Odprtokodni pogled

Opensource view

LWN.net

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Posodobljeno: 59 min 5 sec nazaj

[$] 5.4 Merge window, part 2

Pon, 09/30/2019 - 20:34
The release of the 5.4-rc1 kernel and the closing of the merge window for this development cycle came one day later than would have normally been expected. By that time, 12,554 non-merge changesets had been pulled into the mainline repository; that's nearly 2,900 since the first-week summary was written. That relatively small number of changes belies the amount of interesting change that arrived late in the merge window, though; read on for the full list.

The 5.4-rc1 kernel is out

Pon, 09/30/2019 - 20:33
Linus has tagged the 5.4-rc1 release, thus ending the merge window for this development cycle. An apparent linux-kernel outage means that there is no announcement to post yet; we'll do that as soon as it becomes available. Meanwhile, though, everything can be seen in his repository.

Update: the 5.4-rc1 announcement is now available. "I didn't really extend the merge window by a day here, but I gave myself an extra day to merge my pending queue. Thus the Monday date for the rc1 rather than the usual Sunday afternoon."

Exim 4.92.3 security release

Pon, 09/30/2019 - 16:12
Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-based buffer overflow in string_vformat that could lead to remote code execution. "The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist."

Security updates for Monday

Pon, 09/30/2019 - 15:51
Security updates have been issued by CentOS (dovecot, kernel, and qemu-kvm), Debian (cimg, cups, e2fsprogs, exim4, file-roller, golang-1.11, httpie, and wpa), Fedora (curl, ghostscript, ibus, krb5, mod_md, and nbdkit), Mageia (chromium-browser-stable, libheif, and nghttp2), openSUSE (djvulibre, expat, libopenmpt, mosquitto, phpMyAdmin, and webkit2gtk3), Red Hat (nodejs:10), SUSE (gpg2), and Ubuntu (e2fsprogs and exim4).

[$] Compiling to BPF with GCC

Pet, 09/27/2019 - 22:15
The addition of extended BPF to the kernel has opened up a whole range of use cases, but few developers actually write BPF code. It is, like any other assembly-level language, a tedious pain to work with; developers would rather use a higher-level language. For BPF, the language of choice is C, which is compiled to BPF with the LLVM compiler. But, as Jose Marchesi described during the Toolchains microconference at the 2019 Linux Plumbers Conference, LLVM will soon have company, as he has just added support for a BPF back-end to the GCC compiler.

RPM 4.15.0 released

Pet, 09/27/2019 - 22:14
After "more than two years in development and half a year in testing", version 4.15.0 of the RPM package manager has been released. It has a wide range of new features, including faster parallel builds; support for %elif, %elifos, and %elifarch statements in RPM spec files; new %patchlist and %sourcelist sections; experimental support for non-privileged operation in a chroot() environment; and, of course, plenty of bug fixes and such. More details can be found in the release notes.

Purism’s Librem 5 phone starts shipping—a fully open GNU/Linux phone (Ars Technica)

Pet, 09/27/2019 - 20:23
Ars Technica reports on the Librem 5 smartphone from Purism, which has begun shipping. The article provides an initial review of the phone, with pictures of the interface and hardware inside the case. "The Librem 5 is unlike anything else on the market. Not only is it one of the only smartphones on Earth that doesn't ship with Android, a fork of Android, or iOS—Purism's commitment to 100% open software, with no binary blobs, puts severe restrictions on what hardware it can use. Android's core might be open source, but it was always built for wide adoption above all else, with provisions for manufacturers to include as much proprietary code as they want. Purism's demand that everything be open means most of the major component manufacturers were out of the question. Perhaps because of the limited hardware options, the internal construction of the Librem 5 is absolutely wild. While smartphones today are mostly a single mainboard with every component integrated into it, the Librem 5 actually has a pair of M.2 slots that house full-size, off-the-shelf LTE and Wi-Fi cards for connectivity, just like what you would find in an old laptop. The M.2 sockets look massive on top of the tiny phone motherboard, but you could probably replace or upgrade the cards if you wanted."

How to contribute to Fedora (Fedora Magazine)

Pet, 09/27/2019 - 19:27
Over at Fedora Magazine, Ben Cotton has an article on contributing to the Fedora distribution. Obviously, it is pretty Fedora-specific, but the general ideas can be applied to other distributions and/or projects. He lists several areas where contributors are needed—beyond just the obvious candidates: "Cooperative effort is a hallmark of open source communities. One of the best ways to contribute to any project is to help other users. In Fedora, that can mean answering questions on the Ask Fedora forum, the users mailing list, or in the #fedora IRC channel. Many third-party social media and news aggregator sites have discussion related to Fedora where you can help out as well."

[$] Fixing getrandom()

Pet, 09/27/2019 - 16:39
A report of a boot hang in the 5.3 series has led to an enormous, somewhat contentious thread on the linux-kernel mailing list. The proximate cause was some changes that made the ext4 filesystem do less I/O early in the boot phase, incidentally causing fewer interrupts, but the underlying issue was the getrandom() system call, which was blocking until the /dev/urandom pool was initialized—as designed. Since the system in question was not gathering enough entropy due to the lack of unpredictable interrupt timings, that would hang more or less forever. That has called into question the design and implementation of getrandom().

Security updates for Friday

Pet, 09/27/2019 - 14:25
Security updates have been issued by Fedora (dcmtk), openSUSE (rust), Red Hat (redhat-virtualization-host), and SUSE (ghostscript, nghttp2, and u-boot).

[$] Upstreaming multipath TCP

Čet, 09/26/2019 - 16:38
The multipath TCP (MPTCP) protocol (and the Linux implementation of it) have been under development for a solid decade; MPTCP offers a number of advantages for devices that have more than one network interface available. Despite having been deployed widely, though, MPTCP is still not supported by the upstream Linux kernel. At the 2019 Linux Plumbers Conference, Matthieu Baerts and Mat Martineau discussed the current state of the Linux MPTCP implementation and what will be required to get it into the mainline kernel.

Security updates for Thursday

Čet, 09/26/2019 - 15:32
Security updates have been issued by CentOS (dovecot), Debian (lemonldap-ng, openssl, and ruby-nokogiri), openSUSE (fish3, ibus, nmap, and openssl-1_1), Slackware (mozilla), SUSE (mariadb, python-numpy, and SDL2), and Ubuntu (firefox).

[$] LWN.net Weekly Edition for September 26, 2019

Čet, 09/26/2019 - 02:58
The LWN.net Weekly Edition for September 26, 2019 is available.

[$] Monitoring the internal kernel ABI

Sre, 09/25/2019 - 17:23
As part of the Distribution Kernels microconference at Linux Plumbers Conference 2019, Matthias Männich described how the Android project monitors changes to the internal kernel ABI. As Android kernels evolve, typically by adding features and bug fixes from more recent kernel versions, the project wants to ensure that the ABI remains the same so that out-of-tree modules will still function. While the talk was somewhat Android-specific, the techniques and tools used could be applied to other distributions with similar needs (e.g. enterprise distributions).

Security updates for Wednesday

Sre, 09/25/2019 - 16:12
Security updates have been issued by Debian (kernel, libgcrypt20, and spip), Fedora (compat-openssl10, expat, ghostscript, ibus, java-1.8.0-openjdk-aarch32, and SDL2_image), openSUSE (bird, chromium, kernel, libreoffice, links, and varnish), Oracle (httpd:2.4 and qemu-kvm), Red Hat (kernel), Scientific Linux (qemu-kvm), SUSE (djvulibre, dovecot22, ghostscript, kernel, libxml2, and python-Twisted), and Ubuntu (file-roller and libreoffice).

A patent lawsuit against GNOME

Sre, 09/25/2019 - 15:47
A company called Rothschild Patent Imaging LLC has filed a lawsuit [PDF] against the GNOME Foundation, alleging that the Shotwell photo manager violates patent 9,936,086. Stay tuned, more details will surely emerge.

Google Code‑in 2019

Tor, 09/24/2019 - 21:34
Google Code-in (GCI) provides students ages 13 to 17 the opportunity to participate in open source projects. Google has announced the 2019 round of GCI. "New contributors bring fresh perspectives, ideas, and enthusiasm into their open source communities, helping them thrive. Throughout the last 9 years, 58 GCI organizations helped 11,000 students from 108 countries make real contributions to open source projects; and to this day many of those students continue to participate in various open source communities and many have become mentors themselves! Some have even gone on to join Google Summer of Code (GSoC)." Organizations that are interested in mentoring students can apply for GCI starting October 10. GCI begins December 2, 2019 and ends January 23, 2020.

Release for CentOS Linux 8 and CentOS Streams

Tor, 09/24/2019 - 18:40
CentOS Linux 8.0-1905 has been released. The release notes have more details. The CentOS project also introduces CentOS Stream. "CentOS Stream is a rolling-release Linux distro that exists as a midstream between the upstream development in Fedora Linux and the downstream development for Red Hat Enterprise Linux (RHEL). It is a cleared-path to contributing into future minor releases of RHEL while interacting with Red Hat and other open source developers. This pairs nicely with the existing contribution path in Fedora for future major releases of RHEL."

[$] Better guidance for database developers

Tor, 09/24/2019 - 18:05
At the inaugural Databases microconference at the 2019 Linux Plumbers Conference (LPC), two developers who work on rather different database systems had similar complaints about developing for Linux. Richard Hipp, creator of the SQLite database, and Andres Freund from the PostgreSQL project both lamented the lack of definitive documentation on how to best use the kernel's I/O interfaces, especially for corner cases. Both of the sessions, along with others in the microconference, pointed to a strong need for more interaction between user-space and kernel developers.

Security updates for Tuesday

Tor, 09/24/2019 - 15:42
Security updates have been issued by Debian (php5), Fedora (blis, kernel, and kernel-headers), openSUSE (bird, curl, fish3, ghostscript, ibus, kernel, libgcrypt, openldap2, openssl-1_1, skopeo, and util-linux and shadow), Oracle (dovecot and kernel), Red Hat (dovecot, httpd:2.4, qemu-kvm, and redhat-virtualization-host), Scientific Linux (dovecot), SUSE (djvulibre, expat, firefox, libopenmpt, and rust), and Ubuntu (ibus and Mosquitto).
sfy39587f05