Vue normale

Aujourd’hui — 21 novembre 2024LWN

Security updates for Thursday

Par : jake
21 novembre 2024 à 14:11
Security updates have been issued by AlmaLinux (kernel, NetworkManager-libreswan, and openssl), Fedora (chromium and llvm-test-suite), Mageia (thunderbird), and Ubuntu (linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,, linux-azure, and ruby2.7).
Hier — 20 novembre 2024LWN

[$] RVKMS and Rust KMS bindings

Par : jake
20 novembre 2024 à 15:39
At the 2024 X.Org Developers Conference (XDC), Lyude Paul gave a talk on the work she has been doing as part of the Nova project, which is an effort build an NVIDIA GPU driver in Rust. She wanted to provide an introduction to RVKMS, which is being used to develop Rust kernel mode setting (KMS) bindings; RVKMS is a port of the virtual KMS (VKMS) driver to Rust. In addition, she wanted to give her opinion on Rust, and why she thinks it is a "game-changer for the kernel", noting that the reasons are not related to the oft-mentioned, "headline" feature of the language: memory safety.

Plans for CHICKEN 6

Par : daroc
20 novembre 2024 à 14:57

CHICKEN Scheme, a portable Scheme compiler, is gearing up for its next major release. Maintainer Felix Winkelmann has shared an article about what changes to expect in version 6 of the language, including better Unicode support and support for the R7RS (small) Scheme standard.

Every major release is a chance of fixing long-standing problems with the codebase and address bad design decisions. CHICKEN is now nearly 25 years old and we had many major overhauls of the system. Sometimes these caused a lot of pain, but still we always try to improve things and hopefully make it more enjoyable and practical for our users. There are places in the code that are messy, too complex, or that require cleanup or rewrite, always sitting there waiting to be addressed. On the other hand CHICKEN has been relatively stable compared to many other language implementations and has a priceless community of users that help us improving it. Our users never stop reminding us of what could be better, where the shortcomings are, where things are hard to use or inefficient.

Security updates for Wednesday

Par : daroc
20 novembre 2024 à 13:13
Security updates have been issued by Debian (guix, libmodule-scandeps-perl, needrestart, and thunderbird), SUSE (gh), and Ubuntu (kernel, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-hwe-6.8, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-raspi, linux-iot, linux-lowlatency, linux-lowlatency-hwe-6.8, needrestart, python2.7, python3.10, python3.12, python3.8, and Waitress).

FreeCAD 1.0 released

Par : corbet
19 novembre 2024 à 23:59
It took more than 20 years, but the FreeCAD computer-aided design project has just made its 1.0 release.

Since the very beginnings, the FreeCAD community had a clear view of what 1.0 represented for us. What we wanted in it. FreeCAD matured over the years, and that list narrowed down to just two major remaining pieces: fixing the toponaming problem, and having a built-in assembly module.

Well, I'm very proud to say those two issues are now solved.

À partir d’avant-hierLWN

[$] Book review: Run Your Own Mail Server

Par : jzb
19 novembre 2024 à 19:19

The most common piece of advice given to users who ask about running their own mail server is don't. Setting up and securing a mail server in 2024 is not for the faint of heart, nor for anyone without copious spare time. Spammers want to flood inboxes with ads for questionable supplements, attackers want to abuse servers to send spam (or worse), and getting the big providers to accept mail from small servers is a constant uphill battle. Michael W. Lucas, however, encourages users to thumb their nose at the "Email Empire", and declare email independence. His self-published book, Run Your Own Mail Server, provides a manual (and manifesto) for users who are interested in the challenge.

Incus 6.7 released

Par : corbet
19 novembre 2024 à 14:58
Version 6.7 of the Incus container-management system (forked from LXD) has been released. "This is another one of those pretty well rounded releases with new features and improvements for everyone". New features include automatic cluster rebalancing, DHCP improvements, and more.

Security updates for Tuesday

Par : corbet
19 novembre 2024 à 14:55
Security updates have been issued by AlmaLinux (.NET 9.0, bcc, bluez, bpftrace, bubblewrap, flatpak, buildah, cockpit, containernetworking-plugins, cups, cyrus-imapd, edk2, expat, firefox, fontforge, gnome-shell, gnome-shell-extensions, grafana, grafana-pcp, gtk3, httpd, iperf3, jose, krb5, libgcrypt, libsoup, libvirt, libvpx, lldpd, microcode_ctl, mingw-glib2, mod_auth_openidc, nano, NetworkManager, oci-seccomp-bpf-hook, openexr, osbuild-composer, pcp, podman, poppler, postfix, python-dns, python-jinja2, python-jwcrypto, python3.11, python3.11-PyMySQL, python3.11-urllib3, python3.12, python3.12-PyMySQL, python3.12-urllib3, python3.9, qemu-kvm, runc, skopeo, squid, thunderbird, toolbox, tpm2-tools, vim, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Fedora (lemonldap-ng and mingw-expat), SUSE (bea-stax, xstream, expat, httpcomponents-client, httpcomponents-core, kernel, SUSE Manager Client Tools, SUSE Manager Proxy, Retail Branch Server 4.3, SUSE Manager Salt Bundle, SUSE Manager Server 4.3, and SUSE Manager Server 5.0), and Ubuntu (curl, glib2.0, and webkit2gtk).

[$] Development statistics for 6.12

Par : corbet
18 novembre 2024 à 16:31
Linus Torvalds released the 6.12 kernel on November 17, as expected. This development cycle, the last for 2024, brought 13,344 non-merge changesets into the mainline kernel; that made it a relatively slow cycle from this perspective, but 6.12 includes a long list of significant new features. The time has come to look at where those changes came from, and to look at the year-long LTS cycle as well.

Security updates for Monday

Par : jake
18 novembre 2024 à 13:59
Security updates have been issued by AlmaLinux (binutils, libsoup, squid:4, tigervnc, and webkit2gtk3), Debian (icinga2, postgresql-13, postgresql-15, smarty3, symfony, thunderbird, and waitress), Fedora (dotnet9.0, ghostscript, microcode_ctl, php-bartlett-PHP-CompatInfo, python-waitress, and webkitgtk), Gentoo (Perl, Pillow, and X.Org X server, XWayland), Oracle (binutils, cups-filters, giflib, squid, and webkit2gtk3), Red Hat (webkit2gtk3), SUSE (ansible-core, apache2, gio-branding-upstream, icinga2, kernel-devel, libnghttp2-14, libsoup-2_4-1, libsoup-3_0-0, libvirt, nodejs-electron, postgresql13, postgresql16, python39, rclone, thunderbird, ucode-intel-20241112, and wget), and Ubuntu (python-asyncssh and tomcat9).

The 6.12 kernel has been released

Par : corbet
17 novembre 2024 à 22:33
Linus has released the 6.12 kernel. "No strange surprises this last week, so we're sticking to the regular release schedule, and that obviously means that the merge window opens tomorrow.".

Headline features in this release include: support for the Arm permission overlay extension, better compile-time control over which Spectre mitigations to employ, the last pieces of realtime preemption support, the realtime deadline server mechanism, more EEVDF scheduler development, the extensible scheduler class, the device memory TCP work, use of static calls in the security-module subsystem, the integrity policy enforcement security module, the ability to handle devices with a block size larger than the system page size in the XFS filesystem, and more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.12 page for more details.

A new package manager for OpenWrt

Par : corbet
17 novembre 2024 à 14:30
The OpenWrt router-oriented distribution has long used its own opkg package manager. The project has just announced, though, that future releases will use the apk package manager from Alpine Linux instead. "This new package manager offers a number of advantages over the older opkg system and is a significant milestone in the development of the OpenWrt platform. The older opkg package manager has been deprecated and is no longer part of OpenWrt." There is some more information on this page.

[$] Two approaches to tightening restrictions on loadable modules

Par : corbet
15 novembre 2024 à 18:37
The kernel's loadable-module facility allows code to be loaded into (and sometimes removed from) a running kernel. Among other things, loadable modules make it possible to run a kernel with only the subsystems needed for the system's hardware and workload. Loadable modules can also make it easy for out-of-tree code to access parts of the kernel that developers would prefer to keep private; this has led to many discussions in the past. The topic has returned to the kernel's mailing lists with two different patch sets aimed at further tightening the restrictions applied to loadable modules.

[$] Fedora KDE gets a promotion

Par : jzb
15 novembre 2024 à 14:42

The Fedora Project is set to welcome a second desktop edition to its lineup after months (or years, depending when one starts the clock) of discussions. The project recently decided to allow a new working group to move forward with a KDE Plasma Desktop edition that will sit alongside the existing GNOME-based Fedora Workstation edition. This puts KDE on a more equal footing within the project, which, it is hoped, will bring more contributors and users interested in KDE to adopt Fedora as their Linux distribution of choice.

Security updates for Friday

Par : daroc
15 novembre 2024 à 14:02
Security updates have been issued by Debian (curl and unbound), Fedora (krb5 and microcode_ctl), Red Hat (kernel and kernel-rt), SUSE (glib2, python3-wxPython, and ucode-intel), and Ubuntu (golang-1.17, golang-1.18, libgd2, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-gke, linux-raspi, linux-raspi, linux-raspi-5.4, and php7.0, php7.2).

PyPI now supports digital attestations

Par : jzb
14 novembre 2024 à 21:22

The Python Package Index (PyPI) has announced that it has finalized support for PEP 740 ("Index support for digital attestations"). Trail of Bits, which performed much of the development work for the implementation, has an in-depth blog post about the work and its adoption, as well as what is left undone:

One thing is notably missing from all of this work: downstream verification. [...]

This isn't an acceptable end state (cryptographic attestations have defensive properties only insofar as they're actually verified), so we're looking into ways to bring verification to individual installing clients. In particular, we're currently working on a plugin architecture for pip that will enable users to load verification logic directly into their pip install flows.

❌
❌