lwn.net

Security updates have been issued by Debian (cpio, openafs, proftpd-dfsg, simplesamlphp, and wordpress), Fedora (thunderbird), openSUSE (binutils, docker-runc, kernel, nfs-utils, php7, python3, and samba), Red Hat (389-ds:1.4, ansible, bind, container-tools:1.0, container-tools:rhel8, curl, dbus, dhcp, dovecot, edk2, elfutils, evolution, freeradius:3.0, gdb, gettext, glib2, glibc, GNOME, gnutls, go-toolset:rhel8, http-parser, httpd:2.4, kernel, kernel-rt, libarchive, libjpeg-turbo, libqb, libreswan, libseccomp, libtiff, libvorbis, lldpad, lua, mariadb:10.3, mod_auth_mellon, numpy, openssh, openssl, openstack-octavia, osinfo-db and libosinfo, php:7.2, php:7.3, python-urllib3, python27:2.7, python3, qemu-kvm-rhev, qt5-qtbase, rh-php70-php, rh-python36-python, samba, squid:4, sssd, sudo, systemd, virt-manager, virt:rhel, and yum), SUSE (ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging, gdb, and libssh2_org), and Ubuntu (firefox).

Linux systems have traditionally run with a single address space that is shared by user and kernel space. That changed with the advent of the Meltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of 2017. But, Mike Rapoport said during his 2019 Open Source Summit Europe talk, that may not be the end of the story for address-space isolation. There is a good case to be made for increasing the separation of address spaces, but implementing that may require some fundamental changes in how kernel memory management works.

Red Hat has announced the release of Red Hat Enterprise Linux 8.1. This is the first update in what is planned to be a 6 month cadence for minor releases. The release notes contain more information.

Git 2.24 has been released. This blog post covers the highlights of this release, beginning with feature macros. "Usually, configuring some behavior requires only a single configuration change, like enabling or disabling any of the aforementioned values. But what about when it doesn’t? What do you do when you don’t know which configuration values to change? For example, let’s say you want to live on the bleeding-edge of the latest from upstream Git, but don’t have a chance to discover all the new configurable options. In Git 2.24, you can now opt into feature macros—one Git configuration that implies many others. These are hand-selected by the developers of Git, and they let you opt into a certain feature or adopt a handful of settings based on the characteristics of your repository."

Security updates have been issued by Arch Linux (electron, ghostscript, glibc, python2, and samba), Debian (webkit2gtk), Slackware (libtiff), SUSE (ImageMagick, python-ecdsa, and samba), and Ubuntu (apport, haproxy, ruby-nokogiri, and whoopsie).

The stable kernel releases are meant to contain as many important fixes as possible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for a stable update. This exercise has had some success but, at the 2019 Open Source Summit Europe, Sasha Levin asked whether this process could be improved further. Might it be possible for a machine-learning system to identify patches that create bugs and intercept them, so that the fixes never become necessary?

Security updates have been issued by Arch Linux (chromium and qt5-webengine), CentOS (firefox and php), Fedora (file, java-latest-openjdk, nspr, nss, php, t1utils, and webkit2gtk3), Mageia (ansible, aspell, golang, libsoup, and libxslt), openSUSE (chromium and chromium, re2), Oracle (php), and Ubuntu (apport and file).

The 5.4-rc6 kernel prepatch is out for testing. "There's no particular area or outstanding issue that is worrisome, but if things don't calm down this week, I suspect we'll be looking at one of those releases when we have an rc8. We'll see how things evolve here over the next couple of weeks."

The kernel project's email-based development process is well established and has some strong defenders, but it is also showing its age. At the 2019 Kernel Maintainers Summit, it became clear that the kernel's processes are much in need of updating, and that the maintainers are beginning to understand that. It is one thing, though, to establish goals for an improved process; it is another to actually implement that process and convince developers to use it. At the 2019 Open Source Summit Europe, a group of 20 or so maintainers and developers met in the corner of a a noisy exhibition hall to try to work out what some of the first steps in that direction might be.

The long discussion on changing the Python project's release cadence has come to a conclusion: the project will now be releasing new versions on an annual basis. See PEP 602 for the details on how it is expected to work.

Security updates have been issued by CentOS (firefox, sudo, and thunderbird), Debian (libarchive and qtbase-opensource-src), Oracle (php), Red Hat (php, rh-php71-php, and rh-php72-php), Scientific Linux (firefox and php), and SUSE (kernel and samba).

Security updates have been issued by Debian (italc and python-ecdsa), Fedora (php and sudo), openSUSE (binutils and docker-runc), Oracle (thunderbird), Red Hat (firefox and sudo), SUSE (ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone, dbus-1, firefox, php7, and samba), and Ubuntu (file, freetds, and whoopsie).

The LWN.net Weekly Edition for October 31, 2019 is available.

Steven Rostedt has been a part of the Linux kernel tracing community for most of its existence, it seems. He was the developer of ftrace, which was one of the early mainline additions for tracing. There are now many tracing facilities in the kernel. At the 2019 Open Source Summit Europe in Lyon, France, Rostedt wanted to present an idea that he has been thinking about for a long time: a unified tracing platform to provide access to all of the kernel tracing facilities from user-space applications.

Security updates have been issued by Debian (imapfilter, libvncserver, and pam-python), Fedora (tcpdump), Mageia (file, graphviz, kernel, and php, pcre2), openSUSE (nfs-utils), Red Hat (heketi and samba), Scientific Linux (thunderbird), SUSE (libtomcrypt, php7, and runc), and Ubuntu (apport, libarchive, libidn2, samba, and whoopsie).

Fedora Magazine announces the release of Fedora 31. This release includes the Fedora Toolbox for launching and managing personal workspace containers. The Fedora Editions include Workstation, Server, with CoreOS and IoT in a preview state. Alternate architectures include ARM AArch64, Power, and S390x. However the 32-bit only i686 system has been dropped. The release notes contain additional information.

Back in March, we looked at a discussion and Python Enhancement Proposal (PEP) for a new dictionary "addition" operator for Python. The discussion back then was lively and voluminous, but the PEP needed some updates and enhancements in order to proceed. That work has now been done and a post about the revised PEP to the python-ideas mailing list has set off another mega-thread.

Stable kernels 5.3.8, 4.19.81, 4.14.151, 4.9.198, and 4.4.198 have been released. They all contain important fixes throughout the tree and users should upgrade.

Security updates have been issued by Debian (php7.0, php7.3, ruby-loofah, and spip), Fedora (proftpd), openSUSE (lz4 and sysstat), Red Hat (chromium-browser, jss, kernel, kernel-alt, kpatch-patch, pango, polkit, sudo, systemd, and thunderbird), SUSE (graphite-web, python3, and samba), and Ubuntu (php5, php7.0, php7.2, php7.3, and samba).

The BPF in-kernel virtual machine has brought a new set of capabilities to a number of functional areas in the kernel, including, significantly, tracing. Since BPF programs run in the kernel, much effort goes into ensuring that they will not cause problems for the running system; to that end, the BPF verifier checks every possible aspect of each BPF program's behavior to ensure that it is safe to run in the kernel — with one notable exception. With a patch set titled "revolutionize bpf tracing", Alexei Starovoitov aims to close that loophole and eliminate a set of potential problems in a widely used class of BPF programs.