Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 59 min ago

Security updates for Monday

5 hours 3 sec ago
Security updates have been issued by Debian (chromium-browser and lxml), Fedora (cairo, hadoop, and polkit), Mageia (tomcat), openSUSE (apache2-mod_jk, Chromium, dom4j, ImageMagick, libgit2, messagelib, ncurses, openssl-1_0_0, otrs, pam, php5, php7, postgresql10, rubygem-activejob-5_1, tiff, and tomcat), Red Hat (chromium-browser and rh-git218-git), Slackware (php), SUSE (audiofile, cri-o and kubernetes packages, cups, ImageMagick, libwpd, SMS3.2, and systemd), and Ubuntu (lxml).

Kernel prepatch 4.20-rc6

Monday 10th of December 2018 07:52:47 AM
The 4.20-rc6 kernel prepatch is out for testing. "Most of it looks pretty small and normal. Would I have preferred for there to be less churn? Yes. But it's certainly smaller than rc5 was, so we're moving in the right direction, and we have at least one more rc to go."

More stable kernel updates

Saturday 8th of December 2018 06:34:40 PM
The stable kernel process continues to churn out releases; 4.19.8, 4.14.87, and 4.9.144 are now available with another set of important fixes.

[$] Kernel quality control, or the lack thereof

Friday 7th of December 2018 06:28:33 PM
Filesystem developers tend toward a high level of conservatism when it comes to making changes; given the consequences of mistakes, this seems like a healthy survival trait. One might rightly be tempted to regard a recent disagreement over the backporting of filesystem-related fixes to the stable kernels as an example of this conservatism, but there is more to it. The kernel development process has matured in many ways over the years; perhaps this discussion hints at some of the changes that will be needed to continue that maturation in the future.

Security updates for Friday

Friday 7th of December 2018 04:05:09 PM
Security updates have been issued by Arch Linux (jupyter-notebook), CentOS (ghostscript), Debian (libphp-phpmailer and policykit-1), Fedora (bird), Gentoo (ede), Mageia (flash-player-plugin), openSUSE (dom4j, dpdk, glib2, nextcloud, postgresql94, and qemu), Oracle (kernel), SUSE (firefox, libarchive, libgit2, libreoffice, ncurses, openssl-1_0_0, squid, and tiff), and Ubuntu (ghostscript, openssl, openssl1.0, and wavpack).

[$] Toward race-free process signaling

Thursday 6th of December 2018 06:51:45 PM
Signals have existed in Unix systems for years, despite the general consensus that they are an example of a bad design. Extensions and new ways of using signals pop up from time to time, fixing the issues that have been found. A notable addition was the introduction of signalfd() nearly 10 years ago. Recently, the kernel developers have discussed how to avoid race conditions related to process-ID (PID) recycling, which occurs when a process terminates and another one is assigned the same PID. A process that fails to notice that its target has exited may try to send a signal to the wrong recipient, with potentially grave consequences. A patch set from Christian Brauner is trying to solve the issue by adding signaling via file descriptors.

Microsoft's Edge browser moving to Chromium

Thursday 6th of December 2018 05:35:39 PM
Microsoft has announced that its "Edge" browser is joining the Chromium world. "Today we’re announcing that we intend to adopt the Chromium open source project in the development of Microsoft Edge on the desktop to create better web compatibility for our customers and less fragmentation of the web for all web developers. As part of this, we intend to become a significant contributor to the Chromium project, in a way that can make not just Microsoft Edge — but other browsers as well — better on both PCs and other devices."

Security updates for Thursday

Thursday 6th of December 2018 02:42:13 PM
Security updates have been issued by Mageia (kio-extras), Red Hat (flash-plugin and openstack-neutron), Slackware (gnutls and nettle), SUSE ( aphp53, apache2, apache2-mod_jk, compat-openssl097g, firefox, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, glib2, kvm, mariadb, ncurses, openssl-1_0_0, openssl1, pam, php5, php7, qemu, rubygem-activejob-5_1, tomcat, and wireshark), and Ubuntu (libraw and spamassassin).

[$] LWN.net Weekly Edition for December 6, 2018

Thursday 6th of December 2018 01:35:19 AM
The LWN.net Weekly Edition for December 6, 2018 is available.

Videos from the Linux Plumbers Conference

Wednesday 5th of December 2018 08:49:01 PM
Videos from the 2018 Linux Plumbers Conference (November 13-15, Vancouver) have now been posted for all sessions, including the Kernel Summit and Networking tracks. They can be found by going to the detailed schedule and clicking on the session of interest.

[$] Investigating GitLab

Wednesday 5th of December 2018 08:10:42 PM

Daniel Vetter began his talk in the refereed track of the 2018 Linux Plumbers Conference (LPC) by noting that it would be in a somewhat similar vein to other talks he has given, since it is about tooling and workflows that are outside of the kernel norm. But, unlike those other talks that concerned changes that had already taken place, this talk was about switching open-source graphics projects to using a hosted version of GitLab, which has not yet happened. In it, he wanted to share his thoughts about why he thinks migrating to GitLab makes sense for the kernel graphics community—and maybe the kernel as a whole.

Stable kernel updates

Wednesday 5th of December 2018 08:09:37 PM
Stable kernels 4.19.7, 4.14.86, and 4.9.143 have been released, with the usual set of important fixes throughout the tree.

Security updates for Wednesday

Wednesday 5th of December 2018 03:54:19 PM
Security updates have been issued by Debian (suricata), Fedora (cobbler), Oracle (ghostscript), Red Hat (ansible), and Scientific Linux (ghostscript and ruby).

Critical Kubernetes privilege escalation disclosed

Tuesday 4th of December 2018 07:00:57 PM
A critical flaw in the Kubernetes container orchestration system has been announced. It will allow any user to compromise a Kubernetes cluster by way of exploiting any aggregated API server that is deployed for it. This affects all Kubernetes versions 1.0 to 1.12, but is only fixed in the supported versions (in 1.10.11, 1.11.5, and 1.12.3). "With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection. [...] In default configurations, all users (authenticated and unauthenticated) are allowed to perform discovery API calls that allow this escalation. [...] There is no simple way to detect whether this vulnerability has been used. Because the unauthorized requests are made over an established connection, they do not appear in the Kubernetes API server audit logs or server log. The requests do appear in the kubelet or aggregated API server logs, but are indistinguishable from correctly authorized and proxied requests via the Kubernetes API server." Kubernetes users should obviously update as soon as possible.

[$] Unexpected fallout from /usr merge in Debian

Tuesday 4th of December 2018 06:41:24 PM

Back in 2011, Harald Hoyer and Kay Sievers came up with a proposal for Fedora to merge much of the operating system into /usr; former top-level directories, /bin, /lib, and /sbin, would then become symbolic links pointing into the corresponding subdirectories of /usr. Left out of the merge would be things like configuration files in /etc, data in /var, and user home directories. This change was aimed at features like atomic upgrades and easy snapshots. The switch to a merged /usr was successful for Fedora 17; many other distributions (Arch, OpenSUSE, Mageia, just to name a few) have followed suit. More recently, Debian has been working toward a merged /usr, but it ran into some surprising problems that are unique to the distribution.

Security updates for Tuesday

Tuesday 4th of December 2018 04:16:40 PM
Security updates have been issued by Fedora (glibc, qemu, and tmux), Mageia (messagelib), Oracle (ghostscript), Red Hat (ghostscript, OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, OpenShift Container Platform 3.2, OpenShift Container Platform 3.3, OpenShift Container Platform 3.4, OpenShift Container Platform 3.5, OpenShift Container Platform 3.6, and OpenShift Container Platform 3.8), Slackware (mozilla), and Ubuntu (linux, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, linux-gcp, perl, and poppler).

[$] Bounded loops in BPF programs

Monday 3rd of December 2018 10:45:39 PM
The BPF verifier is charged with ensuring that any given BPF program is safe for the kernel to load and run. Programs that fail to terminate are clearly unsafe, as they present an opportunity for denial-of-service attacks. In current kernels, the verifier uses a heavy-handed technique to block such programs: it disallows any program containing loops. This works, but at the cost of disallowing a wide range of useful programs; if the verifier could determine whether any given loop would terminate within a bounded time, this restriction could be lifted. John Fastabend presented a plan for doing so during the BPF microconference at the 2018 Linux Plumbers Conference.

CentOS Linux 7.6 (1810) released

Monday 3rd of December 2018 07:47:54 PM
CentOS has released CentOS Linux 7.6 (1810). "Updates released since the upstream release are all posted, across all architectures. We strongly recommend every user apply all updates, including the content released today, on your existing CentOS Linux 7 machine by just running 'yum update'." See the release notes for more information.

Security updates for Monday

Monday 3rd of December 2018 04:23:15 PM
Security updates have been issued by Debian (nsis, openssl, poppler, and tiff), Fedora (dnsdist, drupal7, kernel, kernel-headers, kernel-tools, net-snmp, perl, php-Smarty2, and samba), Gentoo (connman, nagios-core, php, and webkit-gtk), Mageia (apache-mod_perl, kdeconnect-kde, and python-requests), Red Hat (rh-postgresql10-postgresql), and SUSE (kernel).

Kernel prepatch 4.20-rc5

Monday 3rd of December 2018 06:36:03 AM
The 4.20-rc5 kernel prepatch is out; among other things, it contains the STIBP changes described in this article. Linus is also thinking about release timing: "So my current suggestion is that we plan on a Christmas release, everybody gets their pull requests for the next merge window done *before* the holidays, and then we see what happens. I think we all want to have a calm holiday season without either the stress of a merge window _or_ the stress of prepping for one."

More in Tux Machines

Security: Updates, Best VPNs for GNU/Linux, and Google+ Chaos Again

  • Security updates for Monday
  • Best VPNs for Linux
  • After a Second Data Leak, Google+ Will Shut Down in April Instead of August
    Back in October, a security hole in Google+’s APIs lead Google to announce it was shutting down the service. Now, a second data leak has surfaced, causing the company to move the shutdown up by four months. This new data leak is quite similar to the first one: profile information such as name, email address, age, and occupation was exposed to developers, even for private profiles. It’s estimated that upwards of 52 million users were affected by this leak. The good news is that while the first hole was open for three years, this one was only an issue for six days, from November 7th to the 13th, 2018.

Linux and Linux Foundation Leftovers

  • Initial i.MX8 SoC Support & Development Board Possibly Ready For Linux 4.21
    While the i.MX8 series was announced almost two years ago and the open-source developers working on the enablement for these new NXP SoCs hoped for initial support in Linux 4.17, the Linux 4.21 kernel that will be released in the early months of 2019 is slated to possibly have the first i.MX8 support in the form of the i.MX8MQ and also supporting its development/evaluation board.
  • AeonWave: An Open-Source Audio Engine Akin To Microsoft's XAudio2 / Apple CoreAudio
    An open-source audio initiative that's been in development for years but flying under our radar until its lead developer chimed in is AeonWave, which supports Windows and Linux systems while being inspired by Microsoft XAudio and Apple's CoreAudio.
  • Take Linux Foundation Certification Exams from Anywhere
    2018 has seen a new wave of popularity for the open source community and it has sparked more interest in potential engineers, system administrators, and Linux experts. 2019 is around the corner and now is a good time to look up Linux certification examinations that will enable you to progress in your career. The good news we have for you is that the Linux Foundation has made certification examinations available online so that IT enthusiasts can get certificates in a wide range of open source domains.

Games Leftovers

  • The Linux version of Civilization VI has been updated with cross-platform multiplayer support
    Just in time for the holidays, Linux gamers finally have version parity with other platforms. Expect to be able to spend just one more turn playing with friends on other operating systems.
  • John Romero has announced a free unofficial spiritual successor to The Ultimate DOOM's 4th episode
    John Romero, one of the co-founders of id Software has revealed he's been working on SIGIL, a free megawad for the original 1993 DOOM. [...] These boxes, will contain music from Buckethead, along with a custom song written expressly for SIGIL. A tempting purchase for any big DOOM fan, I especially love the sound of a 16GB 3-1/2-inch floppy disk-themed USB. You have until December 24, 2018 to order one and I imagine stock will go quite quickly.
  • Unvanquished Open-Source Game Sees Its First Alpha Release In Nearly Three Years
    Unvanquished had been easily one of the most promising open-source games several years back with decent in-game visuals/art, a continually improving "Daemon" engine that was a distant mod of ioquake3 while leveraging ETXReaL components and more, and all-around a well-organized, advancing open-source game project. Their monthly alpha releases stopped almost three years ago while today that's changed just ahead of Christmas. The Unvanquished developers announced Unvanquished Alpha 51 today as their first release in two years and eight months after having made fifty monthly alpha releases. While this is the fifty-first alpha, the developers say they should soon be ready for the beta drop.
  • Unvanquished, the free and open source shooter has a huge new release now out
    After being quiet for some time, the Unvanquished team is back and they have quite a lot to show off in the new release of their free and open source shooter. This is their first new release since April 2016, so the amount that's changed is quite striking! Hopefully, this will be the start of regular release once again, since they used to do monthly releases a few years ago and it was fun to watch it grow.
  • Valve adds even more gamepad support to their latest client beta
    Valve are continuing to support as many devices as possible with a new Steam client beta now available. Since there's no gamepad to rule them all, it makes sense for Valve to support as many as they can. Even though I love the Steam Controller, I do understand that it's not going to be a good fit for everyone. Now, Steam will support the PowerA wired/wireless GameCube Style controllers, PowerA Enhanced Wireless Controller and the PDP Faceoff Wired Pro Controller to boost their already rather large list of supported devices.
  • The turn-based tactical RPG Fell Seal: Arbiter's Mark is coming along nicely
    After a few months in Early Access, the tactical RPG Fell Seal: Arbiter's Mark has come along nicely and it's quite impressive. It became available on Steam back in August, this was with same-day Linux support as promised from developer 6 Eyes Studio after their successful Kickstarter.
  • Citra, the Nintendo 3DS emulator now has 'Accurate Audio Emulation'
    Citra, the impressive and quickly moving Nintendo 3DS emulator has a new progress report out and it sounds great. They've made some great progress on accurate audio emulation, with their new "LLE (Accurate)" option. They say this has enabled games like Pokémon X / Y, Fire Emblem Fates and Echoes and more to work. There's a downside though, that currently the performance does take quite a hit with it so they're still recommending the "HLE (Fast)" setting for now. They go into quite a lot of detail about how they got here, with plenty of bumps along the way. Most of the work towards this, was done by a single developer who suffered a bit of a burn-out over it.
  • Mindustry, an open source sandbox Tower Defense game that's a little like Factorio
    Available under the GPL, the developer originally made it for the GDL Metal Monstrosity Jam which happened back in 2017 and it ended up winning! Seems the developer didn't stop development after this, as they're currently going through a new major release with regular alpha builds.
  • Have graphical distortions in Unity games with NVIDIA? Here's a workaround
    It seems a lot of Unity games upgrading to later versions of Unity are suffering from graphical distortions on Linux with an NVIDIA GPU. There is a workaround available.

Wine-Staging 4.0-RC1 Released With Just Over 800 Patches On Top Of Wine

Released on Friday was Wine 4.0-RC1 while coming out over the weekend was the Wine-Staging re-base that is carrying still over 800 patches on top of the upstream Wine code-base. Wine-Staging 4.0-RC1 is available with 805 patches over what's found in the "vanilla" Wine code-base. But prior to the Wine 4.0 RC1 milestone there were a fair number of patches that were promoted upstream including ntoskrnl, WindowsCodecs, user32, and DXGI changes. Read more