LWN

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

LWN: Linux Weekly Newsletter



Security updates for Monday

([Security] Jul 22, 2019 14:40 UTC (Mon) (ris))

Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red Hat (java-1.8.0-openjdk, java-11-openjdk, rh-maven35-jackson-databind, rh-nodejs8-nodejs, and rh-redis5-redis), Slackware (kernel), and SUSE (ucode-intel).

Kernel prepatch 5.3-rc1

([Kernel] Jul 21, 2019 21:40 UTC (Sun) (corbet))

Linus has [1]released 5.3-rc1 and closed the merge window for this development cycle. " Anyway, despite the rocky start, and the big size, things mostly smoothed out towards the end of the merge window. And there's a lot to like in 5.3 ".



[1] https://lwn.net/Articles/794272/

A crop of weekend stable kernel updates

([Kernel] Jul 21, 2019 16:01 UTC (Sun) (jake))

Greg Kroah-Hartman has announced the release of the [1]5.2.2 , [2]5.1.19 , [3]4.19.60 , [4]4.14.134 , [5]4.9.186 , and [6]4.4.186 stable kernels. As usual, they contain fixes throughout the kernel tree; users should upgrade.



[1] https://lwn.net/Articles/794258/

[2] https://lwn.net/Articles/794259/

[3] https://lwn.net/Articles/794260/

[4] https://lwn.net/Articles/794261/

[5] https://lwn.net/Articles/794262/

[6] https://lwn.net/Articles/794263/

Security updates for Friday

([Security] Jul 19, 2019 13:43 UTC (Fri) (jake))

Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3).

Cook: security things in Linux v5.2

([Security] Jul 18, 2019 20:30 UTC (Thu) (jake))

Over on his blog, Kees Cook [1]runs through the security changes that came in Linux 5.2. " While the SLUB and SLAB allocator [2]freelists have been randomized for a while now , the overarching page allocator itself wasn’t. This meant that anything doing allocation outside of the kmem_cache/kmalloc() would have deterministic placement in memory. This is bad both for security and for some cache management cases. Dan Williams [3]implemented this randomization under CONFIG_SHUFFLE_PAGE_ALLOCATOR now, which provides additional uncertainty to memory layouts, though at a rather low granularity of 4MB (see SHUFFLE_ORDER ). Also note that this feature needs to be enabled at boot time with page_alloc.shuffle=1 unless you have direct-mapped memory-side-cache (you can check the state at /sys/module/page_alloc/parameters/shuffle ). "



[1] https://outflux.net/blog/archives/2019/07/17/security-things-in-linux-v5-2/

[2] https://outflux.net/blog/archives/2016/10/03/security-things-in-linux-v4-7/

[3] https://git.kernel.org/linus/e900a918b0984ec8f2eb150b8477a47b75d17692

Security updates for Thursday

([Security] Jul 18, 2019 13:45 UTC (Thu) (jake))

Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird).

Security updates for Wednesday

([Security] Jul 17, 2019 14:45 UTC (Wed) (ris))

Security updates have been issued by Debian (libreoffice), Red Hat (thunderbird), SUSE (ardana and crowbar, firefox, libgcrypt, and xrdp), and Ubuntu (nss, squid3, and wavpack).

[$] Improving communities through documentation

([Development] Jul 19, 2019 17:10 UTC (Fri) (corbet))

Documentation, said Riona MacNamara at the beginning of her [1]Open Source Summit Japan 2019 talk, is the superpower that we can use to energize users and developers; it is an important part of the creation of a vibrant and inclusive community. While there are a number of roadblocks that can impede participation in a development community, many of those can be addressed with better documentation. The talk was a call for all projects to think about what they are trying to accomplish and to ensure that their documentation is helping to get there.



[1] https://events.linuxfoundation.org/events/open-source-summit-japan-2019/

[$] Fedora, GNOME Software, and snap

([Distributions] Jul 17, 2019 15:10 UTC (Wed) (jake))

A question about the future of package distribution is at the heart of a disagreement about the snap plugin for the [1]GNOME Software application in Fedora. In a Fedora devel mailing list [2]thread , Richard Hughes raised multiple issues about the plugin and the direction that he sees Canonical taking with snaps for Ubuntu. He plans to remove support for the plugin for GNOME Software in Fedora 31.



[1] https://wiki.gnome.org/Apps/Software

[2] https://lwn.net/ml/fedora-devel/CAD2FfiEE6c2CUhgoDctJg_wHr_p2KbO2JtYiXUdxvBbyvGnikA@mail.gmail.com/

Security updates for Tuesday

([Security] Jul 16, 2019 14:54 UTC (Tue) (ris))

Security updates have been issued by Fedora (expat and radare2), Oracle (thunderbird), Red Hat (389-ds-base, keepalived, libssh2, perl, and vim), Scientific Linux (thunderbird), SUSE (bzip2, kernel, podofo, systemd, webkit2gtk3, and xrdp), and Ubuntu (bash, nss, redis, squid, squid3, and Zipios).

[$] What's coming in Python 3.8

([Development] Jul 17, 2019 17:44 UTC (Wed) (jake))

The Python 3.8 beta cycle is already underway, with [1]Python 3.8.0b1 released on June 4 , followed by the [2]second beta on July 4 . That means that Python 3.8 is feature complete at this point, which makes it a good time to see what will be part of it when the final release is made. That is [3]currently scheduled for October, so users don't have that long to wait to start using those new features.



[1] https://www.python.org/downloads/release/python-380b1/

[2] https://www.python.org/downloads/release/python-380b2/

[3] https://www.python.org/dev/peps/pep-0569/

[$] Kernel analysis with bpftrace

([Kernel] Jul 18, 2019 18:35 UTC (Thu) (jake))

At the [1]2019 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM) Brendan Gregg gave a keynote on [2]BPF observability that included a kernel issue he had debugged on Netflix production servers using [3]bpftrace . In this article, he provides a crash course on bpftrace for kernel developers—to help them more easily analyze their code.



[1] https://lwn.net/Articles/lsfmm2019/

[2] https://lwn.net/Articles/787131/

[3] https://github.com/iovisor/bpftrace Subscribers can read on for a look at kernel analysis using bpftrace from the upcoming weekly edition.

LXD 3.15 released

([Development] Jul 15, 2019 15:22 UTC (Mon) (ris))

The LXD team has [1]announced the release of LXD 3.15. " One big highlight is the transition to the dqlite 1.0 branch which will bring us more performance and reliability, both for our cluster users and for standalone installations. This rework moves a lot of the low-level database/replication logic to dedicated C libraries and significantly reduces the amount of back and forth going on between C and Go. "



[1] https://discuss.linuxcontainers.org/t/lxd-3-15-has-been-released/5218

Security updates for Monday

([Security] Jul 15, 2019 14:57 UTC (Mon) (ris))

Security updates have been issued by CentOS (firefox), Debian (libspring-java, ruby-mini-magick, and thunderbird), Fedora (fossil, python-django, snapd-glib, and thunderbird), openSUSE (helm and monitoring-plugins), Red Hat (cyrus-imapd, thunderbird, and vim), Scientific Linux (vim), Slackware (bzip2), SUSE (bubblewrap, bzip2, expat, glib2, kernel, php7, python3, and tomcat), and Ubuntu (exiv2, firefox, and flightcrew).

Three new stable kernels

([Kernel] Jul 14, 2019 21:54 UTC (Sun) (jake))

Greg Kroah-Hartman has announced the release of the [1]5.2.1 , [2]5.1.18 , and [3]4.19.59 stable kernels. As is usual, they contain important fixes throughout the tree; users of those series should upgrade.



[1] https://lwn.net/Articles/793683/

[2] https://lwn.net/Articles/793684/

[3] https://lwn.net/Articles/793685/

[$] 5.3 Merge window, part 2

([Kernel] Jul 22, 2019 16:06 UTC (Mon) (corbet))

At the end of the 5.3 merge window, 12,608 non-merge changesets had been pulled into the mainline repository. Nearly 6,000 of those were pulled after [1]the first-half summary was written. As expected, there was still a lot of material yet to be merged for this development cycle.



[1] https://lwn.net/Articles/793246/

What is Silverblue? (Fedora Magazine)

([Distributions] Jul 12, 2019 17:45 UTC (Fri) (corbet))

Fedora Magazine has posted [1]an introduction to the Silverblue distribution . " One of the main benefits is security. The base operating system is mounted as read-only, and thus cannot be modified by malicious software. The only way to alter the system is through the rpm-ostree utility. Another benefit is robustness. It’s nearly impossible for a regular user to get the OS to the state when it doesn’t boot or doesn’t work properly after accidentally or unintentionally removing some system library. "



[1] https://fedoramagazine.org/what-is-silverblue/

Security updates for Friday

([Security] Jul 12, 2019 13:17 UTC (Fri) (jake))

Security updates have been issued by CentOS (dbus), Debian (firefox-esr, python3.4, and redis), Mageia (ffmpeg), Oracle (firefox, libvirt, and qemu), Red Hat (firefox and virt:8.0.0), Scientific Linux (firefox), and SUSE (kernel).

[$] LWN.net Weekly Edition for July 18, 2019



Security updates for Thursday

([Security] Jul 11, 2019 13:52 UTC (Thu) (jake))

Security updates have been issued by Debian (dosbox and openjpeg2), Oracle (dbus and kernel), Scientific Linux (dbus), Slackware (mozilla), and SUSE (fence-agents, libqb, postgresql10, and sqlite3).

Conway: Infinite work is less work

([Development] Jul 11, 2019 13:54 UTC (Thu) (corbet))

Damian Conway [1]writes about the power of infinite sequences in Perl 6.



[1] http://blogs.perl.org/users/damian_conway/2019/07/infinite-work-is-less-work.html The sequence of primes is just the sequence of positive integers, filtered (with a .grep) to keep only the ones that are prime. And, of course, Perl 6 already has a prime number tester: the built-in &is-prime function. The sequence of primes never changes, so we can declare it as a constant: constant p = [ (1..∞).grep( &is-prime ) ]; Now we need to extract just the strong and weak primes.

More

Hacker's Law:
The belief that enhanced understanding will necessarily stir
a nation to action is one of mankind's oldest illusions.