All posts by jake

NixOS 23.05 released

Post Syndicated from jake original https://lwn.net/Articles/933466/

A new version of NixOS, which is a Linux
distribution based on the Nix package
manager
, has been released: NixOS 23.05
is now available
. The release
notes
list numerous updates, including Nix 2.13, Linux 6.1,
glibc 2.37,
Cinnamon 5.6, GNOME 44, and KDE Plasma 5.27.

The 23.05 release was made possible due to the efforts of 1867
contributors, who authored 36566 commits since the previous
release.
Our thanks go the contributors who also take care of the continued
stability and security of our stable release.

NixOS is already known as the most up to date distribution while also being
the
distribution with the most packages
. This release saw 16240 new
packages and 13524 updated packages in Nixpkgs. We also
removed 13466
packages in an effort to keep the package set maintainable and secure.
In addition to packages the NixOS distribution also features modules and
tests that make it what it is. This release brought 282 new modules and
removed 183. In that process we added 2882 options and removed 728.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/933465/

Security updates have been issued by Debian (libwebp, openssl, sssd, and texlive-bin), Fedora (bitcoin-core, editorconfig, edk2, mod_auth_openidc, pypy, pypy3.9, python3.10, and python3.8), Red Hat (kernel, openssl, pcs, pki-core:10.6, and qatzip), SUSE (chromium, ImageMagick, openssl-1_1, and tiff), and Ubuntu (cups, libvirt, and linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop,
linux-hwe-5.15, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency,
linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi).

[$] Atomic block-write operations

Post Syndicated from jake original https://lwn.net/Articles/933015/

Martin Petersen and John Garry led a session at the
2023 Linux Storage, Filesystem,
Memory-Management and BPF Summit
on work they have been doing to
implement atomic block writes of various sizes for SCSI and NVMe.
The idea is to support devices that can guarantee atomic operations for
sizes larger than their block size.
It is
an attempt to “find
common ground” between the two standards, Petersen said, because the two
have slightly different semantics, depending on the device type, and
different restrictions, which has made for an “interesting project”. It has
been a challenge to find an abstraction layer that can work with the “five
different variants
of SCSI and NVMe implementations that may or may not be out there”.

[$] Julia 1.9 brings more speed and convenience

Post Syndicated from jake original https://lwn.net/Articles/933019/

Version 1.9 of Julia, which is an
open-source
programming language popular in scientific computing, was released
in early May. There are a number of interesting new features this time
around, including more work addressing the
startup-time complaints and a number of improvements to the package system.
Beyond
that, there are a few interesting features from the Julia 1.8 release
to catch up on.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/933165/

Security updates have been issued by Debian (docker-registry, gpac, libraw, libreoffice, rainloop, and sysstat), Fedora (bottles, c-ares, edk2, libssh, microcode_ctl, python-vkbasalt-cli, rust-buffered-reader, rust-nettle, rust-nettle-sys, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-openpgp, rust-sequoia-policy-config, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-sqv, rust-sequoia-wot, and xen), SUSE (opera), and Ubuntu (Jhead, linuxptp, and sudo).

[$] Cloud-storage optimizations

Post Syndicated from jake original https://lwn.net/Articles/932900/

“I/O hints” for storage devices, which are meant to improve performance by
giving the devices
extra information about the nature of the I/O, have a long history with
Linux.
But the code
for write hints was “ripped out last year”, according to a message from Ted
Ts’o proposing a discussion about new optimizations for cloud-storage devices.
That discussion took place in a
combined storage and filesystem session at the
2023 Linux Storage, Filesystem,
Memory-Management and BPF Summit
. In it, Ts’o proposed that the Linux
community define its own set of hints rather than just following along with the
hints in the standards—which have largely been ignored by the vendors in
any case.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/933071/

Security updates have been issued by Debian (sniproxy), Fedora (c-ares), Oracle (apr-util, curl, emacs, git, go-toolset and golang, go-toolset:ol8, gssntlmssp, libreswan, mysql:8.0, thunderbird, and webkit2gtk3), Red Hat (go-toolset-1.19 and go-toolset-1.19-golang and go-toolset:rhel8), Slackware (ntfs), SUSE (rmt-server), and Ubuntu (linux-raspi, linux-raspi-5.4 and python-django).

Weston 12.0: Highlights and changes for Wayland’s reference compositor (Collabora blog)

Post Syndicated from jake original https://lwn.net/Articles/933017/

Over on the Collabora blog, Marius Vlad looks at the Weston 12.0 release. Weston is the reference compositor for the Wayland project. The highlights include two new backends and support for multiple scanout devices, along with “multiple fixes and internal changes that would further facilitate integration of functionality like color management or the ability to load up multiple backends at the same time“.

As we’re heading towards having the ability to load multiple backends, two new ones have seen the day in this new release: backend-vnc, which is similar to backend-rdp, is based on aml and neatvnc libraries. It has TLS support and user authentication. The other backend added is the PipeWire one; it creates a node for each output and like the plugin with the same backend name, it can be used to capture Weston outputs for processing with other applications.

[$] Zoned storage and filesystems

Post Syndicated from jake original https://lwn.net/Articles/932748/

Issues around zoned storage for filesystems was the topic of a combined
storage and filesystem session at
2023 Linux Storage, Filesystem,
Memory-Management and BPF Summit
led by
Bart Van Assche,
Viacheslav A. Dubeyko, and Naohiro Aota. Zoned storage began with the
advent of shingled
magnetic recording
(SMR) devices, but is now implemented by NVMe zoned
namespaces
(ZNS) as well.
SMR devices can have multiple zones with different
characteristics, with some zones that can only be written in sequential
order, while other, conventional zones can be written in any order. The
talk was focused on filesystems using the sequential type of zones
since the conventional zones are already well-supported in Linux and its
filesystems.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/932994/

Security updates have been issued by Debian (python2.7), Fedora (maradns), Red Hat (devtoolset-12-binutils, go-toolset and golang, httpd24-httpd, jenkins and jenkins-2-plugins, rh-ruby27-ruby, and sudo), Scientific Linux (git), Slackware (texlive), SUSE (cups-filters, poppler, texlive, distribution, golang-github-vpenso-prometheus_slurm_exporter, kubernetes1.18, kubernetes1.23, openvswitch, rmt-server, and ucode-intel), and Ubuntu (ca-certificates, calamares-settings-ubuntu, Jhead, libhtml-stripscripts-perl, and postgresql-10, postgresql-12, postgresql-14, postgresql-15).

PyPI was subpoenaed

Post Syndicated from jake original https://lwn.net/Articles/932886/

It is, it seems, a week of Python Package Index (PyPI) news. On the PyPI blog, Director of Infrastructure at the Python Software Foundation (PSF), Ee Durbin, has posted an admirably detailed description of the organization’s response to three subpoenas it received for PyPI user information in March and April. The requests for information were quite broad and the PSF did produce the requested material (to the extent possible), which involved five PyPI user accounts, under the advice of counsel.

PyPI and the PSF are committed to the freedom, security, and privacy of our users.

This process has offered time to revisit our current data and privacy standards, which are minimal, to ensure they take into account the varied interests of the Python community. Though we collect very little personal data from PyPI users, any unnecessarily held data are still subject to these kinds of requests in addition to the baseline risk of data compromise via malice or operator error.

As a result we are currently developing new data retention and disclosure policies. These policies will relate to our procedures for future government data requests, how and for what duration we store personally identifiable information such as user access records, and policies that make these explicit for our users and community.

The post goes on to detail exactly which fields in the database tables were used to fulfill the request (without identifying the targets, naturally). Meanwhile, another statement in the post leaves open the possibility that further subpoenas have been received since that time:

We have waited for the string of subpoenas to subside, though we were committed from the beginning to write and publish this post as a matter of transparency, and as allowed by the lack of a non-disclosure order associated with the subpoenas received in March and April 2023.

[$] Monitoring mount operations

Post Syndicated from jake original https://lwn.net/Articles/932648/

Amir Goldstein kicked off a session on monitoring mounts at the
2023 Linux Storage, Filesystem,
Memory-Management and BPF Summit
. In particular, there are problems
when trying to efficiently monitor “a very large number of mounts in a
mount namespace”; some user-space programs need an accurate view of the
mount tree without having to constantly parse /proc/mounts or the
like. There
are a number of questions to be answered,
including what the API should look like and what entity should be watched
in order to get notifications of new
mount operations.

Security updates for Wednesday

Post Syndicated from jake original https://lwn.net/Articles/932827/

Security updates have been issued by Debian (libssh and sofia-sip), Fedora (cups-filters, dokuwiki, qt5-qtbase, and vim), Oracle (git, python-pip, and python3-setuptools), Red Hat (git, kernel, kpatch-patch, rh-git227-git, and sudo), SUSE (openvswitch, rmt-server, and texlive), and Ubuntu (binutils, cinder, cloud-init, firefox, golang-1.13, Jhead, liblouis, ncurses, node-json-schema, node-xmldom, nova, python-glance-store, python-os-brick, and runc).

[$] Fanotify and hierarchical storage management

Post Syndicated from jake original https://lwn.net/Articles/932415/

In the filesystem track of the
2023 Linux Storage, Filesystem,
Memory-Management and BPF Summit
, Amir Goldstein led a session on using
fanotify
for hierarchical
storage management
(HSM). Linux had some support for HSM in the XFS
filesystem’s implementation of the data management API (DMAPI),
but that code was removed
back in 2010. Goldstein has done some work
on using fanotify for HSM features, but he has run into some problems with
deadlocks that he wanted to discuss with attendees.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/932625/

Security updates have been issued by Debian (cups-filters, imagemagick, libwebp, sqlite, and texlive-bin), Fedora (chromium and vim), Gentoo (librecad, mediawiki, modsecurity-crs, snakeyaml, and tinyproxy), Mageia (apache-mod_security, cmark, dmidecode, freetype2, glib2.0, libssh, patchelf, python-sqlparse, sniproxy, suricata, and webkit2), Oracle (apr-util and firefox), Red Hat (git), SUSE (containerd, openvswitch, python-Flask, runc, terraform-provider-aws, and terraform-provider-null), and Ubuntu (tar).

[$] FUSE and io_uring

Post Syndicated from jake original https://lwn.net/Articles/932079/

Bernd Schubert led a session at the 2023 Linux Storage, Filesystem,
Memory-Management and BPF Summit
on the intersection
of FUSE
and io_uring. He
works for DDN Storage, which is using FUSE for two network-storage
products; he has found FUSE to be a bottleneck for those filesystems. That
could perhaps be
improved by using io_uring, which is something he has been working on and
wanted to discuss.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/932464/

Security updates have been issued by Fedora (cups-filters, kitty, mingw-LibRaw, nispor, rust-ybaas, and rust-yubibomb), Mageia (kernel-linus), Red Hat (jenkins and jenkins-2-plugins), SUSE (openvswitch and ucode-intel), and Ubuntu (linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop,
linux-oracle-5.15, linux-ibm, linux-oracle, and linux-oem-6.0).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/932371/

Security updates have been issued by Debian (chromium and libapache2-mod-auth-openidc), Fedora (clevis-pin-tpm2, greetd, keyring-ima-signer, libkrun, mirrorlist-server, nispor, nmstate, qt5-qtbase, rust-afterburn, rust-below, rust-bodhi-cli, rust-cargo-c, rust-coreos-installer, rust-fedora-update-feedback, rust-git-delta, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sevctl, rust-tealdeer, and rust-ybaas), Oracle (apr-util, curl, emacs, firefox, kernel, libreswan, mysql, nodejs and nodejs-nodemon, openssh, thunderbird, and webkit2gtk3), Red Hat (apr-util, emacs, firefox, git, jenkins and jenkins-2-plugins, kernel, kpatch-patch, and thunderbird), Scientific Linux (apr-util, firefox, and thunderbird), Slackware (curl), SUSE (cups-filters, curl, java-1_8_0-openjdk, kernel, mysql-connector-java, and ovmf), and Ubuntu (cups-filters, git, linux-gcp-4.15, linux-oracle, linux-raspi, node-minimatch, ruby2.3, ruby2.5, ruby2.7, and runc).