-
I
fixed
native hppa builds of linux, which regressed due to my changes
for cross-build support.
-
I changed klibc's address layout for some architectures to work
around a bug in QEMU
user-space emulation. While investigating this I realised why
klibc had started failing to link for MIPS R6, and fixed that too.
-
I updated my branch
fixing
some reproducibility issues in linux.
-
I packaged
ktls-utils,
which is needed to support use of TLS by the Linux kernel, in
particular for NFS-over-TLS. I opened several
upstream
issues for problems I found.
-
In order to test the NFS client with TLS, I needed Linux 6.5, so I
updated
the linux package to 6.5-rc3 (not yet uploaded).
-
I cherry-picked mitigations for CVE-2023-20593 a.k.a. Zenbleed to
various kernel branches, and uploaded linux version 6.1.38-2 to
bookworm-security.
-
I updated the buster-security branch of linux to upstream stable
version 4.19.289, uploaded and issued
DLA-3508-1
for it.
-
I uploaded linux backport versions 6.3.7-1~bpo12+1
(bookworm-backports), 6.1.28-2~bpo11+1 (bullseye-backports), and
5.10.179-3~deb10u1 (buster-security).
-
I made a minimal
backport
of the fix for CVE-2023-3610 for bullseye-security.
-
I
released
klibc version 2.0.13 after nearly 6 months of development.
(At the time of writing, the above link was broken due to an
expired certificate.) Headline features are the LoongArch port
and the use of 64-bit time_t and RT signals on all architectures.
I also uploaded the new version to Debian.