Odprtokodni pogled

Opensource view


Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Posodobljeno: 10 min 40 sec nazaj

[$] Fedora, FFmpeg, Firefox, Flatpak, and Fusion

Čet, 06/16/2022 - 16:22
Fedora's objective to become the desktop Linux distribution of choice has long been hampered by Red Hat's risk-averse legal department, which strictly limits the type of software that Fedora can ship. Specifically, anything that might be encumbered by patents is off-limits, with the result that much of the media that users might find on the net is unplayable. This situation has improved over the years as the result of a lot of work within the Fedora project, but it still puts Fedora at a disadvantage relative to some other distributions. A recent discussion on video support, though, shines a light on how some surprising legal reasoning may be providing a way out of this problem; that way may not be pleasing to all involved, however.

Stable kernels released to address the processor MMIO stale-data vulnerabilities

Čet, 06/16/2022 - 13:36
Seven new stable kernels have been released: 5.18.5, 5.15.48, 5.10.123, 5.4.199, 4.19.248, 4.14.284, and 4.9.319. All contain a small set of patches to address the recently disclosed processor MMIO stale-data vulnerabilities; users of those series should upgrade.

Security updates for Thursday

Čet, 06/16/2022 - 13:17
Security updates have been issued by Fedora (containerd, golang-github-containerd-cni, golang-github-containernetworking-cni, golang-x-sys, kernel, and qt5-qtbase), Oracle (kernel, kernel-container, microcode_ctl, subversion:1.14, and xz), Red Hat (.NET 6.0, .NET Core 3.1, cups, and xz), Scientific Linux (xz), SUSE (caddy, chromium, librecad, libredwg, varnish, and webkit2gtk3), and Ubuntu (bluez).

[$] LWN.net Weekly Edition for June 16, 2022

Čet, 06/16/2022 - 02:32
The LWN.net Weekly Edition for June 16, 2022 is available.

[$] LWN.net Weekly Edition for June 16, 2022

Čet, 06/16/2022 - 02:32
The LWN.net Weekly Edition for June 16, 2022 is available.

[$] Remote participation at LSFMM

Sre, 06/15/2022 - 21:01
As with many conferences these days, the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM) had a virtual component. The main rooms were equipped with a camera trained on the podium, thus the session leader, so that remote participants could watch; this camera connected into a Zoom conference that allowed participation from afar. In a session near the end of the conference, led by conference organizer Josef Bacik, remote participants were invited to share their experiences—on camera—with those who were there in person. It was an opportunity to discuss what went right—and wrong—with an eye toward improving the experience for future events.

[$] A discussion on readahead

Sre, 06/15/2022 - 16:55
Readahead is an I/O optimization that causes the system to read more data than has been requested by an application—in the belief that the extra data will be requested soon thereafter. At the 2022 Linux Storage, Filesystem, Memory-management and BPF Summit (LSFMM), Matthew Wilcox led a session to discuss readahead, especially as it relates to network filesystems, with assistance from Steve French and David Howells. The latency of the underlying storage needs to factor into the calculation of how much data to read in advance, but it is not entirely clear how to do so.

Processor MMIO stale-data vulnerabilities

Sre, 06/15/2022 - 16:45
The mainline kernel has just received a set of patches addressing a new set of (seemingly) Intel-specific hardware vulnerabilities.

Processor MMIO Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) vulnerabilities that can expose data. The sequences of operations for exposing data range from simple to very complex. Because most of the vulnerabilities require the attacker to have access to MMIO, many environments are not affected. System environments using virtualization where MMIO access is provided to untrusted guests may need mitigation. These vulnerabilities are not transient execution attacks. However, these vulnerabilities may propagate stale data into core fill buffers where the data can subsequently be inferred by an unmitigated transient execution attack. Mitigation for these vulnerabilities includes a combination of microcode update and software changes, depending on the platform and usage model.

Three separate CVE numbers have been issued for variants of this vulnerability; more information can be found in this documentation patch. Stable updates containing these fixes are in the review process and should be released shortly.

CFP for the Kernel and Maintainers Summits

Sre, 06/15/2022 - 15:17
The 2022 Kernel Summit and Maintainers Summit will be held in Dublin; the Kernel Summit will run as part of the Linux Plumbers Conference (September 12-14) while the Maintainers Summit will be on September 15. The call for proposals for both events has been posted. The deadline for the Kernel Summit is tight (June 19), so this is not the time for anybody wanting to speak to procrastinate.

Security updates for Wednesday

Sre, 06/15/2022 - 14:19
Security updates have been issued by Red Hat (.NET 6.0 and log4j), SUSE (389-ds, grub2, kernel, openssl-1_1, python-Twisted, webkit2gtk3, and xen), and Ubuntu (php7.2, php7.4, php8.0, php8.1 and util-linux).