2) unstable; urgency=medium
+
+  * From Linux 6.10, the default kernel on ppc64 and ppc64el
+    architectures uses 4k page size.
+
+    After rebooting, you need to re-create all swap files or partitions.
+    They depend on the page size and will be not longer usable.  See
+    mkswap(8) on how to do that.
+
+    Some file systems might be incompatible with the smaller page size.
+    At least btrfs created with default settings is known to be affected
+    and they will not work with this kernel any more.
+
+    A btrfs file system can be checked with file(1) (use file -s).  It
+    will show:
+    BTRFS Filesystem sectorsize 65536
+    If this number is larger then 4096, the file system can not be
+    mounted with the default kernel anymore.
+
+    If you are affected and require the 64k page size of older kernels,
+    you can install linux-image-powerpc64-64k or
+    linux-image-powerpc64el-64k packages.
+
+ -- Bastian Blank <waldi@debian.org>  Thu, 11 Jul 2024 11:12:35 +0200
+
+{% endif %}
+linux (5.10.46-4) unstable; urgency=medium
+
+  * From Linux 5.10.46-4, unprivileged calls to bpf() are disabled by
+    default, mitigating several security issues. However, an admin can
+    still change this setting later on, if needed, by writing 0 or 1 to
+    the kernel.unprivileged_bpf_disabled sysctl.
+
+    If you prefer to keep unprivileged calls to bpf() enabled, set the
+    sysctl:
+
+    kernel.unprivileged_bpf_disabled = 0
+
+    which is the upstream default.
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 02 Aug 2021 22:59:24 +0200
+
+linux (5.10~rc7-1~exp2) unstable; urgency=medium
+
+  * From Linux 5.10, all users are allowed to create user namespaces by
+    default.  This will allow programs such as web browsers and container
+    managers to create more restricted sandboxes for untrusted or
+    less-trusted code, without the need to run as root or to use a
+    setuid-root helper.
+
+    The previous Debian default was to restrict this feature to processes
+    running as root, because it exposed more security issues in the
+    kernel.  However, the security benefits of more widespread sandboxing
+    probably now outweigh this risk.
+
+    If you prefer to keep this feature restricted, set the sysctl:
+
+        kernel.unprivileged_userns_clone = 0
+
+ -- Ben Hutchings <benh@debian.org>  Sun, 13 Dec 2020 17:11:36 +0100
+
+linux-latest (86) unstable; urgency=medium
+
+  * From Linux 4.13.10-1, AppArmor is enabled by default.  This allows
+    defining a "profile" for each installed program that can mitigate
+    security vulnerabilities in it.  However, an incorrect profile might
+    disable some functionality of the program.
+
+    In case you suspect that an AppArmor profile is incorrect, see
+    <https://lists.debian.org/debian-devel/2017/11/msg00178.html> and
+    consider reporting a bug in the package providing the profile.  The
+    profile may be part of the program's package or apparmor-profiles.
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Thu, 30 Nov 2017 20:08:25 +0000
+
+linux-latest (81) unstable; urgency=medium
+
+  * From Linux 4.10, the old 'virtual syscall' interface on 64-bit PCs
+    (amd64) is disabled.  This breaks chroot environments and containers
+    that use (e)glibc 2.13 and earlier, including those based on Debian 7
+    or RHEL/CentOS 6.  To re-enable it, set the kernel parameter:
+    vsyscall=emulate
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Fri, 30 Jun 2017 23:50:03 +0100
+
+linux-latest (76) unstable; urgency=medium
+
+  * From Linux 4.8, several changes have been made in the kernel
+    configuration to 'harden' the system, i.e. to mitigate security bugs.
+    Some changes may cause legitimate applications to fail, and can be
+    reverted by run-time configuration:
+    - On most architectures, the /dev/mem device can no longer be used to
+      access devices that also have a kernel driver.  This breaks dosemu
+      and some old user-space graphics drivers.  To allow this, set the
+      kernel parameter: iomem=relaxed
+    - The kernel log is no longer readable by unprivileged users.  To
+      allow this, set the sysctl: kernel.dmesg_restrict=0
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Sat, 29 Oct 2016 02:05:32 +0100
+
+linux-latest (75) unstable; urgency=medium
+
+  * From Linux 4.7, the iptables connection tracking system will no longer
+    automatically load helper modules.  If your firewall configuration
+    depends on connection tracking helpers, you should explicitly load the
+    required modules.  For more information, see
+    <https://home.regit.org/netfilter-en/secure-use-of-helpers/>.
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Sat, 29 Oct 2016 01:53:18 +0100
diff --git a/debian/templates/image.meta.control.in b/debian/templates/image.meta.control.in
index 386dd78cfd..761c00e6d5 100644
--- a/debian/templates/image.meta.control.in
+++ b/debian/templates/image.meta.control.in
@@ -1,6 +1,6 @@
 Package: linux-image@source_suffix@@localversion@
 Meta-Rules-Target: meta
-Meta-Rules-Makeflags-INSTALLDOCS_LINK_DOC: linux-image-@abiname@@localversion@
+Meta-Rules-Makeflags: INSTALLDOCS_LINK_DOC=linux-image-@abiname@@localversion@
 Build-Profiles: <!pkg.linux.nokernel !pkg.linux.nometa>
 Depends: linux-image-@abiname@@localversion@ (= ${binary:Version}), ${misc:Depends}
 Provides: linux-latest-modules-@abiname@@localversion@, wireguard-modules (= 1.0.0), virtualbox-guest-modules [amd64 i386]
diff --git a/debian/templates/signed.image.NEWS.in b/debian/templates/signed.image.NEWS.in
deleted file mode 120000
index e70f537c2f..0000000000
--- a/debian/templates/signed.image.NEWS.in
+++ /dev/null
@@ -1 +0,0 @@
-image.NEWS.in
\ No newline at end of file
diff --git a/debian/templates/signed.image.NEWS.j2 b/debian/templates/signed.image.NEWS.j2
new file mode 120000
index 0000000000..0833b655bd
--- /dev/null
+++ b/debian/templates/signed.image.NEWS.j2
@@ -0,0 +1 @@
+image.NEWS.j2
\ No newline at end of file
diff --git a/debian/templates/signed.source.control.in b/debian/templates/signed.source.control.in
index 1f55a8e35d..7cb75d65e2 100644
--- a/debian/templates/signed.source.control.in
+++ b/debian/templates/signed.source.control.in
@@ -5,7 +5,7 @@ Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
 Uploaders: Bastian Blank <waldi@debian.org>, maximilian attems <maks@debian.org>, Ben Hutchings <benh@debian.org>, Salvatore Bonaccorso <carnil@debian.org>
 Standards-Version: 4.2.0
 Build-Depends:
- debhelper-compat (= 12), dh-exec,
+ debhelper-compat (= 13),
  python3:any,
  sbsigntool [amd64 arm64 i386],
 Rules-Requires-Root: no
diff --git a/debian/templates/source.control.in b/debian/templates/source.control.in
index 59fa8422d9..b422c490da 100644
--- a/debian/templates/source.control.in
+++ b/debian/templates/source.control.in
@@ -4,7 +4,7 @@ Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
 Uploaders: Bastian Blank <waldi@debian.org>, maximilian attems <maks@debian.org>, Ben Hutchings <benh@debian.org>, Salvatore Bonaccorso <carnil@debian.org>
 Standards-Version: 4.2.0
 Build-Depends:
- debhelper-compat (= 12), dh-exec,
+ debhelper-compat (= 13),
 # used to run debian/bin/*.py
  python3:native,
  python3-dacite:native,
diff --git a/debian/templates/sourcebin.meta.control.in b/debian/templates/sourcebin.meta.control.in
index d176644b52..c4f47b2289 100644
--- a/debian/templates/sourcebin.meta.control.in
+++ b/debian/templates/sourcebin.meta.control.in
@@ -1,6 +1,6 @@
 Package: @source_basename@-source@source_suffix@
 Meta-Rules-Target: meta
-Meta-Rules-Makeflags-INSTALLDOCS_LINK_DOC: @source_basename@-source-@version@
+Meta-Rules-Makeflags: INSTALLDOCS_LINK_DOC=@source_basename@-source-@version@
 Build-Profiles: <!pkg.linux.nosource !pkg.linux.nometa !pkg.linux.quick>
 Architecture: all
 Depends: @source_basename@-source-@version@ (= ${binary:Version}), ${misc:Depends}
diff --git a/debian/templates/tools-unversioned.control.in b/debian/templates/tools-unversioned.control.in
index be4c3c50fb..5850a8246b 100644
--- a/debian/templates/tools-unversioned.control.in
+++ b/debian/templates/tools-unversioned.control.in
@@ -66,6 +66,7 @@ Build-Depends:
  gcc-multilib [amd64 mips64 mips64el mips64r6 mips64r6el ppc64 s390x sparc64] <!cross>,
  libaudit-dev,
  libbabeltrace-dev,
+ libdebuginfod-dev,
  libdw-dev,
  libnewt-dev,
  libnuma-dev,
@@ -127,10 +128,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}
 Section: admin
 Description: Support daemons for Linux running on Hyper-V
  Suite of daemons for Linux guests running on Hyper-V, consisting of
- hv_fcopy_daemon, hv_kvp_daemon and hv_vss_daemon.
- .
- hv_fcopy_daemon provides the file copy service, allowing the host to
- copy files into the guest.
+ hv_kvp_daemon and hv_vss_daemon.
  .
  hv_kvp_daemon provides the key-value pair (KVP) service, allowing the
  host to get and set the IP networking configuration of the guest.