lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 1시간 27분 지남

[$] KOReader: a free electronic-book reader for e-ink devices

토, 2022/04/16 - 12:41오전
Your editor has a certain tendency to accumulate books, to the point that they crowd everything else out of the house. There is a lot to be said for books: a physical book has a user interface that has been optimized over centuries, and one can have a reasonably high degree of certainty that any given book will still work a few decades for now. Neither of those can be said for electronic books, but they do have the advantages of taking less shelf space and being more portable. So electronic books are part of the reading menu, which naturally leads to the search for a free reader for those books; KOReader turns out to be an interesting alternative.

Stable kernels 5.4.189 and 4.19.238

금, 2022/04/15 - 11:25오후
Greg Kroah-Hartman has announced the release of the 5.4.189 and 4.19.238 stable kernels. As usual, they contain important fixes throughout the tree and users should upgrade.

Security updates for Friday

금, 2022/04/15 - 9:03오후
Security updates have been issued by Debian (fribidi and python-django), Fedora (postgresql-jdbc, stargz-snapshotter, and thunderbird), Slackware (git, gzip, and xz), and SUSE (kernel, SDL2, and tomcat).

[$] Rustaceans at the border

금, 2022/04/15 - 3:42오전
Support for developing in the Rust language is headed toward the kernel, though just when it will land in the mainline is yet to be determined. The Rust patches are progressing, though, and beginning to attract attention from beyond the kernel community. When two languages — and two different development communities — come together, the result can be a sort of cultural clash. Some early signs of that are appearing with regard to Rust in the kernel; if the resulting impedance mismatches can be worked out, the result could be a better development environment for everybody involved.

Security updates for Thursday

목, 2022/04/14 - 9:39오후
Security updates have been issued by Debian (lrzip), Fedora (community-mysql, expat, firefox, kernel, mingw-openjpeg2, nss, and openjpeg2), Mageia (ceph, subversion, and webkit2), openSUSE (chromium), Oracle (httpd:2.4), Red Hat (kpatch-patch), Slackware (ruby), SUSE (kernel and netatalk), and Ubuntu (gzip and xz-utils).

A hint on the future direction of SUSE Linux Enterprise

목, 2022/04/14 - 7:08오후
SUSE has begun to discuss its plans for the next version of SUSE Linux Enterprise on the openSUSE lists. It appears that there will be some significant changes.

Intending to do radical changes (regarding technology- but also design-wise) we choose "Adaptable Linux Platform" or short "ALP" as codename for that next generation. This indicates already that some things will be quite different than a "mere "SLE 15++ would be ;) [...]

Another important point is that we intend to split what was a more generic, everything is closely intertwined into two parts: One smaller hardware enabling piece, a kind of "host OS", and the and the layer providing and supporting applications, which will be container (and VM) based.


[$] LWN.net Weekly Edition for April 14, 2022

목, 2022/04/14 - 9:13오전
The LWN.net Weekly Edition for April 14, 2022 is available.

[$] A literal string type for Python

목, 2022/04/14 - 6:01오전
Using strings with contents that are supplied by users can be fraught with peril; SQL injection is a well-known technique for attacking applications that stems from that, for example. Generally, database frameworks and libraries provide mechanisms that seek to lead programmers toward doing The Right Thing, with parameterized queries and the like, but they cannot enforce that—inventive developers will seemingly always find ways to inject user input into places it should not go. A recently adopted Python Enhancement Proposal (PEP) provides a way to enforce the use of strings that are untainted by user input, but it uses the optional typing features of the language to do so; those wanting to take advantage of it will need to be running a type-checking program.

A set of stable kernel updates

목, 2022/04/14 - 5:11오전
The 5.17.3, 5.16.20, 5.15.34, and 5.10.111 stable kernel updates have been released after a relatively quick review cycle. Each contains a relatively large set of important fixes. Note that 5.16.20 is the final update in the 5.16.x series.

Security updates for Wednesday

수, 2022/04/13 - 10:46오후
Security updates have been issued by Arch Linux (gzip, python-django, and xz), Debian (chromium, subversion, and zabbix), Red Hat (expat, kernel, and thunderbird), SUSE (go1.16, go1.17, kernel, libexif, libsolv, libzypp, zypper, opensc, subversion, thunderbird, and xz), and Ubuntu (git, linux-bluefield, nginx, and subversion).

Qt 6.3 released

수, 2022/04/13 - 4:45오후
Version 6.3 of the Qt graphics library has been released. "Qt 6.3 also comes with a decent set of new functionality. A total of 250 user stories and tasks implementing new functionality have been completed for 6.3. Those are of course too many to list individually, and if you want to have all the details, have a look at our new features page and our Release Notes."

Git security fixes released

수, 2022/04/13 - 12:56오후
Git maintainer Junio C Hamano has announced the release of v2.35.2, along with multiple other Git versions ("v2.30.3, v2.31.2, v2.32.1, v2.33.2, and v2.34.2"), to fix a security problem that can happen on multi-user machines (CVE-2022-24765). This GitHub blog post has more details, though the GitHub service itself is not vulnerable. The description in the announcement seems a bit Windows-centric, but Linux multi-user systems are apparently vulnerable as well: On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in `C:\.git`, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs `git status` (or `git diff`) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.

[$] trusted_for() bounces off the merge window

수, 2022/04/13 - 5:06오전
When last we looked in on the proposed trusted_for() system call, which would allow user-space interpreters and other tools to ask the kernel whether a file is "trusted" for execution, it looked like it was on-track for the mainline. That was back in October 2020; the patch has been updated multiple times since then, made its way into linux-next, and a pull request was made by Mickaël Salaün for the 5.18 merge window. But it seems that there will be more to the story of getting this functionality into the kernel, as Linus Torvalds declined to pull trusted_for(), at least partly because he did not like the name, but there were other reasons as well. While he is not opposed to the functionality it would provide, he also had strong feelings that a new system call was not the right approach.

Malcolm: The state of static analysis in the GCC 12 compiler

화, 2022/04/12 - 10:25오후
David Malcolm has posted an update on the state of static analysis in GCC 12.

Some other languages, such as Perl, can track input and flag any variable that should not be trusted because it was read from an outside source such as a web form. Flagging variables in this manner is called tainting. After a program runs the variable through a check, the variable can be untainted, a process called sanitization.

Our GCC analyzer's taint mode is activated by -fanalyzer-checker=taint (which should be specified in addition to -fanalyzer). Taint mode attempts to track attacker-controlled values entering the program and to warn if they are used without sanitization.


Stable kernel 4.9.310

화, 2022/04/12 - 7:10오후
The 4.9.310 stable kernel update has been released; the changes consist mostly of backported Spectre mitigation patches.

Security updates for Tuesday

화, 2022/04/12 - 7:02오후
Security updates have been issued by Debian (thunderbird and usbguard), Fedora (containerd, firefox, golang-github-containerd-imgcrypt, nss, and vim), Oracle (firefox, kernel, kernel-container, and thunderbird), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (libexif, mozilla-nss, mysql-connector-java, and qemu), and Ubuntu (libarchive and python-django).

[$] Negative dentries, 20 years later

화, 2022/04/12 - 1:59오전
Filesystems and the virtual filesystem layer are in the business of managing files that actually exist, but the Linux "dentry cache", which remembers the results of file-name lookups, also keeps track of files that don't exist. This cache of "negative dentries" plays an important role in the overall performance of the system but, if it is allowed to grow too large, its role can become negative in its own right. As the 2022 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM) approaches, the subject of negative dentries has come up yet again; whether one can be positive about the prospects for a resolution this time around remains unclear.

Kernel prepatch 5.18-rc2

월, 2022/04/11 - 10:32오후
The second 5.18 kernel prepatch is out for testing. "Things look fairly normal here, although it's early in the release cycle so it's a bit hard to say for sure. But at least it's not looking particularly odd, and we have fixes all over."

Security updates for Monday

월, 2022/04/11 - 10:15오후
Security updates have been issued by Debian (gzip, libxml2, minidlna, openjpeg2, thunderbird, webkit2gtk, wpewebkit, xen, and xz-utils), Fedora (crun, unrealircd, and vim), Mageia (389-ds-base, busybox, flatpak, fribidi, gdal, python-paramiko, and usbredir), openSUSE (opera and seamonkey), Oracle (kernel and kernel-container), Red Hat (firefox), Scientific Linux (firefox), Slackware (libarchive), SUSE (389-ds, libsolv, libzypp, zypper, and python), and Ubuntu (python-django and tcpdump).

OpenSSH 9.0 released

토, 2022/04/09 - 12:11오전
OpenSSH 9.0 has been released. It is claimed to be primarily a bug-fix release, but it also switches to a new, quantum-computer-proof key-exchange protocol by default and includes a number of sftp changes, some of which may create some compatibility issues (described in the announcement) with scp.

We consider the removal of the need for double-quoting shell characters in file names to be a benefit and do not intend to introduce bug-compatibility for legacy scp/rcp in scp(1) when using the SFTP protocol.