The 5.2 kernel saw the addition of an extensive new API for the mounting
(and remounting) of filesystems; this
covered an early version of that API. Since then, work in this
area has mostly focused on enabling filesystems to support this API fully.
James Bottomley has taken a look at this API as part of the job of
redesigning his shiftfs filesystem
found it to be incomplete. What has followed is a significant set of
changes that promise to simplify the mount API — though it turns out that
"simple" is often in the eye of the beholder.
Security updates have been issued by Debian (ldm and sa-exim), Mageia (firefox), openSUSE (chromium, firefox, and thunderbird), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, firefox, log4j, nodejs10, nodejs12, and openssl-1_0_0), and Ubuntu (firefox).
Version 19.07.0 of the OpenWrt router distribution is available.
"With this release, the OpenWrt project brings all supported targets back
to a single common kernel version and further refines and broadens
existing device support. It also introduces a new ath79 target and
brings support for WPA3." There are some known issues; read through
the full announcement before updating.
Stable kernels 5.4.10
, and 4.14.163
have been released. PowerPC users
should update to 5.4.10 to get a missing patch. Other users can stay with
In response to a growing desire for ways to control groups of processes
from user space, the kernel has added a number of mechanisms that allow one
process to operate on another. One piece that is currently missing,
though, is the ability for a process to snatch a copy of an open file
another. That gap may soon be filled, though, if the pidfd_getfd()
system-call patch set
from Sargun Dhillon is merged.
Security updates have been issued by Debian (firefox-esr), Fedora (firefox), Oracle (kernel), Slackware (firefox and kernel), SUSE (apache2-mod_perl, git, java-1_7_0-ibm, java-1_7_1-ibm, log4j, mariadb, and nodejs8), and Ubuntu (gnutls28, graphicsmagick, and nss).
Samuel Maddock writes
that the adoption of the "encrypted media extensions" by the World Wide Web
Consortium has had just the sort of effect that people were worried about
four years ago.
"No longer is it possible to build your own web browser capable of
consuming some of the most popular content on the web. Websites like
Netflix, Hulu, HBO, and others require copyright content protection which
is only accessible through browser vendors who have license agreements with
There is another Firefox release out there; this
suggests that updating quickly would be a good idea:
"Incorrect alias information in IonMonkey JIT compiler for setting
array elements could lead to a type confusion. We are aware of targeted
attacks in the wild abusing this flaw.
The LWN.net Weekly Edition for January 9, 2020 is available.
Security updates have been issued by Arch Linux (firefox), Debian (python-django and wordpress), Fedora (dovecot), Mageia (opensc, radare2, and varnish), Red Hat (rh-java-common-apache-commons-beanutils), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, java-1_8_0-ibm, java-1_8_0-openjdk, libzypp, openssl-1_0_0, sysstat, and tomcat), and Ubuntu (clamav, linux-azure, and linux-lts-xenial, linux-aws).
It has taken longer than anybody might have liked, but the IPv6 protocol is
slowly displacing IPv4 across the Internet. A quick, highly scientific
"grep the access logs" test shows that about 16% of the traffic to
LWN.net is currently using IPv6, and many large corporate networks are
using IPv6 exclusively internally. This version of the IP protocol was
designed to be more flexible than IPv4 in a number of ways; the "extension
header" mechanism is one way in which that flexibility is achieved. A
proposal to formalize extension-header processing in the kernel's
networking stack has led to some concerns, though, about how this feature
will be used and what role Linux should play in its development.
Lars Ingebrigtsen provides
on the current status of the Gmane archive server and asks for
feedback on whether it is still useful. "Over the past few years,
people have asked me what happened to Gmane, and I’ve mostly clasped my
hands over my ears and gone 'la la la can’t hear you', because there’s
nothing about the story I’m now finally going to tell that I don’t find
highly embarrassing. I had hoped I could just continue that way until I
die, but perhaps it would be more constructive to actually tell people
what’s going on instead of doing an ostrich impression.
" (Thanks to
Security updates have been issued by Debian (nss and pillow), Red Hat (java-1.8.0-ibm and kernel), Slackware (firefox), SUSE (virglrenderer), and Ubuntu (linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-kvm, linux-oracle, linux-raspi2, and linux-snapdragon).
The random-number generation facilities in the kernel have been reworked
some over the past few months—but problems in that subsystem have been
addressed over an even longer time frame
. The most
were made to stop the getrandom()
system call from
blocking for long periods of time at system boot, but the underlying cause
was the behavior of the blocking random pool. A recent patch set would
remove that pool and it would seem to be headed for the mainline kernel.
Security updates have been issued by Fedora (chromium, cyrus-imapd, drupal7-l10n_update, drupal7-webform, htmldoc, nethack, php, and singularity), Mageia (advancecomp, apache-commons-compress-, cyrus-imapd, cyrus-sasl, dia, freeimage, freeradius, igraph, jhead, jss, libdwarf, libextractor, libxml2, mediawiki, memcached, mozjs60, openconnect, openssl, putty, python-ecdsa, python-werkzeug, shadowsocks-libev, and upx), Oracle (container-tools:1.0 and container-tools:ol8), and Red Hat (kpatch-patch).
kernel prepatch has been
released. Linus added a note to the release announcement: "One sad
piece of news I got this past week was that Bruce
Evans has passed away. Bruce wasn't really ever really much directly
involved in Linux development - he was active on the BSD side - but he was
the developer behind Minix/i386, which was what I used for the original
Linux development in the very early days before Linux became
On the stable-update side,
4.4.208 are all available with another set
of important fixes.
Anybody who has ever taken a numerical analysis course understands that
floating-point arithmetic on computers is a messy affair. Even so, it is
easy to underestimate just how messy things can be. This topic came to the
fore in an initially unrelated python-ideas mailing-list thread; what
should the Python statistics
do with floating-point values that are explicitly not numbers?
It is not all that often that the mainstream press looks at issues in the open-source world, but this article
from The Atlantic
does just that; it looks at the controversy surrounding GitHub renewing its contract with the US Immigration and Customs Enforcement (ICE) agency and the concerns some have had with their code being used by ICE. "So when news of GitHub’s contract with ICE emerged, its employees weren’t the only ones outraged. Because of the transitive nature of open source, volunteer developers—who host code on the site to share with others—may have unwittingly contributed to the code GitHub furnished for ICE, the agency responsible for enforcing immigration policy. Some were troubled by the idea that their code might in some way be used to help agents detain and deport undocumented migrants. But their outrage—and the backlash to it—reveals existential questions about the very nature of open source.