lwn.net
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
URL: https://lwn.net
업데이트: 1시간 48분 지남
[$] Better handling of integer wraparound in the kernel
While the mathematical realm of numbers is infinite, computers are only
able to represent a finite subset of them. That can lead to problems when
arithmetic operations would create numbers that the computer is unable to
store as the intended type. This condition, called "overflow" or
"wraparound" depending on the
context, can be the source of bugs, including unpleasant security
vulnerabilities, so it is worth avoiding. This patch
series from Kees Cook is intended to improve the kernel's handling of
these situations, but it is running into a bit of resistance.
Security updates for Friday
Security updates have been issued by Debian (xorg-server), Fedora (chromium, dotnet8.0, firefox, freeipa, and thunderbird), Red Hat (avahi, c-ares, curl, edk2, expat, freetype, frr, git, gnutls, grub2, kernel, kernel-rt, libcap, libfastjson, libssh, libtasn1, libxml2, linux-firmware, ncurses, oniguruma, openssh, openssl, perl-HTTP-Tiny, protobuf-c, python-urllib3, python3, python3.9, rpm, samba, shadow-utils, sqlite, tcpdump, tomcat, and virt:rhel and virt-devel:rhel modules), SUSE (cpio, jasper, rear23a, thunderbird, and xorg-x11-server), and Ubuntu (jinja2, kernel, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,
linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,
linux-kvm, linux-lowlatency-hwe-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4,
linux-ibm, linux-ibm-5.4, linux-iot, linux-oracle, linux-oracle-5.4,
linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2,
linux-azure-fde-6.2, linux-gcp, linux-hwe-6.5, linux-laptop,
linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle,
linux-raspi, linux-starfive, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-oem-6.1, and mariadb, mariadb-10.3, mariadb-10.6).
Seven new stable kernels
[$] The things nobody wants to pay for
The free-software community has managed to build a body of software that is
worth, by most estimates, many billions of dollars; all of this code is
freely available to anybody who wants to use or modify it. It is an
unparalleled example of independent actors working cooperatively on a
common resource. Free software is certainly a success story, but all is
not perfect. One of the community's greatest strengths — convincing
companies to contribute to this common resource — is also part of one of
its biggest weaknesses.
GCC security features from AdaCore
The AdaCore blog describes
some hardening features contributed to GCC for the GCC 14 release.
With -fharden-control-flow-redundancy, the compiler now verifies, at the end of functions, whether the traversed basic blocks align with a legitimate execution path. The purpose of this protective measure is to detect and thwart attacks attempting to infiltrate the middle of functions, thereby enhancing the overall security posture of the compiled code.
Security updates for Thursday
Security updates have been issued by Debian (chromium, firefox-esr, php-phpseclib, phpseclib, thunderbird, and zabbix), Fedora (dotnet7.0, firefox, fonttools, and python-jinja2), Mageia (avahi and chromium-browser-stable), Oracle (java-1.8.0-openjdk, java-11-openjdk, LibRaw, openssl, and python-pillow), Red Hat (gnutls, kpatch-patch, php:8.1, and squid:4), SUSE (apache-parent, apache-sshd, bluez, cacti, cacti-spine, erlang, firefox, java-11-openjdk, opera, python-Pillow, tomcat, tomcat10, and xwayland), and Ubuntu (paramiko and puma).
[$] LWN.net Weekly Edition for January 25, 2024
The LWN.net Weekly Edition for January 25, 2024 is available.
[$] Python, packaging, and pip—again
Python packaging discussions seem like they often just go around and
around, ending up where they started and recapitulating many of the points that
have come up before. A recent discussion revolves around the pip package installer, as they
often do. The central role that is occupied by pip has both
good points and bad. There is a clear need for something that
can install from the Python Package Index
(PyPI) immediately after Python itself is installed. Whether there
should be additional features, including project management, that come
"inside the box", as well,
is much less clear—not unlike the question of which project management
"style" should be chosen.
Security updates for Wednesday
Security updates have been issued by Debian (jinja2, openjdk-11, ruby-httparty, and xorg-server), Fedora (ansible-core and mingw-jasper), Gentoo (GOCR, Ruby, and sudo), Oracle (gstreamer-plugins-bad-free, java-17-openjdk, java-21-openjdk, python-cryptography, and xorg-x11-server), Red Hat (kernel, kernel-rt, kpatch-patch, LibRaw, python-pillow, and python-pip), Slackware (mozilla), SUSE (python-Pillow, rear118a, and redis7), and Ubuntu (libapache-session-ldap-perl and pycryptodome).
[$] Microdot: a web framework for microntrollers
There are many different Python web frameworks, from
nano-frameworks all the way up to the full-stack variety. One that
recently caught my eye is Microdot, the
"impossibly small web framework for Python and MicroPython"; since
it
targets MicroPython, it is
plausible for running the user
interface of an "internet of things" (IoT) device, for example. Beyond
that, it is Flask-inspired,
which should make it reasonably familiar to many potential web
developers.
Firefox 122.0 released
Version
122.0 of the Firefox browser it out. Changes include improved search
suggestions, improvements to the in-browser
translation feature, better line-breaking compatibility, and a shiny
new .deb package.
Security updates for Tuesday
Security updates have been issued by Debian (kodi and squid), Fedora (ansible-core, java-latest-openjdk, mingw-python-jinja2, openssh, and pgadmin4), Gentoo (Apache XML-RPC), Red Hat (gnutls and xorg-x11-server), Slackware (postfix), SUSE (bluez and openssl-3), and Ubuntu (gnutls28, libssh, and squid).
[$] The rest of the 6.8 merge window
Linus Torvalds was able to release 6.8-rc1
and close the 6.8 merge window on time despite losing power to his home for
most of a week. He noted that this merge window is "maybe a bit smaller
than usual", but 12,239 non-merge changesets found their way into the
mainline, so it's not that small. About 8,000 of those changes were
merged since the first-half summary was
written; the second half saw a lot of device-driver updates, but there
were other interesting changes as well.
Security updates for Monday
Security updates have been issued by Debian (keystone and subunit), Fedora (dotnet6.0, golang, kernel, sos, and tigervnc), Mageia (erlang), Red Hat (openssl), SUSE (bluez, python-aiohttp, and seamonkey), and Ubuntu (postfix and xorg-server).
Kernel prepatch 6.8-rc1
The 6.8-rc1 kernel prepatch is out for
testing.
So this wasn't the most pleasant merge window, but most of the unpleasantness was entirely unrelated to the code base and almost entirely related to nasty weather. Just a few technical hiccups. And after a very big 6.7 release, 6.8 looks to actually be smaller than average, although not really all that significantly so.