All posts by jake

[$] Sudo and its alternatives

Post Syndicated from jake original https://lwn.net/Articles/962588/

Sudo is a ubiquitous tool for running
commands
with the privileges of another user on Unix-like operating systems. Over
the past decade or so,
some alternatives have
been developed; the base system of OpenBSD now comes with doas instead, sudo-rs is a subset of
sudo reimplemented in Rust, and, somewhat surprisingly, Microsoft also
recently announced
its own Sudo for Windows. Each of these offers a different approach to the
task of providing limited privileges to unprivileged users.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/962753/

Security updates have been issued by Debian (engrampa, openvswitch, pdns-recursor, and runc), Fedora (caddy, expat, freerdp, libgit2, libgit2_1.6, mbedtls, python-cryptography, qt5-qtbase, and sudo), Gentoo (Apache Log4j, Chromium, Google Chrome, Microsoft Edge, CUPS, e2fsprogs, Exim, firefox, Glade, GNU Tar, intel-microcode, libcaca, QtNetwork, QtWebEngine, Samba, Seamonkey, TACACS+, Thunar, and thunderbird), Mageia (dnsmasq, unbound, and vim), Oracle (container-tools:4.0, container-tools:ol8, dotnet6.0, dotnet7.0, kernel, nss, openssh, and sudo), Red Hat (python-pillow), and SUSE (bitcoin, dpdk, libssh, openvswitch, postgresql12, and postgresql13).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/962506/

Security updates have been issued by Mageia (bind), Red Hat (.NET 8.0 and kpatch-patch), SUSE (golang-github-prometheus-alertmanager, java-1_8_0-openj9, kernel, libaom, openssl-3, postgresql15, salt, SUSE Manager Client Tools, SUSE Manager Server 4.3, and webkit2gtk3), and Ubuntu (shadow).

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/961842/

Security updates have been issued by Debian (libgit2), Fedora (chromium, firecracker, libkrun, openssh, python-nikola, runc, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, virtiofsd, webkitgtk, and wireshark), Mageia (filezilla and xpdf), Oracle (gimp), Red Hat (libmaxminddb, linux-firmware, squid:4, and tcpdump), Slackware (xpdf), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont and suse-build-key), and Ubuntu (python-glance-store and webkit2gtk).

DRM-CI: A GitLab-CI pipeline for Linux kernel testing (Collabora Blog)

Post Syndicated from jake original https://lwn.net/Articles/961655/

Over on the Collabora blog, Helen Koike writes
about the DRM-CI project for running automated continuous integration (CI)
tests on multiple graphics devices in several different labs. It uses the
IGT GPU
tools
for testing, though there are plans to expand:

The roadmap for DRM-CI includes enabling other devices, incorporating
additional tests like kselftests, adding support for vgem driver, and
implementing further automations. DRM-CI builds upon the groundwork laid by
Mesa3D CI,
including its GitLab YAML files and most of its setup, fostering
collaboration and mutual strengthening.

[…] Adapting the DRM-CI pipeline to other subsystems is feasible with a
few modifications. The primary consideration is setting up dedicated
GitLab-CI runners since Freedesktop’s infrastructure is meant only for
graphics.

In light of this, our team is developing a versatile and user-friendly
GitLab-CI pipeline. This new pipeline is envisioned to function as a
flexible interface for kernel maintainers and developers that can be
evolved to connect with different test environments that can also be hooked
with CI systems such as KernelCI. This approach aims to simplify the
integration process, making GitLab-CI more accessible and beneficial to a
broader range of developers.

[$] Gnuplot 6 comes with pie

Post Syndicated from jake original https://lwn.net/Articles/961003/

Gnuplot 6.0 was released in
December 2023, bringing a host of significant improvements and new
capabilities to the open-source graphing tool. Here we survey the major
new features, including
filled contours in 3D, adaptive plotting resolution, watchpoints, clipping
of surfaces, sector plots for making things like pie charts, and new
syntax for conditionals in gnuplot’s scripting language. In addition, there
are
detailed examples of the features described.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/961584/

Security updates have been issued by Debian (webkit2gtk), Fedora (atril, chromium, gnutls, python-aiohttp, and webkitgtk), Gentoo (libxml2), Mageia (gnutls, gpac, kernel, kernel-linus, microcode, pam, and postfix), Red Hat (container-tools:2.0, container-tools:3.0, container-tools:4.0, container-tools:rhel8, gimp, libmaxminddb, python-pillow, runc, and unbound), SUSE (cosign, netpbm, python, python-Pillow, python3, and python36), and Ubuntu (libde265, linux-gcp, linux-gcp-5.4, and linux-intel-iotg).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/961330/

Security updates have been issued by Debian (chromium), Red Hat (gimp, kernel, kernel-rt, and runc), Slackware (expat), SUSE (libavif), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,
linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,
linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle,
linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, and linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop,
linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle,
linux-raspi, linux-starfive).

Go 1.22 released

Post Syndicated from jake original https://lwn.net/Articles/961196/

Go 1.22, the most recent version of the Go programming language, has been released. It comes with two language changes to for loops: a fix for a longstanding “gotcha” with accidentally sharing loop variables between iterations and adding the ability to range over integer values. There are also additions to the standard library, improved performance, and more. See the release notes for further information.

[$] So you think you understand IP fragmentation?

Post Syndicated from jake original https://lwn.net/Articles/960913/

What is IP fragmentation, why is it important, and do people understand
it? The answer to that last question is “not as well as they think”. This
article will also answer the rest of those
questions and introduce fragquiz, a game that I
wrote to allow players to guess how IP packets will behave when they are
too large for the network. As evidence that IP fragmentation is not
well-understood, a room full of networking experts played fragquiz and got
a score that was
nowhere close to perfect. In addition, I will describe a new algorithm for
fragmentation avoidance, which some colleagues and I
developed, that helped motivate development of fragquiz.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/960952/

Security updates have been issued by Debian (rear, runc, sudo, and zbar), Fedora (chromium, grub2, libebml, mingw-python-pygments, and python-aiohttp), Gentoo (FreeType, GNAT Ada Suite, Microsoft Edge, NBD Tools, OpenSSL, QtGui, SDDM, Wireshark, and Xen), Mageia (dracut, glibc, nss and firefox, openssl, packages, perl, and thunderbird), Slackware (libxml2), SUSE (java-11-openjdk, java-17-openjdk, perl, python-uamqp, slurm, and xerces-c), and Ubuntu (libssh and openssl).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/960436/

Security updates have been issued by Debian (debian-security-support, firefox-esr, openjdk-11, and python-asyncssh), Fedora (glibc, python-templated-dictionary, thunderbird, and xorg-x11-server-Xwayland), Gentoo (Chromium, Google Chrome, Microsoft Edge and WebKitGTK+), Red Hat (firefox, gnutls, libssh, thunderbird, and tigervnc), SUSE (mbedtls, rear116, rear1172a, runc, squid, and tinyssh), and Ubuntu (glibc and runc).

[$] Looking ahead to Emacs 30

Post Syndicated from jake original https://lwn.net/Articles/959931/

EmacsConf 2023 was, like its
recent predecessors, an online conference with lots of talks about various
aspects of the Emacs
editor
—though, of course, it is way more than just an editor. Last year’s
edition was held in early December. One of the
talks that looked interesting was on Emacs
development
, which was given live by John Wiegley. In it, he briefly
described some
of the biggest features coming in Emacs 30, which is the next major version
coming for the tool.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/959882/

Security updates have been issued by CentOS (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, kernel, LibRaw, python-pillow, and xorg-x11-server), Debian (gst-plugins-bad1.0, libspreadsheet-parsexlsx-perl, mariadb-10.3, and slurm-wlm), Fedora (atril, dotnet8.0, gnutls, prometheus-podman-exporter, python-jinja2, sudo, and vips), Oracle (frr, kernel, php:8.1, python-urllib3, python3.9, rpm, sqlite, and tomcat), Slackware (pam), SUSE (cpio, rear23a, rear27a, sevctl, and xorg-x11-server), and Ubuntu (exim4 and firefox).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/959640/

Security updates have been issued by Debian (xorg-server), Fedora (chromium, dotnet8.0, firefox, freeipa, and thunderbird), Red Hat (avahi, c-ares, curl, edk2, expat, freetype, frr, git, gnutls, grub2, kernel, kernel-rt, libcap, libfastjson, libssh, libtasn1, libxml2, linux-firmware, ncurses, oniguruma, openssh, openssl, perl-HTTP-Tiny, protobuf-c, python-urllib3, python3, python3.9, rpm, samba, shadow-utils, sqlite, tcpdump, tomcat, and virt:rhel and virt-devel:rhel modules), SUSE (cpio, jasper, rear23a, thunderbird, and xorg-x11-server), and Ubuntu (jinja2, kernel, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,
linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,
linux-kvm, linux-lowlatency-hwe-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4,
linux-ibm, linux-ibm-5.4, linux-iot, linux-oracle, linux-oracle-5.4,
linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2,
linux-azure-fde-6.2, linux-gcp, linux-hwe-6.5, linux-laptop,
linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle,
linux-raspi, linux-starfive, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-oem-6.1, and mariadb, mariadb-10.3, mariadb-10.6).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/959455/

Security updates have been issued by Debian (chromium, firefox-esr, php-phpseclib, phpseclib, thunderbird, and zabbix), Fedora (dotnet7.0, firefox, fonttools, and python-jinja2), Mageia (avahi and chromium-browser-stable), Oracle (java-1.8.0-openjdk, java-11-openjdk, LibRaw, openssl, and python-pillow), Red Hat (gnutls, kpatch-patch, php:8.1, and squid:4), SUSE (apache-parent, apache-sshd, bluez, cacti, cacti-spine, erlang, firefox, java-11-openjdk, opera, python-Pillow, tomcat, tomcat10, and xwayland), and Ubuntu (paramiko and puma).