LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Posodobljeno: 18 min 47 sec nazaj
Pet, 10/13/2023 - 16:07
Version
23.10 of the Ubuntu distribution is out. Changes include support for
hardware-backed full-disk encryption, tighter control over user namespaces,
a new App Center application, and more.
Pet, 10/13/2023 - 15:45
Version
23.05.0 of the OpenWrt distribution has been released: "OpenWrt
23.05 supports over 1790 devices. Support for over 200 new devices was
added in addition to the device support by OpenWrt 22.03". Along with
new device support, this release features a switch to the mbedtls
cryptographic library, the ability to include utilities written in Rust, an
updated toolchain, and more.
Pet, 10/13/2023 - 15:01
Security updates have been issued by Debian (chromium, tomcat9, and webkit2gtk), Fedora (cacti, cacti-spine, grafana-pcp, libcue, mbedtls, samba, and vim), Oracle (kernel, libvpx, and thunderbird), Red Hat (bind and galera, mariadb), SUSE (exiv2, go1.20, go1.21, and kernel), and Ubuntu (ffmpeg).
Tor, 10/10/2023 - 19:03
Back at the end of July, the Python steering council
announced
its intention to approve the proposal to make the global interpreter lock
(GIL) optional over the next few Python releases. The details of that
acceptance are still being decided on, but work on the feature is
proceeding—in discussion form at least. Beyond that, though, there are
efforts underway to solve that hardest of problems in computer
science, naming, for the no-GIL version.
Tor, 10/10/2023 - 14:47
The GitHub blog
describes
a vulnerability in the libcue library (which is used by the GNOME
desktop) that can be exploited by a remote attacker to run code on a
desktop system if the target can be convinced to click on a malicious link.
The video shows me clicking a link in a webpage, which causes a cue
sheet to be downloaded. Because the file is saved to ~/Downloads,
it is then automatically scanned by tracker-miners. And because it
has a .cue filename extension, tracker-miners uses libcue to parse
the file. The file exploits the vulnerability in libcue to gain
code execution and pop a calculator.
Tor, 10/10/2023 - 14:27
Security updates have been issued by Fedora (chromium, firefox, and kernel), Gentoo (less and libcue), Red Hat (bind, libvpx, nodejs, and python3), Scientific Linux (firefox and thunderbird), SUSE (conmon, go1.20, go1.21, shadow, and thunderbird), and Ubuntu (libcue, ring, and ruby-kramdown).
Pon, 10/09/2023 - 15:55
The
Linux Containers project has
announced
the release version 0.1 of the
Incus system container and
virtual-machine manager, which is a community-led fork of Canonical's
LXD. Incus 0.1 "is roughly
equivalent to LXD 5.18 but with a number of breaking changes on top of the
obvious rename". There have been some changes made in the two months
since the fork:
With this initial release of Incus, we took the opportunity to remove a lot
of unused or problematic features from LXD. Most of those changes are
things we would have liked to do in LXD but couldn’t due to having strong
guarantees around backward compatibility.
Incus will be similarly strict with backward compatibility in the future,
but as this is the first release of the fork, it was our one big
opportunity to change things.
That said, the API and CLI are still extremely close to what LXD has,
making it trivial if not completely seamless to port from LXD to Incus.
There is an
online
version of Incus for those interested in giving it a try.
Pon, 10/09/2023 - 15:50
One of the significant features added to the mainline kernel during the 6.6
merge window was multi-grain timestamps, which allow the kernel to
selectively store file modification times with higher resolution without
hurting performance. Unfortunately, this feature also caused some
surprising regressions, and was quickly ushered back out of the kernel as a
result. It is instructive to look at how this feature went wrong, and how
the developers involved plan to move forward from here.
Pon, 10/09/2023 - 15:23
Security updates have been issued by Debian (freerdp2, gnome-boxes, grub2, inetutils, lemonldap-ng, prometheus-alertmanager, python-urllib3, thunderbird, and vinagre), Fedora (freeimage, fwupd, libspf2, mingw-freeimage, thunderbird, and vim), Gentoo (c-ares, dav1d, Heimdal, man-db, and Oracle VirtualBox), Oracle (bind, bind9.16, firefox, ghostscript, glibc, ImageMagick, and thunderbird), Slackware (netatalk), SUSE (ImageMagick, nghttp2, poppler, python, python-gevent, and yq), and Ubuntu (bind9 and vim).
Ned, 10/08/2023 - 22:11
Linus has released
6.6-rc5 for testing.
"Things are back to normal, and we have a networking pull this
week."
Pet, 10/06/2023 - 17:18
Red Hat has
announced
that its longstanding "rhsa-announce" mailing list will be shut down on
October 10. That is the list that receives security advisories for
Red Hat Enterprise Linux and a whole slew of related products. Anybody who
was counting on that list for Red Hat security advisories will need to find
an alternative; a few options are listed in the announcement.
Pet, 10/06/2023 - 15:49
The latest round of stable kernels,
6.5.6,
6.1.56, and
5.15.134, have been released. Each contains a
fairly large collection of important fixes throughout the kernel tree.
Pet, 10/06/2023 - 15:38
On its surface, the BPF virtual machine resembles many other computer
architectures; it has registers and instructions to perform the usual
operations. But there is a key difference: BPF programs must pass the
kernel's verifier before they can be run. The verifier imposes a long list
of additional restrictions so that it can prove to itself that any given
program is safe to run; getting past those checks can be a source of
frustration for BPF developers. At the
2023 GNU Tools Cauldron,
José Marchesi looked at the problem of compiling for verified architectures
and how the compiler can generate code that will pass verification.
Pet, 10/06/2023 - 15:34
Security updates have been issued by Debian (grub2, libvpx, libx11, libxpm, and qemu), Fedora (firefox, matrix-synapse, tacacs, thunderbird, and xrdp), Oracle (glibc), Red Hat (bind, bind9.16, firefox, frr, ghostscript, glibc, ImageMagick, libeconf, python3.11, python3.9, and thunderbird), Scientific Linux (ImageMagick), SUSE (kernel, libX11, and tomcat), and Ubuntu (linux-hwe-5.15, linux-oracle-5.15).
Čet, 10/05/2023 - 21:52
Ferrous Systems has
announced
that its Ferrocene Rust compiler will be released under the Apache-2.0 and
MIT licenses.
Ferrocene is the main Rust compiler - rustc - but quality managed
and qualified for use in automotive and industrial environments
(currently by ISO 26262 and IEC 61508) by Ferrous Systems. It
operates as a downstream to the Rust project, further increasing
its testing and quality on specific platforms.
The license is free, but this is not being run as an open-source project;
specifically, contributions from the "general public" are not accepted.
Čet, 10/05/2023 - 15:26
Hardening the Linux kernel is an endless task, with work required on
multiple fronts. Sometimes, that work is not done in the kernel itself;
other tools, including compilers, can have a significant role to play.
At the
2023 GNU Tools
Cauldron, Qing Zhao covered some of the work that has been done in the
GCC compiler to help with the hardening of the kernel — along with work
that still needs to be done.
Čet, 10/05/2023 - 15:11
Security updates have been issued by Debian (chromium, libx11, and libxpm), Fedora (ckeditor, drupal7, glibc, golang-github-cncf-xds, golang-github-envoyproxy-control-plane, golang-github-hashicorp-msgpack, golang-github-minio-highwayhash, golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, golang-github-protobuf, golang-google-protobuf, nats-server, and pgadmin4), Red Hat (firefox and thunderbird), SUSE (chromium, exim, ghostscript, kernel, poppler, python-gevent, and python-reportlab), and Ubuntu (binutils, exim4, jqueryui, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15,
linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15,
linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia,
linux-oracle, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4,
linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle,
linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2,
linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm,
linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi,
linux-starfive, linux-kvm, linux-oem-6.1, nodejs, and python-django).
Čet, 10/05/2023 - 02:17
The LWN.net Weekly Edition for October 5, 2023 is available.
Sre, 10/04/2023 - 22:14
The
eBPF in-kernel virtual machine is
approaching its tenth anniversary as part of Linux; it has grown into a
tool with many types of uses in the ecosystem. Alexei Starovoitov, who
was the creator of eBPF and did much of the development of it, especially
in the early going, gave the opening talk at
Linux
Security Summit Europe 2023 on the relationship between BPF and
security. In it, he related some interesting history, from a somewhat
different perspective than what is often described, he said. Among other
things, it shows how BPF
has been both a security problem and a security solution along the way.