Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• A new privilege escalation vulnerability in the Linux kernel — The vulnerability consists of a stack buffer overflow due to an integer underflow vulnerability inside the nft_payload_copy_vlan function, which is invoked with nft_payload expressions as long as a VLAN tag is present in the current skb.
• netfilter: nft_payload: add C-VLAN support · torvalds/linux@f6ae9f1
• CVE-2023-0179
• CVE-2023-0179- Red Hat Customer Portal
• [net,3/3] netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits - Patchwork
• oss-sec: Re: CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup
• libvirt 9.0 Released For Latest Linux Virtualization API — Libvirt 9.0 adds support for external snapshot deletion with QEMU using its existing API, libvirt 9.0 with QEMU now supports PASST as "Plug A Simple Socket Transport" for connecting an emulated network device to the host's network, QEMU external back-end support for SWTPM as a software Trusted Platform Module (TPM), support for passing file descriptors rather than passing files for the QEMU disk, and other additions.
• JFS Filesystem’s Days are Numbered — IBM developed the JFS file-system originally in the 90's for AIX and the second-generation implementation then ported to Linux after it was made open-source.
• Firefox 109.0 Ships Manifest Version 3 — Manifest Version 3 (MV3) extension support is now enabled by default (MV2 remains enabled/supported). This major update also ushers an exciting user interface change in the form of the new extensions button.
• Here’s what’s going on in the world of extensions
• Manage your extensions using the extensions button in the toolbar
• Manifest v3 signing available November 21 on Firefox Nightly
• Google delays start of Manifest V2 Chrome extension deprecation — The original plan called for Chrome Beta, Dev, and Canary builds to start experiments that turned off Manifest V2 extension support. Additionally, Manifest V3 would be required to get the “Featured” badge in the Chrome Web Store. 
• Firefox 109 Adds New Extensions Button, Manifest V3 Support — The biggest new feature is the new Unified Extensions button in the toolbar.
• Chrome’s “Manifest V3” plan to limit ad-blocking extensions is delayed
• Chrome Users Beware: Manifest V3 is Deceitful and Threatening — Manifest V3, or Mv3 for short, is outright harmful to privacy efforts. It will restrict the capabilities of web extensions

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Kolide: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet.

Support Linux Action News

Links:

• Android 13 is in AOSP — Today we’re pushing the Android 13 source to the Android Open Source Project (AOSP) and officially releasing the newest version of Android.
• Android 13 Sources Released To AOSP
• Glibc 2.36 Dropping DT_HASH Has Been Breaking Easy Anti Cheat Games — The breakage stems from the DT_HASH section being dropped in GNU C Library but EAC being among the few software still expecting that section rather than DT_GNU_HASH.
• Pierre-Loup Griffais on Twitter — Unfortunate that upstream glibc discussion on DT_HASH isn't coming out strongly in favor of prioritizing compatibility with pre-existing applications. Every such instance contributes to damaging the idea of desktop Linux as a viable target for third-party developers.
• Carlos O’Donell on Twitter — How far should Linux ELF follow the generic ELF standard (gABI)? We recently let distributions drop DT_HASH from glibc builds (mandatory under the gABI). This broke EPIC's Easy Anti-Cheat. We *should* ask the gABI for DT_HASH to be optional.
• GLIBC update broke EAC for most games that use it — Issue #6051 · ValveSoftware/Proton
• Should we make DT_HASH dynamic section for glibc?
• gapi discussion: Making DT_HASH optional?
• Linux 6.0 debuts, missing some Rusty bits — Emperor Penguin Linus Torvalds has released the first release candidate for Linux 6.0, but doesn't mind what you call it.
• Linux 6.0 arrives with performance improvements and more Rust coming
• Linux 6.0-rc1 Released With Exciting Performance Optimizations
• Real-Time “PREEMPT_RT” Not in 6.0-rc1 — Of the 50 patches, it's not too bad either as there are five patches for example that are rather trivial for just enabling real-time (RT) support in the Kconfig files for ARM / ARM64 / POWER / x86 / x86_64. There are also a handful of patches each specific to POWER and the i915 graphics driver code.
• Debian turns 29! — Today is Debian's 29th anniversary. We recently wrote about some ideas to celebrate DebianDay, and several events have been planned in more than 14 locations.
• LocalGroups - Debian Wiki
• A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave — An exploit that provides root access to two popular models of the company’s farm equipment.
• mu on Twitter — Sick Codes has jailbroken a John Deere, and this is just the beginning. Turns out our entire food system is built on outdated, unpatched Linux and Windows CE hardware with LTE modems.
• How a version of Doom running on a John Deere tractor champions the right-to-repair movement — Sick Codes achieved this by working with different tractor control touchscreen consoles, narrowing it down to a select few models, and finding a way to exploit these devices.
• Right to repair movement goes Deere hunting
• The debate over right to repair in 2022 | Successful Farming
• Deere Hit with Class Action Lawsuit Over Right to Repair
• Late Night Linux – Episode 190

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Linux 5.14 set to boost future enterprise application security — A particular area of interest for both enterprise and cloud users is always security and to that end, Linux 5.14 will help with several new capabilities. Mike McGrath, vice president, Linux Engineering at Red Hat told TechCrunch that the kernel update includes a feature known as core scheduling, which is intended to help mitigate processor-level vulnerabilities like Spectre and Meltdown
• Linux 5.14 Features Aplenty With New AMD GPUs, SmartShift, More Alder Lake, Core Scheduling
• QEMU 6.1 Released With RISC-V Improvements, AMD Emulation Fixes — RISC-V on QEMU has updates around OpenTitan platform support, support for VirtIO VGA, and a variety of other architecture improvements.
• PipeWire 0.3.34 Released — Bluetooth battery status support for head-set profile and using Apple extensions. aptX-LL and FastStream codec support was added.
• CodeWeavers still hiring for a ‘General Wine Developer' — CodeWeavers announced recently they need a bit of help on finding more developers, with a spot still currently open for a 'General Wine Developer' who will work on Wine and Proton.
• Microsoft, Google partner on eBPF — Hosted by the Linux Foundation, the new eBPF Foundation, which was unveiled August 12, plans to expand eBPF and extend it beyond Linux.
• eBPF Summit 2021
• The State & Future of eBPF - Thomas Graf
• eBPF for Windows - Dave Thaler (Microsoft)
• Linux On The Apple M1 Can Now Boot To The GNOME Desktop — Alyssa Rosenweig, who has been working on reverse engineering the Apple M1 GPU since January, has now posted a screenshot of "GNOME Shell on the Apple M1, bare metal."
• ‘Not great, but usable’: GNOME desktop boots on Asahi Linux for Apple M1
• 30 years of Linux: OS was successful because of how it was licensed, says Red Hat
• Linux turns 30: ​Linus Torvalds on his “just a hobby” operating system
• Happy birthday – 30 Years of Linux
• Happy Birthday, Linux: From a Bedroom Project To Billions of Devices in 30 Years
• 30th Anniversary of Linux - Linux Foundation
• Happy birthday, Linux: From a bedroom project to billions of devices in 30 years • The Register
• Linode Joins Jupiter Broadcasting In Denver - YouTube
• Chris remains on the road! Track is trip live: colonytracker.live

Plus our reaction to SCO reigniting their decades-long fight with IBM and Red Hat, and the big news in GTK-land you might have missed.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• AlmaLinux Now Available For Download As RHEL/CentOS Alternative — As scheduled, AlmaLinux's initial release is available for download today from AlmaLinux.org. This initial AlmaLinux release is based on Red Hat Enterprise Linux 8.3 sources.
• AlmaLinux OS on GitHub
• AlmaLinux Repo
• AlmaLinux Wiki
• Shop Almalinux
• CloudLinux Launches AlmaLinux, CentOS Linux clone
• How to migrate CentOS to AlmaLinux and avoid downtime in your data center
• AlmaLinux OS Homepage
• IBM, Red Hat face copyright, antitrust lawsuit from SCO Group successor Xinuos — Xinuos' lawsuit contends that IBM stole UnixWare and OpenServer code and incorporated it into the heart of its AIX, z/OS mainframe, and its midrange server operating systems.
• SCO vs. IBM looks like it’s over for good
• SCO slapped in latest round of eternal ‘Who owns UNIX?’ lawsuit
• Judge spanks SCO in ancient ownership of Unix lawsuit
• SCO vs. IBM battle resumes over ownership of Unix
• SCO keeps dying, and dying, and dying
• SCO trading suspended in US
• Xinuos sues IBM
• SCO Linux FUD returns from the dead
• Xinuos file suit against Red Hat and IBM
• Canonical releases Ubuntu on Windows Preview with early builds, new tools for the brave — The setup is more user-friendly thanks to the Subiquity installer, and a utility called ubuntuwsl.
• Announcing Ubuntu on Windows Community Preview
• Super Sneaky Ubuntu Link
• NVIDIA Proposes Mesa Patches To Support Alternative GBM Back-Ends — It looks like NVIDIA is finally taking the GBM route for supporting Wayland compositors with their proprietary driver...
• Mesa GitLab WIP Merge request — GBM alternate backend discovery and loading
• Introducing Libadwaita — This new libadwaita library intends to extend that concept by being the missing code part of Adwaita. and will be implemented as a direct GTK 4 continuation and replacement of libhandy.
• OBS Studio Now Ready With Wayland Capture Support — Well-known GNOME developer Georges Stavracas has been working on allowing good and native Wayland support for OBS Studio with the last of that work being merged upstream today.
• OBS Studio on Wayland – Georges Stavracas
• Arch Linux Packages - archinstall 2.1.3-1
• Arch Linux installer GitHub

Plus why we've recently switched back to Firefox, and more.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Ting: Save $25 off your first device, or $25 in service credit if you bring one!

Support Linux Action News

Links:

• Red Hat Announces Free “RHEL For Open-Source Infrastructure” — Eligible organizations will be able to enjoy no-cost RHEL for use within their infrastructure for continuous integration, web servers, and more.
• Red Hat returns with another peace offering in the wake of the CentOS Stream affair: More free stuff
• Red Hat Announcement — Extending no-cost Red Hat Enterprise Linux to open source organizations
• Red Hat opens the door for both VMs tand containers in its latest OpenShift release
• Red Hat OpenShift 4.7 Blurs The Line Between VMs And Containers — With OpenShift 4.7, Red Hat attempts to simplify the migration of virtual machines to containers.
• Red Hat OpenShift 4.7 Is Now Available
• OpenShift Container Platform 4.7 release notes
• [Video] What’s new in Red Hat OpenShift 4.7
• Introducing the Framework Laptop — We’re here to prove that designing products to last doesn’t require sacrificing performance, quality, or style.
• Framework Laptop
• Google Funds Linux Kernel Developers to Focus Exclusively on Security — Silva and Chancellor’s exclusive focus is to maintain and improve kernel security and associated initiatives in order to ensure the world’s most pervasive open source software project is sustainable for decades to come.
• Latest Firefox release includes Multiple Picture-in-Picture and Total Cookie Protection — In today’s release, we added multiple picture-in-picture views, available on Mac, Linux and Windows, and includes keyboard controls for fast forward and rewind. Total Cookie Protection stops cookies from tracking you around the web by creating a separate cookie jar for every website.
• Firefox 86.0 released
• Total Cookie Protection
• Firefox for Enterprise 86 Release Notes.

Plus Google's surprise for Chromium users, and we go hands-on with Podman's docker-compose support.

Sponsored By:

• Linode: Sign up using the link on this page and receive a $100 60-day credit towards your new account.
• Datadog: Datadog - the unified monitoring and analytics platform for comprehensive visibility into cloud, hybrid, and multi-cloud environments.

Support Linux Action News

Links:

• KDE Plasma 5.21 Brings Low-latency Compositing, New Kickoff Menu, and Wallpaper — A major addition is a complete redesign of the main KDE Plasma Application Launcher.
• This week in KDE: new KWin compositing, new Kickoff, new recording level visualization! — This week KWin’s compositing code was almost totally rewritten! It should broadly reduce latency throughout all compositing operations, and also adds a user-facing control in the System Settings Compositing page so people can choose for themselves whether they prefer lower latency or smoother animations.
• Check out our interview with Nate Graham in LUP 385
• Plasma Gitlab MR: Add fingerprint manager
• Fedora Proposed Change: Wayland By Default For Plasma
• Xfce 4.16 Released — Today, after 1 year and 4 months of work, we are happy to announce the release of the Xfce desktop 4.16, a new stable version that supersedes Xfce 4.14.
• XFCE Nation on Twitter — Reminder to @ChrisLAS and @wespayne that Xfce 4.16 has been out since December 22nd but hasn’t been mentioned on @LinuxActionNews or @LinuxUnplugged.
• Xfce 4.16 Changelog
• Intel Preparing New Driver Option To Disable GPU Security Mitigations
• Wine 6.0 released — This release is dedicated to the memory of Ken Thomases, who passed away just before Christmas at the age of 51. Ken was an incredibly brilliant developer, and the mastermind behind the macOS support in Wine. We all miss his skills, his patience, and his dark sense of humor.
• Grab a Glass, Wine 6.0 Has Been Released
• The Wine team is proud to announce that the stable release Wine 6.0 — The core DLLs, including NTDLL, KERNEL32, GDI32, USER32, etc. are built in PE format. This should help a number of copy protection schemes that check that the DLL files on disk match the in-memory contents.
• CloudLinux readies CentOS Linux replacement: AlmaLinux — AlmaLinux will be a free, open-source, community-driven, 1:1 binary compatible fork of RHEL 8 (and future releases). For CentOS users, the company promises Lenix will provide an uninterrupted way to convert existing CentOS servers with absolutely zero downtime or need to reinstall anything
• AlmaLinux is born!!
• AlmaLinux - Forever-Free Enterprise-Grade Operating System
• Using Podman and Docker Compose — Up to now, support for Docker Compose, the command-line utility that orchestrates multiple Docker containers for local development, was missing. With Podman 3.0 now in development upstream, we have begun to support Compose.
• Chromium Blog: Limiting Private API availability in Chromium — During a recent audit, we discovered that some third-party Chromium-based browsers were able to integrate Google features, such as Chrome sync and Click to Call, that are only intended for Google’s use. We are limiting access to our private Chrome APIs starting on March 15, 2021.
• PSA: Vanilla Chromium ending some of Google’s API access such as syncing and spelling check starting on March 15, 2021
• MacOS update enables third party OSes on M1 — It's happening... macOS Big Sur 11.2 beta 2 is out with full custom kernel support.
• iBoot - Wikipedia — iBoot is the stage 2 bootloader for all Apple products. It replaces the old bootloader, BootX.