User: Password:
|
|
Subscribe / Log in / New account

Welcome to LWN.net

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] 4.13 Merge window, part 2
[Kernel] Posted Jul 16, 2017 15:06 UTC (Sun) by corbet

By the end of the 4.13 merge window, 11,258 non-merge changesets had been pulled into the mainline repository — about 3,600 since the first half of this series was written. That is nowhere near the 12,920 changesets that landed during the 4.12 merge window, but it still makes for a typically busy development cycle. What follows is a summary of the more interesting changes found in those last 3,600+ changesets.

Full Story (comments: 7)

Security updates for Monday
[Security] Posted Jul 17, 2017 15:32 UTC (Mon) by ris

Security updates have been issued by Arch Linux (apache, evince, and mosquitto), Debian (apache2, evince, heimdal, and knot), Fedora (c-ares, cacti, evince, GraphicsMagick, httpd, jabberd, libgcrypt, openvas-cli, openvas-gsa, openvas-libraries, openvas-manager, openvas-scanner, poppler, qt5-qtwebengine, qt5-qtwebkit, spatialite-tools, and sqlite), openSUSE (gnutls, ncurses, qemu, and xorg-x11-server), Slackware (mariadb and samba), SUSE (cryptctl), and Ubuntu (heimdal and samba).

Full Story (comments: none)

[$] Rethinking the Stack Clash fix
[Kernel] Posted Jul 13, 2017 18:31 UTC (Thu) by corbet

It has been nearly one month since the Stack Clash vulnerability was disclosed and some hardening measures were rushed into the 4.12 kernel release. Since then, a fair amount of work has gone into fixing problems caused by those measures and porting the result back to stable kernel releases. Now, it seems, the kernel developers are considering taking a different approach entirely.

Full Story (comments: 16)

Mageia 6 released
[Distributions] Posted Jul 16, 2017 17:49 UTC (Sun) by corbet

Version 6 of the Mageia distribution is available. "Though Mageia 6’s development was much longer than anticipated, we took the time to polish it and ensure that it will be our greatest release so far." Highlights include KDE Plasma 5, the DNF package manager as an alternative to urpmi, and an experimental ARM port. Details can be found in the release notes.

Comments (none posted)

[$] LWN.net Weekly Edition for July 13, 2017
Posted Jul 13, 2017 0:02 UTC (Thu)

The LWN.net Weekly Edition for July 13, 2017 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Magit; User=0day in systemd; OpenBSD KARL; 4.13; Hardened usercopy whitelisting; Fedora 26.
  • Briefs: LSS schedule; Fedora 26; Qubes laptop; McGrath bows out; EME; SPI annual report; Quotes; ...
  • Announcements: Newsletters, events, security updates, kernel patches, ...
Read more

Kernel prepatch 4.13-rc1
[Kernel] Posted Jul 16, 2017 15:01 UTC (Sun) by corbet

Linus has released 4.13-rc1 and closed the merge window for this cycle. "Once again, the diffstat is absolutely dominated by some AMD gpu header files, but if you ignore that, things look pretty regular, with about two thirds drivers and one third "rest" (architecture, core kernel, core networking, tooling)."

Comments (none posted)

[$] OpenBSD kernel address randomized link
[Security] Posted Jul 12, 2017 21:52 UTC (Wed) by jake

A less than two-month-old project for OpenBSD, kernel address space randomized link (KARL), has turned the kernel into an object that is randomized on every boot. Instead of the code being stored in the same location for every boot of a given kernel, each boot will be unique. Unlike Linux's kernel address space layout randomization (KASLR), which randomizes the base address for all of the kernel code on each boot, KARL individually randomizes the object files that get linked into the binary. That means that a single information leak of a function address from the kernel does not leak information about the location of all other functions.

Full Story (comments: 16)

A whole pile of stable kernels
[Kernel] Posted Jul 15, 2017 13:47 UTC (Sat) by jake

Greg Kroah-Hartman has announced the release of five new stable kernels: 4.12.2, 4.11.11. 4.9.38, 4.4.77, and 3.18.61. As usual, they contain important fixes and users should upgrade.

Comments (none posted)

[$] Highlights in Fedora 26
[Distributions] Posted Jul 12, 2017 19:31 UTC (Wed) by jake

The much anticipated release of Fedora 26 was made on July 11. As usual, it came with a wide array of updated packages, everything from the kernel through programming languages to desktops, but there are also internal tools and installation mechanisms that have changed as well. Beyond that, the new Python Classroom Lab is aimed at teachers and instructors to make it easier to get a full-featured Python (of various flavors and with lots of extras) in several different easily installable forms. Though it was delayed by more than a month from its original planned release date—something the project embraces at some level—Fedora 26 looks like it was worth waiting for.

Full Story (comments: 12)

Drupal Association and project lead statement regarding Larry Garfield
[Development] Posted Jul 14, 2017 16:53 UTC (Fri) by corbet

The Drupal Association has issued a lengthy statement on why Larry Garfield has been removed from his management roles in the Drupal project. "Larry's subsequent blog posts harmed the community and had a material impact on the Drupal Association, including membership cancellations from those who believed we doxed, bullied, and discriminated against Larry as well as significant staff disruption. Due to the harm caused, the Drupal Association is removing Larry Garfield from leadership roles that we are responsible for, effective today." See this article for background information.

Comments (29 posted)

[$] User=0day considered harmful in systemd
[Security] Posted Jul 12, 2017 16:35 UTC (Wed) by jake

Validating user input is a long-established security best practice, but there can be differences of opinion about what should be done when that validation fails. A recently reported bug in systemd has fostered a discussion on that topic; along the way there has also been discussion about how much validation systemd should actually be doing and how much should be left up to the underlying distribution. The controversy all revolves around usernames that systemd does not accept, but that some distributions (and POSIX) find to be perfectly acceptable.

Full Story (comments: 65)

Security updates for Friday
[Security] Posted Jul 14, 2017 15:16 UTC (Fri) by jake

Security updates have been issued by Debian (bind9, heimdal, samba, and xorg-server), Fedora (cacti, evince, expat, globus-ftp-client, globus-gass-cache-program, globus-gass-copy, globus-gram-client, globus-gram-job-manager, globus-gram-job-manager-condor, globus-gridftp-server, globus-gssapi-gsi, globus-io, globus-net-manager, globus-xio, globus-xio-gsi-driver, globus-xio-pipe-driver, globus-xio-udt-driver, jabberd, myproxy, perl-DBD-MySQL, and php), openSUSE (libcares2), SUSE (xorg-x11-server), and Ubuntu (evince and nginx).

Full Story (comments: none)

[$] Emacs and Magit
[Development] Posted Jul 12, 2017 2:38 UTC (Wed) by corbet

The Git source-code management system is widely known for its flexibility and for the distributed development model that it supports. Its reputation for ease of use is ... less well established. There should, thus, be an opening for front-end systems that can make Git easier to use. One of the most comprehensive Git front ends, Magit, works within the Emacs editor and has a wide following. But Magit has run into some turbulence within the Emacs development community that is blocking its wider distribution.

Full Story (comments: 37)

Security updates for Thursday
[Security] Posted Jul 13, 2017 15:23 UTC (Thu) by jake

Security updates have been issued by Arch Linux (irssi), CentOS (httpd and kernel), Debian (nginx), Fedora (perl-DBD-MySQL and qt5-qtwebengine), Mageia (apache-mod_fcgid, cairo, jbig2dec, nodejs, and sudo), openSUSE (libreoffice, spice, and systemd), Red Hat (python-django-horizon), and SUSE (kernel and xorg-x11-server).

Full Story (comments: none)

[$] 4.13 Merge window, part 1
[Kernel] Posted Jul 10, 2017 23:35 UTC (Mon) by corbet

The 4.13 merge window is in progress, and, as usual, LWN is watching the commit stream. Click below (subscribers only) for the first report on what has been merged for the 4.13 release. It appears that this will be another busy development cycle.

Full Story (comments: 8)

Three new stable kernels
[Kernel] Posted Jul 12, 2017 15:49 UTC (Wed) by ris

Stable kernels 4.12.1, 4.11.10, and 4.9.37 have been released. They all contain important fixes and users should upgrade.

Comments (none posted)

[$] Hardened usercopy whitelisting
[Kernel] Posted Jul 7, 2017 14:54 UTC (Fri) by corbet

There are many ways to attempt to subvert an operating-system kernel. One particularly effective way, if it can be arranged, is to attack the operations that copy data between user-space and kernel-space memory. If the kernel can be fooled into copying too much data back to user space, the result can be an information-disclosure vulnerability. Errors in the other direction can be even worse, overwriting kernel memory with attacker-controlled data. The kernel has gained some defenses against this sort of attack in recent development cycles, but there is more work yet to be merged.

Full Story (comments: none)

Security updates for Wednesday
[Security] Posted Jul 12, 2017 15:43 UTC (Wed) by ris

Security updates have been issued by Arch Linux (flashplugin, lib32-flashplugin, lib32-gnutls, libdwarf, nginx, nginx-mainline, and tor), Debian (spice and undertow), Fedora (bind, bind-dyndb-ldap, chromium-native_client, dnsperf, expat, flatpak, GraphicsMagick, httpd, jetty, libdb, libsndfile, mingw-LibRaw, mosquitto, php-horde-Horde-Image, qt5-qtwebengine, xen, and yara), Oracle (httpd and kernel), Red Hat (flash-plugin, httpd, and kernel), Scientific Linux (httpd and kernel), and SUSE (spice).

Full Story (comments: none)

LWN.net Weekly Edition for July 6, 2017
Posted Jul 5, 2017 23:59 UTC (Wed)

The LWN.net Weekly Edition for July 6, 2017 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Ubuntu motd; Breaking RSA; 4.12 development statistics; Namespaced file capabilities; Zero-copy networking; DPDK.
  • Briefs: Stack Clash; FreeDOS; Oryx Linux; Kubernetes 1.7; Quotes; ...
  • Announcements: Newsletters, events, security alerts, kernel patches, ...
Read more

Power Management and Energy-awareness Microconference Accepted into LPC
[Announcements] Posted Jul 11, 2017 18:17 UTC (Tue) by ris

The Power Management and Energy-awareness microconference has been accepted for this year's Linux Plumber's Conference, which runs September 13-15 in Los Angeles, CA. "The agenda this year will focus on a range of topics including CPUfreq core improvements and schedutil governor extensions, how to best use scheduler signals to balance energy consumption and performance and user space interfaces to control capacity and utilization estimates. We'll also discuss selective throttling in thermally constrained systems, runtime PM for ACPI, CPU cluster idling and the possibility to implement resume from hibernation in a bootloader."

Full Story (comments: none)

--> More news items


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds