LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
업데이트: 34분 37초 지남
목, 2024/03/21 - 11:57오후
Security updates have been issued by Debian (pdns-recursor and php-dompdf-svg-lib), Fedora (grub2, libreswan, rubygem-yard, and thunderbird), Mageia (libtiff and python-scipy), Red Hat (golang, nodejs, and nodejs:16), Slackware (python3), and Ubuntu (linux, linux-azure, linux-azure-5.15, linux-azure-fde,
linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,
linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm,
linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux, linux-azure, linux-gcp, linux-gcp-6.5, linux-hwe-6.5,
linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle,
linux-oracle-6.5, linux-raspi, linux-starfive, linux-starfive-6.5, linux-aws, linux-aws-5.15, linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-raspi, linux-raspi-5.4,
linux-xilinx-zynqmp, linux-gcp, linux-gcp-4.15, linux-kvm, linux-laptop, linux-oem-6.1, and linux-raspi).
목, 2024/03/21 - 10:48오후
Version
1.77.0 of the Rust language has been released. Changes include support
for NUL-terminated C-string literals, the ability for async
functions to call themselves recursively, the stabilization of the
offset_of!() macro, and more.
목, 2024/03/21 - 8:16오후
Verson 5.39.9 of the Perl language has been released. Changes this time
include a new "medium-precedence" logical exclusive-or operator, a number
of updated modules, and more; see
this
page for details.
목, 2024/03/21 - 4:33오후
The Redis in-memory database system has
had
its license changed to either the
Redis Source Available
License or the
Server Side
Public License (
covered here in 2018);
neither license qualifies as free software.
Under the new license, cloud service providers hosting Redis
offerings will no longer be permitted to use the source code of
Redis free of charge. For example, cloud service providers will be
able to deliver Redis 7.4 only after agreeing to licensing terms
with Redis, the maintainers of the Redis code.
Distributors like Fedora are already looking
at removing Redis as a consequence. (Thanks to Emmanuel Seyman).
목, 2024/03/21 - 4:10오후
Danilo Krummrich has
announced the
existence of the "Nova" project within Red Hat.
We just started to work on Nova, a Rust-based GSP-only driver for
Nvidia GPUs. Nova, in the long term, is intended to serve as the
successor of Nouveau for GSP-firmware-based GPUs.
With Nova we see the chance to significantly decrease the
complexity of the driver compared to Nouveau for mainly two
reasons. First, Nouveau's historic architecture, especially around
nvif/nvkm, is rather complicated and inflexible and requires major
rework to solve certain problems (such as locking hierarchy in VMM
/ MMU code for VM_BIND currently being solved with a workaround)
and second, with a GSP-only driver there is no need to maintain
compatibility with pre-GSP code.
Besides that, we also want to take the chance to contribute to the
Rust efforts in the kernel and benefit from from more memory safety
offered by the Rust programming language.
Given that the effort has just begun, it will be a while before this driver
shows up in a distribution release.
목, 2024/03/21 - 9:50오전
The LWN.net Weekly Edition for March 21, 2024 is available.
목, 2024/03/21 - 6:07오전
Version 46 of the GNOME desktop
has been released. "GNOME 46 is code-named 'Kathmandu', in recognition
of the amazing work done by the organizers of GNOME.Asia 2023."
Significant changes include a new global search feature, enhancements to
the Files app, improved remote login support, and more.
목, 2024/03/21 - 2:53오전
Cockpit is an interesting
project for web-based Linux administration that has received
relatively little attention over the years. Part of that may be due to
the project's strategy of minor releases roughly every two weeks,
rather than larger releases with many new features. While the strategy
has done little to garner headlines, it has delivered a useful and
extensible tool to observe, manage, and troubleshoot Linux servers.
목, 2024/03/21 - 1:42오전
The Python project has announced three security releases, 3.10.14,
3.9.19,
and 3.8.19.
In addition to the security fixes, these releases are notable for two reasons;
they are the first to make use of GitHub Actions to perform
public builds instead of building artifacts "on a local computer of one
of the release managers", and the first since Python became a
CVE Numbering Authority (CNA).
Python release team member Łukasz Langa said
that being a CNA means Python is able to "ensure the quality of the vulnerability
reports is high, and that the severity estimates are accurate." It also
allows Python to coordinate CVE announcements with the patched versions of
Python, as it has with two CVEs addressed in these releases. CVE-2023-6597
describes a flaw in CPython's zipfile module that made it vulnerable to a zip-bomb exploit. CVE-2024-0450 is an
issue with Python's tempfile.TemporaryDirectory class which could be
exploited to modify permissions of files referenced by symbolic links.
Users of affected versions should upgrade soon.
수, 2024/03/20 - 9:51오후
Security updates have been issued by Debian (fontforge and imagemagick), Fedora (firefox), Mageia (cherrytree, python-django, qpdf, and sqlite3), Red Hat (bind, cups, emacs, fwupd, gmp, kernel, libreoffice, libX11, nodejs, opencryptoki, postgresql-jdbc, postgresql:10, postgresql:13, and ruby:3.1), Slackware (gnutls and mozilla), and Ubuntu (firefox, linux, linux-bluefield, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm,
linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-aws, linux-aws-5.4, linux-aws, linux-aws-6.5, and linux-oracle, linux-oracle-5.15).
수, 2024/03/20 - 6:18오전
There are a number of different language-enhancement ideas that crop up
with some
regularity in
the Python community; many of them have been debated and shot down multiple
times over the years. When one inevitably arises anew, it can sometimes be
difficult to tamp it down, even if it is unlikely that the idea will go
any further than the last N times it cropped up. A recent discussion about
"real" anonymous functions follows a somewhat predictable path, but there
are still reasons to participate in vetting these "new" ideas, despite the
tiresome, repetitive
nature of the exercise—examples of
recurring feature ideas that were eventually adopted
definitely exist.
수, 2024/03/20 - 1:57오전
Version
124.0 of the Firefox browser is out. Changes include support for
"caret browsing mode" in the PDF viewer and the ability to control the
sorting of tabs in the Firefox View screen.
수, 2024/03/20 - 1:55오전
Security updates have been issued by Debian (cacti, postgresql-11, and zfs-linux), Fedora (freeimage, mingw-expat, and mingw-freeimage), Mageia (apache-mod_security-crs, expat, and multipath-tools), Oracle (.NET 7.0 and kernel), Red Hat (kernel, kernel-rt, and kpatch-patch), and Ubuntu (bash, kernel, linux, linux-aws, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, and vim).
화, 2024/03/19 - 10:39오후
Man Yue Mo
explains
how to compromise a Pixel 8 phone even when the Arm
memory-tagging extension is in use, by taking
advantage of the Mali GPU.
So, by using the GPU to access physical addresses directly, I'm
able to completely bypass the protection that MTE
offers. Ultimately, there is no memory safe code in the code that
manages memory accesses. At some point, physical addresses will
have to be used directly to access memory.
화, 2024/03/19 - 12:17오전
Kernel developers have long been told that any attempt to allocate memory
might fail, so their code must be prepared for memory to be unavailable.
Informally, though, the kernel's memory-management subsystem implements a
policy whereby requests below a certain size will not fail (in process
context, at least), regardless of
how tight memory may be. A recent discussion on the linux-mm list has
looked at the idea of making
the "too small to
fail" rule a policy that developers can rely on.
월, 2024/03/18 - 11:17오후
Security updates have been issued by Debian (curl, spip, and unadf), Fedora (chromium, iwd, opensc, openvswitch, python3.6, shim, shim-unsigned-aarch64, and shim-unsigned-x64), Mageia (batik, imagemagick, irssi, jackson-databind, jupyter-notebook, ncurses, and yajl), Oracle (.NET 7.0, .NET 8.0, and dnsmasq), Red Hat (postgresql:10), SUSE (chromium, kernel, openvswitch, python-rpyc, and tiff), and Ubuntu (openjdk-8).
토, 2024/03/16 - 5:05오전
Cranelift is an Apache-2.0-licensed
code-generation backend being developed as part
of the Wasmtime runtime for
WebAssembly.
In October 2023, the Rust project made Cranelift available as an optional
component in its nightly toolchain.
Users can now use Cranelift as the code-generation backend for debug builds of
projects written in Rust,
making it an opportune time to look at what makes Cranelift different.
Cranelift is designed to compete with existing compilers by generating
code more quickly than they can, thanks to a stripped-down design that prioritizes
only the most important optimizations.
토, 2024/03/16 - 4:49오전
Zach Mitchell has announced the 1.0 release of Flox, a tool that lets its users install packages from nixpkgs inside portable virtual environments, and share those virtual environments with others as an alternative to Docker-style containers. Flox is based on Nix but allows users to skip learning how to work with the Nix language:
With Flox we're providing a substantially better user experience. We provide the suite of package manager functionality with install, uninstall, etc, but we also provide an entire new suite of functionality with the ability to share environments via flox push, flox pull, and flox activate --remote.
Flox is GPLv2-licensed, and releases are available as RPMs and Debian packages for x86_64 and arm64 systems.
금, 2024/03/15 - 10:12오후
Security updates have been issued by Debian (composer and node-xml2js), Fedora (baresip), Mageia (fonttools, libgit2, mplayer, open-vm-tools, and packages), Red Hat (dnsmasq, gimp:2.8, and kernel-rt), and SUSE (389-ds, gdb, kernel, python-Django, python3, python36-pip, spectre-meltdown-checker, sudo, and thunderbird).
페이지