Resource management in KDE
([Development] Oct 19, 2020 16:42 UTC (Mon) (mrybczyn))
Applications that run on the Linux desktop have changed significantly under the hood in recent years; for example, they use more processes than before. Desktop environments need to adapt to this change. During [1]Akademy 2020 , KDE developers David Edmundson and Henri Chain delivered a talk ( [2]YouTube video ) about how KDE, working with other desktop environments, is starting to use advanced kernel features to give users more control over their systems. This talk complements a presentation by GNOME developers that was recently [3]covered here .
[1] https://akademy.kde.org/2020
[2] https://www.youtube.com/watch?v=7a9h4MHEy0k&list=PLsHpGlwPdtMrNmuCWAdTWJ05TYB_rQXYI&index=6&t=9745s
[3] https://lwn.net/Articles/829567/
[1] https://akademy.kde.org/2020
[2] https://www.youtube.com/watch?v=7a9h4MHEy0k&list=PLsHpGlwPdtMrNmuCWAdTWJ05TYB_rQXYI&index=6&t=9745s
[3] https://lwn.net/Articles/829567/
BleedingTooth: critical kernel Bluetooth vulnerability
([Security] Oct 14, 2020 17:00 UTC (Wed) (jake))
Several flaws in the [1]BlueZ kernel Bluetooth stack prior to Linux 5.9 are being reported [2]by Intel and by Google ( [3]GHSA-h637-c88j-47wq , [4]GHSA-7mh3-gq28-gfrq , and [5]GHSA-ccx2-w2r4-x649 ). They are collectively being called "BleedingTooth", and more information [6]will be forthcoming , though there is already a [7]YouTube video demonstrating remote code execution using BleedingTooth.
[1] http://www.bluez.org/
[2] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
[3] https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
[4] https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
[5] https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
[6] https://twitter.com/theflow0/status/1316071793707364353
[7] https://www.youtube.com/watch?v=qPYrLRausSw
[1] http://www.bluez.org/
[2] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
[3] https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
[4] https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
[5] https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
[6] https://twitter.com/theflow0/status/1316071793707364353
[7] https://www.youtube.com/watch?v=qPYrLRausSw
[$] The Arm64 memory tagging extension in Linux
([Kernel] Oct 15, 2020 16:58 UTC (Thu) (corbet))
One of the first features merged for the 5.10 kernel development cycle was support for [1]the Arm v8.5 memory tagging extension [PDF] . By adding a "key" value to pointers, this mechanism enables the automated detection of a wide range of memory-safety issues. The result should be safer and more secure code — once support for the feature shows up in actual hardware.
[1] https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf
[1] https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf
A set of stable kernels
([Kernel] Oct 14, 2020 15:05 UTC (Wed) (ris))
Stable kernels [1]5.8.15 , [2]5.4.71 , [3]4.19.151 , [4]4.14.201 , [5]4.9.239 , and [6]4.4.239 have been released. They all contain important fixes and users should upgrade.
[1] https://lwn.net/Articles/834275/
[2] https://lwn.net/Articles/834276/
[3] https://lwn.net/Articles/834277/
[4] https://lwn.net/Articles/834278/
[5] https://lwn.net/Articles/834279/
[6] https://lwn.net/Articles/834280/
[1] https://lwn.net/Articles/834275/
[2] https://lwn.net/Articles/834276/
[3] https://lwn.net/Articles/834277/
[4] https://lwn.net/Articles/834278/
[5] https://lwn.net/Articles/834279/
[6] https://lwn.net/Articles/834280/
Security updates for Wednesday
([Security] Oct 14, 2020 14:55 UTC (Wed) (ris))
Security updates have been issued by Debian (jackson-databind and tomcat8), Fedora (dovecot), Oracle (firefox, spice and spice-gtk, and thunderbird), Red Hat (flash-plugin), SUSE (ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client, bind, crmsh, kernel, libproxy, php74, rubygem-activesupport-5_1, and tigervnc), and Ubuntu (dom4j, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux, linux-lts-trusty, and linux-hwe, linux-gke-5.0, linux-gke-5.3, linux-oem-osp1, linux-raspi2-5.3).
Krita 4.4.0 released
([Development] Oct 14, 2020 13:50 UTC (Wed) (corbet))
[1]Version 4.4.0 of the Krita painting application has been released. " With a whole slew of new fill layer types, including the really versatile SeExpr based scriptable fill layer type, exciting new options for Krita’s brushes like the gradient map mode for brushes, lightness and gradient modes for brush textures, support for dynamic use of colors in gradients, webm export for animations, new scripting features — and of course, hundreds of bug fixes that make this version of Krita better than ever. " See [2]the release notes for details.
[1] https://krita.org/en/item/krita-4-4-0-released/
[2] https://krita.org/en/krita-4-4-0-release-notes/
[1] https://krita.org/en/item/krita-4-4-0-released/
[2] https://krita.org/en/krita-4-4-0-release-notes/
[$] 5.10 Merge window, part 1
([Kernel] Oct 16, 2020 15:48 UTC (Fri) (corbet))
As of this writing, 7,153 non-merge changesets have been pulled into the mainline Git repository for the 5.10 release — over a period of four days. This development cycle is clearly off to a strong start. Read on for an overview of the significant changes merged thus far for the 5.10 kernel release.
Security updates for Tuesday
([Security] Oct 13, 2020 15:02 UTC (Tue) (ris))
Security updates have been issued by Mageia (mariadb), openSUSE (qemu and tigervnc), Oracle (kernel), Red Hat (chromium-browser and kernel), and SUSE (php5).
An open letter to Apache OpenOffice
([Development] Oct 13, 2020 14:14 UTC (Tue) (corbet))
On the 20th anniversary of the open-sourcing of the OpenOffice.org suite, the LibreOffice project has sent [1]an open letter to the Apache OpenOffice project suggesting that it is time for the latter to recognize that the game is over. " If Apache OpenOffice wants to still maintain its old 4.1 branch from 2014, sure, that’s important for legacy users. But the most responsible thing to do in 2020 is: help new users. Make them aware that there’s a much more modern, up-to-date, professionally supported suite, based on OpenOffice, with many extra features that people need. "
[1] https://blog.documentfoundation.org/blog/2020/10/12/open-letter-to-apache-openoffice/
[1] https://blog.documentfoundation.org/blog/2020/10/12/open-letter-to-apache-openoffice/
Plausible relicenses to AGPL
([Development] Oct 13, 2020 14:06 UTC (Tue) (corbet))
[1]Plausible , a web-analytics package that was [2]reviewed here in June , has [3]announced a move from the MIT license to the Affero GPL, version 3. " This change makes no difference to any of you who subscribe to Plausible Cloud or who self-host Plausible, but it may upset a few corporations who tried to use our software to directly compete with us without contributing back. "
[1] https://plausible.io/
[2] https://lwn.net/Articles/822568/
[3] https://plausible.io/blog/open-source-licenses
[1] https://plausible.io/
[2] https://lwn.net/Articles/822568/
[3] https://plausible.io/blog/open-source-licenses
The Open Invention Network's expanded Linux System Definition
([Briefs] Oct 13, 2020 13:58 UTC (Tue) (corbet))
The [1]Open Invention Network , which offers patent protection for a wide range of open-source software, has expanded its [2]Linux System Definition — the set of software covered by the OIN patent non-aggression agreement. In particular, the new definition includes the exFAT filesystem (once the subject of a lot of patent worries), the [3]KDE Frameworks , the [4]Robot Operating System , and version 10 of the Android Open Source Project.
[1] http://www.openinventionnetwork.com
[2] https://openinventionnetwork.com/linux-system/
[3] https://techbase.kde.org/KDE_Frameworks
[4] https://www.ros.org/
[1] http://www.openinventionnetwork.com
[2] https://openinventionnetwork.com/linux-system/
[3] https://techbase.kde.org/KDE_Frameworks
[4] https://www.ros.org/
Plasma 5.20 released
([Development] Oct 13, 2020 13:50 UTC (Tue) (corbet))
[1]Version 5.20 of the Plasma KDE desktop is out. " A massive release, containing improvements to dozens of components, widgets, and the desktop behavior in general. Everyday utilities and tools, such as the Panels, Task Manager, Notifications and System Settings, have all been overhauled to make them more usable, efficient, and friendlier. " There are also significant improvements in Plasma's Wayland support.
[1] https://kde.org/announcements/plasma-5.20.0
[1] https://kde.org/announcements/plasma-5.20.0
Some 5.9 kernel development statistics
([Kernel] Oct 13, 2020 18:01 UTC (Tue) (corbet))
The 5.9 kernel [1]was released on October 11 , at the end of a ten-week development cycle — the first release to take more than nine weeks since 5.4 at the end of 2019. While this cycle was not as busy as 5.8, [2]which broke some records , it was still one of the busier ones we have seen in some time, featuring 14,858 non-merge changesets contributed by 1,914 developers. Read on for our traditional look at what those developers were up to while creating the 5.9 release.
[1] https://lwn.net/ml/linux-kernel/CAHk-=wi-u86++np80GQvgDuARdt9xpBNho6SjHLmYgm8jibGag@mail.gmail.com/
[2] https://lwn.net/Articles/827735/
[1] https://lwn.net/ml/linux-kernel/CAHk-=wi-u86++np80GQvgDuARdt9xpBNho6SjHLmYgm8jibGag@mail.gmail.com/
[2] https://lwn.net/Articles/827735/
Further analysis of PyPI typosquatting
([Security] Oct 14, 2020 21:31 UTC (Wed) (jake))
We have [1]looked at the problem of confusingly named packages in repositories such as the [2]Python Package Index (PyPI) before. In general, malicious actors create these packages with names that can be mistaken for those of legitimate packages in the repository in a form of " [3]typosquatting ". Since our 2016 article, the problem has not gone away—no surprise—but there has been some recent analysis of it, as well as some efforts to combat it.
[1] https://lwn.net/Articles/694830/
[2] https://pypi.org/
[3] https://en.wikipedia.org/wiki/Typosquatting
[1] https://lwn.net/Articles/694830/
[2] https://pypi.org/
[3] https://en.wikipedia.org/wiki/Typosquatting
Security updates for Monday
([Security] Oct 12, 2020 15:05 UTC (Mon) (ris))
Security updates have been issued by Debian (eclipse-wtp, httpcomponents-client, rails, and spice), Fedora (crun, oniguruma, and podman), openSUSE (grafana, kdeconnect-kde, kernel, nextcloud, nodejs10, nodejs8, and permissions), Oracle (kernel), and SUSE (tigervnc).
LLVM 11.0.0 released
([Development] Oct 12, 2020 14:33 UTC (Mon) (corbet))
[1]Version 11.0.0 of the LLVM compiler suite is out. Significant change include the addition of a Fortran frontend and a lot more; see the collection of release-note sets in the announcement for details.
[1] https://lists.llvm.org/pipermail/llvm-announce/2020-October/000089.html
[1] https://lists.llvm.org/pipermail/llvm-announce/2020-October/000089.html
Wishing David Miller well
([Kernel] Oct 12, 2020 14:21 UTC (Mon) (corbet))
David Miller is the long-time maintainer of the kernel's networking subsystem. On October 10, he wrote this to [1]his Twitter feed : " I had a stroke on Tuesday and have been recovering since please pray for me ". We at LWN wish David a fast and complete recovery. (Thanks to Harald Welte for the heads-up).
[1] https://twitter.com/davem_dokebi/status/1314822827879665664
[1] https://twitter.com/davem_dokebi/status/1314822827879665664
Security updates for Friday
([Security] Oct 9, 2020 14:09 UTC (Fri) (jake))
Security updates have been issued by Oracle (bind, kernel, libcroco, nss and nspr, qemu-kvm, spice and spice-gtk, and squid) and SUSE (kernel).
The 5.9 kernel has been released
([Kernel] Oct 11, 2020 23:15 UTC (Sun) (corbet))
Linus has [1]released the 5.9 kernel . " Ok, so I'll be honest - I had hoped for quite a bit fewer changes this last week, but at the same time there doesn't really seem to be anything particularly scary in here. It's just more commits and more lines changed than I would have wished for. " Some of the significant features in this release are: x86 [2]FSGSBASE support , [3]capacity awareness in the deadline scheduler, the [4]close_range() system call, [5]proactive compaction in the memory-management subsystem, the [6]rationalization of kernel-thread priorities, and more. See [7]the KernelNewbies 5.9 page for more details.
[1] https://lwn.net/Articles/833996/
[2] https://lwn.net/Articles/821723/
[3] https://lwn.net/Articles/821578/
[4] https://lwn.net/Articles/789023/
[5] https://lwn.net/Articles/817905/
[6] https://lwn.net/Articles/818388/
[7] https://kernelnewbies.org/Linux_5.9
[1] https://lwn.net/Articles/833996/
[2] https://lwn.net/Articles/821723/
[3] https://lwn.net/Articles/821578/
[4] https://lwn.net/Articles/789023/
[5] https://lwn.net/Articles/817905/
[6] https://lwn.net/Articles/818388/
[7] https://kernelnewbies.org/Linux_5.9
[$] NAPI polling in kernel threads
([Kernel] Oct 9, 2020 18:59 UTC (Fri) (corbet))
Systems that manage large amounts of network traffic end up dedicating a significant part of their available CPU time to the network stack itself. Much of this work is done in software-interrupt context, which can be problematic in a number of ways. That may be about to change, though, once [1]this patch series posted by Wei Wang is merged into the mainline.
[1] https://lwn.net/ml/netdev/20201002222514.1159492-1-weiwan@google.com/
[1] https://lwn.net/ml/netdev/20201002222514.1159492-1-weiwan@google.com/
The life which is unexamined is not worth living.
-- Plato