Email: ben@decadent.org.uk • Twitter: @benhutchingsuk • Debian: benh • Gitweb: git.decadent.org.uk • Github: github.com/bwhacks
Some months ago I gave a talk / live demo at work about how Debian source and binary packages are constructed.
Yesterday I repeated this talk (with minor updates) for the Chicago LUG. I had quite a small audience, but got some really good questions at the end. I have now put the notes up on my talks page.
No, I'm not in Chicago. This was a trial run of giving a talk remotely, which I'll also be doing for DebConf this year. I set up an RTMP server in the cloud (nginx) and ran OBS Studio on my laptop to capture and transmit video and audio. I'm generally very impressed with OBS Studio, although the X window capture source could do with improvement. I used the built-in camera and mic, but the mic picked up a fair amount of background noise (including fan noise, since the video encoding keeps the CPU fairly busy). I should probably switch to a wearable mic in future.
posted at: 15:05 | path: / | permanent link to this entry
I was assigned 17 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.
I applied a number of security fixes to Linux 3.16, including those for the TCP denial-of-service vulnerabilities. I uploaded the updated package to jessie and issued DLA-1823.
I backported the corresponding security update for Linux 4.9 from stretch to jessie and issued DLA-1824.
I also prepared and released Linux 3.16.69 with most of the same security fixes, excluding those that weren't yet applied upstream.
posted at: 17:30 | path: / | permanent link to this entry
I was assigned 18 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.
I released Linux 3.16.66, and then prepared and released Linux 3.16.67 with a small number of fixes. I backported the updated Linux 4.9 packages from Debian 9.9, uploaded them and issued DLA-1771.
I had a little advance notice of the MDS speculative execution flaws, and started backporting the mitigations for these to older stable branches, starting with a version for Linux 4.14. I backported to 4.9 (Debian stretch/jessie) first, then to 4.4 (CIP) and 3.16 (Debian jessie). The charge for this time was accordingly split between CIP and Freexian.
I backported the security update for Linux 4.9 from stretch to jessie and issued DLA-1787.
The backport of mitigations to Linux 3.16 took longest to finish, as the x86 kernel exit path was substantially rewritten between 3.16 and 4.4. I needed to apply the mitigation in multiple assembly-language routines rather then a single C function, and before that I needed to backport support for static_branch patching in assembly-language source files. I sent the changes out for review and testing as Linux 3.16.68-rc1, and as Debian packages on people.debian.org. Since no problems were found, I released Linux 3.16.68, uploaded updated packages, and issued DLA-1799.
posted at: 19:39 | path: / | permanent link to this entry
I was assigned 17.25 hours of work by Freexian's Debian LTS initiative and carried over 14 hours from March. I worked all 31.25 hours this month.
I uploaded firmware-nonfree with Emilio Pozuelo Monfort's changes, and issued DLA-1747-1.
I made a stable update to Linux 3.16 (3.16.65) and rebased the Debian package on top of this. I built and uploaded packages for testing, to reduce the risk of an uncaught regression in the next update to jessie. I prepared the next stable update (3.16.66), which is currently out for review.
I merged changes from stretch's linux package into linux-4.9, and from linux-latest into linux-latest-4.9. I built and uploaded these and prepared a DLA. However, linux-4.9 is currently waiting in the NEW queue because it includes an ABI bump.
posted at: 14:14 | path: / | permanent link to this entry
I was assigned 20 hours of work by Freexian's Debian LTS initiative and carried over 16.5 hours from February. I worked 22.5 hours and so will carry over 14 hours.
I merged changes from stretch's linux package into the linux-4.9 package, uploaded that, and issued DLA-1715. I made another stable update to Linux 3.16 (3.16.64). I then rebased Debian's linux package on that version, uploaded it, and issued DLA-1731. This unfortunately introduced a regression, which I fixed in a second update.
I also reviewed and merged Emilio Pozuelo Monfort's changes to the firmware-nonfree package to address CVE-2018-5383.
posted at: 11:12 | path: / | permanent link to this entry