Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 27 min ago

Security updates for Monday

Monday 26th of August 2019 01:39:56 PM
Security updates have been issued by Arch Linux (firefox, libreoffice-still, nginx, nginx-mainline, and subversion), Debian (commons-beanutils, h2o, libapache2-mod-auth-openidc, libmspack, qemu, squid, and tiff), Fedora (kubernetes, libmodbus, nfdump, and nodejs), openSUSE (dkgpg, libTMCG, go1.12, neovim, python, qbittorrent, schismtracker, teeworlds, thunderbird, and zstd), and SUSE (go1.11, go1.12, python-SQLAlchemy, and python-Twisted).

Prepatch and stable kernels

Monday 26th of August 2019 01:32:24 PM
On the development side, Linus has released 5.3-rc6 for testing. "I’m doing a (free) operating system (more than just a hobby) for 486 AT clones and a lot of other hardware. This has been brewing for the last 28 years, and is still not done. I’d like any feedback on any bugs introduced this release (or older bugs too, for that matter)."

For those wanting something more stable, 5.2.10, 4.19.68, 4.14.140, 4.9.190, and 4.4.190 have all been released.

[$] Debating the Cryptographic Autonomy License

Friday 23rd of August 2019 08:28:25 PM
If one were to ask a group of free-software developers whether the community needs more software licenses, the majority of the group would almost certainly answer "no". We have the licenses we need to express a range of views of software freedom, and adding to the list just tends to create confusion and compatibility issues. That does not stop people from writing new licenses, though. While much of the "innovation" in software licenses in recent times is focused on giving copyright holders more control over how others use their code (while still being able to brand it "open source"), there are exceptions. The proposed "Cryptographic Autonomy License" (CAL) is one of those; its purpose is to give users of CAL-licensed code control over the data that is processed with that code.

Security updates for Friday

Friday 23rd of August 2019 01:41:12 PM
Security updates have been issued by Debian (cups, nginx, and openjdk-7), Fedora (httpd, mod_md, nghttp2, and patch), and SUSE (rubygem-loofah).

[$] Restricting path name lookup with openat2()

Thursday 22nd of August 2019 07:24:26 PM
Looking up a file given a path name seems like a straightforward task, but it turns out to be one of the more complex things the kernel does. Things get more complicated if one is trying to write robust (user-space) code that can do the right thing with paths that are controlled by a potentially hostile user. Attempts to make the open() and openat() system calls safer date back at least to an attempt to add O_BENEATH in 2014, but numerous problems remain. Aleksa Sarai, who has been working in this area for a while, has now concluded that a new version of openat(), naturally called openat2(), is required to truly solve this problem.

Backdoors in Webmin

Thursday 22nd of August 2019 01:14:22 PM
Anybody using Webmin, a web-based system-administration tool, will want to update now, as it turns out that the system has been backdoored for over a year. "At some time in April 2018, the Webmin development build server was exploited and a vulnerability added to the password_change.cgi script. Because the timestamp on the file was set back, it did not show up in any Git diffs. This was included in the Webmin 1.890 release."

Backdoor code found in 11 Ruby libraries (ZDNet)

Thursday 22nd of August 2019 01:08:49 PM
ZDNet reports on the discovery of a set of malicious libraries in the RubyGems repository. "The individual behind this scheme was active for more than a month, and their actions were not detected. Things changed when the hacker managed to gain access to the RubyGems account of one of the rest-client developers, which he used to push four malicious versions of rest-client on RubyGems. However, by targeting such a high-profile project that has over 113 million total downloads on RubyGems, the hacker also brought a lot of light to their operation, which was taken down within a few hours after users first spotted the malicious code in the rest-client library."

Security updates for Thursday

Thursday 22nd of August 2019 12:59:53 PM
Security updates have been issued by Fedora (nginx), openSUSE (ImageMagick and putty), Red Hat (Ansible, atomic-openshift-web-console, ceph, and qemu-kvm-rhev), SUSE (kvm, libssh2_org, postgresql96, qemu, and wavpack), and Ubuntu (libzstd and openjpeg2).

[$] LWN.net Weekly Edition for August 22, 2019

Thursday 22nd of August 2019 12:30:07 AM
The LWN.net Weekly Edition for August 22, 2019 is available.

[$] OpenPOWER opens further

Wednesday 21st of August 2019 08:25:11 PM
In what was to prove something of a theme throughout the morning, Hugh Blemings said that he had been feeling a bit like a kid waiting for Christmas recently, but that the day when the presents can be unwrapped had finally arrived. He is the executive director of the OpenPOWER Foundation and was kicking off the keynotes for the second day of the 2019 OpenPOWER Summit North America; the keynotes would reveal the "most significant and impressive announcements" in the history of the project, he said. Multiple presentations outlined a major change in the openness of the OpenPOWER instruction set architecture (ISA), along with various related hardware and software pieces; in short, OpenPOWER can be used by compliant products without paying royalties and with a grant of the patents that IBM holds on it. In addition, the foundation will be moving under the aegis of the Linux Foundation.

[$] Making containers safer

Wednesday 21st of August 2019 02:24:10 PM
On day one of the Linux Security Summit North America (LSS-NA), Stéphane Graber and Christian Brauner gave a presentation on the current state and the future of container security. They both work for Canonical on the LXD project; Graber is the project lead and Brauner is the maintainer. They looked at the different kernel mechanisms that can be used to make containers more secure and provided some recommendations based on what they have learned along the way.

Security updates for Wednesday

Wednesday 21st of August 2019 01:13:32 PM
Security updates have been issued by Fedora (ghostscript, pango, and squirrelmail), openSUSE (libcryptopp, squid, tcpdump, and wireshark), SUSE (flatpak), and Ubuntu (giflib and NLTK).

Announcing notqmail

Tuesday 20th of August 2019 11:17:21 PM
The notqmail project has announced its existence and shipped an initial release. It's a new fork of the venerable qmail mail transport system. "Our first release is informed, conservative, and careful — but bold. It reflects our brand-new team’s rapid convergence on where we’re going and how we’ll get there."

Open source POWER ISA takes aim at Intel and Arm (TechRepublic)

Tuesday 20th of August 2019 11:11:12 PM
TechRepublic reports on the opening of the POWER instruction-set architecture. "While the POWER ISA was itself licensable following the creation of the OpenPOWER Foundation in 2013, that came at a cost. Now, the POWER ISA is available royalty-free, inclusive of patent rights." The OpenPOWER Foundation is also being folded into the Linux Foundation.

Security updates for Tuesday

Tuesday 20th of August 2019 01:17:52 PM
Security updates have been issued by Debian (flask), openSUSE (clementine, dkgpg, libTMCG, openexr, and zstd), Oracle (kernel, mysql:8.0, redis:5, and subversion:1.10), SUSE (nodejs6, python-Django, and rubygem-rails-html-sanitizer), and Ubuntu (cups, docker, docker-credential-helpers, kconfig, kde4libs, libreoffice, nova, and openldap).

[$] On-disk format robustness requirements for new filesystems

Monday 19th of August 2019 11:17:00 PM
The "Extendable Read-Only File System" (or "EROFS") was first posted by Gao Xiang in May 2018; it was merged into the staging tree for the 4.19 release. There has been a steady stream of work on EROFS since then, and its author now thinks that it is ready to move out of staging and join the other official filesystems in the kernel. It would seem, though, that there is one final hurdle that it may have to clear: robustness in the face of a corrupted on-disk filesystem image. That raises an interesting question: to what extent do new filesystems have to exhibit a level of robustness that is not met by the filesystems that are currently in heavy use?

Stapelberg: distri: a Linux distribution to research fast package management

Monday 19th of August 2019 01:46:11 PM
Michael Stapelberg has announced the first release of "distri", a distribution focused on simplifying and accelerating package management. "distri’s package manager is extremely fast. Its main bottleneck is typically the network link, even at high speed links (I tested with a 100 Gbps link). Its speed comes largely from an architecture which allows the package manager to do less work."

Security updates for Monday

Monday 19th of August 2019 01:39:31 PM
Security updates have been issued by CentOS (kernel and openssl), Debian (ffmpeg, golang-1.11, imagemagick, kde4libs, openldap, and python3.4), Fedora (gradle, hostapd, kdelibs3, and mgetty), Gentoo (adobe-flash, hostapd, mariadb, patch, thunderbird, and vlc), Mageia (elfutils, mariadb, mythtv, postgresql, and redis), openSUSE (chromium, kernel, LibreOffice, and zypper, libzypp and libsolv), Oracle (ghostscript), Red Hat (rh-php71-php), SUSE (bzip2, evince, firefox, glib2, glibc, java-1_8_0-openjdk, polkit, postgresql10, python3, and squid), and Ubuntu (firefox).

A new chair for the openSUSE board

Monday 19th of August 2019 01:21:45 PM
Richard Brown has announced that he is stepping down as the chair of the openSUSE board. "I have absolute confidence in the openSUSE Board; Indeed, I don't think I would be able to make this decision at this time if I wasn't certain that I was leaving openSUSE in good hands. On that note, SUSE has appointed Gerald Pfeifer as my replacement as Chair. Gerald is SUSE's EMEA-based CTO, with a long history as a Tumbleweed user, an active openSUSE Member, and upstream contributor/maintainer in projects like GCC and Wine."

Kernel prepatch 5.3-rc5

Monday 19th of August 2019 01:17:34 PM
Linus has released the 5.3-rc5 kernel prepatch, saying: "It's been calm, and nothing here stands out, except perhaps some of the VM noise where we un-reverted some changes wrt node-local vs hugepage allocations."

More in Tux Machines

MX-19 Release Candidate 1 now available

We are pleased to offer MX-19 RC 1 for testing purposes. As usual, this iso includes the latest updates from debian 10.1 (buster), antiX and MX repos. Read more

The Linux Mint 19.2 Gaming Report: Promising But Room For Improvement

When I started outlining the original Linux Gaming Report, I was still a fresh-faced Linux noob. I didn’t understand how fast the ecosystem advanced (particularly graphics drivers and Steam Proton development), and I set some lofty goals that I couldn’t accomplish given my schedule. Before I even got around to testing Ubuntu 18.10, for example, Ubuntu 19.04 was just around the corner! And since all the evaluation and benchmarking takes a considerable amount of time, I ended up well behind the curve. So I’ve streamlined the process a bit, while adding additional checkpoints such as out-of-the-box software availability and ease-of-installation for important gaming apps like Lutris and GameHub. Read more

Something exciting is coming with Ubuntu 19.10

ZFS is a combined file system and logical volume manager that is scalable, supplying support for high storage capacity and a more efficient data compression, and includes snapshots and rollbacks, copy-on-write clones, continuous integrity checking, automatic repair, and much more. So yeah, ZFS is a big deal, which includes some really great features. But out of those supported features, it's the snapshots and rollbacks that should have every Ubuntu user/admin overcome with a case of the feels. Why? Imagine something has gone wrong. You've lost data or an installation of a piece of software has messed up the system. What do you do? If you have ZFS and you've created a snapshot, you can roll that system back to the snapshot where everything was working fine. Although the concept isn't new to the world of computing, it's certainly not something Ubuntu has had by default. So this is big news. Read more

Pack Your Bags – Systemd Is Taking You To A New Home

Home directories have been a fundamental part on any Unixy system since day one. They’re such a basic element, we usually don’t give them much thought. And why would we? From a low level point of view, whatever location $HOME is pointing to, is a directory just like any other of the countless ones you will find on the system — apart from maybe being located on its own disk partition. Home directories are so unspectacular in their nature, it wouldn’t usually cross anyone’s mind to even consider to change anything about them. And then there’s Lennart Poettering. In case you’re not familiar with the name, he is the main developer behind the systemd init system, which has nowadays been adopted by the majority of Linux distributions as replacement for its oldschool, Unix-style init-system predecessors, essentially changing everything we knew about the system boot process. Not only did this change personally insult every single Perl-loving, Ken-Thompson-action-figure-owning grey beard, it engendered contempt towards systemd and Lennart himself that approaches Nickelback level. At this point, it probably doesn’t matter anymore what he does next, haters gonna hate. So who better than him to disrupt everything we know about home directories? Where you _live_? Although, home directories are just one part of the equation that his latest creation — the systemd-homed project — is going to make people hate him even more tackle. The big picture is really more about the whole concept of user management as we know it, which sounds bold and scary, but which in its current state is also a lot more flawed than we might realize. So let’s have a look at what it’s all about, the motivation behind homed, the problems it’s going to both solve and raise, and how it’s maybe time to leave some outdated philosophies behind us. Read more