lwn.net

lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 2시간 16분 지남

[$] An update on continuous testing of BPF kernel patches

수, 2025/05/21 - 2:51오전

Ihor Solodrai has been working on the BPF subsystem's continuous-integration (CI) testing for the last six months. At the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, he remotely shared an update on his work, and solicited feedback on how the tests could be further improved. Much of the work he's done has been specific to the BPF subsystem, but some is more generic and could potentially be of use to other subsystems. He also shared some general lessons learned from working on the BPF CI tests.

카테고리:

[$] Debian AI General Resolution withdrawn

수, 2025/05/21 - 2:38오전

Despite careful planning and months of warning, Debian developer Mo Zhou has acknowledged that the project needs more time to grapple with the questions around AI models and the Debian Free Software Guidelines (DFSG). For now, he has withdrawn his proposed General Resolution (GR) that would have required the original training data for AI models to be released in order to be considered DFSG-compliant—though the debates on the topic continue.

카테고리:

Red Hat Enterprise Linux 10 released

화, 2025/05/20 - 11:58오후

Red Hat has announced the release of Red Hat Enterprise Linux (RHEL) 10. A blog post accompanying the release provides details on some of the more notable features, such as encrypted DNS, a developer preview of RHEL 10 for RISC-V, and image mode for RHEL using bootc.

Image mode for RHEL lets you deploy your OS as a bootc image to your hardware, virtual machine or cloud, and then layer your app on top of it. That's a far less complex operation than traditional packaged deployments, and it gives developers and image maintainers a common experience and total control over their environment.

RHEL 10 includes the 6.12.0 kernel, GCC 14.2, GNU Binutils 2.41, GNU C Library (glibc) 2.39, Python 3.12, Perl 5.40, and more. See the release notes for a full list of changes. LWN covered CentOS Stream 10 in December, which provided an early look at what would be in the RHEL 10 release.

카테고리:

Security updates for Tuesday

화, 2025/05/20 - 7:20오후
Security updates have been issued by Debian (firefox-esr, openjdk-11, openjdk-17, and wireless-regdb), Fedora (iputils, open-vm-tools, sfnt2woff-zopfli, and woff), Red Hat (postgresql:12), SUSE (apache2-mod_auth_openidc, brltty, helm, python-maturin, and rubygem-rack), and Ubuntu (linux-azure-fips).
카테고리:

Go cryptography security audit (The Go Blog)

화, 2025/05/20 - 2:48오전

Roland Shoemaker has published a blog post about a recent security audit of the cryptography packages shipped as part of the Go standard library. The audit, performed by the Trail of Bits security firm, uncovered one low-severity vulnerability in the legacy Go+BoringCrypto integration, as well as a handful of informational findings.

During the review, there were a number of questions about our cgo-based Go+BoringCrypto integration, which provides a FIPS 140-2 compliant cryptography mode for internal usage at Google. The Go+BoringCrypto code is not supported by the Go team for external use, but has been critical for Google's internal usage of Go.

The Trail of Bits team found one vulnerability and one non-security relevant bug, both of which were results of the manual memory management required to interact with a C library. Since the Go team does not support usage of this code outside of Google, we have chosen not to issue a CVE or Go vulnerability database entry for this issue, but we fixed it in the Go 1.25 development tree.

The entire report is available as a PDF for those who enjoy a little light security reading.

카테고리:

[$] Reports from OSPM 2025, day one

화, 2025/05/20 - 1:26오전
The seventh edition of the Power Management and Scheduling in the Linux Kernel (known as "OSPM") Summit took place on March 18-20, 2025. It was organized by Juri Lelli, Frauke Jäger, Tommaso Cucinotta, and Lorenzo Pieralisi, and was hosted by Linutronix at Alte Fabrik, Uhldingen-Mühlhofen, Germany. The event was sponsored by Linutronix, Arm, and the Scuola Superiore Sant'Anna in Pisa.
카테고리:

Security updates for Monday

화, 2025/05/20 - 1:24오전
Security updates have been issued by Debian (dropbear, firefox-esr, intel-microcode, net-tools, openafs, thunderbird, and xrdp), Fedora (chromium, micropython, syslog-ng, webkitgtk, and xen), Mageia (dropbear and openssh), Oracle (.NET 9.0, kernel, libjpeg-turbo, and yelp and yelp-xsl), Red Hat (compat-openssl11, git-lfs, grafana, kernel, and osbuild and osbuild-composer), Slackware (mozilla), SUSE (cargo-c, gimp, iputils-20240905, kernel, libraw, microcode_ctl, openssh, pnpm, python311-cramjam, python311-httptools, python311-jwcrypto, python311-loguru, python311-mechanize, python311-nltk, python311-oauthlib, python311-py7zr, python311-pycapnp, python311-pyspnego, python311-pywayland, python311-suds, python311-treq, python311-ujson, python311-waitress, ruby3.4-rubygem-actionmailer, ruby3.4-rubygem-actiontext, ruby3.4-rubygem-activerecord, ruby3.4-rubygem-activestorage, ruby3.4-rubygem-fluentd, ruby3.4-rubygem-globalid, ruby3.4-rubygem-jquery-rails, ruby3.4-rubygem-kramdown, ruby3.4-rubygem-loofah, ruby3.4-rubygem-multi_xml, ruby3.4-rubygem-puma, ruby3.4-rubygem-rails, ruby3.4-rubygem-rails-html-sanitizer, ruby3.4-rubygem-sprockets, ruby3.4-rubygem-web-console, ruby3.4-rubygem-websocket-extensions, ucode-intel-20250512, and valkey), and Ubuntu (dotnet8, dotnet9, linux, linux-aws, linux-aws-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-oracle, linux, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-fips, linux-gcp, linux-gcp-5.15, linux-gcp-fips, linux-gke, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-realtime, and linux-xilinx-zynqmp).
카테고리:

Kernel prepatch 6.15-rc7

월, 2025/05/19 - 3:03오후
The 6.15-rc7 kernel prepatch is out for testing. "So while I wish we hadn't had some of the excitement of last week, on the whole it all still looks pretty solid, and unless something strange happens I'll do the final 6.15 release next weekend."
카테고리:

Five more stable kernels

일, 2025/05/18 - 5:26오후
The 6.14.7, 6.12.29, 6.6.91, 6.1.139, and 5.15.183 stable kernel updates have been released; each contains another set of important fixes.
카테고리:

[$] A kernel developer plays with Home Assistant: case studies

금, 2025/05/16 - 10:29오후
The first article in this series provided an overview of Home Assistant, its community, and its capabilities. It was deliberately short on descriptions of interesting things that can be done with Home Assistant, though — the reasons why one might actually want to use this program. In this closing article, we'll look at how Home Assistant was used to solve some real problems.
카테고리:

An Asahi Linux 6.15 progress report

금, 2025/05/16 - 10:26오후

The Asahi Linux project, which supports Linux on Apple Silicon Macs, has published a progress report ahead of the 6.15 kernel's release.

We are pleased to announce that our graphics driver userspace API (uAPI) has been merged into the Linux kernel. This major milestone allows us to finally enable OpenGL, OpenCL and Vulkan support for Apple Silicon in upstream Mesa. This is the only time a graphics driver's uAPI has been merged into the kernel independent of the driver itself, which was kindly allowed by the kernel graphics subsystem (DRM) maintainers to facilitate upstream Mesa enablement while the required Rust abstractions make their way upstream. We are grateful for this one-off exception, made possible with close collaboration with the kernel community.

카테고리:

Security updates for Friday

금, 2025/05/16 - 10:10오후
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, kernel, kernel-rt, redis:6, and yelp and yelp-xsl), Debian (chromium), Red Hat (compat-openssl11, kernel, and thunderbird), and SUSE (nbdkit, open-vm-tools, and rustup).
카테고리:

In Memoriam: John L. Young (EFF)

금, 2025/05/16 - 5:26오후
The Electronic Frontier Foundation has posted a somewhat belated memorial for John Young, the founder of Cryptome.

John was one of the early, under-recognized heroes of the digital age. He not only saw the promise of digital technology to help democratize access to information, he brought that idea into being and nurtured it for many years. We will miss him and his unswerving commitment to the public's right to know.

카테고리:

Rust 1.87.0 released

금, 2025/05/16 - 4:26오전

To commemorate the tenth anniversary of the 1.0 release of the Rust language, version 1.87.0 was announced live today at the 10 Years of Rust celebration in Utrecht, Netherlands. Notable changes include the addition of anonymous pipes to the standard library and the ability for inline assembly (asm!) to jump to labeled blocks within Rust code.

카테고리:

[$] A new DMA-mapping API

목, 2025/05/15 - 11:26오후
Leon Romanovsky began his session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF) by explaining that the improved DMA-mapping API that he has been working on is a group effort. He, Chaitanya Kulkarni, Christoph Hellwig, Jason Gunthorpe, and others are proposing to modernize the API and to "make it more suitable for current kernels". He told the assembled storage and filesystem developers that the progress on the proposal has stalled, but that it was the basis for further work in various areas, so he hoped to find a way to move forward with it.
카테고리:

Oniux: kernel-level Tor isolation for Linux applications

목, 2025/05/15 - 11:19오후

The Tor project has announced the oniux utility which provides Tor network isolation, using Linux namespaces, for third-party applications.

Namespaces are a powerful feature that gives us the ability to isolate Tor network access of an arbitrary application. We put each application in a network namespace that doesn't provide access to system-wide network interfaces (such as eth0), and instead provides a custom network interface onion0.

This allows us to isolate an arbitrary application over Tor in the most secure way possible software-wise, namely by relying on a security primitive offered by the operating system kernel. Unlike SOCKS, the application cannot accidentally leak data by failing to make some connection via the configured SOCKS, which may happen due to a mistake by the developer.

The Tor project cautions that oniux is considered experimental as the software it depends on, such as Arti and onionmasq, are still new.

카테고리:

Security updates for Thursday

목, 2025/05/15 - 11:18오후
Security updates have been issued by Debian (open-vm-tools), Fedora (dnsdist), Gentoo (Node.js and Tracker miners), Red Hat (kernel and xdg-utils), SUSE (audiofile, go1.22-openssl, go1.24, grub2, kernel-devel, openssl-1_1, openssl-3, and python311-Django), and Ubuntu (ruby-rack).
카테고리:

[$] LWN.net Weekly Edition for May 15, 2025

목, 2025/05/15 - 9:59오전
Inside this week's LWN.net Weekly Edition:

  • Front: Home Assistant; YaST; bpfilter; Flatpak; More LSFMM+BPF 2025 coverage.
  • Briefs: Screen security; Guix on Codeberg; Postgres I/O; GNOME executive director; Nextcloud blog; Podman 5.5.0; OSL sustainability; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.
카테고리:

[$] The future of Flatpak

목, 2025/05/15 - 4:18오전

At the Linux Application Summit (LAS) in April, Sebastian Wick said that, by many metrics, Flatpak is doing great. The Flatpak application-packaging format is popular with upstream developers, and with many users. More and more applications are being published in the Flathub application store, and the format is even being adopted by Linux distributions like Fedora. However, he worried that work on the Flatpak project itself had stagnated, and that there were too few developers able to review and merge code beyond basic maintenance.

카테고리:

Podman 5.5.0 released

목, 2025/05/15 - 2:37오전

Version 5.5.0 of the Podman container-management tool has been released. Notable features include the addition of a podman machine cp command to copy files into a running Podman VM, a podman artifact extract command to copy contents of an OCI artifact to disk, and a --mount=artifact option to mount OCI artifacts into containers. See the release announcement for a full list of improvements and bug fixes.

카테고리:

페이지