lwn.net

LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
업데이트: 2시간 6분 지남
Security updates for Tuesday
Security updates have been issued by Arch Linux (intel-ucode and libtiff), Debian (exiv2), Oracle (SDL), Red Hat (kernel, patch, and python-jinja2), and Ubuntu (graphicsmagick, linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-xenial, linux-aws, and sqlite3).
Wielaard: A public discussion about GNU
Mark Wielaard has posted a
summary of the discussion thus far on the governance of the GNU
project. "The mentoring and apprenticeship discussion focused on the
GNU maintainers as being the core of the GNU project. But as was pointed
out there are also webmasters, translators, infrastructure maintainers
(partially paid FSF staff and volunteers), education and conference
organizers, etc. All these people are GNU stakeholders. And how we organize
governance of the GNU project should also involve them."
[$] 5.5 Merge window, part 1
The 5.5 merge window got underway immediately after the release of the 5.4 kernel on
November 24. The first week has been quite busy despite the US
Thanksgiving holiday landing in the middle of it. Read on for a summary of
what the first 6,300 changesets brought for the next major kernel release.
Security updates for Monday
Security updates have been issued by Debian (389-ds-base, asterisk, file, nss, proftpd-dfsg, ssvnc, and tnef), Fedora (chromium, djvulibre, freeradius, ImageMagick, jhead, kernel, phpMyAdmin, python-pillow, and rubygem-rmagick), Mageia (bzip2, chromium-browser-stable, curl, dbus, djvulibre, glib2.0, glibc, gnupg2, httpie, libreoffice, libssh2, mosquitto, nginx, python-sqlalchemy, unbound, and zipios++), openSUSE (bluez, clamav, cpio, freerdp, openafs, phpMyAdmin, strongswan, and webkit2gtk3), Red Hat (samba and SDL), Scientific Linux (389-ds-base), and SUSE (haproxy, python-Django, and tightvnc).
PHP 7.4.0 released
Version 7.4.0 of the PHP language has been released. New features include
typed
properties,
arrow
functions,
weak
references, and more; see the release announcement
and migration
guide for more information.
Lots of stable kernel updates
Soller: Real hardware breakthroughs, and focusing on rustc
On the Redox site, creator Jeremy Soller gives an update on the Unix-like operating system written in Rust. It is running on a System76 Galaga Pro laptop: "This particular hardware has full support for the keyboard, touchpad, storage, and ethernet, making it easy to use with Redox." Meanwhile, he and the other Redox developers have been focusing on making it self-hosting: "Building Redox OS on Redox OS has always been one of the highest priorities of the project. Rustc seems to be only a few months of work away, after which I can begin to improve the system while running on it permanently, at least on one machine. With Redox OS being a microkernel, it is possible that even the driver level could be recompiled and respawned without downtime, making it incredibly fast to develop for. With this in place, I would work more efficiently on porting more software and tackling more hardware support issues, such as filling in the USB stack and adding graphics drivers.
But, more importantly than what I will be able to do, is the contributions by others that will be unlocked by having a fully self-hosted, microkernel Operating System written in Rust, Redox OS."
Security updates for Friday
Security updates have been issued by Debian (libvpx and vino), Fedora (grub2 and nss), and SUSE (cloud-init, libarchive, libtomcrypt, ncurses, and ucode-intel).
Security updates for (US) Thanksgiving
Security updates have been issued by Debian (haproxy and libvorbis), Fedora (mod_auth_mellon and xen), Oracle (389-ds-base, kernel, and tcpdump), SUSE (bsdtar, java-11-openjdk, java-1_7_0-openjdk, and libxml2), and Ubuntu (nss and python-psutil).
Security updates for Wednesday
Security updates have been issued by Debian (bsdiff, libvpx, tiff, and xmlrpc-epi), Fedora (freeimage, imapfilter, kernel, mingw-freeimage, and thunderbird), openSUSE (cups and djvulibre), Oracle (SDL), SUSE (ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud, freerdp, mailman, and slurm), and Ubuntu (ruby2.3, ruby2.5).
[$] Fixing SCHED_IDLE
The Linux kernel scheduler is a complicated beast
and a lot of effort goes into improving it during every kernel release
cycle. The 5.4 kernel release includes a few improvements to the existing
SCHED_IDLE scheduling policy that can help users improve the
scheduling latency of their high-priority (interactive) tasks if they use
the SCHED_IDLE policy for the lowest-priority (background)
tasks. Read on for a description of this work contributed by Viresh Kumar.
Security updates for Tuesday
Security updates have been issued by Debian (libxdmcp, nss, php-imagick, and ruby2.1), openSUSE (java-11-openjdk), Red Hat (389-ds-base, kernel, kernel-rt, python-jinja2, qemu-kvm-ma, and tcpdump), SUSE (bluez, clamav, cpio, cups, gcc9, libpng16, libssh2_org, mailman, sqlite3, squid, strongswan, tiff, and webkit2gtk3), and Ubuntu (redmine).
Stable kernel updates
Security updates for Monday
Security updates have been issued by Debian (chromium, enigmail, isc-dhcp, libice, libofx, and pam-python), Fedora (chromium, ghostscript, mingw-cfitsio, mingw-gdal, mingw-libidn2, and rsyslog), Gentoo (adobe-flash, chromium, expat, and firefox), openSUSE (apache2-mod_perl, haproxy, java-11-openjdk, and ncurses), Oracle (ghostscript, kernel, php:7.2, php:7.3, and sudo), Red Hat (chromium-browser, python27-python, and SDL), and Ubuntu (dpdk and libvpx).
The 5.4 kernel has been released
Linus has released the 5.4 kernel.
"Not a lot happened this last week, which is just how I like
it". Significant features in this release include
the haltpoll
CPU governor,
the iocost (formerly io.weight) I/O
controller,
the EROFS filesystem,
an implementation of the exFAT filesystem
that may yet be superseded by a better version,
the fs-verity file integrity mechanism,
support for the BPF
compile once, run everywhere mechanism,
the dm-clone
device mapper target,
the virtiofs
filesystem,
kernel lockdown support (at last),
kernel symbol namespaces, and a new
random-number generator meant to solve the
early-boot entropy problem.
See the KernelNewbies 5.4
page for a lot more details.
[$] Virtio without the "virt"
When virtio
was merged in Linux v2.6.24, its author, Rusty Russell, described
the goal as being for "common drivers to be efficiently used
across most virtual I/O
mechanisms". Today, much progress has been made toward that goal, with virtio
supported by multiple hypervisors and guest drivers shipped by many operating
systems. But these applications of virtio are implemented in software, whereas
Michael Tsirkin's "VirtIO
without the Virt" talk at KVM Forum 2019 laid out how
to implement virtio in hardware.
Security updates for Friday
Security updates have been issued by Fedora (dpdk, mingw-djvulibre, mingw-hunspell, mingw-ilmbase, mingw-OpenEXR, php-symfony, php-symfony3, and rsyslog), openSUSE (chromium and squid), SUSE (aspell, cups, djvulibre, and dpdk), and Ubuntu (djvulibre).
Bad Binder: Android In-The-Wild Exploit (Project Zero)
Over on the Project Zero blog, Maddie Stone has a lengthy post about a zero-day exploit that was found and fixed in the Android Binder interprocess communication mechanism. The post details the search for the problem, which was apparently being used in the wild, its fix, and how it can be exploited. This is all part of an effort to "make zero-day hard"; one of the steps the project is taking is to disseminate more information on these bugs. "Complete detailed analysis of the 0-days from the point of view of bug hunters and exploit developers and share it back with the community. Transparency and collaboration are key. We want to share detailed root cause analysis to inform developers and defenders on how to prevent these types of bugs in the future and improve detection. We hope that by publishing details about the exploit and its methodology, this can inform threat intelligence and incident responders. Overall, we want to make information that’s often kept in silos accessible to all."
[$] Fedora's modularity mess
Fedora's Modularity
initiative has been no stranger to controversy since its inception in 2016. Among other things, there
were enough problems with the original design that Modularity went back to the drawing board in early 2018.
Modularity has since been integrated with both the Fedora and Red Hat
Enterprise Linux (RHEL) distributions, but the controversy continues, with
some developers asking whether it's time for yet another redesign — or to
abandon the idea altogether. Over the last month or so, several lengthy,
detailed, and heated threads have explored this issue; read on for your
editor's attempt to integrate what was said.