Odprtokodni pogled

Opensource view

LWN.net

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Posodobljeno: 23 min 7 sec nazaj

Ubuntu 22.10 released

Čet, 10/20/2022 - 16:13
Ubuntu 22.10 has been released. "Codenamed 'Kinetic Kudu', this interim release improves the experience of enterprise developers and IT administrators. It also includes the latest toolchains and applications with a particular focus on the IoT ecosystem." See the release notes for details.

Security updates for Thursday

Čet, 10/20/2022 - 15:15
Security updates have been issued by Debian (firefox-esr), Red Hat (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, OpenShift Container Platform 4.9.50 bug fix and, and rh-nodejs14-nodejs), SUSE (buildah, clone-master-clean-up, go1.18, go1.19, helm, jasper, libostree, nodejs16, php8, qemu, and xen), and Ubuntu (libxdmcp, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oem-5.14, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-oem-5.17, and perl).

[$] LWN.net Weekly Edition for October 20, 2022

Čet, 10/20/2022 - 01:00
The LWN.net Weekly Edition for October 20, 2022 is available.

[$] The search for the correct amount of split-lock misery

Sre, 10/19/2022 - 16:45
Unlike many other architectures, x86 systems support atomic operations that affect more than one cache line. This support comes at a cost, though, in terms of overall system performance and, even, security. Over the last few years, kernel developers have worked to discourage the use of this sort of "split-lock" operation. Now, though, one group of users is feeling a little too discouraged, leading to a discussion of how much misery can appropriately be inflicted upon users who use problematic but architecturally legal operations.

Security updates for Wednesday

Sre, 10/19/2022 - 15:05
Security updates have been issued by Debian (bcel, kernel, node-xmldom, and squid), Mageia (chromium-browser-stable, dhcp, dokuwiki, firefox, golang, python-joblib, sos, and unzip), Oracle (nodejs and nodejs:16), Red Hat (firefox, kernel, kernel-rt, nodejs, nodejs:14, and thunderbird), Scientific Linux (firefox and thunderbird), Slackware (git and mozilla), SUSE (amazon-ssm-agent, caasp-release, cri-o, patchinfo, release-notes-caasp, skuba, enlightenment, libreoffice, netty, nodejs12, nodejs14, nodejs16, pngcheck, postgresql-jdbc, python-waitress, rubygem-activesupport-5_1, and tcl), and Ubuntu (frr, git, libksba, and linux-azure-4.15).

[$] Identity management for WireGuard

Tor, 10/18/2022 - 16:18
Since its inclusion in the Linux kernel, the WireGuard VPN tunnel has become increasingly popular. In general, WireGuard is simpler to configure than other VPNs, but the approach that it takes to authentication can present some challenges. Each node in a WireGuard network has a cryptographic key that serves as the node's identity; nodes that do not know each other's keys cannot directly communicate. Keeping track of these keys and distributing them to the other nodes in a mesh network quickly becomes a chore as the network grows. Fortunately, there are now several open-source tools that can automate the management of these keys and make using WireGuard easier for both administrators and end users.

Firefox 106 released

Tor, 10/18/2022 - 15:11
Version 106.0 of the Firefox browser has been released. There are several new features, including PDF editing, Firefox View (an overview of recently closed tabs), and a set of new color schemes.

Security updates for Tuesday

Tor, 10/18/2022 - 14:54
Security updates have been issued by Debian (glibc and libksba), Fedora (dhcp and kernel), Red Hat (.NET 6.0, .NET Core 3.1, compat-expat1, kpatch-patch, and nodejs:16), Slackware (xorg), SUSE (exiv2, expat, kernel, libreoffice, python, python-numpy, squid, and virtualbox), and Ubuntu (linux-azure and zlib).

Tails 5.5 released

Pon, 10/17/2022 - 19:28
Version 5.5 of the Tor-centered Tails distribution is out. The biggest change appears to be a significant update to the Thunderbird email client.

Thunderbird 102 is a major update with many changes to the navigation, folder icons, and address book. Thunderbird 102 also includes important usability improvements to the OpenPGP feature. When composing an email, you can now see whether it will be encrypted or not. If encryption is impossible, a key assistant helps you solve key issues.

Two more stable kernel updates

Pon, 10/17/2022 - 17:58
The 5.10.149 and 5.4.219 stable kernel updates have been released. These small updates contain only a few more WiFi fixes and one revert.

[$] The rest of the 6.1 merge window

Pon, 10/17/2022 - 15:45
Linus Torvalds released 6.1-rc1 and closed the 6.1 merge window on October 16; at that point, 11,537 non-merge changesets had been pulled into the mainline repository. That is considerably less than the 13,543 changesets pulled during the 6.0 merge window, but quantity is not everything: there were quite a few significant changes brought in this time around. Many of those were part of the nearly 5,800 changesets pulled since our first 6.1 merge window summary; read on for a look at some of the work done in the latter part of this merge window.

GnuPG 2.3.8 released

Pon, 10/17/2022 - 15:29
Version 2.3.8 of the GNU Privacy Guard is out. It contains a few new features but the real purpose is to fix CVE-2022-3515, an integer overflow vulnerability that can be exploited remotely for code execution via a, for example, malicious S/MIME attachment. Note that the actual vulnerability is in the libksba library, which is normally packaged separately on Linux systems.

Security updates for Monday

Pon, 10/17/2022 - 14:59
Security updates have been issued by Arch Linux (kernel, linux-hardened, linux-lts, and linux-zen), Debian (python-django), Fedora (apptainer, kernel, python3.6, and vim), Gentoo (assimp, deluge, libvirt, libxml2, openssl, rust, tcpreplay, virglrenderer, and wireshark), Slackware (zlib), SUSE (chromium, python3, qemu, roundcubemail, and seamonkey), and Ubuntu (linux-aws-5.4 and linux-ibm).

Kernel prepatch 6.1-rc1

Pon, 10/17/2022 - 00:05
Linus has released 6.1-rc1 and closed the merge window for this development cycle.

This isn't actually shaping up to be a particularly large release: we "only" have 11.5k non-merge commits during this merge window, compared to 13.5k last time around. So not exactly tiny, but smaller than the last few releases. At least in number of commits.

That said, we've got a few core things that have been brewing for a long time, most notably the multi-gen LRU VM series, and the initial Rust scaffolding (no actual real Rust code in the kernel yet, but the infrastructure is there).

Google launches KataOS

Ned, 10/16/2022 - 18:26
Google has announced the existence of yet another new operating system, called KataOS, aimed at the creation of secure embedded systems.

As the foundation for this new operating system, we chose seL4 as the microkernel because it puts security front and center; it is mathematically proven secure, with guaranteed confidentiality, integrity, and availability. Through the seL4 CAmkES framework, we're also able to provide statically-defined and analyzable system components. KataOS provides a verifiably-secure platform that protects the user's privacy because it is logically impossible for applications to breach the kernel's hardware security protections and the system components are verifiably secure. KataOS is also implemented almost entirely in Rust, which provides a strong starting point for software security, since it eliminates entire classes of bugs, such as off-by-one errors and buffer overflows.

Saturday's stable kernel updates

Sob, 10/15/2022 - 16:25
The 6.0.2, 5.19.16, 5.15.74, 5.10.148, and 5.4.218 stable kernel updates have all been released. Among other things, these updates contain the fixes for the recently disclosed WiFi vulnerabilities.

[$] The disabling of hardware codecs in community distributions

Pet, 10/14/2022 - 16:04
Software patents affect our systems in many ways, but perhaps most strongly in the area of codecs — code that creates or plays back audio or video that has been compressed using covered algorithms. For this reason, certain formats have simply been unplayable on many Linux distributions — especially those backed by companies that are big enough to be worth suing — without installing add-on software from third-party repositories. One might think that this problem could be worked around by purchasing hardware that implements the patented algorithms, but recent activity in the Fedora and openSUSE communities shows that life is not so simple.

Security updates for Friday

Pet, 10/14/2022 - 14:51
Security updates have been issued by Debian (chromium), Fedora (dbus, dhcp, expat, kernel, thunderbird, vim, and weechat), Mageia (libofx, lighttpd, mediawiki, and python), Oracle (.NET 6.0 and .NET Core 3.1), Slackware (python3), SUSE (chromium, kernel, libosip2, python-Babel, and python-waitress), and Ubuntu (gThumb, heimdal, linux-aws, linux-gcp-4.15, linux-aws-hwe, linux-gcp, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, postgresql-9.5, and xmlsec1).

Some remotely exploitable kernel WiFi vulnerabilities

Čet, 10/13/2022 - 15:36
It would appear that there is a set of memory-related vulnerabilities in the kernel's WiFi stack that can be exploited over the air via malicious packets; five CVE numbers have been assigned to the set. Fixes are headed toward the mainline and should show up in stable updates before too long; anybody who uses WiFi on untrusted networks should probably keep an eye out for the relevant updates.

[$] A first look at Rust in the 6.1 kernel

Čet, 10/13/2022 - 14:42
There have been a lot of significant changes merged into the mainline for the 6.1 release, but one of the changes that has received the most attention will also have the least short-term effect for users of the kernel: the introduction of support for the Rust programming language. No system with a production 6.1 kernel will be running any Rust code, but this change does give kernel developers a chance to play with the language in the kernel context and get a sense for how Rust development feels. Perhaps the most likely conclusion for most developers, though, will be that there isn't yet enough Rust in the kernel to do much of anything interesting.
sfy39587f05