Odprtokodni pogled

Opensource view

LWN.net

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Posodobljeno: 39 sec nazaj

Security updates for Monday

Pon, 09/16/2019 - 15:27
Security updates have been issued by Debian (ansible, faad2, linux-4.9, and thunderbird), Fedora (jbig2dec, libextractor, sphinx, and thunderbird), Mageia (expat, kconfig, mediawiki, nodejs, openldap, poppler, thunderbird, webkit2, and wireguard), openSUSE (buildah, ghostscript, go1.12, libmirage, python-urllib3, rdesktop, and skopeo), SUSE (python-Django), and Ubuntu (exim4, ibus, and Wireshark).

[$] The stable-kernel process

Pon, 09/16/2019 - 11:05
The stable kernel process is a perennial topic of discussion at gatherings of kernel developers; the 2019 Linux Kernel Maintainers Summit was no exception. Sasha Levin ran a session there where developers could talk about the problems they have with stable kernels and ponder solutions.

The 5.3 kernel is out

Pon, 09/16/2019 - 06:50
The 5.3 kernel is available at last. The announcement includes a long discussion about user-space regressions — an ext4 filesystem performance improvement had caused some systems to fail booting due to a lack of entropy early after startup. "It's more that it's an instructive example of what counts as a regression, and what the whole 'no regressions' kernel rule means. The reverted commit didn't change any API's, and it didn't introduce any new bugs. But it ended up exposing another problem, and as such caused a kernel upgrade to fail for a user. So it got reverted."

Some of the more significant changes in 5.3 include scheduler utilization clamping, the pidfd_open() and clone3() system calls, bounded loop support for BPF programs, support for the 0.0.0.0/8 IPv4 address range, a new configuration option for the soon-to-be-merged realtime preemption code, and more. See the KernelNewbies 5.3 page for lots of details.

[$] Dealing with automated kernel bug reports

Ned, 09/15/2019 - 08:36
There is value in automatic testing systems, but they also present a problem of their own: how can one keep up with the high volume of bug reports that they generate? At the 2019 Linux Kernel Maintainers Summit, Shuah Khan ran a session dedicated to this issue. There was general agreement that the reports are hard to deal with, but not a lot of progress toward a solution.

[$] Defragmenting the kernel development process

Sob, 09/14/2019 - 08:22
The first session at the 2019 Linux Kernel Maintainers Summit was a last-minute addition to the schedule. Dmitry Vyukov's Linux Plumbers Conference session on the kernel development process (slides [PDF]) had inspired a number of discussions that, it was agreed, should carry over into the summit. The result was a wide-ranging conversation about the kernel's development tools and what could be done to improve them.

Security updates for Friday

Pet, 09/13/2019 - 15:49
Security updates have been issued by Debian (curl, dnsmasq, and golang-go.crypto), Mageia (docker, firefox, flash-player-plugin, ghostscript, links, squid, sympa, tcpflow, thunderbird, and znc), openSUSE (srt), Oracle (.NET Core, kernel, libwmf, and poppler), Scientific Linux (firefox), SUSE (cri-o, curl, java-1_8_0-ibm, python-SQLAlchemy, and python-urllib3), and Ubuntu (curl and expat).

[$] Comparing GCC and Clang security features

Čet, 09/12/2019 - 23:33
Hardening must be performed at all levels of a system, including in the compiler that is used to build that system. There are two viable compilers in the free-software community now, each of which offers a different set of security features. Kees Cook ran a session during the Toolchains microconference at the 2019 Linux Plumbers Conference that examined the security-feature support provided by both GCC and LLVM Clang, noting the places where each one could stand to improve.

Security updates for Thursday

Čet, 09/12/2019 - 15:48
Security updates have been issued by Arch Linux (exim, firefox, and webkit2gtk), Debian (libonig and opensc), Fedora (cobbler), Oracle (firefox and kernel), Red Hat (flash-plugin, kernel, kernel-rt, rh-maven35-jackson-databind, rh-nginx110-nginx, and rh-nginx112-nginx), Scientific Linux (kernel), Slackware (curl, mozilla, and openssl), SUSE (ceph, libvirt, and python-Werkzeug), and Ubuntu (vlc and webkit2gtk).

[$] LWN.net Weekly Edition for September 12, 2019

Čet, 09/12/2019 - 01:31
The LWN.net Weekly Edition for September 12, 2019 is available.

[$] Topics from the Open Printing microconference

Sre, 09/11/2019 - 19:40
On day two of the 2019 Linux Plumbers Conference, two of the principals behind the Open Printing project led the very first Open Printing microconference. Project leader Till Kamppeter and program manager Aveek Basu described the current state of printing on Linux and some of the plans for the future, including supporting scanning for multi-function devices. The picture they painted was rosy, at least for printing, which may not quite match the experience of many Linux users. As with many projects, though, Open Printing is starved for contributors—something that was reflected in the sparse attendance at the microconference.

[$] The USB debugging arsenal

Sre, 09/11/2019 - 17:31
At the 2019 Embedded Linux Conference North America, which was held in San Diego in August, Krzysztof Opasiak gave a presentation on demystifying the ways to monitor—and even change—USB traffic on a Linux system. He started with the basics of the USB protocol and worked up into software and hardware tools to observe, modify, and fuzz the messages that get sent. Those tools are part of the arsenal that is available to those interested in looking deeply into USB.

[$] SGX and security modules

Sre, 09/11/2019 - 16:25
Software Guard Extensions (SGX) is a set of security-related instructions for Intel processors; it allows the creation of private regions of memory, called "enclaves". The aim of this feature is to work like an inverted sandbox: instead of protecting the system from malicious code, it protects an application from a compromised kernel hypervisor, or other application. Linux support for SGX has existed out-of-tree for years, and the effort of upstreaming it has reached an impressive version 22 of the patch set. During the upstreaming discussion, the kernel developers discovered that the proposed SGX API did not play nicely with existing security mechanisms, including Linux security modules (LSMs).

Security updates for Wednesday

Sre, 09/11/2019 - 15:32
Security updates have been issued by Fedora (python38), openSUSE (nginx, nodejs10, nodejs8, python-Twisted, python-Werkzeug, SDL2_image, SDL_image, and util-linux and shadow), Oracle (firefox and nghttp2), Red Hat (.NET Core, firefox, kernel, libwmf, pki-deps:10.6, and poppler), Scientific Linux (firefox), SUSE (ghostscript, libgcrypt, podman, python-SQLAlchemy, qemu, and webkit2gtk3), and Ubuntu (curl, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, systemd, and tomcat8).

CodeWeavers mourns Józef Kucia

Tor, 09/10/2019 - 16:26
The CodeWeavers blog carries the sad news that Józef Kucia died last month. "Józef first contributed to Wine in March of 2012, showing remarkable skill with Wine’s D3D technology. He became a key contributor to Wine, submitting over 2,500 patches. He also contributed to other open source projects including Mesa and Debian. Józef founded and led the vkd3d project and provided insight and guidance to the Vulkan working group. Józef joined CodeWeavers in 2015, and quickly became one of our most valued employees."

A set of stable kernels

Tor, 09/10/2019 - 16:02
Stable kernels 5.2.14, 4.19.72, 4.14.143, 4.9.192, and 4.4.192 have been released. They all contain important fixes and users should upgrade.

Security updates for Tuesday

Tor, 09/10/2019 - 15:50
Security updates have been issued by Debian (docker.io, icedtea-web, and trafficserver), openSUSE (opera), Red Hat (bind, firefox, go-toolset:rhel8, kernel, nghttp2, and polkit), SUSE (buildah, curl, java-1_7_1-ibm, and skopeo), and Ubuntu (freetype, memcached, python2.7, python3.4, and python2.7, python3.5, python3.6, python3.7).

[$] 5.3 Kernel development cycle statistics

Pon, 09/09/2019 - 16:30
It's that time of the development cycle again: work on the 5.3 kernel is winding down with an expected final release date of September 15. Read on for LWN's traditional look at where the code in 5.3 came from in this relatively busy development cycle.

Security updates for Monday

Pon, 09/09/2019 - 15:23
Security updates have been issued by Debian (expat, ghostscript, libreoffice, and memcached), Fedora (chromium, grafana, kea, nsd, pdfbox, roundcubemail, and SDL), Gentoo (apache, dbus, exim, libsdl2, pango, perl, vlc, and webkit-gtk), Mageia (dovecot, giflib, golang, icedtea-web, irssi, java-1.8.0-openjdk, libgcrypt, libmspack, mercurial, monit, php, poppler, python-urllib3, rdesktop, SDL12, sdl2, sigil, sqlite3, subversion, tomcat, and zstd), openSUSE (chromium, exim, go1.12, httpie, libmirage, python-SQLAlchemy, and srt), Oracle (firefox, ghostscript, and kernel), SUSE (apache2, mariadb, mariadb-connector-c, postgresql94, python-Django1, python-Pillow, python-urllib3, and qemu), and Ubuntu (exim4).

Kernel prepatch 5.3-rc8

Pon, 09/09/2019 - 08:37
The eighth and presumably final 5.3 prepatch is out for testing. "So we probably didn't strictly need an rc8 this release, but with LPC and the KS conference travel this upcoming week it just makes everything easier."

Critical vulnerability in Exim

Pet, 09/06/2019 - 15:29
Anybody running the Exim mail system will want to apply the updates that are being released today; there is a remote code-execution vulnerability in its TLS-handling code with a known proof-of-concept exploit. As the advisory says: "If your Exim server accepts TLS connections, it is vulnerable".
sfy39587f05