Archive of posts from 2019
-
Debian LTS work, November 2019
I was assigned 24.5 hours of work by Freexian's Debian LTS initiative and carried over 0.5 hours from October. I worked 21.25 hours this month, so will carry over 3.75 hours to December.
I released Linux 3.16.76, rebased the Debian package onto that, and sent out a request for testing.
I backported the mitigation for TSX Asynchronous Abort (CVE-2019-11135) and reporting of iTLB multihit (CVE-2018-12207) to 3.16 (this work started in October). I applied these and a GPU security fix, uploaded the Debian package and issued DLA-1989-1.
I backported the latest security update for Linux 4.9 from stretch to jessie and issued DLA-1990-1 for that.
I prepared and, after, review, released Linux 3.16.77 and 3.16.78. I rebased the Debian package onto 3.16.78 and sent out a request for testing.
-
Debian LTS work, October 2019
I was assigned 22.75 hours of work by Freexian's Debian LTS initiative. I worked almost all those hours this month, but will carry over 0.5 hours to November.
I prepared and, after review, released Linux 3.16.75, including various important fixes. I then rebased the Debian package onto that, and sent out a request for testing. I prepared and sent out Linux 3.16.76-rc1 for review.
I handled a misdirected request to update the tzdata package, adding that and the related Perl library to the dla-needed.txt file. I responded to a support request regarding Intel microcode updates for security issues. I also spent some time working on security issues that are still under embargo.
-
Kernel Recipes 2019, part 2
This conference only has a single track, so I attended almost all the talks. This time I didn't take notes but I've summarised all the talks I attended. This is the second and last part of that; see part 1 if you missed it.
-
Debian LTS work, September 2019
I was assigned 20 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.
I prepared and, after review, released Linux 3.16.74, including various security and other fixes. I then rebased the Debian package onto that. I uploaded that with a small number of other fixes and issued DLA-1930-1.
I backported the latest security update for Linux 4.9 from stretch to jessie and issued DLA-1940-1 for that.
-
Kernel Recipes 2019, part 1
This conference only has a single track, so I attended almost all the talks. This time I didn't take notes but I've summarised all the talks I attended.
-
Linux Plumbers Conference 2019, part 3
Here's the last chunk of notes I took at Linux Plumbers Conference earlier this month. See part 1 and part 2 if you missed them.
-
Linux Plumbers Conference 2019, part 2
Here's the second chunk of notes I took at Linux Plumbers Conference earlier this month. Part 1 covered the Distribution kernels track.
-
Debian LTS work, August 2019
I was assigned 20 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.
I prepared and, after review, released Linux 3.16.72, including various security and other fixes. I then rebased the Debian package onto that. I uploaded that with a small number of other fixes and issued DLA-1884-1. I also prepared and released Linux 3.16.73 with another small set of fixes.
I backported the latest security update for Linux 4.9 from stretch to jessie and issued DLA-1885-1 for that.
-
Distribution kernels at Linux Plumbers Conference 2019
I'm attending the Linux Plumbers Conference in Lisbon from Monday to Wednesday this week. This morning I followed the "Distribution kernels" track, organised by Laura Abbott.
I took notes, included below, mostly with a view to what could be relevant to Debian. Other people took notes in Etherpad. There should also be video recordings available at some point.
-
Debian LTS work, July 2019
I was assigned 18.5 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.
I prepared and released Linux 3.16.70 with various fixes from upstream. I then rebased jessie's linux package on this. Later in the month, I picked the fix for CVE-2019-13272, uploaded the package, and issued DLA-1862-1. I also released Linux 3.16.71 with just that fix.
I backported the latest security update for Linux 4.9 from stretch to jessie and issued DLA-1863-1.
-
Talk: What's new in the Linux kernel (and what's missing in Debian)
As planned, I presented my annual talk about Linux kernel changes at DebConf on Monday—remotely. (I think this was a DebConf first.)
A video recording is already available (high quality, low quality). The slides are linked from my talks page and from the DebConf event page.
Thanks again to the video team for taking the time to work out video and audio routing with me.
-
Talk: What goes into a Debian package?
Some months ago I gave a talk / live demo at work about how Debian source and binary packages are constructed.
Yesterday I repeated this talk (with minor updates) for the Chicago LUG. I had quite a small audience, but got some really good questions at the end. I have now put the notes up on my talks page.
No, I'm not in Chicago. This was a trial run of giving a talk remotely, which I'll also be doing for DebConf this year. I set up an RTMP server in the cloud (nginx) and ran OBS Studio on my laptop to capture and transmit video and audio. I'm generally very impressed with OBS Studio, although the X window capture source could do with improvement. I used the built-in camera and mic, but the mic picked up a fair amount of background noise (including fan noise, since the video encoding keeps the CPU fairly busy). I should probably switch to a wearable mic in future.
-
Debian LTS work, June 2019
I was assigned 17 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.
I applied a number of security fixes to Linux 3.16, including those for the TCP denial-of-service vulnerabilities. I uploaded the updated package to jessie and issued DLA-1823.
I backported the corresponding security update for Linux 4.9 from stretch to jessie and issued DLA-1824.
I also prepared and released Linux 3.16.69 with most of the same security fixes, excluding those that weren't yet applied upstream.
-
Debian LTS work, May 2019
I was assigned 18 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.
I released Linux 3.16.66, and then prepared and released Linux 3.16.67 with a small number of fixes. I backported the updated Linux 4.9 packages from Debian 9.9, uploaded them and issued DLA-1771.
I had a little advance notice of the MDS speculative execution flaws, and started backporting the mitigations for these to older stable branches, starting with a version for Linux 4.14. I backported to 4.9 (Debian stretch/jessie) first, then to 4.4 (CIP) and 3.16 (Debian jessie). The charge for this time was accordingly split between CIP and Freexian.
I backported the security update for Linux 4.9 from stretch to jessie and issued DLA-1787.
The backport of mitigations to Linux 3.16 took longest to finish, as the x86 kernel exit path was substantially rewritten between 3.16 and 4.4. I needed to apply the mitigation in multiple assembly-language routines rather then a single C function, and before that I needed to backport support for static_branch patching in assembly-language source files. I sent the changes out for review and testing as Linux 3.16.68-rc1, and as Debian packages on people.debian.org. Since no problems were found, I released Linux 3.16.68, uploaded updated packages, and issued DLA-1799.
-
Debian LTS work, April 2019
I was assigned 17.25 hours of work by Freexian's Debian LTS initiative and carried over 14 hours from March. I worked all 31.25 hours this month.
I uploaded firmware-nonfree with Emilio Pozuelo Monfort's changes, and issued DLA-1747-1.
I made a stable update to Linux 3.16 (3.16.65) and rebased the Debian package on top of this. I built and uploaded packages for testing, to reduce the risk of an uncaught regression in the next update to jessie. I prepared the next stable update (3.16.66), which is currently out for review.
I merged changes from stretch's linux package into linux-4.9, and from linux-latest into linux-latest-4.9. I built and uploaded these and prepared a DLA. However, linux-4.9 is currently waiting in the NEW queue because it includes an ABI bump.
-
Debian LTS work, March 2019
I was assigned 20 hours of work by Freexian's Debian LTS initiative and carried over 16.5 hours from February. I worked 22.5 hours and so will carry over 14 hours.
I merged changes from stretch's linux package into the linux-4.9 package, uploaded that, and issued DLA-1715. I made another stable update to Linux 3.16 (3.16.64). I then rebased Debian's linux package on that version, uploaded it, and issued DLA-1731. This unfortunately introduced a regression, which I fixed in a second update.
I also reviewed and merged Emilio Pozuelo Monfort's changes to the firmware-nonfree package to address CVE-2018-5383.
-
Debian LTS work, February 2019
I was assigned 19.5 hours of work by Freexian's Debian LTS initiative and carried over 1 hour from January. I worked only 4 hours and so will carry over 16.5 hours.
I backported various security fixes to Linux 3.16, but did not upload a new release yet.
-
Debian LTS work, January 2019
I was assigned 20 hours of work by Freexian's Debian LTS initiative and carried over 5 hours from December. I worked 24 hours and so will carry over 1 hour.
I prepared another stable update for Linux 3.16 (3.16.63), but did not upload a new release yet.
I also raised the issue that the installer images for Debian 8 "jessie" would need to be updated to include a fix for CVE-2019-3462.
-
Debian LTS work, December 2018
I was assigned 20 hours of work by Freexian's Debian LTS initiative and worked 15 hours. I carried the remaining hours over to January.
I prepared and released another stable update for Linux 3.16 (3.16.62) and rebased jessie's linux package on this version, but did not upload a new release yet.
I also discussed the outstanding speculation-related vulnerabilities affecting Xen in jessie.