1 év 9 hónap óta
Alexander "Solar Designer" Peslyak, the longtime maintainer of the
oss-security and linux-distros mailing lists, has
announced
that this work has gained a sponsor:
After 15+ years of being a 100% volunteer effort, Openwall's
maintenance of oss-security and (linux-)distros is finally
sponsored by the OpenSSF, a project of the Linux Foundation. This
sponsorship does not provide the Linux Foundation with the ability
to set policies for community resources managed by Openwall. I am
grateful for the support, which will help ensure continued
operation of these resources on a new level while retaining
independence.
As part of this arrangement, Peslyak is now producing statistics on
vulnerability handling; the first
set for 2023 has been posted.
corbet
1 év 9 hónap óta
Fedora
39 has been released, one day after the Fedora project's 20th
anniversary. See
the list of
approved changes and
this Fedora
Magazine article for more information.
As always, we’ve updated many, many other packages as we work to
bring you the best of everything the free and open source software
world has to offer. Fedora Linux 39 includes gcc 13.2, binutils
2.40, glibc 2.38, gdb 13.2, and rpm 4.19. It also has updates to
popular programming language stacks, including Python 3.12 and Rust
1.73.
corbet
1 év 9 hónap óta
Security updates have been issued by Debian (trapperkeeper-webserver-jetty9-clojure), Mageia (libsndfile, packages, thunderbird, and x11-server), Oracle (.NET 6.0), SUSE (kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, redis, and squid), and Ubuntu (gsl).
corbet
1 év 9 hónap óta
Containers and virtual machines on Linux communicate with the world via
virtual network devices. This arrangement makes the full power of the
Linux networking stack available, but it imposes the full overhead of that
stack as well. Often, the routing of this networking traffic can be
handled with relatively simple logic; the BPF-programmable network device,
which was merged for the 6.7 kernel release, makes it possible to avoid
expensive network processing, in at least some cases.
corbet
1 év 9 hónap óta
Security updates have been issued by Debian (chromium, open-vm-tools, openjdk-17, pmix, and trafficserver), Fedora (netconsd, podman, suricata, and usd), Oracle (.NET 6.0, .NET 7.0, binutils, ghostscript, java-1.8.0-openjdk, kernel, and squid), SUSE (apache-ivy, gstreamer-plugins-bad, kernel, nodejs12, opera, poppler, rubygem-activesupport-5.2, tiff, util-linux, and virtualbox), and Ubuntu (krb5).
jake
1 év 9 hónap óta
Linus has pulled the initial GSP firmware support for nouveau. This is just the first set of work to use the new GSP firmware and there are likely many challenges and improvements ahead.
To get this working you need to install the firmware which hasn't landed in linux-firmware yet.
For Fedora this copr has the firmware in the necessary places:
https://copr.fedorainfracloud.org/coprs/airlied/nouveau-gsp/build/6593115/
Hopefully we can upstream that in next week or so.
If you have an ADA based GPU then it should just try and work out of the box, if you have Turing or Ampere you currently need to pass nouveau.config=NvGspRm=1 on the kernel command line to attempt to use GSP.
Going forward, I've got a few fixes and stabilization bits to land, which we will concentrate on for 6.7, then going forward we have to work out how to keep it up to date and support new hardware and how to add new features.
1 év 9 hónap óta
The Google Project Zero blog
celebrates
the launch of the Pixel 8 handset, the first to make use of Arm's
Memory Tagging Extension (MTE). Linux has
supported MTE since the 5.10 release in 2020,
but that support has only now shown up (in experimental form) in an
available handset.
I think this is a huge improvement for the general security of the
device - many zero-click attack surfaces involve large amounts of
unsafe C/C++ code, whether that's WebRTC for calling, or one of the
many media or image file parsing libraries. MTE is not a silver
bullet for memory safety - but the release of the first production
device with the ability to run almost all user-mode applications
with synchronous-MTE is a huge step forward, and something that's
worth celebrating!
The article includes detailed instructions for how to turn the MTE feature
on.
corbet
1 év 9 hónap óta
The
Open Enterprise Linux Association, a
joint venture founded by CIQ, Oracle, and SUSE, has
announced
its first code release.
OpenELA is excited to announce that the source code for all
packages necessary for anyone to build a derivative Enterprise
Linux operating system is now available. The initial focus is on
EL8 and EL9, and packages for EL7 are forthcoming. The project is
committed to ensuring the continued availability of EL sources to
the community indefinitely.
The organization has also announced a technical
steering committee made up of "highly experienced individuals from
the founding companies".
corbet
1 év 9 hónap óta
As of this writing, 9,842 non-merge changesets have found their way into
the mainline repository since the 6.7 merge window opened. Nearly a third
of those consist of the entire bcachefs development history but, even
discounting that, there has been a lot of material landing for the next
release. Read on for a summary of the most interesting changes pulled so
far in this development cycle.
corbet
1 év 9 hónap óta
Security updates have been issued by Debian (phppgadmin and vlc), Fedora (attract-mode, chromium, and netconsd), Red Hat (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), SUSE (kernel and roundcubemail), and Ubuntu (libsndfile).
jake
1 év 9 hónap óta
A new
stable release of
LibreSSL is out, and should be arriving on a
mirror
near you shortly.
Brent Cook (bcook@)'s
announcement reads:
We have released LibreSSL 3.8.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 3.8.x branch, also available with OpenBSD 7.4
Read more…
1 év 9 hónap óta
One of the core objectives of any confidential-computing implementation is
to protect a guest system's memory from access by actors outside of the
guest itself. The host computer and hypervisor are part of the group that
is to be excluded from such access; indeed, they are often seen as
threat in their own right. Hardware vendors have added features like memory
encryption to make memory inaccessible to the host, but such features can
be difficult to use and are not available on all CPUs, so there is ongoing
interest in software-only solutions that can improve confidentiality. The
guest-first
memory patch set, posted by Sean Christopherson and containing work by
several developers, looks poised to bring some software-based protection to
an upcoming kernel release.
corbet
1 év 9 hónap óta
Julia Evans has posted
a list of
confusing Git terms and behavior along with explanations of what is
actually going on.
“Your branch is up to date with ‘origin/main’”
This message seems straightforward – it’s saying that your main branch is
up to date with the origin!
But it’s actually a little misleading. You might think that this means that
your main branch is up to date. It doesn’t. What it actually means is – if
you last ran git fetch or git pull 5 days ago, then your main branch is up
to date with all the changes as of 5 days ago.
So if you don’t realize that, it can give you a false sense of security.
corbet
1 év 9 hónap óta
corbet
1 év 9 hónap óta
The GNU awk text-processing utility,
gawk, has released version
5.3.0. The main new features add compatibility with "
The One True Awk" (also known
as "BWK awk"); version 5.3.0 adds CSV (comma-separated values) parsing and
the ability to use \u escape sequences for Unicode code points.
Read on for other changes in the release.
jake
1 év 9 hónap óta
The
6.5.10 and
6.1.61 stable kernels have been released. As
usual, they contain important fixes throughout the kernel tree; users of
those series should upgrade.
jake
1 év 9 hónap óta
Security updates have been issued by Gentoo (Netatalk), Oracle (firefox), Red Hat (.NET 6.0, .NET 6.0, .NET 7.0, binutils, and qemu-kvm), SUSE (gcc13, tomcat, and xorg-x11-server), and Ubuntu (axis, libvpx, linux-starfive, thunderbird, and xrdp).
jake
1 év 9 hónap óta
The LWN.net Weekly Edition for November 2, 2023 is available.
corbet
1 év 9 hónap óta
LWN.net is looking to hire a full-time writer/editor to help us keep the
news flowing and to expand our content in areas of interest to our readers.
We are certain that the person we need is out there somewhere, and are
counting on help from LWN readers to find them. Read on for details on who
we are looking for and how we see them fitting in here.
corbet
1 év 9 hónap óta
Python functions can use both positional and keyword arguments; the latter
provide a certain level of documentation for an argument and its meaning,
while allowing them to be given in any order in a call. But it is often
the case that the name of the local variable to be passed is the same as
the keyword, which can lead to overly repetitive argument lists, at least
in some eyes. A recent proposal to shorten the syntax for calls with
these duplicate names seems to be gaining some steam—a Python Enhancement
Proposal (PEP) is forthcoming—though there are some who find it to be an
unnecessary and unwelcome complication for the language.
jake