Archive of posts from 2023
FOSS activity in November 2023
- Reviewed changes to Debian package building in upstream Linux.
- Attended the Debian LTS monthly meeting on IRC.
-
Reviewed the following merge requests:
- linux: [ia64] Workaround an ICE when built with gcc-13 (proposed a less invasive fix)
- linux: Remove architectures not existing in Debian (ongoing discussion)
- linux: Build linux-libc-dev as arch-all package (proposed further changes: d/rules.real: Change linux-libc-dev installation again)
- linux: Merge lintian and piupart jobs (suggested further simplification)
- linux: Remove use of linux-compiler packages (queried)
- linux: [x86] Various drivers for ChromeOS devices (merged)
- linux: [arm64] Enable configs for MediaTek MT8173 and MT8183 Chromebooks (merged)
- linux: [arm64] Enable more hardware for RK3399 ChromeOS tablets (merged)
- linux: debian/salsa-ci.yml: Replace except: with rules: and Enable build arm64 on the default branch (changes requested; now merged)
- linux: d/changelog: Move changelog items before 5.10 to changelog.old (proposed alternate change)
- linux: [arm64] Increase max CPU count to 512 (queried)
- Updated the linux package for Debian 10 "buster" to 4.19.299, but didn't make an upload.
- Attended mini-DebConf Cambridge and the preceding mini-DebCamp, although I was absent on Sunday due to illness.
- Updated the backports of linux in bullseye-backports and bookworm-backports.
- Proposed fix for build regression for linux with upstream version 6.6.
- With some help from Helmut Grohne, updated kernel team maintained packages to move files under /usr: ethtool, firmware-free, firmware-nonfree, iw, klibc, ktls-utils, kup, linux, wireless-regdb.
- Proposed changes to dput-ng for better compatiblity with dput:
FOSS activity in October 2023
- Discussed several bug/issue reports in Debian:
- And for Linux stable branches:
- Updated the linux-5.10 package in Debian 10 "buster" and issued DLA-3623-1.
- Updated the linux backport in bookworm-backports.
- Updated klibc in Debian, applying a patch from Peng Fan to support the loong64 architecture.
FOSS activity in September 2023
- Discussed the ongoing difficulties in supporting the Debian "marvell" kernel flavour. Reviewed the related merge request to fix armel build regression in Debian 12 "bookworm".
-
Wrote and recorded a talk for DebConf on
What's new in the Linux kernel
. Apologies for the poor audio quality; I will use a different microphone if I do this again. - Reviewed Bastian Blank's proposed changes to kernel package versioning and signing in Debian.
- Reported several bad backports to some Linux stable branches.
- Proposed a build fix for linux 6.5 on s390x.
- Updated the linux package for Debian 10 "buster" to 4.19.295, but didn't make an upload.
FOSS activity in August 2023
- Updated the linux-5.10 package in buster and issued DLA-3512-1 for it.
- Together with Aurelien Jarno, I investigated boot failures of Linux 5.10 and later versions on Debian's MIPS buildds, but I didn't find the root cause or any solution.
- Reviewed and tested the kernel mitigations for the SRSO (CVE-2023-20569) issue in AMD CPUs, and added a critical missing patch to the backports.
- Updated the linux (4.19) and linux-5.10 packages in buster, and the linux (5.10) package in bullseye, to include mitigations for GDS (CVE-2022-40982) on Intel processors and (5.10 only) SRSO on AMD. I issued DLA-3524-1 and DLA-3525-1 for buster.
- Nattie and I hosted a 30th birthday party for Debian in Leuven.
- Rebased and submitted my fixes for dahdi-linux.
- Updated the linux master branch to upstream version 6.5-rc4 and uploaded to experimental.
- Updated the backports of linux in bullseye-backports and bookworm-backports.
- Updated jinja-vanish to be compatible with Jinja 3.0. I also wired up its test suite to autopkgtests and added a Salsa CI configuration to catch any future regressions more quickly.
-
Reviewed the following merge requests:
- firmware-nonfree: Update to 20230625 (merged)
- klibc: Apply ubuntu specific patch (closed as no longer needed)
- firmware-free: Recommend firmware-ath9k-htc for its seperately-packaged free firmware (rebased and merged)
- initramfs-tools: mkinitramfs: Warn if initrd size > some ratio of RAM size (changes requested)
- linux/buster: Add support for ARC-1886 series RAID controllers (queried)
- nfs-utils: A couple more DEP8 tests (changes requested)
- initramfs-tools: d/initramfs-tools.maintscripts: Remove code for ancient versions (merged)
- Proposed fixes for some metadata in firmware-nonfree.
- Updated scripts and templates in firmware-free to synchronise with firmware-nonfree.
FOSS activity in July 2023
- I fixed native hppa builds of linux, which regressed due to my changes for cross-build support.
- I changed klibc's address layout for some architectures to work around a bug in QEMU user-space emulation. While investigating this I realised why klibc had started failing to link for MIPS R6, and fixed that too.
- I updated my branch fixing some reproducibility issues in linux.
- I packaged ktls-utils, which is needed to support use of TLS by the Linux kernel, in particular for NFS-over-TLS. I opened several upstream issues for problems I found.
- In order to test the NFS client with TLS, I needed Linux 6.5, so I updated the linux package to 6.5-rc3 (not yet uploaded).
- I cherry-picked mitigations for CVE-2023-20593 a.k.a. Zenbleed to various kernel branches, and uploaded linux version 6.1.38-2 to bookworm-security.
- I updated the buster-security branch of linux to upstream stable version 4.19.289, uploaded and issued DLA-3508-1 for it.
- I uploaded linux backport versions 6.3.7-1~bpo12+1 (bookworm-backports), 6.1.28-2~bpo11+1 (bullseye-backports), and 5.10.179-3~deb10u1 (buster-security).
- I made a minimal backport of the fix for CVE-2023-3610 for bullseye-security.
- I released klibc version 2.0.13 after nearly 6 months of development. (At the time of writing, the above link was broken due to an expired certificate.) Headline features are the LoongArch port and the use of 64-bit time_t and RT signals on all architectures. I also uploaded the new version to Debian.
FOSS activity in June 2023
- I uploaded sgt-puzzles to unstable. This brought in the new upstream version previously in experimental. I incorporated an updated German translation from Helge Kreutzmann, and made translation updates less tricky to do.
-
I made some changes to the nfs-utils package:
- Completed the transition from setting command-line options in /etc/default to /etc/nfs.conf.d.
- Made its shell scripts shellcheck-clean and added shellcheck to CI. (Thanks to наб who sent a patch for the init scripts.)
-
I accepted several MRs on Salsa:
- linux/master: [armhf] drivers/staging/media/rkvdec: enable rkvdec as module
- linux/master: Update to 6.4-rcX
- linux/bookworm: udeb: add r8188eu to nic-wireless-modules (Closes: #1035824)
- nfs-utils/master: Rely on the generator units for the rpc_pipefs mount
- linux/master: mm: Enable Multi-Gen LRU implementation (by default)
- linux/master: d/rules.real: Also remove executable bit from dtbo files
- linux/master: [mips*]: Fixes for boston kernel
- linux/sid: Ignore ABI changes for xfrm_bpf_md_dst (only for use in xfrm subsystem)
- I uploaded linux versions 6.4~rc6-1~exp1 and 6.4~rc7-1~exp1 to experimental.
- I updated the buster-security (4.19) branch of linux to stable version 4.19.288, but didn't upload it this month.
- I fixed build regressions for linux/experimental on several architectures, and sent the changes upstream where appropriate (hppa, m68k, and preemptively sparc).
- I created a bookworm-backports branch for the linux package, but that suite is not yet open to uploads.
- I uploaded linux version 6.1.27-1~bpo11+1 and firmware-nonfree version 20230210-5~bpo11+1 to bullseye-backports, but they still haven't been accepted.
- I fixed a build regression and many other bugs in dadhi-linux.
- I realised that the linux test-patches script still wasn't building all the packages needed to make the linux-headers package (or, on some architectures, the linux-image package) installable. I fixed this for unstable, backported those changes to bookworm, and backported all the test-patches changes to bullseye.
- I prepared a backport of firmware-nonfree version 20220913-1 to bullseye (not -backports). This is based on the work Tobias Frost did to update it in buster-security (Debian LTS).
- I updated the Debian Kernel Handbook to use the Debian stylesheet. This is now in the live version but I haven't uploaded the package.
- I started backporting various kernel security fixes to the affected stable branches. These are not yet tested or submitted upstream.
- I fixed a regression in cpu_rmap in the Linux kernel.
- I reported a regression in rtl8192 on Linux stable branches.
- I co-organised the Debian release party in Leuven. and posted a group photo of this on Mastodon.
- The amdgpu driver lists some firmware files as potentially needed that aren't packaged or even publicly available, which leads to warnings from initramfs-tools on systems using this driver. I queried these upstream, which should hopefully lead to a resolution of the bug.
- I wrote the arm, mips, and riscv parts of the fix for CVE-2023-3269 a.k.a. StackRot.
FOSS activity in May 2023
-
Several users reported problems in building and testing patched kernels using the instructions in the Debian Kernel Handbook and the test-patches script included in the source package for this purpose: #871216, #1022061, and #1023773.
The test-patches script hadn't been updated to follow the past few years' packaging changes, and produced somewhat broken packages. It was also not robust to being interrupted and restarted, and was needlessly slow due to running the whole build process under fakeroot. I fixed all these problems in the script.
I updated the Debian Kernel Handbook to cover the changes in test-paches and to note the problems in older versions. I revised the instructions for building without this script to correctly cover disabling debug info, to enable parallel builds, and to include building all required binary packages.
- I issued DLA-3403-1 and DLA-3404-1 for security updates to the linux (4.19) and linux-5.10 packages in Debian LTS.
- I reviewed and accepted a merge request updating linux to upstream version 6.3. I updated further to stable update 6.3.1 and uploaded the package to the experimental suite.
- Following the experimental upload, I investigated and fixed build failures on armel, mips64el, mipsel, and sh4 due to increases in the kernel image size.
-
In cross-building linux for those architectures I found regressions in the way we build the objtool command that's used for post-processing and checking kernel code:
- The upstream build rules for objtool always carry out a native build so that it can be used during a cross-build of the kernel. But we also need to be able to cross-build objtool itself for inclusion in the linux-kbuild-version package. Our previous hack to do this broke.
- objtool was originally introduced specifically to handle x86 code, but now supports PowerPC as well. Since linux-kbuild packages support cross-building kernel modules, a single build of objtool will no longer be sufficient.
-
I updated Debian's patch to fix reproducibility of the manual pages for the perf tool, which was no longer working and partly overlapped with upstream changes. The updated version has now been applied upstream.
Unfortunately, due to reprotest's excessive memory consumption when comparing large packages, we hadn't been able to see that many other reproducibility issues have crept into the linux package over the past years. I've started work on fixing those.
- I investigated Debian bug #1036019: debian-installer: Broken X display with QEMU under UEFI with cirrus and std graphics and found a one-line fix, but there is some reasonable concern that my fix might cause regressions for other systems.
-
I reviewed and accepted several more merge requests for linux targetting the master branch:
- Update to 6.3.2 + 6.3.1-rt13
- [x86,amd64] Enable MEI options for Intel ARC GPUs
- d/templates: Improve package description for "header" packages
- [arm64] drivers/hwtracing/coresight: Enable components
- Enable limiting of compression threading
- [amd64] arch/x86: Enable Intel TDX - Guest Support
- [amd64] drivers/platform/x86/intel/ifs: Enable Intel In-Field Scan (IFS)
I made another upload of linux to the experimental suite with all the above changes.
- I reviewed a merge request to update to a release candidate for 6.4 and fixed a build regression. This isn't merged yet, but as soon as bookworm is released the kernel team should be ready to upload packages based on 6.3 and a 6.4 release candidate to unstable and experimental respectively.
- I updated the buster-security branch of linux to upstream stable version 4.19.283, but didn't make an upload this month.
- I investigated Debian bug #1036543: linux: WARNING at drivers/crypto/ccp/sev-dev.c:168 __sev_do_cmd_locked+0x31b/0x350 [ccp] and found that it was due to an incomplete backport in a stable update. I've reported the missing commits upstream.
- I did some paid work on IPv6 support in Busybox, but I don't yet have permission to make this public.
- I started work on supporting IPv6 in klibc's ipconfig, as requested in Debian bug #627164 12 years ago(!).
- I updated the kernel security tracker to add status for 6.1-upstream-stable and 6.1-bookworm-security branches to all active issues.
-
Debian LTS work, March/April 2023
In March and April I worked a total of 28 hours for Freexian's Debian LTS initiative, out of a maximum of 48 hours.
I updated the linux (4.19) package to the latest stable and stable-rt updates, and uploaded it at the end of April. I merged the latest bullseye security update into the linux-5.10 package and uploaded that at the same time.
Debian LTS work, January/February 2023
In January I was assigned 24 hours by Freexian's Debian LTS initiative and worked 8 hours. In February I was assigned another 8 hours and worked 8 hours.
I updated the linux (4.19) package to the latest stable update, but didn't upload it. I merged the latest bullseye security update into the linux-5.10 package and uploaded that.
Debian LTS work, December 2022
In December I was assigned 15 hours by Freexian's Debian LTS initiative and carried over 9 hours from November. I worked all of those hours.
I merged the latest bullseye point release into the linux-5.10 package, uploaded that, and issued DLA-3244-1.
I also updated the linux (4.19) package to the latest stable and and stable-rt versions, uploaded it, and issued DLA-3245-1.