Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 39 min ago

Security updates for Tuesday

Tuesday 17th of September 2019 02:50:35 PM
Security updates have been issued by Debian (dino-im, python2.7, python3.4, and wpa), Fedora (kmplayer), openSUSE (podman and samba), Oracle (thunderbird), Red Hat (thunderbird), Slackware (expat), SUSE (curl), and Ubuntu (apache2).

[$] Maintainers Summit topics: pull depth, hardware vulnerabilities, etc.

Tuesday 17th of September 2019 05:57:47 AM
The final sessions at the 2019 Linux Kernel Maintainers Summit covered a number of relatively quick topics, including the "pull depth" for code going into the mainline, the handling of hardware vulnerabilities, the ABI status of tracepoints, and more.

Richard Stallman resigns from the FSF

Tuesday 17th of September 2019 05:39:16 AM
With a brief announcement, the Free Software Foundation has let it be known that founder Richard Stallman has resigned both as president and from the board of directors. "The board will be conducting a search for a new president, beginning immediately. Further details of the search will be published on fsf.org".

[$] Linus Torvalds on the kernel development community

Monday 16th of September 2019 05:22:22 PM
The Linux Kernel Maintainers Summit is all about the development process, so it is natural to spend some time on how that process is working at the top of the maintainer hierarchy. The "is Linus happy?" session during the 2019 summit revealed that things are working fairly well at that level, but that, as always, there are a few things that could be improved.

Stable kernel updates

Monday 16th of September 2019 02:35:05 PM
Stable kernels 5.2.15, 4.19.73, 4.14.144, 4.9.193, and 4.4.193 have been released. They all contain important fixes and users should upgrade.

Security updates for Monday

Monday 16th of September 2019 02:27:28 PM
Security updates have been issued by Debian (ansible, faad2, linux-4.9, and thunderbird), Fedora (jbig2dec, libextractor, sphinx, and thunderbird), Mageia (expat, kconfig, mediawiki, nodejs, openldap, poppler, thunderbird, webkit2, and wireguard), openSUSE (buildah, ghostscript, go1.12, libmirage, python-urllib3, rdesktop, and skopeo), SUSE (python-Django), and Ubuntu (exim4, ibus, and Wireshark).

[$] The stable-kernel process

Monday 16th of September 2019 10:05:10 AM
The stable kernel process is a perennial topic of discussion at gatherings of kernel developers; the 2019 Linux Kernel Maintainers Summit was no exception. Sasha Levin ran a session there where developers could talk about the problems they have with stable kernels and ponder solutions.

The 5.3 kernel is out

Monday 16th of September 2019 05:50:13 AM
The 5.3 kernel is available at last. The announcement includes a long discussion about user-space regressions — an ext4 filesystem performance improvement had caused some systems to fail booting due to a lack of entropy early after startup. "It's more that it's an instructive example of what counts as a regression, and what the whole 'no regressions' kernel rule means. The reverted commit didn't change any API's, and it didn't introduce any new bugs. But it ended up exposing another problem, and as such caused a kernel upgrade to fail for a user. So it got reverted."

Some of the more significant changes in 5.3 include scheduler utilization clamping, the pidfd_open() and clone3() system calls, bounded loop support for BPF programs, support for the 0.0.0.0/8 IPv4 address range, a new configuration option for the soon-to-be-merged realtime preemption code, and more. See the KernelNewbies 5.3 page for lots of details.

[$] Dealing with automated kernel bug reports

Sunday 15th of September 2019 07:36:54 AM
There is value in automatic testing systems, but they also present a problem of their own: how can one keep up with the high volume of bug reports that they generate? At the 2019 Linux Kernel Maintainers Summit, Shuah Khan ran a session dedicated to this issue. There was general agreement that the reports are hard to deal with, but not a lot of progress toward a solution.

[$] Defragmenting the kernel development process

Saturday 14th of September 2019 07:22:20 AM
The first session at the 2019 Linux Kernel Maintainers Summit was a last-minute addition to the schedule. Dmitry Vyukov's Linux Plumbers Conference session on the kernel development process (slides [PDF]) had inspired a number of discussions that, it was agreed, should carry over into the summit. The result was a wide-ranging conversation about the kernel's development tools and what could be done to improve them.

Security updates for Friday

Friday 13th of September 2019 02:49:22 PM
Security updates have been issued by Debian (curl, dnsmasq, and golang-go.crypto), Mageia (docker, firefox, flash-player-plugin, ghostscript, links, squid, sympa, tcpflow, thunderbird, and znc), openSUSE (srt), Oracle (.NET Core, kernel, libwmf, and poppler), Scientific Linux (firefox), SUSE (cri-o, curl, java-1_8_0-ibm, python-SQLAlchemy, and python-urllib3), and Ubuntu (curl and expat).

[$] Comparing GCC and Clang security features

Thursday 12th of September 2019 10:33:56 PM
Hardening must be performed at all levels of a system, including in the compiler that is used to build that system. There are two viable compilers in the free-software community now, each of which offers a different set of security features. Kees Cook ran a session during the Toolchains microconference at the 2019 Linux Plumbers Conference that examined the security-feature support provided by both GCC and LLVM Clang, noting the places where each one could stand to improve.

Security updates for Thursday

Thursday 12th of September 2019 02:48:51 PM
Security updates have been issued by Arch Linux (exim, firefox, and webkit2gtk), Debian (libonig and opensc), Fedora (cobbler), Oracle (firefox and kernel), Red Hat (flash-plugin, kernel, kernel-rt, rh-maven35-jackson-databind, rh-nginx110-nginx, and rh-nginx112-nginx), Scientific Linux (kernel), Slackware (curl, mozilla, and openssl), SUSE (ceph, libvirt, and python-Werkzeug), and Ubuntu (vlc and webkit2gtk).

[$] LWN.net Weekly Edition for September 12, 2019

Thursday 12th of September 2019 12:31:58 AM
The LWN.net Weekly Edition for September 12, 2019 is available.

[$] Topics from the Open Printing microconference

Wednesday 11th of September 2019 06:40:10 PM
On day two of the 2019 Linux Plumbers Conference, two of the principals behind the Open Printing project led the very first Open Printing microconference. Project leader Till Kamppeter and program manager Aveek Basu described the current state of printing on Linux and some of the plans for the future, including supporting scanning for multi-function devices. The picture they painted was rosy, at least for printing, which may not quite match the experience of many Linux users. As with many projects, though, Open Printing is starved for contributors—something that was reflected in the sparse attendance at the microconference.

[$] The USB debugging arsenal

Wednesday 11th of September 2019 04:31:08 PM
At the 2019 Embedded Linux Conference North America, which was held in San Diego in August, Krzysztof Opasiak gave a presentation on demystifying the ways to monitor—and even change—USB traffic on a Linux system. He started with the basics of the USB protocol and worked up into software and hardware tools to observe, modify, and fuzz the messages that get sent. Those tools are part of the arsenal that is available to those interested in looking deeply into USB.

[$] SGX and security modules

Wednesday 11th of September 2019 03:25:10 PM
Software Guard Extensions (SGX) is a set of security-related instructions for Intel processors; it allows the creation of private regions of memory, called "enclaves". The aim of this feature is to work like an inverted sandbox: instead of protecting the system from malicious code, it protects an application from a compromised kernel hypervisor, or other application. Linux support for SGX has existed out-of-tree for years, and the effort of upstreaming it has reached an impressive version 22 of the patch set. During the upstreaming discussion, the kernel developers discovered that the proposed SGX API did not play nicely with existing security mechanisms, including Linux security modules (LSMs).

Security updates for Wednesday

Wednesday 11th of September 2019 02:32:01 PM
Security updates have been issued by Fedora (python38), openSUSE (nginx, nodejs10, nodejs8, python-Twisted, python-Werkzeug, SDL2_image, SDL_image, and util-linux and shadow), Oracle (firefox and nghttp2), Red Hat (.NET Core, firefox, kernel, libwmf, pki-deps:10.6, and poppler), Scientific Linux (firefox), SUSE (ghostscript, libgcrypt, podman, python-SQLAlchemy, qemu, and webkit2gtk3), and Ubuntu (curl, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, systemd, and tomcat8).

CodeWeavers mourns Józef Kucia

Tuesday 10th of September 2019 03:26:50 PM
The CodeWeavers blog carries the sad news that Józef Kucia died last month. "Józef first contributed to Wine in March of 2012, showing remarkable skill with Wine’s D3D technology. He became a key contributor to Wine, submitting over 2,500 patches. He also contributed to other open source projects including Mesa and Debian. Józef founded and led the vkd3d project and provided insight and guidance to the Vulkan working group. Józef joined CodeWeavers in 2015, and quickly became one of our most valued employees."

A set of stable kernels

Tuesday 10th of September 2019 03:02:52 PM
Stable kernels 5.2.14, 4.19.72, 4.14.143, 4.9.192, and 4.4.192 have been released. They all contain important fixes and users should upgrade.