lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 1시간 5분 지남

Firefox 68.0 released

수, 2019/07/10 - 2:06오전
Firefox 68.0 has been released, with an Extended Support Release (ESR) version available, in addition to the usual rapid release version. The rapid release version features a dark mode in reader view, improved extension security and discovery, and more. See the release notes for details. The ESR release notes list some additional policies and other improvements.

Software in the Public Interest board elections

수, 2019/07/10 - 12:13오전
Software in the Public Interest (SPI) has announced that nominations are open until July 15 for 3 seats on the SPI board. "The ideal candidate will have an existing involvement in the Free and Open Source community, though this need not be with a project affiliated with SPI."

Security updates for Tuesday

화, 2019/07/09 - 11:47오후
Security updates have been issued by Arch Linux (irssi, python-django, and python2-django), Debian (libspring-security-2.0-java and zeromq3), Red Hat (python27-python), SUSE (ImageMagick, postgresql10, python-Pillow, and zeromq), and Ubuntu (apport, Docker, glib2.0, gvfs, whoopsie, and zeromq3).

Miller: Red Hat, IBM, and Fedora

화, 2019/07/09 - 10:22오후
Fedora project leader Matthew Miller reassures the community that IBM's acquisition of Red Hat, which just closed, will not affect Fedora. "In Fedora, our mission, governance, and objectives remain the same. Red Hat associates will continue to contribute to the upstream in the same ways they have been."

[$] Destaging ION

화, 2019/07/09 - 9:39오후
The Android system has shipped a couple of allocators for DMA buffers over the years; first came PMEM, then its replacement ION. The ION allocator has been in use since around 2012, but it remains stuck in the kernel's staging tree. The work to add ION to the mainline started in 2013; at that time, the allocator had multiple issues that made inclusion impossible. Recently, John Stultz posted a patch set introducing DMA-BUF heaps, an evolution of ION, that is designed to do exactly that — get the Android DMA-buffer allocator to the mainline Linux kernel.

Ryabitsev: Patches carved into developer sigchains

월, 2019/07/08 - 11:51오후
Konstantin Ryabitsev has posted a lengthy blog entry describing his vision for moving away from email for kernel development. "I think it's way past due time for us to come up with a solution that would offer decentralized, self-archiving, fully attestable, 'cradle-to-grave' development platform that covers all aspects of project development and not just the code. It must move us away from mailing lists, but avoid introducing single points of trust, authority, and failure."

Security updates for Monday

월, 2019/07/08 - 11:35오후
Security updates have been issued by Debian (dosbox, python-django, squid3, and unzip), Fedora (filezilla, libfilezilla, and samba), openSUSE (gvfs), Oracle (kernel), Red Hat (firefox and redhat-virtualization-host), SUSE (bash and libpng16), and Ubuntu (libvirt).

The 5.2 kernel has been released

월, 2019/07/08 - 8:32오전
Linus Torvalds has released the 5.2 kernel. He originally planned for an rc8 this week, rather than 5.2, due to his travel schedule, but was pleasantly surprised at how calm things have been. "So despite a fairly late core revert, I don't see any real reason for another week of rc, and so we have a v5.2 with the normal release timing." Some of the more significant changes in 5.2 are a new CLONE_PID flag to clone() to obtain a pidfd for the new process, a significant BPF verifier performance improvement that allows the maximum size of a BPF program to be raised to 1 million instructions, a BPF hook to manage sysctl knobs, a new set of system calls for filesystem mounting, case-insensitive lookups for the ext4 filesystem, a process freezer for version-2 control groups, pressure-stall monitors, and, of course, a vast number of fixes.

Debian 10 ("Buster") has been released

일, 2019/07/07 - 10:06오전
Debian version 10, code named "Buster", has been released. It has lots of new features, including: "In this release, GNOME defaults to using the Wayland display server instead of Xorg. Wayland has a simpler and more modern design, which has advantages for security. However, the Xorg display server is still installed by default and the default display manager allows users to choose Xorg as the display server for their next session. Thanks to the Reproducible Builds project, over 91% of the source packages included in Debian 10 will build bit-for-bit identical binary packages. This is an important verification feature which protects users against malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive. For those in security-sensitive environments AppArmor, a mandatory access control framework for restricting programs' capabilities, is installed and enabled by default. Furthermore, all methods provided by APT (except cdrom, gpgv, and rsh) can optionally make use of seccomp-BPF sandboxing. The https method for APT is included in the apt package and does not need to be installed separately." More information can be found in the release notes.

[$] clone3(), fchmodat4(), and fsinfo()

금, 2019/07/05 - 11:47오후
The kernel development community continues to propose new system calls at a high rate. Three ideas that are currently in circulation on the mailing lists are clone3(), fchmodat4(), and fsinfo(). In some cases, developers are just trying to make more flag bits available, but there is also some significant new functionality being discussed.

Release of the Open Build Service, Version 2.10

금, 2019/07/05 - 11:37오후
The Open Build Service (OBS) project has announced the release of version 2.10 of OBS, which is a system to build and distribute binary packages built from source code. The new version has revamped the web user interface and upgraded the container delivery mechanisms. Beyond that, it has fixed plenty of bugs (of course), added a bunch of smaller features, and now provides integration with other online tools: "Another trend in the professional software world is to plug various tools together into grand continuous integration/deployment cycles (CI/CD). You, of course, also want to throw the OBS into the mix and we traditionally supported you to do that on GitHub with webhooks. The 2.10 release now brings the same kind of support to other tools like Gitlab and Pagure. You can trigger all kinds of actions on OBS for every git commit or other events that happen on those tools."

Security updates for Friday

금, 2019/07/05 - 10:22오후
Security updates have been issued by SUSE (firefox, mozilla-nss, mozilla-nspr, helm-mirror, libu2f-host, and libu2f-host, pam_u2f) and Ubuntu (bzip2 and irssi).

[$] Soft CPU affinity

금, 2019/07/05 - 12:03오전
On NUMA systems with a lot of CPUs, it is common to assign parts of the workload to different subsets of the available processors. This partitioning can improve performance while reducing the ability of jobs to interfere with each other. The partitioning mechanisms available on current kernels might just do too good a job in some situations, though, leaving some CPUs idle while others are overutilized. The soft affinity patch set from Subhra Mazumdar is an attempt to improve performance by making that partitioning more porous.

Security updates for Thursday

목, 2019/07/04 - 10:56오후
Security updates have been issued by CentOS (libssh2 and qemu-kvm), Debian (lemonldap-ng), Fedora (tomcat), Oracle (kernel), and SUSE (elfutils, kernel, and php5).

[$] LWN.net Weekly Edition for July 4, 2019

목, 2019/07/04 - 12:23오후
The LWN.net Weekly Edition for July 4, 2019 is available.

[$] Fedora mulls its "python" version

목, 2019/07/04 - 8:02오전
There is no doubt that the transition from Python 2 to Python 3 has been a difficult one, but Linux distributions have been particularly hard hit. For many people, that transition is largely over; Python 2 will be retired at the end of this year, at least by the core development team. But distributions will have to support Python 2 for quite a while after that. As part of any transition, the version that gets run from the python binary (or symbolic link) is something that needs to be worked out. Fedora is currently discussing what to do about that for Fedora 31.

[$] Debian and code names

목, 2019/07/04 - 2:02오전
Debian typically uses code names to refer to its releases, starting with the Toy Story character names used (mostly) instead of numbers. The "Buster" release is due on July 6 and you will rarely hear it referred to as "Debian 10". There are some other code names used for repository (or suite) names in the Debian infrastructure; "stable", "testing", "unstable", "oldstable", and sometimes even "oldoldstable" are all used as part of the sources for the APT packaging tool. But code names of any sort are hard to keep track of; a discussion on the debian-devel mailing list looks at moving away from, at least, some of the repository code names.

Stable kernel updates

수, 2019/07/03 - 11:52오후
Stable kernels 5.1.16, 4.19.57, and 4.14.132 have been released. They all contain important fixes and users should upgrade.

Security updates for Wednesday

수, 2019/07/03 - 11:44오후
Security updates have been issued by Debian (pdns), Fedora (kernel and kernel-headers), Mageia (cgit and firefox), Oracle (libssh2 and qemu-kvm), Red Hat (openstack-ironic-inspector, openstack-tripleo-common, and qemu-kvm-rhev), Scientific Linux (libssh2 and qemu-kvm), SUSE (bzip2, cronie, libtasn1, nmap, php7, php72, python-Twisted, and taglib), and Ubuntu (thunderbird and znc).

[$] OpenPGP certificate flooding

수, 2019/07/03 - 4:42오전
A problem with the way that OpenPGP public-key certificates are handled by key servers and applications is wreaking some havoc, but not just for those who own the certificates (and keys)—anyone who has those keys on their keyring and does regular updates will be affected. It is effectively a denial of service attack, but one that propagates differently than most others. The mechanism of this "certificate flooding" is one that is normally used to add attestations to the key owner's identity (also known as "signing the key"), but because of the way most key servers work, it can be used to fill a certificate with "spam"—with far-reaching effects.