lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 2시간 32분 지남

Security updates for Monday

월, 2021/06/07 - 11:55오후
Security updates have been issued by Debian (libwebp, python-django, ruby-nokogiri, and thunderbird), Fedora (dhcp, polkit, transfig, and wireshark), openSUSE (chromium, inn, kernel, redis, and umoci), Oracle (pki-core:10.6), Red Hat (libwebp, nginx:1.18, rh-nginx118-nginx, and thunderbird), SUSE (gstreamer-plugins-bad), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle).

Kernel prepatch 5.13-rc5

월, 2021/06/07 - 11:46오전
The 5.13-rc5 kernel prepatch is out for testing. "Hmm. Things haven't really started to calm down very much yet, but rc5 seems to be fairly average in size. I'm hoping things will start shrinking now."

[$] Fedora contemplates the driverless printing future

금, 2021/06/04 - 11:43오후
Back in a distant time — longer ago than he cares to admit — your editor managed a system-administration group. At that time, most of the day-to-day pain reliably came from two types of devices: modems and printers. Modems are more plentiful than ever now, but they have disappeared into interface controllers and (usually) manage to behave themselves. Printers, instead, are still entirely capable of creating problems and forcing a reconsideration of one's life choices. Behind the scenes, though, the situation has been getting better but, as a recent conversation within the Fedora project made clear, taking advantage of those improvements will require some changes and a bit of a leap of faith.

CentOS Linux 8 (2105) released

금, 2021/06/04 - 11:40오후
There is a new release of CentOS Linux 8. The brave new "stream" world includes new naming as well, but we know where it came from: "Effectively immediately, this is the current release for CentOS Linux 8 and is tagged as 2105, derived from Red Hat Enterprise Linux 8.4 Source Code." See the release notes for the changes in this release.

Security updates for Friday

금, 2021/06/04 - 11:01오후
Security updates have been issued by Debian (lasso), Fedora (mingw-djvulibre, mingw-exiv2, python-lxml, and singularity), openSUSE (ceph, dhcp, inn, nginx, opera, polkit, upx, and xstream), Oracle (firefox, perl, and polkit), Scientific Linux (firefox), SUSE (avahi, csync2, djvulibre, libwebp, polkit, python-py, slurm, slurm_18_08, thunderbird, and umoci), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-oem-5.10, and squid, squid3).

[$] Auditing io_uring

목, 2021/06/03 - 11:34오후
The io_uring subsystem, first introduced in 2019, has quickly become the leading way to perform high-bandwidth, asynchronous I/O. It has drawn the attention of many developers, including, more recently, those who are focused more on security than performance. Now some members of the security community are lamenting a perceived lack of thought about security support in io_uring, and are trying to remedy that shortcoming by adding audit and Linux security module support there. That process is proving difficult, and has raised the prospect of an unpleasant fallback solution.

Seven new stable kernels

목, 2021/06/03 - 10:22오후
Greg Kroah-Hartman has announced the release of the 5.12.9, 5.10.42, 5.4.124, 4.19.193, 4.14.235, 4.9.271, and 4.4.271 stable kernels. As usual, these contain fixes throughout the kernel tree; users should upgrade.

Security updates for Thursday

목, 2021/06/03 - 10:15오후
Security updates have been issued by Arch Linux (chromium, curl, dhclient, dhcp, firefox, keycloak, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, opera, packagekit, pam-u2f, postgresql, rabbitmq, redis, ruby-bundler, and zint), Debian (caribou, firefox-esr, imagemagick, and isc-dhcp), Fedora (mapserver, mingw-python-pillow, and python-pillow), openSUSE (chromium), Red Hat (firefox, glib2, pki-core:10.6, polkit, rh-ruby26-ruby, and rh-ruby27-ruby), SUSE (ceph, dhcp, libwebp, nginx, qemu, squid, and xstream), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, and policykit-1).

[$] LWN.net Weekly Edition for June 3, 2021

목, 2021/06/03 - 10:46오전
The LWN.net Weekly Edition for June 3, 2021 is available.

[$] Growing pains for Fedora CoreOS

목, 2021/06/03 - 6:10오전
When last we looked in on Fedora CoreOS back in December, it was under consideration to become an official Fedora edition. That has not happened, yet at least, but it would seem that the CoreOS "emerging edition" is still undergoing some difficulties trying to fit in with the rest of Fedora. There are differences between the needs of a container operating system and those of more general-purpose distributions, which still need to be worked out if Fedora CoreOS is going to "graduate".

McQueen: Next steps for the GNOME Foundation

목, 2021/06/03 - 2:26오전
Robert McQueen takes a look at the state of the GNOME Foundation. [We’ve] got a larger staff team than GNOME has ever had before. We’ve widened the GNOME software ecosystem to include related apps and projects under the GNOME Circle banner, we’ve helped get GTK 4 out of the door, run a wider-reaching program in the Community Engagement Challenge, and consistently supported better infrastructure for both GNOME and the Linux app community in Flathub.

Aside from another grant from Endless (note: my employer), our fundraising hasn’t caught up with this pace of activities. As a result, the Board recently approved a budget for this financial year which will spend more funds from our reserves than we expect to raise in income. Due to our reserves policy, this is essentially the last time we can do this: over the next 6-12 months we need to either raise more money, or start spending less.


Security updates for Wednesday

목, 2021/06/03 - 12:04오전
Security updates have been issued by Debian (squid), Fedora (dhcp), openSUSE (gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly and slurm), Oracle (glib2 and kernel), Red Hat (kernel, kernel-rt, perl, and tcpdump), Scientific Linux (glib2), SUSE (bind, dhcp, lz4, and shim), and Ubuntu (dnsmasq, lasso, and python-django).

openSUSE Leap 15.3 released

수, 2021/06/02 - 11:58오후
OpenSUSE Leap 15.3 has been released. "There is one huge change from the previous Leap versions. openSUSE Leap 15.3 is built not just from SUSE Linux Enterprise source code like in previous versions, but built with the exact same binary packages, which strengthens the flow between Leap and SLE like a yin yang." There are a lot of new features as well, see the announcement for details.

Garrett: Producing a trustworthy x86-based Linux appliance

수, 2021/06/02 - 10:53오후
Matthew Garrett has written up the long, complex series of steps required to build an x86 device that only boots code that the creator wants to run there. "At this point everything in the boot process is cryptographically verified, and so should be difficult to tamper with. Unfortunately this isn't really sufficient - on x86 systems there's typically no verification of the integrity of the secure boot database. An attacker with physical access to the system could attach a programmer directly to the firmware flash and rewrite the secure boot database to include keys they control. They could then replace the boot image with one that they've signed, and the machine would happily boot code that the attacker controlled. We need to be able to demonstrate that the system booted using the correct secure boot keys, and the only way we can do that is to use the TPM."

[$] Making CPython faster

수, 2021/06/02 - 6:39오전
Over the last month or so, there has been a good bit of news surrounding the idea of increasing the performance of the CPython interpreter. At the 2021 Python Language Summit in mid-May, Guido van Rossum announced that he and a small team are being funded by Microsoft to work with the community on getting performance improvements upstream into the interpreter—crucially, without breaking the C API so that the ecosystem of Python extensions (e.g. NumPy) continue to work. Another talk at the summit looked at Cinder, which is a performance-oriented CPython fork that is used in production at Instagram. Cinder was recently released as open-source software, as was another project to speed up CPython that originated at Dropbox: Pyston.

Firefox 89

수, 2021/06/02 - 12:26오전
Firefox 89 has been released. The changes in this version focus on the look and feel. "We’ve redesigned and modernized the core experience to be cleaner, more inviting, and easier to use. " This release also includes enhancements to the privacy offerings. "We’ve enhanced the privacy of the Firefox Browser’s Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companies from using cookies to track your browsing across sites. This feature was originally launched in Firefox’s ETP Strict mode."

Security updates for Tuesday

화, 2021/06/01 - 11:52오후
Security updates have been issued by Fedora (cflow, chromium, eterm, gnutls, and kernel), Mageia (kernel and kernel-linus), Oracle (glib2), Red Hat (glib2, kernel, kernel-rt, and kpatch-patch), SUSE (curl, djvulibre, gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, nginx, python-httplib2, and slurm), and Ubuntu (gupnp, libwebp, postgresql-10, postgresql-12, postgresql-13, and python3.8).

GCC drops its copyright-assignment requirement

화, 2021/06/01 - 11:49오후
The GCC compiler, like other GNU projects, has long required contributors to complete paperwork assigning the copyrights on their work to the Free Software Foundation. That requirement has just been dropped, and contributors can now attach a Signed-off-by tag indicating use of the Developers Certificate of Origin instead. "This change is consistent with the practices of many other major Free Software projects, such as the Linux kernel." Initial discussion suggests that some developers were surprised by this change and are yet to be convinced that it is a good idea.

[$] eBPF seccomp() filters

화, 2021/06/01 - 12:49오전
The seccomp() mechanism allows a process to load a BPF program to restrict its future use of system calls; it is a simple but flexible sandboxing mechanism that is widely used. Those filter programs, though, run on the "classic" BPF virtual machine, rather than the extended BPF (eBPF) machine used elsewhere in the kernel. Moving seccomp() to eBPF has been an often-requested change, but security concerns have prevented that from happening. The latest attempt to enable eBPF is this patch set from YiFei Zhu; whether it will succeed where others have failed remains to be seen.

Security updates for Monday

화, 2021/06/01 - 12:23오전
Security updates have been issued by Debian (hyperkitty, libxml2, nginx, openjdk-11-jre-dcevm, rxvt-unicode, samba, and webkit2gtk), Fedora (exiv2, java-1.8.0-openjdk-aarch32, mingw-python-pillow, opendmarc, php-symfony3, php-symfony4, python-pillow, runc, rust-cranelift-codegen-shared, rust-cranelift-entity, and rxvt-unicode), openSUSE (curl, hivex, libu2f-host, libX11, libxls, singularity, and upx), Oracle (dotnet3.1 and dotnet5.0), Red Hat (docker, glib2, and runc), and Ubuntu (lz4).