LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Posodobljeno: 7 min 16 sec nazaj
Pet, 07/05/2024 - 14:06
ISO releases new C++
language standards on a three-year cadence; now that it's been
more than a year since the finalization of
C++23, we have a good idea of what
features could be adopted for
C++26 — although proposals can
still be submitted until January 2025. Of particular interest is the addition of
support for
hazard pointers and
user-space read-copy-update (RCU).
Even though C++26 is not yet a standard, many of the proposed features are already
available to experiment with in GCC or Clang.
Pet, 07/05/2024 - 13:17
Security updates have been issued by Fedora (cockpit, python-astropy, python3-docs, and python3.12), Gentoo (BusyBox, GNU Coreutils, GraphicsMagick, podman, PuTTY, Sofia-SIP, TigerVNC, and WebKitGTK+), Mageia (chromium-browser-stable and openvpn), SUSE (cockpit, krb5, and netatalk), and Ubuntu (kopanocore, libreoffice, linux-aws, linux-oem-6.8, linux-aws-5.15, linux-azure, linux-azure-4.15, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oracle, linux-starfive-6.5, and virtuoso-opensource).
Čet, 07/04/2024 - 17:30
Random numbers, it seems, can never be random enough, and they cannot be
generated quickly enough. The kernel's
getrandom()
system call might, after years of discussion, be seen as sufficiently
secure by most users, but it is still a system call. Linux system calls
are relatively fast, but they are necessarily slower than calling a
function directly. In an attempt to speed the provision of secure random
data to user space, Jason Donenfeld has put together
an
implementation of getrandom() that lives in the
virtual dynamic
shared object (vDSO) area.
Čet, 07/04/2024 - 16:03
Security updates have been issued by AlmaLinux (389-ds, c-ares, container-tools, cups, fontforge, go-toolset, iperf3, less, libreoffice, libuv, nghttp2, openldap, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, qemu-kvm, and xmlrpc-c), Debian (znc), Fedora (firmitas and libnbd), Mageia (dcmtk, krb5, libcdio, and openssh), Oracle (golang, openssh, pki-core, and qemu-kvm), Red Hat (openssh), SUSE (apache2-mod_auth_openidc, emacs, go1.21, go1.22, krb5, openCryptoki, and openssh), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle, linux, linux-aws, linux-azure, linux-azure-5.4, linux-bluefield,
linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,
linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-kvm, linux-lts-xenial, linux, linux-gcp, linux-gcp-6.5, linux-laptop, linux-nvidia-6.5,
linux-raspi, linux, linux-gcp, linux-lowlatency, linux-lowlatency-hwe-5.15,
linux-nvidia, linux-xilinx-zynqmp, linux, linux-ibm, linux-lowlatency, linux-nvidia, linux-raspi, linux-aws, linux-aws-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5,
linux-starfive, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde,
linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm,
linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-oracle,
linux-oracle-5.15, linux-azure, linux-azure, linux-azure-6.5, linux-bluefield, linux-iot, linux-gcp, linux-intel, linux-hwe-5.15, and php7.0 and php7.2).
Čet, 07/04/2024 - 03:32
The LWN.net Weekly Edition for July 4, 2024 is available.
Sre, 07/03/2024 - 20:32
There are a handful of extensions to the "new" mount API that Christian
Brauner wanted to discuss as part of a filesystem session at
the
2024
Linux Storage,
Filesystem, Memory Management, and BPF Summit. In the session, though,
the only one that he got to was a followup to last year's
discussion on mount-operation monitoring.
There is a need for user-space programs to be able to follow mount
operations (e.g. mount and unmount) that happen in the system, especially
for tools like container
managers or systemd.
Sre, 07/03/2024 - 18:01
Debian's proposed tag2upload
service would be worthy of an article
even if it wasn't so contentious; tag2upload promises a
streamlined way for Debian developers using Git to upload packages to
the Debian
Archive. But tag2upload has been in limbo for
years due to disagreement and a communication breakdown between the team
behind tag2upload and the ftpmasters team. It took the
threat of a General
Resolution (GR), weeks of discussion, and more than
1,000 emails to finally move forward.
Sre, 07/03/2024 - 16:12
The Universal Blue
project, which produces operating system images based on Fedora's Atomic Desktops,
has issued an announcement
that manual steps are required to continue receiving updates. Jorge
Castro wrote:
If you use Bazzite, Bluefin, Aurora, or any other Universal Blue
image (including our toolboxes) then you need to follow the
instructions in this announcement in order to ensure that your device
is getting updates. We were rotating our cosign keypairs this morning,
which is the method that we use to sign our images.
During this process I made a critical error which has resulted in
forcing you to take manual steps to migrate to our newly signed
images.
This applies to all Universal Blue images released before July 2,
2024. See the full announcement for instructions. LWN covered Bluefin in
December, 2023.
Sre, 07/03/2024 - 14:42
In 2016, Oliver Smith reached a point of frustration with the short
lifespan of updates for his Android phone. Taking matters into his own
hands, he began developing
postmarketOS, a Linux distribution for
mobile phones. Eight years later, the
core team and
trusted contributors have grown to twenty individuals, while the latest
release,
v24.06,
now shows support for over 250 devices. Although postmarketOS isn't
usable as a day-to-day phone operating system on all of them, it can also enable repurposing devices into compact servers or kiosk machines.
Sre, 07/03/2024 - 14:29
Version 4.10.0 of GNU findutils has been released. Notable changes
include allowing find -name / as a valid
pattern, and accepting larger UIDs/GIDs for find -user and
find -group. It is also once again possible to build
findutils on systems with musl-libc.
Sre, 07/03/2024 - 14:25
David Rosenthal
looks
back at 40 years of the X Window System:
A major reason for Sun's early success was that they in effect
open-sourced the Network File System. X11 was open source under the
MIT license. I, and some of the other Sun engineers, understood
that NeWS could not displace X11 as the Unix standard window system
without being equally open source. But Sun's management looked at
NeWS and saw superior technology, an extension of the PostScript
that Adobe was selling, and couldn't bring themselves to give it
away.
Sre, 07/03/2024 - 14:15
Security updates have been issued by AlmaLinux (golang and kernel), Fedora (ghostscript and openssh), Mageia (espeak-ng), Red Hat (389-ds, c-ares, container-tools, cups, fontforge, go-toolset, iperf3, less, libreoffice, libuv, linux-firmware, nghttp2, openldap, pki-core, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, qemu-kvm, and xmlrpc-c), SUSE (ghostscript, git, libndp, libxml2, openssh, pgadmin4, podman, podofo, postgresql14, postgresql15, postgresql16, python39, squid, and wireshark), and Ubuntu (firefox and openvpn).
Tor, 07/02/2024 - 14:43
Like many kernel subsystems, the Linux security module (LSM) subsystem
makes extensive use of indirect function calls. Those calls, however, are
increasingly problematic, and the pressure to remove them has been growing.
The good news is that there is
a patch
series from KP Singh that accomplishes that goal. Its progress into
the mainline has been slow — this change was first
proposed
by Brendan Jackman and Paul Renauld in 2020 — and this work has been caught
up in some wider controversies along the way, but it should be close to
being ready.
Tor, 07/02/2024 - 13:41
Security updates have been issued by AlmaLinux (httpd:2.4/httpd), Arch Linux (openssh), Fedora (cups, emacs, and python-urllib3), Gentoo (OpenSSH), Mageia (ffmpeg, gdb, openssl, python-idna, and python-imageio), Red Hat (golang and kernel), SUSE (booth, libreoffice, openssl-1_1-livepatches, podman, python-arcomplete, python-Fabric, python-PyGithub, python- antlr4-python3-runtime, python-avro, python-chardet, python-distro, python- docker, python-fakeredis, python-fixedint, pyth, python-Js2Py, python310, python39, and squid), and Ubuntu (cups and netplan.io).
Pon, 07/01/2024 - 22:02
While the end of support for CentOS 7, which happened on June 30, is
significant, it is also worth taking a moment to reflect on the end of
Scientific Linux 7, which has also just occurred. Scientific Linux
was once a popular RHEL rebuild supported by Fermilab, CERN, DESY, and ETH
Zurich. Development of Scientific Linux stopped with SL7, with the labs
switching to CentOS thereafter, but the SL7 release was supported through
to the bitter end. Thanks are due to all who built and supported
Scientific Linux; you provided a useful and stable platform for many years.
Pon, 07/01/2024 - 14:27
On May 7, Kees Cook sent
a proposal to the linux-kernel mailing list, asking for the kernel
developers to start
working on a way to mitigate unintentional arithmetic overflow, which has been a
source of many bugs. This is not the first time Cook has made a request along
these lines; he sent a related patch set in
January 2024.
Several core developers objected to the plan for different
reasons. After receiving their feedback,
Cook modified his approach to tackle the problem
in a series of smaller steps.
Pon, 07/01/2024 - 13:56
Security updates have been issued by Debian (dcmtk, edk2, emacs, glibc, gunicorn, libmojolicious-perl, openssh, org-mode, pdns-recursor, tryton-client, and tryton-server), Fedora (freeipa, kitty, libreswan, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-poppler, and mingw-python-urllib3), Gentoo (cpio, cryptography, GNU Emacs, Org Mode, GStreamer, GStreamer Plugins, Liferea, Pixman, SDL_ttf, SSSD, and Zsh), Oracle (pki-core), Red Hat (httpd:2.4, libreswan, and pki-core), SUSE (glib2 and kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t), and Ubuntu (espeak-ng, libcdio, and openssh).
Pon, 07/01/2024 - 13:53
OpenSSH 9.8 has been
released, fixing an ugly vulnerability:
Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to
be possible but has not been demonstrated at this time. It's likely
that these attacks will be improved upon.
Exploitation on non-glibc systems is conceivable but has not been
examined.
There is a
configuration workaround for systems that cannot be updated, though it
has its own problems. See this Qualys
advisory for more details.
Ned, 06/30/2024 - 23:38
Linus has released
6.10-rc6 for testing.
"This release continues to be fairly calm, and rc6 looks pretty small.
It's also entirely just random small fixes spread all over, with no bigger
pattern."