LWN
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
Updated: 2 hours 14 min ago
Freedombone 4.0 released
Freedombone
4.0 is available. Freedombone is a distribution (based on
Debian 10) focused on the hosting network services under one's own
control on home servers. "There is no freedom without freedom of
association. That is, having the ability to define who you are and what
kind of community you want to live in. This release includes Community
Networks as an initial step towards networks run by and for the people who
use them." Support for the Wireguard VPN has been added, but the
"Fediverse" applications (GNU Social, PostActiv, and Pleroma) have been
removed as being too hard to manage.
Kernel prepatch 5.3-rc3
The 5.3-rc3 kernel prepatch is out.
"Interesting. Last Sunday, rc2 was fairly large to match the biggish
merge window, but this last week has actually been quite calm, and rc3
is actually smaller than usual, and smaller than rc2 was"
Security updates for Monday
Security updates have been issued by Debian (proftpd-dfsg and vim), Fedora (java-11-openjdk and matrix-synapse), Gentoo (binutils and libpng), Mageia (kernel), and SUSE (openexr and python-Django).
[$] vDSO, 32-bit time, and seccomp
The seccomp()
mechanism is notoriously difficult to use. It also turns out to be easy to
break unintentionally, as the development community discovered when a
timekeeping change meant to address the year-2038 problem created a regression for
seccomp() users in the 5.3 kernel. Work is underway to mitigate
the problem for now, but seccomp() users on 32-bit systems are
likely to have to change their configurations at some point.
Security updates for Friday
Security updates have been issued by Debian (firefox-esr and thunderbird), openSUSE (openexr and rmt-server), Oracle (bind, container-tools:rhel8, cyrus-imapd, dotnet, edk2, firefox, flatpak, freeradius:3.0, ghostscript, gvfs, httpd:2.4, java-1.8.0-openjdk, java-11-openjdk, kernel, mod_auth_mellon, pacemaker, pki-deps:10.6, python-jinja2, python27:2.7, python3, python36:3.6, systemd, thunderbird, vim, virt:rhel, WALinuxAgent, and wget), Slackware (mariadb), SUSE (java-1_8_0-openjdk, polkit, and python-Django1), and Ubuntu (Sigil and sox).
The GNU C Library version 2.30 is now available
Version 2.30 of the GNU C Library (glibc) has been released. New features include Unicode 12.1.0 support; wrappers for the getdents64(), gettid(), and tgkill() system calls on Linux; addition of a bunch of POSIX-proposed pthreads calls; protections for memory allocation functions so that they cannot cause ptrdiff_t overflows; and more, such as fixes for two security problems: CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check size. For x86-64, memcmp on an object size larger than SSIZE_MAX has undefined behavior. On x32, the size_t argument may be passed in the lower 32 bits of the 64-bit RDX register with non-zero upper 32 bits. When it happened with the sign bit of RDX register set, memcmp gave the wrong result since it treated the size argument as zero. Reported by H.J. Lu.
CVE-2019-9169: Attempted case-insensitive regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read. Reported by Hongxu Chen.
GNOME and KDE to co-host the Linux App Summit in November
The GNOME and KDE projects are teaming up to host the Linux App Summit (LAS) that will be
held in Barcelona, November 12-15. "LAS is the first collaborative event co-hosted by the two organizations since
the Desktop Summit in 2009. Both organizations are eager to bring their
communities together in building an application ecosystem that transcends
individual distros and broadens the market for everyone involved.
KDE and GNOME will no longer be taking a passive role in the free desktop
sector. With the joint influence of the two desktop projects, LAS will shepherd
the growth of the FOSS desktop by encouraging the creation of quality
applications, seeking opportunities for compensation for FOSS developers, and
fostering a vibrant market for the Linux operating system." The CfP is open until August 31.
[$] An end to implicit fall-throughs in the kernel
The C switch statement has, since the beginning of the language,
required the use of explicit break statements to prevent execution
from falling through from one case to the next. This behavior can
be a useful feature, allowing for more compact code, but it can also lead
to bugs. The effort to rid the kernel of implicit fall-through coding
patterns came to a conclusion with the 5.3-rc2 release, where
the last cases were fixed. There is a good chance that these fixes will
have to be redone in the future, though.
Security updates for Thursday
Security updates have been issued by CentOS (httpd, libssh2, and qemu-kvm), Debian (glib2.0, squirrelmail, subversion, and wpa), Fedora (proftpd), Oracle (icedtea-web), Red Hat (icedtea-web), Scientific Linux (icedtea-web), SUSE (icedtea-web, java-1_7_0-openjdk, subversion, and zypper, libzypp and libsolv), and Ubuntu (linux-hwe, openjdk-lts, pango1.0, python-django, and subversion).
[$] LWN.net Weekly Edition for August 1, 2019
The LWN.net Weekly Edition for August 1, 2019 is available.
[$] Python and public APIs
In theory, the public API of a Python standard library module is fully
specified as part of its documentation, but in practice it may not be
quite so clear cut. There are other ways to specify the names in a module that
are meant to be public, and there are naming conventions for things that
should not be public (e.g. the name starts with an underscore), but
there is
no real consistency in how those are used throughout the standard library.
A mid-July discussion
on the python-dev mailing list considered the problem and some possible
solutions; the main outcome seems to be interest in making the rules more
explicit.
[$] KernelShark releases version 1.0
It has been the better part of a decade since the last KernelShark article appeared here; in the
interim, the kernel-tracing visualization tool has undergone some major changes.
While the high-level appearance is largely similar, the underlying code
has switched from GTK+ 2.0 to Qt 5. On July 26,
maintainer Steven Rostedt announced
the release of KernelShark version 1.0, which makes it a good time to
take another peek.
[$] Bounded loops in BPF for the 5.3 kernel
BPF programs have gained significantly in capabilities over the last few
years and can now perform many useful operations. That said, BPF
developers have had to work around an annoying limitation until
recently: they could not use loops. This restriction was recently lifted
by a patch
set from Alexei Starovoitov that was merged for Linux 5.3. In addition to
adding support for loops, it also greatly decreases the load time of
most BPF programs.
Security updates for Wednesday
Security updates have been issued by CentOS (389-ds-base, curl, and kernel), Debian (libssh2), Fedora (kernel, kernel-headers, and oniguruma), openSUSE (chromium, openexr, thunderbird, and virtualbox), Oracle (389-ds-base, curl, httpd, kernel, and libssh2), Red Hat (nss and nspr and ruby:2.5), Scientific Linux (httpd and kernel), SUSE (java-1_8_0-openjdk, mariadb, mariadb-connector-c, polkit, and python-requests), and Ubuntu (openjdk-8, openldap, and sox).
Final call for proposals for the containers and checkpoint/restore microconference at LPC 2019
This is the final call for proposals for the containers
and checkpoint/restore microconference at the Linux Plumbers Conference; the
deadline is Friday, August 2. LPC will take place September 9-11 in Lisbon,
Portugal.
Final reminder: LPC 2019 Networking Track CFP
This is the final call for proposals for the 3 day networking track at the
Linux Plumbers Conference; the deadline is Friday, August 2. LPC will take
place September 9-11 in Lisbon, Portugal. "Any kind of advanced
networking-related topic will be considered."
Collabora: Moving the Linux desktop to another reality
The Collabora blog announces
some ongoing work to integrate Linux desktop environments with head-mounted
displays. "In contrast to these approaches xrdesktop aims to integrate into existing Linux desktop environments, eliminating the necessity of running a dedicated compositor for only VR and thus making it usable in current setups. For our initial release, we focused on integration in the most popular Linux desktops, GNOME and KDE, but xrdesktop is designed to be integrated into any desktop. This can be done with Compiz-like plugins as for KWin or patches on the compositor in the case of GNOME Shell.
This integration of xrdesktop into the window managers enables mirroring existing windows into XR and to synthesize desktop input through XR actions."
Blender 2.80 released
Version 2.80
of the Blender 3D animation system has been released. "Blender 2.80
features a redesigned user interface that puts the focus on the artwork
that you create. A new dark theme and modern icon set were
introduced. Keyboard, mouse and tablet interaction got a refresh with left
click select as the new default. Quick Favorites menus provide rapid access
to often-used tools."
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
.svg_.png)
Content (where original) is available under CC-BY-SA, copyrighted by original author/s.
Recent comments
12 min 28 sec ago
7 hours 36 min ago
8 hours 48 min ago
16 hours 53 min ago
18 hours 40 min ago
1 day 1 hour ago
1 day 2 hours ago
1 day 3 hours ago
1 day 4 hours ago
1 day 7 hours ago