LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
There are a few reasons for wanting the ability to get proper stack traces out of the kernel, including profiling, tracing, and debugging kernel crashes. Historically, the kernel's tracebacks have been unreliable for a number of reasons, most of which have been fixed in recent years. Now it seems likely that the 4.14 kernel will include a new mechanism that should put our traceback problems behind us — for now.
The LWN.net Weekly Edition for July 20, 2017 is available.
Inside this week's LWN.net Weekly Edition
Five new stable kernels were announced by Greg Kroah-Hartman on July 21: 4.12.3, 4.11.12, 4.9.39, 4.4.78, and 3.18.62. As usual, they contain important fixes throughout the tree and users should upgrade. Note that this is the last release in the 4.11 series, users should move to 4.12.x.
A short sub-thread on the python-ideas mailing list provides some "food for thought" about the purpose and scope of that list, but also some things to perhaps be considered more widely. When discussing new features and ideas, it is common for the conversation to be somewhat hypothetical, but honing in on something that could be implemented takes a fair amount of work for those participating. If the feature is proposed and championed by someone who has no intention of actually implementing it, should the thread come with some kind of warning?
Security updates have been issued by Debian (php5 and ruby-mixlib-archive), Fedora (knot, knot-resolver, and spice), Oracle (graphite2 and java-1.8.0-openjdk), Red Hat (graphite2, java-1.6.0-sun, java-1.7.0-oracle, java-1.8.0-openjdk, and java-1.8.0-oracle), Scientific Linux (java-1.8.0-openjdk), and Ubuntu (kernel, linux, linux-raspi2, linux-hwe, and mysql-5.5, mysql-5.7).
An under-the-radar proposal to stop building i686 kernels for Fedora led to a discussion about dropping support for 32-bit x86 hardware. Any of the hardware that needs these kernels is quite old, but participants in a thread on the Fedora devel mailing list noted that those systems still exist—some run Fedora. As the discussion progressed, though, it became clear that the Fedora i686 kernel has been in rough shape for some time now.
CPython is the reference implementation of Python, so it is, unsurprisingly, the target for various language-extension modules. But the API and ABI it provides to those extensions ends up limiting what alternative Python implementations—and even CPython itself—can do, since those interfaces must continue to be supported. Beyond that, though, the interfaces are not clearly delineated, so changes can unexpectedly affect extensions that have come to depend on them. A recent thread on the python-ideas mailing list looks at how to clean that situation up.
The GnuPG Project has announced the availability of Libgcrypt 1.8.0. "This is a new stable version of Libgcrypt with full API and ABI compatibility to the 1.7 series. Its main features are support Blake-2, XTS mode, an improved RNG, and performance improvements for the ARM architecture."
Software patents may not have brought about the free-software apocalypse that some have feared over the years, but they remain a minefield for the software industry as a whole. A small-scale example of this can be seen in the recent decision by the Apache Software Foundation (ASF) to move a license with patent-related terms to its "Category-X" list of licenses that cannot be used by ASF projects. A number of projects will be scrambling to replace software dependencies on a short timeline, all because Facebook wanted to clarify its patent-licensing terms.
Security updates have been issued by Arch Linux (c-ares, freeradius, gvim, lib32-libtiff, libtiff, pcre, rkhunter, and vim), Debian (apache2, evince, imagemagick, unattended-upgrades, and vim), Fedora (openldap, php, and poppler), Oracle (freeradius), SUSE (evince and systemd, dracut), and Ubuntu (apport, icu, and libtasn1-3).
By the end of the 4.13 merge window, 11,258 non-merge changesets had been pulled into the mainline repository — about 3,600 since the first half of this series was written. That is nowhere near the 12,920 changesets that landed during the 4.12 merge window, but it still makes for a typically busy development cycle. What follows is a summary of the more interesting changes found in those last 3,600+ changesets.
Linux.com takes a look at Google's OSS-Fuzz threat detection tool. "Google also announced that it is expanding its existing Patch Rewards program to include rewards for the integration of fuzz targets into OSS-Fuzz. To qualify for these rewards, a project needs to have a large user base and/or be critical to global IT infrastructure. Eligible projects will receive $1,000 for initial integration, and up to $20,000 for ideal integration (the final amount is at Google’s discretion). Project leaders have the option of donating these rewards to charity instead, and Google will double the amount." LWN covered OSS-Fuzz last January.
It has been nearly one month since the Stack Clash vulnerability was disclosed and some hardening measures were rushed into the 4.12 kernel release. Since then, a fair amount of work has gone into fixing problems caused by those measures and porting the result back to stable kernel releases. Now, it seems, the kernel developers are considering taking a different approach entirely.
Remix OS was an effort to bring Android to the PC, which included a kickstarter campaign to build products using Remix OS. Now Jide Technology, makers of Remix OS, has announced a change in focus that leaves Remix OS out of the picture. "We’ll be restructuring our approach to Remix OS and transitioning away from the consumer space. As a result, development on all existing products such as Remix OS for PC as well as products in our pipeline such as Remix IO and IO+ will be discontinued. Full refunds will be issued to ALL BACKERS via Kickstarter for both Remix IO and Remix IO+. In addition any purchases made via our online store that has remained unfulfilled will also be fully refunded. This requires no action from you as we will begin issuing refunds starting August 15th."
The LWN.net Weekly Edition for July 13, 2017 is available.
Inside this week's LWN.net Weekly Edition
A less than two-month-old project for OpenBSD, kernel address space randomized link (KARL), has turned the kernel into an object that is randomized on every boot. Instead of the code being stored in the same location for every boot of a given kernel, each boot will be unique. Unlike Linux's kernel address space layout randomization (KASLR), which randomizes the base address for all of the kernel code on each boot, KARL individually randomizes the object files that get linked into the binary. That means that a single information leak of a function address from the kernel does not leak information about the location of all other functions.
Security updates have been issued by Arch Linux (apache, evince, and mosquitto), Debian (apache2, evince, heimdal, and knot), Fedora (c-ares, cacti, evince, GraphicsMagick, httpd, jabberd, libgcrypt, openvas-cli, openvas-gsa, openvas-libraries, openvas-manager, openvas-scanner, poppler, qt5-qtwebengine, qt5-qtwebkit, spatialite-tools, and sqlite), openSUSE (gnutls, ncurses, qemu, and xorg-x11-server), Slackware (mariadb and samba), SUSE (cryptctl), and Ubuntu (heimdal and samba).
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds