FreshRSS

🔒
❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
Aujourd’hui — 16 juin 2021LWN

Seven stable kernels

16 juin 2021 à 17:32
Par : ris
Stable kernels 5.12.11, 5.10.44, 5.4.126, 4.19.195, 4.14.237, 4.9.273, and 4.4.273 have been released. They all contain important fixes and users should upgrade.

Security updates for Wednesday

16 juin 2021 à 17:19
Par : ris
Security updates have been issued by Debian (prosody, python-urllib3, and xen), Fedora (dino, dotnet3.1, dotnet5.0, and vmaf), Oracle (gupnp, kernel, and kernel-container), Red Hat (gupnp), Scientific Linux (kernel), SUSE (java-1_8_0-openjdk, kernel, snakeyaml, and xorg-x11-libX11), and Ubuntu (bluez).

[$] Audacity gets a CLA

16 juin 2021 à 02:23
Par : jake
The Audacity multi-track audio editor and recorder got its start in the previous century; it is a popular application that is available for multiple platforms, and it is licensed under the GPLv2 or later. But Audacity has been acquired by a newly formed organization called Muse Group; that event has caused something of an uproar in its community. The problem, at least in part, is the new Contributor License Agreement (CLA) required to contribute to Audacity.
Hier — 15 juin 2021LWN

FSFE: REUSE Booster helps Free Software projects with licensing and copyright

15 juin 2021 à 20:50
Par : ris
The Free Software Foundation Europe introduces REUSE Booster. REUSE is a set of best practices to make Free Software licensing easier. "With REUSE Booster, we go one step further. We invite Free Software projects to register for getting help by the FSFE's legal experts. As the name suggests, this will boost the process of adopting the best practices as well as general understanding of licensing and copyright." The registration deadline is July 8.

linux.dev mailboxes for kernel developers

15 juin 2021 à 18:37
Par : corbet
Konstantin Ryabitsev has announced a new service providing @linux.dev mailboxes for people to use with kernel development. The documentation page has more information. "This is a BETA offering. Currently, it is only available to people listed in the MAINTAINERS file. We hope to be able to offer it to everyone else who can demonstrate an ongoing history of contributions to the Linux kernel (patches, git commits, mailing list discussions, etc)."

Security updates for Tuesday

15 juin 2021 à 16:50
Par : ris
Security updates have been issued by CentOS (389-ds-base, dhcp, firefox, glib2, hivex, kernel, postgresql, qemu-kvm, qt5-qtimageformats, samba, and xorg-x11-server), Fedora (kernel and kernel-tools), Oracle (kernel and postgresql), Red Hat (dhcp and gupnp), Scientific Linux (gupnp and postgresql), SUSE (postgresql10 and xterm), and Ubuntu (imagemagick).

A possible copyright-policy change for glibc

15 juin 2021 à 16:02
Par : corbet
The GNU C Library developers are asking for comments on a proposal to stop requiring developers to assign their copyrights to the Free Software Foundation. This mirrors the recent change by GCC, except that the community is being consulted first. "The changes to accept patches with or without FSF copyright assignment would be effective on August 2nd, and would apply to all open branches. The glibc stewards, like the GCC SC, continue to affirm the principles of Free Software, and that will never change."

Aya: writing BPF in Rust

15 juin 2021 à 15:09
Par : corbet
The first release of the Aya BPF library has been announced; this project allows the writing of BPF programs in the Rust language. "Over the last year I've talked with many folks interested in using eBPF in the Rust community. My goal is to get as many of you involved in the project as possible! Now that the rustc target has been merged, it's time to build a solid foundation so that we can enable developers to write great eBPF enabled apps".

[$] quotactl_path() becomes quotactl_fd()

15 juin 2021 à 00:45
Par : corbet
The quotactl() system call is used to manipulate disk quotas on a filesystem; it can be used to turn quota enforcement on or off, change quotas, retrieve current usage information, and more. The 5.13 merge window brought in a new variant of that system call that was subsequently disabled due to API concerns; its replacement is now taking form.
À partir d’avant-hierLWN

Google's fully homomorphic encryption package

14 juin 2021 à 19:34
Par : corbet
The Google Developers Blog has this announcement describing the release of a fully homomorphic encryption project under the Apache license. "With FHE, encrypted data can travel across the Internet to a server, where it can be processed without being decrypted. Google’s transpiler will enable developers to write code for any type of basic computation such as simple string processing or math, and run it on encrypted data. The transpiler will transform that code into a version that can run on encrypted data. This then allows developers to create new programming applications that don’t need unencrypted data." See this white paper for more details on how it all works.

Security updates for Monday

14 juin 2021 à 17:36
Par : ris
Security updates have been issued by Arch Linux (apache, gitlab, inetutils, isync, kube-apiserver, nettle, polkit, python-urllib3, python-websockets, thunderbird, and wireshark-cli), Debian (squid3), Fedora (glibc, libxml2, mingw-openjpeg2, and openjpeg2), Mageia (djvulibre, docker-containerd, exif, gnuchess, irssi, jasper, kernel, kernel-linus, microcode, python-lxml, python-pygments, rust, slurm, and wpa_supplicant, hostapd), openSUSE (389-ds and pam_radius), Oracle (.NET Core 3.1, container-tools:3.0, container-tools:ol8, krb5, microcode_ctl, postgresql:12, postgresql:13, and runc), Red Hat (dhcp, postgresql, postgresql:10, postgresql:12, postgresql:9.6, rh-postgresql10-postgresql, rh-postgresql12-postgresql, and rh-postgresql13-postgresql), Scientific Linux (dhcp and microcode_ctl), SUSE (ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone, crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store, freeradius-server, libjpeg-turbo, spice, and squid), and Ubuntu (rpcbind).

Kernel prepatch 5.13-rc6

14 juin 2021 à 01:27
Par : corbet
The 5.13-rc6 kernel prepatch is out for testing. "Nothing particularly special to say about this - rc6 is certainly smaller than rc5 was, so we're moving in the right direction".

[$] Code humor and inclusiveness

12 juin 2021 à 00:41
Par : corbet
Free-software development is meant to be fun, at least some of the time. Even developers of database-management systems seem to think that it is fun; there is no accounting for taste, it seems. Part of having fun is certainly allowing the occasional exercise of one's sense of humor while working on the code. But, as some recent "fix" attempts show, humor does not always carry through to developers all over the planet. Balancing humor and inclusiveness is always going to be a challenge for our community.

Privacy analysis of FLoC (Mozilla blog)

12 juin 2021 à 00:40
Par : jake
Over on the Mozilla blog, Eric Rescorla looks into some of the privacy implications of the Federated Learning of Cohorts (FLoC), which is a Google effort to replace third-party cookies with a different type of identifier that is less trackable. But less tracking does not equal no tracking. "People's interests aren't constant and neither are their FLoC IDs. Currently, FLoC IDs seem to be recomputed every week or so. This means that if a tracker is able to use other information to link up user visits over time, they can use the combination of FLoC IDs in week 1, week 2, etc. to distinguish individual users. This is a particular concern because it works even with modern anti-tracking mechanisms such as Firefox's Total Cookie Protection (TCP). TCP is intended to prevent trackers from correlating visits across sites but not multiple visits to one site. FLoC restores cross-site tracking even if users have TCP enabled."

Poettering: The Wondrous World of Discoverable GPT Disk Images

12 juin 2021 à 00:08
Par : jake
In a lengthy blog post, Lennart Poettering describes the advantages of using the unique IDs (UUIDs) and flags from the discoverable partitions specification to label the entries in a GUID Partition Table (GPT). That information can be used to tag disk images in a self-descriptive way, so that external configuration files (such as /etc/fstab) are not needed to assemble the filesystems for the running system. Systemd can use this information in a variety of ways, including for running the image in a container: "If a disk image follows the Discoverable Partition Specification then systemd-nspawn has all it needs to just boot it up. Specifically, if you have a GPT disk image in a file foobar.raw and you want to boot it up in a container, just run systemd-nspawn -i foobar.raw -b, and that's it (you can specify a block device like /dev/sdb too if you like). It becomes easy and natural to prepare disk images that can be booted either on a physical machine, inside a virtual machine manager or inside such a container manager: the necessary meta-information is included in the image, easily accessible before actually looking into its file systems."

Security updates for Friday

11 juin 2021 à 16:02
Par : jake
Security updates have been issued by Debian (libwebp), Fedora (firefox, lasso, mod_auth_openidc, nginx, redis, and squid), Oracle (.NET 5.0, container-tools:2.0, dhcp, gupnp, hivex, kernel, krb5, libwebp, nginx:1.16, postgresql:10, and postgresql:9.6), SUSE (containerd, docker, runc, csync2, and salt), and Ubuntu (libimage-exiftool-perl, libwebp, and rpcbind).

[$] Implementing eBPF for Windows

11 juin 2021 à 00:19
Par : corbet
Extended BPF (eBPF), the general-purpose execution engine inside of the Linux kernel, has proved helpful for tracing and monitoring the system, for processing network packets, or generally for extending the behavior of the kernel. So helpful, in fact, that developers working on other operating systems have been watching it. Dave Thaler and Poorna Gaddehosur, on behalf of Microsoft, recently published an implementation of eBPF for Windows. A Linux feature making its way to Windows, in itself, deserves attention. Even more so when that feature has brought new degrees of programmability to the Linux kernel over the last few years. This makes it especially interesting to look at what the new project can do, and to ponder how the current ecosystem might evolve as eBPF begins its journey toward Windows.

Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug (GitHub blog)

11 juin 2021 à 00:01
Par : jake
On the GitHub blog, Kevin Backhouse writes about a privilege escalation vulnerability in polkit, which "enables an unprivileged local user to get a root shell on the system" CVE-2021-3560 "is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request. [...] Why does killing the dbus-send command cause an authentication bypass? The vulnerability is in step four of the sequence of events listed above. What happens if polkit asks dbus-daemon for the UID of connection :1.96, but connection :1.96 no longer exists? dbus-daemon handles that situation correctly and returns an error. But it turns out that polkit does not handle that error correctly. In fact, polkit mishandles the error in a particularly unfortunate way: rather than rejecting the request, it treats the request as though it came from a process with UID 0. In other words, it immediately authorizes the request because it thinks the request has come from a root process."

Another batch of stable kernels

10 juin 2021 à 18:06
Par : jake
The 5.12.10, 5.10.43, 5.4.125, 4.19.194, 4.14.236, 4.9.272, and 4.4.272 stable kernels have been released. As usual, they contain fixes all over the kernel tree and users of those series should upgrade.
❌