Vue normale
[$] Support for the TSO memory model on Arm CPUs
Ubuntu 24.04 LTS (Noble Numbat) released
This release continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, together with the community and our partners, to introduce new features and fix bugs.
The list of changes and enhancements is long; click below for some details. More information can be found in the release notes; see also this page for a summary of security-related changes.
[$] The state of realtime and embedded Linux
[$] LWN.net Weekly Edition for April 25, 2024
QEMU 9.0 released
This release contains 2700+ commits from 220 authors." The list of improvements is long; see the announcement and the changelog for details.
[$] Rust for embedded Linux kernels
Security updates for Tuesday
The Open Home Foundation launches
We created the Open Home Foundation to fight for the fundamental principles of privacy, choice, and sustainability for smart homes. And every person who lives in one.Ahead of today, we've transferred over 240 projects, standards, drivers, and libraries—Home Assistant, ESPHome, Zigpy, Piper, Improv Wi-Fi, Wyoming, and so many more—to the Open Home Foundation. This is all about looking into the future. We've done this to create a bulwark against surveillance capitalism, the risk of buyout, and open-source projects becoming abandonware. To an extent, this protection extends even against our future selves—so that smart home users can continue to benefit for years, if not decades. No matter what comes.
Hutterer: udev-hid-bpf: quickstart tooling to fix your HID devices with eBPF
eBPF was originally written for network packet filters but as of kernel v6.3 and thanks to Benjamin, we have BPF in the HID subsystem. HID actually lends itself really well to BPF because, well, we have a byte array and to fix our devices we need to do complicated things like "toggle that bit to zero" or "swap those two values".
See this article for more information on the BPF-HID mechanism.
Kernel prepatch 6.9-rc5
But if you ignore those oddities, it all looks pretty normal and things appear fairly calm. Which is just as well, since the first part of the week I was on a quick trip to Seattle, and the second part of the week I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus.
[$] Warning about WARN_ON()
PuTTY 0.81 security release
PuTTY 0.81, released today, fixes a critical vulnerability CVE-2024-31497 in the use of 521-bit ECDSA keys (ecdsa-sha2-nistp521). If you have used a 521-bit ECDSA private key with any previous version of PuTTY, consider the private key compromised: remove the public key from authorized_keys files, and generate a new key pair.However, this only affects that one algorithm and key size. No other size of ECDSA key is affected, and no other key type is affected.
(Thanks to Joe Nahmias).
Security updates for Tuesday
OpenSSF and OpenJS warn about social-engineering attacks
The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to "address any critical vulnerabilities," yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement.
Kernel prepatch 6.9-rc4
Nothing particularly unusual going on this week - some new hw mitigations may stand out, but after a decade of this I can't really call it 'unusual' any more, can I?"
[$] A tale of two troublesome drivers
What we need to take away from the XZ Backdoor (openSUSE News)
Debian, as well as the other affected distributions like openSUSE are carrying a significant amount of downstream-only patches to essential open-source projects, like in this case OpenSSH. With hindsight, that should be another Heartbleed-level learning for the work of the distributions. These patches built the essential steps to embed the backdoor, and do not have the scrutiny that they likely would have received by the respective upstream maintainers. Whether you trust Linus Law or not, it was not even given a chance to chime in here. Upstream did not fail on the users, distributions failed on upstream and their users here.