lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 2시간 53분 지남

Kernel prepatch 5.13-rc7

4시간 28분 지남
The 5.13-rc7 kernel prepatch is out for testing. "So there's not a huge number of patches in here, and most of the patches are pretty small too. A fair number of one-liners and 'few-liners'. Which is just how I like it."

Stable kernels 5.12.12, 5.10.45, and 5.4.127

토, 2021/06/19 - 12:44오전
The 5.12.12, 5.10.45, and 5.4.127 stable kernels have been released. They contain important fixes, as usual, so users should upgrade.

[$] Protecting control dependencies with volatile_if()

토, 2021/06/19 - 12:36오전
Memory ordering issues are, as Linus Torvalds recently observed, "the rocket science of CS". Understanding memory ordering is increasingly necessary to write scalable code, so kernel developers often find themselves having to become rocket scientists. The subtleties associated with control dependencies turn out to be an especially tricky sort of rocket. A recent discussion about how to force control dependencies to be observed shows the sorts of difficulties that arise in this area.

Security updates for Friday

금, 2021/06/18 - 11:26오후
Security updates have been issued by Arch Linux (aspnet-runtime, aspnet-runtime-3.1, chromium, drupal, intel-ucode, nginx, opera, python-django, radare2, thefuck, and vivaldi), Debian (jetty9), Fedora (dogtag-pki and pki-core), openSUSE (htmldoc and postgresql10), Oracle (dhcp), SUSE (apache2, caribou, jetty-minimal, libxml2, postgresql12, python-PyJWT, python-rsa, python-urllib3, thunderbird, tpm2.0-tools, xstream, and xterm), and Ubuntu (grub2-signed, grub2-unsigned and libxml2).

[$] Landlock (finally) sets sail

금, 2021/06/18 - 3:47오전
Kernel development is not for people who lack persistence; changes can take a number of revisions and a lot of time to make it into a mainline release. Even so, the story of the Landlock security module, developed by Mickaël Salaün, seems like an extreme case; this code was merged for 5.13 after more than five years of development and 34 versions of the patch set. This sandboxing mechanism has evolved considerably since LWN covered version 3 of the patch set in 2016, so a look at what Landlock has become is warranted.

Supporting Miguel Ojeda’s Work on Rust in the Linux Kernel (Prossimo blog)

금, 2021/06/18 - 3:17오전
The Prossimo project has announced that it has contracted with Miguel Ojeda to work on Rust in the Linux kernel for the next year. Prossimo is a new name for the memory-safety projects being run by the Internet Security Research Group (ISRG), which is the organization behind the Let's Encrypt certificate authority (CA) project. Google provided the funds to enable Ojeda to work full-time on the project starting back in April.

The Linux kernel is at the heart of the modern Internet, from servers to client devices. It’s on the front line for processing network data and other forms of input. As such, vulnerabilities in the Linux kernel can have a wide-ranging impact, putting security and privacy for people, organizations, and devices at risk. Since it’s written largely in the C language, which is not memory-safe, memory safety vulnerabilities such as buffer overflows and use-after-frees are a constant concern. By making it possible to write parts of the Linux kernel in Rust, which is memory-safe, we can entirely eliminate memory safety vulnerabilities from certain components, such as drivers.

We have previously covered another Prossimo project, which provides funding for Rustls development, as well as Ojeda's work on Rust in the kernel.


Security updates for Thursday

목, 2021/06/17 - 10:40오후
Security updates have been issued by CentOS (gnupnp and postgresql), Fedora (dino, microcode_ctl, and xen), Mageia (apache, gsoap, libgd, openssh, perl-Image-ExifTool, python-bleach, and qt4 and qtsvg5), openSUSE (chromium, containerd, docker, runc, djvulibre, htmldoc, kernel, libjpeg-turbo, libopenmpt, libxml2, spice, squid, and ucode-intel), Red Hat (dhcp and glib2), SUSE (apache2, inn, java-1_8_0-openjdk, and webkit2gtk3), and Ubuntu (nettle).

[$] LWN.net Weekly Edition for June 17, 2021

목, 2021/06/17 - 9:58오전
The LWN.net Weekly Edition for June 17, 2021 is available.

[$] Fedora and supply-chain attacks

목, 2021/06/17 - 6:50오전
The specter of more events like the SolarWinds supply-chain attacks is something that concerns many in our communities—and beyond. Linux distributions provide a supply chain that obviously needs to be protected against attackers injecting malicious code into the update stream. This problem recently came up on the Fedora devel mailing list, which led to a discussion covering a few different topics. For the most part, Fedora users are protected against such attacks, which is not to say there is nothing more to be done, of course.

Seven stable kernels

목, 2021/06/17 - 12:32오전
Stable kernels 5.12.11, 5.10.44, 5.4.126, 4.19.195, 4.14.237, 4.9.273, and 4.4.273 have been released. They all contain important fixes and users should upgrade.

Security updates for Wednesday

목, 2021/06/17 - 12:19오전
Security updates have been issued by Debian (prosody, python-urllib3, and xen), Fedora (dino, dotnet3.1, dotnet5.0, and vmaf), Oracle (gupnp, kernel, and kernel-container), Red Hat (gupnp), Scientific Linux (kernel), SUSE (java-1_8_0-openjdk, kernel, snakeyaml, and xorg-x11-libX11), and Ubuntu (bluez).

[$] Audacity gets a CLA

수, 2021/06/16 - 9:23오전
The Audacity multi-track audio editor and recorder got its start in the previous century; it is a popular application that is available for multiple platforms, and it is licensed under the GPLv2 or later. But Audacity has been acquired by a newly formed organization called Muse Group; that event has caused something of an uproar in its community. The problem, at least in part, is the new Contributor License Agreement (CLA) required to contribute to Audacity.

FSFE: REUSE Booster helps Free Software projects with licensing and copyright

수, 2021/06/16 - 3:50오전
The Free Software Foundation Europe introduces REUSE Booster. REUSE is a set of best practices to make Free Software licensing easier. "With REUSE Booster, we go one step further. We invite Free Software projects to register for getting help by the FSFE's legal experts. As the name suggests, this will boost the process of adopting the best practices as well as general understanding of licensing and copyright." The registration deadline is July 8.

linux.dev mailboxes for kernel developers

수, 2021/06/16 - 1:37오전
Konstantin Ryabitsev has announced a new service providing @linux.dev mailboxes for people to use with kernel development. The documentation page has more information. "This is a BETA offering. Currently, it is only available to people listed in the MAINTAINERS file. We hope to be able to offer it to everyone else who can demonstrate an ongoing history of contributions to the Linux kernel (patches, git commits, mailing list discussions, etc)."

Security updates for Tuesday

화, 2021/06/15 - 11:50오후
Security updates have been issued by CentOS (389-ds-base, dhcp, firefox, glib2, hivex, kernel, postgresql, qemu-kvm, qt5-qtimageformats, samba, and xorg-x11-server), Fedora (kernel and kernel-tools), Oracle (kernel and postgresql), Red Hat (dhcp and gupnp), Scientific Linux (gupnp and postgresql), SUSE (postgresql10 and xterm), and Ubuntu (imagemagick).

A possible copyright-policy change for glibc

화, 2021/06/15 - 11:02오후
The GNU C Library developers are asking for comments on a proposal to stop requiring developers to assign their copyrights to the Free Software Foundation. This mirrors the recent change by GCC, except that the community is being consulted first. "The changes to accept patches with or without FSF copyright assignment would be effective on August 2nd, and would apply to all open branches. The glibc stewards, like the GCC SC, continue to affirm the principles of Free Software, and that will never change."

Aya: writing BPF in Rust

화, 2021/06/15 - 10:09오후
The first release of the Aya BPF library has been announced; this project allows the writing of BPF programs in the Rust language. "Over the last year I've talked with many folks interested in using eBPF in the Rust community. My goal is to get as many of you involved in the project as possible! Now that the rustc target has been merged, it's time to build a solid foundation so that we can enable developers to write great eBPF enabled apps".

[$] quotactl_path() becomes quotactl_fd()

화, 2021/06/15 - 7:45오전
The quotactl() system call is used to manipulate disk quotas on a filesystem; it can be used to turn quota enforcement on or off, change quotas, retrieve current usage information, and more. The 5.13 merge window brought in a new variant of that system call that was subsequently disabled due to API concerns; its replacement is now taking form.

Google's fully homomorphic encryption package

화, 2021/06/15 - 2:34오전
The Google Developers Blog has this announcement describing the release of a fully homomorphic encryption project under the Apache license. "With FHE, encrypted data can travel across the Internet to a server, where it can be processed without being decrypted. Google’s transpiler will enable developers to write code for any type of basic computation such as simple string processing or math, and run it on encrypted data. The transpiler will transform that code into a version that can run on encrypted data. This then allows developers to create new programming applications that don’t need unencrypted data." See this white paper for more details on how it all works.

Security updates for Monday

화, 2021/06/15 - 12:36오전
Security updates have been issued by Arch Linux (apache, gitlab, inetutils, isync, kube-apiserver, nettle, polkit, python-urllib3, python-websockets, thunderbird, and wireshark-cli), Debian (squid3), Fedora (glibc, libxml2, mingw-openjpeg2, and openjpeg2), Mageia (djvulibre, docker-containerd, exif, gnuchess, irssi, jasper, kernel, kernel-linus, microcode, python-lxml, python-pygments, rust, slurm, and wpa_supplicant, hostapd), openSUSE (389-ds and pam_radius), Oracle (.NET Core 3.1, container-tools:3.0, container-tools:ol8, krb5, microcode_ctl, postgresql:12, postgresql:13, and runc), Red Hat (dhcp, postgresql, postgresql:10, postgresql:12, postgresql:9.6, rh-postgresql10-postgresql, rh-postgresql12-postgresql, and rh-postgresql13-postgresql), Scientific Linux (dhcp and microcode_ctl), SUSE (ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone, crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store, freeradius-server, libjpeg-turbo, spice, and squid), and Ubuntu (rpcbind).