Security updates have been issued by Debian (php7.0, php7.3, ruby-loofah, and spip), Fedora (proftpd), openSUSE (lz4 and sysstat), Red Hat (chromium-browser, jss, kernel, kernel-alt, kpatch-patch, pango, polkit, sudo, systemd, and thunderbird), SUSE (graphite-web, python3, and samba), and Ubuntu (php5, php7.0, php7.2, php7.3, and samba).
The BPF in-kernel virtual machine
brought a new set of capabilities to a number of functional areas in the
kernel, including, significantly, tracing
Since BPF programs run in the kernel, much effort goes into ensuring that
they will not cause problems for the running system;
to that end, the BPF verifier checks every possible aspect of each BPF program's
behavior to ensure that it is safe to run in the kernel — with one notable
exception. With a patch set titled "revolutionize
", Alexei Starovoitov aims to close that loophole and
eliminate a set of potential problems in a widely used class of BPF
Security updates have been issued by Arch Linux (chromium, firefox, php, and thunderbird), Debian (file, golang-1.11, libarchive, libxslt, mosquitto, php5, and proftpd-dfsg), Fedora (apache-commons-compress, chromium, java-1.8.0-openjdk, java-11-openjdk, jss, kernel, kernel-headers, kernel-tools, libpcap, mod_auth_openidc, tcpdump, and xpdf), openSUSE (kernel, openconnect, procps, python, sysstat, and zziplib), and SUSE (binutils, docker-runc, ImageMagick, nfs-utils, and xen).
A long-anticipated move has finally been made
: the KernelCI
continuous-integration project has found a new home under the Linux
Foundation umbrella. "The primary goal of KernelCI is to use an open
testing philosophy to improve the quality, stability and long-term
maintenance of the Linux kernel. Expected improvements to the platform
under the Linux Foundation include improved LTS kernel testing and
validation; consolidation of existing testing initiatives; quality-of-life
improvements to the current service; expanded compute resources; and
increased pool of hardware to be tested. In the long-term, members expect
to modernize the architecture; test software beyond the Linux kernel; and
define testing standards and engage in cross-project collaboration.
kernel prepatch is out for
"So we have a bit more fixes than normal during this stage, but nothing
looks very strange, and the diffstat looks _mostly_ flat (with the
cpufrequency power-QoS and io_uring changes looking a bit bigger)
which is my sign for 'small changes all over'
". The codename has
changed again; now it's "Kleptomanic Octopus", suggesting some interesting
encounters in Linus's latest diving outing.
The io_uring mechanism
is a relatively new
interface for asynchronous I/O; it first appeared in the 5.1 kernel in
May. Since then, though, it has quickly grown in capabilities and in
users; now it appears that it is outgrowing some of the kernel
infrastructure that supports it. Thus, we have a proposal from Jens Axboe
(the io_uring maintainer) for a new
for io_uring that hints at some interesting plans
for the future.
Security updates have been issued by Debian (firefox-esr), Gentoo (php), Oracle (firefox), Scientific Linux (sudo), and SUSE (accountsservice, binutils, nfs-utils, and xen).
The GNU Project
was created by Richard
Stallman in 1983 to further his goal of developing an entirely free
operating system — a goal that seemed impossibly ambitious at the time.
Stallman has recently resigned from some of his roles, but as
of this writing his personal site
leads off with this proclamation: "I continue to be the Chief
GNUisance of the GNU Project.
I do not intend to stop any time soon
". Within the project itself,
though, it has become clear that this intention lacks universal support.
We appear to be seeing the beginning of a governance transition for this
Security updates have been issued by Debian (file), Mageia (bind, chromium-browser-stable, java-1.8.0-openjdk, libsndfile, mediawiki, and virtualbox), Oracle (firefox), Red Hat (firefox and sudo), Scientific Linux (firefox and OpenAFS), SUSE (kernel, lz4, rust, and xen), and Ubuntu (firefox).
The LWN.net Weekly Edition for October 24, 2019 is available.
Back in July, Linus Torvalds merged a patch
in the 5.3 merge window
that added the PREEMPT_RT
option to the kernel build-time configuration.
That was meant as a
signal that the realtime patch set was moving from its longtime status as
out-of-tree code to a fully supported kernel feature. As the code behind
the configuration option makes its way into the mainline, some friction can
be expected; we are seeing a bit of that now with respect to the BPF subsystem.
There has been discussion about the release cadence of Python for a couple
of years now. The 18-month cycle between major releases of the language
is seen by some core developers as causing
delay in getting new features into the hands of users. Now there are two
competing proposals for ways to shorten that cycle, either to one year or
by creating a rolling-release model. In general, the steering council
has seemed inclined toward making some kind of release-cycle change—one of
those Python Enhancement Proposals (PEPs) may well form the basis of
Python's release cadence moving forward.
Security updates have been issued by Arch Linux (go, go-pie, pacman, and xpdf), CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, and patch), openSUSE (gcc7), Red Hat (firefox, kernel, and qemu-kvm-rhev), Slackware (mozilla), SUSE (kernel, libcaca, openconnect, python, sysstat, and zziplib), and Ubuntu (libxslt, linux-azure, and linux-lts-xenial, linux-aws).
(The Amnesic Incognito Live
System) is, as the spelled out name implies, a privacy focused
distribution, designed to run from removable media. Version 4.0 has been released
. "We are especially proud to present you Tails 4.0, the first version of Tails based on Debian 10 (Buster). It brings new versions of most of the software included in Tails and some important usability and performance improvements. Tails 4.0 introduces more changes than any other version since years.
of the Firefox web browser is out. The headline features include a
new password generator and a "privacy protection report" showing users
which trackers have been blocked.
"Amazing user features and protections aside, we’ve also got plenty
of cool additions for developers in this release. These include DOM
mutation breakpoints and inactive CSS rule indicators in the DevTools,
several new CSS text properties, two-value display syntax, and JS numeric
" See the release
for more details.
Security updates have been issued by CentOS (jss and kernel), Debian (libpcap, openjdk-8, and tcpdump), Fedora (java-11-openjdk), openSUSE (libreoffice), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk, python, and wget), Scientific Linux (java-1.7.0-openjdk), SUSE (ceph, ceph-iscsi, ses-manual_en, dhcp, openconnect, and procps), and Ubuntu (exiv2, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-gke-5.0, linux-snapdragon, and uw-imap).
Rothschild Patent Imaging LLC filed a patent
against the GNOME Foundation in September, asserting a violation
in the Shotwell photo manager. GNOME has now gone
on the counterattack
, questioning the validity of the patent and whether
it applies to Shotwell at all. There is also an unspecified counterclaim
to strike back against Rothschild. "We want to send a message to all
software patent trolls out there — we will fight your suit, we will win,
and we will have your patent invalidated. To do this, we need your
When a kernel subsystem maintainer has a set of commits to send up the
chain toward the mainline, the git request-pull
the right tool for the job. But various maintainers have noticed over the
years that this command can sometimes generate confusing results when
confronted with anything but the simplest of histories. A brief
conversation on the linux-kernel mailing list delved into why this
situation comes about and what maintainers can do in response.
Security updates have been issued by Debian (aspell, graphite-web, imagemagick, mediawiki, milkytracker, nfs-utils, and openjdk-11), Fedora (kernel, kernel-headers, kernel-tools, mediawiki, and radare2), openSUSE (dhcp, libpcap, lighttpd, and tcpdump), Scientific Linux (java-1.8.0-openjdk), Slackware (python), SUSE (bluez, kernel, and python-xdg), and Ubuntu (aspell).