LWN.net Weekly Edition for April 16, 2020
Bringing Leap and SUSE Linux Enterprise closer together - a proposal
([Distributions] Apr 9, 2020 15:54 UTC (Thu) (corbet))
The [1]openSUSE Leap distribution is a community effort built on top of a set of stable packages from the SUSE Linux Enterprise offering. SUSE is now floating a proposal to unify the work of building those two distributions; click below for the details or see [2]the "closing the Leap gap" FAQ , which summarizes things this way: " Today, SUSE is also offering the pre-built binaries from SLE in addition to the sources, to increase compatibility and to leverage synergies. " The intended advantages (or "leveraged synergies") seem to be reducing the effort required to create Leap and making it easier to migrate a system between the two distributions.
[1] https://en.opensuse.org/Portal:Leap
[2] https://en.opensuse.org/Portal:Leap/FAQ/ClosingTheLeapGap
[1] https://en.opensuse.org/Portal:Leap
[2] https://en.opensuse.org/Portal:Leap/FAQ/ClosingTheLeapGap
The growing disconnect between KDE and the Qt Company
([Development] Apr 9, 2020 14:17 UTC (Thu) (corbet))
Here's [1]a message posted by Olaf Schmidt-Wischhöfer to the kde-community mailing list detailing the current state of discussions between the KDE community, the Qt development project, and the Qt Company. It seems they are not going entirely well. " But last week, the company suddenly informed both the KDE e.V. board and the KDE Free QT Foundation that the economic outlook caused by the Corona virus puts more pressure on them to increase short-term revenue. As a result, they are thinking about restricting ALL Qt releases to paid license holders for the first 12 months. They are aware that this would mean the end of contributions via Open Governance in practice. "
[1] https://mail.kde.org/pipermail/kde-community/2020q2/006098.html There is [1]a response from the Qt Company that doesn't add a whole lot.
[1] https://www.qt.io/blog/qt-and-open-source
[1] https://mail.kde.org/pipermail/kde-community/2020q2/006098.html There is [1]a response from the Qt Company that doesn't add a whole lot.
[1] https://www.qt.io/blog/qt-and-open-source
Security updates for Thursday
([Security] Apr 9, 2020 14:09 UTC (Thu) (jake))
Security updates have been issued by CentOS (firefox, ipmitool, krb5-appl, and telnet), Debian (ceph and firefox-esr), Mageia (firefox), openSUSE (bluez and exiv2), Red Hat (firefox), SUSE (ceph, libssh, mgetty, permissions, python-PyYAML, rubygem-actionview-4_2, and vino), and Ubuntu (libiberty and libssh).
Stable kernel updates
([Kernel] Apr 8, 2020 15:22 UTC (Wed) (ris))
Stable kernels [1]5.6.3 , [2]5.5.16 , and [3]5.4.31 have been released. As usual, they all contain important fixes and users should upgrade.
[1] https://lwn.net/Articles/817063/
[2] https://lwn.net/Articles/817064/
[3] https://lwn.net/Articles/817066/
[1] https://lwn.net/Articles/817063/
[2] https://lwn.net/Articles/817064/
[3] https://lwn.net/Articles/817066/
Security updates for Wednesday
([Security] Apr 8, 2020 14:58 UTC (Wed) (ris))
Security updates have been issued by Arch Linux (firefox), Debian (chromium and firefox-esr), Oracle (ipmitool and telnet), Red Hat (firefox and qemu-kvm), Scientific Linux (firefox, krb5-appl, and qemu-kvm), Slackware (firefox), SUSE (gmp, gnutls, libnettle and runc), and Ubuntu (firefox, gnutls28, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0).
Firefox 75.0
([Development] Apr 7, 2020 15:43 UTC (Tue) (ris))
Firefox 75.0 has been released. New features include [1]improvements to the address bar, making search easier, all trusted Web PKI Certificate Authority certificates known to Mozilla will be cached locally, and Firefox is available as a Flatpak. See the [2]release notes for more details.
[1] https://blog.mozilla.org/blog/2020/04/07/latest-firefox-updates-address-bar-making-search-easier-than-ever/
[2] https://www.mozilla.org/firefox/75.0/releasenotes/
[1] https://blog.mozilla.org/blog/2020/04/07/latest-firefox-updates-address-bar-making-search-easier-than-ever/
[2] https://www.mozilla.org/firefox/75.0/releasenotes/
Security updates for Tuesday
([Security] Apr 7, 2020 14:40 UTC (Tue) (ris))
Security updates have been issued by Fedora (kernel, kernel-headers, and kernel-tools), openSUSE (glibc and qemu), Red Hat (chromium-browser, container-tools:1.0, container-tools:rhel8, firefox, ipmitool, kernel, kernel-rt, krb5-appl, ksh, nodejs:10, nss-softokn, python, qemu-kvm, qemu-kvm-ma, telnet, and virt:rhel), Scientific Linux (ipmitool and telnet), SUSE (ceph and firefox), and Ubuntu (haproxy, linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, and linux, linux-hwe).
5.7 Merge window part 2
([Kernel] Apr 13, 2020 15:56 UTC (Mon) (corbet))
By the end of the 5.7 merge window, 11,998 non-merge changesets had been pulled into the mainline repository for this development cycle. That is 1,218 more than were seen during the 5.6 merge window; it would appear that current world events have not succeeded in slowing down the kernel community — at least, not yet. The latter half of the merge window tends to see more fixes and fewer new features, but there are still a number of interesting things that showed up after [1]the first-half summary was written.
[1] https://lwn.net/Articles/816313/
[1] https://lwn.net/Articles/816313/
[$] A new parser for CPython
([Development] Apr 9, 2020 19:24 UTC (Thu) (jake))
A new parser for the CPython implementation of the Python language has been in the works for a while, but the announcement of a Python Enhancement Proposal (PEP) for it indicates that we may see it fairly soon. The intent is to add the parser, and make it the default for Python 3.9, which is [1]due in October . If that plan holds, the current parser will not be going away for another year or so after that. The change should go completely unnoticed within the community; the benefits are mainly for the CPython core developers in the form of easier maintenance.
[1] https://www.python.org/dev/peps/pep-0596/
[1] https://www.python.org/dev/peps/pep-0596/
VMX virtualization runs afoul of split-lock detection
([Kernel] Apr 7, 2020 19:53 UTC (Tue) (corbet))
One of the many features merged for the 5.7 kernel is [1]split-lock detection for the x86 architecture. This feature has encountered [2]a fair amount of controversy over the course of its development, with the result that the time between its initial posting and appearance in a released kernel will end up being over two years. As it happens, there is another hurdle for split-lock detection even after its merging into the mainline; this feature threatens to create problems for a number of virtualization solutions, and it's not clear what the solution would be.
[1] https://lwn.net/Articles/790464/
[2] https://lwn.net/Articles/806466/
[1] https://lwn.net/Articles/790464/
[2] https://lwn.net/Articles/806466/
Security updates for Monday
([Security] Apr 6, 2020 14:44 UTC (Mon) (ris))
Security updates have been issued by Debian (firefox-esr, gnutls28, and libmtp), Fedora (cyrus-sasl, firefox, glibc, squid, and telnet), Gentoo (firefox), Mageia (dcraw, firefox, kernel, kernel-linus, librsvg, and python-nltk), openSUSE (firefox, haproxy, icu, and spamassassin), Red Hat (nodejs:10, openstack-manila, python-django, python-XStatic-jQuery, and telnet), Slackware (firefox), SUSE (bluez, exiv2, and libxslt), and Ubuntu (firefox).
Concurrency bugs should fear the big bad data-race detector (part 2)
([Kernel] Apr 14, 2020 20:22 UTC (Tue) (melver))
In [1]part 1 of this article, we gave an overview of the [2]Kernel Concurrency Sanitizer (KCSAN) and looked how it can detect data races in the kernel. KCSAN uses the [3]definition of "data race" that is part of the [4]Linux-Kernel Memory Consistency Model (LKMM), but there is more that KCSAN can do. This concluding part of the article describes other ways that the tool can be used to find data races and other kinds of problems in concurrent code. It provides some ideas on strategies and best practices, briefly considers some alternative approaches, and concludes with some known limitations.
[1] https://lwn.net/Articles/816850/
[2] https://github.com/google/ktsan/wiki/KCSAN
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/memory-model/Documentation/explanation.txt#n1922
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/memory-model/Documentation/explanation.txt
[1] https://lwn.net/Articles/816850/
[2] https://github.com/google/ktsan/wiki/KCSAN
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/memory-model/Documentation/explanation.txt#n1922
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/memory-model/Documentation/explanation.txt
Concurrency bugs should fear the big bad data-race detector (part 1)
([Kernel] Apr 8, 2020 14:06 UTC (Wed) (melver))
The [1]first installment of the "big bad" series described how a compiler can optimize your concurrent program into oblivion, while the [2]second installment introduced a tool to analyze small litmus tests for such problems. Those two articles can be especially helpful for training, design discussions, and checking small samples of code. Although such automated training and design tools are welcome, automated code inspection that could locate even one class of concurrency bugs would be even better. In this two-part article, we look at a tool to do that kind of analysis.
[1] https://lwn.net/Articles/793253/
[2] https://lwn.net/Articles/799218/
[1] https://lwn.net/Articles/793253/
[2] https://lwn.net/Articles/799218/
Firefox 74.0.1
([Development] Apr 3, 2020 21:23 UTC (Fri) (ris))
Firefox 74.0.1 has been [1]released with [2]two security fixes . CVE-2020-6819 is a use-after-free when running the nsDocShell destructor and CVE-2020-6820 is a use-after-free when handling a ReadableStream. In both cases there have been targeted attacks in the wild abusing these flaws. These issues have also been fixed in Firefox ESR 68.6.1.
[1] https://www.mozilla.org/en-US/firefox/74.0.1/releasenotes/
[2] https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
[1] https://www.mozilla.org/en-US/firefox/74.0.1/releasenotes/
[2] https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
Security updates for Friday
([Security] Apr 3, 2020 14:35 UTC (Fri) (ris))
Security updates have been issued by Debian (mediawiki and qbittorrent), Gentoo (gnutls), Mageia (bluez, kernel, python-yaml, varnish, and weechat), Oracle (haproxy and nodejs:12), SUSE (exiv2, haproxy, libpng12, mgetty, and python3), and Ubuntu (libgd2).
Six more stable kernels
([Kernel] Apr 2, 2020 20:38 UTC (Thu) (ris))
Stable kernels [1]5.5.15 , [2]5.4.30 , [3]4.19.114 , [4]4.14.175 , [5]4.9.218 , and [6]4.4.218 have been released. They all contain important fixes and users should upgrade.
[1] https://lwn.net/Articles/816685/
[2] https://lwn.net/Articles/816686/
[3] https://lwn.net/Articles/816687/
[4] https://lwn.net/Articles/816688/
[5] https://lwn.net/Articles/816689/
[6] https://lwn.net/Articles/816690/
[1] https://lwn.net/Articles/816685/
[2] https://lwn.net/Articles/816686/
[3] https://lwn.net/Articles/816687/
[4] https://lwn.net/Articles/816688/
[5] https://lwn.net/Articles/816689/
[6] https://lwn.net/Articles/816690/
LWN.net Weekly Edition for April 9, 2020
Stable kernel 5.6.2
([Kernel] Apr 2, 2020 15:23 UTC (Thu) (ris))
The [1]5.6.2 stable kernel has been released with some important fixes, including one for the 5.6 wireless regression. Users should upgrade.
[1] https://lwn.net/Articles/816638/
[1] https://lwn.net/Articles/816638/
Security updates for Thursday
([Security] Apr 2, 2020 14:55 UTC (Thu) (ris))
Security updates have been issued by Arch Linux (chromium, kernel, linux-hardened, linux-lts, and pam-krb5), Debian (haproxy, libplist, and python-bleach), Fedora (tomcat), Gentoo (ghostscript-gpl, haproxy, ledger, qtwebengine, and virtualbox), Red Hat (haproxy, nodejs:12, qemu-kvm-rhev, and rh-haproxy18-haproxy), SUSE (memcached and qemu), and Ubuntu (apport).
LILO, you've got me on my knees!
-- David Black, dblack@pilot.njin.net, with apologies to Derek and the
Dominos, and Werner Almsberger