A "split lock" is a low-level memory-bus lock taken by the processor for a memory
range that crosses a cache line. Most processors disallow split locks, but
x86 implements them, Split locking may be convenient for developers, but
it comes at a cost: a single split-locked instruction can occupy the memory
bus for around 1,000 clock cycles. It is thus understandable that interest
in eliminating split-lock operations is high. What is perhaps less
understandable is that a patch set intended to detect split locks has been
pending since (at least) May 2018, and it still is not poised to enter the
William Tolley has disclosed a severe VPN-related problem in most current
systems: "I am reporting a vulnerability that exists on most Linux distros, and
other *nix operating systems which allows a network adjacent attacker
to determine if another user is connected to a VPN, the virtual IP
address they have been assigned by the VPN server, and whether or not
there is an active connection to a given website. Additionally, we are
able to determine the exact seq and ack numbers by counting encrypted
packets and/or examining their size. This allows us to inject data into
the TCP stream and hijack connections." There are various partial
mitigations available, but a full solution to the problem has not yet been
worked out. Most VPNs are vulnerable, but Tor evidently is not.
Security updates have been issued by Debian (libav), Fedora (kernel, libuv, and nodejs), Oracle (firefox), Red Hat (firefox and java-1.7.1-ibm), SUSE (clamav, cloud-init, dnsmasq, dpdk, ffmpeg, munge, opencv, and permissions), and Ubuntu (librabbitmq).
In November, the topic of init systems and, in particular, support for
systems other than systemd reappeared on the
Debian mailing lists
. After one month of sometimes fraught discussion,
this issue has been brought to the project's developers to decide in the
form of a general
resolution (GR) — the first such since the project voted on the status of
in 2016. The issues under discussion are
complex, so the result is one of the most complex ballots seen for some
time in Debian, with seven options to choose from.
Greg Kroah-Hartman has announced the release of the 5.4.2
stable kernels. They contain a
relatively large collection of important fixes throughout the tree; users of those
kernel series should upgrade.
Security updates have been issued by Arch Linux (firefox), Fedora (cyrus-imapd, freeipa, haproxy, ImageMagick, python-pillow, rubygem-rmagick, sqlite, squid, and tnef), openSUSE (haproxy), Oracle (microcode_ctl), and Ubuntu (squid, squid3).
The LWN.net Weekly Edition for December 5, 2019 is available.
One of the features of the Clang/LLVM compiler that has been rather lacking
for GCC may finally be getting filled in. In a mid-November post
to the gcc-patches mailing list, David Malcolm described a new
static-analysis framework for GCC that he wrote. It could be the starting point for a
whole range of code analysis for the compiler.
Making a comparison between Linux and Kubernetes is often one of apples to
oranges. There are, however, some similarities and there is an effort
within the Kubernetes community to make Kubernetes more like a Linux
distribution. The idea was outlined in a session
engineering at KubeCon
+ CloudNativeCon North America 2019
. "You might have heard that
Kubernetes is the Linux of the cloud
and that's like super easy to say, but what does it mean? Cloud is pretty
fuzzy on its own," Tim Pepper, the Kubernetes release special interest group
co-chair said. He proceeded to provide some clarity on how the two
projects are similar.
Security updates have been issued by CentOS (389-ds-base, ghostscript, kernel, and tcpdump), Debian (libonig), Fedora (clamav, firefox, and oniguruma), openSUSE (calamares, cloud-init, haproxy, libarchive, libidn2, libxml2, and ucode-intel), Scientific Linux (SDL and tcpdump), Slackware (mozilla), and Ubuntu (haproxy, intel-microcode, and postgresql-common).
that two more malicious modules have been removed from the Python Package
Index. "The two libraries were created by the same developer and mimicked other more popular libraries -- using a technique called typosquatting to register similarly-looking names.
The first is 'python3-dateutil,' which imitated the popular 'dateutil'
library. The second is 'jeIlyfish' (the first L is an I), which mimicked
the 'jellyfish' library.
" The latter of the two had been in PyPI
for nearly a year.
Firefox 71 is available. New features include improvements to the Lockwise
integrated password manager and native MP3 decoding. The release
have more details.
Security updates have been issued by Arch Linux (intel-ucode and libtiff), Debian (exiv2), Oracle (SDL), Red Hat (kernel, patch, and python-jinja2), and Ubuntu (graphicsmagick, linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-xenial, linux-aws, and sqlite3).
Mark Wielaard has posted a
summary of the discussion thus far
on the governance of the GNU
project. "The mentoring and apprenticeship discussion focused on the
GNU maintainers as being the core of the GNU project. But as was pointed
out there are also webmasters, translators, infrastructure maintainers
(partially paid FSF staff and volunteers), education and conference
organizers, etc. All these people are GNU stakeholders. And how we organize
governance of the GNU project should also involve them.
The 5.5 merge window got underway immediately after the release
of the 5.4 kernel on
November 24. The first week has been quite busy despite the US
Thanksgiving holiday landing in the middle of it. Read on for a summary of
what the first 6,300 changesets brought for the next major kernel release.
Security updates have been issued by Debian (389-ds-base, asterisk, file, nss, proftpd-dfsg, ssvnc, and tnef), Fedora (chromium, djvulibre, freeradius, ImageMagick, jhead, kernel, phpMyAdmin, python-pillow, and rubygem-rmagick), Mageia (bzip2, chromium-browser-stable, curl, dbus, djvulibre, glib2.0, glibc, gnupg2, httpie, libreoffice, libssh2, mosquitto, nginx, python-sqlalchemy, unbound, and zipios++), openSUSE (bluez, clamav, cpio, freerdp, openafs, phpMyAdmin, strongswan, and webkit2gtk3), Red Hat (samba and SDL), Scientific Linux (389-ds-base), and SUSE (haproxy, python-Django, and tightvnc).
stable kernels have all been released; they contain a relatively large set
of important fixes and updates. For good measure,
followed a full 30 seconds later with one problematic patch reverted.
On the Redox
site, creator Jeremy Soller gives an update
on the Unix-like operating system written in Rust. It is running on a System76 Galaga Pro laptop: "This particular hardware has full support for the keyboard, touchpad, storage, and ethernet, making it easy to use with Redox.
" Meanwhile, he and the other Redox developers have been focusing on making it self-hosting: "Building Redox OS on Redox OS has always been one of the highest priorities of the project. Rustc seems to be only a few months of work away, after which I can begin to improve the system while running on it permanently, at least on one machine. With Redox OS being a microkernel, it is possible that even the driver level could be recompiled and respawned without downtime, making it incredibly fast to develop for. With this in place, I would work more efficiently on porting more software and tackling more hardware support issues, such as filling in the USB stack and adding graphics drivers.
But, more importantly than what I will be able to do, is the contributions by others that will be unlocked by having a fully self-hosted, microkernel Operating System written in Rust, Redox OS.
Security updates have been issued by Debian (libvpx and vino), Fedora (grub2 and nss), and SUSE (cloud-init, libarchive, libtomcrypt, ncurses, and ucode-intel).