LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Updated: 14 hours 56 min ago
Tue, 07/09/2024 - 10:36
Alexander "Solar Designer" Peslyak has
disclosed another OpenSSH
vulnerability that can be exploited for remote code execution, but only
on distributions that have applied a patch to add auditing support.
Specifically, RHEL 9 and derivatives are affected, as are
Fedora 36 and 37 (but not later releases).
The main difference from CVE-2024-6387 is that the race condition
and RCE potential are triggered in the privsep child process, which
runs with reduced privileges compared to the parent server process.
So immediate impact is lower. However, there may be differences in
exploitability of these vulnerabilities in a particular scenario,
which could make either one of these a more attractive choice for
an attacker, and if only one of these is fixed or mitigated then
the other becomes more relevant.
Tue, 07/09/2024 - 10:01
Security updates have been issued by AlmaLinux (virt:rhel and virt-devel:rhel), Fedora (ghostscript, golang, httpd, libnbd, netatalk, rust-sequoia-chameleon-gnupg, rust-sequoia-gpg-agent, rust-sequoia-keystore, rust-sequoia-openpgp, and rust-sequoia-sq), Mageia (apache), Red Hat (booth, buildah, edk2, fence-agents, git, gvisor-tap-vsock, kernel, kernel-rt, less, libreswan, linux-firmware, openssh, pki-core, podman, postgresql-jdbc, python3, tpm2-tss, virt:rhel, and virt:rhel and virt-devel:rhel modules), SUSE (krb5, poppler, and python-docker), and Ubuntu (apache2, cinder, glance, nova, and Tomcat).
Tue, 07/09/2024 - 09:58
The
6.6.38 stable kernel update has been
released, without the benefit of the usual review process. It reverts some
BPF changes with patches that do not appear in the mainline (in this form,
at least). "All powerpc and arm64 users of the 6.6 kernel series must
upgrade. Everyone else probably should as well to be safe."
Tue, 07/09/2024 - 00:48
On his blog, Behdad Esfahbod has
published a lengthy and detailed look at the state of open-source text rendering. It looks at the libraries available, application support, future directions, and gives a summary analysis of the ecosystem.
In broad strokes, OpenType added support for
color fonts,
variable fonts, and the
Universal Shaping Engine. The Free & Open Source stack supports all of these advances at the lower level, but application UI support has been slower to arrive. The Open Source text stack also gained enormous market-share when Android and Google Chrome fully embraced it.
Looking forward, there is a Rust migration of the text stack underway, which will unify font compilation and consumption under a safe programming language. Incremental Font Transfer will enable streaming fonts to web browsers. And my proposed Wasm-fonts will enable more expressive fonts.
Mon, 07/08/2024 - 15:10
At DevConf.cz 2024,
Marta Lewandowska gave a talk to discuss a
new approach for booting Linux systems, "No more boot
loader: Please use the kernel instead". The talk, available on
YouTube, introduced a new project called nmbl (for "no more bootloader",
pronounced "nimble"). The idea is to get rid of bootloaders (e.g.,
GNU GRUB) with a
Unified
Kernel Image (UKI) that removes the need for a separate bootloader
altogether. It is early days for nmbl, currently the project is only
being tested for use with virtual machines, but the idea is
compelling. If successful, nmbl could offer security, performance, and
maintenance benefits compared to GRUB and other separate bootloaders.
Mon, 07/08/2024 - 11:35
Version 15.1 of the GNU debugger has been released. Changes include a
number of enhancements to GDB's Python support, some Debugger Adapter
Protocol additions, some new GDBserver options, and more.
Mon, 07/08/2024 - 11:09
Security updates have been issued by AlmaLinux (openssh), Debian (krb5), Fedora (yt-dlp), Gentoo (firefox, KDE Plasma Workspaces, Stellarium, thunderbird, and X.Org X11 library), Mageia (python-js2py and znc), Oracle (389-ds, c-ares, container-tools, cups, go-toolset, httpd:2.4/httpd, iperf3, kernel, less, libreoffice, libuv, nghttp2, openldap, openssh, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, and xmlrpc-c), Red Hat (kernel, kernel-rt, openssh, and virt:rhel and virt-devel:rhel modules), and SUSE (go1.21, go1.22, krb5, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, netty3, opera, and python-urllib3).
Sun, 07/07/2024 - 20:34
The
6.10-rc7 kernel prepatch is out for
testing.
Things remain calm, although I do suspect that part of it is that
it's been the July 4th week in the US, and a lot of Europe is
starting to go away on summer vacation.
But hey, let's not look a gift horse too closely in the
mouth. Maybe it's really just that 6.10 is shaping up well. Right?
RIGHT?
Fri, 07/05/2024 - 10:06
ISO releases new C++
language standards on a three-year cadence; now that it's been
more than a year since the finalization of
C++23, we have a good idea of what
features could be adopted for
C++26 — although proposals can
still be submitted until January 2025. Of particular interest is the addition of
support for
hazard pointers and
user-space read-copy-update (RCU).
Even though C++26 is not yet a standard, many of the proposed features are already
available to experiment with in GCC or Clang.
Fri, 07/05/2024 - 09:17
Security updates have been issued by Fedora (cockpit, python-astropy, python3-docs, and python3.12), Gentoo (BusyBox, GNU Coreutils, GraphicsMagick, podman, PuTTY, Sofia-SIP, TigerVNC, and WebKitGTK+), Mageia (chromium-browser-stable and openvpn), SUSE (cockpit, krb5, and netatalk), and Ubuntu (kopanocore, libreoffice, linux-aws, linux-oem-6.8, linux-aws-5.15, linux-azure, linux-azure-4.15, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oracle, linux-starfive-6.5, and virtuoso-opensource).
Thu, 07/04/2024 - 13:30
Random numbers, it seems, can never be random enough, and they cannot be
generated quickly enough. The kernel's
getrandom()
system call might, after years of discussion, be seen as sufficiently
secure by most users, but it is still a system call. Linux system calls
are relatively fast, but they are necessarily slower than calling a
function directly. In an attempt to speed the provision of secure random
data to user space, Jason Donenfeld has put together
an
implementation of getrandom() that lives in the
virtual dynamic
shared object (vDSO) area.
Thu, 07/04/2024 - 12:03
Security updates have been issued by AlmaLinux (389-ds, c-ares, container-tools, cups, fontforge, go-toolset, iperf3, less, libreoffice, libuv, nghttp2, openldap, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, qemu-kvm, and xmlrpc-c), Debian (znc), Fedora (firmitas and libnbd), Mageia (dcmtk, krb5, libcdio, and openssh), Oracle (golang, openssh, pki-core, and qemu-kvm), Red Hat (openssh), SUSE (apache2-mod_auth_openidc, emacs, go1.21, go1.22, krb5, openCryptoki, and openssh), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle, linux, linux-aws, linux-azure, linux-azure-5.4, linux-bluefield,
linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,
linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-kvm, linux-lts-xenial, linux, linux-gcp, linux-gcp-6.5, linux-laptop, linux-nvidia-6.5,
linux-raspi, linux, linux-gcp, linux-lowlatency, linux-lowlatency-hwe-5.15,
linux-nvidia, linux-xilinx-zynqmp, linux, linux-ibm, linux-lowlatency, linux-nvidia, linux-raspi, linux-aws, linux-aws-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5,
linux-starfive, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde,
linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm,
linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-oracle,
linux-oracle-5.15, linux-azure, linux-azure, linux-azure-6.5, linux-bluefield, linux-iot, linux-gcp, linux-intel, linux-hwe-5.15, and php7.0 and php7.2).
Wed, 07/03/2024 - 23:32
The LWN.net Weekly Edition for July 4, 2024 is available.
Wed, 07/03/2024 - 16:32
There are a handful of extensions to the "new" mount API that Christian
Brauner wanted to discuss as part of a filesystem session at
the
2024
Linux Storage,
Filesystem, Memory Management, and BPF Summit. In the session, though,
the only one that he got to was a followup to last year's
discussion on mount-operation monitoring.
There is a need for user-space programs to be able to follow mount
operations (e.g. mount and unmount) that happen in the system, especially
for tools like container
managers or systemd.
Wed, 07/03/2024 - 14:01
Debian's proposed tag2upload
service would be worthy of an article
even if it wasn't so contentious; tag2upload promises a
streamlined way for Debian developers using Git to upload packages to
the Debian
Archive. But tag2upload has been in limbo for
years due to disagreement and a communication breakdown between the team
behind tag2upload and the ftpmasters team. It took the
threat of a General
Resolution (GR), weeks of discussion, and more than
1,000 emails to finally move forward.
Wed, 07/03/2024 - 12:12
The Universal Blue
project, which produces operating system images based on Fedora's Atomic Desktops,
has issued an announcement
that manual steps are required to continue receiving updates. Jorge
Castro wrote:
If you use Bazzite, Bluefin, Aurora, or any other Universal Blue
image (including our toolboxes) then you need to follow the
instructions in this announcement in order to ensure that your device
is getting updates. We were rotating our cosign keypairs this morning,
which is the method that we use to sign our images.
During this process I made a critical error which has resulted in
forcing you to take manual steps to migrate to our newly signed
images.
This applies to all Universal Blue images released before July 2,
2024. See the full announcement for instructions. LWN covered Bluefin in
December, 2023.
Wed, 07/03/2024 - 10:42
In 2016, Oliver Smith reached a point of frustration with the short
lifespan of updates for his Android phone. Taking matters into his own
hands, he began developing
postmarketOS, a Linux distribution for
mobile phones. Eight years later, the
core team and
trusted contributors have grown to twenty individuals, while the latest
release,
v24.06,
now shows support for over 250 devices. Although postmarketOS isn't
usable as a day-to-day phone operating system on all of them, it can also enable repurposing devices into compact servers or kiosk machines.
Wed, 07/03/2024 - 10:29
Version 4.10.0 of GNU findutils has been released. Notable changes
include allowing find -name / as a valid
pattern, and accepting larger UIDs/GIDs for find -user and
find -group. It is also once again possible to build
findutils on systems with musl-libc.
Wed, 07/03/2024 - 10:25
David Rosenthal
looks
back at 40 years of the X Window System:
A major reason for Sun's early success was that they in effect
open-sourced the Network File System. X11 was open source under the
MIT license. I, and some of the other Sun engineers, understood
that NeWS could not displace X11 as the Unix standard window system
without being equally open source. But Sun's management looked at
NeWS and saw superior technology, an extension of the PostScript
that Adobe was selling, and couldn't bring themselves to give it
away.
Pages