Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 52 min 25 sec ago

[$] Comparing GCC and Clang security features

Thursday 12th of September 2019 10:33:56 PM
Hardening must be performed at all levels of a system, including in the compiler that is used to build that system. There are two viable compilers in the free-software community now, each of which offers a different set of security features. Kees Cook ran a session during the Toolchains microconference at the 2019 Linux Plumbers Conference that examined the security-feature support provided by both GCC and LLVM Clang, noting the places where each one could stand to improve.

Security updates for Thursday

Thursday 12th of September 2019 02:48:51 PM
Security updates have been issued by Arch Linux (exim, firefox, and webkit2gtk), Debian (libonig and opensc), Fedora (cobbler), Oracle (firefox and kernel), Red Hat (flash-plugin, kernel, kernel-rt, rh-maven35-jackson-databind, rh-nginx110-nginx, and rh-nginx112-nginx), Scientific Linux (kernel), Slackware (curl, mozilla, and openssl), SUSE (ceph, libvirt, and python-Werkzeug), and Ubuntu (vlc and webkit2gtk).

[$] LWN.net Weekly Edition for September 12, 2019

Thursday 12th of September 2019 12:31:58 AM
The LWN.net Weekly Edition for September 12, 2019 is available.

[$] Topics from the Open Printing microconference

Wednesday 11th of September 2019 06:40:10 PM
On day two of the 2019 Linux Plumbers Conference, two of the principals behind the Open Printing project led the very first Open Printing microconference. Project leader Till Kamppeter and program manager Aveek Basu described the current state of printing on Linux and some of the plans for the future, including supporting scanning for multi-function devices. The picture they painted was rosy, at least for printing, which may not quite match the experience of many Linux users. As with many projects, though, Open Printing is starved for contributors—something that was reflected in the sparse attendance at the microconference.

[$] The USB debugging arsenal

Wednesday 11th of September 2019 04:31:08 PM
At the 2019 Embedded Linux Conference North America, which was held in San Diego in August, Krzysztof Opasiak gave a presentation on demystifying the ways to monitor—and even change—USB traffic on a Linux system. He started with the basics of the USB protocol and worked up into software and hardware tools to observe, modify, and fuzz the messages that get sent. Those tools are part of the arsenal that is available to those interested in looking deeply into USB.

[$] SGX and security modules

Wednesday 11th of September 2019 03:25:10 PM
Software Guard Extensions (SGX) is a set of security-related instructions for Intel processors; it allows the creation of private regions of memory, called "enclaves". The aim of this feature is to work like an inverted sandbox: instead of protecting the system from malicious code, it protects an application from a compromised kernel hypervisor, or other application. Linux support for SGX has existed out-of-tree for years, and the effort of upstreaming it has reached an impressive version 22 of the patch set. During the upstreaming discussion, the kernel developers discovered that the proposed SGX API did not play nicely with existing security mechanisms, including Linux security modules (LSMs).

Security updates for Wednesday

Wednesday 11th of September 2019 02:32:01 PM
Security updates have been issued by Fedora (python38), openSUSE (nginx, nodejs10, nodejs8, python-Twisted, python-Werkzeug, SDL2_image, SDL_image, and util-linux and shadow), Oracle (firefox and nghttp2), Red Hat (.NET Core, firefox, kernel, libwmf, pki-deps:10.6, and poppler), Scientific Linux (firefox), SUSE (ghostscript, libgcrypt, podman, python-SQLAlchemy, qemu, and webkit2gtk3), and Ubuntu (curl, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, systemd, and tomcat8).

CodeWeavers mourns Józef Kucia

Tuesday 10th of September 2019 03:26:50 PM
The CodeWeavers blog carries the sad news that Józef Kucia died last month. "Józef first contributed to Wine in March of 2012, showing remarkable skill with Wine’s D3D technology. He became a key contributor to Wine, submitting over 2,500 patches. He also contributed to other open source projects including Mesa and Debian. Józef founded and led the vkd3d project and provided insight and guidance to the Vulkan working group. Józef joined CodeWeavers in 2015, and quickly became one of our most valued employees."

A set of stable kernels

Tuesday 10th of September 2019 03:02:52 PM
Stable kernels 5.2.14, 4.19.72, 4.14.143, 4.9.192, and 4.4.192 have been released. They all contain important fixes and users should upgrade.

Security updates for Tuesday

Tuesday 10th of September 2019 02:50:11 PM
Security updates have been issued by Debian (docker.io, icedtea-web, and trafficserver), openSUSE (opera), Red Hat (bind, firefox, go-toolset:rhel8, kernel, nghttp2, and polkit), SUSE (buildah, curl, java-1_7_1-ibm, and skopeo), and Ubuntu (freetype, memcached, python2.7, python3.4, and python2.7, python3.5, python3.6, python3.7).

[$] 5.3 Kernel development cycle statistics

Monday 9th of September 2019 03:30:52 PM
It's that time of the development cycle again: work on the 5.3 kernel is winding down with an expected final release date of September 15. Read on for LWN's traditional look at where the code in 5.3 came from in this relatively busy development cycle.

Security updates for Monday

Monday 9th of September 2019 02:23:50 PM
Security updates have been issued by Debian (expat, ghostscript, libreoffice, and memcached), Fedora (chromium, grafana, kea, nsd, pdfbox, roundcubemail, and SDL), Gentoo (apache, dbus, exim, libsdl2, pango, perl, vlc, and webkit-gtk), Mageia (dovecot, giflib, golang, icedtea-web, irssi, java-1.8.0-openjdk, libgcrypt, libmspack, mercurial, monit, php, poppler, python-urllib3, rdesktop, SDL12, sdl2, sigil, sqlite3, subversion, tomcat, and zstd), openSUSE (chromium, exim, go1.12, httpie, libmirage, python-SQLAlchemy, and srt), Oracle (firefox, ghostscript, and kernel), SUSE (apache2, mariadb, mariadb-connector-c, postgresql94, python-Django1, python-Pillow, python-urllib3, and qemu), and Ubuntu (exim4).

Kernel prepatch 5.3-rc8

Monday 9th of September 2019 07:37:16 AM
The eighth and presumably final 5.3 prepatch is out for testing. "So we probably didn't strictly need an rc8 this release, but with LPC and the KS conference travel this upcoming week it just makes everything easier."

Critical vulnerability in Exim

Friday 6th of September 2019 02:29:50 PM
Anybody running the Exim mail system will want to apply the updates that are being released today; there is a remote code-execution vulnerability in its TLS-handling code with a known proof-of-concept exploit. As the advisory says: "If your Exim server accepts TLS connections, it is vulnerable".

Stable kernels for everybody

Friday 6th of September 2019 02:17:19 PM
The 5.2.12, 4.19.70, 4.14.142, 4.9.191, and 4.4.191 stable kernels have been released with another set of important fixes. Milliseconds thereafter, 5.2.13 and 4.19.71 were released to fix a regression with the elantech mouse driver.

[$] How Chrome OS works upstream

Friday 6th of September 2019 01:46:06 PM
Google has a long and interesting history contributing to the upstream Linux kernel. With Chrome OS, Google has tried to learn from some of the mistakes of its past and is now working with the upstream Linux kernel as much as it can. In a session at the 2019 Open Source Summit North America, Google software engineer Doug Anderson detailed how and why Chrome OS developers work upstream. It is an effort intended to help the Linux community as well as Google.

Security updates for Friday

Friday 6th of September 2019 01:26:10 PM
Security updates have been issued by Debian (exim4 and firefox-esr), Fedora (lxc, lxcfs, pdfresurrect, python3-lxc, rdesktop, and seamonkey), Oracle (kernel), and SUSE (nginx, python-Werkzeug, SUSE Manager Client Tools, and util-linux and shadow).

[$] What happens to kernel staging-tree code

Thursday 5th of September 2019 03:42:13 PM
The staging tree was added to the kernel in 2008 for the 2.6.28 development cycle as a way to ease the process of getting substandard device drivers into shape and merged into the mainline. It has been followed by controversy for just about as long. The recent disagreements over the EROFS and exFAT filesystems have reignited many of the arguments over whether the staging tree is beneficial to the kernel community or not. LWN cannot answer that question, but we can look into what has transpired in the staging tree in its first eleven years to see if there are any conclusions to be drawn there. A lot of code has gone into the staging tree over the years; what happened to it thereafter?

Security updates for Thursday

Thursday 5th of September 2019 02:42:31 PM
Security updates have been issued by Debian (webkit2gtk), Fedora (systemd), openSUSE (go1.11, python-Twisted, SDL2_image, SDL_image, and wavpack), Oracle (kdelibs and kde-settings, kernel, and qemu-kvm), Red Hat (chromium-browser and firefox), Slackware (seamonkey), SUSE (java-1_8_0-ibm, kernel, and python-urllib3), and Ubuntu (firefox and npm/fstream).

Google's differential privacy library

Thursday 5th of September 2019 01:31:25 PM
Google has announced the release of a new library for applications using differential privacy techniques. "Differentially-private data analysis is a principled approach that enables organizations to learn from the majority of their data while simultaneously ensuring that those results do not allow any individual's data to be distinguished or re-identified. This type of analysis can be implemented in a wide variety of ways and for many different purposes. For example, if you are a health researcher, you may want to compare the average amount of time patients remain admitted across various hospitals in order to determine if there are differences in care. Differential privacy is a high-assurance, analytic means of ensuring that use cases like this are addressed in a privacy-preserving manner."

More in Tux Machines

KDevelop 5.4.3 released

We today provide a stabilization and bugfix release with version 5.4.3. This is a bugfix-only release, which introduces no new features and as such is a safe and recommended update for everyone currently using a previous version of KDevelop 5.4. You can find the updated Linux AppImage as well as the source code archives on our download page. Read more

AAB Support in Qt for Android

Starting with Qt 5.14.0 beta2, users will notice that there are a lot fewer Qt for Android distributions than in previous versions. But don't panic: All the usual target architectures are still available! Instead of distributing a single package for each target ABI, we now have one larger package that covers all the ones we support: arm64-v8a, armv7a, x86 and x86-64. For users building from source, the new default is also to build for all target ABIs in one go. The reason for this is that Google Play is moving away from requiring the upload of multiple publisher-signed APK packages. Instead, the recommended form of distribution now is the new AAB format: An unsigned package that contains all supported target ABIs in one. Based on this, the app store will generate signed APKs that are suitable and optimized for the device issuing the request. Read more

Linux-powered NVR system offers up to eight PoE+ ports

SolidRun’s rugged “ClearFog GTR A385” NVR system runs Linux on a Marvell Armada A385 and offers 4x 90W PoE++ or 8x 30W PoE+ camera ports plus powered GbE PoE WAN and 2.5Gbps SFP+ ports, 3x mini-PCIe, and optional 2x SATA. SolidRun announced a fanless network video recorder for indoor or outdoor surveillance and industrial infrastructure applications. The ClearFog GTR A385 is available in an unpriced S4 model and a $345 L8 model. Both provide 4x PoE++ Gigabit Ethernet ports for 90W Power-over-Ethernet control of cameras. The L8 model provides four more GbE/PoE ports that can be configured with the first four ports to alternatively support 8x 30W PoE+ (802.3bt) connections. All the ports are 802.3at/af/bt-compliant power sourcing equipment (PSE) ports with up to type 4 PoE support. Read more

Manjaro Linux 18.1.0 Juhraya Cinnamon - Spicy but sweet

You know how the popular saying goes. When it rains ... people drive slowly just to annoy you. But as it happens, I received a bunch of emails from people asking me two things: 1) Why have I not recently done any more Cinnamon reviews (other than Mint)? 2) When am I going to review the latest version of Manjaro 18.1 Juhraya? The answer to these question is: yes. At the same time! I decided to try Manjaro Cinnamon, not something I've done before, so it should be an interesting, refreshing and hopefully worthwhile exercise. The test box will be the same one I used for the Illyria Xfce test, so we can compare things in earnest - and accurately. This is an eight-book mixed Windows & Linux box, and it comes with UEFI, Intel graphics, 16 sweet partitions, and another instance of Manjaro that we won't touch in this review. Begin to start. Read more