Email: email@example.com • Twitter: @benhutchingsuk • Debian: benh • Gitweb: git.decadent.org.uk • Github: github.com/bwhacks
In March I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 12.25 hours from earlier months. I worked 25.75 hours and will carry over the remainder.
I eventually settled on an apparently working patch series to fix the futex security issue in Linux 4.9. This went through upstream stable review and was included in 4.9.260. I applied the same fixes to the Debian package, along with some other security and regression fixes. I uploaded it and issued DLA-2586-1.
Unfortunately the futex changes for Linux 4.9 still caused a regression (kernel WARNING in some circumstances). I worked to backport and test a further set of fixes that had already been applied to later kernel branches. These were included in upstream stable release 4.9.264 and should go into an updated Debian package soon.
Following the Debian 10.9 point release, I also backported the updated Linux 4.19 package. I uploaded it and issued DLA-2610-1.
In January was assigned 7 hours of work by Freexian's Debian LTS initiative and carried over 8.5 hours from earlier months. However, I only used 0.25 hours of these to write December's report. In Feburary I was assigned another 16 hours to work, and have worked 19 hours. I will carry over the remaining hours to March.
I uploaded a Linux 4.19 package update based on the recent security update for Debian 10 "buster", and issued DLA-2557-1 for this. I spent most of my time working on an update for Linux 4.9. However, some of the recent security fixes are not yet in a fully working state, so I have not been able to upload an update yet.
I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 9 hours from earlier months. I worked 16.5 hours this month, so I will carry over 8.5 hours to January. (Updated: corrected number of hours worked.)
I updated linux-4.19 to include the changes in the Debian 10.7 point release, uploaded the package, and issued DLA-2483-1 for this.
I picked some regression fixes from the Linux 4.9 stable branch to the linux package, and uploaded the package. This unfortunately failed to build on arm64 due to some upstream changes uncovering an old bug, so I made a second upload fixing that. I issued DLA-2494-1 for this.
I updated the linux packaging branch for stretch to Linux 4.9.249, but haven't made another package upload yet.
I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 4.5 hours from earlier months. I worked 11.5 hours this month, so I will carry over 9 hours to December.
I continued working on backporting fixes for some less urgent security issues in Linux 4.9. I had to give up on some filesystem fixes as they caused regressions. The others have now been applied to the 4.9 stable branch at kernel.org.
I updated the linux packaging branch for stretch to Linux 4.9.246, but haven't made a new package upload yet.
I was assigned 6.25 hours of work by Freexian's Debian LTS initiative and carried over 17.5 hours from earlier months. I worked 11.5 hours this month and returned 7.75 hours to the pool, so I will carry over 4.5 hours to November.
I updated linux (4.9 kernel) to include upstream stable fixes, and issued DLA-2420-1. This resulted in a regression on some Xen PV environments. Ian Jackson identified the upstream fix for this, which had not yet been applied to all the stable branches that needed it. I made a further update with just that fix, and issued DLA-2420-2.
I have also been working to backport fixes for some less urgent security issues in Linux 4.9, but have not yet applied those fixes.