Free software activities in May, June and July 2019

-
Hi Planet, it is been a long time since my last post.
Here is an update covering what I have been doing in my free software activities during May, June and July 2019.

May

Only contributions related to Debian were done in May
  •  linux: Update to 5.1 (including porting of all debian patches to the new release)
  • linux: Update to 5.1.2
  • linux: Update to 5.1.3
  • linux: Update to 5.1.5
  • firmware-nonfree: misc-nonfree: Add GV100 signed firmwares (Closes: #928672)

June

Debian

  • linux: Update to 5.1.7
  • linux: Update to 5.1.8
  • linux: Update to 5.1.10
  • linux: Update to 5.1.11
  • linux: Update to 5.1.15
  • linux: [sparc64] Fix device naming inconsistency between sunhv_console and sunhv_reg (Closes: #926539)
  • raspi3-firmware:  New upstream version 1.20190517
  • raspi3-firmware: New upstream version 1.20190620+1

Kernel Self Protection Project

I have recently joined the kernel self protection protect, which basically intends to harden the mainline linux kernel the most as possible by adding subsystems that improve the security or make internal subsystems more robust to some common errors that might lead to security issues.

As a first contribution, Kees Cook asked me to check all the NLA_STRING for non-nul terminated strings. Internal functions of NLA attrs expect to have standard nul-terminated strings and use standard strings functions like strcmp() or equivalent. Few drivers were using non-nul terminated strings in some cases, which might lead to buffer overflow. I have checked all the NLA_STRING uses in all drivers and forwarded a status for all of these. Everything were already fixed in linux-next (hopefully).

July

Debian

  • linux: Update to 5.1.16
  • linux: Update to 5.2-rc7 (including porting of all debian patches to the new release)
  • linux: Update to 5.2
  • linux: Update to 5.2.1
  • linux: [rt] Update to 5.2-rt1
  • linux: Update to 5.2.4
  • ethtool: New upstream version 5.2
  • raspi3-firmware: Fixed lintians warnings about the binaries blobs for the raspberry PI 4
  • raspi3-firmware: New upstream version 1.20190709
  • raspi3-firmware: New upstream version 1.20190718
The following CVEs are for buster-security:
  • linux: [x86] x86/insn-eval: Fix use-after-free access to LDT entry (CVE-2019-13233)
  • linux: [powerpc*] mm/64s/hash: Reallocate context ids on fork (CVE-2019-12817)
  • linux: nfc: Ensure presence of required attributes in the deactivate_target handler (CVE-2019-12984)
  • linux: binder: fix race between munmap() and direct reclaim (CVE-2019-1999)
  • linux: scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836)
  • linux: Input: gtco - bounds check collection indent level (CVE-2019-13631)

Kernel Self Protection Project

I am currently improving the API of the internal kernel subsystem "tasklet". This is an old API and like "timer" it has several limitations regarding the way informations are passed to the callback handler. A future patch set will be sent to upstream, I will probably write a blog post about it.

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

Add support for F2FS filesystem to GRUB and initramfs-tools

-
Hi there, For these like me who want to change their root filesystem to F2FS, I have enabled support for adding the F2FS module in the EFI signed image of grub in Debian (commit) . So the grub EFI image can load configuration, kernel images and initrd from a /boot that is formatted in F2FS (the upstream grub supports the filesystem since 2.04). Now that the kernel is loading it must be able to mount the rootfs. In Debian, a lot of features like some filesystems or some drivers are built as modules, this allow to be able to boot and work on a lot of different machines without have to build-in statically everything into the linux kernel image. This is why we use an initramfs , it offers a variety of cool features and detects magically some details for you like "load the brtfs module or your favorite emmc driver as module". If you want to use F2FS as your main filesystem on your rootfs, we need to add F2FS as base module into initramfs-tools (that handles all the scripts and
Lire la suite

Announcing official IRC channel for Raspberry PI in Debian

-
Hi ! Debian for Raspberry Pi exists since few months on IRC, but nothing were done for creating an official channel (see https://wiki.debian.org/IRC ) nor communication for announcing this channel on planet. The creation of #debian-raspberrypi, the official Debian channel for topics related to the Raspberry Pi boards in Debian, was done two weeks ago, so this is the right moment to announce it officially ! Join us and say hello !
Lire la suite