Welcome to LWN.net [LWN.net] (2024)

  • Previous 20 items

LWN.net needs you!

Without subscribers, LWN would simply not exist. Please consider signing up for a subscription and helping to keep LWN publishing

Security updates for Thursday

[Security] Posted May 9, 2024 13:31 UTC (Thu) by jake

Security updates have been issued by AlmaLinux (ansible-core, avahi, bind, buildah, containernetworking-plugins, edk2, fence-agents, file, freeglut, freerdp, frr, git-lfs, gnutls, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd, ipa, libjpeg-turbo, libnbd, LibRaw, libreswan, libsndfile, libssh, libtiff, libvirt, libX11, libXpm, mingw components, mingw-glib2, mingw-pixman, mod_http2, mod_jk and mod_proxy_cluster, motif, mutt, openssl and openssl-fips-provider, osbuild-composer, pam, pcp, perl, pmix, podman, python-jinja2, python-jwcrypto, python3.11, python3.11-cryptography, python3.11-urllib3, qemu-kvm, qt5-qtbase, runc, skopeo, sssd, systemd, tcpdump, tigervnc, toolbox, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), CentOS (firefox, grub2, kernel, squid, thunderbird, tigervnc, and xorg-x11-server), Debian (chromium, glib2.0, python-idna, webkit2gtk, and wordpress), Fedora (freerdp, freerdp2, and pypy), Mageia (chromium-browser-stable, exfatprogs, freeglut, libtiff, libvirt, libxml2, openpmix, php-tcpdf, ruby, tpm2-tools, tpm2-tss, traceroute, and zziplib), Oracle (bind, buildah, git-lfs, gnutls, golang, grafana, grafana-pcp, libreswan, libvirt, libxml2, mod_http2, podman, python-jwcrypto, skopeo, sssd, and tigervnc), Red Hat (nodejs:18, nodejs:20, and squid:4), and SUSE (avahi, ghostscript, go1.21, go1.22, python-pymongo, python-Werkzeug, and sssd).

Full Story (comments: none)

[$] LWN.net Weekly Edition for May 9, 2024

Posted May 9, 2024 0:03 UTC (Thu)

The LWN.net Weekly Edition for May 9, 2024 is available.

Inside this week's LWN.net Weekly Edition

  • Front: Gittuf; Systemd 256; Accessibility; Inheritable credentials; The file_operations structure; Plasma in Fedora.
  • Briefs: Linux 6.9-rc7; GCC 14.1; Go 1.22 randomness; 2023 PSF report; Rust 1.78.0; curl up; 2023 Free Software Awards; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.

Read more

[$] Securing Git repositories with gittuf

[Security] Posted May 8, 2024 16:11 UTC (Wed) by jzb

The so-called software supply chain starts with source code. But most security measures and toolingdon't kick in until source is turned into an artifact—a sourcetarball, binary build, container image, or other method of delivering arelease to users. The gittuf projectis an attempt to provide a security layer for Git that can handle key management,enforce security policies for repositories, and guard against attacksat the version-control layer. At Open Source Summit North America (OSSNA), Aditya Sirish AYelgundhalli and Billy Lynch presentedan introduction to gittuf with an overview of its goals andstatus.

Full Story (comments: 13)

Fedora Asahi Remix 40 is now available

[Distributions] Posted May 8, 2024 15:53 UTC (Wed) by jzb

Fedora Magazine reportsthat the Fedora AsahiRemix for Apple Arm hardware, based on Fedora40, is now available:

Fedora Asahi Remix offers KDE Plasma 6 as our flagship desktopexperience. It also features a custom Calamares-based initial setupwizard. A GNOME variant is also available, featuring GNOME 46, withboth desktop variants matching what Fedora Linux offers. Fedora AsahiRemix also provides a Fedora Server variant for server workloads andother types of headless deployments. Finally, we offer a Minimal imagefor users that wish to build their own experience from the ground up.

See the installationguide to get started with the Asahi Remix.

Comments (1 posted)

Security updates for Wednesday

[Security] Posted May 8, 2024 13:46 UTC (Wed) by jzb

Security updates have been issued by Debian (glib2.0 and php7.3), Gentoo (Commons-BeanUtils, Epiphany, glibc, MariaDB, Node.js, NVIDIA Drivers, qtsvg, rsync, U-Boot tools, and ytnef), Oracle (kernel), Red Hat (git-lfs and kernel), SUSE (flatpak, less, python311, rpm, and sssd), and Ubuntu (libde265, libvirt, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-oem-6.5, and nghttp2).

Full Story (comments: none)

[$] A proposal to switch Fedora Workstation's desktop

[Distributions] Posted May 7, 2024 21:46 UTC (Tue) by jake

A proposal to switch the default desktop for Fedora Workstation from GNOMEto KDE Plasma largely went over like the proverbial lead balloon—unsurprisingly.But the conversation about the proposal did surface some areas where thedistribution could perhaps be more inclusive with regard to the other desktop choicesavailable. The project believes that itbenefits from being opinionated and not requiring users to makemultiple decisions before they can even install the distribution, but thereis a balance to be found.

Full Story (comments: 38)

[$] Systemd heads for a big round-number release

[Distributions] Posted May 7, 2024 15:50 UTC (Tue) by daroc

Thesystemd project is preparing for a new release.Version256-rc1 was releasedon April25 with a large number of changes and new features. Most of thechanges relate to security, easier configuration, unprivileged access to systemresources, or all three of these. Users of systemd will find setting upcontainers — even without root access — much simpler and more secure.

Full Story (comments: 28)

GCC 14.1 released

[Development] Posted May 7, 2024 12:57 UTC (Tue) by corbet

Version14.1 of the GCC compiler suite has been released. The list of changesis long; it includes support for more C++26 features, preparation forFortran 2023 support, a new -fhardened flag to enablesecurity-hardening features, vectorizer improvements, and a number of static-analyzer improvements. See the release notes fordetails.

Comments (10 posted)

Secure Randomness in Go 1.22 (Go Blog)

[Development] Posted May 7, 2024 12:46 UTC (Tue) by corbet

The Go Blog has a detailedarticle on the new, more secure random-number generator implemented forthe 1.22 release.

For example, when Go 1.20 deprecated math/rand's Read, we heardfrom developers who discovered (thanks to tooling pointing out useof deprecated functionality) they had been using it in places wherecrypto/rand's Read was definitely needed, like generating keymaterial. Using Go 1.20, that mistake is a serious security problemthat merits a detailed investigation to understand thedamage. Where were the keys used? How were the keys exposed? Wereother random outputs exposed that might allow an attacker to derivethe keys? And so on. Using Go 1.22, that mistake is just a mistake.

Comments (5 posted)

Security updates for Tuesday

[Security] Posted May 7, 2024 12:29 UTC (Tue) by corbet

Security updates have been issued by Debian (kernel), Gentoo (libjpeg-turbo, xar, and Xpdf), Red Hat (bind, dhcp and glibc), and SUSE (bouncycastle, curl, flatpak, less, and xen).

Full Story (comments: none)

2023 PSF annual impact report

[Development] Posted May 6, 2024 21:21 UTC (Mon) by jzb

The Python SoftwareFoundation (PSF) has announcedits annualimpact report for 2023. The report includes updates from PSF staffas well as summaries of the foundation's activities, financials, andinfrastructure. The PSF celebrated the20th anniversary of PyCon US, distributed more than $370,000 in grants, andenjoyed impressive traffic on PyPI:

In 2023 PyPI saw a 45% growth in download counts and bandwidth alike,serving 603,378,275 downloads for the 516,402 projects hosted thererequiring 747.4 Petabytes of data transfer, or 189.6 Gbps of bandwidth24x7x365.

See the full report for a breakdown of grant disbursem*nts andtrends, PSF expenses, and high-level plans for the rest of 2024.

Comments (58 posted)

Stenberg: I survived curl up 2024

[Briefs] Posted May 6, 2024 20:14 UTC (Mon) by daroc

Daniel Stenberg hasposted a report about the recent curl up conference about curl development. It was held over two days inStockholm. The report has short summaries of the talks with links to therecordings.

curl up is never a big meeting/conference but we have in the pastsometimes been around twenty-five attendees. This year's amount offifteen was the smallest so far, but in this small set of people wehave a set of long-term well-known curl contributors. It is not abig list of attendees that creates a good curl up.

Comments (2 posted)

[$] Modernizing accessibility for desktop Linux

[Development] Posted May 6, 2024 17:08 UTC (Mon) by jzb

In some aspects, such as in gaming, the Linux desktop has madeenormous strides in the past few years. In others, such asaccessibility, things have stagnated. At Open Source Summit North America (OSSNA), Matt Campbell spokeabout the need for, and an approach to, modernizing accessibility fordesktop Linux. This included a discussion of Newton, a fledglingproject that may greatly improve accessibility on the Linux desktop.

Full Story (comments: 6)

The 2023 FSF Free Software Awards

[Briefs] Posted May 6, 2024 14:55 UTC (Mon) by corbet

The Free Software Foundation has announcedthe recipients of its 2023 Free Software Awards: Bruno Haible for work ongnulib, Nick Logozzo asthe "outstanding new free software contributior", and code.gouv.fr for projects of socialbenefit.

When presenting the award to Haible, FSF executive director ZoëKooyman commented on the significance of Haible's work, saying thatHaible's work enabled free software programmers around the world tofocus on the main, innovative portions of their program, thusfacilitating the development of more and more free software.

Comments (12 posted)

Security updates for Monday

[Security] Posted May 6, 2024 14:37 UTC (Mon) by jake

Security updates have been issued by Debian (glibc, intel-microcode, less, libkf5ksieve, and ruby3.1), Fedora (chromium, gdcm, httpd, and stalld), Gentoo (Apache Commons BCEL, borgmatic, Dalli, firefox, HTMLDOC, ImageMagick, MediaInfo, MediaInfoLib, MIT krb5, MPlayer, mujs, Pillow, Python, PyPy3, QtWebEngine, Setuptools, strongSwan, and systemd), Oracle (grub2 and shim), Red Hat (git-lfs, kpatch-patch, unbound, and varnish), and SUSE (avahi, grafana and mybatis, java-11-openjdk, java-17-openjdk, skopeo, SUSE Manager Client Tools, SUSE Manager Salt Bundle, and SUSE Manager Server 4.3).

Full Story (comments: none)

Kernel prepatch 6.9-rc7

[Kernel] Posted May 5, 2024 23:07 UTC (Sun) by corbet

The 6.9-rc7 kernel prepatch is out fortesting. "The stats for 6.9 continue to look very normal, and nothinglooks particularly alarming."

Comments (none posted)

[$] The file_operations structure gets smaller

[Kernel] Posted May 3, 2024 15:56 UTC (Fri) by corbet

Kernel developers are encouraged to send their changes in small batches asa way of making life easier for reviewers. So when a longtime developerand maintainer hits the list with a 437-patch series touching 859 files,eyebrows are certain to head skyward. Specifically, this seriesfrom Jens Axboe is cleaning up one of the core abstractions that hasbeen part of the Linux kernel almost since the beginning; authors of devicedrivers (among others) will have to take note.

Full Story (comments: 10)

Security updates for Friday

[Security] Posted May 3, 2024 15:29 UTC (Fri) by daroc

Security updates have been issued by Fedora (chromium, grub2, httpd, kernel, libcoap, matrix-synapse, python-pip, and rust-pythonize), Red Hat (kernel and libxml2), SUSE (kernel), and Ubuntu (eglibc, glibc and php7.4, php8.1, php8.2).

Full Story (comments: none)

A new set of stable kernels

[Kernel] Posted May 2, 2024 15:16 UTC (Thu) by jake

Greg Kroah-Hartman has announced the release of the 6.8.9, 6.6.30,6.1.90, 5.15.158, 5.10.216, 5.4.275, and 4.19.313 stable kernels. As is the norm, theycontain lots of important fixes throughout the kernel tree.

Comments (none posted)

[$] Inheritable credentials for directory file descriptors

[Kernel] Posted May 2, 2024 15:10 UTC (Thu) by corbet

In Unix-like systems, an open file descriptor carries the right to accessthe opened object in specific ways. As a general rule, that filedescriptor does not enable access to any other objects. Therecently merged BPF token feature runscounter to this practice by creating file descriptors that carry specificBPF-related access rights. A similar but different approach tocapability-carrying file descriptors, in the form of directory filedescriptors that include their own credentials, is currently underconsideration in the kernel community.

Full Story (comments: 14)

  • Next 20 items
Welcome to LWN.net [LWN.net] (2024)

References

Top Articles
Latest Posts
Article information

Author: Kerri Lueilwitz

Last Updated:

Views: 5399

Rating: 4.7 / 5 (47 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Kerri Lueilwitz

Birthday: 1992-10-31

Address: Suite 878 3699 Chantelle Roads, Colebury, NC 68599

Phone: +6111989609516

Job: Chief Farming Manager

Hobby: Mycology, Stone skipping, Dowsing, Whittling, Taxidermy, Sand art, Roller skating

Introduction: My name is Kerri Lueilwitz, I am a courageous, gentle, quaint, thankful, outstanding, brave, vast person who loves writing and wants to share my knowledge and understanding with you.