stable kernel updates have all been released. These moderately large
updates contain yet another set of important fixes.
Like all Unix-like systems, Linux implements the traditional protection
bits controlling who can access files in a filesystem (and what access
they have). Fewer users, perhaps, are aware of a set of additional
permission bits hidden away behind the chattr
commands. Among other things, these bits can make a file append-only,
mark a file to be excluded from backups, cause a file's data to be automatically
overwritten on deletion, or make a file immutable. The implementation of
many of these features is incomplete at best, so perhaps it's not
surprising that immutable files can still be changed in certain
limited circumstances. Darrick Wong has posted a
changing this behavior, implementing a user-visible
behavioral change that he describes as "an extraordinary way to
Security updates have been issued by Fedora (atomic-reactor and osbs-client), openSUSE (libqt5-qtbase, lxc, tar, wget, and xmltooling), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (php5), and Ubuntu (znc).
As has been recently discussed
developers for the filesystem and memory-management subsystems have been
grappling for years with the problems posed by the get_user_pages()
mechanism. This function maps memory into the kernel's address space for
direct access by the kernel or peripheral devices, but that kind of access
can create confusion in the filesystem layers, which may not be expecting
that memory to be written to at any given time. A new patch
from Jérôme Glisse tries to chip away at a piece of the problem,
but a complete solution is not yet in view.
Ubuntu 19.04, code named "Disco Dingo", has been released, along with the following flavors: Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE,
Ubuntu Studio, and Xubuntu.
"The Ubuntu kernel has been updated to the 5.0 based Linux kernel,
our default toolchain has moved to gcc 8.3 with glibc 2.29, and we've
also updated to openssl 1.1.1b and gnutls 3.6.5 with TLS1.3 support.
Ubuntu Desktop 19.04 introduces GNOME 3.32 with increased performance,
smoother startup animations, quicker icon load times and reduced CPU+GPU
load. Fractional scaling for HiDPI screens is now available in Xorg
Ubuntu Server 19.04 integrates recent innovations from key open
infrastructure projects like OpenStack Stein, Kubernetes, and Ceph with
advanced life-cycle management for multi-cloud and on-prem operations,
from bare metal, VMware and OpenStack to every major public cloud.
" More information can be found in the release notes
OpenSSH 8.0 has been released with a bunch new features and some bug fixes, including one for a security problem:
"This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
This release adds client-side checking that the filenames sent from
the server match the command-line request,
The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead."
Security updates have been issued by CentOS (polkit), Gentoo (dovecot, libseccomp, and patch), openSUSE (aubio, blktrace, flac, lxc, lxcfs, pspp, SDL, sqlite3, and xen), Red Hat (java-1.8.0-openjdk, java-11-openjdk, and rh-maven35-jackson-databind), Scientific Linux (java-1.8.0-openjdk), Slackware (libpng), SUSE (python, python3, sqlite3, and xerces-c), and Ubuntu (ntfs-3g).
The LWN.net Weekly Edition for April 18, 2019 is available.
One of the more lively sessions that was held at the 2019 Legal and
Licensing Workshop (LLW) was Heather Meeker's talk on
open-source business models and alternative licensing. As a lawyer in
private practice, Meeker worked on
a number of the alternative licenses that were drafted and
presented over the last year or so. But she is also part of a venture
capital (VC) firm that is exclusively investing in companies focused on
open source, so she
has experience in thinking about what kinds of models actually work for
those types of businesses.
Security updates have been issued by CentOS (mod_auth_mellon), Debian (ghostscript and ruby2.3), openSUSE (dovecot22, gnuplot, and openwsman), Scientific Linux (mod_auth_mellon), SUSE (krb5, openexr, python3, and wget), and Ubuntu (firefox and openjdk-lts).
The inability to determine the contents of container images is a topic
that annoys Dirk Hohndel. At last
year's Legal and Licensing Workshop (LLW), he gave a presentation that highlighted the problem and
some work he had been doing to combat it. At this year's LLW, he updated
attendees on the progress that has been made and where he hopes things will
go from here.
Security updates have been issued by Debian (cacti and libxslt), Fedora (pcsc-lite and samba), Gentoo (gnutls, phpmyadmin, and tiff), openSUSE (apache2, clamav, dovecot23, nodejs10, SDL, and webkit2gtk3), Red Hat (mod_auth_mellon and rh-python36-python), SUSE (firefox, nspr, nss and python), and Ubuntu (libxslt and webkit2gtk).
The 5.1-rc5 announcement
"changes all over
" and highlighted a number of the areas that
had been touched. One thing that was not
mentioned there was the
addition of four patches fixing a security-related issue in the core
memory-management subsystem. The vulnerability is sufficiently difficult
to exploit that almost nobody should feel the need to rush out a kernel
update, but it is still interesting to look at as a demonstration of how
things can go wrong.
Adrian Ratiu is posting a series of articles on the Collabora blog digging
into the kernel's eBPF subsystem. The first two parts are available now:
look at the virtual machine
. "eBPF is a RISC register machine
with a total of 11 64-bit registers, a program counter and a 512 byte
fixed-size stack. 9 registers are general purpouse read-write, one is a
read-only stack pointer and the program counter is implicit, i.e. we can
only jump to a certain offset from it. The VM registers are always 64-bit
wide (even when running inside a 32-bit ARM processor kernel!) and support
32-bit subregister addressing if the most significant 32 bits are zeroed -
this will be very useful in part 4 when cross-compiling and running eBPF
programs on embedded devices.
Stable kernels 5.0.7
, and 4.9.168
were actually released last week, but
the email wasn't sent. As usual they all contain important fixes and users
Security updates have been issued by Debian (graphicsmagick, jasper, and libssh2), Fedora (kernel, kernel-headers, kernel-tools, nodejs-simple-markdown, and php), openSUSE (netpbm and xen), and SUSE (audiofile, firefox, java-1_7_0-openjdk, libvirt, openssh, and systemd).
kernel prepatch is out for
testing. "Nothing in here makes me feel uncomfortable about this
release cycle so far. Knock wood.
Running out of memory puts a Linux system into a difficult situation; in
the worst cases, there is often no way out other than killing one or more
processes to reclaim their memory. This killing may be done by the kernel
itself or, on systems like Android, by a user-space out-of-memory (OOM)
killer process. Killing a process is almost certain to make somebody unhappy;
the kernel should at least try to use that process's memory expeditiously
so that, with luck, no other processes must die. That does not always
happen, though, in current kernels. This
from Suren Baghdasaryan aims to improve the situation, but
the solution that results in the end may take a different form.
Version 26.2 of the Emacs editor is out. The headline features include the
ability to build modules outside of the source tree, Unicode 11 compliance,
and the long-awaited ability to compress an entire directory full of files
with a single keystroke.