Security updates have been issued by Debian (ntfs-3g), Fedora (krb5 and samba), Gentoo (firefox-bin, ghostscript-gpl, pillow, sudo, sysstat, thunderbird-bin, and xterm), Red Hat (firefox, hsqldb, and thunderbird), SUSE (cni, cni-plugins, and krb5), and Ubuntu (isc-dhcp and sqlite3).
Even a single kernel oops is never a good thing; it is an indication that something hasgone badly wrong in the system somewhere and a straightforwardrecovery is not possible. But it seems that oopsing a large numberof times has the potential to be even worse. To head off problems thatmight result from repeated oopsing, thereis currently work afoot to put an upper limit on the number of times thatthe kernel can be allowed to oops before just giving up and rebooting.
Security updates have been issued by Debian (asterisk, firefox-esr, php-phpseclib, phpseclib, python-django, and thunderbird), Fedora (grub2, samba, and thunderbird), Mageia (firefox, sudo, systemd, and thunderbird), Slackware (freerdp), SUSE (firefox, go1.18, go1.19, kernel, openvswitch, python-Twisted, systemd, and xen), and Ubuntu (expat, git, multipath-tools, unbound, and webkit2gtk).
The merge window for the 6.1 release brought in basic support for writing kernel code in Rust— with an emphasis on "basic". It is possible to create a "hello world"module for 6.1, but not much can be done beyond that. There is, however, alot more Rust code for the kernel out there; it's just waiting for its turn to bereviewed and merged into the mainline. Miguel Ojeda has now posted the nextround of Rust patches, adding to the support infrastructure in thekernel.
Security updates have been issued by Debian (firefox-esr and thunderbird), Fedora (expat, xen, and xorg-x11-server), Oracle (kernel, kernel-container, qemu, xorg-x11-server, and zlib), Scientific Linux (xorg-x11-server), Slackware (firefox, krb5, samba, and thunderbird), SUSE (ant, apache2-mod_wsgi, jsoup, rubygem-nokogiri, samba, and tomcat), and Ubuntu (firefox and linux, linux-aws, linux-aws-hwe, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon).
The high-frequency-trading (HFT) industry is rather tight-lipped about whatit does and how it does it, but PJ Waskiewicz of Jump Trading came to the Netdev 0x16 conference to tryto demystify some of that, especially with respect to its use ofnetworking. He wanted to contrast the needs of HFT with those of the traditional networkingas it is used outside of the HFT space. He also has some thoughts on whatthe Linux kernel could do to help address those needs so that HFT companiescould move away from some of the custom code that is currently beingdeveloped and maintained by multiple firms in the industry.
The scalability of Linus Torvalds was arecurring theme during Linux's early years; these days maintainer strugglesare a recognized problem within open-sourcecommunities in general. It is thus not surprising that Sean Christophersongave a talk at Open Source Summit Europe (and KVM Forum) with the title"Scaling KVM and its community". The talk mostly focused on KVM for thex86 architecture—the largest and most mature KVM architecture—whichChristopherson co-maintains. But it was not a technical talk: most of the content can beapplied to other KVM architectures, or even other Linux subsystems, so thatthey can avoid making the same kinds of mistakes.
As a general rule, one need not have worked in the technology industry forlong before the value of good data backups becomes clear. Creating abackup that is truly good, though, can be a challenge if the filesystem inquestion is actively being changed while the backup process runs. Over theyears, various ways of addressing this problem have been developed, rangingfrom simply shutting down the system while backups run to a variety ofsnapshotting mechanisms. The kernel may be about to get another approachto snapshots should the blksnappatch set from Sergei Shtepa find its way into the mainline.
Security updates have been issued by Debian (dropbear, php7.4, pixman, sysstat, and xorg-server), Fedora (mingw-expat, mingw-libtasn1, and mingw-pixman), Mageia (binutils/gdb, chromium-browser-stable, exiv2, libtiff, nodejs, pcre, pixman, wayland, and webkit2), Red Hat (device-mapper-multipath and libksba), SUSE (autotrace, busybox, libmodbus, php72, python-numpy, rustup, samba, varnish, xen, and xterm), and Ubuntu (thunderbird).
The Git source-code management system exists to track changes to a set offiles; the stream of commits in a Git repositoryreflects the change history of those files. What is seen in Git, though, is thefinal form of those commits; the changes that the patches themselves wentthrough on their way toward acceptance are not shown there. That historycan have value, especially while changes are still under consideration.The proposed gitevolve subcommand is a recognition that changes themselves gothrough changes and that this process might benefit from tooling support.
The5.4.224,4.19.265,4.14.299, and4.9.333stable kernel updates have been released; each contains another set ofimportant fixes.Note that 6.0.8,5.15.78,5.10.154went into the review process at the same time, but have not yet been released.
We have finally added a set of dark mode defaults to the customization options for the site forthose who prefer the dark side. Thanks to all the readers who have askedfor this; apologies for taking so long to do it. The defaults seem good,but we are not dark-mode users, so please let us know if you havesuggestions for improvements.Another new feature that has been requested for some time is the ability toreceive feature articles via email. These emails are currently availableto subscribers at the "Project Leader" level and higher; interestedsubscribers can sign up for the "Features" list on the mailing-lists page.
The GitHub Copilotoffering claims to assist software developers through the application ofmachine-learning techniques. Since its inception, Copilot has beenfollowed by controversies, mostly based onthe extensive use of free software to train the machine-learning engine. The announcement of aclass-action lawsuit against Copilot was thus unsurprising. The lawsuitraises all of the expected licensing questions and more;while some in ourcommunity have welcomed this attack against Copilot,it is not clear that this action will lead to good results.
Security updates have been issued by Debian (libjettison-java and xorg-server), Slackware (sysstat and xfce4), SUSE (python3 and xen), and Ubuntu (firefox).
At the end of our earlier article on JohnOusterhout's talk at Netdev 0x16, he had concludedthat TCP was unsuitable for data-center environments for a variety ofreasons. He also argued that there was no way to repair TCP so that itcould serve the needs of data-center networking. In order for software tobe able to use the full potential of today's networking hardware, TCP needs to bereplaced with a protocol that is different in almost every way, he said.The second half of the talk covered the Homatransport protocol that he and others at Stanford have been working onas a possible replacement for TCP in the data center.
Security updates have been issued by Debian (vim, webkit2gtk, and wpewebkit), Fedora (mingw-python3, vim, webkit2gtk3, webkitgtk, and xen), Mageia (389-ds-base, bluez, ffmpeg, libtasn1, libtiff, libxml2, and mbedtls), Red Hat (kpatch-patch and linux-firmware), SUSE (conmon, containerized data importer, exim, expat, ganglia-web, gstreamer-0_10-plugins-base, gstreamer-0_10-plugins-good, gstreamer-plugins-base, gstreamer-plugins-good, kernel, kubevirt, protobuf, sendmail, and vsftpd), and Ubuntu (libzstd, openjdk-8, openjdk-lts, openjdk-17, openjdk-19, php7.2, php7.4, php8.1, and pixman).
SSH is awell-known mechanism for accessing remote computers in asecure way; thanks to its use of cryptography, nobody can alter oreavesdrop on the communication. Unfortunately, SSH is somewhatcumbersome when connecting to a host for the first time; it's also tricky for aserver administrator to provide time-limited access to the server. SSHcertificates can solve these problems.
Version 7.0 of Texinfo, the GNU Project's documentation system, has beenreleased. There are a number of changes here, the biggest of which may bethe ability to produce output in the EPUB format.
On the surface, the kernel's internal timer mechanism would not appear tohave changed much in a long time; the core API looks quite similar to theone present in the 1.0 release. Underneath the API, naturally, quite a bitof complexity has been added over the years. The implementation of thisAPI looks to become even more complex — but faster — if and when this patch set from Anna-Maria Behnsen finds its way into the mainline.
Security updates have been issued by Debian (ffmpeg, libxml2, python-django, python-scciclient, and xen), Fedora (ghc-cmark-gfm, java-latest-openjdk, and vim), Mageia (expat, ntfs-3g, and wkhtmltopdf), Oracle (kernel), Slackware (sudo), and SUSE (expat, libxml2, rubygem-loofah, and xmlbeans).
The 6.1-rc4 kernel prepatch is out fortesting. "So as hoped for (and expected), things seem to be starting to calmdown, and rc4 is a pretty normal size for this stage in the process".
Version 4.8 of the SystemTap tracing tool is out. "Enhancements to this release include: kernel runtime improvementson multi-CPU systems, python3 tapset support through python3.11,tapset and template script for cve livepatching, bpf backendembedded-code assembler improvements".
The search for better performance from the kernel never ends. Recentlythere has been a stream of smaller patches that promise incrementalperformance gains, at least for some types of applications. Read on for anoverview of two of those patches, which make changes to the epoll systemcalls and to NUMA balancing. This work shows where developers are lookingfor performance improvements — and that not everybody measures performancethe same way.
Security updates have been issued by Debian (clickhouse, distro-info-data, and ntfs-3g), Fedora (firefox), Oracle (kernel), Slackware (mozilla), and SUSE (python-Flask-Security-Too).
Security updates have been issued by Debian (pypy3), Fedora (drupal7, git, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and php), Oracle (kernel, lua, openssl, pcs, php-pear, pki-core, python3.9, and zlib), Red Hat (kernel, kernel-rt, kpatch-patch, lua, openssl-container, pcs, php-pear, pki-core, python3.9, and zlib), Scientific Linux (kernel, pcs, and php-pear), SUSE (EternalTerminal, hsqldb, ntfs-3g_ntfsprogs, privoxy, rubygem-actionview-4_2, sqlite3, and xorg-x11-server), and Ubuntu (ntfs-3g, python3.10, and sqlite3).
The first Image-Based Linux Summit washeld in Berlin on October 5 and 6, 2022. The main goal of this summit was toagree on common concepts and tooling for how to build, deploy, and run modern,secure, image-based Linux distributions — a project that that the organizers,Christian Brauner, Luca Boccassi, and Lennart Poettering, have been working onfor some time. The result was a more refined vision of how Linux systemscan be built and deployed securely.
Greg Kroah-Hartman has announced the release of the 6.0.7, 5.15.77, 5.10.153, 5.4.223, 4.19.264, 4.14.298, and 4.9.332 stable kernels. As usual, theycontain important fixes throughout the kernel tree.
Version1.65.0 of the Rust language has been released. Improvements includegeneric associated types, a new let...else statement, and theability to break from labeled blocks:
It is not often that you see a Fedora change proposal for a version of thedistribution that will not be available for 18 months or so, but thatis exactly what was recently posted to the mailing list. The change targets the C source code in the myriad of packages that thedistribution ships; it would fix code that uses some ancient compatibilityfeatures that were removed by the C99 standard but are still supported byGCC. As might be guessed from the long runway proposed, there is quite a bit of work to do to get there.
Security updates have been issued by Debian (ffmpeg and linux-5.10), Fedora (libksba, openssl, and php), Gentoo (openssl), Mageia (curl, gdk-pixbuf2.0, libksba, nbd, php, and virglrenderer), Red Hat (kernel, kernel-rt, libksba, and openssl), SUSE (gnome-desktop, hdf5, hsqldb, kernel, nodejs10, openssl-3, php7, podofo, python-Flask-Security, python-lxml, and xorg-x11-server), and Ubuntu (backport-iwlwifi-dkms, firefox, ntfs-3g, and openssl).
The5.4.222,4.19.263, and4.14.297stable kernel updates have been released. The first two contain a singlepatch for a Clang compilation error; 4.14.297, instead, has a number offixes and speculative-execution mitigations.
At the recently concluded Netdev0x16 conference, which was held both in Lisbon, Portugal and virtually,Stanford professor John Ousterhout gave his personal views on wherenetworking in data centers needs to be headed. To solve the problems thathe sees, he suggested some "fairly significant changes" to thoseenvironments, including leaving behind the venerable—ubiquitous—TCPtransport protocol. While LWN was unable to attend the conference itself,due to scheduling and time-zone conflicts, we were able to view the video ofOusterhout's keynote talk to bring you this report.
The much-anticipated OpenSSL 3.0.7 release, which fixes some high-risksecurity problems, is available. The releasenotes list two vulnerabilities (CVE-2022-3786 and CVE-2022-3602) thathave not yet been documented on the OpenSSLvulnerabilities page. LWN commenter mat2 has provided the relevant information, though. Itis worth updating quickly, but many sites do not appear to be at immediaterisk.Update: the associated securityadvisory is now available.
LWN.net