3 év 9 hónap óta
Security updates have been issued by CentOS (binutils, firefox, flatpak, freerdp, httpd, java-1.8.0-openjdk, java-11-openjdk, kernel, openssl, and thunderbird), Fedora (python-sport-activities-features, rpki-client, and vim), and Red Hat (devtoolset-10-annobin and devtoolset-10-binutils).
jake
3 év 9 hónap óta
The LWN.net Weekly Edition for November 18, 2021 is available.
corbet
3 év 9 hónap óta
Even encrypted data sent on the internet leaves some footprints—metadata
about where packets originate, where they are bound, and when they are sent.
Mix networks are
meant to hide that metadata by routing packets through various intermediate
nodes to try to thwart the traffic analysis used by nation-state-level
adversaries to identify "opponents" of various kinds.
Tor is perhaps the
best-known mix network, but there are others that make different
tradeoffs to increase the security of their users.
Rollercoaster
is a recently announced mechanism that extends the functionality of mix
networks in order to more efficiently communicate among groups.
jake
3 év 9 hónap óta
Security updates have been issued by CentOS (389-ds-base and libxml2), Debian (atftp, axis, and ntfs-3g), Fedora (digikam, freerdp, guacamole-server, and remmina), openSUSE (java-11-openjdk, kernel, samba, and tomcat), SUSE (firefox, java-11-openjdk, kernel, libarchive, samba, and tomcat), and Ubuntu (accountsservice, hivex, and openexr).
ris
3 év 9 hónap óta
The
5.14.19 and
5.4.160 stable kernels have been released;
these updates contain a huge number of important fixes. The equally
massive
5.15.3
and
5.10.80
updates were also intended for release but, as the result of some problems
that turned up in testing, they will be going through one
more round of review first.
corbet
3 év 9 hónap óta
The
Trojan Source vulnerabilities have been
rippling through various development
communities since their disclosure on
November 1. The oddities that can arise when handling Unicode, and
bidirectional Unicode in particular, in a programming
language have led Rust, for
example, to
check for
the problematic code points in strings and comments and, by default,
refuse to compile if they are present. Python has chosen a different path,
but work is underway to help inform programmers of the kinds of pitfalls that
Trojan Source has highlighted.
jake
3 év 9 hónap óta
Security updates have been issued by Debian (libxml-security-java), Fedora (botan2), openSUSE (drbd-utils, kernel, and samba), Red Hat (kernel and webkit2gtk3), SUSE (drbd-utils and samba), and Ubuntu (vim).
ris
3 év 9 hónap óta
Version 2.34.0 of the Git source-code management system is out.
"It is comprised of 834 non-merge commits since
v2.33.0, contributed by 109 people, 29 of which are new faces". See
this
GitHub blog post for a look at some of the more significant changes in
this release:
ort does just that: it’s a full-blown rewrite of the merge strategy
that aims to emulate the same concepts behind recursive while
avoiding many of its long-standing performance and correctness
problems. In a merge containing many renames, ort outperforms
recursive by 500x. For a series of similar merges (like in a rebase
operation), the speedup is over 9000x, in part due to ort's ability to cache and reuse
results from previous merges.
corbet
3 év 9 hónap óta
Linus Torvalds
released
5.16-rc1 and ended the 5.16 merge window on November 14, as
expected. At that point, 12,321 non-merge changesets had been pulled into
the mainline; about 5,500 since
our summary of
the first half of the merge window was written. As is usually the case,
the patch mix in the latter part of the merge window tended more toward
fixes, but there were a number other changes as well.
corbet
3 év 9 hónap óta
Security updates have been issued by Debian (ffmpeg and tomcat9), Fedora (et and kernel), openSUSE (binutils, rubygem-activerecord-5_1, samba, and tinyxml), Oracle (freerdp and httpd:2.4), Red Hat (devtoolset-11-gcc, gcc-toolset-10-binutils, kernel, kernel-rt, and kpatch-patch), and Scientific Linux (freerdp).
ris
3 év 9 hónap óta
The
5.16-rc1 kernel prepatch is out and the
merge window is closed for this cycle.
Anyway, it's not a huge release, although it's also not a
remarkably small one like 5.15 was (ok, "remarkably small" is
relative, when even such small releases have 10k+
commits).. There's a bit of everything in here, and you can look to
the appended mergelog for some kind of flavor, but I guess the
folio work is worth mentioning, since it's an unusually core thing
that we don't tend to see most releases.
corbet
3 év 9 hónap óta
3 év 9 hónap óta
Over on the Google Security blog, Jonathan Metzman
announced the release of
ClusterFuzzLite, which is "a continuous fuzzing solution that runs as part of CI/CD workflows to find vulnerabilities faster than ever before". ClusterFuzzLite is a descendant of
OSS-Fuzz, which we
looked at in 2017.
Large projects including
systemd and
curl are already using ClusterFuzzLite during code review, with positive results. According to Daniel Stenberg, author of curl, “When the human reviewers nod and have approved the code and your static code analyzers and linters can't detect any more issues, fuzzing is what takes you to the next level of code maturity and robustness. OSS-Fuzz and ClusterFuzzLite help us maintain curl as a quality project, around the clock, every day and every commit.”
[...] To learn more, check out the ClusterFuzzLite documentation. ClusterFuzzLite currently supports GitHub Actions, Google Cloud Build and Prow. We built this with CI system extensibility in mind, and adding support for other CI systems is straightforward. Please contact us if you’re interested in contributing support, or have any questions, feedback or feature requests.
jake
3 év 9 hónap óta
The memory-management subsystem remains one of the most complex parts of
the kernel, with an ongoing reliance on various heuristics for
performance. It is thus not surprising that developers continue to try to
improve its functionality. A number of memory-management patches are
currently in circulation; read on for a look at the freeing of page-table
pages, kvmalloc() flags, memory clearing, and NUMA "home nodes".
corbet
3 év 9 hónap óta
Greg Kroah-Hartman has announced the release of eight stable kernels:
5.15.2,
5.14.18,
5.10.79,
5.4.159,
4.19.217,
4.14.255,
4.9.290, and
4.4.292. They contain a relatively small set
of important fixes, but, as usual, users should upgrade.
jake
3 év 9 hónap óta
Security updates have been issued by Debian (node-tar, postgresql-11, postgresql-13, and postgresql-9.6), Fedora (autotrace, botan2, chafa, converseen, digikam, dmtx-utils, dvdauthor, eom, kxstitch, pfstools, php-pecl-imagick, psiconv, q, R-magick, radeontop, rss-glx, rubygem-rmagick, synfig, synfigstudio, vdr-scraper2vdr, vdr-skinelchihd, vdr-skinnopacity, vdr-tvguide, and WindowMaker), Mageia (kernel, kernel-linus, and openafs), openSUSE (kernel), Red Hat (freerdp), SUSE (bind and kernel), and Ubuntu (openexr, postgresql-10, postgresql-12, postgresql-13, and samba).
jake
3 év 9 hónap óta
Last week I mentioned I had the basics of h264 decode using the proposed vulkan video on radv. This week I attempted to do the same thing with Intel's Mesa vulkan driver "anv".
Now I'd previously unsuccessfully tried to get vaapi on crocus working but got sidetracked back into other projects. The Intel h264 decoder hasn't changed a lot between ivb/hsw/gen8/gen9 era. I ported what I had from crocus to anv and started trying to get something to decode on my WhiskeyLake.
I wrote the code pretty early on, figured out all the things I had to send the hardware.
The first anv side bridge to cross was Vulkan is doing H264 Picture level decode API, so it means you get handed the encoded slice data. However to program the Intel hw you need to decode the slice header. I wrote a slice header decoder in some common code. The other thing you need to give the intel hw is a number of bits of slice header, which in some encoding schemes is rounded to bytes and in some isn't. Slice headers also have a 3-byte header on them, which Intel hardware wants you to discard or skip before handing it to it.
Once I'd fixed up that sort of thing in anv + crocus, I started getting grey I-frames decoded with later B/P frames using the grey frames as references so you'd see this kinda wierd motion.
That was I think 3 days ago. I've have stared at this intently for those 3 days blaming everything from bitstream encoding to rechecking all my packets (not enough times though). I had someone else verify they could see grey frames.
Today after a long discussion about possibilities, I was randomly comparing a frame from the intel-vaapi-driver and from crocus, and I spotted a packet header, the docs say is 34 dwords long, but intel-vaapi was only encoding 16 dwords, I switched crocus to explicitly state a 16-dword length and I started seeing my I-frames.
Now the B/P frames still have issues. I don't think I'm getting the ref frames logic right yet, but it felt like a decent win after 3 days of staring at it.
The crocus code is [1]. The anv code isn't cleaned up enough to post a pointer to yet, enterprising people might find it. Next week I'll clean it all up, and then start to ponder upstream paths and shared code for radv + anv. Then h265 maybe.
[1]https://gitlab.freedesktop.org/airlied/mesa/-/tree/crocus-media-wip
3 év 9 hónap óta
While the "
Trojan Source" vulnerabilities
have, thus far, generated far more publicity than examples of actual
exploits, addressing the problem still seems like a good thing to do.
There are several places where defenses could be put into place; text
editors, being the place where developers look at a lot of code, are one
obvious example. The discussion of how to enhance Emacs in this regard has
made it clear, though, that there are multiple opinions about how an editor
should flag potential attacks.
corbet
3 év 9 hónap óta
On November 10, the
Go programming language community
celebrated the 12th anniversary of its
release as open-source software. The post covers a number of different topics, including the
consolidation of web sites at go.dev, releases and their features over the last year, as well as a look to the future:
In February, the Go 1.18 release will expand the new register-based calling convention to non-x86 architectures, bringing dramatic performance improvements with it. It will include the new Go fuzzing support. And it will be the first release to include support for generics.
Generics will be one of our focuses for 2022. The initial release in Go 1.18 is only the beginning. We need to spend time using generics and learning what works and what doesn’t, so that we can write best practices and decide what should be added to the standard library and other libraries. We expect that Go 1.19 (expected in August 2022) and later releases will further refine the design and implementation of generics as well as integrating them further into the overall Go experience.
jake
3 év 9 hónap óta
Security updates have been issued by Debian (icinga2, libxstream-java, ruby-kaminari, and salt), Fedora (awscli, cacti, cacti-spine, python-boto3, python-botocore, radeontop, and rust), Mageia (firefox, libesmtp, libzapojit, sssd, and thunderbird), openSUSE (samba and samba and ldb), SUSE (firefox, pcre, qemu, samba, and samba and ldb), and Ubuntu (firejail, linux-bluefield, linux-gke-5.4, linux-oracle, linux-oracle-5.4, linux-oem-5.10, linux-oem-5.14, and python-py).
jake