Hírolvasó

The 6.0.4, 5.15.75, 5.10.150, 5.4.220, 4.19.262, 4.14.296, and 4.9.331 stable kernel updates have all been released; each contains a relatively large set of important fixes. The 6.0.5 update followed about 90 seconds later with a couple of additional small fixes.

Security updates have been issued by Debian (tomcat9), Oracle (389-ds-base, device-mapper-multipath, firefox, git-lfs, gnutls, kernel, kernel-container, libksba, pki-core, samba, sqlite, and zlib), Red Hat (device-mapper-multipath, kernel, kpatch-patch, libksba, and thunderbird), Slackware (expat and samba), SUSE (bind, buildah, curl, firefox, golang-github-prometheus-node_exporter, grafana, icinga2, python-paramiko, python-waitress, SUSE Manager Client Tools, telnet, and xen), and Ubuntu (glibc, jinja2, libksba, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, and openvswitch).

Lennart Poettering has posted a detailed specification for a new approach to "trusted computing" systems.

Central to the proposed design is the concept of a Unified Kernel Image (UKI). These UKIs are the combination of a Linux kernel image, and initrd, a UEFI boot stub program (and further resources, see below) into one single UEFI PE file that can either be directly invoked by the UEFI firmware (which is useful in particular in some cloud/Confidential Computing environments) or through a boot loader (which is generally useful to implement support for multiple kernel versions, with interactive or automatic selection of image to boot into, potentially with automatic fallback management to increase robustness).

This work is evidently the first in a series that will come out of the newly formed Linux Userspace API Group.

The QEMU emulator has a sizable set of storage features, including disk-image file formats like qcow2, snapshots, incremental backup, and storage migration, which are available to virtual machines. This software-defined storage functionality that is available inside QEMU has not been easily accessible outside of it, however. Kevin Wolf and Stefano Garzarella presented at KVM Forum 2022 on the new qemu-storage-daemon program and the libblkio library that make QEMU's storage functionality available even when the goal is not to run a virtual machine (VM).

Security updates have been issued by Debian (libbluray and wkhtmltopdf), Fedora (firefox, libksba, libmodsecurity, libxml2, qemu, and xmlsec1), Red Hat (389-ds-base, 389-ds:1.4, git-lfs, gnutls, java-1.8.0-ibm, kernel, kernel-rt, kpatch-patch, libksba, mysql:8.0, pki-core, postgresql:12, samba, sqlite, and zlib), Scientific Linux (389-ds-base, libksba, and pki-core), SUSE (bluez, firefox, jdom, kernel, libosip2, libxml2, multipath-tools, and python-Mako), and Ubuntu (barbican, mysql-5.7, mysql-8.0, openvswitch, and pillow).

Version 0.77 of Game of Trees has been released (and the port updated):

* got 0.77; 2022-10-24 - disallow integrating into references outside refs/heads/ (jrick) - gotwebd.conf: add syntax for defining macros and document them (op) - simplify the way 'got patch' opens a tempfile when reading from stdin - lots of refactoring to allow gotd(8) code to run without libexec helpers - more refactoring to allow gotd(8) to stream packfile data on network sockets - add missing error checking around some unlink(2) syscalls - don't crash if delta cache is missing while combining deltas; for dev builds - allow got_object_parse_tree() to reuse entries buffer allocations for speed - show a more useful error if the size of a packed object won't fit in 64 bits - switch integers used for counting objects while indexing packs to unsigned - refresh cached list of pack index paths while searching a packed object - introduce gotd(8) and gotsh(1); WIP and not yet provided in binary packages - close parent's end of imsg pipe before waiting for a child process to exit - fix detection of SIGTERM in tog; this signal was accidentally being ignored - avoid printing harmless errors that can occur when tog exits due to Ctrl-C

Of particular note is the introduction of [WIP] gotd(8)/gotd.conf(5) and gotsh(1), which provide networking support for got(1). Great stuff!

Version 3.11.0 of the Python language has been released. "In the CPython release team, we have put a lot of effort into making 3.11 the best version of Python possible. Better tracebacks, faster Python, exception groups and except*, typing improvements and much more." Among other things, this release claims a 1.22x speedup on the standard benchmark suite thanks to the Faster CPython work.

Among the many quirks that make the C language so charming is the set of behaviors that it does not define; these include whether a char variable is a signed quantity or not. The distinction often does not make a difference, but there are exceptions. Kernel code, which runs on many different architectures, is where exceptions can certainly be found. A recent attempt to eliminate the uncertain signedness of char variables did not get far — at least not in the direction it originally attempted to go.

Greg Kroah-Hartman has announced the release of the 5.19.17 stable kernel. "Note this is the LAST 5.19.y kernel to be released. This branch is now end-of-life. You should move to the 6.0.y branch at this point in time."

Alex Gaynor examines the awkwardness that comes when trying to interface Python and Rust code.

The challenge is that if you want to pass some bytes to a Rust library to parse them (or do any other processing for that matter), the library almost certainly expects a &[u8], and there’s no way to turn a &[ReadOnlyCell<u8>] into a &[u8] safely, without allocating and copying. And of course, the whole point of the Python buffer protocol is to avoid these sorts of inefficiencies.

Therefore, the regrettable solution is that, right now, there is no way to have all three of: efficiency, interoperability, and soundness.

Security updates have been issued by Debian (bluez, kernel, and lava), Fedora (ckeditor, drupal7, moby-engine, php-Smarty, and wavpack), Mageia (bind, e2fsprogs, epiphany, freerdp, kernel, kernel-linus, libconfuse, libosip2, ntfs-3g, perl-Image-ExifTool, and poppler), Oracle (firefox, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-container, and thunderbird), Scientific Linux (firefox, java-1.8.0-openjdk, and java-11-openjdk), SUSE (bluez, firefox, kernel, libxml2, and tiff), and Ubuntu (linux-gcp).

The second 6.1 kernel prepatch is out for testing. "Usually rc2 is a pretty quiet week, and it mostly started out that way too, but then things took a turn for the strange. End result: 6.1-rc2 ended up being unusually large."

The U-Boot list carries the sad news that Wolfgang Denk, the founder of the U-Boot project, has passed away.

Wolfgang was a pioneer and strong supporter of Open Source, in the time when Linux for Embedded System started its first steps. In many occasions he had strong discussions with customers to explain the advantages of Open Source, and he rejected business contracts if customer was going against his principles. We will miss him.

All memory accesses in a BPF program are statically checked for safety using the verifier, which analyzes the program in its entirety before allowing it to run. While this allows BPF programs to safely run in kernel space, it restricts how that program is able to use pointers. Until recently, one such constraint was that the size of a memory region referenced by a pointer in a BPF program must be statically known when a BPF program is loaded. A recent patch set by Joanne Koong enhances BPF to support loading programs with pointers to dynamically sized memory regions.

The 6.0.3 stable kernel update has been released; it contains over 800 important fixes.

Security updates have been issued by Fedora (poppler), Oracle (firefox and thunderbird), Red Hat (firefox, java-1.8.0-openjdk, java-11-openjdk, and java-17-openjdk), SUSE (bind, clone-master-clean-up, grafana, libksba, python3, tiff, and v4l2loopback), and Ubuntu (libreoffice).

The OpenBSD project today announced the release of the most recent version of our favorite operating system, OpenBSD 7.2.

This is the 53rd release from the OpenBSD project. Highlights of the new release include:

• Numerous SMP improvements in various parts of the network stack (including parallel IP forwarding [See earlier report])
• A new timestamp utility, ts(1)
• rc.d(8) and rcctl(8) have a new configtest action [See earlier report]
• ps(1) has a new "-f" option for displaying the parent/child hierarchy of processes as an ASCII art tree [See earlier report]
• pkg_add(1) speedup thanks to caching [See earlier report]
• New grep --null option [See earlier report]
• RAID 1C [mirroring and encryption] boot support for amd64, sparc64, and arm64 [See earlier report]
• The rekeying interval in arc4random(3) (and friends) is now randomised [See earlier report]
• Several /sbin daemons are now dynamically-linked [See earlier report]
• dhclient(8) now just logs warnings and executes ifconfig(8) [See earlier report]
• /usr/games has been removed from the default $PATH [See earlier report]

As always, the release is available for download from mirror sites all over the world; be sure to pick one that is near you, network-wise! Those upgrading from the 7.1 release (or earlier) should consult the Upgrade Guide.

Also remember to support the project with a donation, perhaps buy some swag from the OpenBSD Store, and if you are at all corporate, please go to the OpenBSD Foundation and see about becoming an official sponsor.

Thanks from all of us to the developers for delivering yet another awesome release!

Part of the early appeal of the World Wide Web was the promise that anybody could create a site and publish interesting content to the world. A few decades later, that promise seems to have been transformed into the ability to provide content for a small number of proprietary platforms run by huge corporations. But, arguably, the dream of widespread independent publishing is enjoying a resurgence. The Ghost publishing platform is built around the goal of making publishing technology — and the ability to make money from it — available with free software.

Ubuntu 22.10 has been released. "Codenamed 'Kinetic Kudu', this interim release improves the experience of enterprise developers and IT administrators. It also includes the latest toolchains and applications with a particular focus on the IoT ecosystem." See the release notes for details.