Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 26 min 48 sec ago

Security updates for Friday

Friday 28th of June 2019 01:16:45 PM
Security updates have been issued by Debian (expat and mupdf), Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (thunderbird), Oracle (thunderbird and vim), SUSE (glibc), and Ubuntu (poppler).

[$] Providing wider access to bpf()

Thursday 27th of June 2019 02:56:30 PM
The bpf() system call allows user space to load a BPF program into the kernel for execution, manipulate BPF maps, and carry out a number of other BPF-related functions. BPF programs are verified and sandboxed, but they are still running in a privileged context and, depending on the type of program loaded, are capable of creating various types of mayhem. As a result, most BPF operations, including the loading of almost all types of BPF program, are restricted to processes with the CAP_SYS_ADMIN capability — those running as root, as a general rule. BPF programs are useful in many contexts, though, so there has long been interest in making access to bpf() more widely available. One step in that direction has been posted by Song Liu; it works by adding a novel security-policy mechanism to the kernel.

Stable kernels 4.14.131, 4.9.184, and 4.4.184

Thursday 27th of June 2019 02:40:27 PM
Greg Kroah-Hartman has released the 4.14.131, 4.9.184, and 4.4.184 stable kernels. Each contains a single patch that fixes a problem in the TCP SACK panic fixes that was commonly seen by the Steam gaming community.

Security updates for Thursday

Thursday 27th of June 2019 02:01:28 PM
Security updates have been issued by Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (ansible, compat-openssl098, exempi, glib2, gstreamer-0_10-plugins-base, gstreamer-plugins-base, libmediainfo, libssh2_org, SDL2, sqlite3, and wireshark), Oracle (firefox), Red Hat (thunderbird and vim), Scientific Linux (firefox), SUSE (java-1_8_0-ibm), and Ubuntu (bzip2 and expat).

[$] LWN.net Weekly Edition for June 27, 2019

Thursday 27th of June 2019 12:31:59 AM
The LWN.net Weekly Edition for June 27, 2019 is available.

[$] An openSUSE foundation proposal

Wednesday 26th of June 2019 07:59:34 PM
Over the past couple of months, things have been moving fairly swiftly toward the establishment of a separate entity to govern the openSUSE project. The idea is mainly meant to set up an organization that can receive and disburse funds on behalf of the project, rather than as some kind of move away from its parent company, SUSE. Also, while SUSE seems to be in a healthy position with a strong interest in supporting and working on openSUSE, that could change down the road, so a foundation or similar organization seems like the right way to go. At this point, the first draft of the foundation proposal has been posted; it generally has the support of SUSE management, so it is time to see what thoughts the community has.

Security updates for Wednesday

Wednesday 26th of June 2019 02:11:07 PM
Security updates have been issued by Debian (python3.4), Oracle (firefox), Red Hat (firefox and kernel-alt), SUSE (ImageMagick and SUSE Manager Server 3.2), and Ubuntu (bzip2).

[$] CVE-less vulnerabilities

Tuesday 25th of June 2019 08:49:49 PM
More bugs in free software are being found these days, which is good for many reasons, but there are some possible downsides to that as well. In addition, projects like OSS-Fuzz are finding lots of bugs in an automated fashion—many of which may be security relevant. The sheer number of bugs being reported is overwhelming many (most?) free-software projects, which simply do not have enough eyeballs to fix, or even triage, many of the reports they receive. A discussion about that is currently playing out on the oss-security mailing list.

GitLab 12.0

Tuesday 25th of June 2019 06:04:26 PM
GitLab 12.0 has been released. "GitLab gives users the ability to automatically create review apps for each merge request. This allows anyone to see how the design or UX has been changed. In GitLab 12.0, we are expanding the ability to discuss those changes by bringing the ability to insert visual review tools directly into the Review App itself. With a small code snippet, users can enable designers, product managers, and other stakeholders to quickly provide feedback on a merge request without leaving the app." Other features include the ability to easily access a project's Dependency List, restrict access by IP address, and much more.

Three stable kernel updates

Tuesday 25th of June 2019 02:35:07 PM
Stable kernels 5.1.15, 4.19.56, and 4.14.130 have been released. The all contain important fixes and users should upgrade.

Security updates for Tuesday

Tuesday 25th of June 2019 02:26:20 PM
Security updates have been issued by CentOS (python), Debian (bzip2, libvirt, python2.7, python3.4, rdesktop, and thunderbird), Fedora (thunderbird and tomcat), openSUSE (aubio, docker, enigmail, GraphicsMagick, and python-Jinja2), SUSE (kernel, libvirt, postgresql96, and tomcat), and Ubuntu (ceph, firefox, imagemagick, libmysofa, linux, linux-hwe, neutron, and policykit-desktop-privileges).

Introducing people.kernel.org

Tuesday 25th of June 2019 02:10:39 PM
Konstantin Ryabitsev has announced a new public blogging platform for kernel developers. "Ever since the demise of Google+, many developers have expressed a desire to have a service that would provide a way to create and manage content in a format that would be more rich and easier to access than email messages sent to LKML. Today, we would like to introduce people.kernel.org, which is an ActivityPub-enabled federated platform powered by WriteFreely and hosted by very nice and accommodating folks at write.as." (LWN looked at WriteFreely back in March).

Changes at the Apache Software Foundation

Tuesday 25th of June 2019 02:00:37 PM
Here's a statement from the Apache Software Foundation regarding changes in its leadership: "It is with a mix of sadness and appreciation that the ASF Board accepted the resignations of Board Member Jim Jagielski, Chairman Phil Steitz, and Executive Vice President Ross Gardler last month." There is no indication of why all these people decided to leave at the same time.

[$] Lockdown as a security module

Monday 24th of June 2019 08:41:09 PM
Technologies like UEFI secure boot are intended to guarantee that a locked-down system is running the software intended by its owner (for a definition of "owner" as "whoever holds the signing key recognized by the firmware"). That guarantee is hard to uphold, though, if a program run on the system in question is able to modify the running kernel somehow. Thus, proponents of secure-boot technologies have been trying for years to provide the ability to lock down many types of kernel functionality on secure systems. The latest attempt posted by Matthew Garrett, at an eyebrow-raising version 34, tries to address previous concerns by putting lockdown under the control of a Linux security module (LSM).

Canonical backtracks on i386 packages

Monday 24th of June 2019 07:14:22 PM
Canonical has let it be known that minds have been changed about removing all 32-bit x86 support from the Ubuntu distribution. "Thanks to the huge amount of feedback this weekend from gamers, Ubuntu Studio, and the WINE community, we will change our plan and build selected 32-bit i386 packages for Ubuntu 19.10 and 20.04 LTS. We will put in place a community process to determine which 32-bit packages are needed to support legacy software, and can add to that list post-release if we miss something that is needed."

Two years of postmarketOS

Monday 24th of June 2019 04:39:53 PM
PostmarketOS is an Alpine Linux based operating system for mobile devices. The postmarketOS blog takes a look at the project after two years of development. "Wouldn't it be great if you could take any obsolete smartphone from the past ten years and replace its outdated and insecure software with a maintained, modular free software stack? How about then using it as a Raspberry Pi-like device for your next tinkering project? With some constraints, postmarketOS makes this possible today for 139 booting devices. Every single package in the whole OS can be updated, with the only exceptions being the vendor's Linux kernel and firmware blobs (if you plan on using them). In a few cases, it is even possible to switch out the discontinued vendor kernel forks with the upstream kernel releases straight from Linus Torvalds."

Security updates for Monday

Monday 24th of June 2019 03:32:39 PM
Security updates have been issued by Debian (jackson-databind, libvirt, pdns, and vim), Fedora (evince, firefox, gjs, libxslt, mozjs60, and poppler), openSUSE (dbus-1, firefox, ImageMagick, netpbm, openssh, and thunderbird), Oracle (libssh2, libvirt, and python), Scientific Linux (python), SUSE (compat-openssl098 , dbus-1 , evince , exempi , firefox , glib2 , gstreamer-0_10-plugins-base , gstreamer-plugins-base , java-1_8_0-ibm , libssh2_org , libvirt , netpbm , samba , SDL2 , sqlite3 , thunderbird , and wireshark ), and Ubuntu (web2py).

Kernel prepatch 5.2-rc6

Sunday 23rd of June 2019 01:10:04 PM
The 5.2-rc6 kernel prepatch has been released. Linus worries that the volume of changes has increased — but not too much. "With all that out of the way, I'm still reasonably optimistic that we're on track for a calm final part of the release, and I don't think there is anything particularly bad on the horizon." He also notes that, due to travel, he'll be releasing 5.2-rc7 later than usual.

Weekend stable kernel updates

Saturday 22nd of June 2019 03:12:19 PM
The 5.1.13, 4.19.54, 4.14.129, 4.9.183, and 4.4.183 stable kernels have all been released with another set of important fixes. A few milliseconds later, 5.1.14 and 4.19.55 came out with one more networking fix.

[$] FreeBSD turns 26

Friday 21st of June 2019 10:18:48 PM
The FreeBSD operating system is continuing to make progress, 26 years after it got its name. Among the areas where work is being done is on improved support for RISC-V, FUSE filesystem updates, C runtime changes, and security improvements. FreeBSD Day is celebrated on June 19, in recognition of the date in 1993 when the name FreeBSD was coined for a fork of the 386BSD project. The first official release of FreeBSD did not occur until November 1, 1993, however.

Ahead of FreeBSD Day, the project released its quarterly report for the first quarter of 2019, outlining some of its ongoing efforts. In addition to the quarterly report, the executive director of the FreeBSD Foundation provided LWN with some insights into the state of the project and the foundation that supports it.

More in Tux Machines

weston 7.0.0

Weston 7.0.0 is released!

ABI note: the return value of two functions introduced in this release
has been changed from void to int: weston_log_scope_printf and
weston_log_scope_vprintf. Additionally weston_binding_destroy has been
made public again.

Daniel Stone (1):
      backend-drm: Enforce content protection for hardware planes

Manuel Stoeckl (1):
      weston-terminal: Ignore SIGPIPE

Marius Vlad (2):
      weston-log: Return bytes written for 'printf()' and 'vprintf()' functions
      compositor: Return the number of bytes written as to format properly

Simon Ser (1):
      build: bump to version 7.0.0 for the official release

sichem (1):
      make weston_binding_destroy public

git tag: 7.0.0
Read more Also: Wayland's Weston 7.0 Compositor Released With PipeWire Streaming Support

today's howtos

MicroK8s Gets Powerful Add-ons

We are excited to announce new Cilium and Helm add-ons, coming to MicroK8s! These add-ons add even more power to your Kubernetes environment built on MicroK8s. The Cilium CNI plugin brings enhanced networking features, including Kubernetes NetworkPolicy support, to MicroK8s. You’ll also get direct CLI access to Cilium within MicroK8s using the microk8s.cilium wrapper. If you do not already have a version of cilium installed you can alias microk8s.cilium to cilium using the following command: snap alias microk8s.cilium cilium Helm, the package manager for Kubernetes will allow even easier management of your MicroK8s environment. Read more

Save Web Pages As Single HTML Files For Offline Use With Monolith (Console)

Monolith is a command line tool to save any web page as a single HTML file that contains everything needed to render web page locally, without needing a working Internet connection. Use this to save web pages containing documentation, wiki articles, and anything else that interests you, for local/offline use. Since the web pages are saved in plain HTML, use a tool that can search in files to quickly find the web page you're looking for. Unlike the regular "Save page as" (or Ctrl + s) option provided by web browsers to save web pages to your computer, which saves web page assets in a folder next to the saved web page, this command line tool retrieves the web page assets and converts them into base64 data URLs, using that in the document instead of the regular URLs. As a result, page assets like Javascript, CSS or images are embedded in the page HTML, so all you need is a web browser to access the locally saved web page. Read more