Version 7.2.0 of the PHP language is out. It includes a number of newfeatures, including "counting of non-countable objects" (which turns out tobe issuing a warning when such a count is attempted) and the integration of the libsodiumcrypto library.
Amazon has announced the release of FreeRTOS kernel version 10, with a new license: "FreeRTOS was created in 2003 by Richard Barry. It rapidly became popular, consistently ranking very high in EETimes surveys on embedded operating systems. After 15 years of maintaining this critical piece of software infrastructure with very limited human resources, last year Richard joined Amazon.Today we are releasing the core open source code as FreeRTOS kernel version 10, now under the MIT license (instead of its previous modified GPLv2 license). Simplified licensing has long been requested by the FreeRTOS community. The specific choice of the MIT license was based on the needs of the embedded systems community: the MIT license is commonly used in open hardware projects, and is generally whitelisted for enterprise use." While the modified GPLv2 was removed, it was replaced with a slightly modified MIT license that adds: "If you wish to use our Amazon FreeRTOS name, please do so in afair use way that does not cause confusion." There is concern that change makes it a different license; the Open Source Initiative and Amazon open-source folks are working on clarifying that.
KDE.news covers thegoals that the KDE project has set for itself in the coming year."In synch with KDE's vision, Sebastian Kugler says that 'KDE is in aunique position to offer users a complete software environment that helpsthem to protect their privacy'. Being in that position, Sebastian explains,KDE as a FLOSS community is morally obliged to do its utmost to provide themost privacy-protecting environment for users. This is especially truesince KDE has been developing not only for desktop devices, but also formobile - an area where the respect for users' privacy is nearlynon-existent."
Greg Kroah-Hartman has announced the release of the 4.14.3, 4.9.66, 4.4.103, and 3.18.85 stable kernels. As usual, theycontain fixes throughout the tree; users of those series should upgrade.
Security updates have been issued by Debian (bzr and exim4), Mageia (ghostscript, libtiff, mediawiki, postgresql, thunderbird, and vlc), openSUSE (kernel-firmware and samba), Oracle (samba4), SUSE (xen), and Ubuntu (exim4, libxcursor, and libxfont, libxfont1, libxfont2).
The reminder that the feature freeze forPython 3.7 is coming up fairly soon (January 29) was met with aflurry of activity on the python-dev mailing list. Numerous Pythonenhancement proposals (PEPs) were updated or newly proposed; other featuresor changes have been discussed as well. One of the updated PEPs is proposing anew type of class, a"data class", to be added to the standard library. Data classes wouldserve much the same purpose as structures or records in other languages andwould use the relatively new type annotationsfeature to support static type checking of the use of the classes.
Diligent developers do their best to anticipate things that can go wrongand write appropriate error-handling code. Unfortunately, error-handlingcode is especially hard to test and, as a result, often goes untested; thecode meant to deal with errors, in other words, is likely to contain errorsitself. One way of finding those bugs is to inject errors into a runningsystem and watching how it responds; the kernel may soon have a newmechanism for doing this sort of injection.
Security updates have been issued by CentOS (apr and procmail), Debian (curl and xen), Fedora (cacti, git, jbig2dec, lucene4, mupdf, openssh, openssl, quagga, rpm, slurm, webkitgtk4, and xen), Oracle (apr and procmail), Red Hat (apr, java-1.7.1-ibm, java-1.8.0-ibm, procmail, samba4, and tcmu-runner), Scientific Linux (apr, procmail, and samba4), and Ubuntu (curl, openjdk-7, python2.7, and python3.4, python3.5).
Despite the warnings that the 4.15 merge window could be either longer orshorter than usual, the 4.15-rc1 prepatchcame out right on schedule on November 26. Anybody who was expectinga quiet development cycle this time around is in for a surprise, though; 12,599non-merge changesets were pulled into the mainline during the 4.15 mergewindow, 1,000 more than were seen in the 4.14 merge window. The first8,800 of those changes were covered in this summary; what follows is a look at whatcame after.
Security updates have been issued by Arch Linux (powerdns and powerdns-recursor), CentOS (curl and samba), Debian (ffmpeg and roundcube), Fedora (cacti and samba), openSUSE (thunderbird), Oracle (curl), Red Hat (java-1.8.0-ibm and rh-mysql56-mysql), Scientific Linux (curl), Slackware (samba), SUSE (kernel-firmware and samba), and Ubuntu (exim4, firefox, libxml-libxml-perl, optipng, and postgresql-common).
Ars technica reviewsthe Ubuntu 17.10 release. "In light of the GNOME switch, thisrelease seems like more of a homecoming than an entirely new voyage. Butthat said, Ubuntu 17.10 simultaneously feels very much like the start of anew voyage for Ubuntu. The last few Ubuntu desktop releases have been aboutas exciting as OpenSSH releases—you know you need to update, but beyondthat, no one really cares."
Out-of-tree drivers are a maintenance headache, since customers may want touse them in newer kernels.But even those drivers that getmerged into the mainline may need to be backported at times. Coccinelle developer Julia Lawallintroduced the audience at Open Source Summit Europe to some new toolsthat can help make both forward-porting and backporting drivers easier.
Linux Mint has released 18.3 "Sylvia" in Cinnamon and MATE editions. Linux Mint18.3 is a long term support release which will be supported until 2021.Both editions feature a revamped Software Manager with support forflatpaks. See more about what's new in the Cinnamonand MATEeditions or check out the release notes for Cinnamon andMATE.
The newly announced openSUSE "Tumbleweed snapshots" feature is an attempt to makerolling distributions a little easier for those who don't want to stay onthe leading edge all the time. In essence, it keeps a snapshot of thestate of the distribution at regular intervals and enables users to installapplications from their particular snapshot. That allows the installationof new applications without the need to drag in everything else that mayhave changed since the system as a whole was updated."Tumbleweed Snapshotsprovides the best of both worlds, the latest packages when you want them and theone package you need in the middle of working on a project."
Security updates have been issued by Arch Linux (varnish), Debian (libofx and python-werkzeug), Fedora (fedpkg, mediawiki, qt5-qtwebengine, and rpkg), Mageia (apr-util, bchunk, chromium-browser-stable, vlc, and webkit2), openSUSE (backintime, konversation, perl, tboot, and tnef), Oracle (samba), Red Hat (curl and samba), Scientific Linux (samba), and SUSE (kvm and samba).
Here is apress release from Red Hat on GPL enforcement: "To providegreater predictability to users of open source software, Red Hat, Facebook,Google and IBM today each committed to extending the GPLv3 approach forlicense compliance errors to the software code that each licenses underGPLv2 and LGPLv2.1 and v2." This is, in effect, a reiteration ofthe approach to enforcement recentlyadopted by many kernel developers, but it extends to all GPLv2-licensedsoftware contributed by those companies.
The 4.15-rc1 kernel prepatch is out."So it's been the usual two weeks of merge window, and rc1 is out.And that normal time length is about the only thing usual about thismerge window. Because of the indiscriminate mass slaughter of turkeysin the US last week, lots of people - including me - were on vacation.That meant that I had asked for people to try to make the merge windowfront-heavy, but it also meant that then during the second week I wasrather more strict than usual in what I pulled."
Greg Kroah-Hartman has released stable kernels 4.14.2, 4.13.16, 4.9.65, 4.4.101, 4.4.102, and 3.18.84. This is the last 4.13.y kernel andusers should upgrade to 4.14 now. For the two 4.4 updates Greg says:"[4.4.102] is a bugfix for an issue if PAGE_POISONING is enabled inthe kernel configuration. If you do not run your kernel with that option,no need to upgrade, just stick with 4.4.101."
Security updates have been issued by Debian (libxml2, openjdk-7, otrs2, python2.6, and python2.7), Fedora (fedpkg and rpkg), openSUSE (file, mupdf, otrs, and tomcat), and SUSE (tomcat).
Security updates have been issued by Arch Linux (jbig2dec), Debian (libspring-ldap-java, sam2p, and xorg-server), Fedora (postgresql), openSUSE (cacti, cacti-spine), and Ubuntu (ldns and libraw).
Brendan Gregg introduces aset of BPF-based tracing tools on opensource.com."Traditional analysis of filesystem performance focuses on block I/Ostatistics—what you commonly see printed by the iostat(1) tool and plottedby many performance-monitoring GUIs. Those statistics show how the disksare performing, but not really the filesystem. Often you care more aboutthe filesystem's performance than the disks, since it's the filesystem thatapplications make requests to and wait for. And the performance offilesystems can be quite different from that of disks! Filesystems mayserve reads entirely from memory cache and also populate that cache via aread-ahead algorithm and for write-back caching. xfsslower shows filesystemperformance—what the applications directly experience."
Security updates have been issued by Debian (ldns and swauth), Fedora (kernel and postgresql), Mageia (botan, krb5, and sssd), and Ubuntu (apport, linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-lts-xenial, procmail, and samba).
The IntelManagement Engine (ME), which is a separate processor and operatingsystem running outside of user control on most x86 systems, has long beenof concern to users who are security and privacy conscious. Google andothers have been working on ways to eliminate as much of that functionality as possible(while still being able to boot and run the system). Ronald Minnich fromGoogle came to Prague to talk about those efforts at the 2017 EmbeddedLinux Conference Europe.
Security updates have been issued by Arch Linux (icu and lib32-icu), CentOS (firefox), Debian (imagemagick, konversation, libspring-ldap-java, libxml-libxml-perl, lynx-cur, ming, opensaml2, poppler, procmail, shibboleth-sp2, and xen), Fedora (firefox, java-9-openjdk, jbig2dec, kernel, knot, knot-resolver, qt5-qtwebengine, and roundcubemail), Gentoo (adobe-flash, couchdb, icedtea-bin, and phpunit), Mageia (apr, bluez, firefox, jq, konversation, libextractor, and quagga), Oracle (firefox), Red Hat (firefox), and Scientific Linux (firefox).
When he released 4.14, Linus Torvaldswarned that the 4.15 merge window might be shorter than usual due to the USThanksgiving holiday. Subsystem maintainers would appear to have heardhim; as of this writing, over 8,800 non-merge changesets have been pulledinto the mainline since the opening of the 4.15 merge window. Read on fora summary of the most interesting changes found in that first set ofpatches.
Security updates have been issued by Arch Linux (couchdb), Debian (opensaml2 and shibboleth-sp2), Fedora (knot and knot-resolver), openSUSE (firefox), Slackware (libplist and mozilla), and Ubuntu (firefox and ipsec-tools).
Google has announced that it has released its container-diff tool under the Apache v2 license. "container-diff helps users investigate image changes by computing semantic diffs between images. What this means is that container-diff figures out on a low-level what data changed, and then combines this with an understanding of package manager information to output this information in a format that’s actually readable to users. The tool can find differences in system packages, language-level packages, and files in a container image.Users can specify images in several formats - from local Docker daemon (using the prefix `daemon://` on the image path), a remote registry (using the prefix `remote://`), or a file in the .tar in the format exported by "docker save" command. You can also combine these formats to compute the diff between a local version of an image and a remote version."
Observers of the kernel's commit stream or mailing lists will have seen acertain amount of traffic referring to the addition of SPDX licenseidentifiers to kernel source files. For many, this may be their first encounter with SPDX. Butthe SPDX effort has been going on for some years; this article describesSPDX, along with why and how the kernel community intends to use it.
Security updates have been issued by Arch Linux (firefox, flashplugin, lib32-flashplugin, and mediawiki), CentOS (kernel and php), Debian (firefox-esr, jackson-databind, and mediawiki), Fedora (apr, apr-util, chromium, compat-openssl10, firefox, ghostscript, hostapd, icu, ImageMagick, jackson-databind, krb5, lame, liblouis, nagios, nodejs, perl-Catalyst-Plugin-Static-Simple, php, php-PHPMailer, poppler, poppler-data, rubygem-ox, systemd, webkitgtk4, wget, wordpress, and xen), Mageia (flash-player-plugin, icu, jackson-databind, php, and roundcubemail), Oracle (kernel and php), Red Hat (openstack-aodh), SUSE (wget and xen), and Ubuntu (apport and webkit2gtk).
The NumPy project is phasingout support for Python 2. "The Python core team plans to stopsupporting Python 2 in 2020. The NumPy project has supported both Python 2and Python 3 in parallel since 2010, and has found that supporting Python 2is an increasing burden on our limited resources; thus, we plan toeventually drop Python 2 support as well. Now that we're entering the finalyears of community-supported Python 2, the NumPy project wants to clarifyour plans, with the goal of to helping our downstream ecosystem make plansand accomplish the transition with as little disruption aspossible." NumPy releases will fully support both Python 2 andPython 3 until December 31, 2018. New feature releases will support onlyPython 3 as of January 1, 2019. (Thanks to Nathaniel Smith)
After 16 years of evolution, the SciPy project has reached version 1.0. SciPy, a free-software project, has become one of the most popular computational toolkits for scientists from a wide range of disciplines, and is largely responsible for the ascendancy of Python in many areas of scientific research. While the 1.0 release is significant, much of the underlying software has been stable for some time; the "1.0" version number reflects that the project as a whole is on solid footing.
Security updates have been issued by Debian (libxml-libxml-perl and varnish), openSUSE (GraphicsMagick, mongodb, shadowsocks-libev, and snack), Red Hat (flash-plugin, kernel, php, and redis), Scientific Linux (kernel and php), and Ubuntu (shadow).
Since the beginning, Linux has mapped the kernel's memory into the addressspace of every running process. There are solid performance reasons fordoing this, and the processor's memory-management unit can ordinarily betrusted to prevent user space from accessing that memory. More recently,though, some more subtle security issues related to this mapping have cometo light, leading to the rapid development of a new patch set that ends thislongstanding practice for the x86 architecture.
Firefox 57 has been released. From the releasenotes: "Brace yourself for an all-new Firefox. It’s fast. Reallyfast. It’s over twice as fast as Firefox from 6 months ago, built on acompletely overhauled core engine with brand new technology from ouradvanced research group, and graced with a clean, modern interface. Todayis the first of several releases we’re calling Firefox Quantum, alldesigned to get to the things you love and the stuff you need faster thanever before. Experience the difference on desktops running Windows, macOS,and Linux; on Android, speed improvements are landing as well, and bothAndroid and iOS have a new look and feel. To learn more about FirefoxQuantum, visit the Mozilla Blog."
On October 30, 2017, a groupof Czech researchers from Masaryk University presented the ROCA paperat the ACM CCS Conference, which earnedthe Real-World ImpactAward. We briefly mentioned ROCA whenit was first reported but haven't dug into details of the vulnerability yet. Because of itsfar-ranging impact, it seems important to review the vulnerability inlight of the new results published recently.
Security updates have been issued by Arch Linux (konversation), Debian (graphicsmagick and konversation), Fedora (git-annex, ImageMagick, kernel, and libgcrypt), Oracle (kernel), Red Hat (httpd), SUSE (firefox, nss), and Ubuntu (perl and postgresql-9.3, postgresql-9.5, postgresql-9.6).
The Fedora 27release is now available. "The Workstation edition of Fedora 27 features GNOME 3.26. In the new release, both the Display and Network configuration panels have been updated, along with the overall Settings panel appearance improvement. The system search now shows more results at once, including the system actions.GNOME 3.26 also features color emoji support, folder sharing in Boxes, andnumerous improvements in the Builder IDE tool."
The Netconf 2017,Part 2 and Netdev 2.2 conferences wererecently held in Seoul, South Korea. Netconf is an invitation-onlygathering of kernel networking developers, while Netdev is an open conference for the Linuxnetworking community. Attendees have put together reportsfrom all five days (two for Netconf and three for Netdev) that LWN ishappy to publish for them.
Red Hat has announceda version of its RHEL 7.4 distribution for the ARM64 architecture."Red Hat took a pragmatic approach to Arm servers by helping to driveopen standards and develop communities of customers, partners and a broadecosystem. Our goal was to develop a single operating platform acrossmultiple 64-bit ARMv8-A server-class SoCs from various suppliers whileusing the same sources to build user functionality and consistent featureset that enables customers to deploy across a range of serverimplementations while maintaining application compatibility." Moreinformation about what works at this point can be found in the release notes.
Security updates have been issued by Debian (graphicsmagick, imagemagick, mupdf, postgresql-common, ruby2.3, and wordpress), Fedora (tomcat), Gentoo (cacti, chromium, eGroupWare, hostapd, imagemagick, libXfont2, lxc, mariadb, vde, wget, and xorg-server), Mageia (flash-player-plugin and libjpeg), openSUSE (ansible, ImageMagick, java-1_8_0-openjdk, krb5, redis, shadow, virtualbox, and webkit2gtk3), Red Hat (rh-eclipse46-jackson-databind and rh-eclipse47-jackson-databind), SUSE (java-1_8_0-openjdk, mysql, openssl, and storm, storm-kit), and Ubuntu (perl).
The 4.14 kernel has been released after aten-week development cycle.Some of the most prominent features in this release includethe ORC unwinder for more reliabletracebacks and live patching,the long-awaited thread mode for controlgroups,support for AMD's secure memoryencryption,five-level page table support,a new zero-copy networking feature,the heterogeneous memory managementsubsystem,and more.See the Kernel Newbies 4.14page for more information.In the end, nearly 13,500 changesets were merged for 4.14, which is slatedto be the next long-term-support kernel.For the maintainers out there, it's worth noting Linus's warning that the4.15 merge window might be rather shorter than usual due to the USThanksgiving Holiday.
Kernel developers have worried for years that tracepoints could lead toapplications depending on obscure implementation details; the consequentneed to preserve existing behavior to avoid causing regressions could endup impeding future development. A recent report shows that theseccomp() system call is also more prone to regressions than usersmay expect — but kernel developers are unlikely to cause these regressionsand, indeed, have little ability to prevent them. Programs usingseccomp() will have an inherently higher risk of breaking whensoftware is updated.
Security updates have been issued by Arch Linux (lib32-openssl, libextractor, postgresql, and postgresql-old-upgrade), Debian (bchunk, postgresql-9.4, postgresql-9.6, postgresql-common, roundcube, and tomcat7), Gentoo (libxml2), SUSE (kvm, openssl1, and qemu), and Ubuntu (postgresql-common).
The Linux block layer provides an upstream interface to filesystems andblock-special devices allowing them to access a multitude of storagebackends in a uniform manner. It also provides downstream interfaces to devicedrivers and driver-support frameworks that allow those drivers andframeworks to receive requests in a manner most suitable to each. Somedrivers do not benefit from preliminary handling and just use the thin "biolayer" that we met previously. Otherdrivers benefitfrom some preprocessing that might detect batches of consecutive requests,may reorder requests based on various criteria, and which presents therequests as one or more well-defined streams. To service these drivers,there exists a section of the block layer that I refer to as the requestlayer.Subscribers can read on below for guest author Neil Brown's article thatwill appear in next week's edition.
LWN.net