lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 1시간 16분 지남

Security updates for Tuesday

화, 2021/07/13 - 11:54오후
Security updates have been issued by Debian (sogo), Fedora (libvirt), Gentoo (polkit), Mageia (binutils, freeradius, guile1.8, kernel, kernel-linus, libgrss, mediawiki, mosquitto, php-phpmailer, and webmin), openSUSE (bluez and jdom2), Oracle (kernel and xstream), Scientific Linux (xstream), and SUSE (kernel and python-pip).

[$] The conclusion of the 5.14 merge window

화, 2021/07/13 - 6:15오전
The 5.14 merge window closed with the 5.14-rc1 release on July 11. By that time, some 12,981 non-merge changesets had been pulled into the mainline repository; nearly 8,000 of those arrived after the first LWN 5.14 merge-window summary was written. This merge window has thus seen fewer commits than its predecessor, which saw 14,231 changesets before the 5.13-rc1 release. That said, there is still a lot of interesting work that has found its way into the kernel this time around.

Security updates for Monday

화, 2021/07/13 - 12:15오전
Security updates have been issued by Fedora (djvulibre), Gentoo (connman, gnuchess, openexr, and xen), openSUSE (arpwatch, avahi, dbus-1, dhcp, djvulibre, freeradius-server, fribidi, gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, gupnp, hivex, icinga2, jdom2, jetty-minimal, kernel, kubevirt, libgcrypt, libnettle, libxml2, openexr, openscad, pam_radius, polkit, postgresql13, python-httplib2, python-py, python-rsa, qemu, redis, rubygem-actionpack-5_1, salt, snakeyaml, squid, tpm2.0-tools, and xstream), Red Hat (xstream), and SUSE (bluez, csync2, dbus-1, jdom2, postgresql13, redis, slurm_20_11, and xstream).

Solus 4.3 released

월, 2021/07/12 - 10:35오후
Version 4.3 of the Solus "home computing" distribution has been released. "This release delivers new desktop environment updates, software stacks, and hardware enablement."

Kernel prepatch 5.14-rc1

월, 2021/07/12 - 11:55오전
Linus has released 5.14-rc1 and closed the merge window for this development cycle:

On the whole, I don't think there are any huge surprises in here, and size-wise this seems to be a pretty regular release too. Let's hope that that translates to a nice and calm release cycle, but you never know.


Some weekend stable kernels

월, 2021/07/12 - 5:53오전
The 5.12.16, 5.10.49, 5.4.131, 4.19.197, 4.14.239, 4.9.275, and 4.4.275 stable kernels have been released. Each contains a relatively small set of important fixes.

Security updates for Saturday

일, 2021/07/11 - 8:58오전
Security updates have been issued by Arch Linux (gitlab, nodejs, openexr, php, php7, rabbitmq, ruby-addressable, and spice), Fedora (suricata), Gentoo (binutils, docker, runc, and tor), Mageia (avahi, botan2, connman, gstreamer1.0-plugins, htmldoc, jhead, libcroco, libebml, libosinfo, openexr, php, php-smarty, pjproject, and python), openSUSE (apache2, bind, bouncycastle, ceph, containerd, docker, runc, cryptctl, curl, dovecot23, firefox, graphviz, gstreamer-plugins-bad, java-1_8_0-openj9, java-1_8_0-openjdk, libass, libjpeg-turbo, libopenmpt, libqt5-qtwebengine, libu2f-host, libwebp, libX11, lua53, lz4, nginx, ovmf, postgresql10, postgresql12, python-urllib3, qemu, roundcubemail, solo, thunderbird, ucode-intel, wireshark, and xterm), and SUSE (permissions).

Announcing Arti, a pure-Rust Tor implementation (Tor blog)

토, 2021/07/10 - 3:05오전
The Tor project, which provides tools for internet privacy and anonymity, has announced a rewrite of the Tor protocols in Rust, called Arti. It is not ready for prime time, yet, but based on a grant from Zcash Open Major Grants (ZOMG), significant work is ongoing; the plan is "to try bring Arti to a production-quality client implementation over the next year and a half". The C implementation is not going away anytime soon, but the idea is that Arti will eventually supplant it. The project sees a number of benefits from using Rust, including: For years now, we've wanted to split Tor's relay cryptography across multiple CPU cores, but we've run into trouble. C's support for thread-safety is quite fragile, and it is very easy to write a program that looks safe to run across multiple threads, but which introduces subtle bugs or security holes. If one thread accesses a piece of state at the same time that another thread is changing it, then your whole program can exhibit some truly confusing and bizarre bugs.

But in Rust, this kind of bug is easy to avoid: the same type system that keeps us from writing memory unsafety prevents us from writing dangerous concurrent access patterns. Because of that, Arti's circuit cryptography has been multicore from day 1, at very little additional programming effort.


[$] Syncing all the things

금, 2021/07/09 - 10:53오후
Computing devices are wonderful; they surely must be, since so many of us have so many of them. The proliferation of computers leads directly to a familiar problem, though: the files we want are always on the wrong machine. One solution is synchronization services that keep a set of files up to date across a multitude of machines; a number of companies have created successful commercial offerings based on such services. Some of us, though, are stubbornly resistant to the idea of placing our data in the hands of corporations and their proprietary systems. For those of us who would rather stay in control of our data, systems like Syncthing offer a possible solution.

Security updates for Friday

금, 2021/07/09 - 10:28오후
Security updates have been issued by Debian (apache2 and scilab), Fedora (chromium and perl-Mojolicious), Gentoo (inspircd, redis, and wireshark), and Mageia (fluidsynth, glib2.0, gnome-shell, grub2, gupnp, hivex, libupnp, redis, and zstd).

[$] Another misstep for Audacity

금, 2021/07/09 - 3:29오전
While it has often been said that there is no such thing as bad publicity, the new owners of the Audacity audio-editor project may beg to differ. The project has only recently weathered the controversies around its acquisition by the Muse Group, proposed telemetry features, and imposition of a new license agreement on its contributors. Now, the posting of a new privacy policy has set off a new round of criticism, with some accusing the project of planning to ship spyware. The situation with Audacity is not remotely as bad as it has been portrayed, but it is a lesson on what can happen when a project loses the trust of its user community.

Security updates for Thursday

목, 2021/07/08 - 10:57오후
Security updates have been issued by CentOS (linuxptp), Fedora (kernel and php), Gentoo (bladeenc, blktrace, jinja, mechanize, privoxy, and rclone), Oracle (linuxptp, ruby:2.6, and ruby:2.7), Red Hat (kernel and kpatch-patch), SUSE (kubevirt), and Ubuntu (avahi).

[$] LWN.net Weekly Edition for July 8, 2021

목, 2021/07/08 - 10:23오전
The LWN.net Weekly Edition for July 8, 2021 is available.

[$] Rust for Linux redux

목, 2021/07/08 - 7:36오전
On July 4, the Rust for Linux project posted another version of its patch set adding support for the language to the kernel. It would seem that the project feels that it is ready to be considered for merging into the mainline. Perhaps a bigger question lingers, though: is the kernel development community ready for Rust? That part still seems to be up in the air.

Four 5.x stable kernels

목, 2021/07/08 - 12:12오전
Sasha Levin has released stable kernels 5.13.1, 5.12.15, 5.10.48, and 5.4.130. They all contain a small set of important fixes and users should upgrade.

Security updates for Wednesday

목, 2021/07/08 - 12:01오전
Security updates have been issued by Fedora (glibc), Gentoo (doas, firefox, glib, schismtracker, and tpm2-tss), Mageia (httpcomponents-client), openSUSE (virtualbox), Red Hat (linuxptp), Scientific Linux (linuxptp), and Ubuntu (libuv1 and php7.2, php7.4).

[$] Python attributes, __slots__, and API design

수, 2021/07/07 - 7:29오전
A discussion on the python-ideas mailing list touched on a number of interesting topics, from the problems with misspelled attribute names through the design of security-sensitive interfaces and to the use of the __slots__ attribute of objects. The latter may not be all that well-known (or well-documented), but could potentially fix the problem at hand, though not in a backward-compatible way. The conversation revolves around the ssl module in the standard library, which has been targeted for upgrades, more than once, over the years—with luck, the maintainers may find time for some upgrades relatively soon.

Virtuozzo VzLinux 8.4 Now Available

수, 2021/07/07 - 1:25오전
The Virtuozzo team has announced the release of VzLinux 8.4; its fork of RHEL. "Thanks for noticing that we are fixing bugs so quickly (24 hours) and that you think VzLinux is stable and enterprise ready. To those who have asked if we will be following a similar path as CentOS, shifting its focus to Stream, the answer is: there are no plans for us to go this route, VzLinux will remain free to download, use and distribute. See the release notes for details.

Security updates for Tuesday

화, 2021/07/06 - 11:37오후
Security updates have been issued by Arch Linux (python-django), Debian (libuv1, libxstream-java, and php7.3), Fedora (rabbitmq-server), Gentoo (glibc, google-chrome, libxml2, and postsrsd), openSUSE (libqt5-qtwebengine and roundcubemail), SUSE (python-rsa), and Ubuntu (djvulibre).

[$] Bye-bye bdflush()

화, 2021/07/06 - 12:09오전
The addition of system calls to the Linux kernel is a routine affair; it happens during almost every merge window. The removal of system calls, instead, is much more uncommon. That appears likely to happen soon, though, as discussions proceed on the removal of bdflush(). Read on for a look at the purpose and history of this obscure system call and to learn whether you will miss it (you won't).