Feed lwn LWN.net

Favorite IconLWN.net

Link https://lwn.net/
Feed http://lwn.net/headlines/rss
Updated 2025-07-02 05:00
[$] System call interception for unprivileged containers
On the first day of the 2022 LinuxSecurity Summit North America (LSSNA) in Austin, Texas, Stéphane Graberand Christian Brauner gave a presentation on using system-call interceptionfor container security purposes. The idea is to allow unprivilegedcontainers, those without elevated privileges on the host, to stillaccomplish their tasks, some of which require privileges. A fair amount ofwork has been done to make this viable, but there is still more to do.
Collabora Online developer edition 22.05 released
CODE22.05 has been released; this is the "developer edition" of theCollabora Online offering formerly known as LibreOffice Online.
A Rust-in-GCC update
Philip Herron has posted an update on the status of the GCC front-endcompiler for the Rust language.
Four more stable kernel updates
The5.18.8,5.15.51,5.10.127, and5.4.202stable kernel updates have been released; each contains another set ofimportant fixes.
Thunderbird 102 released
Version102 of the Thunderbird email client has been released.
Security updates for Wednesday
Security updates have been issued by Debian (blender, libsndfile, and maven-shared-utils), Fedora (openssl), Red Hat (389-ds-base, kernel, kernel-rt, kpatch-patch, and python-virtualenv), Scientific Linux (389-ds-base, kernel, python, and python-virtualenv), and Slackware (curl, mozilla, and openssl).
Vim 9.0 released
Version 9.0 of the Vim texteditor has been released. The biggest change would appear to be theaddition of the "Vim9 Script" language for editor customization:
[$] A "fireside" chat
In something of an Open Source Summit tradition, Linus Torvalds and DirkHohndel sit down for a discussion on various topics related to open sourceand, of course, the Linux kernel. OpenSource Summit North America (OSSNA) 2022 in Austin, Texas was noexception, as they reprised their keynote on the first day of theconference. The headline-grabbing part of the chat was Torvalds's declaration that Rust forLinux might get merged as soon as the next merge window, which opens in just a few weeks, but there was plenty more of interest there.
Firefox 102.0 released
Version102.0 of the Firefox browser is out. Changes include the ability todisable the panel that otherwise materializes on every downloadand the strippingof certain query parameters in extendedtracking protection mode. The stripping will be the default forprivate browsing in the next release.
Security updates for Tuesday
Security updates have been issued by Debian (nodejs and squid), Fedora (uboot-tools), Red Hat (kernel-rt, kpatch-patch, and python), SUSE (drbd, openssl-1_0_0, oracleasm, and rubygem-rack), and Ubuntu (curl).
Git 2.37.0 released
Version 2.37.0 of the Gitsource-code management system has been released. Highlights include a newobject-pruning mechanism called "cruft packs", fullintegration of the sparseindex, and more; see this GitHubblog post for more information.
[$] Two memory-tiering patch sets
Once upon a time, computers just had one type memory, so memory withina given system was interchangeable. The arrival of non-uniformmemory access (NUMA) systems complicated the situation significantly; nowsome memory was faster to access than the rest, and memory-managementalgorithms had to adapt or performance would suffer. But NUMA was just thestart; today's tiered-memory systems, which may include several tiers ofmemory with different performance characteristics, are adding newchallenges. A couple of relevant patch sets currently under review help toillustrate the types of problems that will have to be solved.
KDE Apps Mid-Year Update (KDE.news)
Here's anupdate on recent KDE application development on KDE.news:
Ojeda: Memory Safety for the World’s Largest Software Project
Miguel Ojeda has posted anupdate on the Rust-for-Linux project.
Security updates for Monday
Security updates have been issued by Debian (openssl), Fedora (dotnet6.0, mediawiki, and python2.7), Mageia (389-ds-base, chromium-browser-stable, exo, and libtiff), Oracle (httpd:2.4 and microcode_ctl), SUSE (dbus-broker, drbd, kernel, liblouis, mariadb, openssl, openssl-1_1, openSUSE kernel modules, oracleasm, php7, php72, python39, salt, and wdiff), and Ubuntu (linux, linux-hwe, mozjs91, and vim).
Kernel prepatch 5.19-rc4
The 5.19-rc4 kernel prepatch is out fortesting.
Another set of stable kernel updates
The5.18.7,5.15.50,5.10.125,5.4.201,4.19.249,4.14.285, and4.9.320stable updates have all been released. The 5.x updates are relativelysmall, but the 4.x updates contain a fair number of backportedrandom-number-generator improvements along with the usual fixes.Update: Due to an io_uring problem reported by Greg Thelen in 5.10.125, which was quickly fixed by Jens Axboe, 5.10.126 was released less than 24 hours later.
[$] NFS: the new millennium
The network filesystem (NFS) protocol has been with us for nearly 40 years.While defined initially as a stateless protocol, NFS implementations havealways had to manage state, and that need has been increasingly built intothe protocol over successive revisions. The early days of NFS werediscussed, with a focus on state management, in the first part of this series. This articlecompletes the job with a look at the evolution of NFS since, approximately,the beginning of this millennium.
Security updates for Friday
Security updates have been issued by Fedora (ntfs-3g and ntfs-3g-system-compression), SUSE (389-ds, chafa, containerd, mariadb, php74, python3, salt, and xen), and Ubuntu (apache2).
DeVault: GitHub Copilot and open source laundering
Drew DeVault takesissue with GitHub's "Copilot" offering and the licensing issues that it raises:
Security updates for Thursday
Security updates have been issued by Debian (chromium, firejail, and request-tracker4), Fedora (ghex, golang-github-emicklei-restful, and openssl1.1), Oracle (postgresql), Scientific Linux (postgresql), Slackware (openssl), SUSE (salt and tor), and Ubuntu (apache2 and squid, squid3).
[$] LWN.net Weekly Edition for June 23, 2022
The LWN.net Weekly Edition for June 23, 2022 is available.
Wielaard: Sourceware – GNU Toolchain Infrastructure roadmap
Mark Wielaard writesabout improvements at Sourceware, the site that holds the repositoryfor many projects in the GNU toolchain and beyond.
[$] Introducing PyScript
In a keynote at PyCon 2022 in SaltLake City, Utah, Peter Wang introduced another entrant in the field ofin-browser Python interpreters. The Python community has long sought a wayto be able to write Python—instead of JavaScript—to run in web browsers, and therehave been various efforts to do so over the years. Wang announced PyScript as a new framework, built atopone of those earlier projects, to allowPython scripting directly within the browser; those programs have access tomuch of the existing Python ecosystem as well as being able to interactwith the browser document object model (DOM) directly. In addition, he gave some rather eye-opening demonstrations as part of the talk.
Four stable kernel updates
The5.18.6,5.15.49,5.10.124, and5.4.200stable kernel updates have been released; each contains another set ofimportant fixes.
Security updates for Wednesday
Security updates have been issued by Debian (exo and ntfs-3g), Fedora (collectd, golang-github-cli-gh, grub2, qemu, and xen), Red Hat (httpd:2.4, kernel, and postgresql), SUSE (drbd, fwupdate, neomutt, and trivy), and Ubuntu (apache2, openssl, openssl1.0, and qemu).
[$] Disabling an extent optimization
In the final filesystem session at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM), David Howells leda discussion on a filesystem optimization that is causing various kinds ofproblems. Extent-based filesystems have data structures that sometimes donot reflect the holes that exist in files. Reads from holes in sparse files (i.e. files withholes) must return zeroes, but filesystems are not obligated to maintain knowledge ofthe holes beyond that, which leads to the problems.This concludes our coverage of LSFMM 2022.
Security updates for Tuesday
Security updates have been issued by Debian (tzdata), Oracle (cups), and SUSE (atheme, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, node_exporter, python36, release-notes-susemanager, release-notes-susemanager-proxy, SUSE Manager 4.1.15 Release Notes, SUSE Manager Client Tools, and SUSE Manager Server 4.2).
Meta: Transparent memory offloading
ThisMeta blog post by Johannes Weiner and Dan Schatzberg describes a set ofmemory-management changes used there that they call "transparent memoryoffloading".
[$] NFS: the early years
I recently had cause to reflect on the changes to the NFS (Network FileSystem) protocol over the years and found that it was a story worthtelling. It would be easy for such a story to become swamped by thedetails, as there are many of those, but one idea does stand out fromthe rest. The earliest version of NFS has been described as a"stateless" protocol, a term I still hear used occasionally. Much ofthe story of NFS follows the growth in the acknowledgment of, andsupport for, state. This article looks at the evolution of NFS (and itshandling of state) during theearly part of its life; a second installment will bring the story up to thepresent.
Security updates for Monday
Security updates have been issued by Debian (cyrus-imapd, exo, sleuthkit, slurm-wlm, vim, and vlc), Fedora (golang-github-docker-libnetwork, kernel, moby-engine, ntfs-3g-system-compression, python-cookiecutter, python2.7, python3.6, python3.7, python3.8, python3.9, rubygem-mechanize, and webkit2gtk3), Mageia (bluez, dnsmasq, exempi, halibut, and php), Oracle (.NET 6.0, .NET Core 3.1, and xz), SUSE (chafa, firejail, kernel, python-Twisted, and tensorflow2), and Ubuntu (intel-microcode).
Kernel prepatch 5.19-rc3
The 5.19-rc3 kernel prepatch is out fortesting. "5.19-rc3 is fairly small, and just looking at the diffstat, a lot ofit ends up being in the documentation subdirectory. With another chunkin selftests."
[$] A new LLVM CFI implementation
Some kernel features last longer than others. Support for forward-edgecontrol-flow integrity (CFI) for kernels compiled with LLVM was added to the 5.13kernel, but now there is already a replacement knocking on the door.Control-flow integrity will remain, but the new implementation will besignificantly different — and seemingly better in a number of ways.
Tor Project 2020-2021 annual report
The Tor Project has released a newannual report.
Security updates for Friday
Security updates have been issued by Fedora (kernel, liblouis, ntfs-3g, php, shim, shim-unsigned-aarch64, shim-unsigned-x64, thunderbird, and vim), Mageia (chromium-browser-stable and golang), Red Hat (grub2, mokutil, and shim and grub2, mokutil, shim, and shim-unsigned-x64), SUSE (389-ds, apache2, kernel, mariadb, openssl, openssl-1_0_0, rubygem-actionpack-5_1, rubygem-activesupport-5_1, and vim), and Ubuntu (exempi, kernel, linux, linux-aws, linux-aws-hwe, linux-aws-5.13, linux-aws-5.4, linux-azure, linux-azure-4.15, linux-azure-5.13, linux-azure-5.4, linux-azure-fde, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gcp-5.13, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.13, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-intel-5.13, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-oracle-5.13, linux-oracle-5.4, and spip).
[$] Fedora, FFmpeg, Firefox, Flatpak, and Fusion
Fedora's objective to become the desktop Linux distribution of choice haslong been hampered by Red Hat's risk-averse legal department, whichstrictly limits the type of software that Fedora can ship. Specifically,anything that might be encumbered by patents is off-limits, with the resultthat much of the media that users might find on the net is unplayable. Thissituation has improved over the years as the result of a lot of work withinthe Fedora project, but it still puts Fedora at a disadvantage relative tosome other distributions. A recentdiscussion on video support, though, shines a light on how some surprisinglegal reasoning may be providing a way out of this problem; that waymay not be pleasing to all involved, however.
Stable kernels released to address the processor MMIO stale-data vulnerabilities
Seven new stable kernels have been released: 5.18.5, 5.15.48, 5.10.123, 5.4.199, 4.19.248, 4.14.284, and 4.9.319. All contain a small set of patchesto address the recently disclosed processorMMIO stale-data vulnerabilities; users of those series should upgrade.
Security updates for Thursday
Security updates have been issued by Fedora (containerd, golang-github-containerd-cni, golang-github-containernetworking-cni, golang-x-sys, kernel, and qt5-qtbase), Oracle (kernel, kernel-container, microcode_ctl, subversion:1.14, and xz), Red Hat (.NET 6.0, .NET Core 3.1, cups, and xz), Scientific Linux (xz), SUSE (caddy, chromium, librecad, libredwg, varnish, and webkit2gtk3), and Ubuntu (bluez).
[$] LWN.net Weekly Edition for June 16, 2022
The LWN.net Weekly Edition for June 16, 2022 is available.
[$] Remote participation at LSFMM
As with many conferences these days, the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM) had a virtualcomponent. The main rooms were equipped with a camera trained on thepodium, thus the session leader, so thatremote participants could watch; this camera connected into a Zoomconference that allowed participation from afar. In a session near theend of the conference, led by conference organizer Josef Bacik, remoteparticipants were invited to share their experiences—on camera—with those who were there in person. It was anopportunity to discuss what went right—and wrong—with an eye towardimproving the experience for future events.
[$] A discussion on readahead
Readahead is an I/Ooptimization that causes the system to read more data than has been requested by an application—in the belief that the extra data willbe requested soon thereafter. At the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM), Matthew Wilcoxled a session to discuss readahead, especially as it relates to networkfilesystems, with assistance from Steve French andDavid Howells. The latency of the underlying storage needs to factor intothe calculation of how much data to read in advance, but it is not entirelyclear how to do so.
Processor MMIO stale-data vulnerabilities
The mainline kernel has just received a set of patches addressing a new setof (seemingly) Intel-specific hardware vulnerabilities.
CFP for the Kernel and Maintainers Summits
The 2022 Kernel Summit and Maintainers Summit will be held in Dublin; theKernel Summit will run as part of the Linux Plumbers Conference (September 12-14)while the Maintainers Summit will be on September 15. The call for proposals for both events has been posted. The deadline for the KernelSummit is tight (June 19), so this is not the time for anybody wantingto speak to procrastinate.
Security updates for Wednesday
Security updates have been issued by Red Hat (.NET 6.0 and log4j), SUSE (389-ds, grub2, kernel, openssl-1_1, python-Twisted, webkit2gtk3, and xen), and Ubuntu (php7.2, php7.4, php8.0, php8.1 and util-linux).
The "Hertzbleed" vulnerability
Today's branded, logo-equipped vulnerability is known as Hertzbleed; it affects x86processors (at least) and can be exploited in some situations to extractcryptographic keys from a remote server.
More stable kernel updates
5.18.4,5.17.15,5.15.47,5.10.122,5.4.198,4.19.247,4.14.283, and4.9.318 stable updates have all been released; eachcontains another large set of important fixes.Note that 5.17.15 will be the last release in the 5.17.x stable series.
[$] Zoned storage
Zoned storage is a form of storage that offers higher capacities by making tradeoffs in the kindsof writes that are allowed to the device. It was the topic of a storage andfilesystem session led by LuisChamberlain at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM). Over the years,zoned storage has been a frequent topic at LSFMM, going back to LSFMM 2013, where support forshingled magnetic recording (SMR) devices, which were the starting point forzoned storage, was discussed.
"Total cookie protection" from Firefox
Mozilla has announcedthe enabling of its "total cookie protection" feature in all versions ofthe Firefox browser.
Plasma 5.25.0 released
Version 5.25.0of the KDE-based Plasma desktop has been released. New features includesupport for touchpad and touchscreen gestures, an "overview" mode fornavigating between windows, additional color configuration options, and more.
Security updates for Tuesday
Security updates have been issued by Fedora (golang-github-docker-libnetwork and moby-engine), Mageia (apache, docker-containerd, kernel, kernel-linus, nats-server, and php-smarty), Slackware (php), SUSE (gimp, grub2, thunderbird, u-boot, and xen), and Ubuntu (firefox, liblouis, ncurses, and rsync).
...61626364656667686970...