LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
업데이트: 7분 7초 지남
월, 2026/07/13 - 11:14오후
Cisco has some unusual challenges when it comes to deploying security patches
across the company's many devices running custom kernels. John Fastabend spoke
about his work preventing exploits with BPF at the 2026
Linux Storage,
Filesystem, Memory-Management, and BPF Summit.
The technique could substantially reduce the time necessary to respond to kernel
vulnerabilities, but it will not be fully effective unless more hooks are added
to the kernel.
월, 2026/07/13 - 10:26오후
Debian has
announced the final normal update for Debian 12 ("bookworm"). Long-term-support updates will continue until 2028. As may be expected from a stable version, the update is mostly limited to security fixes. Still, it may be time for Debian users to look into upgrading to a more recent version. Conveniently, Debian 13 ("trixie") also
received an update this weekend, with many of the same security fixes.
월, 2026/07/13 - 9:40오후
Security updates have been issued by Debian (chromium, libxfont, mesa, opam, and wireless-regdb), Fedora (acl, attr, chromium, cjson, composer, docker-compose, jfrog-cli, librabbitmq, libssh2, libXfont2, log4cxx, OpenImageIO, openssh, p11-kit, perl-Crypt-DSA, perl-HTML-Gumbo, prometheus, python-dulwich, python-idna, python-pillow, python-tornado, sssd, tmux, upower, webkitgtk, xorg-x11-server, and xorg-x11-server-Xwayland), Mageia (libarchive and vim), Oracle (389-ds:1.4, buildah, cups, edk2, freerdp, golang, grafana, gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, kernel, libexif, libsolv, libtasn1, libxml2, nginx:1.24, nginx:1.26, nodejs:22, nodejs:24, oci-seccomp-bpf-hook, podman, postgresql:18, python-urllib3, tigervnc, tomcat, unbound, and xorg-x11-server), Slackware (p11-kit), and SUSE (agama, dash, dracut, flannel, go1.26, gsasl, gstreamer-plugins-good, ImageMagick, imagemagick, kernel, krb5, krb5, krb5-mini, libIex-3_4-33, libmbedtls23, libxfont2, nasm, nghttp2, perl-CGI-Session, perl-dbi, perl-List-SomeUtils-XS, python-pillow, python-social-auth-app-django, python-urllib3, python313-Django4, python313-Django6, python313-pytest-html, python313-sqlparse, python313-websockets, rclone, rust-keylime, rustup, sccache, spectre-meltdown-checker, sssd, terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid, thunderbird, tiff, traefik2, xorg-x11-server, and xwayland).
월, 2026/07/13 - 8:29오전
The
7.2-rc3 kernel prepatch is out for
testing. Linus said: "Things continue to look normal (the 'new normal'
with slightly higher rates of commits, although I do get the feeling that
we're seeing that slightly balanced out by people starting to go on summer
vacation)".
토, 2026/07/11 - 12:20오전
Our article "
Fighting the AI scraper bot
scourge", published in early 2025, discussed the problem of widespread
scraping of web sites in search of training data for large language models
and related projects. This activity overwhelms sites with traffic. Over a
year after that article is published, the problem is still growing. The
hammering of sites by shadowy actors has reached new heights, and the open
web is becoming increasingly difficult to maintain. Where is this traffic
coming from, and what can be done about it?
금, 2026/07/10 - 10:50오후
QBE, a compact compiler backend developed by Quentin Carbonneaux, is a
lightweight alternative to larger compiler backends such as LLVM and GCC.
Designed to be small enough for a single developer to understand, QBE uses a
static single-assignment (SSA) intermediate representation (IR), supports the C ABI,
and serves as the backend for projects such as Hare and
the cproc C11 compiler. Frontends
emit the textual form of QBE's IR directly; QBE then takes care of register allocation,
optimization, and native-code generation, producing assembly for the target
architecture.
금, 2026/07/10 - 10:41오후
Security updates have been issued by AlmaLinux (aardvark-dns, cups, edk2, gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, kernel, libsolv, libtasn1, libxml2, nginx:1.24, nginx:1.26, oci-seccomp-bpf-hook, python-urllib3, and tomcat), Debian (rlottie), Fedora (c-ares, k9s, kind, libXfont2, nmap, pam, perl-DBI, php, python-pendulum, tmux, and xorg-x11-server-Xwayland), Mageia (7zip and ack), Slackware (tigervnc), SUSE (alloy, cargo-c, chromium, clamav, cosign, dirmngr, firefox, flannel, fluidsynth, gnutls, go1.25, go1.26, gol, GraphicsMagick, helm, kernel-devel, libaom, libexif, openQA, os-autoinst, python-Django, python-idna, python-sqlparse, rust-keylime, rustup, sccache, SUSE Manager Client Tools, SUSE_Multi-Linux_Manager Client Tools, transmission, and warewulf4), and Ubuntu (curl, expat, golang-go.crypto, libheif, libidn, libraw, libsoup2.4, linux, linux-azure-4.15, linux-azure-fips, linux-fips, linux-gcp-4.15, linux-gcp-fips, linux-kvm, linux-oracle, linux-aws, linux-aws-fips, linux-azure-fips, linux-fips, linux-raspi, linux-xilinx-zynqmp, and python2.7, python3.5).
목, 2026/07/09 - 11:25오후
Kitty is a terminal
emulator that
runs on Linux, macOS, and the BSDs, which is notable for its
speed and features
such as image support and advanced font handling. It is under active development; a
recent major
release adds a
new level of mouse support. Here, we will look at some of those features
and show how the program can also be used as platform for
text-based applications. Kitty is free software, released
under the GPLv3.
목, 2026/07/09 - 10:19오후
Version
1.97.0 of the Rust programming language has been released. Changes
include using a new symbol-mangling scheme by default, support for denying
warnings in Cargo, and an end to the practice of hiding the linker's output
after a successful build.
목, 2026/07/09 - 10:00오후
Security updates have been issued by AlmaLinux (389-ds-base, aardvark-dns, buildah, compat-openssl10, freeipmi, frr, gnutls, grafana, grafana-pcp, kernel, kernel-rt, libyang, nginx, openexr, pcs, perl-HTTP-Daemon, postgresql:18, python3.14-pip, skopeo, tomcat9, and wireshark), Debian (chromium and pgextwlist), Fedora (openssh, opkssh, perl-CSS-Minifier-XS, python-jiter, python-nh3, python-pendulum, rust-jiter, and upower), Mageia (openvpn and vips), Oracle (389-ds-base, aardvark-dns, compat-openssl10, container-tools:ol8, freeipmi, kernel, libyang, perl-HTTP-Daemon, python3.14-pip, and skopeo), Slackware (libXfont2, proftpd, and xorg-server), SUSE (alloy, apache2, apptainer, assimp, chromium, clamav, docker, docker-compose, dracut, glib-networking, go-sendxmpp, go1.26-openssl, gstreamer-plugins-good, haproxy, hauler, jackson-annotations, jackson-bom, jackson-core, jackson- databind, jackson-dataformats-binary, jackson-modules-base, jackson-parent, kernel, krb5, kubevirt, libslirp, libXfont2, mpv, libkpipewirerecord6, ffmpegthumbs-kf5, netty, netty-tcnative, openqa, os-autoinst, podman, python-maturin, python-msgpack, python313-yt-dlp, radare2, rust-keylime, systemd, systemd, systemd-mini, tomcat11, trivy, xorg-x11-server, and xwayland), and Ubuntu (apache2, clamav, linux-raspi, and mailcap).
목, 2026/07/09 - 10:12오전
Inside this week's LWN.net Weekly Edition:
- Front: Cryptography API; Iomap explanation; Negative dentries; Faster RCUs and lockless allocation for BPF; Negative dentries; LLMs in memory-management code
- Briefs: Guix vulnerabilities; OpenSSH 10.4; trusted publishing; kernel archive; CalyxOS; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
목, 2026/07/09 - 7:31오전
Over on the
OpenMandriva
forum, the Linux distribution has
reported
sabotage of its repositories by a disgruntled contributor with
administrative credentials. According to "AngryPenguin", an abusive
incident in a distribution Matrix chat led to a user being kicked out of
the chat; that "triggered a cascade of events", which led to people
resigning from the distribution. Eventually, one of those people used
their administrative privileges to delete part of the
distribution's GitHub
repository and to "publish an empty package in the cooker
repository, which obsoleted all gnome and cosmic packages, which could have
damaged the systems of people using gnome or cosmic".
We are currently working to restore the deleted repositories and restore
the functionality of the obsolete packages.
[...] We performed a full system audit and, aside from the removed
packages, we found no other violations.
수, 2026/07/08 - 10:14오후
At the 2026 Linux Security Summit North America, Eric Biggers spoke about
some of the problems with the kernel's cryptography framework, as well
as the recent progress in adding library APIs to allow developers to
use cryptographic functions without using the traditional crypto
API. He walked through a couple of examples to demonstrate the
frailty of the original API and showed how the new library API made
life easier for developers and kernel maintainers.
수, 2026/07/08 - 9:50오후
Security updates have been issued by AlmaLinux (container-tools:rhel8, kernel-rt, libreoffice, nodejs:22, nodejs:24, opentelemetry-collector, perl-HTTP-Daemon, and python-markdown), Debian (dpkg, imagemagick, and postfix), Fedora (betterleaks, docker-compose, firefox, helm, perl-Compress-Raw-Bzip2, perl-IO-Compress, perl-JavaScript-Minifier-XS, python-cramjam, python-fastar, python-pillow-jxl-plugin, python-rignore, and tor), Oracle (grafana, grafana-pcp, and ruby:4.0), Slackware (tftp), SUSE (gi-docgen, glibc, helm, helm3, json-c-devel, kubevirt-1.6, librpmbuild10, python313-dulwich, python313-lxml_html_clean, python313-openapi-spec-validator, and sdbootutil), and Ubuntu (ruby-addressable).
화, 2026/07/07 - 11:27오후
William Woodruff, better known online as "yossarian", has published
a blog post to make the case that users should not place their trust
in trusted
publishing:
Trusted Publishing is a mechanism for establishing trust between an
external machine identity (like a CI/CD workflow) and one or more
projects on a package index/registry. The "trust" in "Trusted
Publishing" refers to that trust relationship, and not to anything
else.
It is not, and cannot be, a signal for package trust or
quality. You cannot use it to determine whether a package is safe or
"good," and PyPI consciously stymies attempts to misuse it for that
purpose by not rendering it as a "green checkmark" or anything else of
the sort.
Or as another framing: Trusted Publishing is just a form of
authentication. It doesn't tell you anything other than that an upload
was authenticated, which all uploads to PyPI are.
LWN covered trusted
publishing in June.
화, 2026/07/07 - 10:39오후
Puranjay Mohan shared some of the
work he's been doing recently on improving the
performance of read-copy-update (RCU) at the 2026
Linux
Storage, Filesystem, Memory-Management, and BPF Summit; his talk would have
been nice context to have earlier in the day when Harry Yoo and Alexei
Starovoitov led a session about the
new kmalloc_nolock() function that
allows for lockless allocation from any kernel context, and which interacts with
the RCU subsystem to allow that. This article therefore covers the two sessions
together and in the reverse order, to provide that missing context.
화, 2026/07/07 - 10:07오후
Security updates have been issued by AlmaLinux (nodejs22 and nodejs24), Fedora (clamav, hplip, kernel, kernel-headers, librabbitmq, mingw-expat, mir, perl-Imager, podman-tui, prometheus-podman-exporter, python-rpds-py, rust-ashpd, rust-busd, rust-gtk4-macros, rust-inferno, rust-quick-xml, rust-reqsign-aws-v4, rust-wayland-scanner, and sandogasa), Oracle (container-tools:rhel8, kernel, mariadb:10.11, mariadb:11.8, nginx, perl:5.32, php, php:7.4, rrdtool, ruby:2.5, ruby:3.3, ruby:4.0, and uek-kernel), Red Hat (kernel, opentelemetry-collector, and python-urllib3), Slackware (c and openssh), SUSE (bind, chromedriver, cryptsetup, s390-tools, dnsmasq, jackson-annotations, jackson-core, jackson-databind, lcms2, pacemaker, perl-Cpanel-JSON-XS, perl-Crypt-SaltedHash, postfix, and python-mistune), and Ubuntu (gnutls28, gzip, openssh, php7.0, python-parsl, python3.10, python3.12, python3.14, request-tracker5, socat, sogo, and tar).
화, 2026/07/07 - 1:13오전
OpenSSH 10.4 has been released. In addition to a number of security
and bug fixes, there are a few notable changes; this release adds
experimental support for a composite post-quantum signature scheme
combining ML-DSA 44 and Ed25519 as described in this
IETF draft. With 10.4, if OpenSSH is compiled with sandbox support
it will fail on Linux systems that have not enabled SECCOMP
or NO_NEW_PRIVS; prior to this release, sshd would log an error
but continue operation. See the release notes for
a full list of changes.
월, 2026/07/06 - 11:37오후
Conversations about the kernel's filesystem implementations often involve a
layer called "iomap", but relatively few people can reliably say what iomap
actually is. That is just the kind of gap that LWN exists to fill. In
short, iomap handles the mapping between data in the filesystem space
(identified by a file of interest, and an offset within that file) and in
the storage space (which may be a memory location, or a set of blocks on a
storage device). Using that mapping, iomap handles a long list of common,
filesystem-related tasks, allowing a lot of boilerplate code to be removed
from individual filesystem implementations.
월, 2026/07/06 - 10:13오후
Security updates have been issued by AlmaLinux (container-tools:rhel8, grafana, grafana-pcp, kernel, ruby:2.5, and ruby:3.3), Debian (bird3, chromium, kernel, linux-6.1, mediawiki, nginx, openvpn, php-phpseclib, php8.2, php8.4, and sympa), Fedora (7zip, buildah, chromium, clamav, freerdp, leptonica, mariadb10.11, mariadb11.8, nextcloud, nsd, openqa, openvpn, os-autoinst, pdns, pdns-recursor, perl-Crypt-ScryptKDF, podman, python-jupyter-server, and python-streamlink), Mageia (mariadb and yt-dlp), Slackware (libevent, libseccomp, mozilla, mutt, and php82), SUSE (apache2, containerd, dnsmasq, docker, dracut, firewalld-legacy, gimp, glibc, golang-github-docker-libnetwork, google-guest-agent, gstreamer-plugins-bad, helm, kernel, kernel-devel, keybase-client, kitty, krb5, libarchive, libnfs, libslirp, nilfs-utils, openCryptoki, openQA, openssl-3, pacemaker, pcr-oracle, perl-DBI, perl-List-SomeUtils-XS, podman, python-pip, python-pydata-sphinx-theme, python-tornado6, python3-lxml, python311-mistune, python313-joserfc, rmt-server, sg3_utils, systemd, tracker-miners, and xdg-dbus-proxy), and Ubuntu (cifs-utils, linux-nvidia, linux-nvidia-6.17, linux-raspi-realtime, and ncurses).
페이지