Hírolvasó

Security updates have been issued by Fedora (kernel, kernel-headers, kernel-tools, libinput, podman-tui, and vim), Mageia (git, gzip/xz, libdxfrw, libinput, librecad, and openscad), and SUSE (dnsmasq, git, libinput, libslirp, libxml2, netty, podofo, SDL, SDL2, and tomcat).

The 5.18-rc4 kernel prepatch is out for testing. "Fairly slow and calm week - which makes me just suspect that the other shoe will drop at some point. But maybe things are just going really well this release. It's bound to happen _occasionally_, after all."

Hot on the heels of OpenBSD 7.1's release, LibreSSL has been updated to 3.5.2!

The complete release notes may be read here: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2-relnotes.txt

Subsystem maintainers routinely use git request-pull as part of the process of sending work upstream. Normally, the result includes a list of commits included in the request and a nice diffstat that shows which files will be touched and how much of each will be changed; examples abound on the kernel mailing lists. Occasionally, though, a repository with a relatively complicated development history will yield a massive diffstat containing a great deal of unrelated work. The result looks ugly and obscures what the pull request is actually doing. This document describes what is happening and how to fix things up; it is derived from The Wisdom of Linus Torvalds, which has been posted numerous times over the years (example 1, example 2).

Security updates have been issued by Fedora (composer, golang-x-crypto, rubygem-nokogiri, wavpack, xen, and xz) and SUSE (dnsmasq, openjpeg, swtpm, tomcat, and xen).

OpenBSD 7.1 has been released. The list of changes and new features is long, as usual; see the full text, below, for all the details.

The Ubuntu 22.04 LTS release, codenamed "Jammy Jellyfish", is now available. It comes in several editions (Desktop, Server, Cloud, and Core) and multiple flavors (Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE, UbuntuStudio, and Xubuntu). Lots more information can be found in the release notes. Ubuntu Desktop 22.04 LTS gains significant usability, battery and performance improvements with GNOME 42. It features GNOME power profiles and streamlined workspace transitions alongside significant optimisations which can double the desktop frame rate on Intel and Raspberry Pi graphics drivers.

Ubuntu 22.04 LTS is the first LTS release where the entire recent Raspberry Pi device portfolio is supported, from the new Raspberry Pi Zero 2W to the Raspberry Pi 4. Ubuntu 22.04 LTS adds Rust for memory-safe systems-level programming. It also moves to OpenSSL v3, with new cryptographic algorithms for elevated security.

The Debian project leader election has completed and Jonathan Carter has been reelected for his third term. For more information, see the Debian vote page. We looked at the candidates back in March.

The world of music and audio production is largely dominated by proprietary software vendors. Among them, Steinberg stands out as a company that created some of the most-used software, including the Cubase and Nuendo digital audio workstations. Steinberg is also known as the creator of the VST plugin API that, largely due to its licensing policy, has irritated developers enough to inspire multiple attempts at creating an open-source alternative. Even now, when the VST3 SDK is available under the GPLv3 license, the way the company exercises its control over the SDK keeps pushing developers away toward other open-source solutions.

This is an introduction to open-source plugin APIs for musicians and sound engineers alike. It focuses on the options in the larger ecosystem and how their shortcomings led to the creation of new alternatives with liberal licensing.

Security updates have been issued by Fedora (frr, grafana, gzip, and pdns), Oracle (java-11-openjdk), Red Hat (java-11-openjdk and kernel), Scientific Linux (java-11-openjdk), SUSE (dcraw, GraphicsMagick, gzip, kernel, nbd, netty, qemu, SDL, and xen), and Ubuntu (libinput, linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, inux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, and linux-oem-5.14).

The long spring (or fall) wait is over, the OpenBSD project today formally released OpenBSD 7.1, the 52nd release of our favorite open source operating system.

As usual, the release page lists the main highlights of the new release, which include

• OpenBSD/arm64 contains greatly improved support for Apple M1 systems [See earlier article].
• loongson platform retired.
• Many improvements to wireless networking. iwm(4) and iwx(4) have gained 80MHz channel support [See earlier article]. mtw(4), a driver for MediaTek MT7601U Wi-Fi devices, was added [See earlier article].
• Utility realpath(1) has been added.
• httpd(8) gained support for customised error pages and pre-compressed gzip files.
• Sysctl hw.perfpolicy is now set to auto by default at startup.
• igc(4), a driver for Intel 2.5Gb Ethernet controllers, has been added.
• Mouse tracking is now disabled by default in xterm(1). Setting X resource allowMouseOps to true reinstates the earlier behaviour.
• OpenSSH has been updated to version 9.0 [See earlier article].
  • This includes support for ssh-agent restriction [See earlier article].
  • Post-quantum KEX algorithm sntrup761x25519-sha512@openssh.com is now the default.
  • sftp(1) client has gained a "cp" command that supports server-side copying of files (using the new "copy-data" protocol extension).
• The login class capability database now supports /etc/login.conf.d/${class}, and this is used by the ports system.
• Base now includes (optional) support for minimal runtime detection of undefined behaviour. As described in clang-local(1), this requires use of clang(1)'s -fsanitize-minimal-runtime flag.

The new release supports 13 distinct hardware platforms with thousands of prebuilt packages for all platforms.

If you want to delve further into the details before (or while, after) installing or upgrading to the new release, the detailed changelog has all the details. Those upgrading from the 7.0 release (or earlier) should consult the Upgrade Guide.

If you enjoy this release, please remember to donate to the project as a way of saying thanks to the developers for their work.

The OpenWrt 21.02.3 and 19.07.10 updates have been released. These updates contain some security fixes and improved device support. It's noting that this is the last 19.07 update:

OpenWrt 19.07.10 is the final release of the 19.07 release branch, this branch is now end of life and we will not fix problems on this branch any more, not even severe security problems. We encourage all users still using OpenWrt 19.07 to upgrade to OpenWrt 21.02 or more recent OpenWrt versions.

Router distributions are easy to forget about; now might be a good time to check any relevant systems and, if needed, doing an upgrade.

The LWN.net Weekly Edition for April 21, 2022 is available.

A proposal to "deprecate" support for BIOS-only systems for Fedora, by no longer supporting new installations on those systems, led to a predictably long discussion on the Fedora devel mailing list. There are, it seems, quite a few users who still have BIOS-based systems; many do not want to have to switch away from Fedora simply to keep their systems up to date. But, sometime in the future, getting rid of BIOS support seems inevitable since the burden on those maintaining the tools for installing and booting those systems is non-trivial and likely to grow over time. To head that off, a special interest group (SIG) may form to help keep BIOS support alive until it really is no longer needed.

On his blog, Tom Tromey writes about speeding up the startup of the GDB debugger. He sees 7x improvements in startup time (e.g. 2.2 to 0.3 seconds) for C++ code. GDB, essentially, had two DWARF readers. They actually shared a surprisingly small amount of code (which was an occasional source of bugs). For example, while abbrev lookup and name generation (more on that later) was shared, the actual DIE [debugging information entry] data structures were not.

The first DWARF reader created “partial symbols”, which held a name and some associated, easy-to-compute data, like the kind of symbol (variable, function, struct tag, etc). The second DWARF reader (which is still there now) is called when more information was needed about a particular symbol — say, its type. This reader reads all the DIEs in a DWARF compilation unit and expands them into gdb’s symbol table, block, and type data structures.

Both of these scans were slow, but for the time being I’ve only rewritten the first scan, as it was the one that was first encountered and most obviously painful. (I’ve got a plan to fix up the CU expansion as well, but that’s a lengthy project of its own.)

Security updates have been issued by Debian (condor), Red Hat (389-ds:1.4, container-tools:2.0, kernel, kernel-rt, and kpatch-patch), SUSE (chrony, containerd, expat, git, icedtea-web, jsoup, jsr-305, kernel, libeconf, shadow and util-linux, protobuf, python-libxml2-python, python3, slirp4netns, sssd, vim, and wpa_supplicant), and Ubuntu (bash).

The 5.17.4, 5.15.35, 5.10.112, 5.4.190, 4.19.239, 4.14.276, and 4.9.311 stable kernel updates have all been released; each contains another relatively large set of important fixes.

The Google Project Zero blog is carrying a report on zero-day vulnerabilities found to be exploited during 2021.

5 of the 7 [Android] 0-days from 2021 targeted GPU drivers. This is actually not that surprising when we consider the evolution of the Android ecosystem as well as recent public security research into Android. The Android ecosystem is quite fragmented: many different kernel versions, different manufacturer customizations, etc. If an attacker wants a capability against "Android devices", they generally need to maintain many different exploits to have a decent percentage of the Android ecosystem covered. However, if the attacker chooses to target the GPU kernel driver instead of another component, they will only need to have two exploits since most Android devices use 1 of 2 GPUs: either the Qualcomm Adreno GPU or the ARM Mali GPU.

A mega-thread in the python-ideas mailing list is hardly surprising, of course; we have covered quite a few of them over the years. A recent example helps shine a light into a dark—or at least dim—corner of the Python language: the super() built-in function for use by methods in class hierarchies. There are some, perhaps surprising, aspects to super() along with wrinkles in how to properly use it. But it has been part of the language for a long time, so changes to its behavior, as was suggested in the thread, are pretty unlikely.

Luis Falcon brings the sad news that Pedro Francisco has passed on. "Pedro created and managed MasGNULinux, a Spanish blog with news about Free Software and GNU/Linux. MasGNULinux was the best reference in the latest Free Software projects for the Spanish speaking community."