LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Updated: 3 hours 30 min ago
Security updates have been issued by Debian (ejabberd, jhead, and samba), Fedora (chromium, drupal8, empathy, erlang, firefox, icoutils, kernel, knot-resolver, libICE, libupnp, libXdmcp, links, mbedtls, moodle, mupdf, ntp, openslp, R, rkward, rpy, sane-backends, sscg, tcpreplay, thunderbird, and webkitgtk4), Mageia (kernel, kernel-linus, and kernel-tmb), openSUSE (apache2, Chromium, kernel, and virglrenderer), Oracle (kernel), and Slackware (samba).
Crunchy Data has announced
the availability of a "security technical implementation guide" for the
PostgreSQL database management system. "While the STIG was authored
for the benefit of the U.S. Government, the DISA PostgreSQL STIG offers
security-conscious enterprises a comprehensive guide for the configuration
and operation of open source PostgreSQL. Enterprises can refer to the STIG
as for guidance on PostgreSQL security best practices they consider open
source PostgreSQL as an alternative to proprietary, closed source, database
The Scientific Linux project has announced that Scientific Linux 5 has reached its end of life. "After March 31 2017 Scientific Linux 5 will not receive further updates
and the files will be archived.
The existing files will be moved into
purposes after March 31 2017.
This will break existing yum repos and kickstarts using the official
When Andreas Dilger proposed the statx() topic for the 2017 Linux
Storage, Filesystem, and Memory-Management Summit, the system call had
still not been merged. But that all changed in the 4.11 development cycle when Al Viro merged the
system call to provide additional file information. So, unlike
years, the discussion was not about how to merge such a system call but,
instead, how to extend statx() for additional file information.
, and 4.4.59
stable kernels have been released.
Users of those kernel series should upgrade.
[Update: It appears that the urgency for getting these stable kernels out comes from a fix for CVE-2017-7184, which is a local privilege-escalation vulnerability.]
Security updates have been issued by Arch Linux (chromium), Debian (tiff3), Fedora (erlang), Mageia (deluge and mariadb), openSUSE (GraphicsMagick, pidgin, and wget), Red Hat (chromium-browser), and Ubuntu (firefox and samba).
of the OpenShot video editor has been released. "This is one
of the biggest updates ever to OpenShot, and is filled with new features,
performance improvements, and tons of bug fixes". This release adds
a new transform tool, better zooming, better title editing, and more; the
razor tool has also made a comeback.
Videos from the LibrePlanet 2017
keynotes and sessions are becoming available at media.libreplanet.org
; many are already posted and others will be filled in over the next few days. "LibrePlanet 2017 closed Sunday, March 26th with a keynote by
Sumana Harihareswara, bringing to an end two days of
presentations, workshops, hacking, conversations, and fun. More
than 400 people interested in free software joined the Free
Software Foundation (FSF) and MIT's Student Information Processing
Board (SIPB) in Cambridge, MA for the 9th annual LibrePlanet." LWN was there for the conference, so you can expect more coverage coming soon (our first article on Conor Schaefer's SecureDrop talk
appeared in the March 30 weekly edition).
Greg Kroah-Hartman has announced the release of the 4.10.7
, and 4.4.58
stable kernels. They contain fixes
throughout the tree and users of those series should upgrade. The next
round of stable kernels is also in the review process at this point and those kernels
can be expected on April 1.
Security updates have been issued by Debian (firebird2.5), openSUSE (gstreamer-0_10-plugins-good and php5), Oracle (curl), SUSE (kernel and samba), and Ubuntu (kernel, linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux, linux-ti-omap4, linux-hwe, linux-lts-trusty, linux-lts-xenial, and oxide-qt).
The LWN.net Weekly Edition for March 30, 2017 is available.
The overlayfs filesystem
is being used more
and more these days, especially
in conjunction with containers. Amir Goldstein and Miklos Szeredi
led a discussion about recent and upcoming features for the filesystem at
Memory-management (MM) patches are notoriously difficult to get merged into the
mainline kernel. They are subjected to a high degree of review because
this is an area where it is easy to get things wrong. Or, at least, that
is how it used to be. The final memory-management session at the 2017
Linux Storage, Filesystem, and Memory-Management Summit was concerned with
patch review in the MM subsystem — or the lack of it.
Security updates have been issued by CentOS (icoutils and openjpeg), Debian (eject, graphicsmagick, libytnef, and tnef), Fedora (drupal8, firefox, kernel, ntp, qbittorrent, texlive, and webkitgtk4), Oracle (bash, coreutils, glibc, gnutls, kernel, libguestfs, ocaml, openssh, qemu-kvm, quagga, samba, samba4, tigervnc, and wireshark), Red Hat (curl), Slackware (mariadb), SUSE (samba), and Ubuntu (apparmor).
David Malcolm has put together the
beginnings of an unofficial guide to GCC
for developers who are getting
started with the compiler. "I’m a relative newcomer to GCC, so I
thought it was worth documenting some of the hurdles I ran into when I
started working on GCC, to try to make it easier for others to start
hacking on GCC. Hence this guide."
allows user space to intervene in the handling of page faults. As Andrea
Arcangeli and Mike Rapaport described in a 2017 Linux Storage, Filesystem,
and Memory-Management Summit session dedicated to the subject,
userfaultfd() was originally created to help with the live
migration of virtual machines between physical hosts. It allows pages to
be copied to the new host on demand, after the machine itself has been
moved, leading to faster, more predictable migrations. Work on
userfaultfd() is not finished, though; there are a number of other
features that developers would like to add.
A processor's translation lookaside buffer (TLB) caches the mappings from
virtual to physical addresses. Looking up virtual addresses is expensive,
so good performance often depends on making the best use of the TLB. In
the memory-management track of the 2017 Linux Storage, Filesystem, and
Memory-Management Summit, Mike Kravetz described a SPARC processor feature
that can improve TLB performance and explored ways in which that feature
could be supported.
of the Kubernetes orchestration system is available. "In
this release the community’s focus is on scale and automation, to help you
deploy multiple workloads to multiple users on a cluster. We are announcing
that 5,000 node clusters are supported. We moved dynamic storage
provisioning to stable. Role-based access control (RBAC), kubefed, kubeadm,
and several scheduling features are moving to beta. We have also added
intelligent defaults throughout to enable greater automation out of the
Google has announced
the launch of opensource.google.com
. "Today, we’re launching opensource.google.com, a new website for Google Open Source that ties together all of our initiatives with information on how we use, release, and support open source.
This new site showcases the breadth and depth of our love for open source. It will contain the expected things: our programs, organizations we support, and a comprehensive list of open source projects we've released. But it also contains something unexpected: a look under the hood at how we "do" open source."
When the transparent huge page feature was added to the kernel, it only
supported anonymous (non-file-backed) memory. In 2016, support for huge pages in the page cache
added, but only the tmpfs filesystem was supported. There is interest in
expanding support to other filesystems, since, for some workloads, the
performance improvement can be significant. Kirill Shutemov led the only
session that combined just the filesystem and memory-management tracks at
the 2017 Linux Storage, Filesystem, and Memory-Management Summit in a
discussion of adding huge-page support to the ext4 filesystem.