lwn.net 피드 구독하기
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
업데이트: 1시간 32분 지남

Security updates for Wednesday

수, 2024/01/10 - 11:52오후
Security updates have been issued by Fedora (libssh), Gentoo (FAAD2 and RedCloth), Red Hat (kpatch-patch and nss), SUSE (hawk2, LibreOffice, opera, and tar), and Ubuntu (glibc, golang-1.13, golang-1.16, linux-azure, linux-gkeop, monit, and postgresql-9.5).

[$] The odd saga of CVE-2012-5639

수, 2024/01/10 - 9:08오전
A new release for any project with a fix for a 12-year old CVE is going to stand out pretty obviously; a recent release has a fix of that nature, but the trail of CVE-2012-5639 is rather elusive. The Apache OpenOffice project made its 4.1.15 release with fixes for four CVEs, including one for CVE-2012-5639 ("Loading internal / external resources without warning"), on December 22. But nearly everything about that CVE seems rather murky, and it is difficult to get a clear picture of what, exactly, was done in OpenOffice to address the problem.

Vcc: a Clang compiler for Vulkan

수, 2024/01/10 - 4:32오전
The Vcc compiler has been announced.

It’s exactly what the name implies: a clang-based compiler that outputs code that runs on Vulkan.

Vcc can be thought of as a GLSL and HLSL competitor, but the true intent of this project is to retire the concept of shading languages entirely. Unlike existing shading languages, Vcc makes a honest attempt to bring the entire C/C++ language family to Vulkan, which means implementing a number of previously unseen features in Vulkan shaders


The OpenWrt One project

수, 2024/01/10 - 2:05오전
OpenWrt developer John Crispin says: "In 2024 the OpenWrt project turns 20 years! Let's celebrate this anniversary by launching our own first and fully upstream supported hardware design." The rest of the message describes the proposed OpenWrt-native network-routing system, based Banana Pi boards; the project is being organized through the Software Freedom Conservancy. (Thanks to Dave Täht).

Leemhuis: Regression tracking: state of the union early 2024

수, 2024/01/10 - 1:53오전
Thorsten Leemhuis writes about his plans for improving the kernel's regression handling in the coming year.

Top-priority will be "make regzbot more useful for kernel subsystem maintainers" from now on. My tracking efforts of course will continue, but everything except regressions in the current and the previous mainline cycle might not see much attention from my side. This refocusing also means that I won't work much on resolving some ambiguities around "how regressions are supposed to be handled" which lead to tension quite a few times. But all that should be for the best in the long term.


Shaw: Python 3.13 gets a JIT

수, 2024/01/10 - 12:21오전
Anthony Shaw describes the new copy-and-patch JIT that has been proposed for Python 3.13.

Copy-and-patch was selected because the compilation from bytecodes to machine code is done as a set of “templates” that are then stitched together and patched at runtime with the correct values. This means that your average Python user isn’t running this complex JIT compiler architecture inside their Python runtime. Python writing it’s own IL and JIT would also be unreasonable since so many are available off-the-shelf like LLVMs and ryuJIT. But a full-JIT would require those being bundled with Python and all the added overheads. A copy-and-patch JIT only requires the LLVM JIT tools be installed on the machine where CPython is compiled from source, and for most people that means the machines of the CI that builds and packages CPython for python.org.


Solus 4.5 released

수, 2024/01/10 - 12:00오전
Version 4.5 ("Resilience") of the Solus distribution has been released. "This release brings updated applications and kernels, refreshed software stacks, a new installer, and a new ISO edition featuring the XFCE desktop environment."

Security updates for Tuesday

화, 2024/01/09 - 11:50오후
Security updates have been issued by Debian (squid), Fedora (podman), Mageia (dropbear), SUSE (eclipse-jgit, jsch, gcc13, helm3, opusfile, qt6-base, thunderbird, and wireshark), and Ubuntu (clamav, libclamunrar, and qemu).

[$] Some 6.7 development statistics

화, 2024/01/09 - 3:08오전
The 6.7 kernel was released on January 7 after a ten-week development cycle. This was, as it turns out, the busiest cycle ever with regard to the number of changesets merged. The time has come for our usual look at where all those changesets came from, with a side trip into how long kernel developers tend to stick around.

Three new stable kernels

월, 2024/01/08 - 11:48오후
Greg Kroah-Hartman has announced the release of the 5.4.266, 4.19.304, and 4.14.335 stable kernels. They contain important fixes throughout the kernel tree.

Security updates for Monday

월, 2024/01/08 - 11:25오후
Security updates have been issued by Debian (exim4), Fedora (chromium, perl-Spreadsheet-ParseExcel, python-aiohttp, python-pysqueezebox, and tinyxml), Gentoo (Apache Batik, Eclipse Mosquitto, firefox, R, Synapse, and util-linux), Mageia (libssh2 and putty), Red Hat (squid), SUSE (libxkbcommon), and Ubuntu (gnutls28).

The 6.7 kernel has been released

월, 2024/01/08 - 5:48오전
Linus has released the 6.7 kernel.

End result: 6.7 is (in number of commits: over 17k non-merge commits, with 1k+ merges) one of the largest kernel releases we've ever had, but the extra rc8 week was purely due to timing with the holidays, not about any difficulties with the larger release.

Some of the headline features in this release are: the removal of support for the Itanium architecture, the first part of the futex2 API, futex support in io_uring, the BPF exceptions mechanism, the bcachefs filesystem, the TCP authentication option, the kernel samepage merging smart scan mode, and networking support for the Landlock security module. See the LWN merge-window summaries (part 1, part 2) and the (in-progress) KernelNewbies 6.7 page for more information.


[$] Kernel-text replication on NUMA systems

토, 2024/01/06 - 12:41오전
Kernel developers often go out of their way to reduce the memory used by the kernel itself; that memory is not available for the workloads that people are actually interested in running on their systems. Lower memory usage also tends to lead to better performance overall. But there are times when the expenditure of some extra memory can make the system faster. The replication of the kernel's text (executable code) and read-only data across a NUMA system may be a case in point; patch sets have been posted adding that capability to two architectures.

Four stable kernels released

금, 2024/01/05 - 11:57오후
The 6.6.10, 6.1.71, 5.15.146, and 5.10.206 stable kernels have been released. They contain numerous important fixes, as usual.

Security updates for Friday

금, 2024/01/05 - 11:45오후
Security updates have been issued by Debian (asterisk, chromium, exim4, netatalk, and tomcat9), Fedora (chromium), Gentoo (BlueZ, c-ares, CUPS filters, RDoc, and WebKitGTK+), Oracle (firefox, squid:4, thunderbird, and tigervnc), SUSE (python-aiohttp and python-paramiko), and Ubuntu (linux-intel-iotg).

[$] The return of None-aware operators for Python

금, 2024/01/05 - 9:24오전
The saga of the None-aware (or null-coalescing) operators for Python continues. We last looked in on the topic a little over a year ago and noted that either adoption or a clear rejection of the idea might help tamp down its regular recurrence. That has not happened, so, predictably, it was raised again—and does not look any closer to resolution this time around.

Computer science pioneer Niklaus Wirth passes away (ITWire)

금, 2024/01/05 - 12:30오전
ITWire covers the passing of Niklaus Wirth.

Wirth is well-remembered for his pioneering work in programming languages and algorithms. For these achievements, he received the ACM Turing Award in 1984, inducted as a Fellow of the ACM in 1994, and a Fellow of the Computer History Museum in 2004.

They include, among many, being chief designer for the programming languages Euler (1965), PL360 (1966), ALGOL W (1968), Pascal (1970), Modula (1975), Modula-2 (1978), Oberon (1987), Oberon-2 (1991), and Oberon-07 (2007).


Security updates for Thursday

목, 2024/01/04 - 11:29오후
Security updates have been issued by Oracle (firefox, gstreamer1-plugins-bad-free, thunderbird, tigervnc, and xorg-x11-server), Red Hat (squid:4), SUSE (exim, libcryptopp, and proftpd), and Ubuntu (openssh and sqlite3).

[$] LWN.net Weekly Edition for January 4, 2024

목, 2024/01/04 - 10:40오전
The LWN.net Weekly Edition for January 4, 2024 is available.

[$] Smuggling email inside of email

목, 2024/01/04 - 7:42오전
Normally, when a new vulnerability is discovered and releases are coordinated with those affected, the announcement is done at a convenient time—not generally right before the end-of-year holidays, for example. The SMTP Smuggling vulnerability has taken a different path, however, with its announcement landing on December 18. That may well have been unpleasant for some administrators that had not yet updated, but it was particularly problematic for some projects that had not been made aware of the vulnerability at all—though it was known to affect several open-source mailers.