Language Selection

English French German Italian Portuguese Spanish

Linux 4.13 Kernel Released

Filed under
Linux

Linus Torvalds has gone ahead and released the Linux 4.13 kernel.

As of writing, he hasn't yet published anything to the kernel mailing list but the new kernel can be fetched via Git.

Read more

Official message

  • Linux 4.13

    So last week was actually somewhat eventful, but not enough to push me
    to delay 4.13.

    Most of the changes since rc7 are actually networking fixes, the bulk
    of them to various drivers. With apologies to the authors of said
    patches, they don't look all that interesting (which is definitely
    exactly what you want just before a release). Details in the appended
    shortlog.

    Note that the shortlog below is obviously only since rc7 - the _full_
    4.13 log is much too big to post and nobody sane would read it. So if
    you're interested in all the rest of it, get the git tree and limit
    the logs to the files you are interested in if you crave details.

    No, the excitement was largely in the mmu notification layer, where we
    had a fairly last-minute regression and some discussion about the
    problem. Lots of kudos to Jérôme Glisse for jumping on it, and
    implementing the fix.

    What's nice to see is that the regression pointed out a nasty and not
    very well documented (or thought out) part of the mmu notifiers, and
    the fix not only fixed the problem, but did so by cleaning up and
    documenting what the right behavior should be, and furthermore did so
    by getting rid of the problematic notifier and actually removing
    almost two hundred lines in the process.

    I love seeing those kinds of fixes. Better, smaller, code.

    The other excitement this week was purely personal, consisting of
    seven hours of pure agony due to a kidney stone. I'm all good, but it
    sure _felt_ a lot longer than seven hours, and I don't even want to
    imagine what it is for people that have had the experience drag out
    for longer. Ugh.

    Anyway, on to actual 4.13 issues.

    While we've had lots of changes all over (4.13 was not particularly
    big, but even a "solidly average" release is not exactly small), one
    very _small_ change merits some extra attention, because it's one of
    those very rare changes where we change behavior due to security
    issues, and where people may need to be aware of that behavior change
    when upgrading.

    This time it's not really a kernel security issue, but a generic
    protocol security issue.

    The change in question is simply changing the default cifs behavior:
    instead of defaulting to SMB 1.0 (which you really should not use:
    just google for "stop using SMB1" or similar), the default cifs mount
    now defaults to a rather more modern SMB 3.0.

    Now, because you shouldn't have been using SMB1 anyway, this shouldn't
    affect anybody. But guess what? It almost certainly does affect some
    people, because they blithely continued using SMB1 without really
    thinking about it.

    And you certainly _can_ continue to use SMB1, but due to the default
    change, now you need to be *aware* of it. You may need to add an
    explicit "vers=1.0" to your mount options in /etc/fstab or similar if
    you *really* want SMB1.

    But if the new default of 3.0 doesn't work (because you still use a
    pterodactyl as a windshield wiper), before you go all the way back to
    the bad old days and use that "vers=1.0", you might want to try
    "vers=2.1". Because let's face it, SMB1 is just bad, bad, bad.

    Anyway, most people won't notice at all. And the ones that do notice
    can check their current situation (just look at the output of "mount"
    and see if you have any cifs things there), and you really should
    update from the default even if you are *not* upgrading kernels.

    Ok, enough about that. It was literally a two-liner change top
    defaults - out of the million or so lines of the full 4.13 patch
    changing real code.

    Go get the new kernel,

    Linus

  • The 4.13 kernel is out

    Linus has released the 4.13 kernel, right on schedule. Headline features in this release include kernel hardening via structure layout randomization, native TLS protocol support, better huge-page swapping, improved handling of writeback errors, better asynchronous I/O support, better power management via next-interrupt prediction, the elimination of the DocBook toolchain for formatted documentation, and more. There is one other change that is called out explicitly in the announcement: "The change in question is simply changing the default cifs behavior: instead of defaulting to SMB 1.0 (which you really should not use: just google for 'stop using SMB1' or similar), the default cifs mount now defaults to a rather more modern SMB 3.0."

Linux 4.13 release coverage

  • Linux Kernel 4.13 Released By Linus Torvalds — Here Are The Biggest Features

    Linux kernel 4.12 was released in early July, which was the second biggest release in terms of commits. It came with the support for new AMD Vega graphics support. Following Linux kernel 4.12, Linux boss Linus Torvalds has released Linux kernel 4.13 after seven release candidates.

    The Linux Kernel Mailing List announcement of kernel 4.13 turned out to be a little bit personal as Torvalds had to go through “seven hours of pure agony due to a kidney stone.” He expressed relief as kernel 4.13 wasn’t delayed.

  • Linus Torvalds passed a kidney stone and then squeezed out Linux 4.13

    Linus Torvalds has released Linux 4.13 to a waiting world and in so doing detailed a tricky work week in which he endured “seven hours of pure agony due to a kidney stone”.

    “I'm all good, but it sure _felt_ a lot longer than seven hours,” he wrote on the Linux Kernel Mailing List, “and I don't even want to imagine what it is for people that have had the experience drag out for longer. Ugh.”

    Far happier news is that this release of the Linux Kernel emerged after the seven release candidates to which Torvalds aspires.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

NuTyX 10.1-rc1 Available

I'm very please to propose you the first release candidate version of the next version 10.1 stable version of NuTyX As they have been so many security issues, I took the chance to recompile all the collections (1701 packages) for this coming next stable NuTyX version. Read more

Android Leftovers

Events: FOSDEM Samba Talks, USENIX Enigma, LCA (linux.conf.au) and FAST18

  • Authentication and authorization in Samba 4
    Volker Lendecke is one of the first contributors to Samba, having submitted his first patches in 1994. In addition to developing other important file-sharing tools, he's heavily involved in development of the winbind service, which is implemented in winbindd. Although the core Active Directory (AD) domain controller (DC) code was written by his colleague Stefan Metzmacher, winbind is a crucial component of Samba's AD functionality. In his information-packed talk at FOSDEM 2018, Lendecke said he aimed to give a high-level overview of what AD and Samba authentication is, and in particular the communication pathways and trust relationships between the parts of Samba that authenticate a Samba user in an AD environment.
  • Two FOSDEM talks on Samba 4
    Much as some of us would love never to have to deal with Windows, it exists. It wants to authenticate its users and share resources like files and printers over the network. Although many enterprises use Microsoft tools to do this, there is a free alternative, in the form of Samba. While Samba 3 has been happily providing authentication along with file and print sharing to Windows clients for many years, the Microsoft world has been slowly moving toward Active Directory (AD). Meanwhile, Samba 4, which adds a free reimplementation of AD on Linux, has been increasingly ready for deployment. Three short talks at FOSDEM 2018 provided three different views of Samba 4, also known as Samba-AD, and left behind a pretty clear picture that Samba 4 is truly ready for use. I will cover the first two talks in this article, and the third in a later one.
  • A report from the Enigma conference
    The 2018 USENIX Enigma conference was held for the third time in January. Among many interesting talks, three presentations dealing with human security behaviors stood out. This article covers the key messages of these talks, namely the finding that humans are social in their security behaviors: their decision to adopt a good security practice is hardly ever an isolated decision. Security conferences tend to be dominated by security researchers demonstrating their latest exploits. The talks are attack-oriented, they keep a narrow focus, and usually they close with a dark outlook. The security industry has been doing security conferences like this for twenty years and seems to prefer this format. Yet, if you are tired of this style, the annual USENIX Enigma conference is a welcome change of pace. Most of the talks are defense-oriented, they have a horizon going far beyond technology alone, and they are generally focused on successful solutions.
  • DIY biology
    A scientist with a rather unusual name, Meow-Ludo Meow-Meow, gave a talk at linux.conf.au 2018 about the current trends in "do it yourself" (DIY) biology or "biohacking". He is perhaps most famous for being prosecuted for implanting an Opal card RFID chip into his hand; the Opal card is used for public transportation fares in Sydney. He gave more details about his implant as well as describing some other biohacking projects in an engaging presentation. Meow-Meow is a politician with the Australian Science Party, he said by way of introduction; he has run in the last two elections. He founded BioFoundry, which is "Australia's first open-access molecular biology lab"; there are now two such labs in the country. He is also speaks frequently as "an emerging technology evangelist" for biology as well as other topics.
  • Notes from FAST18

    I attended the technical sessions of Usenix's File And Storage Technology conference this week. Below the fold, notes on the papers that caught my attention.

Security: Vista10 and uTorrent Holes Found by Google

  • Google drops new Edge zero-day as Microsoft misses 90-day deadline

    Google originally shared details of the flaw with Microsoft on 17 November 2017, but Microsoft wasn’t able to come up with a patch within Google’s non-negotiable “you have 90 days to do this” period.

  • Google Goes Public with Another Major Windows 10 Bug
    After revealing an Edge browser vulnerability that Microsoft failed to fix, Google is now back with another disclosure, this time aimed at Windows 10 Fall Creators Update (version 1709), but potentially affecting other Windows versions as well. James Forshaw, a security researcher that’s part of Google’s Project Zero program, says the elevation of privilege vulnerability can be exploited because of the way the operating system handles calls to Advanced Local Procedure Call (ALPC). This means a standard user could obtain administrator privileges on a Windows 10 computer, which in the case of an attack, could eventually lead to full control over the impacted system. But as Neowin noted, this is the second bug discovered in the same function, and both of them, labeled as 1427 and 1428, were reported to Microsoft on November 10, 2017. Microsoft said it fixed them with the release of the February 2018 Patch Tuesday updates, yet as it turns out, only issue 1427 was addressed.
  • uTorrent bugs let websites control your computer and steal your downloads

    The vulnerabilities, according to Project Zero, make it possible for any website a user visits to control key functions in both the uTorrent desktop app for Windows and in uTorrent Web, an alternative to desktop BitTorrent apps that uses a web interface and is controlled by a browser. The biggest threat is posed by malicious sites that could exploit the flaw to download malicious code into the Windows startup folder, where it will be automatically run the next time the computer boots up. Any site a user visits can also access downloaded files and browse download histories.

  • BitTorrent Client uTorrent Suffers Security Vulnerability (Updated)

    BitTorrent client uTorrent is suffering from an as yet undisclosed vulnerability. The security flaw was discovered by Google security researcher Tavis Ormandy, who previously said he would reveal a series of "remote code execution flaws" in torrent clients. BitTorrent Inc. has rolled out a 'patch' in the latest Beta release and hopes to fix the stable uTorrent client later this week.