lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 2시간 10분 지남

[$] LWN.net Weekly Edition for January 28, 2021

6시간 28분 지남
The LWN.net Weekly Edition for January 28, 2021 is available.

An unpleasant sudo vulnerability

8시간 3분 지남
It would appear that "sudo" has a buffer-overflow vulnerability that allows any local user to gain root privileges, whether or not they are in the sudoers file. It has been there since 2011. See this advisory for details, but perhaps run an update first.

[$] A year of Python in Fedora

10시간 40분 지남
Distribution developers do a lot of work to keep a language ecosystem working well within the distribution. It is relatively thankless work that normally only becomes visible when there is a problem or complaint. But Miro Hrončok recently put together a look back at what the Fedora Python team did during 2020. While it is, obviously, Fedora-specific, it provides something of a look inside at the kinds of things that distribution teams work on.

[$] Elastic promises "open"—delivers proprietary

15시간 7분 지남
Open-source software is famously able to be used by anyone for any purpose; those are some of the keystones of the open source definition. But some companies that run open-source projects are increasingly unhappy that others are reaping some of the profits from those projects. That has led to various efforts of "license reform" meant to try to capture those profits. So far, those efforts have just led to non-open-source licenses, thus projects that are no longer open source. We are seeing that play out yet again with Elastic's mid-January announcement that it was changing the license on some of its projects.

Three stable kernels

16시간 17분 지남
Stable kernels 5.10.11, 5.4.93, and 4.19.171 have been released. They contain important fixes and users should upgrade.

Security updates for Wednesday

16시간 23분 지남
Security updates have been issued by Arch Linux (sudo), CentOS (sudo), Debian (sudo), Fedora (kernel, php-pear, and sudo), Gentoo (cacti, mutt, and sudo), Mageia (sudo), openSUSE (sudo), Oracle (sudo), Red Hat (sudo), Scientific Linux (sudo), Slackware (sudo), SUSE (go1.14, go1.15, nodejs8, and sudo), and Ubuntu (libsndfile and sudo).

Security updates for Tuesday

수, 2021/01/27 - 1:16오전
Security updates have been issued by CentOS (dnsmasq, net-snmp, and xstream), Debian (mutt), Gentoo (cfitsio, f2fs-tools, freeradius, libvirt, mutt, ncurses, openjpeg, PEAR-Archive_Tar, and qtwebengine), openSUSE (chromium, mutt, stunnel, and virtualbox), Red Hat (cryptsetup, gnome-settings-daemon, and net-snmp), Scientific Linux (xstream), SUSE (postgresql, postgresql12, postgresql13 and rubygem-nokogiri), and Ubuntu (mutt).

Firefox 85 released

수, 2021/01/27 - 12:05오전
Version 85 of the Firefox browser has been released. The headline change appears to be the isolation of internal caches to defeat the use of "supercookies" to track users; see this blog entry for details. "In fact, there are many different caches trackers can abuse to build supercookies. Firefox 85 partitions all of the following caches by the top-level site being visited: HTTP cache, image cache, favicon cache, HSTS cache, OCSP cache, style sheet cache, font cache, DNS cache, HTTP Authentication cache, Alt-Svc cache, and TLS certificate cache."

pip 21.0 has now been released

화, 2021/01/26 - 7:31오전
The Python Packaging Authority (PyPA) has announced the release of pip 21.0. This version removes Python 2.7 and 3.5 support, and drops support for legacy cache entries from pip < 20.0.

[$] The endless browser wars

화, 2021/01/26 - 2:45오전
The term "browser wars" typically refers to Microsoft's attempts to dominate the World Wide Web with its Internet Explorer browser in the 1990s. That effort was thwarted by antitrust efforts and the rise of the free browser now known as Firefox; ever since, the web has been defined by free software. Or so some may have thought. In the 2020s, the browser wars continue with the growing dominance of Chrome and, it would seem, the imminent removal of Chromium from many Linux distributions.

Security updates for Monday

화, 2021/01/26 - 12:56오전
Security updates have been issued by Debian (crmsh, debian-security-support, flatpak, gst-plugins-bad1.0, openvswitch, python-bottle, salt, tomcat9, and vlc), Fedora (chromium, python-pillow, sddm, and xen), Gentoo (chromium, dnsmasq, flatpak, glibc, kdeconnect, openjdk, python, thunderbird, virtualbox, and wireshark), Mageia (blosc, crmsh, glibc, perl-DBI, php-oojs-oojs-ui, python-pip, python-urllib3, and undertow), openSUSE (gdk-pixbuf, hawk2, ImageMagick, opera, python-autobahn, viewvc, wavpack, and xstream), Red Hat (dnsmasq), Slackware (seamonkey), SUSE (hawk2, ImageMagick, mutt, permissions, and stunnel), and Ubuntu (pound).

Kernel prepatch 5.11-rc5

화, 2021/01/26 - 12:32오전
The 5.11-rc5 kernel prepatch is out for testing. "Nothing particularly stands out. We had a couple of splice() regressions that came in during the previous release as part of the 'get rid of set_fs()' development, but they were for odd cases that most people would never notice. I think it's just that 5.10 is now getting more widely deployed so people see the fallout from that rather fundamental change in the last release."

Some weekend stable kernel updates

일, 2021/01/24 - 1:54오전
The next round of stable kernel updates is out: 5.10.10, 5.4.92, 4.19.170, 4.14.217, 4.9.253, and 4.4.253. Each contains another set of important fixes.

[$] Preserving the mobility of ZONE_MOVABLE

토, 2021/01/23 - 3:08오전
Memory fragmentation has long been a problem for Linux systems, to the point that, for years, finding even two physically contiguous pages was an uncertain affair. That said, the situation has improved considerably in the last decade or so thanks to a number of changes implemented by the memory-management developers. One of those changes is the creation of "movable" memory zones where pages can be relocated if need be. All that work is for nothing, though, if somebody comes along and pins down a page in one of these movable zones. This patch set from Pavel Tatashin seeks to prevent that from happening, but may risk creating problems elsewhere.

Security updates for Friday

금, 2021/01/22 - 11:39오후
Security updates have been issued by Debian (drupal7), Fedora (dotnet3.1), Gentoo (zabbix), openSUSE (ImageMagick and python-autobahn), and SUSE (hawk2 and wavpack).

This is 2021: what’s coming in free/libre software (Libre Arts)

금, 2021/01/22 - 6:16오전
Libre Arts (formerly Libre Graphics World) has posted a comprehensive survey of what 2021 might hold for a wide range of free content-creation software.

The topic of fullscreen color management implementation in Wayland is back, and it’s a kinda frustrating story. In a nutshell:

  • people who are now working on this (Collabora developers) seem to have little experience with color management but they appear to be motivated to hack on the code;
  • all the while people who have a crapload of experience with color management have had bad experience discussing this before, do not like the approach by the new team, and don’t seem excited to contribute to this new effort (Graeme’s spec proposal is still available).

So we might end up with an implementation that is not suitable for professional work.


Corellium: How we ported Linux to the M1

금, 2021/01/22 - 3:37오전
The Corellium blog is carrying a description of how the Linux port to the Apple M1 processor was done. "Many components of the M1 are shared with Apple mobile SoCs, which gave us a good running start. But when writing Linux drivers, it became very apparent how non-standard Apple SoCs really are. Our virtual environment is extremely flexible in terms of models it can accommodate; but on the Linux side, the 64-bit ARM world has largely settled on a well-defined set of building blocks and firmware interfaces - nearly none of which were used on the M1."

[$] Avoiding blocking file-name lookups

금, 2021/01/22 - 12:56오전
As a general rule, when one attempts to open a file with a system call like openat2(), the expectation is that the call will not return until the job is done. But there are times where the desire to open the file is conditional on being able to open it immediately, without blocking. Linux has never supported that mode well, but that may be about to change with this patch set from Jens Axboe.

Security updates for Thursday

목, 2021/01/21 - 11:33오후
Security updates have been issued by Debian (mutt), Fedora (libntlm, mingw-python-pillow, python-pillow, and sudo), Mageia (kernel), SUSE (gdk-pixbuf, perl-Convert-ASN1, samba, and yast2-multipath), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.4, linux-hwe-5.8, linux-oracle).

[$] LWN.net Weekly Edition for January 21, 2021

목, 2021/01/21 - 9:58오전
The LWN.net Weekly Edition for January 21, 2021 is available.