3 hónap 3 hét óta
Linus has
released the 6.14 kernel, a bit
later than expected:
So it's early Monday morning (well - early for me, I'm not really a
morning person), and I'd love to have some good excuse for why I
didn't do the 6.14 release yesterday on my regular Sunday afternoon
release schedule.
I'd like to say that some important last-minute thing came up and
delayed things.
But no. It's just pure incompetence.
See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.14 page
for details on what's new in this release.
corbet
3 hónap 3 hét óta
The adoption of open-source software in governments has had its ups and
downs. While open source seems like a "no-brainer", it turns out that
governments can be surprisingly resistant to using FOSS for a variety of
reasons. Federico González Waite spoke in the Open Government track at
SCALE 22x in Pasadena,
California to recount his
experiences
working with and for the Mexican government. He led multiple projects
to switch away from proprietary, often predatory, software companies with
some success—and failure.
jake
3 hónap 3 hét óta
Security updates have been issued by Debian (libxslt, mercurial, and webkit2gtk), Fedora (chromium, dotnet8.0, ffmpeg, jupyterlab, and kitty), Mageia (expat and libxslt), Red Hat (pcs), SUSE (apptainer, chromium, kernel, libarchive, mercurial, python311, radare2, xorg-x11-server, and zvbi), and Ubuntu (golang-github-cli-go-gh-v2 and nltk).
jake
3 hónap 3 hét óta
Greg Kroah-Hartman has announced the release of the 6.13.8, 6.12.20, and 6.6.84 stable kernels. Each contains a
number of important fixes throughout the kernel tree; users of those
series should upgrade.
jzb
3 hónap 3 hét óta
The Open Source Initiative
(OSI) has announced
the results of its recent board of directors election. Ruth Suehle and
McCoy Smith are new to the board, while Carlo Piana will serve another
term. The results, however, seem tainted in the eyes of some
participants and observers. The election has been plagued by missteps
from the beginning. It has culminated with the exclusion of three
candidates for failing to meet a requirement to sign the OSI board agreement, which was added after the election was over and before results were tallied or announced.
jzb
3 hónap 3 hét óta
As a system runs and its memory becomes fragmented, allocating large,
physically contiguous regions of memory becomes increasingly difficult.
Much effort over the years has gone into avoiding the need to make such
allocations whenever possible, but there are times when they simply cannot
be avoided. The kernel's
contiguous memory
allocator (CMA) subsystem attempts to make such allocations possible,
but it has never been a perfect solution. Suren Baghdasaryan is is trying
to improve that situation with the
guaranteed
contiguous memory allocator patch set, which includes work from Minchan
Kim as well.
corbet
3 hónap 3 hét óta
Julien Malka has
called for the NixOS project to use build-reproducibility to detect when a program has a maintainer-generated tarball that results in a different artifact than building from source. There are good reasons for projects to release maintainer-generated tarballs, but since the materials included in them are usually documentation, extra build scripts, and so on, it makes sense to check that they don't influence the final build output. While this would not have stopped
last year's XZ backdoor, it would have made it harder to hide.
People are often convinced that OSS is more trustworthy than closed-source software because the code can be audited by practitioners and security professionals in order to detect vulnerabilities or backdoors. In this instance, this procedure has been made difficult by the fact that part of the code activating the backdoor was not included in the sources available within the git repository but was instead present in the maintainer-provided tarball. While this was used to hide the backdoor out of sight of most investigating eyes, this is also an opportunity for us to improve our software supply chain security processes.
daroc
3 hónap 3 hét óta
Brendan Jackman has been working to try to get ahead of the next hardware CPU
vulnerability
before it gets discovered. In January, he posted the second version of
a patch set that introduces
address-space isolation (ASI) as a way of
preventing future CPU vulnerabilities from leaking important
information. The core concept is to ensure that data that is not currently
needed is not present in memory, so that speculative execution cannot leak it.
The work is nowhere near ready to be incorporated into the mainline
kernel — not least of all because it has a large performance impact in its
current form — but it is likely to once again be a topic of discussion at the
2025
Linux Filesystem, Memory Management, and BPF Summit.
daroc
3 hónap 3 hét óta
Raspberry Pi has
announced rpi-image-gen,
a tool to create custom software images for its devices.
rpi-image-gen is a Bash orientated scripting engine capable of
producing software images with different on-disk partition layouts,
file systems and profiles using collections of metadata and a defined
flow of execution. It provides the means to create a highly customised
software image for your Raspberry Pi device. rpi-image-gen is human
readable, auditable and easy to use.
The Git repository for rpi-image-gen has a number of examples
to help users get started making their own custom images.
jzb
3 hónap 3 hét óta
The Asahi Linux project, working to support Linux on Apple hardware, has
published
a
progress report to coincide with the 6.14 kernel release.
Now that Rust for Linux abstractions are starting to be merged at a
healthy pace, we are faced with an emerging challenge. It is rare
for any kernel patch to survive the mailing list without at least a
couple of non-trivial changes, and Rust abstractions are no
exception. Every time an abstraction used by our driver is merged,
we must drop our downstream version and rebase the driver atop the
version accepted upstream. This is grueling, menial, and
unpleasant work, and Janne has our deepest gratitude for
volunteering his time to get through it.
corbet
3 hónap 3 hét óta
Security updates have been issued by Debian (chromium), Fedora (fluent-bit, openssh, php, and webkitgtk), Mageia (freerdp), Oracle (libreoffice and webkit2gtk3), Red Hat (kernel-rt), Slackware (libarchive), SUSE (apptainer, gitea-tea, libxml2, tomcat, webkit2gtk3, and wpa_supplicant), and Ubuntu (libxslt and pam-pkcs11).
daroc
3 hónap 3 hét óta
As the
2025 Linux
Storage, Filesystem, Memory-Management, and BPF Summit (LSFMM+BPF)
approaches, the density of memory-management patches on the mailing lists
has increased. Included among those are patches aimed at improving the
reliability and performance of huge-page allocation, implementing page
promotion on tiered-memory systems, adding a different approach to
deduplicating memory, and replacing the BPF memory allocator. Read on for
an overview of each.
corbet
3 hónap 3 hét óta
Security updates have been issued by Debian (php7.4, python-django, and python3.9), Fedora (bluez, iwd, libell, and radare2), Mageia (chromium-browser-stable, mosquitto, tomcat, tomcat packages, and vim), Oracle (firefox, grub2, python3, thunderbird, and webkit2gtk3), Red Hat (fence-agents, php:7.4, and python-jinja2), SUSE (assimp-devel, crane, ffmpeg-4, freetype2, helm, kernel, kured, python-Django, python-Jinja2, python311-Django4, and tomcat), and Ubuntu (alpine, djoser, libxslt, postgresql-9.5, and valkey).
jake
3 hónap 3 hét óta
Inside this week's LWN.net Weekly Edition:
- Front: Oxidizr; Spectre mitigations; Frozen pages; Mapcount madness; Open-source risks; /e/OS.
- Briefs: Supply chain attacks; SystemRescue 12.00; Casual Make; GIMP 3.0; Git 2.49.0; GNOME 48; PeerTube 7.1; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
corbet
3 hónap 3 hét óta
GNOME 48 ("Bengaluru")
has been released. As usual, this release includes a number of new
features and enhancements including support for shortcuts in the Orca
screen reader on Wayland, new fonts, addition of image editing to
Image Viewer, and more.
GNOME 48 includes a number of notable performance improvements. The
most significant of these is the introduction of dynamic triple
buffering. This change has undergone significant review and testing
over a period of five years and improves the perceived smoothness of
changes on screen, with fewer skipped frames and more fluid
animations. This has been achieved by enhancing the concurrency
capabilities of Mutter, the GNOME display manager, and is particularly
effective at handling sudden bursts of activity.
The GNOME 48 release also adds new applications to the GNOME Circle collection,
such as Drum Machine
and the Iotas note-taking
application. See "What's new
for developers" a rundown of improvements for developers in
GNOME 48.
jzb
3 hónap 3 hét óta
Modern CPUs all have multiple hardware vulnerabilities that the kernel needs to mitigate;
the 6.13 kernel has workarounds for 14 security-sensitive CPU bugs just on x86_64.
Several of those have multiple variants,
or multiple mitigations that apply on different microarchitectures. There are
different kernel command-line options for each of these mitigations, which leads
to a confusing situation for users trying to figure out how to configure their
systems. David Kaplan recently posted
a patch set that adds a single, unified command-line option for controlling
mitigations and
simplifies the logic for detecting, configuring, and
applying them as well.
If it is merged, the patch set could
make it much easier for users to navigate the complicated web of CPU
vulnerabilities and their mitigations.
daroc
3 hónap 3 hét óta
Version 7.1
of PeerTube, a tool for
sharing videos online, has been released. Notable features in this
release include improved support for the Podcast 2.0 standard, better
playback stability, and a new view protocol enabled by default to
allow PeerTube to handle more simultaneous viewers. See the release
notes for more details.
jzb
3 hónap 3 hét óta
/e/OS is a
privacy-centric, open-source mobile operating system that
has primarily been targeted at mobile phones, with only a few
community supported images available for tablet devices. In December,
Murena—a company that sells devices with /e/OS
preinstalled—announced
that /e/OS now officially supports tablets as well, starting with the
Pixel tablet. The user experience is close enough to
mainstream alternatives to make it attractive, but there are some
under-the-hood problems that may give users pause.
jzb
3 hónap 3 hét óta
A security company called Fenrisk has posted
an overview of a pair
of claimed successful supply-chain attacks on the Fedora and openSUSE
distributions.
We successfully identified vulnerabilities in the Pagure, the Git
forge used by Fedora to store their package definitions. We also
compromised Open Build Service, the all-in-one toolchain used and
developed by the openSUSE project for compilation and packaging.
Their exploitation by malicious actors would have led to the
compromise of all the packages of the distributions Fedora and
openSUSE, as well as their downstream distributions, impacting
millions of Linux servers and desktops.
[Update: SUSE has put out a statement about the vulnerability; "While this is a serious vulnerability that needed to be fixed quickly, the impact was inaccurately described."]
corbet
3 hónap 3 hét óta
Security updates have been issued by Debian (tzdata), Fedora (expat and tigervnc), Red Hat (kernel, kernel-rt, thunderbird, and webkit2gtk3), SUSE (dcmtk), and Ubuntu (restrictedpython and uriparser).
jzb
Ellenőrizve
19 perc 50 másodperc ago
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Feliratkozás a következőre: Linux Weekly News hírcsatorna