linux-5.13.4

[Bruce Dubbs]

New point version.

[Bruce Dubbs]

Now version 5.13.3.

[thomas]

Now 5.13.4

[ken@…]

Among the many changes in this version (more than 350 since 5.3.13) is a fix for CVE-2021-33909 (local privilege escalation via OOB write).

The commit which fixed this is ​https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05

Details, with link to proof of concept (crasher) - exploit to be published later - and name of Sequoia' at ​https://www.openwall.com/lists/oss-security/2021/07/20/1.

Fixed in 5.13.4, 5.12.19, 5.10.52, 5.4.134.

[ken@…]

Version in book updated in @c735ea47abeec2eec39dfe15d886d0b98cbc5f70 10.1-134

[ken@…]

Security Advisory SA 10.1-078.

I have not yet updated the space and time measurements for the kernel in chapter 10, building, and waiting for comments on whether using parallel processing makes sense for other than the minimal (allnoconfig) build.

[Bruce Dubbs]

We pretty much say in LFS Section 4.5 that all the SBU values listed are at -j1, but that could be made more explicit. In BLFS we do list parallelism levels when it is used, but I don't think we should do that in LFS.

In LFS, I see the following in excess of 2SBU:

autoconf-fin-sbu-tests "7.2"
binutils-fin-sbu "6.2 SBU"
bison-fin-sbu "6.4 SBU"
coreutils-fin-sbu "2.5 SBU"
e2fsprogs-fin-sbu "4.4 SBU on a spinning disk, 1.5 SBU on an SSD"
gcc-tmpp1-sbu "11 SBU"
gcc-tmpp2-sbu "11 SBU"
gcc-fin-sbu "95 SBU (with tests)"
gettext-fin-sbu "2.9 SBU"
glibc-tmp-sbu "4.2 SBU"
glibc-fin-sbu "19 SBU"
linux-knl-sbu "5.0 - 125.0 SBU (typically about 9 SBU)
perl-fin-sbu "10 SBU"
python-fin-sbu "2.8 SBU"
tcl-tmp-sbu "3.8 SBU"

Most of those are due to tests.

I am not in favor of changing the method of calculating SBUs in LFS.

[ken@…]

Estimates for -j1 builds updated in @d13e8eff811d338626cbf41d0be4dd6d666b055f 10.1-136.