All posts by jake

Git 2.38 released

Post Syndicated from jake original https://lwn.net/Articles/910213/

Version 2.38.0 of the Git distributed version-control system has been released. It comes with lots of new features and bug fixes, some of the former are described in a GitHub blog post by Taylor Blau. Highlights include the promotion of the scalar addition for large repositories into Git core, improvements to multi-branch rebase operations with --update-refs, performance improvements, a bash prompt indication for unmerged indexes, and lots more.

Netdev 0x16 accepted sessions announced

Post Syndicated from jake original https://lwn.net/Articles/910210/

The accepted sessions for the upcoming Netdev 0x16 have been posted. The conference will be held virtually and in-person in Lisbon, Portugal October 24-28. In addition, early-bird registration rates have been extended to October 4.

Netdev 0x16, like all the previous netdev conferences, is a conference of the netdev community, by the netdev community, for the netdev community. Linux kernel networking and user space utilization of the interfaces to the Linux kernel networking subsystem are the focus. If you are using Linux as a boot system for proprietary networking, then this conference _may not be for you_.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/910161/

Security updates have been issued by Debian (chromium, gdal, kernel, libdatetime-timezone-perl, libhttp-daemon-perl, lighttpd, mariadb-10.3, node-thenify, snakeyaml, tinyxml, and tzdata), Fedora (enlightenment, kitty, and thunderbird), Mageia (expat, firejail, libjpeg, nodejs, perl-HTTP-Daemon, python-mako, squid, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (buildah, connman, cosign, expat, ImageMagick, python36, python39, slurm, and webkit2gtk3), and Ubuntu (linux, linux-aws, linux-kvm, linux-lts-xenial and linux-gke-5.15).

Weston 11.0: what’s new, what’s next (Collabora blog)

Post Syndicated from jake original https://lwn.net/Articles/909881/

Over on the Collabora blog, Marius Vlad writes about the recent
Weston 11.0.0 release. Weston is the reference compositor for the Wayland display server protocol. Vlad looks at features of the release, including some things that are being deprecated and removed, as well as features coming in Weston 12.

Color management infrastructure code has landed that allows HDR [high dynamic range] characteristics to be delivered to an HDR-capable monitor by setting-up HDR metadata in a weston.ini configuration file and delivering that to KMS [kernel mode setting]. Once Weston gains the ability to produce HDR content in a future version, it will come naturally supported.

This new version brings in multiple RDP [remote desktop protocol] improvements, like clipboard pasting, various keyboard language support, bumped support for a newer version of FreeRDP library, and many more other improvements and fixes.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/909870/

Security updates have been issued by Debian (chromium, lighttpd, and webkit2gtk), Fedora (firefox, gajim, libofx, and python-nbxmpp), Gentoo (bluez, chromium, expat, firefox, go, graphicsmagick, kitty, php, poppler, redis, thunderbird, and zutty), Oracle (firefox and thunderbird), Red Hat (kernel), Slackware (xorg), SUSE (expat, libostree, lighttpd, python3-lxml, rust1.62, slurm, slurm_18_08, and vsftpd), and Ubuntu (libxi, linux-gcp, postgresql-9.5, and sqlite3).

[$] Progress for unprivileged containers

Post Syndicated from jake original https://lwn.net/Articles/909627/

Over the past few years, there has been quite a bit of progress in various
kernel features that can be used to create containers without requiring
privileges. Most of the containers these days run as root, which
means that a vulnerability leading to an escape from the container can
result in system compromise. Stéphane Graber gave a talk at the 2022 Linux
Security Summit Europe
(LSS EU) to fill in some of the details of work
that he and others have been doing to run containers as unprivileged code.

[$] Finding bugs with sanitizers

Post Syndicated from jake original https://lwn.net/Articles/909245/

Andrey Konovalov began his 2022 Linux
Security Summit Europe
(LSS EU) talk with a bold statement: “fuzzing is
useless”. As might be guessed, he qualified that assertion quickly by
adding “without dynamic bug detectors”. These bug detectors include
“sanitizers” of various sorts, such as the Kernel Address
Sanitizer
(KASAN), but there are others. Konovalov looked in detail at KASAN
and gave an overview of the
sanitizer landscape along with some ideas of ways to push these bug
detectors further—to find even more kernel bugs.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/909439/

Security updates have been issued by Debian (expat and poppler), Fedora (dokuwiki), Gentoo (fetchmail, grub, harfbuzz, libaacplus, logcheck, mrxvt, oracle jdk/jre, rizin, smarty, and smokeping), Mageia (tcpreplay, thunderbird, and webkit2), SUSE (dpdk, permissions, postgresql14, puppet, and webkit2gtk3), and Ubuntu (linux-gkeop and sosreport).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/909208/

Security updates have been issued by Debian (bind9, expat, firefox-esr, mediawiki, and unzip), Fedora (qemu and thunderbird), Oracle (webkit2gtk3), SUSE (ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma, ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma, dpdk, freetype2, rubygem-rack, and virtualbox), and Ubuntu (etcd, libjpeg-turbo, linux-gcp, linux-gke, linux-raspi, linux-oem-5.17, linux-raspi-5.4, python-oauthlib, and python3.5).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/909051/

Security updates have been issued by Debian (e17, fish, mako, and tinygltf), Fedora (mingw-poppler), Mageia (firefox, google-gson, libxslt, open-vm-tools, redis, and sofia-sip), Oracle (dbus-broker, kernel, kernel-container, mysql, and nodejs and nodejs-nodemon), Slackware (bind), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, go1.18, go1.19, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, libconfuse0, and oniguruma), and Ubuntu (bind9 and pcre2).

[$] Introducing io_uring_spawn

Post Syndicated from jake original https://lwn.net/Articles/908268/

The traditional mechanism for launching a program in a new process on Unix
systems—forking and execing—has been with us for decades, but it is not
really the most efficient of operations. Various alternatives have been
tried along the way but have not supplanted the traditional approach. A new
mechanism created by Josh Triplett adds process creation
to the io_uring asynchronous I/O API and
shows great promise; he came to the 2022
Linux Plumbers Conference
(LPC) to introduce io_uring_spawn.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/908627/

Security updates have been issued by Debian (connman and e17), Fedora (curl, open-vm-tools, pcs, and python-lxml), Mageia (curl, dpkg, freecad, gimp, libtar, libtiff, mediawiki, ostree, python-lxml, schroot, SDL12, sdl2, wireshark, and zlib), Oracle (kernel and php:7.4), Red Hat (php:7.4), Slackware (vim), SUSE (chromium, kernel, libarchive, libtirpc, mupdf, python-rsa, ruby2.5, and virtualbox), and Ubuntu (linux-intel-iotg).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/908297/

Security updates have been issued by Debian (bzip2, chromium, glib2.0, libraw, mariadb-10.3, and mod-wsgi), Fedora (kdiskmark, wordpress, and zlib), Oracle (.NET 6.0, .NET Core 3.1, mariadb:10.3, nodejs:14, nodejs:16, ruby:2.7, and ruby:3.0), Red Hat (.NET 6.0, php:7.4, and webkit2gtk3), SUSE (389-ds, flatpak, kernel, libgit2, and thunderbird), and Ubuntu (sqlite3, vim, and wayland).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/908137/

Security updates have been issued by Debian (nova, pcs, and rails), Fedora (firejail, moby-engine, and pspp), Oracle (.NET 6.0, gnupg2, kernel, python3, and rsyslog rsyslog7), Red Hat (.NET 6.0 and .NET Core 3.1), SUSE (kernel), and Ubuntu (intel-microcode, poppler, and webkit2gtk).

[$] A Python security fix breaks (some) bignums

Post Syndicated from jake original https://lwn.net/Articles/907572/

Typically, an urgent security release of a project is not for a
two-year-old CVE, but such is the case for a recent
Python release
of four versions of the language. The bug is a
denial of service (DoS) that can be caused by converting enormous numbers to
strings—or vice versa—but it was not deemed serious enough to fix
when it
was first
reported. Evidently more recent reports, including a remote exploit of the
bug, have raised its importance—causing a rushed-out fix. But the
fix breaks some existing Python code, and the process of handling the
incident has left something to be desired, leading the project to look at
ways to improve its processes.

[$] LXC and LXD: a different container story

Post Syndicated from jake original https://lwn.net/Articles/907613/

OCI containers are the most popular type
of Linux container, but they are not the only type, nor were they the
first. LXC (short for “LinuX
Containers”) predates Docker by several years, though it was also not the
first. LXC dates back to its first release in 2008; the earliest version of
Docker
, which was tagged in 2013, was actually a wrapper around LXC.
The LXC project is still going strong and shows no signs of winding
down; LXC 5.0 was released in July and comes with a promise of support until
2027.