lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 2시간 38분 지남

Stable kernel updates

월, 2019/06/10 - 9:45오후
The 5.1.8, 4.19.49, and 4.14.124 stable kernel updates have been released; each contains another set of important fixes.

[$] Detecting and handling split locks

토, 2019/06/08 - 1:56오전
The Intel architecture allows misaligned memory access in situations where other architectures (such as ARM or RISC-V) do not. One such situation is atomic operations on memory that is split across two cache lines. This feature is largely unknown, but its impact is even less so. It turns out that the performance and security impact can be significant, breaking realtime applications or allowing a rogue application to slow the system as a whole. Recently, Fenghua Yu has been working on detecting and fixing these issues in the split-lock patch set, which is currently on its eighth revision.

Security updates for Friday

금, 2019/06/07 - 10:11오후
Security updates have been issued by Debian (evolution and qemu), Fedora (cyrus-imapd and hostapd), Gentoo (exim), openSUSE (exim), Red Hat (qpid-proton), SUSE (bind, libvirt, mariadb, mariadb-connector-c, python, and rubygem-rack), and Ubuntu (firefox, jinja2, and linux-lts-xenial, linux-aws).

[$] Renaming openSUSE

금, 2019/06/07 - 12:52오전
In mid-May, LWN reported on the discussions in the openSUSE project over whether a separation from SUSE would be a good move. It would appear that this issue has been resolved and that openSUSE will be setting up a foundation as its new home independent of the SUSE corporation. But now the community has been overtaken by a new, related discussion that demonstrates a characteristic of free-software projects: the hardest issues are usually related to naming.

Severe vulnerability in Exim

목, 2019/06/06 - 10:49오후
Qualys has put out an advisory on a vulnerability in the Exim mail transfer agent, versions 4.87 through 4.91; it allows for easy command execution by a local attacker and remote execution in some scenarios. "To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes). However, because of the extreme complexity of Exim's code, we cannot guarantee that this exploitation method is unique; faster methods may exist." Sites running Exim should upgrade to 4.92 if they have not already.

Security updates for Thursday

목, 2019/06/06 - 9:56오후
Security updates have been issued by Arch Linux (binutils), Debian (exim4 and poppler), Fedora (deepin-api, kernel, kernel-headers, kernel-tools, and php), openSUSE (cronie), and Ubuntu (apparmor, exim4, mariadb-10.1, php5, and php7.0, php7.2).

[$] LWN.net Weekly Edition for June 6, 2019

목, 2019/06/06 - 10:01오전
The LWN.net Weekly Edition for June 6, 2019 is available.

[$] Seeking consensus on dh

목, 2019/06/06 - 6:58오전

Debian takes an almost completely "hands off" approach to the decisions that Debian developers (DDs) can make in regard to the packaging and maintenance of their packages. That leads to maximal freedom for DDs, but impacts the project in other ways, some of which may be less than entirely desirable. New Debian project leader (DPL) Sam Hartman started a conversation about potential changes to the Debian packaging requirements back in mid-May. In something of a departure from the Debian tradition of nearly endless discussion without reaching a conclusion (and, possibly, punting the decision to the technical committee or a vote in a general resolution), Hartman has instead tried to guide the discussion toward reaching some kind of rough consensus.


[$] How many kernel test frameworks?

목, 2019/06/06 - 12:52오전

The kernel self-test framework (kselftest) has been a part of the kernel for some time now; a relatively recent proposal for a kernel unit-testing framework, called KUnit, has left some wondering why both exist. In a lengthy discussion thread about KUnit, the justification for adding another testing framework to the kernel was debated. While there are different use cases for kselftest and KUnit, there was concern about fragmenting the kernel-testing landscape.


Security updates for Wednesday

수, 2019/06/05 - 11:55오후
Security updates have been issued by Debian (python-django), openSUSE (curl and libtasn1), Oracle (kernel), Red Hat (etcd, kernel-alt, and rh-python36-python-jinja2), Scientific Linux (thunderbird), SUSE (libvirt), and Ubuntu (db5.3, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-hwe, linux-hwe, linux-oracle, linux-hwe, and linux-raspi2, linux-snapdragon).

CockroachDB relicensed

수, 2019/06/05 - 6:09오전
The CockroachDB database management system has been relicensed; the new license is non-free. "CockroachDB users can scale CockroachDB to any number of nodes. They can use CockroachDB or embed it in their applications (whether they ship those applications to customers or run them as a service). They can even run it as a service internally. The one and only thing that you cannot do is offer a commercial version of CockroachDB as a service without buying a license."

Firefox adds tracking protection by default

수, 2019/06/05 - 6:06오전
The Mozilla blog announces a new Firefox feature: "One of those initiatives outlined was to block cookies from known third party trackers in Firefox. Today, Firefox will be rolling out this feature, Enhanced Tracking Protection, to all new users on by default, to make it harder for over a thousand companies to track their every move. Additionally, we’re updating our privacy-focused features including an upgraded Facebook Container extension, a Firefox desktop extension for Lockwise, a way to keep their passwords safe across all platforms, and Firefox Monitor’s new dashboard to manage multiple email addresses."

[$] Fun with LEDs and CircuitPython

수, 2019/06/05 - 1:44오전

Nina Zakharenko has been programming for a long time; when she was young she thought that "the idea that I could trick computers into doing what I tell them was pretty awesome". But as she joined the workforce, her opportunities for "creative coding" faded away; she regained some of that working with open source, but tinkering with hardware is what let her creativity "truly explode". It has taken her years to get back what she learned long ago, she said, and her keynote at PyCon 2019 was meant to show attendees the kinds of things can be built with Python—starting with something that attendees would find in their swag bag.


Three stable kernels

화, 2019/06/04 - 11:49오후
Stable kernels 5.1.7, 5.0.21, and 4.19.48 have been released. They all contain the usual set of important fixes. This is the last 5.0.y release and users should move to 5.1.y now.

Security updates for Tuesday

화, 2019/06/04 - 11:35오후
Security updates have been issued by Arch Linux (python-django and python2-django), Debian (heimdal), Fedora (kernel, kernel-headers, kernel-tools, and sqlite), openSUSE (containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork and GraphicsMagick), Oracle (thunderbird), Red Hat (systemd and thunderbird), SUSE (bind and firefox), and Ubuntu (qtbase-opensource-src).

Šabić: eBPF and XDP for Processing Packets at Bare-metal Speed

화, 2019/06/04 - 11:04오후
Nedim Šabić has written a tutorial article on using the eXpress Data Path for fast packet filtering. "Now comes the most relevant part of our XDP program that deals with packet’s processing logic. XDP ships with a predefined set of verdicts that determine how the kernel diverts the packet flow. For instance, we can pass the packet to the regular network stack, drop it, redirect the packet to another NIC and such. In our case, XDP_DROP yields an ultra-fast packet drop."

[$] Yet another try for fs-verity

화, 2019/06/04 - 6:48오전
The fs‑verity mechanism has its origins in the Android project; its purpose is to make individual files read-only and enable the kernel to detect any modifications that might have been made, even if those changes happen offline. Previous fs‑verity implementations have run into criticism in the development community, and none have been merged. A new version of the patch set was posted on May 23; it features a changed user-space API and may have a better chance of getting into the mainline.

Security updates for Monday

화, 2019/06/04 - 12:02오전
Security updates have been issued by Arch Linux (curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, and live-media), Debian (doxygen and php5), Fedora (cryptopp, drupal7-context, drupal7-ds, drupal7-module_filter, drupal7-path_breadcrumbs, drupal7-uuid, drupal7-views, drupal7-xmlsitemap, and sleuthkit), openSUSE (axis, chromium, containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork, curl, doxygen, GraphicsMagick, java-1_7_0-openjdk, libtasn1, libvirt, lxc, lxcfs, NetworkManager, php5, php7, screen, sles12sp3-docker-image, sles12sp4-image, system-user-root, and thunderbird), Oracle (kernel), SUSE (apache2-mod_jk and libpng16), and Ubuntu (doxygen).

Kernel prepatch 5.2-rc3

월, 2019/06/03 - 10:17오후
The 5.2-rc3 kernel prepatch has been released. "Anyway, even ignoring the SPDX changes, there's just a lot of small fixes spread all over, not anything that looks particularly scary or worrisome. Maybe next week is when the other shoe drops, but maybe this will just be a nice calm release. That would be lovely."

Five new stable kernels

토, 2019/06/01 - 1:15오전
The 5.1.6, 5.0.20, 4.19.47, 4.14.123, and 4.9.180 stable kernels have been released. As usual, they contain important fixes throughout the kernel tree; users of those series should upgrade.