Stable kernel 4.19.110

([Kernel] Mar 16, 2020 15:26 UTC (Mon) (ris))

Stable kernel [1]4.19.110 has been released. " This fixes a problem in 4.19.109 in the KVM subsystem. If you use KVM, you are strongly encouraged to upgrade. If not, no big deal, you can ignore this release. "

[1] https://lwn.net/Articles/815110/

Security updates for Monday

([Security] Mar 16, 2020 14:45 UTC (Mon) (ris))

Security updates have been issued by Debian (graphicsmagick, qemu, and slurm-llnl), Fedora (ansible, couchdb, mediawiki, and python3-typed_ast), Gentoo (atftp, curl, file, gdb, git, gst-plugins-base, icu, libarchive, libgcrypt, libjpeg-turbo, libssh, libvirt, musl, nfdump, ppp, python, ruby-openid, runc, sqlite, squid, sudo, SVG Salamander, systemd, thunderbird, tiff, and webkit-gtk), Mageia (firefox, kernel, and thunderbird), openSUSE (firefox, librsvg, php7, and tomcat), Red Hat (firefox), Slackware (thunderbird), and SUSE (firefox, kernel, salt, and wireshark).

Tails 4.4 released

([Distributions] Mar 16, 2020 14:00 UTC (Mon) (jake))

Version 4.4 of [1]The Amnesic Incognito Live System (or Tails) has been [2]released . It has fixed a bunch of [3]security vulnerabilities in Tails 4.3 ; users are advised to " upgrade as soon as possible ". Tails 4.4 brings new versions of the Tor Browser (9.0.6), Thunderbird (68.5.0), and the Linux kernel (5.4.19). It also fixes some problems with WiFi. Tails is a Linux distribution that runs from removable media; it is focused on privacy, security, and anonymity.

[1] https://tails.boum.org/index.en.html

[2] https://tails.boum.org/news/version_4.4/

[3] https://tails.boum.org/security/Numerous_security_holes_in_4.3/

Kernel prepatch 5.6-rc6

([Kernel] Mar 16, 2020 13:44 UTC (Mon) (corbet))

The [1]5.6-rc6 kernel prepatch has been released. " Diffstat looks normal, and the number of commits is right in the middle of the usual range too. And I don't think any of the commits look all that strange either - it's all pretty small. "

[1] https://lwn.net/Articles/815037/

LWN.net Weekly Edition for March 19, 2020

[$] Dentry negativity

([Kernel] Mar 12, 2020 20:14 UTC (Thu) (corbet))

Back in 2017, Waiman Long [1]posted a patch set placing limits on the number of "negative dentries" stored by the kernel. The better part of three years later, that work continues with, seemingly, no better prospects for getting into the mainline. It would be understandable, though, if many people out there don't really know what negative dentries are or why kernel developers care about them. That, at least, can be fixed, even if the underlying problem seems to be more difficult.

[1] https://lwn.net/Articles/728085/

[$] A QUIC look at HTTP/3

([Development] Mar 13, 2020 21:35 UTC (Fri) (corbet))

The [1]Hypertext Transfer Protocol (HTTP) is a core component of the world-wide web. Over its evolution it has added features, including encryption, but time has revealed its limitations and those of the whole protocol stack. At [2]FOSDEM 2020 , Daniel Stenberg [3]delivered a talk about a new version of the protocol called HTTP/3. It is under development and includes some big changes under the hood. There is no more TCP, for example; a new transport protocol called QUIC is expected to improve performance and allow new features.

[1] https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

[2] https://fosdem.org/2020/

[3] https://fosdem.org/2020/schedule/event/http3/

Handling attacks on a community

([Distributions] Mar 11, 2020 21:07 UTC (Wed) (jake))

A recent [1]message to the debian-project mailing list by Debian project leader (DPL) Sam Hartman is about a proposal to moderate the mailing list. There have been repeated attacks on various project members and the distribution itself posted to the list over the last few years, many from sock-puppet, throwaway email accounts, which spawned a recent discussion on the debian-private mailing list; Hartman was summarizing that discussion for those who are not on the private list. But the problems on debian-project (and other Debian public lists) are kind of just the tip of the iceberg; there is an ongoing, persistent effort to roil the distribution and its community.

[1] https://lwn.net/ml/debian-project/tslo8tgge89.fsf@suchdamage.org/

The short and long-term future of community conferences

([Front] Mar 10, 2020 0:53 UTC (Tue) (corbet))

The Linux development community is spread out over the planet and interacts primarily through email and online systems. It is widely felt, though, that there is great value in getting people together in person occasionally to talk about current issues and get to know each other as people. This year, though, the coronavirus pandemic is disrupting the conference schedule to an extent that won't be known for some time. But there are longer-term concerns as well, to the point that the head organizer for one of the kernel community's most successful events is questioning whether it should continue to exist.

The Let's Encrypt certificate revocation scare

([Security] Mar 10, 2020 17:20 UTC (Tue) (jake))

The [1]Let's Encrypt project has made real strides in helping to ensure that every web site can use the encrypted HTTPS protocol; it has provided TLS certificates at no charge that are accepted by most or all web browsers. Free certificates accepted by the browsers are something that was difficult to find prior to the advent of the project in 2014; as of the end of February, the project has [2]issued over a billion certificates . But a bug that was recently found in the handling of [3]Certificate Authority Authorization (CAA) by the project put roughly 2.6% of the active certificates—roughly three million—at risk of immediate revocation. As might be expected, that caused a bit of panic in some quarters, but it turned out that the worst outcome was largely averted.

[1] https://letsencrypt.org/

[2] https://letsencrypt.org/2020/02/27/one-billion-certs.html

[3] https://letsencrypt.org/docs/caa/

LWN.net Weekly Edition for March 12, 2020

What good is a ticket to the good life, if you can't find the entrance?