LWN.net

LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
Posodobljeno: 43 min 35 sec nazaj
Multiple Exim security vulnerabilities disclosed
The "Zero Day Initiative" site has posted a number of advisories (1, 2, 3, 4, 5, 6)
describing a number of flaws in the Exim mail server, some of which are
exploitable remotely. These problems, allegedly, were first reported to
the project in June 2022, well over one year ago. There is some
disagreement over the timing of events, with Exim developer Heiko
Schlittermann claiming
that no actual information was received until last May, and an anonymous
ZDI representative disputing
that story.
Either way, the vulnerabilities are now disclosed, but patches are not yet on offer; Schlittermann said that "Fixes are available in a protected repository and are ready to be applied by the distribution maintainers", so hopefully that situation will change soon.
Kategorije: Tuja odprtokodna scena
[$] Impressions from the GNU Project's 40th anniversary celebration
On September 27, 1983, Richard Stallman announced the
founding of the GNU project. His goal, which seemed wildly optimistic
and unattainable at the time, was to write a complete Unix-like operating
system from the beginning
and make it freely available. Exactly 40 years later, the GNU project
celebrated with a hacker meeting in
Switzerland. Your editor had the good fortune to be able to attend.
Kategorije: Tuja odprtokodna scena
Security updates for Friday
Security updates have been issued by Debian (firefox-esr, jetty9, and vim), Gentoo (Fish, GMP, libarchive, libsndfile, Pacemaker, and sudo), Oracle (nodejs:16 and nodejs:18), Red Hat (virt:av and virt-devel:av), Slackware (mozilla), SUSE (chromium, firefox, Golang Prometheus, iperf, libqb, and xen), and Ubuntu (linux-raspi).
Kategorije: Tuja odprtokodna scena
[$] Security policies for GNU toolchain projects
While the CVE process was created in response to real problems, it's increasingly clear that CVE numbers are
creating problems of their own. At the 2023 GNU Tools Cauldron,
Siddhesh Poyarekar expressed the frustration that toolchain developers have
felt as the result of arguing with security researchers about CVE-number
assignments. In response, the GNU toolchain community is trying to better
characterize what is — and is not — considered to be a security-relevant
bug in its software.
Kategorije: Tuja odprtokodna scena
Security updates for Thursday
Security updates have been issued by Debian (ncurses), Fedora (emacs, firecracker, firefox, libkrun, python-oauthlib, and virtiofsd), Mageia (glibc and vim), Oracle (18), SUSE (bind, binutils, busybox, cni, cni-plugins, container-suseconnect, containerd, curl, exempi, ffmpeg, firefox, go1.19-openssl, go1.20-openssl, gpg2, grafana, gsl, gstreamer-plugins-bad, gstreamer-plugins-base, libpng15, libwebp, mutt, nghttp2, open-vm-tools, pmix, python-brotlipy, python3, python310, qemu, quagga, rubygem-actionview-5_1, salt, supportutils, xen, and xrdp), and Ubuntu (libwebp, minidlna, puma, and python2.7, python3.5).
Kategorije: Tuja odprtokodna scena
[$] LWN.net Weekly Edition for September 28, 2023
The LWN.net Weekly Edition for September 28, 2023 is available.
Kategorije: Tuja odprtokodna scena
[$] Moving the kernel to large block sizes
Using larger block sizes in the kernel for I/O is a recurring topic in
storage and
block-layer circles. The topic came up in discussions
at the Linux Storage, Filesystem, Memory-Management and BPF Summit (LSFMM)
back in
May. One of the participants in those discussions, Hannes Reinecke, gave
a talk at Open Source Summit Europe 2023 with an overview of the reasons
behind using larger blocks for I/O, the current status of that work, and
where it all might lead from here.
Kategorije: Tuja odprtokodna scena
Security updates for Wednesday
Security updates have been issued by Oracle (libtiff), Red Hat (libtiff, nodejs:16, and nodejs:18), Slackware (mozilla), SUSE (bind, cacti, cacti-spine, ImageMagick, kernel, libwebp, netatalk, open-vm-tools, postfix, quagga, wire, and wireshark), and Ubuntu (cups, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-oracle, linux-bluefield, and linux-bluefield, linux-raspi, linux-raspi-5.4).
Kategorije: Tuja odprtokodna scena
[$] AI from a legal perspective
The AI boom is clearly upon us, but there are still plenty of questions
swirling around this technology. Some of those questions are legal ones
and there have been lawsuits filed to try to get clarification—and perhaps
monetary damages. Van Lindberg is a lawyer who is well-known in the
open-source world; he came to Open
Source Summit Europe 2023 in Bilbao, Spain to try to put the current
work in AI into its legal context.
Kategorije: Tuja odprtokodna scena
Firefox 118.0 released
Version
118.0 of the Firefox browser has been released. Changes include
improved fingerprinting prevention and automated translation: "Automated
translation of web content is now available to Firefox users! Unlike
cloud-based alternatives, translation is done locally in Firefox, so that
the text being translated does not leave your machine."
Kategorije: Tuja odprtokodna scena
Security updates for Tuesday
Security updates have been issued by Debian (exempi, glib2.0, lldpd, and netatalk), Fedora (curl, libppd, and linux-firmware), Oracle (kernel), and SUSE (Cadence, frr, modsecurity, python-CairoSVG, python-GitPython, and tcpreplay).
Kategorije: Tuja odprtokodna scena
LibrePCB 1.0.0 Released
The 1.0 version of the LibrePCB
"free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards".
As noted in a blog post back in May, a grant has helped spur development of the tool.
The focus for the release has been in adding features that were needed so that "there should be no show stopper anymore which prevents you from using LibrePCB for more complex PCB [printed circuit board] designs".
New features include a 3D viewer and export format for working with designs in a mechanical computer aided design (CAD) tool, support for manufacturer part number (MFN) management, and lots of board editor features such as
thermal relief pads in planes, blind & buried vias,
keepout zones, and more. [Thanks to Alphonse Ogulla.]
Kategorije: Tuja odprtokodna scena
[$] The PuzzleFS container filesystem
The last year or so has seen the posting of a few new filesystem types that
are aimed at supporting container workloads. PuzzleFS, presented at the
2023 Kangrejos gathering by Ariel
Miculas, is another contender in this area, but it has some features of its
own, including a novel compression mechanism and an implementation written
in Rust.
Kategorije: Tuja odprtokodna scena
Security updates for Monday
Security updates have been issued by Debian (bind9, elfutils, flac, ghostscript, libapache-mod-jk, lldpd, and roundcube), Fedora (linux-firmware, roundcubemail, and thunderbird), Mageia (curl, file, firefox/thunderbird, ghostpcl, libtommath, and nodejs), Oracle (kernel, open-vm-tools, qemu, and virt:ol and virt-devel:rhel), SUSE (bind, busybox, djvulibre, exempi, ImageMagick, libqb, libssh2_org, opera, postfix, python, python36, renderdoc, webkit2gtk3, and xrdp), and Ubuntu (accountsservice and open-vm-tools).
Kategorije: Tuja odprtokodna scena
Kernel prepatch 6.6-rc3
The third 6.6 kernel prepatch is out for
testing.
Unusually, we have a large chunk of changes in filesystems. Part of it is the vfs-level revert of some of the timestamp handling that needs to soak a bit more, and part of it is some xfs fixes. With a few other filesystem fixes too.
The multi-grain timestamp changes turned out to cause the occasional regression (timestamps that could appear to go backward) and were taken back out.
Kategorije: Tuja odprtokodna scena
Saturday's stable kernel updates
The
6.5.5,
6.1.55,
5.15.133,
5.10.197,
5.4.257,
4.19.295, and
4.14.326
stable kernel updates have all been released; each contains another set of
important fixes.
Kategorije: Tuja odprtokodna scena
[$] User-space spinlocks with help from rseq()
Back in May, André Almeida presented some
work toward the creation of user-space spinlocks using adaptive
spinning. At that time, the work was stalled because there is, in Linux,
currently no way to quickly determine whether a given thread is actually
executing on a CPU. Some progress has since been made on that front; at
the 2023
Open Source Summit Europe, Almeida returned to discuss how that
difficulty might be overcome.
Kategorije: Tuja odprtokodna scena
Security updates for Friday
Security updates have been issued by Debian (gsl), Fedora (dotnet6.0 and dotnet7.0), Oracle (libwebp), Slackware (bind, cups, and seamonkey), SUSE (kernel and rust, rust1.72), and Ubuntu (cups, flac, gnome-shell, imagemagick, and python3.5).
Kategorije: Tuja odprtokodna scena
[$] Revisiting the kernel's preemption models (part 1)
All that Ankur Arora seemingly wanted to do with this
patch set was to make the process of clearing huge pages on x86
systems go a little faster. What resulted was an extensive discussion on
the difficulties of managing preemption correctly in the kernel. It may be
that some changes will come to the plethora of preemption models that the
kernel currently offers.
Kategorije: Tuja odprtokodna scena
Security updates for Thursday
Security updates have been issued by Debian (mutt, netatalk, and python2.7), Fedora (chromium, golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, and golang-gopkg-alecthomas-kingpin-2), Oracle (dmidecode, frr, libwebp, open-vm-tools, and thunderbird), Red Hat (libwebp and open-vm-tools), SUSE (cups, frr, mariadb, openvswitch3, python39, qemu, redis7, rubygem-rails-html-sanitizer, and skopeo), and Ubuntu (bind9, cups, and libppd).
Kategorije: Tuja odprtokodna scena