Language Selection

English French German Italian Portuguese Spanish

GNU Linux-Libre 5.7

Filed under
GNU
Linux

  • GNU Linux-Libre 5.7 Released - Drops Intel iGPU Security Fix Over Arrays Of Numbers

    The GNU Linux-libre 5.7-gnu kernel was released following last weekend's Linux 5.7 kernel release. But the info-gnu mailing list was slow and thus just hitting the wire today for the latest version of this sanitized version of the Linux kernel. One interesting change in GNU Linux-libre 5.7-gnu is dropping the Intel Gen7 "iGPU Leak" security mitigation over not liking the sources.

  • GNU Linux-libre 5.7-gnu
    GNU Linux-libre 5.7-gnu cleaning-up scripts, cleaned-up sources, and
    cleaning-up logs (including tarball signatures) are now available from
    our git-based release archive git://linux-libre.fsfla.org/releases.git/
    tags {scripts,sources,logs}/v5.7-gnu.
    
    Tarballs and incremental patches were still slowly getting compressed as
    I started writing this.  It took me so long to write this up that by now
    they are probably ready to be published, along with scripts and logs, at
    <https://www.fsfla.org/selibre/linux-libre/download/releases/5.7-gnu/>.
    
    We will not create or publish binary xdeltas any more: tarballs and
    patches are now created with git archive and git diff, respectively.
    So, even if you want a tarball, you don't have to wait for the
    compression to complete on our end.  Update the git repo, and run:
    
      git checkout logs/v5.7-gnu &&
      git archive --format tar --prefix=linux-5.7/ \
        sources/v5.7-gnu > linux-libre-5.7-gnu.tar &&
      gpg --verify linux-libre-5.7-gnu.tar.sign
    
    This will get you the same tarball and signature that, once compressed,
    will be published at the usual place.  Note that the --prefix= was
    maintained like that of the corresponding upstream release, so that
    anyone already used to downloading our tarballs and dealing with the
    unusual prefix doesn't have to make any changes.
    
    
    No changes were required to the cleaning up scripts since -rc7-gnu,
    already published under the new release procedure, though a little too
    late for it to be useful.
    
    The git repository is already populated with scripts, sources and logs
    for past releases since Linux-libre became a GNU project; earlier
    releases might be added at a later time.  The imported sources, scripts,
    logs and signatures are the result of long-time hard work by Jason Self,
    in the git repo https://jxself.org/git/linux-libre.git.  Nearly all of
    the branches, tags and commits in the new repo are taken directly from
    there, though I've verified all of the sources/ and scripts/ tags and
    corrected a few mismatches that AFAICT followed from errors in the SVN
    repository.  The main exception is the storage of logs and tarball
    signatures; he'd used git notes, but those didn't quite work for me, so
    I turned them into a separate tree of tags with logs and tarball
    signatures.  Alas, I failed to bring the .log signatures into it.  Will
    fix, and move the tags.
    
    
    The 5.7 upstream release removed the i1480 uwb driver, that we used to
    clean up, but added a crypto driver for the Marvell OcteonTX CPT, for
    Mediatek MT7622 WMAC, for Qualcomm IPA, for the Azoteq
    IQS620A/621/622/624/625 Multi-function device, for IDT 82P33xxx PTP
    clock, and a Modem Host Interface (MHI) bus driver, all of which
    required cleaning up.  Actually, the MHI bus one is tentative: I
    couldn't quite figure out what it is that it loads, so I've
    conservatively blocked it in the likely case it is a piece of non-Free
    Software.
    
    Some further adjustments were required on account of the introduction of
    the function firmware_request_platform to the firmware-loading
    interface, of the usual assortment of false positives all over, and blob
    adjustments in AMD GPU, Arm64 DTS files, Meson VDec, Realtek Bluetooth,
    m88ds3103 dvb frontend, Mediatek mt8173 VPU, Qualcomm Venus, Broadcom
    FMAC, Mediatek 7622 and 7663 wifi, silead x86 touchscreen; of the
    movement of the cleaned-up mscc phy driver (and new blob names in it)
    and wd719x documentation within the source tree; and of something very
    unexpected: the introduction of binary blobs as arrays of numbers in
    source code for gen7 i915 gpus.
    
    
    I unfortunately could not find correspoding sources for the new binary
    blobs introduced in such an old-fashioned way, and they're big enough
    and not regular enough that I could just assume them to be data rather
    than code, so I've removed them.  If you come across source code for
    those bits, or can explain to me how transparent and trivial they are
    once they're disassembled with existing Free tools, I'll be very glad to
    restore them.
    
    
    Other relevant changes were made to the deblob-check script:
    
    - its self-test now uses a safer $echo instead of echo to feed itself
    the test patterns, and to complain in case they fail; some of the
    patterns got mangled (unintended backslash transformations) by /bin/sh's
    echo in Trisquel 8.  That's a well-known shell portability issue that we
    had a fix for, but that somehow hadn't come up before in the context of
    the testsuite.
    
    - I moved the block of default suspicious patterns after the Linux- or
    patch-specific ones.  This enables these default patterns to be
    overridden by longer matches (e.g., cleaning up a trailing comma along
    with the new Intel presumed blobs).  In Non-Deterministic Automata-based
    regular expression engines, such as those in GNU awk and GNU sed, this
    doesn't make a difference, because the longest match is always
    preferred, but in engines that process alternatives left-to-right and
    take the first match, like Python's and Perl's, there was no way to
    override the blob sequence as needed.  Now there is.
    
    
    For up-to-the-minute news, join us on #linux-libre of irc.gnu.org
    (Freenode), or follow me (@lxoliva) on Twister <http://twister.net.co/>,
    Secure Scuttlebutt, GNU social at social.libreplanet.org, Diaspora* at
    pod.libreplanetbr.org or pump.io at identi.ca.  Check the link in the
    signature for direct links.
    
    
    Be Free! with GNU Linux-libre.
    
    
    What is GNU Linux-libre?
    ------------------------
    
      GNU Linux-libre is a Free version of the kernel Linux (see below),
      suitable for use with the GNU Operating System in 100% Free
      GNU/Linux-libre System Distributions.
      http://www.gnu.org/distros/
    
      It removes non-Free components from Linux, that are disguised as
      source code or distributed in separate files.  It also disables
      run-time requests for non-Free components, shipped separately or as
      part of Linux, and documentation pointing to them, so as to avoid
      (Free-)baiting users into the trap of non-Free Software.
      http://www.fsfla.org/anuncio/2010-11-Linux-2.6.36-libre-debait
    
      Linux-libre started within the gNewSense GNU/Linux distribution.
      It was later adopted by Jeff Moe, who coined its name, and in 2008
      it became a project maintained by FSF Latin America.  In 2012, it
      became part of the GNU Project.
    
      The GNU Linux-libre project takes a minimal-changes approach to
      cleaning up Linux, making no effort to substitute components that
      need to be removed with functionally equivalent Free ones.
      Nevertheless, we encourage and support efforts towards doing so.
      http://libreplanet.org/wiki/LinuxLibre:Devices_that_require_non-free_firmware
    
      Our mascot is Freedo, a light-blue penguin that has just come out
      of the shower.  Although we like penguins, GNU is a much greater
      contribution to the entire system, so its mascot deserves more
      promotion.  See our web page for their images.
      http://linux-libre.fsfla.org/
    
    What is Linux?
    --------------
    
      Linux is a clone of the Unix kernel [...]
    
    (snipped from Documentation/admin-guide/README.rst)
    

GNU Linux-Libre 5.7 Kernel Is Out for Those Seeking 100% Freedom

  • GNU Linux-Libre 5.7 Kernel Is Out for Those Seeking 100% Freedom for Their PCs

    Based on the recently released Linux 5.7 kernel series, the GNU Linux-Libre 5.7 kernel is here to disable blob loading in the Azoteq IQS62x MFD driver, IDT 82P33xxx PTP clock driver, Marvell OcteonTX CPT driver, Mediatek MT7622 WMAC driver, MHI bus driver, and Qualcomm IPA driver.

    It also introduces new blob names in the AMDGPU, Arm64 DTS files, Broadcom FMAC, m88ds3103 DVB frontend, Mediatek mt8173 VPU, Mediatek 7622 and 7663 WiFi, Meson VDec, Qualcomm Venus, Realtek Bluetooth, and Silead x86 touchscreen drivers.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

GNUnet 0.13.1 released

This is a bugfix release for gnunet and gnunet-gtk specifically. For gnunet, no changes to the source have been made. However, the default configuration had to be modified to support the changes made in 0.13.0. For gnunet-gtk, this fixes a more serious issue where the 0.13.0 tarball failed to build. Read more

Intel DG1 Graphics Card Bring-Up On Linux Continues - Latest Bits For Local Memory

Recently there have been a lot of open-source Linux patches flowing concerning Intel's bring-up of their DG1 discrete graphics card for developers. That work continued this week with the latest patches in wiring up LMEM support. Among the recent Intel DG1 patches for Linux recently have been on the media driver front, compute runtime with OpenCL and Level Zero and as part of that the IGC support, and then most importantly the necessary Linux kernel changes building off the existing Gen12/Xe graphics support. Read more Also: Intel AMX Support Lands In The GNU Assembler

Programming: GStreamer, Drat, RasPi, Python

KF6 Progress Report: Almost Bastille Day (July) Edition

So the world has been hectic lately, dunno if you’ve seen the news, but that means that I didn’t publish an update since my previous KF6 progress report back in February! Now that the lock down has been (temporarily?) lifted where I live and that things are a bit less crazy, it’s time for an update. An actual Qt 6 is not published yet and we didn’t branch for KF6 yet either. Still as can be seen on the KF6 Workboard there are plenty of tasks in our backlog which can be acted upon now. No need to wait to participate, all the work done now will make the transition to KF6 easier later on anyway. What has been done since the last post? On the workboard, we currently have 22 tasks in progress and 4 tasks done. Clearly that’s not a huge activity in more than four months but the state of the world might explain it in part. Obviously with so little tasks done, they mostly revolve around our usual suspects. If you fancy becoming one of the unsung heroes of KDE, come and help working tasks from the KF6 Workboard! More hands are needed and right now is a good time to discover it and get into it than when Qt6 will be released. Indeed, when Qt6 will be around it will be much less quiet around here. :-) Read more