Hírolvasó

Security updates have been issued by Fedora (kernel and webkit2gtk3), Red Hat (dhcp, dovecot, flac, freetype, fribidi, frr, gimp, grafana, guestfs-tools, httpd, kernel-rt, libtirpc, mingw-gcc, mingw-glib2, pcs, php, protobuf, python3.9, qemu-kvm, redis, speex, and swtpm), SUSE (chromium, containerized-data-importer, jhead, kubevirt stack, nodejs14, nodejs16, python-Werkzeug, and xen), and Ubuntu (golang-1.13, nginx, and vim).

A Microsoft tulajdonú GitHub platform fejlesztői a GitHub Universe 2022 eseményen bejelentették, hogy egy közvetlen kommunikációs csatornát hoznak létre biztonsági kutatók számára, ezzel támogatva a felelős sérülékenységi információmegosztást.

The post Közvetlenül a fejlesztőknek lehet jelezni a nyilvános Git repository-kban talált hibákat first appeared on Nemzeti Kibervédelmi Intézet.

NLnet Labs has put up a blog entry warning about the possible effects of the "Cyber Resilience Act" proposal in the European Commission.

We feel the current proposal misses a major opportunity. At a high level the 'essential cybersecurity requirements' are not unreasonable, but the compliance overhead can range from tough to impossible for small, or cash-strapped developers. The CRA could bring support to open-source developers maintaining the critical foundations of our digital society. But instead of introducing incentives for integrators or financial support via the CRA, the current proposal will overload small developers with compliance work.

As a general rule, one need not have worked in the technology industry for long before the value of good data backups becomes clear. Creating a backup that is truly good, though, can be a challenge if the filesystem in question is actively being changed while the backup process runs. Over the years, various ways of addressing this problem have been developed, ranging from simply shutting down the system while backups run to a variety of snapshotting mechanisms. The kernel may be about to get another approach to snapshots should the blksnap patch set from Sergei Shtepa find its way into the mainline.

Security updates have been issued by Debian (dropbear, php7.4, pixman, sysstat, and xorg-server), Fedora (mingw-expat, mingw-libtasn1, and mingw-pixman), Mageia (binutils/gdb, chromium-browser-stable, exiv2, libtiff, nodejs, pcre, pixman, wayland, and webkit2), Red Hat (device-mapper-multipath and libksba), SUSE (autotrace, busybox, libmodbus, php72, python-numpy, rustup, samba, varnish, xen, and xterm), and Ubuntu (thunderbird).

Linus has released 6.1-rc5 for testing.

But we'll see. If things don't start calming down, this may be one of those releases that need an extra week. It wasn't a particularly big merge window, but I don't particularly like how the rc's keep being on the bigger side.

The Git source-code management system exists to track changes to a set of files; the stream of commits in a Git repository reflects the change history of those files. What is seen in Git, though, is the final form of those commits; the changes that the patches themselves went through on their way toward acceptance are not shown there. That history can have value, especially while changes are still under consideration. The proposed git evolve subcommand is a recognition that changes themselves go through changes and that this process might benefit from tooling support.

Security updates have been issued by Debian (chromium and exiv2), Fedora (curl, device-mapper-multipath, dotnet6.0, mediawiki, mingw-gcc, and php-pear-CAS), Gentoo (lesspipe), Slackware (php), SUSE (git, glibc, kernel, libarchive, python, python-rsa, python3-lxml, rpm, sudo, xen, and xwayland), and Ubuntu (wavpack).

The 5.4.224, 4.19.265, 4.14.299, and 4.9.333 stable kernel updates have been released; each contains another set of important fixes.

Note that 6.0.8, 5.15.78, 5.10.154 went into the review process at the same time, but have not yet been released.

We have finally added a set of dark mode defaults to the customization options for the site for those who prefer the dark side. Thanks to all the readers who have asked for this; apologies for taking so long to do it. The defaults seem good, but we are not dark-mode users, so please let us know if you have suggestions for improvements.

Another new feature that has been requested for some time is the ability to receive feature articles via email. These emails are currently available to subscribers at the "Project Leader" level and higher; interested subscribers can sign up for the "Features" list on the mailing-lists page.

The GitHub Copilot offering claims to assist software developers through the application of machine-learning techniques. Since its inception, Copilot has been followed by controversies, mostly based on the extensive use of free software to train the machine-learning engine. The announcement of a class-action lawsuit against Copilot was thus unsurprising. The lawsuit raises all of the expected licensing questions and more; while some in our community have welcomed this attack against Copilot, it is not clear that this action will lead to good results.

Security updates have been issued by Debian (libjettison-java and xorg-server), Slackware (sysstat and xfce4), SUSE (python3 and xen), and Ubuntu (firefox).

Version 0.79 of Game of Trees has been released (and the port updated):

* got 0.79; 2022-11-08 - repair build on OpenBSD/sparc64 (patch by Ted Bullock) - fix crash in gotd if client gets disconnected on error (reported by Mikhail) - fix crash in got-send-pack when server does not announce any capabilities - make gotd work as intended on an empty repository - prevent freeing of bogus pointers in got_inflate_end() and got_deflate_end() - reduce delta cache size to avoid running out of memory on large pack files - add missing free of delta buffers in several error paths - make 'got clone -b' work for repositories which lack a valid HEAD reference - use sub-second precision when checking for objects/pack/ modification - fix capabilities announced by gotsh when no references exist in repository

The LWN.net Weekly Edition for November 10, 2022 is available.

At the end of our earlier article on John Ousterhout's talk at Netdev 0x16, he had concluded that TCP was unsuitable for data-center environments for a variety of reasons. He also argued that there was no way to repair TCP so that it could serve the needs of data-center networking. In order for software to be able to use the full potential of today's networking hardware, TCP needs to be replaced with a protocol that is different in almost every way, he said. The second half of the talk covered the Homa transport protocol that he and others at Stanford have been working on as a possible replacement for TCP in the data center.

Security updates have been issued by Debian (vim, webkit2gtk, and wpewebkit), Fedora (mingw-python3, vim, webkit2gtk3, webkitgtk, and xen), Mageia (389-ds-base, bluez, ffmpeg, libtasn1, libtiff, libxml2, and mbedtls), Red Hat (kpatch-patch and linux-firmware), SUSE (conmon, containerized data importer, exim, expat, ganglia-web, gstreamer-0_10-plugins-base, gstreamer-0_10-plugins-good, gstreamer-plugins-base, gstreamer-plugins-good, kernel, kubevirt, protobuf, sendmail, and vsftpd), and Ubuntu (libzstd, openjdk-8, openjdk-lts, openjdk-17, openjdk-19, php7.2, php7.4, php8.1, and pixman).

SSH is a well-known mechanism for accessing remote computers in a secure way; thanks to its use of cryptography, nobody can alter or eavesdrop on the communication. Unfortunately, SSH is somewhat cumbersome when connecting to a host for the first time; it's also tricky for a server administrator to provide time-limited access to the server. SSH certificates can solve these problems.

Version 7.0 of Texinfo, the GNU Project's documentation system, has been released. There are a number of changes here, the biggest of which may be the ability to produce output in the EPUB format.

Security updates have been issued by Debian (pixman and sudo), Fedora (mingw-binutils and mingw-gdb), Red Hat (bind, bind9.16, container-tools:3.0, container-tools:4.0, container-tools:rhel8, dnsmasq, dotnet7.0, dovecot, e2fsprogs, flatpak-builder, freetype, fribidi, gdisk, grafana, grafana-pcp, gstreamer1-plugins-good, httpd:2.4, kernel, kernel-rt, libldb, libreoffice, libtiff, libxml2, mingw-expat, mingw-zlib, mutt, nodejs:14, nodejs:18, openblas, openjpeg2, osbuild, pcs, php:7.4, php:8.0, pki-core:10.6 and pki-deps:10.6, poppler, protobuf, python27:2.7, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, qt5, redis:6, rsync, unbound, virt:rhel, virt-devel:rhel, wavpack, webkit2gtk3, xmlrpc-c, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), SUSE (exiv2, expat, rubygem-nokogiri, sudo, and vsftpd), and Ubuntu (isc-dhcp, libraw, sqlite3, and tiff).

Martin Pieuchot (mpi@) has committed a change unlocking the mmap(2), munmap(2), and mprotect(2) system calls:

CVSROOT: /cvs Module name: src Changes by: mpi@cvs.openbsd.org 2022/11/08 04:05:57 Modified files: sys/kern : syscalls.master Log message: Mark mmap(2), munmap(2) and mprotect(2) as NOLOCK. Accesses to data structures used by these syscalls are serialized by the VM map lock with the exception of file mappings which are still protected by the KERNEL_LOCK(). Unlocking this set of syscalls improves most of userland workloads. Tested by many including robert@ (since 2 years), mlarkin@, kn@, sdk@, jca@, aoyama@, naddy@, Scott Bennett and others. Thanks to all! Joint work with kn@. ok robert@, aja@, kettenis@, kn@, deraadt@, beck@

The improvement in workload performance can be quite marked. Following Martin's request for testing, Mike Larkin (mlarkin@) reported build performance improvement of over 12%!