|
|
Subscribe / Log in / New account

Welcome to LWN.net

LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.

[$] Resistance to Rust abstractions for DMA mapping

[Kernel] Posted Jan 30, 2025 19:42 UTC (Thu) by corbet

While the path toward the ability to write device drivers in Rust has been anything but smooth, steady progress has been made and that goal is close to being achieved — for some types of drivers at least. Device drivers need to be able to set up memory areas for direct memory access (DMA) transfers, though; that means Rust drivers will need a set of abstractions to interface with the kernel"s DMA-mapping subsystem. Those abstractions have run into resistance that has the potential to block progress on the Rust-for-Linux project as a whole.

Full Story (comments: 13)

[$] LWN.net Weekly Edition for January 30, 2025

Posted Jan 30, 2025 3:44 UTC (Thu)

The LWN.net Weekly Edition for January 30, 2025 is available.

Inside this week"s LWN.net Weekly Edition

  • Front: Go vendoring in Fedora; Rust 2024 edition; 6.14 Merge window; uretprobe(); FOSDEM keynote; Earthstar.
  • Briefs: Git security; Ubuntu discussion; LWN EPUBs; Facebook moderation; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.
Read more

[$] Offline applications with Earthstar

[Development] Posted Jan 29, 2025 15:53 UTC (Wed) by daroc

Earthstar is a privacy-oriented, offline-first, LGPL-licensed database intended to support distributed applications. Unlike other distributed storage libraries, it focuses on providing mutable data with human-meaningful names and modification times, which gives it an interface similar to many non-distributed key-value databases. Now, the developers are looking at switching to a new synchronization protocol — one that is general enough that it might see wider adoption.

Full Story (comments: none)

[$] FOSDEM keynote causes concerns

[Development] Posted Jan 28, 2025 17:28 UTC (Tue) by jzb

This year"s edition of the Free and Open Source Software Developers" European Meeting (FOSDEM) begins on February 1 in Brussels. The event is widely regarded as one of the most important open-source conferences. One of the reasons that FOSDEM is held in high esteem by the community is its non-commercial nature. It does accept sponsors, but sponsorships come with few perks and no "pay-for-play" speaking slots. Thus, the scheduling of a keynote by Jack Dorsey⁠—⁠primarily known for his role in co-founding Twitter, and currently CEO and chairman of FOSDEM sponsor Block, Inc.⁠—⁠raised eyebrows and led to plans for a protest. The keynote has since been removed from the schedule, but there are still a number of lingering questions.

Full Story (comments: 82)

[$] Vendoring Go packages by default in Fedora

[Distributions] Posted Jan 27, 2025 15:17 UTC (Mon) by jzb

The Go language is designed to make it easy for developers to import other Go packages and compile everything into a static binary for simple distribution. Unfortunately, this complicates things for those who package Go programs for Linux distributions, such as Fedora, that have guidelines which require dependencies to be packaged separately. Fedora"s Go special interest group (SIG) is asking for relief and a loosening of the bundling guidelines to allow Go packagers to bundle dependencies into the packages that need them, otherwise known as vendoring. So far, the participants in the discussion have seemed largely in favor of the idea.

Full Story (comments: 133)

[$] The Rust 2024 Edition takes shape

[Development] Posted Jan 24, 2025 16:09 UTC (Fri) by daroc

Last year, LWN examined the changes lined up for Rust"s 2024 edition. Now, with the edition ready to be stabilized in February, it"s time to look back at the edition process and see what was successfully adopted, which new changes were added, and what still remains to work on. A surprising amount of new work was proposed, implemented, and stabilized during the year.

Full Story (comments: 5)

[$] The trouble with the new uretprobes

[Kernel] Posted Jan 23, 2025 22:55 UTC (Thu) by corbet

A "uretprobe" is a dynamic, user-space tracepoint injected by the kernel into a running process; this document tersely describes their use. Among other things, uretprobes are used by the perf utility to time function calls. The 6.11 kernel saw a significant change to uretprobes that improved their performance, but that change is also creating trouble for some users. The best way to solve the problem is not entirely clear.

Full Story (comments: 53)

[$] The first part of the 6.14 merge window

[Kernel] Posted Jan 23, 2025 15:09 UTC (Thu) by corbet

As of this writing, just over 4,300 non-merge changesets have been pulled into the mainline repository for the 6.14 release. Many of the pull requests this time around include remarks saying that activity has been relatively low this time around, presumably due to the holidays. So those 4,300 changesets are probably closer to the merge-window halfway point than usual. Much of the work merged thus far looks more like incremental improvements than major new initiatives, but there still have been a number of interesting changes in the mix.

Full Story (comments: 10)

LWN.net Weekly Edition for January 23, 2025

Posted Jan 23, 2025 0:01 UTC (Thu)

The LWN.net Weekly Edition for January 23, 2025 is available.

Inside this week"s LWN.net Weekly Edition

  • Front: Rsync vulnerability; Going mouseless; Commit IDs; 6.13 Development statistics; Python string formating; Python None-aware operators.
  • Briefs: Kernel 6.13; Dillo 3.2.0; GDB 16.1; OpenVox; Wine 10.0; Quotes; ...
  • Announcements: Newsletters, conferences, security updates, patches, and more.
Read more

A revamped Python string-formatting proposal

[Development] Posted Jan 22, 2025 18:08 UTC (Wed) by jake

The proposal to add a more general facility for string formatting to Python, which we looked at in August 2024, has changed a great deal since, so it merits another look. The changes take multiple forms: a new title for PEP 750 ("Template Strings"), a different mechanism for creating and using templates, a new Template type to hold them, and several additional authors for the PEP. Meanwhile, one controversial part of the original proposal, lazy evaluation of the interpolated values, has been changed so that it requires an explicit opt-in (via lambda); template strings are a generalization of f-strings and lazy evaluation was seen by some as a potentially confusing departure from their behavior.

Full Story (comments: 23)

Freedesktop looking for new home for its GitLab instance

[Development] Posted Jan 30, 2025 17:17 UTC (Thu) by jake

Visitors to the freedesktop.org GitLab instance are currently being greeted with a message noting that the company who has been hosting it for free for nearly five years, Equinix, has asked that it be moved (or start being paid for) by the end of April. The issue ticket opened by Benjamin Tissoires in order to track the planning of a move is clear that the project is grateful for the gift: "First, I"d like to thank Equinix Metal for the years of support they gave us. They were very kind and generous with us and even if it"s a shame we have to move out on a short notice, all things come to an end."

The current cost for the services, much of which is for 50TB of bandwidth data transfer per month and a half-dozen beefy servers for running continuous-integration (CI) jobs, comes to around $24,000 per month. Tissoires believes that the project should start paying for service somewhere, in order to avoid upheaval of this sort, sometimes on short or no notice. "I personally think we better have fd.o pay for its own servers, and then have sponsors chip in. This way, when a sponsor goes away, it"s technically much simpler to just replace the money than change datacenter." Various options are being discussed there, but any move is likely to disrupt normal services for a week or more.

Comments (7 posted)

GNU C Library 2.41 released

[Development] Posted Jan 30, 2025 16:02 UTC (Thu) by corbet

Version 2.41 of the GNU C Library has been released. Changes include a number of test-suite improvements, strict-error support in the DNS stub resolver, wrappers for the the sched_setattr() and sched_getattr() system calls, Unicode 16.0.0 support, improved C23 support, support for extensible restartable sequences, Guarded Control Stack support on 64-bit Arm systems, and more.

Comments (none posted)

Security updates for Thursday

[Security] Posted Jan 30, 2025 14:29 UTC (Thu) by jake

Security updates have been issued by AlmaLinux (redis:7), Debian (bind9, chromium, flightgear, pam-u2f, and simgear), Red Hat (fence-agents, git-lfs, libsoup, python3.9, rsync, and traceroute), Slackware (bind), SUSE (apache2-mod_security2, corepack22, go1.24, hplip, ignition, iperf, kernel, kernel-devel-longterm, nginx, nodejs22, openvpn, owasp-modsecurity-crs, and shadow), and Ubuntu (bind9, jinja2, libxml2, linux-lowlatency-hwe-6.8, php7.0, tomcat6, and vlc).

Full Story (comments: none)

Thunderbird moving to monthly updates in March

[Development] Posted Jan 30, 2025 14:16 UTC (Thu) by jzb

The Thunderbird project has announced that it is making its Release channel the default download beginning with the 135.0 release in March. This will move users to major monthly releases instead of the annual major Extended Support Release (ESR) that is the current default.

One of our goals for 2025 is to increase active installations on the release channel to at least 20% of the total installations. At last check, we had 29,543 active installations on the release channel, compared to 20,918 on beta, and 5,941 on daily. The release channel installations currently account for 0.27% of the 10,784,551 total active installations tracked on stats.thunderbird.net.

Comments (none posted)

Incus 6.9 released

[Development] Posted Jan 29, 2025 18:14 UTC (Wed) by jzb

Version 6.9 of the Incus container and virtual-machine management system has been released. Changes include a command to provide virtual machine memory dumps, ability to set network ACLs for instances on bridged networks, and more.

Comments (none posted)

LWN in EPUB format

[Briefs] Posted Jan 29, 2025 16:57 UTC (Wed) by corbet

For years we have had occasional requests to be able to receive LWN in a format for ebook readers. It took a while, but we are now happy to announce that all of LWN"s feature content is available, to subscribers at the "professional hacker" level and above, in the EPUB format. To obtain the weekly edition as an EPUB file, just click the "Download EPUB" link in the left column. There is a separate RSS feed for the EPUB format as well. Any other feature content can be turned into an ebook by appending /epub to its URL.

We will also be creating special EPUB books at times. As an example of what is possible, our complete coverage from Kangrejos 2024 and the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit are available to all readers.

There are surely places where our EPUB books can be improved; please feel free to drop us a note (at lwn@lwn.net) with suggestions.

Comments (25 posted)

Credential-leaking vulnerability in some Git credential managers

[Security] Posted Jan 29, 2025 16:01 UTC (Wed) by daroc

Security researcher RyotaK has shared a series of vulnerabilities that all have to do with how Git interfaces with external credential managers. In short, while Git guards against newline characters (\n) being injected into a repository"s URL, some programming languages also treat carriage return characters (\r) as being newlines. Adding a carriage return to a repository"s URL can cause Git and the credential manager to disagree on how the URL should be parsed, ultimately resulting in Git credentials being sent to the wrong host. Malicious repositories could include Git submodules with malformed URLs, triggering the bug. Only password-based authentication with an external credential manager is vulnerable to this attack; SSH-based authentication remains secure. The Git project has chosen to consider this a vulnerability in Git, given the large amount of external software affected. The project has fixed the bug on its end by releasing updates for all supported versions that ban carriage returns in URLs entirely.

Affected software includes GitHub Desktop, Git LFS, and possibly other Git utilities:

Since Git itself doesn"t use .lfsconfig file, specifying the URL that contains the newline character in .lfsconfig causes Git LFS to insert the newline character into the message, while bypassing [...] Git"s validation.

Comments (2 posted)

Ubuntu developer discussion moving to Matrix

[Distributions] Posted Jan 29, 2025 14:06 UTC (Wed) by jzb

Ubuntu will be moving its "official realtime communications channels" from IRC to Matrix, beginning March 1, 2025, following a discussion on the ubuntu-devel mailing list.

"Official" communication, such as making realtime requests of privileged Ubuntu developer teams, could be expected to be actioned if requested on Matrix only. Similarly, you can consider your social responsibility to other developers in relation to your work in Ubuntu development to be fulfilled if you are present on that platform. And Canonical will follow in its requirement for its employed Ubuntu developers to be present on that agreed platform during their working hours.

Comments (none posted)

Security updates for Wednesday

[Security] Posted Jan 29, 2025 14:04 UTC (Wed) by jzb

Security updates have been issued by AlmaLinux (bzip2, gimp:2.8, keepalived, mariadb:10.11, mariadb:10.5, python-jinja2, and redis), Debian (iperf3, libtar, and pdns-recursor), Fedora (abseil-cpp, dotnet8.0, dotnet9.0, golang, libsoup3, and vaultwarden), Oracle (gimp:2.8, iperf3, keepalived, kernel, redis:7, and unbound), Red Hat (libsoup), SUSE (amazon-ssm-agent, go1.22, go1.23, iperf, java-21-openjdk, nginx, openvpn, and python311-asteval), and Ubuntu (kernel, libmicrodns, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-azure, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-lowlatency, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8, linux-raspi, linux, linux-azure, linux-gcp, linux-oem-6.11, linux-raspi, linux-realtime, linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-oem-6.8, rsync, and tcpreplay).

Full Story (comments: none)

Security updates for Tuesday

[Security] Posted Jan 28, 2025 15:02 UTC (Tue) by corbet

Security updates have been issued by Debian (git and openjpeg2), Mageia (virtualbox), SUSE (podman), and Ubuntu (clamav, frr, libreoffice, linux-xilinx-zynqmp, and quagga).

Full Story (comments: none)

--> More news items


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds