Hírolvasó

The Rust project has announced the formation of the Rust Leadership Council, which will take the place of the existing Core Team and Leadership Chat groups.

The Council will assume responsibility for top-level governance concerns while most of the responsibilities of the Rust Project (such as maintenance of the compiler and core tooling, evolution of the language and standard libraries, administration of infrastructure, etc.) remain with the nine top level teams.

The details on how this body is supposed to work can be found in RFC 3392.

Security updates have been issued by Debian (libxpm and php7.3), Fedora (chromium), Mageia (kernel, kernel-linus, and sysstat), Red Hat (c-ares), SUSE (libwebp), and Ubuntu (cups-filters, libjettison-java, and libsvgpp-dev).

Theo de Raadt (deraadt@) committed changes which result in the shutdown(8) and reboot(8) commands (in -current) requiring membership of the the (new) group "_shutdown". The commit message explains the rationale:

Read more…

Drew DeVault has announced the launch of a new web site that is intended to be a better introduction to the free-software community.

Some of my criticisms focused on the message: fsf.org and gnu.org together suffer from no small degree of incomprehensibility and inaccessibility which makes it difficult for new participants to learn about the movement and apply it in practice to their own projects.

This is something which is relatively easily fixed!

In the fast-moving open-source world, programs can come and go quickly; a tool that has many users today can easily be eclipsed by something better next week. Even in this environment, though, some programs endure for a long time. As an example, consider the PostgreSQL database system, which traces its history back to 1986. Making fundamental changes to a large code base with that much history is never an easy task. As fundamental changes go, moving PostgreSQL away from its process-oriented model is not a small one, but it is one that the project is considering seriously.

Security updates have been issued by Debian (golang-go.crypto, maradns, requests, sofia-sip, and xmltooling), Fedora (chromium, iaito, iniparser, libX11, matrix-synapse, radare2, and thunderbird), Red Hat (c-ares, jenkins and jenkins-2-plugins, and texlive), SUSE (bluez, chromium, go1.19, go1.20, jetty-minimal, kernel, kubernetes1.18, kubernetes1.23, kubernetes1.24, libX11, open-vm-tools, openvswitch3, opera, syncthing, and xen), and Ubuntu (libcap2, libpod, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, linux, linux-aws, linux-lowlatency, linux-raspi, linux-oem-5.17, linux-oem-6.1, pypdf2, and qemu).

Új legfelső szintű tartománynevek (angolul top-level domainek, röviden: TLD-k) kerülnek bevezetésre, aminek kapcsán több kiberbiztonsági szakértő is kifejezte aggodalmát. Úgy tűnik nem ok nélkül, a nemzetközileg is ismert itsec szakember, mr.d0x demonstrálta, hogyan lehet visszaélni a .ZIP végződésű domainekkel.

The post Igen, lehet trükközni a ZIP domainekkel first appeared on Nemzeti Kibervédelmi Intézet.

The 6.4-rc7 kernel prepatch is out for testing. "Nothing particular stands out in the rc this week, unless you count the mptcp selftest changes that are about making the tests work on stable kernels too."

The OpenBSD project has released version 7.3.0p0 of OpenSMTPD, the project's SMTP server. The announcement reads in part:

Changes in this release: ======================== Includes the following security fixes: - OpenBSD 7.2 errata 20 "smtpd(8) could abort due to a connection from a local, scoped ipv6 address" - OpenBSD 7.2 errata 22 "Out of bounds accesses in libc resolver" Configuration changes: - The certificate to use is now selected by looking at the names found in the certificates themselves rather than the `pki` name. The set of certificates for a TLS listener must be defined explicitly by using the `pki` listener option multiple times.

The registration for this year's Linux Plumbers Conference (LPC) is now open. It will be held November 13-15 in Richmond, Virginia in the US. The attend page has all of the details. Meanwhile, some of the calls for proposals are still open, though the microconferences CFP is closed; this year's proposed microconference topics are listed here. Those who want to attend should note: "As usual we expect to sell [out] rather quickly so don't delay your registration for too long!"

The bcachefs filesystem, and the process for getting it upstream, were the topics of a session led remotely by Kent Overstreet, creator of bcachefs, at the 2023 Linux Storage, Filesystem, Memory-Management and BPF Summit. He has also discussed bcachefs in previous editions of the summit, first in 2018 and at last year's event; in both of those cases, the question of getting bcachefs merged into the mainline kernel came up, but that merge has not happened yet. This time around, though, Overstreet seemed closer than ever to being ready to actually start that process.

We’re happy to announce that registration for LPC 2023 is now open. To register please go to our attend page.

To try to prevent the instant sellout we had last year we’ve updated our cancellation policy to no refunds only transfers of registrations. You will find more details during the registration process. LPC 2023 follows the Linux Foundation’s health & safety policy.

As usual we expect to sell our rather quickly so don’t delay your registration for too long!

The fifth conference on Power Management and Scheduling in the Linux Kernel (abbreviated "OSPM") was held on April 17 to 19 in Ancona, Italy. LWN was not there, unfortunately, but the attendees of the event have gotten together to write up summaries of the discussions that took place and LWN has the privilege of being able to publish them. Reports from the second day of the event appear below.

Security updates have been issued by Debian (chromium, openjdk-17, and wireshark), Fedora (iniparser, mariadb, mingw-glib2, perl-HTML-StripScripts, php, python3.7, and syncthing), Oracle (.NET 6.0, c-ares, kernel, nodejs, and python3.9), Slackware (libX11), SUSE (amazon-ssm-agent and chromium), and Ubuntu (gsasl, libx11, and sssd).

The developers working on improving the speed of the CPython interpreter have posted a plan describing their objectives for the Python 3.13 release. The biggest piece appears to be the tier-2 optimizer, which will optimize larger chunks of Python code: "https://github.com/faster-cpython/ideas/issues/557".

The C language does not provide the sort of resource-management features found in more recent languages. As a result, bugs involving leaked memory or failure to release a lock are relatively common in programs written in C — including the kernel. The kernel project has never limited itself to the language features found in the C standard, though; kernel developers will happily use extensions provided by compilers if they prove helpful. It looks like a relatively simple compiler-provided feature may lead to a significant change in some common kernel coding patterns.

Darrick Wong has been doing work on XFS online repair for a number of years and things are getting to the point where most of the filesystem-internal work has been completed and is under review. The work remaining mostly concerns the user-space side to set up a periodic scan and repair cycle, so he wanted to discuss what user space needs from this kind of feature in a filesystem session at the 2023 Linux Storage, Filesystem, Memory-Management and BPF Summit that he led remotely. The session may not have gone quite as he hoped, as it got somewhat derailed by topics that spilled over from the earlier session on unprivileged image mounts.

Security updates have been issued by Debian (webkit2gtk), Fedora (python-django-filter and qt), Mageia (cups, firefox/nss, httpie, thunderbird, and webkit2), Red Hat (.NET 6.0, .NET 7.0, c-ares, firefox, jenkins and jenkins-2-plugins, nodejs, nodejs:18, python3, python3.11, python3.9, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (frr, opensc, python3, and rekor), and Ubuntu (c-ares, glib2.0, libcap2, linux-intel-iotg-5.15, pano13, and requests).

The LWN.net Weekly Edition for June 15, 2023 is available.

Robert Haas looks at the advantages and disadvantages of how documentation for PostgreSQL is written.

The strengths of this process are also its weaknesses. A developer is, by definition, someone who spends the majority of their time doing development, which is to say writing code. Updating the documentation becomes a task that must be completed so that the code one has written can get committed so that one can move on to the next project and write some more code. If a change to the documentation would be beneficial but is unrelated to any particular patch, it's not likely to get done.

The results are, in a certain sense, pretty comical.