lwn.net

lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 1시간 36분 지남

Security updates for Wednesday

수, 2024/02/14 - 11:09오후
Security updates have been issued by Debian (bind9 and unbound), Fedora (clamav, firecracker, libkrun, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, and virtiofsd), Red Hat (.NET 6.0, dotnet6.0, and dotnet7.0), Slackware (bind and dnsmasq), and Ubuntu (dotnet6, dotnet7, dotnet8, linux-lowlatency, linux-raspi, linux-nvidia-6.2, and ujson).
카테고리:

The kernel becomes its own CNA

수, 2024/02/14 - 4:13오전
Greg Kroah-Hartman has announced that the kernel project has been accepted as a CVE numbering authority (CNA). The way that CVE numbers will be handled by the kernel is described in this documentation patch:

As part of the normal stable release process, kernel changes that are potentially security issues are identified by the developers responsible for CVE number assignments and have CVE numbers automatically assigned to them. These assignments are published on the linux-cve mailing list as announcements on a frequent basis.

Note, due to the layer at which the Linux kernel is in a system, almost any bug might be exploitable to compromise the security of the kernel, but the possibility of exploitation is often not evident when the bug is fixed. Because of this, the CVE assignment team are overly cautious and assign CVE numbers to any bugfix that they identify. This explains the seemingly large number of CVEs that are issued by the Linux kernel team.

카테고리:

[$] A look at dynamic linking

화, 2024/02/13 - 11:54오후

The dynamic linker is a critical component of modern Linux systems, being responsible for setting up the address space of most processes. While statically linked binaries have become more popular over time as the tradeoffs that originally led to dynamic linking become less relevant, dynamic linking is still the default. This article looks at what steps the dynamic linker takes to prepare a program for execution.

카테고리:

Security updates for Tuesday

화, 2024/02/13 - 11:47오후
Security updates have been issued by Fedora (clamav and virtiofsd), Oracle (gimp), Red Hat (gnutls and nss), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t and squid), and Ubuntu (openssl).
카테고리:

FreeBSD phasing out 32-bit platforms

화, 2024/02/13 - 4:27오전

The FreeBSD Project has announced that it intends to deprecate 32-bit platforms "over the next couple of major releases". We anticipate FreeBSD 15.0 will not include the armv6, i386, and powerpc platforms, and FreeBSD 16.0 will not include armv7. Support for executing 32-bit binaries on 64-bit kernels will be retained through at least the lifetime of the stable/16 branch if not longer.

The announcement notes that support for some 32-bit platforms "may be extended if there is both demand and commitment to increased developer resources". More details about the current plans for 32-bit platforms are available in the FreeBSD 14.0-RELEASE Release Notes.

카테고리:

FreeBSD phasing out 32-bit platforms

화, 2024/02/13 - 4:27오전

The FreeBSD Project has announced that it intends to deprecate 32-bit platforms "over the next couple of major releases". We anticipate FreeBSD 15.0 will not include the armv6, i386, and powerpc platforms, and FreeBSD 16.0 will not include armv7. Support for executing 32-bit binaries on 64-bit kernels will be retained through at least the lifetime of the stable/16 branch if not longer.

The announcement notes that support for some 32-bit platforms "may be extended if there is both demand and commitment to increased developer resources". More details about the current plans for 32-bit platforms are available in the FreeBSD 14.0-RELEASE Release Notes.

카테고리:

[$] Another runc container breakout

화, 2024/02/13 - 12:57오전

Once again, runc—a tool for spawning and running OCI containers—is drawing attention due to a high severity container breakout attack. This vulnerability is interesting for several reasons: its potential for widespread impact, the continued difficulty in actually containing containers, the dangers of running containers as a privileged user, and the fact that this vulnerability is made possible in part by a response to a previous container breakout flaw in runc.

카테고리:

[$] Another runc container breakout

화, 2024/02/13 - 12:57오전

Once again, runc—a tool for spawning and running OCI containers—is drawing attention due to a high severity container breakout attack. This vulnerability is interesting for several reasons: its potential for widespread impact, the continued difficulty in actually containing containers, the dangers of running containers as a privileged user, and the fact that this vulnerability is made possible in part by a response to a previous container breakout flaw in runc.

카테고리:

Security updates for Monday

월, 2024/02/12 - 11:42오후
Security updates have been issued by Debian (libgit2), Fedora (chromium, firecracker, libkrun, openssh, python-nikola, runc, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, virtiofsd, webkitgtk, and wireshark), Mageia (filezilla and xpdf), Oracle (gimp), Red Hat (libmaxminddb, linux-firmware, squid:4, and tcpdump), Slackware (xpdf), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont and suse-build-key), and Ubuntu (python-glance-store and webkit2gtk).
카테고리:

Security updates for Monday

월, 2024/02/12 - 11:42오후
Security updates have been issued by Debian (libgit2), Fedora (chromium, firecracker, libkrun, openssh, python-nikola, runc, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, virtiofsd, webkitgtk, and wireshark), Mageia (filezilla and xpdf), Oracle (gimp), Red Hat (libmaxminddb, linux-firmware, squid:4, and tcpdump), Slackware (xpdf), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont and suse-build-key), and Ubuntu (python-glance-store and webkit2gtk).
카테고리:

Kernel prepatch 6.8-rc4

월, 2024/02/12 - 5:43오전
The 6.8-rc4 kernel prepatch is out for testing. "Commit counts and contents look normal for this phase of the release, nothing here really stands out."
카테고리:

Kernel prepatch 6.8-rc4

월, 2024/02/12 - 5:43오전
The 6.8-rc4 kernel prepatch is out for testing. "Commit counts and contents look normal for this phase of the release, nothing here really stands out."
카테고리:

Introducing Fedora Atomic Desktops (Fedora Magazine)

토, 2024/02/10 - 7:19오전
Fedora Magazine has announced the creation of Fedora Atomic Desktops: a way of branding Fedora's growing set of rpm-ostree spins. Joseph Gayso wrote "we’ve seen more of our mainline Fedora Linux spins make the jump to offer a version that implements rpm-ostree. It’s reached the point where it can be hard to talk about all of them at the same time. Therefore we’ve introduced a new brand that will serve to simplify how we discuss rpm-ostree and how we name future atomic spins." LWN covered Project Bluefin, which is based on Fedora's rpm-ostree work, in December 2023.
카테고리:

Introducing Fedora Atomic Desktops (Fedora Magazine)

토, 2024/02/10 - 7:19오전
Fedora Magazine has announced the creation Fedora Atomic Desktops: a way of branding Fedora's growing set of rpm-ostree spins. Joseph Gayso wrote "we’ve seen more of our mainline Fedora Linux spins make the jump to offer a version that implements rpm-ostree. It’s reached the point where it can be hard to talk about all of them at the same time. Therefore we’ve introduced a new brand that will serve to simplify how we discuss rpm-ostree and how we name future atomic spins." LWN covered Project Bluefin, which is based on Fedora's rpm-ostree work, in December 2023.
카테고리:

DRM-CI: A GitLab-CI pipeline for Linux kernel testing (Collabora Blog)

토, 2024/02/10 - 7:15오전
Over on the Collabora blog, Helen Koike writes about the DRM-CI project for running automated continuous integration (CI) tests on multiple graphics devices in several different labs. It uses the IGT GPU tools for testing, though there are plans to expand: The roadmap for DRM-CI includes enabling other devices, incorporating additional tests like kselftests, adding support for vgem driver, and implementing further automations. DRM-CI builds upon the groundwork laid by Mesa3D CI, including its GitLab YAML files and most of its setup, fostering collaboration and mutual strengthening.

[...] Adapting the DRM-CI pipeline to other subsystems is feasible with a few modifications. The primary consideration is setting up dedicated GitLab-CI runners since Freedesktop's infrastructure is meant only for graphics.

In light of this, our team is developing a versatile and user-friendly GitLab-CI pipeline. This new pipeline is envisioned to function as a flexible interface for kernel maintainers and developers that can be evolved to connect with different test environments that can also be hooked with CI systems such as KernelCI. This approach aims to simplify the integration process, making GitLab-CI more accessible and beneficial to a broader range of developers.

카테고리:

DRM-CI: A GitLab-CI pipeline for Linux kernel testing (Collabora Blog)

토, 2024/02/10 - 7:15오전
Over on the Collabora blog, Helen Koike writes about the DRM-CI project for running automated continuous integration (CI) tests on multiple graphics devices in several different labs. It uses the IGT GPU tools for testing, though there are plans to expand: The roadmap for DRM-CI includes enabling other devices, incorporating additional tests like kselftests, adding support for vgem driver, and implementing further automations. DRM-CI builds upon the groundwork laid by Mesa3D CI, including its GitLab YAML files and most of its setup, fostering collaboration and mutual strengthening.

[...] Adapting the DRM-CI pipeline to other subsystems is feasible with a few modifications. The primary consideration is setting up dedicated GitLab-CI runners since Freedesktop's infrastructure is meant only for graphics.

In light of this, our team is developing a versatile and user-friendly GitLab-CI pipeline. This new pipeline is envisioned to function as a flexible interface for kernel maintainers and developers that can be evolved to connect with different test environments that can also be hooked with CI systems such as KernelCI. This approach aims to simplify the integration process, making GitLab-CI more accessible and beneficial to a broader range of developers.

카테고리:

[$] Gnuplot 6 comes with pie

토, 2024/02/10 - 2:53오전
Gnuplot 6.0 was released in December 2023, bringing a host of significant improvements and new capabilities to the open-source graphing tool. Here we survey the major new features, including filled contours in 3D, adaptive plotting resolution, watchpoints, clipping of surfaces, sector plots for making things like pie charts, and new syntax for conditionals in gnuplot's scripting language. In addition, there are detailed examples of the features described.
카테고리:

[$] Gnuplot 6 comes with pie

토, 2024/02/10 - 2:53오전
Gnuplot 6.0 was released in December 2023, bringing a host of significant improvements and new capabilities to the open-source graphing tool. Here we survey the major new features, including filled contours in 3D, adaptive plotting resolution, watchpoints, clipping of surfaces, sector plots for making things like pie charts, and new syntax for conditionals in gnuplot's scripting language. In addition, there are detailed examples of the features described.
카테고리:

Rowley: What’s new in the Postgres 16 query planner / optimizer

금, 2024/02/09 - 11:57오후
David Rowley looks deeply into the improvements coming to the query planner in PostgreSQL 16.

For a long time now, PostgreSQL has been able to remove a LEFT JOIN where no column from the left joined table was required in the query and the join could not possibly duplicate any rows.

However, in versions prior to PostgreSQL 16, there was no support for left join removals on partitioned tables. Why? Because the proofs that the planner uses to determine if there’s any possibility any inner-side row could duplicate any outer-side row were not present for partitioned tables.

The PostgreSQL 16 query planner now allows the LEFT JOIN removal optimization with partitioned tables.

카테고리:

Rowley: What’s new in the Postgres 16 query planner / optimizer

금, 2024/02/09 - 11:57오후
David Rowley looks deeply into the improvements coming to the query planner in PostgreSQL 16.

For a long time now, PostgreSQL has been able to remove a LEFT JOIN where no column from the left joined table was required in the query and the join could not possibly duplicate any rows.

However, in versions prior to PostgreSQL 16, there was no support for left join removals on partitioned tables. Why? Because the proofs that the planner uses to determine if there’s any possibility any inner-side row could duplicate any outer-side row were not present for partitioned tables.

The PostgreSQL 16 query planner now allows the LEFT JOIN removal optimization with partitioned tables.

카테고리:

페이지