Language Selection

English French German Italian Portuguese Spanish


Syndicate content is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Updated: 3 hours 30 min ago

[$] Strict memcpy() bounds checking for the kernel

Friday 30th of July 2021 02:49:18 PM
The C programming language is famously prone to memory-safety problems that lead to buffer overflows and a seemingly endless stream of security vulnerabilities. But, even in C, it is possible to improve the situation in many cases. One of those is the memcpy() family of functions, which are used to efficiently copy or overwrite blocks of memory; with a bit of help from the compiler, those functions can be prevented from writing past the end of the destination object they are passed. Enforcing that condition in the kernel is harder than one might expect, though, as this massive patch set from Kees Cook shows.

Security updates for Friday

Friday 30th of July 2021 02:12:14 PM
Security updates have been issued by Debian (libsndfile and openjdk-11), Fedora (php-pear and seamonkey), openSUSE (fastjar and php7), SUSE (php72, qemu, and sqlite3), and Ubuntu (libsndfile, php-pear, and qpdf).

The GNU C Library copyright-assignment policy changes

Thursday 29th of July 2021 10:22:30 PM
The change in copyright-assignment policy proposed in June for the GNU C Library project has now been adopted:

The changes to accept patches with or without FSF copyright assignment will be effective after August 2nd, and will apply to all open branches. Code shared with other GNU packages via Gnulib will continue to require assignment to the FSF.

The library will continue to be licensed under the GNU Lesser Public License v2.1 or later.

FSF-funded call for white papers on philosophical and legal questions around Copilot

Thursday 29th of July 2021 09:36:37 PM
On its blog, the Free Software Foundation (FSF) has announced a call for white papers about GitHub Copilot and the questions surrounding it. The FSF will pay $500 for papers that it publishes because they "help elucidate the problem": We can see that Copilot's use of freely licensed software has many implications for an incredibly large portion of the free software community. Developers want to know whether training a neural network on their software can really be considered fair use. Others who may be interested in using Copilot wonder if the code snippets and other elements copied from GitHub-hosted repositories could result in copyright infringement. And even if everything might be legally copacetic, activists wonder if there isn't something fundamentally unfair about a proprietary software company building a service off their work.

[$] Hole punching races against page-cache filling

Thursday 29th of July 2021 02:07:07 PM
Filesystem developers tend to disagree with each other about many things, but they are nearly unanimous in their dislike for the truncate() system call, which chops data off the end of a file. Implementing truncate() tends to be full of traps for the unwary — the kind of traps that can lead to lost data. But it turns out that a similar operation, called "hole punching", may be worse. This operation has been subject to difficult-to-hit but real race conditions in many filesystems for years; this patch set from Jan Kara may finally be at a point where it can fill the hole in hole punching.

Security updates for Thursday

Thursday 29th of July 2021 01:14:20 PM
Security updates have been issued by Debian (webkit2gtk), Fedora (ruby and webkit2gtk3), Mageia (aspell and varnish), openSUSE (git), SUSE (ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema and git), and Ubuntu (libsndfile, mariadb-10.3, and webkit2gtk).

[$] Weekly Edition for July 29, 2021

Thursday 29th of July 2021 01:44:10 AM
The Weekly Edition for July 29, 2021 is available.

[$] Python gets a "Developer-in-Residence"

Wednesday 28th of July 2021 08:18:26 PM
Backlogs in bug triage, code review, and other elements of the development process are nothing new for free-software projects; there is clearly a lot more interest in creating new features (and the bugs that go with them, of course) than in taking on the less-satisfying bits. For a large project like CPython, though, the backlog can seriously impede progress—potentially chasing off contributors whose work falls through the cracks. In order to address that, the Python Software Foundation (PSF) has raised some funds to hire Łukasz Langa as the CPython "Developer-in-Residence". Langa will be working to help clear the backlog, while also looking into other areas of interest to the PSF and the Python steering council.

A set of stable kernels

Wednesday 28th of July 2021 02:59:49 PM
Stable kernels 5.13.6, 5.10.54, 5.4.136, 4.19.199, 4.14.241, 4.9.277, and 4.4.277 have been released. They all contain important fixes and users should upgrade.

Security updates for Wednesday

Wednesday 28th of July 2021 02:47:39 PM
Security updates have been issued by Fedora (golang), Mageia (curl, filezilla, jdom/jdom2, netty, pdfbox, perl-Mojolicious, perl-Net-CIDR-Lite, perl-Net-Netmask, python-urllib3, python3, quassel, transfig, and virtualbox), openSUSE (umoci), Red Hat (rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon and rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and SUSE (firefox, glibc, libsndfile, linuxptp, qemu, and umoci).

[$] A look forward to Linux Plumbers 2021

Tuesday 27th of July 2021 07:49:41 PM
The annual Linux Plumbers Conference (LPC) is a gathering of a relatively small subset of the developers working on the low-level (plumbing) details of Linux systems. It covers topics from below the kernel through the user-space components that underlie the interfaces and applications that most Linux users interact with. This year's event will be held virtually September 20‑24; it is shaping up to be another great edition of one of the premier open-registration Linux technical conferences on the calendar.

Security updates for Tuesday

Tuesday 27th of July 2021 03:14:50 PM
Security updates have been issued by Debian (drupal7), Fedora (linux-firmware), openSUSE (qemu), Oracle (kernel and thunderbird), Red Hat (thunderbird), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird), SUSE (dbus-1, libvirt, linuxptp, qemu, and slurm), and Ubuntu (aspell and mysql-5.7, mysql-8.0).

[$] Hastening process cleanup with process_mrelease()

Monday 26th of July 2021 07:25:29 PM
One of the fundamental invariants of computing is that, regardless of how much memory is installed in a system, it is never enough. This is especially true of systems with tight performance constraints, where every page of memory is allocated and in use, making it difficult to find more when it is badly needed. One way to make more memory available is to kill one or more processes, freeing their resources for other users. But that often does not work as quickly or reliably as users would like. In an attempt to improve the situation, Suren Baghdasaryan has proposed the addition of a system call named process_mrelease().

Security updates for Monday

Monday 26th of July 2021 03:13:36 PM
Security updates have been issued by Debian (aspell, intel-microcode, krb5, rabbitmq-server, and ruby-actionpack-page-caching), Fedora (chromium, containernetworking-plugins, containers-common, crun, fossil, podman, skopeo, varnish-modules, and vmod-uuid), Gentoo (leptonica, libsdl2, and libyang), Mageia (golang, lib3mf, nodejs, python-pip, redis, and xstream), openSUSE (containerd, crmsh, curl, icinga2, and systemd), Oracle (containerd), and Red Hat (thunderbird).

Kernel prepatch 5.14-rc3

Sunday 25th of July 2021 11:16:13 PM
The third 5.14 kernel prepatch is out for testing.

Here we are, a week later. After a relatively big rc2, things seem to have calmed down and rc3 looks pretty normal. Most of the fixes here are small, and the diffstat looks largely flat. And there's not an undue amount of stuff.

Some weekend stable kernels

Sunday 25th of July 2021 08:01:49 PM
The 5.13.5, 5.10.53, and 5.4.135 stable kernels have been released; each contains another set of important fixes.

K-9 5.800 released

Saturday 24th of July 2021 05:53:34 PM
After a long pause, the K-9 Android mail client project has released version 5.800. "The user interface has been redesigned. Some of you will love it, some will hate it. You’re welcome and we're sorry." There are also a number of improvements to make background operation work better on current Android systems.

[$] Using DAMON for proactive reclaim

Friday 23rd of July 2021 05:09:15 PM
The DAMON patch set was first covered here in early 2020; this work, now in its 34th revision, enables the efficient collection of information about memory-usage patterns on Linux systems. That data can then be used to influence the kernel's memory-management subsystem; one possible way to do that is to more aggressively reclaim memory that is not being used. To that end, DAMON author SeongJae Park is proposing a DAMON-based mechanism to perform user-controllable proactive reclaim.

Security updates for Friday

Friday 23rd of July 2021 02:21:44 PM
Security updates have been issued by Arch Linux (chromium, curl, impacket, jdk11-openjdk, jre-openjdk, jre-openjdk-headless, jre11-openjdk-headless, kernel, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, libpano13, linux-hardened, linux-lts, linux-zen, nvidia-utils, opera, systemd, and virtualbox), CentOS (java-11-openjdk and kernel), Debian (lemonldap-ng), Fedora (curl and podman), Gentoo (icedtea-web and velocity), openSUSE (bluez, go1.15, go1.16, kernel, thunderbird, transfig, and wireshark), Oracle (java-1.8.0-openjdk, java-11-openjdk, kernel, and kernel-container), SUSE (bluez, curl, kernel, qemu, thunderbird, transfig, and wireshark), and Ubuntu (curl).

[$] The core of the -stable debate

Thursday 22nd of July 2021 04:44:58 PM
Disagreements over which patches should find their way into stable updates are not new — or uncommon. So when the topic came up again recently, there was little reason to expect anything but more of the same. And, for the most part, that is what ensued but, in this exchange, we were also able to see the core issue that drives these discussions. There are, in the end, two fundamentally different views of what the stable tree should be.

More in Tux Machines

Who's new

  • trendoceangd
  • Onzarwadabun
  • kmcmillan
  • Marius Nestor
  • johnwalsh