Better living through software

Ben Hutchings's diary of life and technology

Email: ben@decadent.org.uk • Twitter: @benhutchingsuk • Debian: benh • Gitweb: git.decadent.org.uk • Github: github.com/bwhacks

Sun, 02 Jun 2019

Debian LTS work, May 2019

I was assigned 18 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.

I released Linux 3.16.66, and then prepared and released Linux 3.16.67 with a small number of fixes. I backported the updated Linux 4.9 packages from Debian 9.9, uploaded them and issued DLA-1771.

I had a little advance notice of the MDS speculative execution flaws, and started backporting the mitigations for these to older stable branches, starting with a version for Linux 4.14. I backported to 4.9 (Debian stretch/jessie) first, then to 4.4 (CIP) and 3.16 (Debian jessie). The charge for this time was accordingly split between CIP and Freexian.

I backported the security update for Linux 4.9 from stretch to jessie and issued DLA-1787.

The backport of mitigations to Linux 3.16 took longest to finish, as the x86 kernel exit path was substantially rewritten between 3.16 and 4.4. I needed to apply the mitigation in multiple assembly-language routines rather then a single C function, and before that I needed to backport support for static_branch patching in assembly-language source files. I sent the changes out for review and testing as Linux 3.16.68-rc1, and as Debian packages on people.debian.org. Since no problems were found, I released Linux 3.16.68, uploaded updated packages, and issued DLA-1799.

posted at: 19:39 | path: / | permanent link to this entry

Wed, 01 May 2019

Debian LTS work, April 2019

I was assigned 17.25 hours of work by Freexian's Debian LTS initiative and carried over 14 hours from March. I worked all 31.25 hours this month.

I uploaded firmware-nonfree with Emilio Pozuelo Monfort's changes, and issued DLA-1747-1.

I made a stable update to Linux 3.16 (3.16.65) and rebased the Debian package on top of this. I built and uploaded packages for testing, to reduce the risk of an uncaught regression in the next update to jessie. I prepared the next stable update (3.16.66), which is currently out for review.

I merged changes from stretch's linux package into linux-4.9, and from linux-latest into linux-latest-4.9. I built and uploaded these and prepared a DLA. However, linux-4.9 is currently waiting in the NEW queue because it includes an ABI bump.

posted at: 14:14 | path: / | permanent link to this entry

Tue, 02 Apr 2019

Debian LTS work, March 2019

I was assigned 20 hours of work by Freexian's Debian LTS initiative and carried over 16.5 hours from February. I worked 22.5 hours and so will carry over 14 hours.

I merged changes from stretch's linux package into the linux-4.9 package, uploaded that, and issued DLA-1715. I made another stable update to Linux 3.16 (3.16.64). I then rebased Debian's linux package on that version, uploaded it, and issued DLA-1731. This unfortunately introduced a regression, which I fixed in a second update.

I also reviewed and merged Emilio Pozuelo Monfort's changes to the firmware-nonfree package to address CVE-2018-5383.

posted at: 11:12 | path: / | permanent link to this entry

Thu, 14 Mar 2019

Debian LTS work, February 2019

I was assigned 19.5 hours of work by Freexian's Debian LTS initiative and carried over 1 hour from January. I worked only 4 hours and so will carry over 16.5 hours.

I backported various security fixes to Linux 3.16, but did not upload a new release yet.

posted at: 23:46 | path: / | permanent link to this entry

Sat, 16 Feb 2019

Debian LTS work, January 2019

I was assigned 20 hours of work by Freexian's Debian LTS initiative and carried over 5 hours from December. I worked 24 hours and so will carry over 1 hour.

I prepared another stable update for Linux 3.16 (3.16.63), but did not upload a new release yet.

I also raised the issue that the installer images for Debian 8 "jessie" would need to be updated to include a fix for CVE-2019-3462.

posted at: 16:01 | path: / | permanent link to this entry