Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 45 min ago

[$] Six (or seven) new system calls for filesystem mounting

Thursday 12th of July 2018 03:00:51 PM
Mounting filesystems is a complicated business. The kernel supports a wide variety of filesystem types, and each has its own, often extensive set of options. As a result, the mount() system call is complex, and the list of mount options is a rather long read. But even with all of that complexity, mount() does not do everything that users would like. For example, the options for a mount operation must all fit within a single 4096-byte page — the fact that this is a problem for some users is illustrative in its own right. The problems with mount() have come up at various meetings, including at the 2018 Linux Storage, Filesystem, and Memory-Management Summit. A set of patches implementing a new approach is getting closer to being ready, but it features some complexity of its own and there are some remaining concerns about the proposed system-call API.

Security updates for Thursday

Thursday 12th of July 2018 01:16:56 PM
Security updates have been issued by Arch Linux (qutebrowser), CentOS (firefox), Debian (ruby-sprockets), Fedora (botan2, git-annex, kernel, kernel-tools, and visualboyadvance-m), Mageia (chromium-browser-stable, graphviz, mailman, nikto, perl-Archive-Zip, redis, and w3m), openSUSE (nextcloud), Oracle (gnupg2), Red Hat (flash-plugin, gnupg2, and kernel), Slackware (bind and curl), SUSE (java-1_8_0-openjdk, php7, rsyslog, slurm, and ucode-intel), and Ubuntu (cups, libpng, and libpng, libpng1.6).

[$] LWN.net Weekly Edition for July 12, 2018

Thursday 12th of July 2018 12:51:39 AM
The LWN.net Weekly Edition for July 12, 2018 is available.

[$] Signing and distributing Gentoo

Wednesday 11th of July 2018 06:55:44 PM

The compromise of the Gentoo's GitHub mirror was certainly embarrassing, but its overall impact on Gentoo users was likely fairly limited. Gentoo and GitHub responded quickly and forcefully to the breach, which greatly limited the damage that could be done; the fact that it was a mirror and not the master copy of Gentoo's repositories made it relatively straightforward to recover from. But the black eye that it gave the project has led some to consider ways to make it even harder for an attacker to add malicious content to Gentoo—even if the distribution's own infrastructure were to be compromised.

A set of stable kernel updates

Wednesday 11th of July 2018 04:44:31 PM
Greg Kroah-Hartman has released stable kernels 4.17.6, 4.14.55, 4.9.112, 4.4.140, and 3.18.115. As usual, they contain important fixes and users should upgrade.

[$] Emacs & TLS

Wednesday 11th of July 2018 03:35:58 PM

A recent query about the status of network security (TLS settings in particular) in Emacs led to a long thread in the emacs-devel mailing list. That thread touched on a number of different areas, including using OpenSSL (or other TLS libraries) rather than GnuTLS, what kinds of problems should lead to complaints out of the box, what settings should be the default, and when those settings could change for Emacs so as not to discombobulate users. The latter issue is one that lots of projects struggle with: what kinds of changes are appropriate for a bug-fix release versus a feature release. For Emacs, its lengthy development cycle, coupled with the perceived urgency of security changes, makes that question even more difficult.

Security updates for Wednesday

Wednesday 11th of July 2018 03:12:01 PM
Security updates have been issued by Debian (cups), Oracle (kernel and qemu-kvm), Red Hat (ansible, kernel, kernel-rt, and qemu-kvm), Scientific Linux (kernel and qemu-kvm), Slackware (thunderbird), and Ubuntu (curl, firefox, imagemagick, and xapian-core).

Malware found in the Arch Linux AUR repository

Tuesday 10th of July 2018 10:09:28 PM
Here's a report in Sensors Tech Forum on the discovery of a set of hostile packages in the Arch Linux AUR repository system. AUR contains user-contributed packages, of course; it's not a part of the Arch distribution itself. "The security investigation shows that shows that a malicious user with the nick name xeactor modified in June 7 an orphaned package (software without an active maintainer) called acroread. The changes included a curl script that downloads and runs a script from a remote site. This installs a persistent software that reconfigures systemd in order to start periodically. While it appears that they are not a serious threat to the security of the infected hosts, the scripts can be manipulated at any time to include arbitrary code. Two other packages were modified in the same manner." This thread in the aur-general list shows the timeline of the discovery and response.

[$] Spectre V1 defense in GCC

Tuesday 10th of July 2018 08:48:52 PM
In many ways, Spectre variant 1 (the bounds-check bypass vulnerability) is the ugliest of the Meltdown/Spectre set, despite being relatively difficult to exploit. Any given code base could be filled with V1 problems, but they are difficult to find and defend against. Static analysis can help, but the available tools are few, mostly proprietary, and prone to false positives. There is also a lack of efficient, architecture-independent ways of addressing Spectre V1 in user-space code. As a result, only a limited effort (at most) to find and fix Spectre V1 vulnerabilities has been made in most projects. An effort to add some defenses to GCC may help to make this situation better, but it comes at a cost of its own.

Security updates for Tuesday

Tuesday 10th of July 2018 03:07:50 PM
Security updates have been issued by Debian (ruby-sprockets), Red Hat (ansible and rh-git29-git), Scientific Linux (firefox), SUSE (ceph), and Ubuntu (libjpeg-turbo, ntp, and openslp-dfsg).

[$] IR decoding with BPF

Monday 9th of July 2018 03:46:19 PM
In the 4.18 kernel, a new feature was merged to allow infrared (IR) decoding to be done using BPF. Infrared remotes use many different encodings; if a decoder were to be written for each, we would end up with hundreds of decoders in the kernel. So, currently, the kernel only supports the most widely used protocols. Alternatively, the lirc daemon can be run to decode IR. Decoding IR can usually be expressed in a few lines of code, so a more lightweight solution without many kernel-to-userspace context switches would be preferable. This article will explain how IR messages are encoded, the structure of a BPF program, and how a BPF program can maintain state between invocations. It concludes with a look at the steps that are taken to end up with a button event, such as a volume-up key event.

Security updates for Monday

Monday 9th of July 2018 03:31:32 PM
Security updates have been issued by Debian (bouncycastle and ca-certificates), Fedora (cantata, cinnamon, php-symfony3, and transifex-client), openSUSE (ghostscript, openssl, openvpn, php7, rubygem-yard, thunderbird, ucode-intel, and unzip), and SUSE (libqt4, nodejs8, and openslp).

Kernel prepatch 4.18-rc4

Monday 9th of July 2018 11:06:32 AM
The 4.18-rc4 kernel prepatch has been released. "Things look pretty normal here, and size-wise this looks good too, so it's another of those 'solid progress to release' weeks. Boring is good."

A pair of stable kernel updates

Sunday 8th of July 2018 03:06:13 PM
The 4.17.5 and 4.14.54 stable kernels have been released with yet another set of important fixes.

An interview with Jonathan Corbet

Friday 6th of July 2018 08:17:01 PM
For those with a significant chunk of spare time and nothing better to do: Swapnil Bhartiya interviewed LWN editor Jonathan Corbet in February has now posted the resulting video on the Patreon site.

Security updates for Friday

Friday 6th of July 2018 02:27:30 PM
Security updates have been issued by Debian (dokuwiki, libsoup2.4, mercurial, php7.0, and phpmyadmin), Fedora (ant, gnupg, libgit2, and libsoup), openSUSE (cairo, git-annex, postgresql95, and zsh), Scientific Linux (firefox), Slackware (mozilla), SUSE (nodejs6 and rubygem-yard), and Ubuntu (AMD microcode, devscripts, and firefox).

[$] The block I/O latency controller

Thursday 5th of July 2018 08:33:22 PM
Large data centers routinely use control groups to balance the use of the available computing resources among competing users. Block I/O bandwidth can be one of the most important resources for certain types of workloads, but the kernel's I/O controller is not a complete solution to the problem. The upcoming block I/O latency controller looks set to fill that gap in the near future, at least for some classes of users.

Security updates for Thursday

Thursday 5th of July 2018 02:19:56 PM
Security updates have been issued by Oracle (firefox), SUSE (exiv2, ghostscript, libvorbis, openssl, openvpn, php7, tiff, and unzip), and Ubuntu (libarchive-zip-perl and php7.2).

[$] LWN.net Weekly Edition for July 5, 2018

Thursday 5th of July 2018 12:57:13 AM
The LWN.net Weekly Edition for July 5, 2018 is available.

Gentoo's GitHub mirror compromise incident report

Wednesday 4th of July 2018 05:09:18 PM
LWN reported on June 29 that Gentoo's GitHub mirror had been compromised. Gentoo now considers the incident resolved and the full report is available. "An unknown entity gained control of an admin account for the Gentoo GitHub Organization and removed all access to the organization (and its repositories) from Gentoo developers. They then proceeded to make various changes to content. Gentoo Developers & Infrastructure escalated to GitHub support and the Gentoo Organization was frozen by GitHub staff. Gentoo has regained control of the Gentoo GitHub Organization and has reverted the bad commits and defaced content."

More in Tux Machines

Openwashing

Review: Peppermint OS 9

While I have to admit that I am not the target audience for a distribution focused on web-based applications, I found Peppermint 9 to be a solid distribution. Despite pulling components from multiple desktop environments, Peppermint 9's desktop is well integrated and easy to use. It was also easy to add both web-based and traditional applications to the system, so the distribution can be adjusted for users who prefer either. Peppermint 9 is not for everyone, but users who do most their work in Google Docs or Microsoft Office Online should give Peppermint a try. However, users accustomed to using traditional desktop applications might want to stick to one of the many alternatives out there. Yes, Peppermint 9 can be easily adjusted to use traditional desktop applications, but many of the other distribution options out there come with those kinds of applications pre-installed. Read more

A Major GNOME Icon Redesign is Getting Underway

Your favourite GNOME applications will soon have dramatically different icons. GNOME devs are redesigning the default icons for all GNOME core apps as part a wider overhaul of GNOME design guidelines. The move hope to make it easier (and less effort) for app developers to provide high-quality and useful icons for their software on the GNOME desktop. Not that this redesign is much a surprise, as the Adwaita folder icons we highlighted a few weeks back suggested a new tack was being taken on design. With the GNOME desktop environment shipping on the Purism Librem 5 smartphone, the timing of this revamp couldn’t be better. Read more

Linux 4.17.9, 4.14.57, 4.9.114, 4.4.143, and 3.18.116