# Twtxt is an open, distributed microblogging platform that # uses human-readable text files, common transport protocols, # and free software. # # Learn more about twtxt at https://github.com/buckket/twtxt # # This is an automated Yarn.social feed running feeds v0.1.0@72e53a9 # Learn more about Yarn.social at https://yarn.social # # nick = lwn-net # url = https://feeds.twtxt.net/lwn-net/twtxt.txt # type = rss # source = https://lwn.net/headlines/newrss # avatar = # description = # updated_at = 2024-04-25T01:25:20Z # 2023-06-20T12:56:23Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (libxpm and php7.3), **Fedora** (chromium), **Mageia** (kernel, kernel-linus, and sysstat), **Red Hat** (c-ares), **SUSE** (libwebp), and **Ubuntu** (cups-filters, libjettison-java, and libsvgpp-dev). ⌘ [Read more](https://lwn.net/Articles/935353/) 2023-06-20T13:08:40Z **The Rust Leadership Council**
The Rust project has [announced](https://blog.rust-lang.org/2023/06/20/introducing-leadership-council.html)
the formation of the Rust Leadership Council, which will take the place of
the existing Core Team and Leadership Chat groups.

> The Council will assume responsibility for top-level governance
> concerns while most of the responsibilities of the Rust Project
> (such as maintenance of the compiler and core tooling, evolution of
> the language and standard libraries, administration of
> infrastructu ... ⌘ [Read more](https://lwn.net/Articles/935354/) 2023-06-20T18:47:27Z **[$] Backporting XFS fixes to stable**
Backporting fixes to stable kernels is an ongoing process that, in general,
is handled by the stable maintainers or the developers of the fixes.
However, due
to some unhappiness in the XFS development
community with the process of handling stable fixes for that filesystem,
a different process has come about for backporting XFS patches to the
stable kernels. The three developers doing that work, Leah Rumancik, Amir
Goldstein, and Chandan Babu Rajendra, led a plenary session at the
[2023 Linux Storage ... ⌘ [Read more](https://lwn.net/Articles/934941/) 2023-06-21T12:34:31Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (libfastjson, libx11, opensc, python-mechanize, and wordpress), **SUSE** (salt and terraform-provider-helm), and **Ubuntu** (firefox, libx11, pngcheck, python-werkzeug, ruby3.1, and vlc). ⌘ [Read more](https://lwn.net/Articles/935552/) 2023-06-21T13:48:53Z **[$] Armbian 23.05: optimized for single-board computers**
Running a Linux distribution on Arm-based single-board computers (SBCs)
is still not as easy as on x86 systems because many Arm devices require a
vendor-supplied kernel, a patched bootloader, and other device-specific
components. One distribution that addresses this problem is [Armbian](https://www.armbian.com), which offers Debian- and
Ubuntu-based distributions for
many devices. The headline feature in the recent release, [Armbian\
23.05](https://www.armbian.com/newsflash/armbi ... ⌘ [Read more](https://lwn.net/Articles/935079/) 2023-06-21T14:32:49Z **Seven more stable kernels**
The
[6.3.9](https://lwn.net/Articles/935589/),
[6.1.35](https://lwn.net/Articles/935588/),
[5.15.118](https://lwn.net/Articles/935584/),
[5.10.185](https://lwn.net/Articles/935583/),
[5.4.248](https://lwn.net/Articles/935582/),
[4.19.287](https://lwn.net/Articles/935581/), and
[4.14.319](https://lwn.net/Articles/935580/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/935579/) 2023-06-21T14:42:19Z **Red Hat cutting back RHEL source availability**
Red Hat has [announced](https://www.redhat.com/en/blog/furthering-evolution-centos-stream)
that public source releases will be restricted to CentOS Stream going
forward:

> As the CentOS Stream community grows and the enterprise software
> world tackles new dynamics, we want to sharpen our focus on CentOS
> Stream as the backbone of enterprise Linux innovation. We are
> continuing our investment in and increasing our commitment to
> CentOS Stream. **CentOS Stream will now be the sole r ... ⌘ [Read more](https://lwn.net/Articles/935592/) 2023-06-21T17:57:08Z **[$] Merging copy offload**
Kernel support for copy offload is a feature that has been floating around
in limbo for a decade or more at this point; it has been implemented along
the way, but never merged. The idea is that the host
system can simply ask a block storage device to copy some data within the device
and it
will do so without further involving the host; instead of reading data into
the host so that it can be written back out again, the device circumvents
that process. At the
[2023 Linux Storage, Filesystem,\
Memory-Management a ... ⌘ [Read more](https://lwn.net/Articles/935260/) 2023-06-22T01:27:29Z **[$] LWN.net Weekly Edition for June 22, 2023**
The LWN.net Weekly Edition for June 22, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/934727/) 2023-06-22T14:24:06Z **Security updates for Thursday**
Security updates have been issued by **Debian** (avahi, hsqldb, hsqldb1.8.0, minidlna, trafficserver, and xmltooling), **Oracle** (.NET 6.0, .NET 7.0, 18, c-ares, firefox, kernel, less, libtiff, libvirt, python, python3.11, texlive, and thunderbird), **Red Hat** (c-ares, kernel, kernel-rt, kpatch-patch, less, libtiff, libvirt, openssl, and postgresql), **Slackware** (bind and kernel), **SUSE** (bluez, curl, geoipupdate, kernel, netty, netty-tcnative, ntp, open-vm-tools, php8, python-reportlab, rustup, Sal ... ⌘ [Read more](https://lwn.net/Articles/935872/) 2023-06-22T15:23:26Z **[$] Delegating privilege with BPF tokens**
The quest to enable limited use of BPF features in unprivileged processes
continues. In [the previous episode](https://lwn.net/Articles/929746/), an
attempt to use authoritative Linux security module (LSM) hooks for this
purpose was strongly rejected by the LSM developers. BPF developer Andrii
Nakryiko has now returned with a new mechanism based on a
privilege-conveying token. That approach, too, has run into some
resistance, but a solution for the strongest concerns might be in sight. ⌘ [Read more](https://lwn.net/Articles/935195/) 2023-06-22T20:27:09Z **AlmaLinux's response to Red Hat's policy change**
The AlmaLinux organization has posted [a message](https://almalinux.org/blog/impact-of-rhel-changes/)
describing the impact of Red Hat's decision to stop releasing the source to
the RHEL distribution and how AlmaLinux will respond.

> In the immediate term, our plan is to pull from CentOS Stream
> updates and Oracle Linux updates to ensure security patches
> continue to be released. These updates will be carefully curated to
> ensure they are 1:1 compatible with RHEL, while not violat ... ⌘ [Read more](https://lwn.net/Articles/935918/) 2023-06-23T13:58:28Z **Security updates for Friday**
Security updates have been issued by **Debian** (asterisk, lua5.3, and trafficserver), **Fedora** (tang and trafficserver), **Oracle** (.NET 7.0, c-ares, firefox, openssl, postgresql, python3, texlive, and thunderbird), **Red Hat** (python27:2.7 and python39:3.9 and python39-devel:3.9), **Scientific Linux** (c-ares), **Slackware** (cups), **SUSE** (cups, dav1d, google-cloud-sap-agent, java-1\_8\_0-openjdk, libX11, openssl-1\_0\_0, openssl-1\_1, openssl-3, openvswitch, and python-sqlparse), and **Ubuntu** (c ... ⌘ [Read more](https://lwn.net/Articles/936040/) 2023-06-23T14:06:45Z **[$] Reports from OSPM 2023, part 3**
The [fifth conference on Power\
Management and Scheduling in the Linux Kernel](http://retis.sssup.it/ospm-summit/) (abbreviated "OSPM") was
held on April 17 to 19 in Ancona, Italy. LWN was not there,
unfortunately, but the attendees of the event have gotten together to write
up summaries of the discussions that took place and LWN has the privilege
of being able to publish them. Reports from the third and final day of the
event appear below. ⌘ [Read more](https://lwn.net/Articles/935180/) 2023-06-23T16:27:55Z **[$] Removing the kthread freezer**
The final day of the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2023) featured three separate sessions led by
Luis Chamberlain (he also led a [plenary](https://lwn.net/Articles/933437/) on
day two); the first of those was a filesystem session on the status of the
kthread-freezer-removal effort. The kthread freezer is meant to help
filesystems freeze their state in order to
suspend or hibernate the system, but since at least 2015, the [freezer ha ... ⌘ [Read more](https://lwn.net/Articles/935602/) 2023-06-23T21:23:15Z **Kuhn: A Comprehensive Analysis of the GPL Issues With the Red Hat Enterprise Linux (RHEL) Business Model**
Over on the [Software Freedom Conservancy](https://sfconservancy.org/) blog, Policy Fellow and Hacker-in-Residence Bradley M. Kuhn [analyzes](https://sfconservancy.org/blog/2023/jun/23/rhel-gpl-analysis/) the [recent changes to Red Hat Enterprise Linux (RHEL) source availability](https://lwn.net/Articles/935592/) in light of the GPL. It contains some interesting information about two alleged GPL violations that came about because t ... ⌘ [Read more](https://lwn.net/Articles/936127/) 2023-06-26T00:11:56Z **The 6.4 kernel has been released**
Linus has [released the 6.4 kernel](https://lwn.net/Articles/936310/).

> Most of the stuff in my mailbox the last week has been about
> upcoming things for 6.5, and I already have 15 pull requests
> pending. I appreciate all you proactive people.
>
> But that's for tomorrow. Today we're all busy build-testing the
> newest kernel release, and checking that it's all good. Right?

Headline features in this release include:
[generic iterators](https://lwn.net/Articles/926041/) for BPF,
the [removal](htt ... ⌘ [Read more](https://lwn.net/Articles/936132/) 2023-06-26T07:44:09Z **Security updates for Monday**
Security updates have been issued by **Debian** (bind9 and owslib), **Fedora** (dav1d, dotnet6.0, dotnet7.0, mingw-dbus, vim, and wabt), and **SUSE** (cloud-init and golang-github-vpenso-prometheus\_slurm\_exporter). ⌘ [Read more](https://lwn.net/Articles/936332/) 2023-06-26T16:12:29Z **[$] Development statistics for 6.4**
The 6.4 kernel was [released](https://lwn.net/ml/linux-kernel/CAHk-=wi7fwNWfqj-QQqEfZTUOB4bbKT8QiEUDHoPk0ecuYA7cA@mail.gmail.com/)
on June 25 after a nine-week development cycle. By that point, 14,835
non-merge changesets had been pulled into the mainline kernel, a slight
increase from 6.3 (14,424 changesets) but still lower than many other
development cycles. As usual, LWN has taken a look at those changesets,
who contributed them, and what the most active developers were up to. ⌘ [Read more](https://lwn.net/Articles/936113/) 2023-06-26T19:38:39Z **McGrath: Red Hat’s commitment to open source**
Red Hat's Mike McGrath [responds](https://www.redhat.com/en/blog/red-hats-commitment-open-source-response-gitcentosorg-changes)
to the many criticisms aimed at the company since it changed its policy
regarding RHEL source code.

> Ultimately, we do not find value in a RHEL rebuild and we are not
> under any obligation to make things easier for rebuilders; this is
> our call to make. That brings me to CentOS Stream, of which there
> is immense confusion. I acknowledge that this is a chang ... ⌘ [Read more](https://lwn.net/Articles/936405/) 2023-06-27T14:03:33Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (c-ares and libx11), **Fedora** (chromium and kubernetes), **Red Hat** (python3 and python38:3.8, python38-devel:3.8), and **SUSE** (amazon-ssm-agent, kernel, kubernetes1.24, libvirt, nodejs16, openssl-1\_1, and webkit2gtk3). ⌘ [Read more](https://lwn.net/Articles/936549/) 2023-06-27T14:40:23Z **Ekstrand: NVK update: Enabling new extensions, conformance status & more**
Faith Ekstrand has [provided\
an update](https://www.collabora.com/news-and-blog/news-and-events/nvk-update-enabling-new-extensions-conformance-status-more.html) on the status of the [NVK](https://www.collabora.com/news-and-blog/news-and-events/introducing-nvk.html)
Vulkan driver for NVIDIA GPUs.

> Probably the single most common question I get from folks is, "When
> will NVK be in upstream mesa?" The short answer is that it'll be
> upstreamed along with the n ... ⌘ [Read more](https://lwn.net/Articles/936554/) 2023-06-27T16:29:29Z **[$] Converting filesystems to iomap**
A discussion that largely centered around the [documentation of\
iomap](https://kernelnewbies.org/KernelProjects/iomap), which provides a block-mapping interface for modern filesystems,
was led by Luis Chamberlain that the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2023). There is an ongoing process of
converting filesystems to use iomap, in order to [leave buffer heads \
behind](https://lwn.net/Articles/931809/) and to better support [folios ... ⌘ [Read more](https://lwn.net/Articles/935934/) 2023-06-28T12:58:59Z **Security updates for Wednesday**
Security updates have been issued by **Mageia** (docker-docker-registry, libcap, libx11, mediawiki, python-requests, python-tornado, sofia-sip, sqlite, and xonotic), **Red Hat** (kernel, kernel-rt, kpatch-patch, libssh, libtiff, python27:2.7, python39:3.9, python39-devel:3.9, ruby:2.7, sqlite, systemd, and virt:rhel, virt-devel:rhel), **SUSE** (bind, cosign, guile1, lilypond, keepass, kubernetes1.24, nodejs16, nodejs18, phpMyAdmin, and sqlite3), and **Ubuntu** (etcd). ⌘ [Read more](https://lwn.net/Articles/936671/) 2023-06-28T13:02:55Z **Stable kernel updates for Wednesday**
The
[6.3.10](https://lwn.net/Articles/936673/),
[6.1.36](https://lwn.net/Articles/936674/),
[5.15.119](https://lwn.net/Articles/936675/),
[5.10.186](https://lwn.net/Articles/936676/),
[5.4.249](https://lwn.net/Articles/936677/),
[4.19.288](https://lwn.net/Articles/936678/), and
[4.14.320](https://lwn.net/Articles/936679/)
stable kernels have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/936672/) 2023-06-28T15:55:50Z **[$] JupyterLab 4.0: a development environment for education and research**
[JupyterLab](https://jupyterlab.readthedocs.io) is a
web-based development environment widely used by data scientists,
engineers, and educators for data visualization, data analysis,
prototyping, and interactive learning materials. The [Jupyter](https://jupyter.org) community has recently announced the
release of [JupyterLab 4.0](https://blog.jupyter.org/jupyterlab-4-0-is-here-388d05e03442), introducing lots of new features and performance
improvements to enhance ... ⌘ [Read more](https://lwn.net/Articles/936340/) 2023-06-29T01:58:13Z **[$] LWN.net Weekly Edition for June 29, 2023**
The LWN.net Weekly Edition for June 29, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/935773/) 2023-06-29T07:27:51Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium and maradns), **SUSE** (iniparser, kubernetes1.23, python-reportlab, and python-sqlparse), and **Ubuntu** (accountsservice and linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
 linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm,
 linux-oracle, linux-raspi2, linux-snapdragon). ⌘ [Read more](https://lwn.net/Articles/936752/) 2023-06-29T14:40:17Z **[$] Emacs for Android**
The Emacs editor is not tied to the Linux kernel; indeed, it was created
some years before Linux existed. The Emacs code base is intended to be
portable, and the editor runs, with varying levels of support, on a wide
variety of systems. Recently, an energetic developer has worked to extend
the set of supported systems to Android; the result is a working port, but
whether that port will be accepted into the Emacs mainline is the topic of
ongoing conversation. ⌘ [Read more](https://lwn.net/Articles/936576/) 2023-06-30T07:48:32Z **Security updates for Friday**
Security updates have been issued by **Debian** (docker-registry, flask, systemd, and trafficserver), **Fedora** (moodle, python-reportlab, suricata, and vim), **Red Hat** (go-toolset and golang, go-toolset-1.19 and go-toolset-1.19-golang, go-toolset:rhel8, open-vm-tools, python27:2.7, and python3), **SUSE** (buildah, chromium, gifsicle, libjxl, sqlite3, and xonotic), and **Ubuntu** (linux, linux-allwinner, linux-allwinner-5.19, linux-aws, linux-aws-5.19,
 linux-azure, linux-gcp, linux-gcp-5.19, linux-hwe-5 ... ⌘ [Read more](https://lwn.net/Articles/936949/) 2023-06-30T13:00:29Z **What it takes to keep an enterprise 'Frankenkernel' alive (Register)**
The Register [reports\
from Jiří Benc's DevConf.cz talk](https://www.theregister.com/2023/06/30/enterprise_distro_feature_devconf/) on the making of the CentOS Stream
kernel.

> So, what the team are working on is a Frankenstein's monster, sewn
> together from different codebases. Although the base kernel is
> still version 5.14, it is full of backports from upstream. It has
> the XFS filesystem code from kernel 6.0, the USB subsystem –
> complete with drivers – ... ⌘ [Read more](https://lwn.net/Articles/936976/) 2023-06-30T14:53:20Z **[$] The first half of the 6.5 merge window**
The first days of the 6.5 merge window have been a bit calmer than usual,
with "only" 4,000 non-merge changesets having been pulled into the mainline
repository. Those changesets include a fair amount of significant work,
though. Read on for LWN's summary of the first set of changes merged for
the next major kernel release. ⌘ [Read more](https://lwn.net/Articles/936418/) 2023-07-01T20:50:28Z **Three 6.x stable kernels**
The
[6.4.1](https://lwn.net/Articles/937080/),
[6.3.11](https://lwn.net/Articles/937081/), and
[6.1.37](https://lwn.net/Articles/937082/)
stable kernels have been released; each contains another set of important
fixes. ⌘ [Read more](https://lwn.net/Articles/937079/) 2023-07-03T13:17:06Z **Security updates for Monday**
Security updates have been issued by **Debian** (cups, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, python3.7, and yajl), **Fedora** (chromium, kubernetes, pcs, and webkitgtk), **Scientific Linux** (open-vm-tools), **SUSE** (iniparser, keepass, libvirt, prometheus-ha\_cluster\_exporter, prometheus-sap\_host\_exporter, rekor, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and **Ubuntu** (python-reportlab and vim). ⌘ [Read more](https://lwn.net/Articles/937189/) 2023-07-03T13:42:21Z **[$] Documenting counted-by relationships in kernel data structures**
The C language is expressive in many ways, but it still does not have ways
to express many of the relationships between fields in a data structure.
That gap can be at least partially filled, though, if one is willing to
create and use non-standard extensions. The adoption of of those
extensions, in the form of the \_\_counted\_by() macro, has been
merged for the 6.5 kernel release, even though the compiler feature it
depends on has not yet been finalized. ⌘ [Read more](https://lwn.net/Articles/936728/) 2023-07-03T13:41:54Z **Perl v5.38.0 released**
Version 5.38.0 of the Perl language is out. "Perl 5.38.0 represents
approximately 12 months of development since Perl 5.36.0 and contains
approximately 290,000 lines of changes across 1,500 files from 100
authors." Significant changes include a new class feature,
Unicode 15.0 support, a new API for hooking into functions, and more; see
[the\
5.38.0 perldelta page](https://metacpan.org/release/RJBS/perl-5.38.0/view/pod/perldelta.pod) for details. ⌘ [Read more](https://lwn.net/Articles/937204/) 2023-07-04T14:04:50Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (ghostscript), **Fedora** (apache-ivy, chromium, golang-github-schollz-croc, golang-github-schollz-mnemonicode, and webkitgtk), **SUSE** (amazon-ecs-init, dnsdist, libcap, python-tornado, terraform, and xmltooling), and **Ubuntu** (imagemagick, openldap, php7.4, php8.1, and screen). ⌘ [Read more](https://lwn.net/Articles/937292/) 2023-07-04T14:23:02Z **[$] Converting NFSD to use iomap and folios**
Chuck Lever led a filesystem session at the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2023) on the Linux NFS server, which is also
known as NFSD. He wanted to talk about converting the network filesystem
to use iomap; that kind of
conversion
was the topic of the [previous session](https://lwn.net/Articles/935934/) at
the summit. Beyond that, he wanted to discuss using folios, which has been
a frequent topic at recent LSFMM+BPF gather ... ⌘ [Read more](https://lwn.net/Articles/936628/) 2023-07-04T19:06:24Z **Firefox 115 released**
[Version\
115](https://www.mozilla.org/en-US/firefox/115.0/releasenotes/) of the Firefox browser has been released. New features include
support for hardware video decoding on Intel GPUs on Linux and a new
"close" option on the tab-manager dropdown. This release is also the end
of the line for Windows 7 and 8 support, and for macOS 10.12,
10.13, and 10.14 support as well. ⌘ [Read more](https://lwn.net/Articles/937316/) 2023-07-04T19:17:27Z **Brockmeier: Red Hat and the Clone Wars III: The dawn of CentOS**
Joe "Zonker" Brockmeier has been a part of the Linux community for decades;
he is now using that experience to write a series on "Red Hat and the Clone
Wars". The first two episodes were [Red\
Hat and the Clone Wars](https://dissociatedpress.net/2023/06/24/red-hat-and-the-clone-wars/) and [A\
history of the early 2000s Linux landscape](https://dissociatedpress.net/2023/06/26/red-hat-and-the-clone-wars-ii-a-history-of-the-early-2000s-linux-landscape/); the latest is [The\
d ... ⌘ [Read more](https://lwn.net/Articles/937317/) 2023-07-05T13:51:45Z **Security updates for Wednesday**
Security updates have been issued by **Fedora** (firefox and python-reportlab), **Slackware** (mozilla), **SUSE** (dnsdist, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, kernel, kubernetes1.18, libdwarf, python311, qt6-base, rmt-server, and virtualbox), and **Ubuntu** (containerd, firefox, and python-django). ⌘ [Read more](https://lwn.net/Articles/937368/) 2023-07-05T13:56:56Z **LXD moves into Canonical**
The LXD container-management system is no longer a part of the [linuxcontainers.org](https://linuxcontainers.org/) project:

> Canonical, the creator and main contributor of the LXD project has
> decided that after over 8 years as part of the Linux Containers
> community, the project would now be better served directly under
> Canonical’s own set of projects.
>
> While the team behind Linux Containers regrets that decision and
> will be missing LXD as one of its projects, it does respect
> Canonical’s decis ... ⌘ [Read more](https://lwn.net/Articles/937369/) 2023-07-05T14:25:14Z **[$] Termux: Linux applications on Android**
[Termux](https://termux.dev/en/) is an Android app that
provides a Linux environment and terminal emulator for such devices. Most
command-line software can be used quite easily with Termux,
and GUI software can be run by installing a few extra apps. It is an excellent
option for Android users who want to run Linux software occasionally on a
device more portable than a laptop but do not want to use a dedicated Linux
phone due to the cost or limitations of such devices. ⌘ [Read more](https://lwn.net/Articles/936953/) 2023-07-05T14:34:55Z **The "StackRot" kernel vulnerability**
Ruihan Li has [disclosed\
a significant vulnerability](https://lwn.net/ml/oss-security/xhhkp3aknwwlmrmmqmr532yfq3ioqh6jbkrxfqf6ovlj2szsai@f3sjwakyq323/) introduced into the 6.1 kernel:

> A flaw was found in the handling of stack expansion in the Linux
> kernel 6.1 through 6.4, aka "Stack Rot". The maple tree,
> responsible for managing virtual memory areas, can undergo node
> replacement without properly acquiring the MM write lock, leading
> to use-after-free issues. An unprivileged local user ... ⌘ [Read more](https://lwn.net/Articles/937377/) 2023-07-05T16:09:45Z **[$] Improving i_version**
The [i\_version](https://elixir.bootlin.com/linux/v6.4.1/source/include/linux/fs.h#L684)
field in [struct inode](https://elixir.bootlin.com/linux/v6.4.1/source/include/linux/fs.h#L608)
is meant to track changes to the data or metadata of a file. There are
some [problems](https://lwn.net/Articles/905931/) with the way that
i\_version is being handled in the kernel,
so Jeff Layton led a filesystem session at the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2 ... ⌘ [Read more](https://lwn.net/Articles/937247/) 2023-07-05T18:24:08Z **Four stable kernel updates**
The
[6.4.2](https://lwn.net/Articles/937401/),
[6.3.12](https://lwn.net/Articles/937402/),
[6.1.38](https://lwn.net/Articles/937403/), and
[5.15.120](https://lwn.net/Articles/937404/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/937400/) 2023-07-06T01:29:25Z **[$] LWN.net Weekly Edition for July 6, 2023**
The LWN.net Weekly Edition for July 6, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/936800/) 2023-07-06T13:52:37Z **[$] Large folios for anonymous memory**
The transition to [folios](https://lwn.net/Articles/849538/) has transformed
the memory-management subsystem in a number of ways, but has also resulted
in a lot of code churn that has not been welcomed by all developers. As
this work proceeds, though, some of the benefits from it are beginning to
become clear. One example may well be in the handling of anonymous memory,
as can be seen in a pair of patch sets from Ryan Roberts. ⌘ [Read more](https://lwn.net/Articles/937239/) 2023-07-06T13:50:27Z **Security updates for Thursday**
Security updates have been issued by **Debian** (golang-yaml.v2, kernel, and mediawiki), **Fedora** (kernel and picocli), **SUSE** (bind and python-sqlparse), and **Ubuntu** (cpdb-libs). ⌘ [Read more](https://lwn.net/Articles/937481/) 2023-07-06T15:48:29Z **[$] BPF iterators for filesystems**
In the first of two combined BPF and filesystem sessions at the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2023), Hou Tao introduced his BPF iterators
for filesystem information. [Iterators for\
BPF](https://lwn.net/Articles/926041/) are a relatively recent addition to the BPF landscape; they help
BPF programs step through kernel data structures in a loop-like manner, but
without running afoul of the BPF verifier, which is notoriously hard to
c ... ⌘ [Read more](https://lwn.net/Articles/937326/) 2023-07-06T22:56:50Z **Fedora considers "privacy-preserving" telemetry**
The Fedora project is considering [a\
Fedora 40 change proposal](https://lwn.net/ml/fedora-devel/CAJqbrbeOZrHvYjvMCc=qGZD_VXBs3-qReeirr+F8t01Eq1sYhw@mail.gmail.com/) to add limited, opt-out telemetry to the
workstation edition. The proposal is detailed; it is clear that the
developers involved understand that this will be a hard sell in that
community.

> We believe an open source community can ethically collect limited
> aggregate data on how its software is used without involving big
 ... ⌘ [Read more](https://lwn.net/Articles/937528/) 2023-07-07T13:56:52Z **Security updates for Friday**
Security updates have been issued by **Debian** (debian-archive-keyring, libusrsctp, nsis, ruby-redcloth, and webkit2gtk), **Fedora** (firefox), **Mageia** (apache-ivy, cups, curaengine, glances, golang, keepass, libreoffice, minidlna, nodejs, opensc, perl-DBD-SQLite, python-setuptools, python-wheel, skopeo/buildah/podman, systemd, testng, and webkit2), **SUSE** (bind), and **Ubuntu** (Gerbv, golang-websocket, linux-gke, linux-intel-iotg, and linux-oem-5.17). ⌘ [Read more](https://lwn.net/Articles/937616/) 2023-07-07T14:52:01Z **[$] A pair of workqueue improvements**
Over the years, the kernel has developed a number of deferred-execution
mechanisms to take care of work that cannot be done immediately. For many
(or most) needs, the [workqueue\
subsystem](https://www.kernel.org/doc/html/latest/core-api/workqueue.html) is the tool that developers reach for first. Workqueues
[took their current form](https://lwn.net/Articles/355700/) over a dozen years
ago, but that does not mean that there are not improvements to be made.
Two sets of patches from Tejun Heo show th ... ⌘ [Read more](https://lwn.net/Articles/937416/) 2023-07-07T18:15:29Z **Going Rogue (Digital Antiquarian)**
After an initial foray into the ways that open-source software has failed
to live up to its early hype,
[this Digital\
Antiquarian article](https://www.filfre.net/2023/07/going-rogue/) covers the history of rogue-like games in great
detail.

> This brings us back around to a statement I made at the outset:
> that roguelikes are the exception that proves the rule of
> open-source game development — and just possibly of open-source
> software development in general. The cast of thousands who
> contr ... ⌘ [Read more](https://lwn.net/Articles/937631/) 2023-07-09T23:54:20Z **Kernel prepatch 6.5-rc1**
Linus has [released 6.5-rc1](https://lwn.net/Articles/937731/) and closed the
merge window for this release.

> Anyway, none of it looks hugely unusual. The biggest single mention
> probably goes to what wasn't merged, with the bcachefs pull request
> resulting in a long thread (we didn't hit a hundred emails yet, but
> it's not far away).

The curious can read that [long\
thread](https://lwn.net/ml/linux-kernel/20230626214656.hcp4puionmtoloat@moria.home.lan/) in the list archives. ⌘ [Read more](https://lwn.net/Articles/937732/) 2023-07-10T14:28:27Z **Security updates for Monday**
Security updates have been issued by **Debian** (firefox-esr, fusiondirectory, ocsinventory-server, php-cas, and thunderbird), **Fedora** (dav1d, perl-CPAN, and yt-dlp), **Red Hat** (python39:3.9 and python39-devel:3.9), **Slackware** (mozilla), **SUSE** (prometheus-ha\_cluster\_exporter and prometheus-sap\_host\_exporter), and **Ubuntu** (ghostscript, linux-azure, linux-intel-iotg, linux-intel-iotg-5.15, and ruby-doorkeeper). ⌘ [Read more](https://lwn.net/Articles/937803/) 2023-07-10T14:52:18Z **[$] The rest of the 6.5 merge window**
Linus Torvalds [released\
6.5-rc1](https://lwn.net/ml/linux-kernel/CAHk-=wj8sPDVoWgaceAs1AiwZrHV8mtC3vQNGbeV6-RypJi6aw@mail.gmail.com/) and closed the merge window for this development cycle on
July 9. By that point, 11,730 non-merge changesets had been pulled
into the mainline for 6.5; over 7,700 of those were pulled after
[the first-half merge-window summary](https://lwn.net/Articles/936418/) was
written. The second half of the merge window saw a lot of code coming into
the mainline and a long li ... ⌘ [Read more](https://lwn.net/Articles/937006/) 2023-07-11T12:57:38Z **SUSE to create a fork of RHEL**
SUSE has [announced](https://www.suse.com/news/SUSE-Preserves-Choice-in-Enterprise-Linux/)
that it is getting into the business of creating RHEL clones and investing
$10 million in the project.

> SUSE remains fully committed to investing in its highly regarded
> Linux solutions such as SLE and openSUSE that countless satisfied
> enterprise customers and the community rely on. At the same time,
> it acknowledges that enterprises and the open source community
> deserve choice and freedom from vendor lo ... ⌘ [Read more](https://lwn.net/Articles/937863/) 2023-07-11T12:55:04Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (mediawiki and node-tough-cookie), **Red Hat** (bind, kernel, kpatch-patch, and python38:3.8, python38-devel:3.8), **SUSE** (kernel, nextcloud-desktop, and python-tornado), and **Ubuntu** (dwarves-dfsg and thunderbird). ⌘ [Read more](https://lwn.net/Articles/937879/) 2023-07-11T13:28:38Z **Stable kernel 6.4.3 released**
The [6.4.3](https://lwn.net/Articles/937886/) stable kernel has been released;
it contains a handful of fixes, mostly for problems associated with the [per-VMA locking](https://lwn.net/Articles/906852/) code. Anybody running 6.4
probably wants this update.

Note that there is a much larger [6.3.13](https://lwn.net/ml/linux-kernel/20230710142227.965586663@linuxfoundation.org/)
update going through a longer-than-usual review process that should show up
soon. ⌘ [Read more](https://lwn.net/Articles/937885/) 2023-07-11T14:30:41Z **[$] The FUSE BPF filesystem**
The [Filesystem\
in Userspace](https://www.kernel.org/doc/html/next/filesystems/fuse.html) (FUSE) framework can be used to create a "stacked"
filesystem, where the FUSE piece adds specialized functionality
(e.g. reporting different file metadata) atop an
underlying kernel filesystem. The performance of such filesystems leaves a
lot to be desired, however, so
the [FUSE\
BPF filesystem](https://lwn.net/ml/linux-kernel/20230418014037.2412394-1-drosen@google.com/) has been proposed to try to improve the perform ... ⌘ [Read more](https://lwn.net/Articles/937433/) 2023-07-12T12:55:40Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (erlang, symfony, thunderbird, and yajl), **Fedora** (cutter-re, kernel, rizin, and yt-dlp), **Red Hat** (grafana), **SUSE** (kernel and python-Django), and **Ubuntu** (dotnet6, dotnet7 and firefox). ⌘ [Read more](https://lwn.net/Articles/937972/) 2023-07-12T21:16:05Z **Convening public benefit and charitable foundations working in open domains (OSI blog)**
Over on the [Open Source Initiative](https://opensource.org/) (OSI) blog, the organization has [announced](https://blog.opensource.org/convening-public-benefit-and-charitable-foundations-working-in-open-domains/) the [Open Policy Alliance](https://opensource.org/programs/open-policy-alliance/) (OPA), which is meant to bring together various non-profit organizations to help educate and inform US policy makers about open-source software and its needs: ... ⌘ [Read more](https://lwn.net/Articles/938021/) 2023-07-12T22:11:07Z **[$] Testing for storage and filesystems**
The [kdevops](https://github.com/linux-kdevops/kdevops)
kernel-testing framework has come up at several earlier summits, including
in two [separate](https://lwn.net/Articles/896670/) [sessions](https://lwn.net/Articles/897061/) at last year's event.
Testing kernel filesystems and the block layer, not to mention lots of
other kernel subsystems, has become increasingly
important over time.
 So it was no
surprise that Luis Chamberlain led a
combined storage and filesystem session at the
[2023 Linux ... ⌘ [Read more](https://lwn.net/Articles/937830/) 2023-07-13T01:01:32Z **[$] LWN.net Weekly Edition for July 13, 2023**
The LWN.net Weekly Edition for July 13, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/937458/) 2023-07-13T14:11:49Z **Security updates for Thursday**
Security updates have been issued by **Debian** (ruby-doorkeeper), **Fedora** (mingw-nsis and thunderbird), **Red Hat** (bind9.16, nodejs, nodejs:16, nodejs:18, python38:3.8 and python38-devel:3.8, and rh-nodejs14-nodejs), **Slackware** (krb5), **SUSE** (geoipupdate, installation-images, libqt5-qtbase, python-Django1, and skopeo), and **Ubuntu** (knot-resolver, lib3mf, linux, linux-aws, linux-kvm, linux-lowlatency, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-gcp, linux-i ... ⌘ [Read more](https://lwn.net/Articles/938108/) 2023-07-13T15:18:13Z **[$] Stabilizing per-VMA locking**
The kernel-development process routinely absorbs large changes to
fundamental subsystems and still produces stable releases every nine or ten
weeks. On occasion, though, the development community's luck runs out.
The [per-VMA locking work](https://lwn.net/Articles/906852/) that went into the
6.4 release is a case in point; it looked like a well-tested change that
improved page-fault scalability. There turned out to be a few demons
hiding in that code, though, that made life difficult for early adopters ... ⌘ [Read more](https://lwn.net/Articles/937943/) 2023-07-13T16:03:58Z **Rust 1.71.0 released**
[Version\
1.71.0](https://blog.rust-lang.org/2023/07/13/Rust-1.71.0.html) of the Rust language has been released. Changes this time
include the [C-unwind\
ABI](https://github.com/rust-lang/rfcs/blob/master/text/2945-c-unwind-abi.md), an upgrade to musl 1.2, and more. ⌘ [Read more](https://lwn.net/Articles/938120/) 2023-07-13T22:57:23Z **AlmaLinux to diverge (slightly) from RHEL**
AlmaLinux has [announced](https://almalinux.org/blog/future-of-almalinux/) that
the distribution will no longer be a strict clone of Red Hat Enterprise
Linux, but will maintain ABI compatibility.

> For a typical user, this will mean very little change in your use
> of AlmaLinux. Red Hat-compatible applications will still be able to
> run on AlmaLinux OS, and your installs of AlmaLinux will continue
> to receive timely security updates. The most remarkable potential
> impact of the change ... ⌘ [Read more](https://lwn.net/Articles/938165/) 2023-07-14T13:55:49Z **Security updates for Friday**
Security updates have been issued by **Debian** (lemonldap-ng and php-dompdf), **Red Hat** (.NET 6.0, .NET 7.0, firefox, and thunderbird), **Scientific Linux** (firefox and thunderbird), **SUSE** (ghostscript, installation-images, kernel, php7, python, and python-Django), and **Ubuntu** (linux-azure, linux-gcp, linux-ibm, linux-oracle, mozjs102, postgresql-9.5, and tiff). ⌘ [Read more](https://lwn.net/Articles/938233/) 2023-07-14T14:30:55Z **[$] The proper time to split struct page**
The page structure sits at the core of the kernel's
memory-management subsystem; one such structure exists for every page of
installed RAM. This structure is increasingly seen as a problem, though,
and phasing it out is one of the many side projects associated with the [folio conversion](https://lwn.net/Articles/849538/). One step in that direction
is currently meeting some pushback from memory-management developers,
though, who think that some of these changes are coming too soon. ⌘ [Read more](https://lwn.net/Articles/937839/) 2023-07-17T00:57:58Z **Kernel prepatch 6.5-rc2**
The [second 6.5 prepatch](https://lwn.net/Articles/938327/) is out for testing.
"No surprises here: this thing looks very normal." ⌘ [Read more](https://lwn.net/Articles/938328/) 2023-07-17T14:21:46Z **Security updates for Monday**
Security updates have been issued by **Debian** (gpac, iperf3, kanboard, kernel, and pypdf2), **Fedora** (ghostscript), **SUSE** (bind, bouncycastle, ghostscript, go1.19, go1.20, installation-images, kernel, mariadb, MozillaFirefox, MozillaFirefox-branding-SLE, php74, poppler, and python-Django), and **Ubuntu** (cups, linux-oem-6.1, and ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1). ⌘ [Read more](https://lwn.net/Articles/938375/) 2023-07-17T14:29:30Z **[$] Debian looks forward to 2038**
On January 19, 2038, the time\_t value used on many 32-bit Linux
systems will overflow and wrap around, causing those systems to believe
they have returned to 1970 and wonder why they feel like they have heard [_Déjà\
Vu_](https://en.wikipedia.org/wiki/D%C3%A9j%C3%A0_Vu_(Crosby,_Stills,_Nash_%26_Young_album)) before. Much work has gone into preparing many layers of the
system for this event, but not all distributions have completed their
preparations. One of those is Debian but, as was seen in a conver ... ⌘ [Read more](https://lwn.net/Articles/938149/) 2023-07-18T13:19:56Z **Security updates for Tuesday**
Security updates have been issued by **Fedora** (java-1.8.0-openjdk), **Red Hat** (bind, bind9.16, curl, edk2, java-1.8.0-ibm, kernel, kernel-rt, and kpatch-patch), **SUSE** (iniparser, installation-images, java-1\_8\_0-ibm, kernel, libqt5-qtbase, nodejs16, openvswitch, and ucode-intel), and **Ubuntu** (linux-oem-6.0 and linux-xilinx-zynqmp). ⌘ [Read more](https://lwn.net/Articles/938488/) 2023-07-18T14:06:48Z **[$] A Q&A about the realtime patches**
In a session at the 2023 Real Time Linux Summit, Thomas Gleixner answered
questions about the realtime feature of the kernel, its status, and the [Real-Time Linux](https://wiki.linuxfoundation.org/realtime/start)
project's plans for the future. The talk was billed as a "Q&A about
PREEMPT\_RT" with a caveat: "anything except printk() and
documentation". As might be guessed, the first two questions were on just
those topics, but there were plenty of other questions (and answers) too.
The summit was
h ... ⌘ [Read more](https://lwn.net/Articles/938236/) 2023-07-18T18:41:46Z **SambaXP 2023 videos posted**
The 2023 sambaXP conference was held May 10 and 11 in Goettingen, Germany.
[Videos\
of the talks](https://www.youtube.com/playlist?list=PLbw4szFfveGoyJGxWdl5HddMTTySDYaW2) held there have now been posted on YouTube; topics covered
include an io\_uring update, fuzzing, passwordless services, GPL compliance,
and much more. ⌘ [Read more](https://lwn.net/Articles/938524/) 2023-07-18T21:50:33Z **Cython 3.0 released**
[Version\
3.0](https://cython.readthedocs.io/en/latest/src/changes.html#major-themes-in-3-0-0) of Cython ( [described](https://cython.readthedocs.io/en/latest/src/quickstart/overview.html)
as "a programming language that makes writing C
extensions for the Python language as easy as Python itself") has been
released. Changes include support for Python through 3.11 (but 2.6 support
was dropped), the implementation of a number of PEPs, initial support for
the CPython limited API, better exception handling, and more. ⌘ [Read more](https://lwn.net/Articles/938536/) 2023-07-19T13:30:41Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (bind9, libapache2-mod-auth-openidc, and python-django), **Fedora** (nodejs18 and redis), **Red Hat** (python3.9 and webkit2gtk3), **Scientific Linux** (bind and kernel), **SUSE** (cni, cni-plugins, cups-filters, curl, dbus-1, ImageMagick, kernel, libheif, and python-requests), and **Ubuntu** (bind9, connman, curl, libwebp, and yajl). ⌘ [Read more](https://lwn.net/Articles/938596/) 2023-07-19T16:33:01Z **Two large stable kernel updates**
The
[6.4.4](https://lwn.net/Articles/938618/) and
[6.1.39](https://lwn.net/Articles/938619/)
stable kernel updates have been released; each contains a large number of
important fixes. ⌘ [Read more](https://lwn.net/Articles/938617/) 2023-07-19T19:26:42Z **[$] Rust for embedded**
The advantages of the Rust programming language are generally well-known;
memory safety is a feature that has attracted a lot of developer attention
over the last few years. At the inaugural [Embedded\
Open Source Summit](https://events.linuxfoundation.org/embedded-open-source-summit/) (EOSS), which is an umbrella event for numerous
embedded-related conferences, Martin Mosler presented on using Rust for an
embedded project. In the talk, he showed how easy it is to get up and
running with a Rust-based application ... ⌘ [Read more](https://lwn.net/Articles/938409/) 2023-07-20T02:05:40Z **[$] LWN.net Weekly Edition for July 20, 2023**
The LWN.net Weekly Edition for July 20, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/938053/) 2023-07-20T14:19:56Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium), **Fedora** (sysstat), **Gentoo** (openssh), **Mageia** (firefox/nss, kernel, kernel-linus, maven, mingw-nsis, mutt/neomutt, php, qt4/qtsvg5, and texlive), **Red Hat** (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and kpatch-patch), **Slackware** (curl and openssh), **SUSE** (curl, grafana, kernel, mariadb, MozillaFirefox, MozillaFirefox-branding-SLE, poppler, python-Flask, python310, samba, SUSE Manager Client Tools, and texlive), and ** ... ⌘ [Read more](https://lwn.net/Articles/938711/) 2023-07-20T14:39:14Z **[$] Much ado about SBAT**
Sometimes, the shortest patches lead to the longest threads; for a case in
point, see [this\
three-line change](https://lwn.net/ml/linux-kernel/20230711154449.1378385-1-eesposit@redhat.com/) posted by Emanuele Giuseppe Esposito. The purpose of
this change is to improve the security of locked-down systems by adding a
"revocation number" to the kernel image. But, as the discussion revealed,
both the cost and the value of this feature are seen differently across the
kernel-development community. ⌘ [Read more](https://lwn.net/Articles/938422/) 2023-07-21T14:30:40Z **Security updates for Friday**
Security updates have been issued by **Fedora** (golang, nodejs16, nodejs18, and R-jsonlite), **Red Hat** (java-1.8.0-openjdk and java-17-openjdk), **SUSE** (container-suseconnect, redis, and redis7), and **Ubuntu** (wkhtmltopdf). ⌘ [Read more](https://lwn.net/Articles/938878/) 2023-07-21T15:06:10Z **[$] Exceptions in BPF**
The BPF virtual machine in the kernel has been steadily gaining new
features for years, many of which add capabilities that C programmers do
not ordinarily have. So, from one point of view, it was only a matter of
time before BPF gained support for exceptions. As it turns out, though,
this "exceptions" feature is aimed at a specific use case, and its use in
most programs will be truly exceptional. ⌘ [Read more](https://lwn.net/Articles/938435/) 2023-07-23T23:32:28Z **Kernel prepatch 6.5-rc3 and three stable kernels**
Linus has released [6.5-rc3](https://lwn.net/Articles/939013/) for testing.
"Things continue to look pretty normal - there's nothing here that would
seem to stand out, with both the commit counts and the diffs looking pretty
much normal for rc3".

Meanwhile, Greg Kroah-Hartman has released the large
[6.4.5](https://lwn.net/Articles/939014/),
[6.1.40](https://lwn.net/Articles/939015/), and
[5.15.121](https://lwn.net/Articles/939016/)
stable updates; each contains another set of important ... ⌘ [Read more](https://lwn.net/Articles/939012/) 2023-07-24T14:06:23Z **Security updates for Monday**
Security updates have been issued by **Debian** (webkit2gtk), **Fedora** (curl, dotnet6.0, dotnet7.0, ghostscript, kernel-headers, kernel-tools, libopenmpt, openssh, and samba), **Mageia** (virtualbox), **Red Hat** (java-1.8.0-openjdk and java-11-openjdk), and **Scientific Linux** (java-1.8.0-openjdk and java-11-openjdk). ⌘ [Read more](https://lwn.net/Articles/939059/) 2023-07-24T14:12:14Z **Inkscape 1.3 released**
[Version\
1.3](https://inkscape.org/news/2023/07/23/inkscape-launches-version-13-focus-organizing-work/) of the Inkscape drawing editor has been released. "With version
1.3 of Inkscape, you’ll find improved performance, several new features,
and a solid set of improvements to a few existing ones". Changes
include a new shape-builder tool, a "document resources" dialog for the
management of drawings, a new pattern editor, and more. ⌘ [Read more](https://lwn.net/Articles/939035/) 2023-07-24T14:50:51Z **[$] Randomness for kmalloc()**
The kernel's address-space layout randomization is intended to make life
harder for attackers by changing the placement of kernel text and data at
each boot. With this randomization, an attacker cannot know ahead of time
where a vulnerable target will be found on any given system. There are
techniques, though, that can be effective without knowing precisely where a
given object is stored. As a way of hardening systems against such
attacks, the kernel will be gaining yet another form of randomization. ⌘ [Read more](https://lwn.net/Articles/938637/) 2023-07-24T14:50:35Z **Debian adds RISC-V as an official architecture**
The Debian project [is now\
supporting 64-bit RISC-V systems](https://lists.debian.org/debian-riscv/2023/07/msg00053.html) as an official architecture. Some
work remains to be done, though:

> However before you rush to update your sources.list file, I want to
> warn you that the archive is currently almost empty, and that only
> the sid and experimental suites are available. The procedure is to
> rebootstrap the port within the official archive, which means we
> won't import the full ... ⌘ [Read more](https://lwn.net/Articles/939095/) 2023-07-24T17:41:58Z **Zenbleed: an AMD Zen 2 speculative vulnerability**
Tavis Ormandy [reports](https://web.archive.org/web/20230724143835/https://lock.cmpxchg8b.com/zenbleed.html)
on a vulnerability that he has found in "all Zen 2 class processors"
from AMD. (Wayback Machine link as the original site is overloaded.) It can
allow local attackers to recover data used in string
operations; "If you remove the first word from the string 'hello world',
what should the result be? This is the story of how we discovered that the
answer could be your root password!" ... ⌘ [Read more](https://lwn.net/Articles/939099/) 2023-07-24T17:51:01Z **Stable kernels to address Zenbleed released**
Greg Kroah-Hartman has released six new stable kernels to address the [Zenbleed vulnerability](https://lwn.net/Articles/939099/) for AMD processors: [6.4.6](https://lwn.net/Articles/939102/), [6.1.41](https://lwn.net/Articles/939103/),
[5.15.122](https://lwn.net/Articles/939104/), [5.10.187](https://lwn.net/Articles/939105/), [5.4.250](https://lwn.net/Articles/939106/), and [4.19.289](https://lwn.net/Articles/939107/). "All AMD processor users of the
[...] kernel series who have not updated
 ... ⌘ [Read more](https://lwn.net/Articles/939101/) 2023-07-25T13:24:17Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (python-git and renderdoc), **Red Hat** (edk2, kernel, kernel-rt, and kpatch-patch), **Slackware** (kernel), **SUSE** (firefox, libcap, openssh, openssl-1\_1, python39, and zabbix), and **Ubuntu** (cinder, ironic, nova, python-glance-store, python-os-brick, frr, graphite-web, and openssh). ⌘ [Read more](https://lwn.net/Articles/939179/) 2023-07-25T15:03:55Z **[$] A discussion on Linux in space**
There was something of a space theme that pervaded the Embedded Linux
Conference (ELC) portion of the 2023 [Embedded\
Open Source Summit](https://events.linuxfoundation.org/embedded-open-source-summit/) (EOSS), which is an umbrella event for various
sub-conferences related to embedded open-source development. That may
partly be because one of the organizers of EOSS (and ELC), Tim Bird,
described himself as "a bit of a space junkie"; he made that observation
during a panel session that he led on embed ... ⌘ [Read more](https://lwn.net/Articles/938779/) 2023-07-26T13:50:47Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (amd64-microcode, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, iperf3, openjdk-17, and pandoc), **Fedora** (389-ds-base, kitty, and thunderbird), **SUSE** (libqt5-qtbase, libqt5-qtsvg, mysql-connector-java, netty, netty-tcnative, openssl, openssl-1\_1, openssl1, php7, python-scipy, and xmltooling), and **Ubuntu** (amd64-microcode, avahi, libxpm, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
 linux-azure-fde, linux-azure-f ... ⌘ [Read more](https://lwn.net/Articles/939305/) 2023-07-26T17:34:15Z **Extensible scheduler class rejected**
The [extensible scheduler class](https://lwn.net/Articles/922405/) enables the
creation of CPU schedulers in BPF. After [the fourth\
version](https://lwn.net/ml/linux-kernel/20230711011412.100319-1-tj@kernel.org/) of this series was greeted with relative silence, Tejun Heo [asked](https://lwn.net/ml/linux-kernel/ZLrQdTvzbmi5XFeq@slm.duckdns.org/) about
the status of this work:

> We are comfortable with the current API. Everything we tried fit
> pretty well. It will continue to evolve but sched\_ex ... ⌘ [Read more](https://lwn.net/Articles/939332/) 2023-07-26T21:12:05Z **[$] A status update for U-Boot**
The [U-Boot](https://u-boot.readthedocs.io/en/latest/)
"universal boot loader" is used extensively in the embedded-Linux world.
At the 2023 [Embedded\
Open Source Summit](https://events.linuxfoundation.org/embedded-open-source-summit/) (EOSS), Simon Glass gave a presentation ( [slides](https://static.sched.com/hosted_files/eoss2023/b3/Recent%20Advances%20in%20U-Boot.pdf),
[YouTube video](https://www.youtube.com/watch?v=YlJBsVZJkDI)) on
the status of the project, with a focus on new features added over th ... ⌘ [Read more](https://lwn.net/Articles/938769/) 2023-07-27T02:59:54Z **[$] LWN.net Weekly Edition for July 27, 2023**
The LWN.net Weekly Edition for July 27, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/938712/) 2023-07-27T14:48:15Z **Five new stable kernels**
The [6.4.7](https://lwn.net/Articles/939422/), [6.1.42](https://lwn.net/Articles/939423/), [5.15.123](https://lwn.net/Articles/939424/), [5.10.188](https://lwn.net/Articles/939425/), and [5.4.251](https://lwn.net/Articles/939426/) stable kernels have been released. As
usual, they all contain lots of important fixes; users of those series
should upgrade. ⌘ [Read more](https://lwn.net/Articles/939421/) 2023-07-27T17:35:49Z **[$] Flags for fchmodat()**
The [fchmodat()](https://man7.org/linux/man-pages/man3/chmod.3p.html)
system call on Linux hides a little secret: it does not actually implement
all of the functionality that the man page claims (and that [POSIX\
calls for](https://pubs.opengroup.org/onlinepubs/9699919799/functions/chmod.html)). As a result, C libraries have to do a bit of a complicated
workaround to provide the API that applications expect. That situation
looks likely to change with the 6.6 kernel, though, as the result of [this patch\
series ... ⌘ [Read more](https://lwn.net/Articles/939217/) 2023-07-27T19:27:55Z **Security updates for Thursday**
Security updates have been issued by **Debian** (curl), **Fedora** (kitty, mingw-qt5-qtbase, and mingw-qt6-qtbase), **Mageia** (cri-o, kernel, kernel-linus, mediawiki, and microcode), **SUSE** (chromium, conmon, go1.20-openssl, iperf, java-11-openjdk, kernel-firmware, and mariadb), and **Ubuntu** (libvirt, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
 linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm,
 linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, lin ... ⌘ [Read more](https://lwn.net/Articles/939445/) 2023-07-28T14:29:23Z **Systemd 254 released**
Systemd 254 has been released. As usual, there is a long list of changes,
including a new list-paths command for systemctl, the
ability to send POSIX signals to services, a "soft reboot" feature that
restarts user space while leaving the kernel in place, improved support for
" [confidential\
virtual machines](https://www.redhat.com/en/blog/introduction-confidential-virtual-machines)", and a lot more.

The announcement also notes the support for split-/usr systems
will be removed in the next release, and support fo ... ⌘ [Read more](https://lwn.net/Articles/939511/) 2023-07-28T14:43:03Z **Security updates for Friday**
Security updates have been issued by **Debian** (kernel and libmail-dkim-perl), **Fedora** (openssh), and **SUSE** (kernel). ⌘ [Read more](https://lwn.net/Articles/939519/) 2023-07-28T16:28:45Z **[$] Unmaintained filesystems as a threat vector**
One of the longstanding strengths of Linux, and a key to its early success,
is its ability to interoperate with other systems. That interoperability
includes filesystems; Linux supports a wide range of filesystem types,
allowing it to mount filesystems created by many other operating systems.
Some of those filesystem implementations, though, are better maintained
than others; developers at both the kernel and distribution levels are
currently considering, again, how to minimize the secur ... ⌘ [Read more](https://lwn.net/Articles/939097/) 2023-07-28T18:16:37Z **Exploiting the StackRot vulnerability**
For those who are interested in the gory details of how the [StackRot](https://lwn.net/Articles/937377/) vulnerability works, Ruihan Li has
posted [a detailed\
writeup](https://github.com/lrh2000/StackRot#readme) of the bug and how it can be exploited.

> As StackRot is a Linux kernel vulnerability found in the memory
> management subsystem, it affects almost all kernel configurations
> and requires minimal capabilities to trigger. However, it should be
> noted that maple nodes are freed using ... ⌘ [Read more](https://lwn.net/Articles/939542/) 2023-07-28T22:03:51Z **No-GIL mode coming for Python**
The Python Steering Council has [announced\
its intent](https://discuss.python.org/t/a-steering-council-notice-about-pep-703-making-the-global-interpreter-lock-optional-in-cpython/30474) to accept [PEP\
703 (Making the Global Interpreter Lock Optional in CPython)](https://peps.python.org/pep-0703/), with
initial support possibly showing up in the 3.13 release. There are still
some details to work out, though.

> We want to be very careful with backward compatibility. We do not
> want another Python 3 sit ... ⌘ [Read more](https://lwn.net/Articles/939568/) 2023-07-30T21:14:43Z **Kernel prepatch 6.5-rc4**
The [6.5-rc4](https://lwn.net/Articles/939684/) kernel prepatch is out for
testing.

> So here we are, and the 6.5 release cycle continues to look
> entirely normal.
>
> In fact, it's \*so\* normal that we have hit on a very particular
> (and peculiar) pattern with the rc4 releases: we have had \*exactly\*
> 328 non-merge commits in rc4 in 6.2, 6.3 and now 6.5. Weird
> coincidence.
>
> And honestly, that weird numerological coincidence is just about
> the most interesting thing here. ⌘ [Read more](https://lwn.net/Articles/939685/) 2023-07-31T14:04:13Z **Security updates for Monday**
Security updates have been issued by **CentOS** (apr-util, bcel, c-ares, emacs, git, java-1.8.0-openjdk, libwebp, open-vm-tools, python, and python3), **Debian** (amd64-microcode, kernel, and thunderbird), **Fedora** (iperf3), **SUSE** (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cjose, java-17-openjdk, jtidy, kernel-firmware, kubevirt, virt-api-container, virt-controll ... ⌘ [Read more](https://lwn.net/Articles/939770/) 2023-07-31T14:46:19Z **[$] A virtual filesystem locking surprise**
It is well understood that concurrency makes programming problems harder;
the high level of concurrency inherent in kernel development is one of the
reasons why kernel work can be challenging. Things can get even worse,
though, if concurrent access happens in places where the code is not
expecting it. The long story accompanying [this\
short patch](https://lwn.net/ml/linux-fsdevel/20230724-vfs-fdget_pos-v1-1-a4abfd7103f3@kernel.org/) from Christian Brauner is illustrative of the kind of
proble ... ⌘ [Read more](https://lwn.net/Articles/939389/) 2023-07-31T14:58:54Z **GnuCOBOL 3.2 released**
Version 3.2 of the GNU COBOL compiler is out. "The amount of features
are too much to note, but you can skip over the attached NEWS file to
investigate them." These new features include improved support for
COBOL dialects, performance improvements, better GDB debugging support, and
more. ⌘ [Read more](https://lwn.net/Articles/939807/) 2023-07-31T15:05:28Z **Emacs 29.1 released**
Version 29.1 of the Emacs editor has been released. There is a long list
of changes, including integration with the [Tree-sitter](https://tree-sitter.github.io/tree-sitter/)
incremental parsing library, the ability to access SQLite databases,
"pure GTK" display support (which enables [Wayland support](https://lwn.net/Articles/843896/)), and a lot more; see [the\
NEWS file](https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29) for all the details. ⌘ [Read more](https://lwn.net/Articles/939808/) 2023-08-01T13:23:22Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (tiff), **Fedora** (curl), **Red Hat** (bind, ghostscript, iperf3, java-1.8.0-ibm, nodejs, nodejs:18, openssh, postgresql:15, and samba), **Scientific Linux** (iperf3), **Slackware** (mozilla and seamonkey), **SUSE** (compat-openssl098, gnuplot, guava, openssl-1\_0\_0, pipewire, python-requests, qemu, samba, and xmltooling), and **Ubuntu** (librsvg, openjdk-8, openjdk-lts, openjdk-17, openssh, rabbitmq-server, and webkit2gtk). ⌘ [Read more](https://lwn.net/Articles/939917/) 2023-08-01T13:54:32Z **Hall: IBM, Red Hat and Free Software: An old maddog’s view**
Here is [a\
long reminiscence](https://www.lpi.org/blog/2023/07/30/ibm-red-hat-and-free-software-an-old-maddogs-view/) from Jon "maddog" Hall leading up to some thoughts on
Red Hat's source-release policy changes.

> Recently I have been seeing some cracks in the dike. As more and
> more users of FOSS come on board, they put more and more demands on
> developers whose numbers are not growing sufficiently fast enough
> to keep all the software working.
>
> I hear from FOSS d ... ⌘ [Read more](https://lwn.net/Articles/939922/) 2023-08-01T20:43:21Z **[$] Challenges for KernelCI**
Kernel testing is a perennial topic at Linux-related conferences and the [KernelCI project](https://kernelci.org/) is one of the larger testing
players. It does its own testing but also coordinates with various other
testing systems and aggregates their
results. At the
2023 [Embedded\
Open Source Summit](https://events.linuxfoundation.org/embedded-open-source-summit/) (EOSS), KernelCI developer Nikolai Kondrashov gave a
presentation on the testing framework, its database, and how others can get
involved in ... ⌘ [Read more](https://lwn.net/Articles/939538/) 2023-08-02T13:54:20Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (bouncycastle), **Fedora** (firefox), **Red Hat** (cjose, curl, iperf3, kernel, kernel-rt, kpatch-patch, libeconf, libxml2, mod\_auth\_openidc:2.3, openssh, and python-requests), **SUSE** (firefox, jtidy, libredwg, openssl, salt, SUSE Manager Client Tools, and SUSE Manager Salt Bundle), and **Ubuntu** (firefox). ⌘ [Read more](https://lwn.net/Articles/940103/) 2023-08-02T16:41:26Z **Asahi Linux to become a Fedora remix**
The [Asahi Linux](https://asahilinux.org/) project, which is
working to create a Linux distribution for Apple hardware, has [announced](https://asahilinux.org/2023/08/fedora-asahi-remix/)
that its new "flagship" distribution will be based on Fedora Linux.

> Working directly with upstream means not only can we integrate more
> closely with the core distribution, but we can also get issues in
> other packages fixed quickly and smoothly. This is particularly
> important for platforms like desktop ... ⌘ [Read more](https://lwn.net/Articles/940144/) 2023-08-02T17:06:48Z **Project Zero on Arm MTE**
Google's Project Zero has spent some time studying the Arm memory tagging
extension (MTE), [support for which](https://lwn.net/Articles/834289/) was
merged into the 5.10 kernel, and [posted\
the results](https://googleprojectzero.blogspot.com/2023/08/summary-mte-as-implemented.html):

> Despite its limitations, MTE is still by far the most promising
> path forward for improving C/C++ software security in 2023. The
> ability of MTE to detect memory corruption exploitation at the
> first dangerous access provi ... ⌘ [Read more](https://lwn.net/Articles/940152/) 2023-08-02T22:01:48Z **[$] GIL removal and the Faster CPython project**
The Python global interpreter lock (GIL) has long been a barrier to
increasing the performance of programs by using multiple threads—the GIL
serializes access to the interpreter's virtual machine such that only one thread
can be executing Python code at any given time. There are other mechanisms
to provide
concurrency for the language, but the specter of the GIL—and its reality as
well—have often been cited as a major negative for Python. Back in October
2021, Sam Gross [introduced](https ... ⌘ [Read more](https://lwn.net/Articles/939981/) 2023-08-03T02:30:31Z **[$] LWN.net Weekly Edition for August 3, 2023**
The LWN.net Weekly Edition for August 3, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/939364/) 2023-08-03T14:23:34Z **Security updates for Thursday**
Security updates have been issued by **Debian** (linux-5.10), **Red Hat** (.NET 6.0 and iperf3), **Slackware** (openssl), **SUSE** (kernel, mariadb, poppler, and python-Django), and **Ubuntu** (gst-plugins-base1.0, gst-plugins-good1.0, maradns, openjdk-20, and vim). ⌘ [Read more](https://lwn.net/Articles/940335/) 2023-08-03T14:30:13Z **Stable kernels 6.4.8, 6.1.43, and 5.15.124**
The [6.4.8](https://lwn.net/Articles/940337/), [6.1.43](https://lwn.net/Articles/940338/), and [5.15.124](https://lwn.net/Articles/940339/) stable kernels have been released.
As usual, they contain important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/940336/) 2023-08-03T14:39:15Z **[$] Making life (even) harder for proprietary modules**
The kernel community has never had a smooth relationship with the purveyors
of proprietary kernel modules. Developers tend to strongly dislike those
modules, which cannot be debugged or fixed by anybody other than their
creator, and many see them as a violation of the kernel's license and their
copyrights on the code. Nonetheless, proprietary modules are tolerated,
within bounds. A recent patch from Christoph Hellwig suggests that those
bounds are about to be tightened slightly, in ... ⌘ [Read more](https://lwn.net/Articles/939842/) 2023-08-04T14:18:12Z **Security updates for Friday**
Security updates have been issued by **CentOS** (bind and kernel), **Debian** (cjose, firefox-esr, ntpsec, and python-django), **Fedora** (chromium, firefox, librsvg2, and webkitgtk), **Red Hat** (firefox), **Scientific Linux** (firefox and openssh), **SUSE** (go1.20, ImageMagick, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, kernel, openssl-1\_1, pipewire, python-pip, and xtrans), and **Ubuntu** (cargo, rust-cargo, cpio, poppler, and xmltooling). ⌘ [Read more](https://lwn.net/Articles/940481/) 2023-08-04T14:26:20Z **[$] Beginning the software-interrupt lock pushdown**
The big kernel lock (BKL) is a distant memory now but, for years, it was
one of the more intractable problems faced by the kernel development
community. The end of the BKL does not mean that the kernel is without
problematic locks, however. In recent times, some attention has been paid
to the software-interrupt (or "bottom half") lock, which can create latency
problems, especially on realtime systems. Frederic Weisbecker is taking a
new tack in his campaign to cut this lock down to si ... ⌘ [Read more](https://lwn.net/Articles/939973/) 2023-08-05T14:29:59Z **Mourning Bram Moolenaar**
Bram Moolenaar, the creator of the vim editor, [passed\
away](https://groups.google.com/g/vim_announce/c/tWahca9zkt4) on August 3. "Bram dedicated a large part of his life to
VIM and he was very proud of the VIM community that you are all part
of." He will be missed. ⌘ [Read more](https://lwn.net/Articles/940551/) 2023-08-05T19:40:47Z **Ekstrand: NVK Has landed**
Faith Ekstrand [announces](https://www.collabora.com/news-and-blog/news-and-events/nvk-has-landed.html)
on the Collabora blog
that NVK, an open-source driver for NVIDIA GPUs, will be included in the
Mesa 23.3 release.

> Merging into mesa/main is certainly a big milestone but NVK is
> nowhere near finished. It will take a long time before we get the
> bugs worked out and get a full feature set with reasonable
> performance. What it does mean is that we're pretty confident in
> the core of the driver and th ... ⌘ [Read more](https://lwn.net/Articles/940567/) 2023-08-06T23:17:03Z **Kernel prepatch 6.5-rc5**
Linus has released [6.5-rc5](https://lwn.net/Articles/940617/) for testing.
"Things continue to look pretty normal. Not a huge number of commits,
and most of the ones here are tiny". ⌘ [Read more](https://lwn.net/Articles/940618/) 2023-08-07T14:24:27Z **[$] Shadow stacks for 64-bit Arm systems**
[Return-oriented\
programming (ROP)](https://en.wikipedia.org/wiki/Return-oriented_programming) has, for some years now, been a valuable tool for
those who would subvert a system's security. It is thus not surprising
that a lot of effort has gone into thwarting ROP attacks, which depend on
corrupting the call stack with a carefully chosen set of return addresses,
at both the hardware and software levels. One result of this work is
shadow stacks, which can detect corruption of the call stack, al ... ⌘ [Read more](https://lwn.net/Articles/940403/) 2023-08-07T14:23:29Z **Security updates for Monday**
Security updates have been issued by **Debian** (burp, chromium, ghostscript, openimageio, pdfcrack, python-werkzeug, thunderbird, and webkit2gtk), **Fedora** (amanda, libopenmpt, llhttp, samba, seamonkey, and xen), **Red Hat** (thunderbird), **Slackware** (mozilla and samba), and **SUSE** (perl-Net-Netmask, python-Django1, trytond, and virtualbox). ⌘ [Read more](https://lwn.net/Articles/940682/) 2023-08-07T14:35:06Z **The Sourceware 25 roadmap**
[Sourceware](https://sourceware.org/), the development home for
the GNU toolchain and more, is about to celebrate its 25th anniversary and
is [looking\
forward](https://lwn.net/ml/gcc/20230807114120.GF12836@gnu.wildebeest.org/) to the next 25 years:

> That is why in the last couple of years we have started to
> diversify our hardware partners, setup new services using
> containers and isolated VMs, investigated secure supply chain
> issues, added redundant mirrors, created a non-profit home,
> collected ... ⌘ [Read more](https://lwn.net/Articles/940683/) 2023-08-07T14:48:30Z **Introducing Incus**
The [Linux Containers project](https://linuxcontainers.org/) has
[announced](https://linuxcontainers.org/incus/) the addition of
[Incus](https://github.com/lxc/incus), which is a fork of LXD
5.16 started by Aleksa Sarai. Incus was created in response to [Canonical's removal of LXD from Linux\
Containers](https://lwn.net/Articles/937369/).

> After some discussion with Aleksa and a fair bit of encouragement from our
> community, we have made the decision to take Incus under the umbrella of
> Linux Containers and will ... ⌘ [Read more](https://lwn.net/Articles/940684/) 2023-08-08T13:18:06Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (libhtmlcleaner-java and thunderbird), **Red Hat** (dbus, kernel, kernel-rt, kpatch-patch, and thunderbird), **Scientific Linux** (thunderbird), **SUSE** (chromium, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, kernel-firmware, libqt5-qtbase, libqt5-qtsvg, librsvg, pcre2, perl-Net-Netmask, qt6-base, and thunderbird), and **Ubuntu** (firefox). ⌘ [Read more](https://lwn.net/Articles/940755/) 2023-08-08T18:00:19Z **Another round of speculative-execution vulnerabilities**
There is a newly disclosed set of vulnerabilities in Intel processors that
have been given the name [Downfall\
attacks](https://downfall.page/).

> Downfall attacks targets a critical weakness found in billions of
> modern processors used in personal and cloud computers. This
> vulnerability, identified as CVE-2022-40982, enables a user to
> access and steal data from other users who share the same
> computer. For instance, a malicious app obtained from an app store
> could u ... ⌘ [Read more](https://lwn.net/Articles/940783/) 2023-08-08T19:04:45Z **Stable kernels with security fixes**
The
[6.4.9](https://lwn.net/Articles/940799/),
[6.1.44](https://lwn.net/Articles/940800/),
[5.15.125](https://lwn.net/Articles/940801/),
[5.10.189](https://lwn.net/Articles/940802/),
[5.4.252](https://lwn.net/Articles/940803/),
[4.19.290](https://lwn.net/Articles/940804/), and
[4.14.321](https://lwn.net/Articles/940805/)
stable kernel updates have all been released; they are dominated by fixes
for [the latest round](https://lwn.net/Articles/940783/) of
speculative-execution vulnerabilities.

Do note ... ⌘ [Read more](https://lwn.net/Articles/940798/) 2023-08-08T20:34:34Z **[$] SFrame: fast, low-overhead stack traces**
Getting a stack trace of a running program is useful in a variety of
scenarios: tracing, profiling, debugging, performance tuning, and more.
There are existing mechanisms to get stack traces, but there are some
downsides to them; the "Simple Frame" (SFrame) stack-trace format came
about to address the shortcomings in the other techniques. Back in May,
Steve Rostedt and Indu Bhagat gave a [talk about\
SFrame support in the kernel](https://lwn.net/Articles/932209/) as part of [LSFMM+BPF](https ... ⌘ [Read more](https://lwn.net/Articles/940686/) 2023-08-09T13:23:42Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (cjose, hdf5, and orthanc), **Fedora** (java-17-openjdk and seamonkey), **Red Hat** (curl, dbus, iperf3, kernel, kpatch-patch, libcap, libxml2, nodejs:16, nodejs:18, postgresql:10, postgresql:12, postgresql:13, and python-requests), **SUSE** (bluez, cjose, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, keylime, openssl-1\_1, openssl-3, pipewire, poppler, qemu, rubygem-actionpack-4\_2, rubygem-actionpack-5\_1, ... ⌘ [Read more](https://lwn.net/Articles/940912/) 2023-08-09T22:27:49Z **[$] CPython without a global interpreter lock**
The global interpreter lock (GIL) has been a part of CPython since the
beginning— [nearly](https://www.backblaze.com/blog/the-python-gil-past-present-and-future/)—but
that seems likely to change over the next five or so
years. As we [described](https://lwn.net/Articles/939981/) last week, the
Python steering council has [announced](https://discuss.python.org/t/a-steering-council-notice-about-pep-703-making-the-global-interpreter-lock-optional-in-cpython/30474)
its [intention to start movin ... ⌘ [Read more](https://lwn.net/Articles/940780/) 2023-08-10T01:46:45Z **[$] LWN.net Weekly Edition for August 10, 2023**
The LWN.net Weekly Edition for August 10, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/940290/) 2023-08-10T14:21:12Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr), **Fedora** (chromium, kernel, krb5, and rust), and **Ubuntu** (graphite-web and velocity). ⌘ [Read more](https://lwn.net/Articles/941082/) 2023-08-10T14:30:59Z **[$] An ioctl() call to detect memory writes**
It is the kernel's business to know when a process's memory has been
written to; among other things, this knowledge is needed to determine which
pages can
be immediately reclaimed or to properly write dirty pages to backing store.
Sometimes, though, user space also needs access to this information in a
reliable and fast manner. [This\
patch series](https://lwn.net/ml/linux-mm/20230808104309.357852-1-usama.anjum@collabora.com/) from Muhammad Usama Anjum adds a new ioctl() call
for this purpos ... ⌘ [Read more](https://lwn.net/Articles/940704/) 2023-08-10T15:32:05Z **The Open Enterprise Linux Association**
The [Open Enterprise Linux Association](https://openela.org/)
has [announced its\
existence](https://openela.org/news/hello_world/). It is a collaboration between CIQ (Rocky Linux), Oracle,
and SUSE to provide an RHEL-compatible distribution.

> Starting later this year, OpenELA will provide sources necessary
> for downstreams compatible with RHEL to exist, with initial focus
> on RHEL versions EL8, EL9 and possibly EL7. The project is
> committed to ensuring the continued availability of OpenE ... ⌘ [Read more](https://lwn.net/Articles/941091/) 2023-08-11T14:15:35Z **Security updates for Friday**
Security updates have been issued by **Debian** (intel-microcode, kernel, and php-dompdf), **Fedora** (linux-firmware, OpenImageIO, and php), **Oracle** (aardvark-dns, kernel, linux-firmware, python-flask, and python-werkzeug), **SUSE** (container-suseconnect, go1.19, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, java-11-openjdk, kernel-firmware, kubernetes1.24, openssl-1\_1, poppler, python-scipy, qatengine, ucode-intel, util-linux, and vim), and **Ubuntu** (dotnet6, dotnet7, php-d ... ⌘ [Read more](https://lwn.net/Articles/941271/) 2023-08-11T14:35:19Z **New stable kernels released**
Greg Kroah-Hartman has announced the release of the
[6.4.10](https://lwn.net/Articles/941274/), [6.1.45](https://lwn.net/Articles/941275/),
[5.10.190](https://lwn.net/Articles/941276/), [5.4.253](https://lwn.net/Articles/941277/), [4.19.291](https://lwn.net/Articles/941278/), and [4.14.322](https://lwn.net/Articles/941279/) stable kernels. Note that 5.15.126
was also [in\
the review process for this batch](https://lwn.net/ml/linux-kernel/20230809103633.485906560@linuxfoundation.org/), but has not (yet) been ... ⌘ [Read more](https://lwn.net/Articles/941273/) 2023-08-11T14:48:59Z **[$] Following up on file-position locking**
LWN recently covered [a discussion on\
file-position locking](https://lwn.net/Articles/939389/) that demonstrated the hazards that can result
from unexpected concurrency. It turns out that this discussion had not yet
fully run its course. Since that article was written, additional changes
intended to address a performance regression evolved into a core virtual
filesystem (VFS) layer API change to carry out some much-delayed housecleaning. ⌘ [Read more](https://lwn.net/Articles/940808/) 2023-08-13T22:49:03Z **Kernel prepatch 6.5-rc6**
The [6.5-rc6](https://lwn.net/Articles/941403/) kernel prepatch is out for
testing.

> So apart from the regularly scheduled hardware mitigation patches,
> everything looks fairly normal. And I guess the hw mitigation is to
> be considered normal too, apart from the inevitable fixup patches
> it then causes because the embargo keeps us from testing it widely
> and keeps it from all our public automation. Sigh. ⌘ [Read more](https://lwn.net/Articles/941405/) 2023-08-14T14:06:57Z **Security updates for Monday**
Security updates have been issued by **Debian** (gst-plugins-ugly1.0, libreoffice, linux-5.10, netatalk, poppler, and sox), **Fedora** (chromium, ghostscript, java-1.8.0-openjdk-portable, java-11-openjdk, java-11-openjdk-portable, java-17-openjdk-portable, java-latest-openjdk-portable, kernel, linux-firmware, mingw-python-certifi, ntpsec, and php), **Oracle** (.NET 6.0, .NET 7.0, 15, 18, bind, bind9.16, buildah, cjose, curl, dbus, emacs, firefox, go-toolset and golang, go-toolset:ol8, grafana, iperf3, java- ... ⌘ [Read more](https://lwn.net/Articles/941587/) 2023-08-14T14:12:23Z **[$] A new futex API**
The Linux fast user-space mutex ("futex") subsystem debuted with the 2.6.0
kernel; it provides a mechanism that can be used to implement user-space
locking. Since futexes avoid calling into the kernel whenever possible,
they can indeed be fast, especially in the uncontended case. The API used
to access futexes has never been seen as one of Linux's strongest points,
though, so there has long been a desire to improve it. [This patch\
series](https://lwn.net/ml/linux-kernel/20230807121843.710612856@infradead.org/) fro ... ⌘ [Read more](https://lwn.net/Articles/940944/) 2023-08-14T14:21:42Z **Nuta: Exploring the internals of Linux v0.01**
For those who find the 6.x kernel intimidating, Seiya Nuta has written [a look at the 0.01\
kernel](https://seiya.me/blog/reading-linux-v0.01), which reflects a simpler time.

> By the way, there's an interesting comment about the scheduler:
>
> ```
> * 'schedule()' is the scheduler function. This is GOOD CODE! There
> * probably won't be any reason to change this, as it should work well
> * in all circumstances (ie gives IO-bound processes good response etc).
>
> ```
>
> Yes i ... ⌘ [Read more](https://lwn.net/Articles/941591/) 2023-08-15T13:00:41Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (samba), **Red Hat** (.NET 6.0, .NET 7.0, rh-dotnet60-dotnet, rust, rust-toolset-1.66-rust, and rust-toolset:rhel8), and **SUSE** (kernel and opensuse-welcome). ⌘ [Read more](https://lwn.net/Articles/941658/) 2023-08-15T13:26:00Z **Maintainers Summit call for topics**
The 2023 Maintainers Summit will be held on November 16 in Richmond, VA,
immediately after the [Linux Plumbers\
Conference](https://lpc.events/).

> As in previous years, the Maintainers Summit is invite-only, where
> the primary focus will be process issues around Linux Kernel
> Development. It will be limited to 30 invitees and a handful of
> sponsored attendees.

The [call for\
topics](https://lwn.net/ml/ksummit-discuss/20230815052947.GA3214753@mit.edu/) has just gone out, with the first invita ... ⌘ [Read more](https://lwn.net/Articles/941660/) 2023-08-15T15:38:59Z **Devuan 5.0.0 released**
[Version\
5.0 ("Daedalus")](https://lwn.net/ml/devuan-devel/20230815152733.e6hlowjxwgwcngli@napoli/) of the Debian-based Devuan distribution has been
released. "This is the result of many months of painstaking work by the
Team and detailed testing by the wider Devuan community." The
announcement lists a couple of new features but mostly defers to [the\
Debian 12 ("bookworm") release notes](https://www.debian.org/releases/bookworm/releasenotes). ⌘ [Read more](https://lwn.net/Articles/941672/) 2023-08-15T21:19:37Z **[$] A per-interpreter GIL**
"Subinterpreters", which are separate Python interpreters running in the
same process that can be
created [using\
the C API](https://docs.python.org/3/c-api/init.html#sub-interpreter-support), have been a part of Python since the previous century
(version 1.5 in 1997), but they are largely unknown and unused.
Eric Snow has been on something of a quest, since 2015 or so, to bring
[better multicore processing to Python](https://lwn.net/Articles/650489/) by
way of subinterpreters (or "multiple interpreters"). He ... ⌘ [Read more](https://lwn.net/Articles/941090/) 2023-08-16T13:04:50Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (datatables.js and openssl), **Fedora** (ghostscript, java-11-openjdk, java-latest-openjdk, microcode\_ctl, and xen), **Red Hat** (redhat-ds:11), **SUSE** (java-1\_8\_0-openj9, kernel, krb5, pcre2, and perl-HTTP-Tiny), and **Ubuntu** (gstreamer1.0, mysql-8.0, tiff, and webkit2gtk). ⌘ [Read more](https://lwn.net/Articles/941722/) 2023-08-16T14:10:50Z **Debian adds LoongArch support**
The Debian project has [added\
the LoongArch architecture](https://lwn.net/ml/debian-devel-announce/c32d3af9f9ebc362431e2f208f75b52ba64779c0.camel@physik.fu-berlin.de/) to its ports collection.

> After an initial manual bootstrap of roughly 200 packages, two
> buildds are now building packages for the newly added "loong64"
> port with the help of qemu-user. After enough packages have been
> built for the port to be self-hosting, we're planning to replace
> these two buildds with real hardware hosted ... ⌘ [Read more](https://lwn.net/Articles/941743/) 2023-08-16T14:26:23Z **Debian turns 30**
On August 16, 1993, Ian Murdock [announced](https://groups.google.com/g/comp.os.linux.development/c/Md3Modzg5TU/m/xty88y5OLaMJ)
a new distribution to the comp.os.linux.development Usenet newsgroup:

> This is just to announce the imminent completion of a brand-new
> Linux release, which I'm calling the Debian Linux Release. This is
> a release that I have put together basically from scratch; in other
> words, I didn't simply make some changes to SLS and call it a new
> release. I was inspired to put together this r ... ⌘ [Read more](https://lwn.net/Articles/941744/) 2023-08-16T17:27:49Z **Wednesday's stable kernel updates**
The
[6.4.11](https://lwn.net/Articles/941773/),
[6.1.46](https://lwn.net/Articles/941774/),
[5.15.127](https://lwn.net/Articles/941775/),
[5.10.191](https://lwn.net/Articles/941777/),
[5.4.254](https://lwn.net/Articles/941776/),
[4.19.292](https://lwn.net/Articles/941778/), and
[4.14.323](https://lwn.net/Articles/941779/)
stable kernels have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/941772/) 2023-08-16T20:07:46Z **[$] Kernel security reporting for distributions**
The [call for topics](https://lwn.net/Articles/941660/) for the [Linux\
Kernel\
Maintainers Summit](https://events.linuxfoundation.org/linux-kernel-maintainer-summit/) went out on August 15; one proposed topic has
generated some interesting discussion about security-bug reporting for the
kernel.
A recent [patch](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4fee0915e649b)
to the kernel's documentation about how to report security bugs recommends
avoiding p ... ⌘ [Read more](https://lwn.net/Articles/941745/) 2023-08-16T22:34:04Z **HashiCorp's license change**
Readers have been pointing us to HashiCorp's [announcement](https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license)
that it is moving to its own "Business Source License" for some of its
(formerly) open-source products. Like other companies ( [example](https://lwn.net/Articles/768670/)) that have taken this path, HashiCorp
is removing the freedom to use its products commercially in ways that it
sees as competitive. This is, in a real sense, an old and tiresome story.

The lessons to be drawn ... ⌘ [Read more](https://lwn.net/Articles/941799/) 2023-08-17T00:59:54Z **[$] LWN.net Weekly Edition for August 17, 2023**
The LWN.net Weekly Edition for August 17, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/941046/) 2023-08-17T14:16:56Z **Security updates for Thursday**
Security updates have been issued by **Debian** (open-vm-tools, openjdk-11, and openssh), **Fedora** (librsvg2, llhttp, opensc, and rust), **Oracle** (.NET 6.0, .NET 7.0, iperf3, microcode\_ctl, postgresql:10, and python-requests), **SUSE** (openssl-1\_0\_0, perl-Cpanel-JSON-XS, postgresql12, and postgresql15), and **Ubuntu** (ceph, haproxy, heat, libpod, and postgresql-12, postgresql-14, postgresql-15). ⌘ [Read more](https://lwn.net/Articles/941935/) 2023-08-17T16:15:54Z **[$] Out-of-memory victim selection with BPF**
In its default configuration, the Linux kernel will allow processes to
allocate more memory than the system can actually provide; this policy
enables better utilization of physical memory and works just fine — most of
the time. On occasions, though, the kernel may find itself unable to
provide memory that processes may think already belongs to them. If the
situation gets bad enough, the only solution (short of rebooting) is to
declare a sort of memory bankruptcy and write off some of the ker ... ⌘ [Read more](https://lwn.net/Articles/941614/) 2023-08-17T19:51:58Z **SUSE to be acquired, taken private**
SUSE's long story of corporate ownership is gaining a new chapter; the
company has [announced](https://www.suse.com/news/EQT-announces-voluntary-public-purchase-offer-and-intention-to-delist-SUSE/)
that it's majority shareholder (Marcel LUX III SARL) will acquiring the
remaining shares, and will take the company private and off of the stock
exchange. "SUSE’s Management Board and Supervisory Board support the
strategic opportunity from delisting of the company as it will allow SUSE
to focus fully on i ... ⌘ [Read more](https://lwn.net/Articles/941985/) 2023-08-18T12:48:39Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, rar, and unrar-nonfree), **Fedora** (microcode\_ctl, trafficserver, and webkitgtk), **SUSE** (ImageMagick, kernel, nodejs16, nodejs18, postgresql12, postgresql15, re2c, and samba), and **Ubuntu** (ghostscript, haproxy, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-hwe-5.15, linux-ibm,
 linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency,
 linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15,
 linux-raspi, li ... ⌘ [Read more](https://lwn.net/Articles/942076/) 2023-08-18T13:48:46Z **[$] DNF5 delayed**
It is fair to say that the [DNF package\
manager](https://docs.fedoraproject.org/en-US/quick-docs/dnf/) is not the favorite tool of many Fedora users. It was brought
in as a replacement for Yum but got off to [a\
rather rocky start](https://lwn.net/Articles/580223/); DNF has
stabilized over the years, though and the complaints have subsided. That can only
mean one thing: it must be time to throw it away and start over from the
beginning. The replacement, called DNF5, was slated to be a part of the
Fedora 39 release, d ... ⌘ [Read more](https://lwn.net/Articles/941154/) 2023-08-20T21:10:32Z **Linux 6.5-rc7 released**
Linus Torvalds has released the [6.5-rc7 kernel\
prepatch](https://lwn.net/Articles/942249/), which looks to be the final release candidate before the likely
release of Linux 6.5 next Sunday. Torvalds released it a little earlier
than usual due to some travel; overall things look to be in good shape:

> But apart from the timezone difference, everything looks entirely
> normal. Drivers (GPU, networking and sound dominate - the usual
> suspects, in other words) and architecture fixes. The latter are
> mostly arm ... ⌘ [Read more](https://lwn.net/Articles/942248/) 2023-08-21T14:46:10Z **Security updates for Monday**
Security updates have been issued by **Debian** (fastdds, flask, and kernel), **Fedora** (chromium, dotnet6.0, dotnet7.0, gerbv, java-1.8.0-openjdk, libreswan, procps-ng, and spectre-meltdown-checker), **SUSE** (chromium, kernel-firmware, krb5, opensuse-welcome, and python-mitmproxy), and **Ubuntu** (clamav, firefox, and vim). ⌘ [Read more](https://lwn.net/Articles/942311/) 2023-08-21T15:00:29Z **LibreOffice 7.6 Community released**
[The Document Foundation](https://www.documentfoundation.org/)
has [announced\
the release of LibreOffice 7.6 Community](https://blog.documentfoundation.org/blog/2023/08/21/libreoffice-7-6-community/). It is the last release
using the existing numbering scheme as the office suite will move to date-based
release numbers starting with LibreOffice 24.2 in
February, 2024. Highlights of this release include support for
document themes, including import and export of them, a new navigation
panel for Impres ... ⌘ [Read more](https://lwn.net/Articles/942312/) 2023-08-21T17:02:58Z **[$] Defending mounted filesystems from the root user**
Making a filesystem implementation robust in the face of maliciously
created filesystem images is a challenging task even when the
implementation is actively maintained, which [many in the kernel are not](https://lwn.net/Articles/939097/). There is a way to
make that task even harder, though: modify that filesystem image behind the
implementation's back while it is mounted. A recent discussion on the
linux-fsdevel list reveals an ongoing disagreement over whether (and how)
this thre ... ⌘ [Read more](https://lwn.net/Articles/941764/) 2023-08-22T14:20:29Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (intel-microcode, lxc, and zabbix), **Fedora** (clamav), **SUSE** (python-configobj), and **Ubuntu** (clamav). ⌘ [Read more](https://lwn.net/Articles/942405/) 2023-08-22T14:47:30Z **[$] PineTime: a smartwatch for open-source software**
The
[PineTime](https://www.pine64.org/pinetime/) is an inexpensive
smartwatch developed by [PINE64](https://www.pine64.org/) that is
designed to run open-source operating systems. Despite its low cost, however,
it has most of the features expected from more expensive, proprietary
smartwatches. Because it runs open-source software, though, interested
developers
can add any other useful features that they dream up. ⌘ [Read more](https://lwn.net/Articles/941796/) 2023-08-23T14:15:07Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (mediawiki and qt4-x11), **Fedora** (java-17-openjdk, linux-firmware, and python-yfinance), **Red Hat** (kernel, kpatch-patch, and subscription-manager), **SUSE** (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and **Ubuntu** (inetutils). ⌘ [Read more](https://lwn.net/Articles/942514/) 2023-08-23T15:39:14Z **[$] HashiCorp, Terraform, and OpenTF**
Over the years, there have been multiple examples of open-source software
that, suddenly, was no longer open source; on August 10, some further
examples were added to the pile. That happened when HashiCorp [announced](https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license)
that it would be switching the license on its products from the [Mozilla Public\
License 2.0](https://www.mozilla.org/en-US/MPL/2.0/) (MPL) to the [Business Source License 1.1](https://www.hashicorp.com/bsl)
(BSL ... ⌘ [Read more](https://lwn.net/Articles/942346/) 2023-08-23T17:44:57Z **Stable kernels 6.4.12 and 6.1.47**
Greg Kroah-Hartman has announced the release of two new stable kernels: [6.4.12](https://lwn.net/Articles/942530/) and [6.1.47](https://lwn.net/Articles/942531/). Both contain lots of important fixes
throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/942529/) 2023-08-24T02:24:37Z **[$] LWN.net Weekly Edition for August 24, 2023**
The LWN.net Weekly Edition for August 24, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/941867/) 2023-08-24T14:26:07Z **Security updates for Thursday**
Security updates have been issued by **Debian** (w3m), **Fedora** (libqb), **Mageia** (docker-containerd, kernel, kernel-linus, microcode, php, redis, and samba), **Oracle** (kernel, kernel-container, and openssh), **Scientific Linux** (subscription-manager), **SUSE** (ca-certificates-mozilla, erlang, gawk, gstreamer-plugins-base, indent, java-1\_8\_0-ibm, kernel, kernel-firmware, krb5, libcares2, nodejs14, nodejs16, openssl-1\_1, openssl-3, poppler, postfix, redis, webkit2gtk3, and xen), and **Ubuntu** ( ... ⌘ [Read more](https://lwn.net/Articles/942654/) 2023-08-24T15:20:35Z **Rust 1.72.0 released**
[Version\
1.72.0](https://blog.rust-lang.org/2023/08/24/Rust-1.72.0.html) of the Rust compiler has been released. Changes include
improved diagnostics and the removal of a limit on const evaluation:

> To prevent user-provided const evaluation from getting into a
> compile-time infinite loop or otherwise taking unbounded time at
> compile time, Rust previously limited the maximum number of
> statements run as part of any given constant evaluation. However,
> especially creative Rust code could hit these limits ... ⌘ [Read more](https://lwn.net/Articles/942656/) 2023-08-24T15:32:06Z **[$] A more dynamic software I/O TLB**
The kernel's software I/O translation lookaside buffer ("swiotlb") is an
obscure corner of the DMA-support layer. The swiotlb was initially
introduced to enable DMA for devices with special challenges, and one might
have expected it to fade away as newer peripherals came along. Instead,
though, the swiotlb has turned out to be useful in places outside of its
original use cases. [This\
patch set](https://lwn.net/ml/linux-kernel/cover.1690871004.git.petr.tesarik.ext@huawei.com/) from Petr Tesarik now ... ⌘ [Read more](https://lwn.net/Articles/940973/) 2023-08-25T15:14:51Z **Security updates for Friday**
Security updates have been issued by **Debian** (tryton-server), **Fedora** (youtube-dl), **SUSE** (clamav and krb5), and **Ubuntu** (cjose and fastdds). ⌘ [Read more](https://lwn.net/Articles/942766/) 2023-08-25T16:27:19Z **[$] The OpenSprinkler controller**
The more one pays attention to the Internet of Things (IoT), the more one
learns to appreciate simple, unconnected devices. Your editor long ago
acquired an aversion to products that advertise themselves as "smart"
or "WiFi-enabled". There can be advantages, though, to devices that
contain microprocessors, are Internet connected, and are remotely
accessible, if they are implemented well. The [OpenSprinkler](https://opensprinkler.com/) sprinkler timer would
appear to be a case in point. ⌘ [Read more](https://lwn.net/Articles/940509/) 2023-08-25T17:56:53Z **OpenTF Announces Fork of Terraform**
The [OpenTF Foundation](https://opentf.org/) has [announced](https://opentf.org/announcement) that it is moving forward with its eponymous fork of [HashiCorp Terraform](https://www.terraform.io/), which was recently [changed to a non-FOSS license](https://lwn.net/Articles/942346/) by the company. The organization has applied to become part of the Linux Foundation, "with the end goal of having **OpenTF as part of Cloud Native Computing Foundation**". There is a [GitHub repository for its manifesto](ht ... ⌘ [Read more](https://lwn.net/Articles/942770/) 2023-08-27T18:05:03Z **Three stable kernels**
The
[6.1.48](https://lwn.net/Articles/942865/),
[5.15.128](https://lwn.net/Articles/942866/), and
[5.10.192](https://lwn.net/Articles/942867/)
stable kernels have been released; each contains another set of important
fixes. ⌘ [Read more](https://lwn.net/Articles/942864/) 2023-08-27T22:30:38Z **The 6.5 kernel has been released**
Linus has, as expected, [released the 6.5\
kernel](https://lwn.net/Articles/942879/).

> I still have this nagging feeling that a lot of people are on
> vacation and that things have been quiet partly due to that. But
> this release has been going smoothly, so that's probably just me
> being paranoid. The biggest patches this last week were literally
> just to our selftests.

Headline features in 6.5 include
faster booting on large x86 systems,
Arm [Permission Indirection Extension](https://lwn.net ... ⌘ [Read more](https://lwn.net/Articles/942876/) 2023-08-28T14:32:55Z **Security updates for Monday**
Security updates have been issued by **Debian** (chromium, clamav, librsvg, rar, and unrar-nonfree), **Fedora** (caddy, chromium, and xen), and **SUSE** (ca-certificates-mozilla, gawk, ghostscript, java-1\_8\_0-ibm, java-1\_8\_0-openjdk, php7, qemu, and xen). ⌘ [Read more](https://lwn.net/Articles/942922/) 2023-08-28T15:10:17Z **Bugzilla Celebrates 25 Years With Special Announcements (Bugzilla blog)**
August 26 was the 25th anniversary of the release of the [Bugzilla](https://www.bugzilla.org/) bug tracker as open-source software under the Mozilla Public License (MPL). A [blog post](https://www.bugzilla.org/blog/2023/08/26/bugzilla-celebrates-25-years/) for the occasion has some announcements, including several upcoming releases, help wanted, and a new legal entity to house the project:

> Which now brings us to today, when I’m happy to announce the formation o ... ⌘ [Read more](https://lwn.net/Articles/942937/) 2023-08-28T15:16:18Z **[$] Development statistics for the 6.5 kernel**
The 6.5 kernel was [released](https://lwn.net/ml/linux-kernel/CAHk-=wgmKhCrdrOCjp=5v9NO6C=PJ8ZTZcCXj09piHzsZ7qqmw@mail.gmail.com/)
on August 27 after a nine-week development cycle. By that time, some
13,561 non-merge changesets had found their way into the mainline
repository, the lowest number seen since the 5.15 release (12,377
changesets) in late 2021. Nonetheless, quite a bit of significant work was
done in this cycle; read on for a look at where that work came from. ⌘ [Read more](https://lwn.net/Articles/941675/) 2023-08-29T13:50:16Z **Rest in peace Satoru Ueda**
[![[Satoru Ueda]](https://lwn.net/images/2023/ueda.png)](https://lwn.net/Articles/358757/)
The OpenChain site carries the sad news of [the\
passing of Satoru Ueda](https://www.openchainproject.org/news/2023/08/28/in-memory-of-ueda-san). Your editor first met Ueda San at the [2007 Linux Foundation Japan Symposium](https://lwn.net/Articles/241898/), where a
small group of dedicated developers and managers was working hard to bring
open-source development practices to the country. Ueda San was always a
strong ad ... ⌘ [Read more](https://lwn.net/Articles/942973/) 2023-08-29T14:00:10Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (flask-security and opendmarc), **Fedora** (qemu), **Oracle** (rust and rust-toolset:ol8), **Red Hat** (cups and libxml2), **Scientific Linux** (cups), **SUSE** (ca-certificates-mozilla, chromium, clamav, freetype2, haproxy, nodejs12, procps, and vim), and **Ubuntu** (faad2, json-c, libqb, linux, linux-aws, linux-lts-xenial, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, and linux-gke, linux-ibm-5.4). ⌘ [Read more](https://lwn.net/Articles/943006/) 2023-08-29T15:46:01Z **[$] Python is (mostly) made of syntactic sugar**
"Sugar" is, to a certain extent, in the eye of the beholder—at least when
it comes to syntax. Programming languages are often made up of a (mostly)
irreducible core, with lots of sugary constructs sprinkled on top—the [syntactic sugar](https://en.wikipedia.org/wiki/Syntactic_sugar). No one
wants to be forced to do without the extra syntax—at least not for their
favorite pieces—but it is worth looking at how a language's constructs can
be built from the core. That is just what Brett Cannon ... ⌘ [Read more](https://lwn.net/Articles/942767/) 2023-08-30T13:22:58Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (qpdf, ring, and tryton-server), **Fedora** (mingw-qt5-qtbase and moby-engine), **Red Hat** (cups, kernel, kernel-rt, kpatch-patch, librsvg2, and virt:rhel and virt-devel:rhel), and **Ubuntu** (amd64-microcode, firefox, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop,
 linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency,
 linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-g ... ⌘ [Read more](https://lwn.net/Articles/943087/) 2023-08-30T17:12:47Z **Seven stable kernels**
The
[6.4.13](https://lwn.net/Articles/943111/),
[6.1.50](https://lwn.net/Articles/943112/),
[5.15.129](https://lwn.net/Articles/943113/),
[5.10.193](https://lwn.net/Articles/943114/),
[5.4.255](https://lwn.net/Articles/943115/),
[4.19.293](https://lwn.net/Articles/943116/), and
[4.14.324](https://lwn.net/Articles/943117/)
stable kernels have been released; each contains another set of important
fixes. ⌘ [Read more](https://lwn.net/Articles/943110/) 2023-08-30T18:50:13Z **[$] Mastering Emacs**
A series of rabbit holes, some of which led to [unshaved\
yaks](https://projects.csail.mit.edu/gsb/old-archive/gsb-archive/gsb2000-02-11.html),
recently landed me on a book called [_Mastering Emacs_](https://www.masteringemacs.org/book).
Given that I have been using Emacs "professionally" for more than 16
years—and first looked into it a good ways into the previous century—I
should probably be pretty well-versed in that editor-cum-operating-system.
Sadly, for a variety of reasons, that is not really true, but the b ... ⌘ [Read more](https://lwn.net/Articles/942962/) 2023-08-31T00:14:29Z **[$] LWN.net Weekly Edition for August 31, 2023**
The LWN.net Weekly Edition for August 31, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/942601/) 2023-08-31T13:51:21Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr, json-c, opendmarc, and otrs2), **Red Hat** (java-1.8.0-ibm and kpatch-patch), **Scientific Linux** (kernel), **Slackware** (mozilla), **SUSE** (haproxy, php7, vim, and xen), and **Ubuntu** (elfutils, frr, and linux-gcp, linux-starfive). ⌘ [Read more](https://lwn.net/Articles/943192/) 2023-08-31T15:09:51Z **[$] The first half of the 6.6 merge window**
As of this writing, 4,588 non-merge changesets have been pulled into the
mainline repository for the 6.6 kernel release. The 6.6 merge window, in
other words, is just getting started. Nonetheless, a fair amount of
significant work has already been pulled, so the time has come to summarize
what has happened so far in this development cycle. ⌘ [Read more](https://lwn.net/Articles/942954/) 2023-09-01T14:05:27Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, firefox-esr, and gst-plugins-ugly1.0), **Fedora** (firefox, libeconf, libwebsockets, mosquitto, and rust-rustls-webpki), **SUSE** (amazon-ssm-agent, open-vm-tools, and terraform-provider-helm), and **Ubuntu** (linux-azure, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp-5.15, linux-gcp-5.4, linux-oracle-5.4, linux-gkeop, linux-gkeop-5.15, linux-intel-iotg, linux-kvm, linux-oracle, and python-git). ⌘ [Read more](https://lwn.net/Articles/943302/) 2023-09-01T14:46:06Z **[$] Race-free process creation in the GNU C Library**
The [pidfd API](https://lwn.net/Articles/794707/) has been added to the kernel
over the last several years to provide a race-free way for processes to
refer to each other. While the [GNU C Library](https://www.gnu.org/software/libc/) (glibc) gained
basic pidfd support with the 2.36 release in 2022, it still lacks a
complete solution for race-free process creation. [This\
patch set](https://lwn.net/ml/libc-alpha/20230706134508.422526-1-adhemerval.zanella@linaro.org/) from Adhemerval Z ... ⌘ [Read more](https://lwn.net/Articles/943022/) 2023-09-02T14:01:10Z **A pile of stable kernel updates**
The
[6.5.1](https://lwn.net/Articles/943401/),
[6.4.14](https://lwn.net/Articles/943402/),
[6.1.51](https://lwn.net/Articles/943403/),
[5.15.130](https://lwn.net/Articles/943404/),
[5.10.194](https://lwn.net/Articles/943405/),
[5.4.256](https://lwn.net/Articles/943406/),
[4.19.294](https://lwn.net/Articles/943407/), and
[4.14.325](https://lwn.net/Articles/943408/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/943400/) 2023-09-04T13:54:40Z **Security updates for Monday**
Security updates have been issued by **Debian** (thunderbird), **Fedora** (firefox, kernel, kubernetes, and mediawiki), **Mageia** (openldap), **SUSE** (terraform), and **Ubuntu** (atftp, busybox, and thunderbird). ⌘ [Read more](https://lwn.net/Articles/943492/) 2023-09-04T14:24:54Z **[$] Security topics: io_uring, VM attestation, and random-reseed notifications**
The kernel-development community has recently been discussing a number of
independent patches, each of which is intended to help improve the security
of deployed systems in some way. They touch on a number of areas within the
kernel, including the question of how widely io\_uring should be available,
how to allow virtual machines to attest to their integrity, and the best
way to inform applications when their random-number generators need to be
reseeded. ⌘ [Read more](https://lwn.net/Articles/943239/) 2023-09-05T13:46:43Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (file and thunderbird), **Fedora** (exercism, libtommath, moby-engine, and python-pyramid), **Oracle** (cups and kernel), **Red Hat** (firefox, kernel, kernel-rt, kpatch-patch, and thunderbird), **SUSE** (amazon-ecs-init, buildah, busybox, djvulibre, exempi, firefox, gsl, keylime, kubernetes1.18, php7, and sccache), and **Ubuntu** (docker-registry and linux-azure-5.4). ⌘ [Read more](https://lwn.net/Articles/943584/) 2023-09-05T16:44:20Z **KDE Gear 23.08 Arrived With Plenty of Changes (FOSS Force)**
FOSS Force [looks\
at the KDE Gear 23.08 release](https://fossforce.com/2023/09/kde-gear-23-08-arrives-with-plenty-of-changes-heres-whats-new/).

> For this release, developers have been working in high gear (no pun
> intended) as there were important improvements made to many of
> Gear’s most iconic applications. Not only that: just a little over
> a year after its arrival, the Kalendar app is going through a name
> change as it morphs into what appears will eventually be ... ⌘ [Read more](https://lwn.net/Articles/943596/) 2023-09-05T19:38:33Z **[$] Reducing the bandwidth needs for fwupd**
The [Linux Vendor Firmware Service](https://fwupd.org/) (LVFS)
provides a repository where vendors can upload firmware updates that can be
accessed by the [fwupd](https://github.com/fwupd/fwupd)
firmware update daemon on Linux systems. That mechanism allows users to keep
the hardware components of their systems up to date with the latest firmware
releases, but it has gotten so
popular that the daily metadata queries are starting to swamp the LVFS
content delivery network (CDN) server. So Rich ... ⌘ [Read more](https://lwn.net/Articles/943498/) 2023-09-06T13:13:52Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (aom and php7.3), **Fedora** (freeimage and mingw-freeimage), **Scientific Linux** (thunderbird), **SUSE** (amazon-ssm-agent, chromium, container-suseconnect, docker, glib2, php7, python-Django1, and rubygem-rails-html-sanitizer), and **Ubuntu** (kernel, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-ibm,
 linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm,
 linux-lowlatency, lin ... ⌘ [Read more](https://lwn.net/Articles/943679/) 2023-09-06T14:46:27Z **A guide to network performance tuning**
Leandro Moreira is maintaining [a\
detailed description of Linux network tuning parameters](https://github.com/leandromoreira/linux-network-performance-parameters) and how they
all tie together. There is a lot of good information for administrators
seeking a better understanding of how all those knobs work and
interoperate. (Seen on [HN](https://news.ycombinator.com/item?id=37403799#37405835)). ⌘ [Read more](https://lwn.net/Articles/943697/) 2023-09-06T14:57:35Z **Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy**
The Mozilla Foundation has published [a\
report](https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/) on the data-collection and privacy practices of 25 car brands.

> We reviewed 25 car brands in our research and we handed out 25
> "dings" for how those companies collect and use data and personal
> information. That’s right: every car brand we loo ... ⌘ [Read more](https://lwn.net/Articles/943699/) 2023-09-06T19:29:17Z **[$] Altering Python attribute handling for modules**
A recent discussion on the [Python forum](https://discuss.python.org/) looked at a way to
protect module objects (and users) from mistaken attribute assignment and
deletion.
There are ways
to get the same effect today, but the mechanism that would be used causes a
performance penalty for an unrelated, and heavily used, action: attribute
lookup on modules. Back in 2017, [PEP 562](https://peps.python.org/pep-0562/) ("Module \_\_getattr\_\_
and \_\_dir\_\_") set the stage for adding magi ... ⌘ [Read more](https://lwn.net/Articles/943619/) 2023-09-06T20:50:42Z **Four stable kernel releases**
The
[6.5.2](https://lwn.net/Articles/943752/),
[6.4.15](https://lwn.net/Articles/943753/),
[6.1.52](https://lwn.net/Articles/943754/), and
[5.15.131](https://lwn.net/Articles/943755/)
stable kernels have been released; each contains another set of important
fixes. ⌘ [Read more](https://lwn.net/Articles/943751/) 2023-09-07T01:56:39Z **[$] LWN.net Weekly Edition for September 7, 2023**
The LWN.net Weekly Edition for September 7, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/943199/) 2023-09-07T13:39:09Z **Security updates for Thursday**
Security updates have been issued by **Fedora** (erofs-utils, htmltest, indent, libeconf, netconsd, php-phpmailer6, tinyexr, and vim), **Red Hat** (firefox), and **Ubuntu** (linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15, linux-azure, linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-intel-iotg-5.15, linux-raspi, linux-oem-6.1, linux-raspi, linux-raspi-5.4, shiro, and sox). ⌘ [Read more](https://lwn.net/Articles/943856/) 2023-09-07T14:47:35Z **[$] Replacing openSUSE Leap**
[OpenSUSE Leap](https://get.opensuse.org/leap/15.5/) is a hybrid
distribution; it is based on SUSE's enterprise distribution (SLE), which
follows the "slow and stable" approach, but adds a number of newer packages
on top. Leap is intended to be a desktop-oriented distribution with a stable
and reliable base. As SUSE transitions away from its traditional
enterprise distribution toward its ["Adaptable\
Linux Platform" (ALP)](https://susealp.io/), though, the stable base upon which openSUSE Leap
is built is go ... ⌘ [Read more](https://lwn.net/Articles/943591/) 2023-09-07T16:56:27Z **Ubuntu to add TPM-backed full-disk encryption**
The Ubuntu blog has [a\
detailed article](https://ubuntu.com/blog/tpm-backed-full-disk-encryption-is-coming-to-ubuntu) on plans to add full-disk encryption, with the key
stored in the system's trusted platform module (TPM), to the desktop
distribution.

> In order to deliver these benefits, the implementation of
> TPM-backed FDE relies on two main design principles. First, it
> seals the FDE secret key to the full EFI state, including the
> kernel command line. Second, access to the dec ... ⌘ [Read more](https://lwn.net/Articles/943869/) 2023-09-08T13:40:24Z **Google bakes a user-tracking ad platform directly into Chrome (ars technica)**
[This\
ars technica article](https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/) looks at the widespread deployment of Google's
"privacy sandbox" in the Chrome browser:

> If you haven't been following this, this feature will track the web
> pages you visit and generate a list of advertising topics that it
> will share with web pages whenever they ask, and it's built
> directly into the Chrome ... ⌘ [Read more](https://lwn.net/Articles/943969/) 2023-09-08T14:23:00Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, libssh2, memcached, and python-django), **Fedora** (netconsd), **Oracle** (firefox and thunderbird), **Scientific Linux** (firefox), **SUSE** (open-vm-tools), and **Ubuntu** (grub2-signed, grub2-unsigned, shim, and shim-signed, plib, and python2.7, python3.5). ⌘ [Read more](https://lwn.net/Articles/943990/) 2023-09-08T14:41:27Z **[$] Prerequisites for large anonymous folios**
The work to add support for [large anonymous\
folios](https://lwn.net/Articles/937239/) to the kernel has been underway for some time, but this feature
has not yet landed in the mainline. The author of this work, Ryan Roberts,
has been trying to get a handle on what the remaining obstacles are so he
can address them. On September 6, an online meeting of
memory-management developers discussed that topic and made some progress;
there is still some work to do, though, before large anonymous fo ... ⌘ [Read more](https://lwn.net/Articles/943758/) 2023-09-08T15:54:21Z **Benjamin: Towards a new SymPy**
In a [series of posts on his blog](https://oscarbenjamin.github.io/blog/czi/index.html#new-sympy), Oscar Benjamin looks at [SymPy](https://www.sympy.org/en/index.html), which is a Python-based symbolic-mathematics library. In the [first article](https://oscarbenjamin.github.io/blog/czi/post1.html), he outlines the "big changes for SymPy with particular focus on speed". The [second](https://oscarbenjamin.github.io/blog/czi/post2.html) covers polynomial handling; subsequent articles will examine other piece ... ⌘ [Read more](https://lwn.net/Articles/943995/) 2023-09-10T23:54:46Z **Kernel prepatch 6.6-rc1**
Linus has [released 6.6-rc1](https://lwn.net/Articles/944122/) and closed the
merge window for this release.

> All the stats for 6.6 look fairly normal so far - as always, the
> bulk of the patch is drivers (a bit of everything, but networking
> and gpu are the two biggest areas), with arch updates coming in as
> a notable second, and then we have tooling and documentation. ⌘ [Read more](https://lwn.net/Articles/944121/) 2023-09-11T13:56:30Z **Security updates for Monday**
Security updates have been issued by **Debian** (frr, kernel, libraw, mutt, and open-vm-tools), **Fedora** (cjose, pypy, vim, wireshark, and xrdp), **Gentoo** (apache), **Mageia** (chromium-browser-stable, clamav, ghostscript, librsvg, libtiff, openssl, poppler, postgresql, python-pypdf2, and unrar), **Red Hat** (flac), **SUSE** (firefox, geoipupdate, icu73\_2, libssh2\_org, rekor, skopeo, and webkit2gtk3), and **Ubuntu** (linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-ras ... ⌘ [Read more](https://lwn.net/Articles/944190/) 2023-09-11T14:24:45Z **[$] The rest of the 6.6 merge window**
Linus Torvalds [released\
6.6-rc1](https://lwn.net/ml/linux-kernel/CAHk-=wgfL1rwyvELk2VwJTtiLNpwxTFeFtStLeAQ-2rTRd34eQ@mail.gmail.com/) and closed the 6.6 merge window on September 10. At that
point, 12,230 non-merge changesets had been pulled into the mainline
repository, which is exactly 500 more than were pulled for 6.5 at this stage
in the cycle. Over 7,000 of those changes were pulled after [our first-half summary](https://lwn.net/Articles/942954/) was written; they
brought a fair amount of ne ... ⌘ [Read more](https://lwn.net/Articles/943245/) 2023-09-12T12:23:00Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (node-cookiejar and orthanc), **Oracle** (firefox, kernel, and kernel-container), **Red Hat** (flac and httpd:2.4), **Slackware** (vim), **SUSE** (python-Django, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and **Ubuntu** (c-ares, curl, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15,
 linux-raspi, and linux-ibm, linux-ibm-5.4). ⌘ [Read more](https://lwn.net/Articles/944263/) 2023-09-12T20:26:30Z **Password-stealing Linux malware served for 3 years and no one noticed (Ars Technica)**
Ars Technica [reports](https://arstechnica.com/security/2023/09/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed/) on a credential-stealing Trojan horse that would infect only some of those who installed the "Free Download Manager". The article is based on a [Kaspersky report](https://securelist.com/backdoored-free-download-manager-linux-malware/110465/) that details the malicious payload offered up at that site from 2020 to 2022. ... ⌘ [Read more](https://lwn.net/Articles/944306/) 2023-09-12T21:18:11Z **A GCC -fstack-protector vulnerability on arm64**
The GCC stack-protector feature detects stack-based buffer overruns by
putting a canary value on the stack and noticing if that value is changed.
[It\
turns out](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf), though, that dynamically allocated local variables (such as
variable-length arrays and space obtained with alloca()) are
placed beyond the canary, so overflows of those variables will not be
detected. As a result, arm64 binaries built wi ... ⌘ [Read more](https://lwn.net/Articles/944307/) 2023-09-13T11:33:35Z **Stable kernels 6.5.3, 6.4.16, and 6.1.53**
The
[6.5.3](https://lwn.net/Articles/944356/),
[6.4.16](https://lwn.net/Articles/944357/), and
[6.1.53](https://lwn.net/Articles/944358/)
stable kernel updates have been released; each contains a large number of
important fixes. Note that the 6.4.x line ends with 6.4.16. ⌘ [Read more](https://lwn.net/Articles/944355/) 2023-09-13T11:30:51Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (e2guardian), **Fedora** (libeconf), **Red Hat** (dmidecode, kernel, kernel-rt, keylime, kpatch-patch, libcap, librsvg2, linux-firmware, and qemu-kvm), **Slackware** (mozilla), **SUSE** (chromium and shadow), and **Ubuntu** (cups, dotnet6, dotnet7, file, flac, and ruby-redcloth). ⌘ [Read more](https://lwn.net/Articles/944354/) 2023-09-13T20:46:31Z **[$] The bogus CVE problem**
The " [Common Vulnerabilities and\
Exposures](https://cve.mitre.org/)" (CVE) system was launched late
in the previous century (September 1999) to track vulnerabilities in
software. Over the years since, it has had a [somewhat checkered\
reputation](https://lwn.net/Articles/679315/), along with some [some attempts to\
replace it](https://lwn.net/Articles/851849/), but CVE numbers are still the only effective way to track
vulnerabilities. While that can certainly be useful, the
CVE-assignment (and severity scor ... ⌘ [Read more](https://lwn.net/Articles/944209/) 2023-09-14T00:59:40Z **[$] LWN.net Weekly Edition for September 14, 2023**
The LWN.net Weekly Edition for September 14, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/943823/) 2023-09-14T14:05:15Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr, libwebp, ruby-loofah, and ruby-rails-html-sanitizer), **Fedora** (open-vm-tools and salt), **Oracle** (.NET 7.0, dmidecode, flac, gcc, httpd:2.4, keylime, libcap, librsvg2, and qemu-kvm), **Red Hat** (.NET 6.0 and .NET 7.0), **Slackware** (libarchive and mozilla), **SUSE** (chromium and kernel), and **Ubuntu** (curl, firefox, ghostscript, open-vm-tools, postgresql-9.5, and thunderbird). ⌘ [Read more](https://lwn.net/Articles/944481/) 2023-09-14T16:29:36Z **[$] Why glibc's fstat() is slow**
The [fstat()](https://man7.org/linux/man-pages/man2/stat.2.html)
system call retrieves some of the metadata — owner, size, protections,
timestamps, and so on — associated with an open file descriptor. One might
not think of it as a performance-critical system call, but there are
workloads that make a lot of fstat() calls; it is not something
that should be slowed unnecessarily. As it turns out, though, the GNU C
Library (glibc) has been doing exactly that, but a fix is in the works. ⌘ [Read more](https://lwn.net/Articles/944214/) 2023-09-14T16:59:41Z **Videos from FOSSY released (Software Freedom Conservancy)**
The [Software Freedom Conservancy](https://sfconservancy.org/)
(SFC) has [announced](https://sfconservancy.org/news/2023/sep/14/fossy-videos/)
the availability of [videos](https://archive.org/details/@sfconservancy) from the
first-ever [Free and Open Source Yearly](https://2023.fossy.us/)
(FOSSY) conference, which was held in July in Portland, Oregon in the US.

> During the four days of the conference, there were a wide variety of talks
> from speakers with a range of experien ... ⌘ [Read more](https://lwn.net/Articles/944497/) 2023-09-14T20:58:03Z **PostgreSQL 16 released**
[Version 16](https://www.postgresql.org/docs/16/release-16.html)
of the PostgreSQL database manager has been released.

> PostgreSQL 16 contains many new features and enhancements, including:
>
> - Allow parallelization of FULL and internal right OUTER hash joins
>
> - Allow logical replication from standby servers
>
> - Allow logical replication subscribers to apply large transactions in parallel
>
> - Allow monitoring of I/O statistics using the new pg\_stat\_io view
>
> - Add SQL/JSON constructors and identit ... ⌘ [Read more](https://lwn.net/Articles/944516/) 2023-09-15T14:45:13Z **Security updates for Friday**
Security updates have been issued by **Debian** (c-ares and samba), **Fedora** (borgbackup, firefox, and libwebp), **Oracle** (.NET 6.0 and kernel), **Slackware** (libwebp), **SUSE** (chromium and firefox), and **Ubuntu** (atftp, dbus, gawk, libssh2, libwebp, modsecurity-apache, and mutt). ⌘ [Read more](https://lwn.net/Articles/944581/) 2023-09-15T14:51:21Z **[$] Shrinking shrinker locking overhead**
Much of the kernel's performance is dependent on caching — keeping useful
information around for future use to avoid the cost of looking it up again.
The kernel aggressively caches pages of file data, directory entries,
inodes, slab objects, and much more. Without active measures, though,
caches will tend to grow without bounds, leading to memory exhaustion. The
kernel's "shrinker" mechanism exists to be that active measure, but
shrinkers have some performance difficulties of their own. [This\
p ... ⌘ [Read more](https://lwn.net/Articles/944199/) 2023-09-15T22:50:17Z **The Debian Project mourns the loss of Abraham Raji**
The Debian project is [mourning Abraham Raji](https://www.debian.org/News/2023/20230914), who was killed in an accident on September 13.

> Abraham was a popular and respected Debian Developer as well a prominent free software champion in his home state of Kerala, India. He was a talented graphic designer and led design and branding work for DebConf23 and several other local events in recent years. Abraham gave his time selflessly when mentoring new contributors to the Debian project, ... ⌘ [Read more](https://lwn.net/Articles/944596/) 2023-09-18T05:43:15Z **Kernel prepatch 6.6-rc2**
The [6.6-rc2](https://lwn.net/Articles/944704/) kernel prepatch is out for
testing.

> I think the most notable thing about 6.6-rc2 is simply that it's
> exactly 32 years to the day since the 0.01 release. And that's a round
> number if you are a computer person.
>
> Because other than the random date, I don't see anything that really
> stands out here. ⌘ [Read more](https://lwn.net/Articles/944705/) 2023-09-18T07:14:01Z **Security updates for Monday**
Security updates have been issued by **Debian** (firefox-esr, libwebp, and thunderbird), **Fedora** (chromium, curl, flac, libtommath, libwebp, matrix-synapse, python-matrix-common, redis, and rust-pythonize), **Gentoo** (binwalk, ghostscript, python-requests, rar, samba, and wireshark), **Oracle** (.NET 6.0, kernel, and kernel-container), **Slackware** (python3), and **SUSE** (firefox). ⌘ [Read more](https://lwn.net/Articles/944744/) 2023-09-18T15:10:51Z **[$] Moving physical pages from user space**
Processes in a Linux system run within their own virtual address spaces.
Their virtual addresses map to physical pages provided by the hardware, but
the kernel takes pains to hide the physical addresses of those pages;
processes normally have no way of knowing (and no need to know) where their
memory is located in physical memory. As a result, the system calls for
memory management also deal in virtual addresses. Gregory Price is
currently trying to create an exception to this rule with [a\
pr ... ⌘ [Read more](https://lwn.net/Articles/944115/) 2023-09-19T10:31:12Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (chromium, flac, gnome-shell, libwebp, openjdk-11, and xrdp), **Fedora** (giflib), **Oracle** (kernel), **Red Hat** (busybox, dbus, firefox, frr, kpatch-patch, libwebp, open-vm-tools, and thunderbird), **Slackware** (netatalk), **SUSE** (flac, gcc12, kernel, libeconf, libwebp, libxml2, and thunderbird), and **Ubuntu** (binutils, c-ares, libraw, linux-intel-iotg, nodejs, python-django, and vsftpd). ⌘ [Read more](https://lwn.net/Articles/944848/) 2023-09-19T10:35:56Z **Forty years of GNU**
The Free Software Foundation [looks\
forward to the 40th anniversary of the GNU project](https://www.fsf.org/news/forty-years-of-gnu-and-the-free-software-movement), coming soon:

> On September 27, 1983, a computer scientist named Richard Stallman
> announced the plan to develop a free software Unix-like operating
> system called GNU, for "GNU's not Unix." GNU is the only operating
> system developed specifically for the sake of users' freedom, and
> has remained true to its founding ideals for forty years. ⌘ [Read more](https://lwn.net/Articles/944849/) 2023-09-19T13:12:52Z **[$] The European Cyber Resilience Act**
The security of digital products has become a topic of regulation
in recent years. Currently, the European Union is moving forward
with another new law, which, if it comes into effect in a form
close to the current draft, will affect software developers worldwide.
This new proposal, called the "Cyber
Resilience Act" (CRA), brings mandatory security requirements on all
digital products, both software
and hardware, that are available in Europe. While it aims at a worthy goal, the
proposal is causing ... ⌘ [Read more](https://lwn.net/Articles/944300/) 2023-09-19T14:07:51Z **Four stable kernels released**
The
[6.5.4](https://lwn.net/Articles/944875/),
[6.1.54](https://lwn.net/Articles/944876/),
[5.15.132](https://lwn.net/Articles/944877/), and
[5.10.195](https://lwn.net/Articles/944878/)
stable kernel updates have been released; each contains a relatively large
set of important fixes. ⌘ [Read more](https://lwn.net/Articles/944874/) 2023-09-19T15:39:13Z **JDK 21 released**
JDK 21, the reference implementation of the Java 21 language specification,
[has\
been released](https://mail.openjdk.org/pipermail/jdk-dev/2023-September/008267.html). "This release includes fifteen JEPs [1], including
the final versions of Record Patterns (440), Pattern Matching for switch
(441), and Virtual Threads (444)". ⌘ [Read more](https://lwn.net/Articles/944892/) 2023-09-20T16:11:31Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (frr and libyang), **Fedora** (golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, golang-gopkg-alecthomas-kingpin-2, libpano13, and open-vm-tools), **Oracle** (firefox, frr, and thunderbird), **Red Hat** (dmidecode, kernel, kernel-rt, kpatch-patch, libwebp: critical, linux-firmware, mariadb:10.3, ncurses, postgresql:15, and virt:rhel and virt-devel:rhel), **Scientific Linux** (firefox, open-vm-tools, and thunderbird), **SUSE** (binu ... ⌘ [Read more](https://lwn.net/Articles/945073/) 2023-09-20T16:35:09Z **[$] Using the limited C API for the Python stdlib?**
The "limited" C API for CPython extensions has been around for well over a
decade at this point, but it has not seen much uptake. It is meant to give
extensions an API that will allow binaries built with it to be used for
multiple versions of CPython, because those binaries will only access the stable
A **B** I that will not change when CPython does. Victor Stinner has been
working on better
definition for the
API; as part of that work, he suggested that some of the C extensions in th ... ⌘ [Read more](https://lwn.net/Articles/944764/) 2023-09-21T06:54:18Z **[$] LWN.net Weekly Edition for September 21, 2023**
The LWN.net Weekly Edition for September 21, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/944436/) 2023-09-21T08:29:34Z **Stable kernel 5.10.196**
The [5.10.196](https://lwn.net/Articles/945131/) stable kernel has been
released. It fixes a single regression:

> This release is only needed by any 5.10.y user that uses configfs, it
> resolves a regression in 5.10.195 in that subsystem. Note that many
> kernel subsystems use configfs for configuration so to be safe, you
> probably want to upgrade if you are not sure. ⌘ [Read more](https://lwn.net/Articles/945132/) 2023-09-21T09:44:50Z **Security updates for Thursday**
Security updates have been issued by **Debian** (mutt, netatalk, and python2.7), **Fedora** (chromium, golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, and golang-gopkg-alecthomas-kingpin-2), **Oracle** (dmidecode, frr, libwebp, open-vm-tools, and thunderbird), **Red Hat** (libwebp and open-vm-tools), **SUSE** (cups, frr, mariadb, openvswitch3, python39, qemu, redis7, rubygem-rails-html-sanitizer, and skopeo), and **Ubuntu** (bind9, cups, and libppd). ⌘ [Read more](https://lwn.net/Articles/945173/) 2023-09-21T14:51:27Z **[$] Revisiting the kernel's preemption models (part 1)**
All that Ankur Arora seemingly wanted to do with [this\
patch set](https://lwn.net/ml/linux-kernel/20230830184958.2333078-1-ankur.a.arora@oracle.com/) was to make the process of clearing huge pages on x86
systems go a little faster. What resulted was an extensive discussion on
the difficulties of managing preemption correctly in the kernel. It may be
that some changes will come to the plethora of preemption models that the
kernel currently offers. ⌘ [Read more](https://lwn.net/Articles/944686/) 2023-09-22T12:28:43Z **Security updates for Friday**
Security updates have been issued by **Debian** (gsl), **Fedora** (dotnet6.0 and dotnet7.0), **Oracle** (libwebp), **Slackware** (bind, cups, and seamonkey), **SUSE** (kernel and rust, rust1.72), and **Ubuntu** (cups, flac, gnome-shell, imagemagick, and python3.5). ⌘ [Read more](https://lwn.net/Articles/945322/) 2023-09-22T12:39:01Z **[$] User-space spinlocks with help from rseq()**
Back in May, André Almeida [presented some\
work](https://lwn.net/Articles/931789/) toward the creation of user-space spinlocks using adaptive
spinning. At that time, the work was stalled because there is, in Linux,
currently no way to quickly determine whether a given thread is actually
executing on a CPU. Some progress has since been made on that front; at
the [2023\
Open Source Summit Europe](https://events.linuxfoundation.org/open-source-summit-europe/), Almeida returned to discuss ho ... ⌘ [Read more](https://lwn.net/Articles/944895/) 2023-09-23T11:10:50Z **Saturday's stable kernel updates**
The
[6.5.5](https://lwn.net/Articles/945378/),
[6.1.55](https://lwn.net/Articles/945379/),
[5.15.133](https://lwn.net/Articles/945380/),
[5.10.197](https://lwn.net/Articles/945381/),
[5.4.257](https://lwn.net/Articles/945382/),
[4.19.295](https://lwn.net/Articles/945383/), and
[4.14.326](https://lwn.net/Articles/945384/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/945377/) 2023-09-25T06:19:44Z **Kernel prepatch 6.6-rc3**
The [third 6.6 kernel prepatch](https://lwn.net/Articles/945444/) is out for
testing.

> Unusually, we have a large chunk of changes in filesystems. Part of
> it is the vfs-level revert of some of the timestamp handling that
> needs to soak a bit more, and part of it is some xfs fixes. With a
> few other filesystem fixes too.

The [multi-grain timestamp changes](https://lwn.net/Articles/937247/) turned
out to cause the occasional regression (timestamps that could appear to go
backward) and were taken back ou ... ⌘ [Read more](https://lwn.net/Articles/945445/) 2023-09-25T14:12:29Z **Security updates for Monday**
Security updates have been issued by **Debian** (bind9, elfutils, flac, ghostscript, libapache-mod-jk, lldpd, and roundcube), **Fedora** (linux-firmware, roundcubemail, and thunderbird), **Mageia** (curl, file, firefox/thunderbird, ghostpcl, libtommath, and nodejs), **Oracle** (kernel, open-vm-tools, qemu, and virt:ol and virt-devel:rhel), **SUSE** (bind, busybox, djvulibre, exempi, ImageMagick, libqb, libssh2\_org, opera, postfix, python, python36, renderdoc, webkit2gtk3, and xrdp), and **Ubuntu** (account ... ⌘ [Read more](https://lwn.net/Articles/945503/) 2023-09-25T16:57:47Z **[$] The PuzzleFS container filesystem**
The last year or so has seen the posting of a few new filesystem types that
are aimed at supporting container workloads. PuzzleFS, presented at the
2023 [Kangrejos](https://kangrejos.com/) gathering by Ariel
Miculas, is another contender in this area, but it has some features of its
own, including a novel compression mechanism and an implementation written
in Rust. ⌘ [Read more](https://lwn.net/Articles/945320/) 2023-09-25T20:50:47Z **LibrePCB 1.0.0 Released**
The [1.0 version](https://librepcb.org/blog/2023-09-24_release_1.0.0/) of the [LibrePCB](https://librepcb.org/)
"free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards".
As noted in a [blog post back in May](https://librepcb.org/blog/2023-05-15_roadmap_1.0/), a grant has helped spur development of the tool.
The focus for the release has been in adding features that were needed so that "there should be no show stopper anymore which prevents you f ... ⌘ [Read more](https://lwn.net/Articles/945519/) 2023-09-26T08:52:14Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (exempi, glib2.0, lldpd, and netatalk), **Fedora** (curl, libppd, and linux-firmware), **Oracle** (kernel), and **SUSE** (Cadence, frr, modsecurity, python-CairoSVG, python-GitPython, and tcpreplay). ⌘ [Read more](https://lwn.net/Articles/945559/) 2023-09-26T14:01:56Z **Firefox 118.0 released**
[Version\
118.0](https://www.mozilla.org/en-US/firefox/118.0/releasenotes/) of the Firefox browser has been released. Changes include
improved fingerprinting prevention and automated translation: "Automated
translation of web content is now available to Firefox users! Unlike
cloud-based alternatives, translation is done locally in Firefox, so that
the text being translated does not leave your machine." ⌘ [Read more](https://lwn.net/Articles/945608/) 2023-09-26T20:04:46Z **[$] AI from a legal perspective**
The AI boom is clearly upon us, but there are still plenty of questions
swirling around this technology. Some of those questions are legal ones
and there have been lawsuits filed to try to get clarification—and perhaps
monetary damages. Van Lindberg is a lawyer who is well-known in the
open-source world; he came to [Open\
Source Summit Europe](https://events.linuxfoundation.org/open-source-summit-europe/) 2023 in Bilbao, Spain to try to put the current
work in AI into its legal context. ⌘ [Read more](https://lwn.net/Articles/945504/) 2023-09-27T08:40:49Z **Security updates for Wednesday**
Security updates have been issued by **Oracle** (libtiff), **Red Hat** (libtiff, nodejs:16, and nodejs:18), **Slackware** (mozilla), **SUSE** (bind, cacti, cacti-spine, ImageMagick, kernel, libwebp, netatalk, open-vm-tools, postfix, quagga, wire, and wireshark), and **Ubuntu** (cups, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
 linux-gcp-4.15, linux-hwe, linux-oracle, linux-bluefield, and linux-bluefield, linux-raspi, linux-raspi-5.4). ⌘ [Read more](https://lwn.net/Articles/945700/) 2023-09-27T20:09:14Z **[$] Moving the kernel to large block sizes**
Using larger block sizes in the kernel for I/O is a recurring topic in
storage and
block-layer circles. The topic came up in [discussions](https://lwn.net/Articles/933437/)
at the Linux Storage, Filesystem, Memory-Management and BPF Summit (LSFMM)
back in
May. One of the participants in those discussions, Hannes Reinecke, gave
a talk at Open Source Summit Europe 2023 with an overview of the reasons
behind using larger blocks for I/O, the current status of that work, and
where it all might lea ... ⌘ [Read more](https://lwn.net/Articles/945646/) 2023-09-28T01:11:41Z **[$] LWN.net Weekly Edition for September 28, 2023**
The LWN.net Weekly Edition for September 28, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/945211/) 2023-09-28T13:57:46Z **Security updates for Thursday**
Security updates have been issued by **Debian** (ncurses), **Fedora** (emacs, firecracker, firefox, libkrun, python-oauthlib, and virtiofsd), **Mageia** (glibc and vim), **Oracle** (18), **SUSE** (bind, binutils, busybox, cni, cni-plugins, container-suseconnect, containerd, curl, exempi, ffmpeg, firefox, go1.19-openssl, go1.20-openssl, gpg2, grafana, gsl, gstreamer-plugins-bad, gstreamer-plugins-base, libpng15, libwebp, mutt, nghttp2, open-vm-tools, pmix, python-brotlipy, python3, python310, qemu, quagga, ... ⌘ [Read more](https://lwn.net/Articles/945829/) 2023-09-28T15:07:20Z **[$] Security policies for GNU toolchain projects**
While the CVE process was created in response to real problems, it's [increasingly clear](https://lwn.net/Articles/944209/) that CVE numbers are
creating problems of their own. At the [2023 GNU Tools Cauldron](https://gcc.gnu.org/wiki/cauldron2023),
Siddhesh Poyarekar expressed the frustration that toolchain developers have
felt as the result of arguing with security researchers about CVE-number
assignments. In response, the GNU toolchain community is trying to better
characterize what ... ⌘ [Read more](https://lwn.net/Articles/945536/) 2023-09-29T15:20:04Z **Security updates for Friday**
Security updates have been issued by **Debian** (firefox-esr, jetty9, and vim), **Gentoo** (Fish, GMP, libarchive, libsndfile, Pacemaker, and sudo), **Oracle** (nodejs:16 and nodejs:18), **Red Hat** (virt:av and virt-devel:av), **Slackware** (mozilla), **SUSE** (chromium, firefox, Golang Prometheus, iperf, libqb, and xen), and **Ubuntu** (linux-raspi). ⌘ [Read more](https://lwn.net/Articles/945965/) 2023-09-29T17:25:28Z **[$] Impressions from the GNU Project's 40th anniversary celebration**
On September 27, 1983, Richard Stallman [announced the\
founding of the GNU project](https://www.gnu.org/gnu/initial-announcement.en.html). His goal, which seemed wildly optimistic
and unattainable at the time, was to write a complete Unix-like operating
system from the beginning
and make it freely available. Exactly 40 years later, the GNU project
celebrated with [a hacker meeting](https://www.gnu.org/gnu40) in
Switzerland. Your editor had the good fortune to be able ... ⌘ [Read more](https://lwn.net/Articles/945912/) 2023-09-30T14:22:32Z **Multiple Exim security vulnerabilities disclosed**
The "Zero Day Initiative" site has posted a number of advisories ( [1](https://www.zerodayinitiative.com/advisories/ZDI-23-1473/), [2](https://www.zerodayinitiative.com/advisories/ZDI-23-1472/), [3](https://www.zerodayinitiative.com/advisories/ZDI-23-1471/), [4](https://www.zerodayinitiative.com/advisories/ZDI-23-1470/), [5](https://www.zerodayinitiative.com/advisories/ZDI-23-1469/), [6](https://www.zerodayinitiative.com/advisories/ZDI-23-1468/))
describing a number of flaws in the Exim ... ⌘ [Read more](https://lwn.net/Articles/946004/) 2023-10-02T02:54:07Z **Kernel prepatch 6.6-rc4**
Linus has released [6.6-rc4](https://lwn.net/Articles/946092/) for testing.
"There's nothing particularly odd in here, if you don't count a week of
no networking pull as being odd. That does result in rc4 being fairly
small, but I suspect we'll just see a bigger rc5 to compensate." ⌘ [Read more](https://lwn.net/Articles/946093/) 2023-10-02T14:34:48Z **Security updates for Monday**
Security updates have been issued by **Debian** (chromium, cups, firefox-esr, firmware-nonfree, gerbv, jetty9, libvpx, mosquitto, open-vm-tools, python-git, python-reportlab, and trafficserver), **Fedora** (firefox, giflib, libvpx, libwebp, webkitgtk, and xen), **Gentoo** (Chromium, Google Chrome, Microsoft Edge, ClamAV, GNU Binutils, and wpa\_supplicant, hostapd), **Mageia** (flac, giflib, indent, iperf, java, libvpx, libxml2, quictls, wireshark, and xrdp), **Oracle** (kernel), **Slackware** (libvpx and mo ... ⌘ [Read more](https://lwn.net/Articles/946186/) 2023-10-02T14:48:13Z **Python 3.12 released**
Version 3.12 of the Python programming language has been [released](https://www.python.org/downloads/release/python-3120/). The " [What’s New In Python 3.12](https://docs.python.org/dev/whatsnew/3.12.html)" page has plenty of details. Highlights of the release include [isolated subinterpreter support](https://lwn.net/Articles/941090/), more [improvements to error messages](https://lwn.net/Articles/895587/), [more flexible f-strings](https://lwn.net/Articles/919426/), [Linux perf support](https://lwn.net/Articles/9 ... ⌘ [Read more](https://lwn.net/Articles/946189/) 2023-10-02T16:24:51Z **Notes from the Git Contributor's Summit**
For those who are curious about the recently concluded Git Contributor's
Summit, Taylor Blau has posted [an extensive set of notes](https://lwn.net/ml/git/ZRregi3JJXFs4Msb@nand.local/)
from the event. Topics include next-generation backends, libification,
backward compatibility, project management, and more. ⌘ [Read more](https://lwn.net/Articles/946208/) 2023-10-02T16:30:35Z **[$] Revisiting the kernel's preemption model, part 2**
In [last week's episode](https://lwn.net/Articles/944686/), a need to preempt
kernel code that is executing long-running instructions led to a deeper
reexamination of how the kernel handles preemption. There are a number of
supported preemption modes, varying from "none" (kernel code is never
preemptible) to realtime (where the kernel is almost always preemptible).
Making better use of the kernel's preemption machinery looked like a
possible solution to the immediate problem, but it ... ⌘ [Read more](https://lwn.net/Articles/945422/) 2023-10-03T13:13:37Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (exim4), **Fedora** (firecracker, rust-aes-gcm, rust-axum, rust-tokio-tungstenite, rust-tungstenite, and rust-warp), **Gentoo** (nvidia-drivers), **Mageia** (chromium-browser-stable, glibc, and libwebp), **Red Hat** (kernel), **SUSE** (ghostscript and python3), and **Ubuntu** (firefox, libtommath, libvpx, and thunderbird). ⌘ [Read more](https://lwn.net/Articles/946313/) 2023-10-03T13:31:14Z **Vulnerable Arm GPU drivers under active exploitation (ars technica)**
Ars technica [reports\
on an Arm advisory](https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/) regarding exploitable vulnerabilities in a number of
its GPU drivers.

> The most prevalent platform affected by the vulnerability is
> Google’s line of Pixels, which are one of the only Android models
> to receive security updates on a timely basis. Google patched
> Pixels in its September update ag ... ⌘ [Read more](https://lwn.net/Articles/946315/) 2023-10-03T18:50:31Z **A local root vulnerability in glibc**
Qualys has posted [an\
advisory](https://lwn.net/ml/oss-security/20231003175031.GA16924@localhost.localdomain/) for a vulnerability in the GNU C Library related to the
handling of the GLIBC\_TUNABLES environment variable:

> We successfully exploited this vulnerability and obtained full root
> privileges on the default installations of Fedora 37 and 38, Ubuntu
> 22.04 and 23.04, Debian 12 and 13; other distributions are probably
> also vulnerable and exploitable (one notable exception is Alpine
> ... ⌘ [Read more](https://lwn.net/Articles/946381/) 2023-10-03T19:42:45Z **[$] Linux ecosystem contributions from SteamOS**
The [SteamOS](https://store.steampowered.com/steamos) Linux
distribution is focused on gaming, naturally, but the effort to build it
has resulted
in contributions to multiple areas in the Linux ecosystem. Alberto Garcia
has been working on SteamOS and came to Bilbao, Spain to describe some of those
contributions at Open Source Summit Europe 2023. There are some obvious
areas where a gaming-focused OS might contribute upstream, such as
graphics, but the talk showed contributions in several ... ⌘ [Read more](https://lwn.net/Articles/946188/) 2023-10-04T13:21:32Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (glibc, postgresql-11, and thunderbird), **Fedora** (openmpi, pmix, prrte, and slurm), **Gentoo** (glibc and libvpx), **Oracle** (kernel), **Red Hat** (kernel), **Slackware** (libX11 and libXpm), **SUSE** (firefox, kernel, libeconf, libqb, libraw, libvpx, libX11, libXpm, mdadm, openssl-1\_1, poppler, postfix, python311, rubygem-puma, runc, and vim), and **Ubuntu** (freerdp2, glibc, grub2-signed, grub2-unsigned, libx11, libxpm, linux-intel-iotg, linux-intel- ... ⌘ [Read more](https://lwn.net/Articles/946496/) 2023-10-04T13:26:57Z **OpenSSH 9.5 released**
OpenSSH 9.5 is out. Significant changes include a transport-level ping
mechanism and keystroke timing obfuscation:

> This attempts to hide inter-keystroke timings by sending
> interactive traffic at fixed intervals (default: every 20ms) when
> there is only a small amount of data being sent. It also sends fake
> "chaff" keystrokes for a random interval after the last real
> keystroke. These are controlled by a new ssh\_config
> ObscureKeystrokeTiming keyword. ⌘ [Read more](https://lwn.net/Articles/946497/) 2023-10-04T21:14:09Z **[$] BPF and security**
The [eBPF in-kernel virtual machine](https://lwn.net/Articles/740157/) is
approaching its tenth anniversary as part of Linux; it has grown into a
tool with many types of uses in the ecosystem. Alexei Starovoitov, who
was the creator of eBPF and did much of the development of it, especially
in the early going, gave the opening talk at
[Linux\
Security Summit Europe](https://events.linuxfoundation.org/linux-security-summit-europe/) 2023 on the relationship between BPF and
security. In it, he related some interesting ... ⌘ [Read more](https://lwn.net/Articles/946389/) 2023-10-05T01:17:08Z **[$] LWN.net Weekly Edition for October 5, 2023**
The LWN.net Weekly Edition for October 5, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/945834/) 2023-10-05T14:11:27Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium, libx11, and libxpm), **Fedora** (ckeditor, drupal7, glibc, golang-github-cncf-xds, golang-github-envoyproxy-control-plane, golang-github-hashicorp-msgpack, golang-github-minio-highwayhash, golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, golang-github-protobuf, golang-google-protobuf, nats-server, and pgadmin4), **Red Hat** (firefox and thunderbird), **SUSE** (chromium, exim, ... ⌘ [Read more](https://lwn.net/Articles/946698/) 2023-10-05T14:26:58Z **[$] GCC features to help harden the kernel**
Hardening the Linux kernel is an endless task, with work required on
multiple fronts. Sometimes, that work is not done in the kernel itself;
other tools, including compilers, can have a significant role to play.
At the [2023 GNU Tools\
Cauldron](https://gcc.gnu.org/wiki/cauldron2023), Qing Zhao covered some of the work that has been done in the
GCC compiler to help with the hardening of the kernel — along with work
that still needs to be done. ⌘ [Read more](https://lwn.net/Articles/946041/) 2023-10-05T20:52:55Z **Ferrocene released as open source**
Ferrous Systems has [announced](https://ferrous-systems.com/blog/ferrocene-open-source/)
that its Ferrocene Rust compiler will be released under the Apache-2.0 and
MIT licenses.

> Ferrocene is the main Rust compiler - rustc - but quality managed
> and qualified for use in automotive and industrial environments
> (currently by ISO 26262 and IEC 61508) by Ferrous Systems. It
> operates as a downstream to the Rust project, further increasing
> its testing and quality on specific platforms.

The lice ... ⌘ [Read more](https://lwn.net/Articles/946732/) 2023-10-06T14:34:37Z **Security updates for Friday**
Security updates have been issued by **Debian** (grub2, libvpx, libx11, libxpm, and qemu), **Fedora** (firefox, matrix-synapse, tacacs, thunderbird, and xrdp), **Oracle** (glibc), **Red Hat** (bind, bind9.16, firefox, frr, ghostscript, glibc, ImageMagick, libeconf, python3.11, python3.9, and thunderbird), **Scientific Linux** (ImageMagick), **SUSE** (kernel, libX11, and tomcat), and **Ubuntu** (linux-hwe-5.15, linux-oracle-5.15). ⌘ [Read more](https://lwn.net/Articles/946848/) 2023-10-06T14:38:29Z **[$] The challenge of compiling for verified architectures**
On its surface, the BPF virtual machine resembles many other computer
architectures; it has registers and instructions to perform the usual
operations. But there is a key difference: BPF programs must pass the
kernel's verifier before they can be run. The verifier imposes a long list
of additional restrictions so that it can prove to itself that any given
program is safe to run; getting past those checks can be a source of
frustration for BPF developers. At the [2023 GNU Tools ... ⌘ [Read more](https://lwn.net/Articles/946254/) 2023-10-06T14:49:13Z **Stable kernels 6.5.6, 6.1.56, and 5.15.134**
The latest round of stable kernels, [6.5.6](https://lwn.net/Articles/946853/),
[6.1.56](https://lwn.net/Articles/946854/), and [5.15.134](https://lwn.net/Articles/946855/), have been released. Each contains a
fairly large collection of important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/946852/) 2023-10-06T16:18:12Z **The end of the Red Hat security-announcements list**
Red Hat has [announced](https://listman.redhat.com/archives/rhsa-announce/2023-October/012854.html)
that its longstanding "rhsa-announce" mailing list will be shut down on
October 10. That is the list that receives security advisories for
Red Hat Enterprise Linux and a whole slew of related products. Anybody who
was counting on that list for Red Hat security advisories will need to find
an alternative; a few options are listed in the announcement. ⌘ [Read more](https://lwn.net/Articles/946851/) 2023-10-08T21:11:05Z **Kernel prepatch 6.6-rc5**
Linus has released [6.6-rc5](https://lwn.net/Articles/947053/) for testing.
"Things are back to normal, and we have a networking pull this
week." ⌘ [Read more](https://lwn.net/Articles/947054/) 2023-10-09T14:23:06Z **Security updates for Monday**
Security updates have been issued by **Debian** (freerdp2, gnome-boxes, grub2, inetutils, lemonldap-ng, prometheus-alertmanager, python-urllib3, thunderbird, and vinagre), **Fedora** (freeimage, fwupd, libspf2, mingw-freeimage, thunderbird, and vim), **Gentoo** (c-ares, dav1d, Heimdal, man-db, and Oracle VirtualBox), **Oracle** (bind, bind9.16, firefox, ghostscript, glibc, ImageMagick, and thunderbird), **Slackware** (netatalk), **SUSE** (ImageMagick, nghttp2, poppler, python, python-gevent, and yq), and ** ... ⌘ [Read more](https://lwn.net/Articles/947117/) 2023-10-09T14:50:46Z **[$] Rethinking multi-grain timestamps**
One of the significant features added to the mainline kernel during the 6.6
merge window was multi-grain timestamps, which allow the kernel to
selectively store file modification times with higher resolution without
hurting performance. Unfortunately, this feature also caused some
surprising regressions, and was quickly ushered back out of the kernel as a
result. It is instructive to look at how this feature went wrong, and how
the developers involved plan to move forward from here. ⌘ [Read more](https://lwn.net/Articles/946394/) 2023-10-09T14:55:28Z **Incus 0.1 released**
The [Linux Containers project](https://linuxcontainers.org/) has
[announced](https://discuss.linuxcontainers.org/t/incus-0-1-has-been-released/18036)
the release version 0.1 of the [Incus](https://linuxcontainers.org/incus/) system container and
virtual-machine manager, which is a community-led fork of Canonical's [LXD](https://ubuntu.com/lxd). Incus 0.1 "is roughly
equivalent to LXD 5.18 but with a number of breaking changes on top of the
obvious rename". There have been some changes made in the two months
since th ... ⌘ [Read more](https://lwn.net/Articles/947136/) 2023-10-10T13:27:17Z **Security updates for Tuesday**
Security updates have been issued by **Fedora** (chromium, firefox, and kernel), **Gentoo** (less and libcue), **Red Hat** (bind, libvpx, nodejs, and python3), **Scientific Linux** (firefox and thunderbird), **SUSE** (conmon, go1.20, go1.21, shadow, and thunderbird), and **Ubuntu** (libcue, ring, and ruby-kramdown). ⌘ [Read more](https://lwn.net/Articles/947233/) 2023-10-10T13:47:52Z **A remote code execution vulnerability in GNOME**
The GitHub blog [describes\
a vulnerability in the libcue library](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/) (which is used by the GNOME
desktop) that can be exploited by a remote attacker to run code on a
desktop system if the target can be convinced to click on a malicious link.

> The video shows me clicking a link in a webpage, which causes a cue
> sheet to be downloaded. Because the file is saved to ~/Downloads,
> it is then automat ... ⌘ [Read more](https://lwn.net/Articles/947236/) 2023-10-10T18:03:20Z **[$] Progress on no-GIL CPython**
Back at the end of July, the Python steering council [announced](https://discuss.python.org/t/a-steering-council-notice-about-pep-703-making-the-global-interpreter-lock-optional-in-cpython/30474)
its intention to approve the proposal to make the global interpreter lock
(GIL) optional over the next few Python releases. The details of that
acceptance are still being decided on, but work on the feature is
proceeding—in discussion form at least. Beyond that, though, there are
efforts underway to solve that h ... ⌘ [Read more](https://lwn.net/Articles/947138/) 2023-10-10T20:27:30Z **Seven stable kernel updates**
The
[6.5.7](https://lwn.net/Articles/947297/),
[6.1.57](https://lwn.net/Articles/947298/),
[5.15.135](https://lwn.net/Articles/947299/),
[5.10.198](https://lwn.net/Articles/947300/),
[5.4.258](https://lwn.net/Articles/947301/),
[4.19.296](https://lwn.net/Articles/947302/), and
[4.14.327](https://lwn.net/Articles/947303/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/947296/) 2023-10-11T12:44:58Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (curl, mediawiki, tomcat10, and tomcat9), **Fedora** (libcaca, oneVPL, oneVPL-intel-gpu, and tracker-miners), **Gentoo** (curl), **Mageia** (cups and firefox, thunderbird), **Red Hat** (curl, kernel, kernel-rt, kpatch-patch, libqb, libssh2, linux-firmware, python-reportlab, tar, and the virt:rhel module), **Slackware** (curl, libcue, libnotify, nghttp2, and samba), **SUSE** (conmon, curl, glibc, kernel, php-composer2, python-reportlab, samba, and shadow), a ... ⌘ [Read more](https://lwn.net/Articles/947409/) 2023-10-11T12:52:40Z **Curl 8.4.0 released**
[Version\
8.4.0](https://daniel.haxx.se/blog/2023/10/11/curl-8-4-0/) of the curl data-transfer tool has been released, mostly in
response to a relatively severe security vulnerability that can be
triggered when a SOCKS5 proxy server is in use. See [this\
blog post](https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/) for details on what went wrong. "In hindsight, shipping a
heap overflow in code installed in over twenty billion instances is not an
experience I would recommend." ⌘ [Read more](https://lwn.net/Articles/947411/) 2023-10-11T20:11:02Z **[$] Remote execution in the GNOME tracker**
While the vulnerability itself is pretty run-of-the-mill, the recently [disclosed](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/)
GNOME vulnerability has a number of interesting facets. The problem lies
in a library that reads files in a fairly obscure format, but it turns out
that files in that format are routinely—automatically—processed by GNOME if
they are downloaded to the local system. That turns a vulnerability in a
largely unknown library in ... ⌘ [Read more](https://lwn.net/Articles/947288/) 2023-10-12T00:42:24Z **[$] LWN.net Weekly Edition for October 12, 2023**
The LWN.net Weekly Edition for October 12, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/946626/) 2023-10-12T13:47:47Z **Security updates for Thursday**
Security updates have been issued by **Debian** (libcue, org-mode, python3.7, and samba), **Fedora** (libcue, oneVPL, oneVPL-intel-gpu, and xen), **Mageia** (glibc), **Oracle** (glibc, kernel, libssh2, libvpx, nodejs, and python-reportlab), **Slackware** (libcaca), **SUSE** (gsl, ImageMagick, kernel, opensc, python-urllib3, qemu, rage-encryption, samba, and xen), and **Ubuntu** (curl and samba). ⌘ [Read more](https://lwn.net/Articles/947570/) 2023-10-12T14:40:47Z **[$] Finer-grained BPF tokens**
Programs running in the BPF machine can, depending on how they are
attached, perform a number of privileged operations; the ability to load
and run those programs, thus, must be a privileged operation in its own
right. Almost since the beginning of the extended-BPF era, developers have
struggled to find a way to allow users to run the programs they need
without giving away more privilege than is necessary. Earlier this year,
the idea of a [BPF token](https://lwn.net/Articles/935195/) ran into some
oppositi ... ⌘ [Read more](https://lwn.net/Articles/947173/) 2023-10-12T16:24:23Z **Civil Infrastructure Platform to maintain 6.1 for 10 years**
The Civil Infrastructure Platform project has [announced](https://www.prnewswire.com/news-releases/civil-infrastructure-platform-expands-super-long-term-stable-kernel-program-with-a-6-1-based-series-301955086.html)
that it will be maintaining the 6.1 kernel for a minimum of ten years past
its initial release (and, thus, through 2032).

> CIP kernels are maintained like regular long-term-stable (LTS)
> kernels, and developers of the CIP kernel are also involved in LTS
> kerne ... ⌘ [Read more](https://lwn.net/Articles/947606/) 2023-10-13T14:01:25Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, tomcat9, and webkit2gtk), **Fedora** (cacti, cacti-spine, grafana-pcp, libcue, mbedtls, samba, and vim), **Oracle** (kernel, libvpx, and thunderbird), **Red Hat** (bind and galera, mariadb), **SUSE** (exiv2, go1.20, go1.21, and kernel), and **Ubuntu** (ffmpeg). ⌘ [Read more](https://lwn.net/Articles/947710/) 2023-10-13T14:45:50Z **OpenWrt 23.05.0 released**
[Version\
23.05.0](https://lwn.net/ml/openwrt-announce/5d771d39-3a79-452f-9fe4-eaa69c9aff97@hauke-m.de/) of the OpenWrt distribution has been released: "OpenWrt
23.05 supports over 1790 devices. Support for over 200 new devices was
added in addition to the device support by OpenWrt 22.03". Along with
new device support, this release features a switch to the mbedtls
cryptographic library, the ability to include utilities written in Rust, an
updated toolchain, and more. ⌘ [Read more](https://lwn.net/Articles/947727/) 2023-10-13T15:07:11Z **Ubuntu 23.10 released**
[Version\
23.10](https://canonical.com/blog/canonical-releases-ubuntu-23-10-mantic-minotaur) of the Ubuntu distribution is out. Changes include support for
hardware-backed full-disk encryption, tighter control over user namespaces,
a new App Center application, and more. ⌘ [Read more](https://lwn.net/Articles/947733/) 2023-10-15T19:15:13Z **Stable kernel 6.1.58 released**
The [6.1.58](https://lwn.net/Articles/947820/) stable kernel update has been
released; it consists mostly of a handful of reverts in the NFS subsystem. ⌘ [Read more](https://lwn.net/Articles/947819/) 2023-10-15T22:22:24Z **Kernel prepatch 6.6-rc6**
The [6.6-rc6](https://lwn.net/Articles/947826/) kernel prepatch is out for
testing. "So the previous week has been pretty calm, and a lot of the
discussion has been about future changes as so often happens late in the
release cycle." ⌘ [Read more](https://lwn.net/Articles/947825/) 2023-10-16T13:55:20Z **Security updates for Monday**
Security updates have been issued by **Debian** (batik, poppler, and tomcat9), **Fedora** (chromium, composer, curl, emacs, ghostscript, libwebp, libXpm, netatalk, nghttp2, python-asgiref, python-django, and webkitgtk), **Mageia** (curl and libX11), **Oracle** (bind, busybox, firefox, and kernel), **Red Hat** (curl, dotnet6.0, dotnet7.0, and nginx), **SUSE** (chromium, cni, cni-plugins, grub2, netatalk, opensc, opera, and wireshark), and **Ubuntu** (iperf3). ⌘ [Read more](https://lwn.net/Articles/947891/) 2023-10-16T15:20:27Z **[$] The 2023 Image-Based Linux Summit**
Following up from [last year's first Image-Based\
Linux Summit](https://lwn.net/Articles/912774/)), a second meeting was held in Berlin on September 12th,
2023, the day before [All Systems Go!\
2023](https://all-systems-go.io/), at the Microsoft office. The goal of these summits is to find
common ground among stakeholders from various engineering groups around the
topic of image-based Linux distributions, communicate progress, and attempt
to build a strategy to tackle shared problems together. The ... ⌘ [Read more](https://lwn.net/Articles/946526/) 2023-10-16T16:13:31Z **OpenBSD 7.4 released**
OpenBSD 7.4 is out. Changes include a new kqueue1() system call
that allows close-on-exec behavior, support for better arm64 control-flow
integrity, support for TCP segmentation offloading, and much more. ⌘ [Read more](https://lwn.net/Articles/947927/) 2023-10-17T13:55:34Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (axis, nghttp2, node-babel7, and tomcat9), **Fedora** (curl and ghostscript), **Oracle** (bind, kernel-container, mariadb:10.5, and python3.11), **Red Hat** (.NET 7.0, go-toolset, golang, and go-toolset:rhel8), **SUSE** (kernel, libcue, libxml2, python-Django, and python-gevent), and **Ubuntu** (curl, ghostscript, iperf3, libcue, python2.7, quagga, and samba). ⌘ [Read more](https://lwn.net/Articles/948010/) 2023-10-17T14:48:10Z **[$] Improving C-library scalability with restartable sequences**
The Linux kernel has supported [restartable\
sequences](https://lwn.net/Articles/697979/) (sometimes referred to as "RSEQ") since 2018, but it remains
a bit of a niche feature, mostly useful to performance-oriented developers
who do not mind writing assembly code. According to Mathieu Desnoyers, the
behind the kernel's implementation of restartable sequences, this feature
can be applicable to a much wider range of performance-sensitive code with
proper library support. He ... ⌘ [Read more](https://lwn.net/Articles/946870/) 2023-10-18T13:20:18Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (slurm-wlm), **Fedora** (icecat and python-configobj), **Oracle** (dotnet6.0, kernel-container, nginx, nginx:1.20, nginx:1.22, and python3.9), **Red Hat** (bind9.16, curl, dotnet6.0, kernel-rt, kpatch-patch, nghttp2, nodejs, python-reportlab, and virt:rhel), **Slackware** (util), **SUSE** (buildah, conmon, erlang, glibc, kernel, nghttp2, opensc, python-urllib3, samba, slurm, and suse-module-tools), and **Ubuntu** (frr, linux-azure, and pmix). ⌘ [Read more](https://lwn.net/Articles/948097/) 2023-10-18T13:38:30Z **The GNOME Foundation's new executive director**
The GNOME Foundation has [announced](https://foundation.gnome.org/2023/10/17/foundation-welcomes-new-executive-director/)
the hiring of Holly Million as its new executive director.

> Holly is a multi-talented individual with a diverse background in
> nonprofit leadership, filmmaking, teaching, public speaking, and
> writing. Her commitment to empowering individuals to make a
> positive impact aligns perfectly with the values and goals of the
> GNOME Foundation. ⌘ [Read more](https://lwn.net/Articles/948098/) 2023-10-18T14:18:31Z **[$] Defining open hardware**
Open-source hardware (or open hardware) refers to hardware that is
developed in a manner similar to open-source software. There's a widely
accepted definition of open-source hardware, but it is probably not as well
known as its open-source-software counterpart. In addition, there is a popular
certification program that hardware makers can use to indicate which of
their devices meets that criteria. But there are some vendors that are
showing more enthusiasm than others in participating in the process—or in
pr ... ⌘ [Read more](https://lwn.net/Articles/945870/) 2023-10-19T00:32:03Z **[$] LWN.net Weekly Edition for October 19, 2023**
The LWN.net Weekly Edition for October 19, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/947529/) 2023-10-19T14:15:43Z **Security updates for Thursday**
Security updates have been issued by **Debian** (node-babel), **Fedora** (moodle), **Gentoo** (mailutils), **Oracle** (go-toolset:ol8 and java-11-openjdk), **Red Hat** (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), **SUSE** (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and **Ubuntu** (glib2.0, openssl, and vips). ⌘ [Read more](https://lwn.net/Articles/948246/) 2023-10-19T15:12:56Z **[$] Toward safer GNU C Library tunable handling**
When considering the interface provided by the GNU C Library (glibc),
thoughts naturally turn to the programming interface as specified by POSIX,
along with numerous extensions added over the years. But glibc also
provides a "tunables" interface to control how the library operates; rather
than being managed by a C API, tunables are set with the
GLIBC\_TUNABLES environment
variable. Glibc tunables have been a part of a few security problems
involving setuid binaries, most recently the ["L ... ⌘ [Read more](https://lwn.net/Articles/947736/) 2023-10-19T21:41:31Z **Three stable kernel updates**
The
[6.5.8](https://lwn.net/Articles/948298/),
[6.1.59](https://lwn.net/Articles/948299/), and
[5.15.136](https://lwn.net/Articles/948300/)
stable kernel updates have been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/948297/) 2023-10-20T13:33:46Z **Security updates for Friday**
Security updates have been issued by **Debian** (linux-5.10 and webkit2gtk), **Fedora** (matrix-synapse and trafficserver), **Mageia** (chromium-browser-stable, ghostscript, libxpm, and ruby-RedCloth), **Oracle** (.NET 7.0, curl, dotnet7.0, galera, mariadb, go-toolset, golang, java-1.8.0-openjdk, and python-reportlab), **Red Hat** (php, php:8.0, tomcat, and varnish), **Slackware** (httpd), **SUSE** (bluetuith, grub2, kernel, rxvt-unicode, and suse-module-tools), and **Ubuntu** (dotnet6, dotnet7, dotnet8, li ... ⌘ [Read more](https://lwn.net/Articles/948368/) 2023-10-20T16:27:53Z **[$] mseal() and what comes after**
Jeff Xu recently [proposed](https://lwn.net/ml/linux-kernel/20231016143828.647848-1-jeffxu@chromium.org/)
the addition of a new system call, named mseal(), that would allow
applications to prevent modifications to selected memory mappings. It
would enable the hardening of user-space applications against certain types
of attacks; some other operating systems have this type of feature already.
There is support for adding this type of mechanism to the Linux kernel as
well, but it has become clear that mse ... ⌘ [Read more](https://lwn.net/Articles/948129/) 2023-10-23T00:34:15Z **Kernel prepatch 6.6-rc7**
Linus has released [6.6-rc7](https://lwn.net/Articles/948468/) for testing.

> Anyway, while this is all bigger than I'd have liked it to be, if
> the upcoming week is quiet and normal, this is the last rc and next
> Sunday will see the final release and then we'll open the merge
> window for 6.7. I simply am not aware of any issues that would be
> showstoppers. ⌘ [Read more](https://lwn.net/Articles/948469/) 2023-10-23T13:07:27Z **[$] Hyphens, minus, and dashes in Debian man pages**
It is probably fair to say that most Linux users spend little time thinking
about the troff typesetting program, despite that application's
groundbreaking role in computing history. Troff (along with nroff) is
still with us, though, even if they are called [groff](https://www.gnu.org/software/groff/) these days, and every
now and then they make their presence known. A recent groff change created
a bit of a tempest within the Debian community, and has effectively been
reverted there. I ... ⌘ [Read more](https://lwn.net/Articles/947941/) 2023-10-23T13:06:30Z **Security updates for Monday**
Security updates have been issued by **Debian** (krb5, redis, roundcube, ruby-rack, ruby-rmagick, zabbix, and zookeeper), **Fedora** (ansible-core, chromium, libvpx, mingw-xerces-c, python-asgiref, python-django, and vim), **Mageia** (cadence, kernel, kernel-linus, libxml2, nodejs, and shadow-utils), **Oracle** (nghttp2), **Slackware** (LibRaw), and **SUSE** (chromium, java-11-openjdk, nodejs18, python-Django, python-urllib3, and suse-module-tools). ⌘ [Read more](https://lwn.net/Articles/948522/) 2023-10-23T22:22:04Z **2013 Linux Foundation TAB election call for nominees**
The 2013 election for members of the Linux Foundation Technical Advisory
Board will be held during the upcoming [Linux\
Plumbers Conference](https://lpc.events/). The [call\
for nominees](https://lwn.net/ml/ksummit-discuss/a13b3481-ec35-446d-ac7d-9581ce87646f@intel.com/) has been posted.

> The TAB exists to provide advice from the kernel community to the
> Linux Foundation; it also serves to facilitate interactions both
> within the community and with outside entities. Over the l ... ⌘ [Read more](https://lwn.net/Articles/948589/) 2023-10-24T13:39:07Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (ceph and dbus), **Fedora** (cachelib, fb303, fbthrift, fizz, folly, matrix-synapse, mcrouter, mvfst, nats-server, nodejs18, proxygen, wangle, watchman, and wdt), **Mageia** (libcue), **Oracle** (18, grafana, kernel, nodejs, nodejs:16, nodejs:18, php, php:8.0, and tomcat), **Red Hat** (python27:2.7, python3, python39:3.9, python39-devel:3.9, toolbox, varnish, and varnish:6), **SUSE** (fwupdate, gcc13, icu73\_2, netty, netty-tcnative, and xen), and **Ubuntu** ... ⌘ [Read more](https://lwn.net/Articles/948688/) 2023-10-24T14:40:48Z **[$] Home Assistant: ten years of privacy-focused home automation**
Many home-automation devices come with their own mobile app or cloud
service. However, using multiple apps or services is
inconvenient, so it's (purposely) tempting to only buy devices from the same
vendor, but this can lead to lock-in. One project that lets
users manage home-automation devices from various vendors without lock-in
is [Home Assistant](https://www.home-assistant.io). Over its
ten-year existence, it has developed into a user-friendly home-automation
platfor ... ⌘ [Read more](https://lwn.net/Articles/947843/) 2023-10-24T14:40:13Z **Firefox 119.0 released**
[Version\
119.0](https://www.mozilla.org/en-US/firefox/119.0/releasenotes/) of the Firefox browser has been released. The list of changes
includes improvements to [Firefox\
View](https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view), some PDF-editing improvements, better cookie protection, [encrypted\
client hello](https://blog.mozilla.org/en/products/firefox/encrypted-hello/) support, and more. ⌘ [Read more](https://lwn.net/Articles/948691/) 2023-10-25T15:29:07Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), **Fedora** (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), **Mageia** (redis), **Oracle** (dnsmasq, python27:2.7, python3, tomcat, and varnish), **Red Hat** (python39:3.9, python39-devel:3.9), **Slackware** (mozilla and vim), **SUSE** (openssl-3, poppler, ruby2.5, and xen), and **Ubuntu** (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, an ... ⌘ [Read more](https://lwn.net/Articles/948814/) 2023-10-25T15:45:42Z **The path toward a no-GIL Python**
The Python Steering Council has posted [a\
detailed plan](https://discuss.python.org/t/pep-703-making-the-global-interpreter-lock-optional-in-cpython-acceptance/37075) for the addition of "free-threaded" (no global
interpreter lock) support into the Python mainline. It will not be a short
process and does not have a guaranteed successful outcome.

> Phase I: Experimental phase, which can start immediately, in which
> the free-threaded build is enabled through a build-time
> option. This should not be ... ⌘ [Read more](https://lwn.net/Articles/948823/) 2023-10-25T16:13:08Z **[$] Weighted interleaving for memory tiering**
The kernel has, for many years, had the ability to control how memory
allocation is performed in systems with multiple NUMA nodes. More
recently, NUMA nodes have also been pressed into service to represent
different classes of memory; those nodes are now organized into tiers
according to their performance characteristics. While memory-allocation
policies can control the placement of pages at the NUMA-node level, the
kernel provides no way to connect those policies with memory tiers. [This\
 ... ⌘ [Read more](https://lwn.net/Articles/948037/) 2023-10-26T00:02:05Z **[$] LWN.net Weekly Edition for October 26, 2023**
The LWN.net Weekly Edition for October 26, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/948210/) 2023-10-26T14:12:18Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr and xorg-server), **Fedora** (firefox, mbedtls, nodejs18, nodejs20, and xen), **Gentoo** (libinput, unifi, and USBView), **Mageia** (python-nltk), **Oracle** (linux-firmware), **Red Hat** (nginx:1.22), **SUSE** (chromium, firefox, java-11-openjdk, jetty-minimal, nghttp2, nodejs18, webkit2gtk3, and zlib), and **Ubuntu** (linux, linux-lowlatency, linux-oracle-5.15, vim, and xorg-server, xwayland). ⌘ [Read more](https://lwn.net/Articles/948930/) 2023-10-26T14:52:38Z **[$] Better string handling for the kernel**
The C programming language is replete with features that seemed like a good
idea at the time (and perhaps even were good ideas then) that have not aged
well. Most would likely agree that string handling, and the use of
NUL-terminated strings, is one of those. Kernel developers have, for
years, tried to improve the handling of strings in an attempt to slow the
flow of bugs and vulnerabilities that result from mistakes in that area.
Now there is an early discussion on the idea of moving away fro ... ⌘ [Read more](https://lwn.net/Articles/948408/) 2023-10-27T13:06:30Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium and firefox-esr), **Fedora** (firefox, redis, samba, and xen), **Oracle** (python39:3.9, python39-devel:3.9), **Slackware** (mozilla and xorg), and **SUSE** (libnbd, open-vm-tools, python, sox, vorbis-tools, and zchunk). ⌘ [Read more](https://lwn.net/Articles/949057/) 2023-10-27T15:31:32Z **[$] Deferred scheduling for user-space critical sections**
User-space developers working with highly threaded applications would often
like to be able to use spinlocks to protect shared data structures from
concurrent access. There is a fundamental problem with user-space
spinlocks, though: there is no way to prevent a thread from being
preempted. Various ways of working around this problem have been explored,
but [this\
patch](https://lwn.net/ml/linux-kernel/20231025235413.597287e1@gandalf.local.home/) from Steven Rostedt questions the ... ⌘ [Read more](https://lwn.net/Articles/948870/) 2023-10-27T15:31:16Z **Removing syscall() from OpenBSD**
For a view into the OpenBSD approach to security, see this message from
Theo de Raadt, where he describes a plan to remove the [syscall()](https://man.openbsd.org/syscall.2) system call
(which allows the invocation of any available system call by providing its
number) from the kernel. The purpose, of course, is to make it harder for
an attacker to invoke an arbitrary system call, even if they are able to
run some code on the target system.

> I hope I am forcing attack coders into using increasingly mor ... ⌘ [Read more](https://lwn.net/Articles/949078/) 2023-10-30T12:43:41Z **The 6.6 kernel has been released**
Linus has [released the 6.6 kernel](https://lwn.net/Articles/949204/). "So
this last week has been pretty calm, and I have absolutely no excuses to
delay the v6.6 release any more, so here it is."

Headline features in 6.6 include the [earliest\
eligible virtual deadline first (EEVDF) CPU scheduler](https://lwn.net/Articles/925371/), a number of
enhancements (quota support, user extended attributes, direct I/O) to the
tmpfs filesystem, the [fchmodat2()\
system call](https://lwn.net/Articles/939217/), i ... ⌘ [Read more](https://lwn.net/Articles/949179/) 2023-10-30T13:46:50Z **Security updates for Monday**
Security updates have been issued by **Debian** (distro-info, distro-info-data, gst-plugins-bad1.0, node-browserify-sign, nss, openjdk-11, and thunderbird), **Fedora** (chromium, curl, nghttp2, and xorg-x11-server-Xwayland), **Gentoo** (Dovecot, Rack, rxvt-unicode, and UnZip), **Mageia** (apache, bind, and vim), **Red Hat** (varnish:6), **SUSE** (nodejs12, opera, python-bugzilla, python-Django, and vorbis-tools), and **Ubuntu** (exim4, firefox, nodejs, and slurm-llnl, slurm-wlm). ⌘ [Read more](https://lwn.net/Articles/949238/) 2023-10-30T16:18:08Z **[$] Some 6.6 development statistics**
The 6.6 kernel was [released](https://lwn.net/ml/linux-kernel/CAHk-=wiZuU984NWVgP4snp8sEt4Ux5Mp_pxAN5MNV9VpcGUo+A@mail.gmail.com/),
right on schedule, on October 29. This development cycle saw the
addition of 14,069 non-merge changesets from 1,978 developers — fairly
typical numbers for recent releases. The time has come for LWN's
traditional look at where the changes in this release came from, along with
a look at the longer development "supercycle" that (probably) ends with
6.6. ⌘ [Read more](https://lwn.net/Articles/948970/) 2023-10-30T16:43:13Z **Bjarne Stroustrup’s Plan for Bringing Safety to C++ (The New Stack)**
The New Stack [covers\
a conference talk by Bjarne Stroustrup](https://thenewstack.io/bjarne-stroustrups-plan-for-bringing-safety-to-c/) on turning C++ into a safer
language.

> Stroustrup has arrived at his solution: profiles. (That is, a set
> of rules which, when followed, achieve specific safety guarantees.)
> They’d be defined by the ISO C++ standard, addressing common safety
> issues like pointers and array ranges. In response to a later
> question from the ... ⌘ [Read more](https://lwn.net/Articles/949269/) 2023-10-31T13:11:35Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (jetty9, node-browserify-sign, request-tracker4, and request-tracker5), **Fedora** (golang-github-altree-bigfloat, golang-github-seancfoley-bintree, golang-github-seancfoley-ipaddress, kitty, slurm, and thunderbird), **Gentoo** (ConnMan, libxslt, and Salt), **Mageia** (chromium-browser-stable), **Red Hat** (firefox, libguestfs-winsupport, and thunderbird), **SUSE** (clamav, gcc13, gstreamer-plugins-bad, icu73\_2, java-17-openjdk, nodejs10, poppler, python-Wer ... ⌘ [Read more](https://lwn.net/Articles/949391/) 2023-10-31T14:48:34Z **Incus 0.2 released**
[Version\
0.2](https://discuss.linuxcontainers.org/t/incus-0-2-has-been-released/18185) of Incus, an LXD fork, has been released. "This version
incorporates most changes that went into LXD 5.19 as well as introduce a
few additional features and improvements." Changes include NVME
storage support, support for migrating clustered environments from LXD, and
more. ⌘ [Read more](https://lwn.net/Articles/949411/) 2023-10-31T17:43:21Z **[$] Rust code review and netdev**
A fast-moving patch set—seemingly the norm for Linux networking
development—seeks to add some Rust abstractions for physical layer
(PHY) drivers. Lots of
review has been done, and the patch set has been reworked
frequently in response to those comments. Unfortunately, the [Rust-for-Linux](https://github.com/Rust-for-Linux) developers are
having trouble keeping up with that pace. There
is, it would appear, something of a disconnect between the two communities'
development practices. ⌘ [Read more](https://lwn.net/Articles/949270/) 2023-11-01T13:09:20Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (h2o, open-vm-tools, pmix, and zookeeper), **Gentoo** (GitPython), **Oracle** (firefox, java-11-openjdk, java-17-openjdk, libguestfs-winsupport, nginx:1.22, and thunderbird), **Red Hat** (samba), **SUSE** (container-suseconnect, libsndfile, and slurm), and **Ubuntu** (krb5, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
 linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15,
 linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux- ... ⌘ [Read more](https://lwn.net/Articles/949612/) 2023-11-01T13:58:19Z **Garrett: Why ACPI?**
Matthew Garrett [explains\
why ACPI exists](https://mjg59.dreamwidth.org/68350.html) and why it is not as bad a thing as some think.

> There's an alternative universe where we decided to teach the
> kernel about every piece of hardware it should run on. Fortunately
> (or, well, unfortunately) we've seen that in the ARM world. Most
> device-specific simply never reaches mainline, and most users are
> stuck running ancient kernels as a result. Imagine every x86 device
> vendor shipping their own kernel optimised ... ⌘ [Read more](https://lwn.net/Articles/949625/) 2023-11-01T15:57:56Z **A recent talk on kernel maintainership**
LWN editor Jonathan Corbet was asked to give a brief talk about kernel
maintainership at the recently concluded [Linux\
Foundation Member Summit](https://events.linuxfoundation.org/lf-member-summit/). That talk was recorded and has now been [made available\
on YouTube](https://www.youtube.com/watch?v=kuRyYJaXThY&t=10937s). There is little in it that will be news to regular LWN
readers, but it may be instructive to folks who are less well versed in how
kernel development works. ⌘ [Read more](https://lwn.net/Articles/949647/) 2023-11-01T16:57:42Z **[$] Implicit keyword arguments for Python**
Python functions can use both positional and keyword arguments; the latter
provide a certain level of documentation for an argument and its meaning,
while allowing them to be given in any order in a call. But it is often
the case that the name of the local variable to be passed is the same as
the keyword, which can lead to overly repetitive argument lists, at least
in some eyes. A recent proposal to shorten the syntax for calls with
these duplicate names seems to be gaining some steam—a Python ... ⌘ [Read more](https://lwn.net/Articles/949435/) 2023-11-01T19:31:49Z **Help wanted at LWN**
LWN.net is looking to hire a full-time writer/editor to help us keep the
news flowing and to expand our content in areas of interest to our readers.
We are certain that the person we need is out there somewhere, and are
counting on help from LWN readers to find them. Read on for details on who
we are looking for and how we see them fitting in here. ⌘ [Read more](https://lwn.net/Articles/949461/) 2023-11-02T00:05:16Z **[$] LWN.net Weekly Edition for November 2, 2023**
The LWN.net Weekly Edition for November 2, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/948894/) 2023-11-02T14:06:01Z **Security updates for Thursday**
Security updates have been issued by **Gentoo** (Netatalk), **Oracle** (firefox), **Red Hat** (.NET 6.0, .NET 6.0, .NET 7.0, binutils, and qemu-kvm), **SUSE** (gcc13, tomcat, and xorg-x11-server), and **Ubuntu** (axis, libvpx, linux-starfive, thunderbird, and xrdp). ⌘ [Read more](https://lwn.net/Articles/949820/) 2023-11-02T14:23:16Z **Stable kernels 6.5.10 and 6.1.61**
The
[6.5.10](https://lwn.net/Articles/949825/) and [6.1.61](https://lwn.net/Articles/949826/) stable kernels have been released. As
usual, they contain important fixes throughout the kernel tree; users of
those series should upgrade. ⌘ [Read more](https://lwn.net/Articles/949824/) 2023-11-02T14:39:02Z **Gawk 5.3.0 released**
The GNU awk text-processing utility, [gawk](https://www.gnu.org/software/gawk/) has released version
5.3.0. The main new features add compatibility with " [The One True Awk](https://github.com/onetrueawk/awk)" (also known
as "BWK awk"); version 5.3.0 adds CSV (comma-separated values) parsing and
the ability to use \\u escape sequences for Unicode code points.
Read on for other changes in the release. ⌘ [Read more](https://lwn.net/Articles/949829/) 2023-11-02T14:42:06Z **Home Assistant 2023.11 released**
[Home\
Assistant 2023.11](https://www.home-assistant.io/blog/2023/11/01/release-202311/) is available. New features include a to-do list
manager, [Matter\
1.2](https://csa-iot.org/newsroom/matter-1-2-arrives-with-nine-new-device-types-improvements-across-the-board/) support, customizable tile cards, new integrations, and more. (LWN
[looked at Home Assistant](https://lwn.net/Articles/947843/) last month). ⌘ [Read more](https://lwn.net/Articles/949831/) 2023-11-02T14:56:35Z **Evans: Confusing git terminology**
Julia Evans has posted [a list of\
confusing Git terms and behavior](https://jvns.ca/blog/2023/11/01/confusing-git-terminology/) along with explanations of what is
actually going on.

> **“Your branch is up to date with ‘origin/main’”**
>
> This message seems straightforward – it’s saying that your main branch is
> up to date with the origin!
>
> But it’s actually a little misleading. You might think that this means that
> your main branch is up to date. It doesn’t. What it actually means is – if
> you ... ⌘ [Read more](https://lwn.net/Articles/949833/) 2023-11-02T15:28:23Z **[$] Guest-first memory for KVM**
One of the core objectives of any confidential-computing implementation is
to protect a guest system's memory from access by actors outside of the
guest itself. The host computer and hypervisor are part of the group that
is to be excluded from such access; indeed, they are often seen as
threat in their own right. Hardware vendors have added features like memory
encryption to make memory inaccessible to the host, but such features can
be difficult to use and are not available on all CPUs, so there is ongo ... ⌘ [Read more](https://lwn.net/Articles/949277/) 2023-11-03T13:52:12Z **Security updates for Friday**
Security updates have been issued by **Debian** (phppgadmin and vlc), **Fedora** (attract-mode, chromium, and netconsd), **Red Hat** (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), **SUSE** (kernel and roundcubemail), and **Ubuntu** (libsndfile). ⌘ [Read more](https://lwn.net/Articles/950061/) 2023-11-03T14:19:41Z **[$] The first half of the 6.7 merge window**
As of this writing, 9,842 non-merge changesets have found their way into
the mainline repository since the 6.7 merge window opened. Nearly a third
of those consist of the entire bcachefs development history but, even
discounting that, there has been a lot of material landing for the next
release. Read on for a summary of the most interesting changes pulled so
far in this development cycle. ⌘ [Read more](https://lwn.net/Articles/949294/) 2023-11-03T16:33:09Z **OpenELA's first code drop**
The [Open Enterprise Linux Association](https://openela.org/), a
joint venture founded by CIQ, Oracle, and SUSE, has [announced](https://openela.org/news/2023.11.02-governance_and_code_availability/)
its first code release.

> OpenELA is excited to announce that the source code for all
> packages necessary for anyone to build a derivative Enterprise
> Linux operating system is now available. The initial focus is on
> EL8 and EL9, and packages for EL7 are forthcoming. The project is
> committed to ensuring ... ⌘ [Read more](https://lwn.net/Articles/950104/) 2023-11-03T18:24:35Z **First handset with MTE on the market (Project Zero)**
The Google Project Zero blog [celebrates\
the launch of the Pixel 8 handset](https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html), the first to make use of Arm's
Memory Tagging Extension (MTE). Linux has [supported MTE](https://lwn.net/Articles/834289/) since the 5.10 release in 2020,
but that support has only now shown up (in experimental form) in an
available handset.

> I think this is a huge improvement for the general security of the
> device - ... ⌘ [Read more](https://lwn.net/Articles/950123/) 2023-11-06T14:22:17Z **Security updates for Monday**
Security updates have been issued by **Debian** (chromium, open-vm-tools, openjdk-17, pmix, and trafficserver), **Fedora** (netconsd, podman, suricata, and usd), **Oracle** (.NET 6.0, .NET 7.0, binutils, ghostscript, java-1.8.0-openjdk, kernel, and squid), **SUSE** (apache-ivy, gstreamer-plugins-bad, kernel, nodejs12, opera, poppler, rubygem-activesupport-5.2, tiff, util-linux, and virtualbox), and **Ubuntu** (krb5). ⌘ [Read more](https://lwn.net/Articles/950413/) 2023-11-06T16:23:36Z **[$] The BPF-programmable network device**
Containers and virtual machines on Linux communicate with the world via
virtual network devices. This arrangement makes the full power of the
Linux networking stack available, but it imposes the full overhead of that
stack as well. Often, the routing of this networking traffic can be
handled with relatively simple logic; the BPF-programmable network device,
which was merged for the 6.7 kernel release, makes it possible to avoid
expensive network processing, in at least some cases. ⌘ [Read more](https://lwn.net/Articles/949960/) 2023-11-07T14:15:47Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (trapperkeeper-webserver-jetty9-clojure), **Mageia** (libsndfile, packages, thunderbird, and x11-server), **Oracle** (.NET 6.0), **SUSE** (kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, redis, and squid), and **Ubuntu** (gsl). ⌘ [Read more](https://lwn.net/Articles/950523/) 2023-11-07T14:24:52Z **Fedora 39 released**
[Fedora\
39](https://lwn.net/ml/fedora-announce/20231107135605.GA27360@mattdm.org/) has been released, one day after the Fedora project's 20th
anniversary. See [the list of\
approved changes](https://fedoraproject.org/wiki/Releases/39/ChangeSet) and [this Fedora\
Magazine article](https://fedoramagazine.org/announcing-fedora-linux-39/) for more information.

> As always, we’ve updated many, many other packages as we work to
> bring you the best of everything the free and open source software
> world has to offer. ... ⌘ [Read more](https://lwn.net/Articles/950524/) 2023-11-07T15:26:24Z **Sponsorship for the Openwall lists**
Alexander "Solar Designer" Peslyak, the longtime maintainer of the
oss-security and linux-distros mailing lists, has [announced](https://lwn.net/ml/oss-security/20231106202621.GA31244@openwall.com/)
that this work has gained a sponsor:

> After 15+ years of being a 100% volunteer effort, Openwall's
> maintenance of oss-security and (linux-)distros is finally
> sponsored by the OpenSSF, a project of the Linux Foundation. This
> sponsorship does not provide the Linux Foundation with the ability
> t ... ⌘ [Read more](https://lwn.net/Articles/950538/) 2023-11-07T20:12:10Z **[$] Progress in wrangling the Python C API**
There has been a lot of action for the Python C API in the last month or
so—much of it organizational in nature. As predicted in our [late September article](https://lwn.net/Articles/944764/) on using the "limited"
C API in the standard library, the core developer sprint in October was the
scene of some discussions about the API and the plans for it. Out
of those discussions have come two PEPs, one of which describes the API,
its purposes, strengths, and weaknesses, while the other would esta ... ⌘ [Read more](https://lwn.net/Articles/950457/) 2023-11-08T14:30:53Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (python-urllib3 and tang), **Fedora** (chromium, mlpack, open-vm-tools, and salt), **Red Hat** (avahi, binutils, buildah, c-ares, cloud-init, containernetworking-plugins, cups, curl, dnsmasq, edk2, flatpak, frr, gdb, ghostscript, glib2, gmp, grafana, haproxy, httpd, mod\_http2, java-21-openjdk, kernel, krb5, libfastjson, liblouis, libmicrohttpd, libpq, libqb, librabbitmq, LibRaw, libreoffice, libreswan, libssh, libtiff, libvirt, libX11, linux-firmware, mod\ ... ⌘ [Read more](https://lwn.net/Articles/950694/) 2023-11-08T14:37:05Z **Canonical reveals more details about Ubuntu Core Desktop (Register)**
The Register [attended\
a talk](https://www.theregister.com/2023/11/08/ubuntu_core_desktop_details/) about Ubuntu's upcoming Core Desktop immutable distribution.

> We suspect that Core Desktop might yet be the tool that validates
> Canonical's Snap format and helps to overcome some of the
> resistance it faces. Snap's single-file distribution format is
> simple and enables transactional installation – including,
> critically, rollback – without a fancy filesystem ... ⌘ [Read more](https://lwn.net/Articles/950695/) 2023-11-08T14:58:46Z **Chamberlain v. Home Assistant**
The developers of Home Assistant, which has recently been [covered here](https://lwn.net/Articles/947843/), have [announced](https://www.home-assistant.io/blog/2023/11/06/removal-of-myq-integration/)
that they will be removing support for Chamberlain and Liftmaster
garage-door openers after being locked out by the company.

> Because we cannot continue to work around Chamberlain Group if they
> keep blocking access to third parties, the MyQ integration will be
> removed from Home Assistant in the upcomi ... ⌘ [Read more](https://lwn.net/Articles/950696/) 2023-11-08T15:05:07Z **A pile of stable kernel updates**
The
[6.6.1](https://lwn.net/Articles/950698/),
[6.5.11](https://lwn.net/Articles/950699/),
[6.1.62](https://lwn.net/Articles/950700/),
[5.4.260](https://lwn.net/Articles/950701/),
[4.19.298](https://lwn.net/Articles/950702/), and
[4.14.329](https://lwn.net/Articles/950703/)
stable kernel updates have all been released, each contains another set of
important fixes.

Note that [5.15.138](https://lwn.net/ml/linux-kernel/20231107202324.434534294@linuxfoundation.org/)
and [5.10.200](https://lwn.net/ml/linux- ... ⌘ [Read more](https://lwn.net/Articles/950697/) 2023-11-08T20:45:12Z **[$] Reducing patch postings to linux-kernel**
The linux-kernel mailing list famously gets an enormous amount of email on a
daily basis; the volume is so high that various email providers try to
rate-limit it, which can lead to huge backlogs on the sending
side and, of course, delayed mail. Part of the reason there is so much
traffic is that nearly every patch gets copied to the mailing list, even
when it may be unnecessary to do so. A proposed change
would start shunting some of that patch email aside and, as might be
guessed, has both ... ⌘ [Read more](https://lwn.net/Articles/950567/) 2023-11-08T21:15:04Z **The 2023 TAB election deadline is approaching**
The [reminder](https://lwn.net/ml/ksummit-discuss/e851a8e5-c4c2-4b5d-887a-509e591cff49@intel.com/)
has gone out: the deadline for nominations for the Linux Foundation
Technical Advisory Board is November 13. If you are interested in
representing the kernel community on the TAB, now is the time to put
together a self-nomination and get onto the ballot. ⌘ [Read more](https://lwn.net/Articles/950737/) 2023-11-09T00:06:02Z **[$] LWN.net Weekly Edition for November 9, 2023**
The LWN.net Weekly Edition for November 9, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/949837/) 2023-11-09T13:56:59Z **Security updates for Thursday**
Security updates have been issued by **Debian** (cacti and chromium), **Fedora** (CuraEngine, podman, and rubygem-rmagick), **Mageia** (gnome-shell, openssl, and zlib), **SUSE** (salt), and **Ubuntu** (xrdp). ⌘ [Read more](https://lwn.net/Articles/950850/) 2023-11-09T15:25:11Z **[$] The push to save Itanium**
It is (relatively) easy to add code to the kernel; it tends to be much
harder to remove that code later. The most recent example of this dynamic
can be seen in the story of the ia64 ("Itanium") architecture, support for
which was removed during the 6.7 merge window. That removal has left a
small group of dedicated ia64 users unhappy and clinging to a faint hope
that this support could return in a year's time. ⌘ [Read more](https://lwn.net/Articles/950466/) 2023-11-10T14:18:29Z **Security updates for Friday**
Security updates have been issued by **Fedora** (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), **Mageia** (squid and vim), **Oracle** (dnsmasq, python3, squid, squid:4, and xorg-x11-server), **Red Hat** (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), **Scientific Linux** (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), **SUSE ... ⌘ [Read more](https://lwn.net/Articles/951066/) 2023-11-10T14:34:29Z **GNOME supported by the Sovereign Tech Fund**
The GNOME Foundation has [announced](https://foundation.gnome.org/2023/11/09/gnome-recognized-as-public-interest-infrastructure/)
the receipt of a €1 million award from the German [Sovereign Tech Fund](https://sovereigntechfund.de/en/). The
funding will support work on accessibility, privacy, hardware support, and more. ⌘ [Read more](https://lwn.net/Articles/951068/) 2023-11-10T15:26:06Z **[$] listmount() and statmount()**
Years ago, the list of mounted filesystems on a Unix or Linux machine was
relatively short and static. Adding a filesystem, which typically involved
buying a new drive, happened rarely. In contrast, contemporary systems
with a large number of containers can have a long and dynamic list of
mounted filesystems. As was [discussed](https://lwn.net/Articles/934469/) at
the [2023 LSFMM+BPF Summit](https://lwn.net/Articles/lsfmmbpf2023/), the Linux
kernel's mechanism for providing information about mounted fil ... ⌘ [Read more](https://lwn.net/Articles/950569/) 2023-11-10T16:45:35Z **A documentary on the development of eBPF**
For folks with an interest in how extended BPF came to be and a half-hour
to spare, the [announcement](https://www.businesswire.com/news/home/20231108253883/en/Documentary-Film-%E2%80%9CeBPF-Unlocking-the-Kernel%E2%80%9D-Reveals-the-Unfolding-Revolution-of-eBPF)
has gone out of a new film called "eBPF: Unlocking the kernel", released at
the KubeCon+CloudNativeCon event. The documentary [is available on\
YouTube](https://www.youtube.com/watch?v=Wb_vD3XZYOA). ⌘ [Read more](https://lwn.net/Articles/951093/) 2023-11-13T03:34:37Z **Kernel prepatch 6.7-rc1**
Linus Torvalds has released
[6.7-rc1](https://lwn.net/Articles/951200/), thus closing the merge window
for this release. It is the largest merge window ever, but some of that
was due to the bcachefs history that came with merge of that filesystem.

> But 6.7 is pretty
> big in other ways too, with
>
> 12678 files changed, 838819 insertions(+), 280754 deletions(-)
>
> which is also bigger than those historically big releases [4.9, 5.8 and
> 5.13]. And that's
> not due to bcachefs, that's actually mainly due to i ... ⌘ [Read more](https://lwn.net/Articles/951201/) 2023-11-13T14:01:58Z **[$] The rest of the 6.7 merge window**
By the time that the 6.7 merge window closed on November 12, 15,418
non-merge changesets had been pulled into the mainline kernel. That makes
this one of the busiest merge windows ever; if one discounts the lengthy
bcachefs development history (some 2,800 commits), though, then the patch
volume is roughly in line with other recent kernels. Over 5,000 of those
commits were merged after [our first-half\
merge-window summary](https://lwn.net/Articles/949294/) was written. ⌘ [Read more](https://lwn.net/Articles/949957/) 2023-11-13T14:01:19Z **Security updates for Monday**
Security updates have been issued by **Debian** (audiofile and ffmpeg), **Fedora** (keylime, python-pillow, and tigervnc), **Mageia** (quictls and vorbis-tools), **Oracle** (grub2), **Red Hat** (galera, mariadb, plexus-archiver, python, squid, and squid34), and **SUSE** (clamav, kernel, mupdf, postgresql14, tomcat, tor, and vlc). ⌘ [Read more](https://lwn.net/Articles/951237/) 2023-11-14T13:11:43Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (postgresql-11, postgresql-13, and postgresql-15), **Fedora** (chromium, optipng, and radare2), **Scientific Linux** (plexus-archiver and python), **Slackware** (tigervnc), **SUSE** (apache2, containerized-data-importer, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, postgresql, postgresql15, postgresql16, postgresql12, postgresql13, python-Django1, squashfs, and xterm), and **Ubuntu** (firefox and memcached). ⌘ [Read more](https://lwn.net/Articles/951311/) 2023-11-14T15:45:46Z **[$] Using Common Lisp in Emacs**
[Lisp](https://en.wikipedia.org/wiki/Lisp_(programming_language))
is one of the oldest programming languages still in use today, but it has
evolved in multiple directions over its more than 60-year history. Two of
the more prominent descendants, [Common Lisp](https://en.wikipedia.org/wiki/Common_Lisp) and [Emacs Lisp](https://en.wikipedia.org/wiki/Emacs_Lisp) (or Elisp),
are fairly closely related at some level, but there is still something of a
divide between them. Some recent discussion in the emacs-de ... ⌘ [Read more](https://lwn.net/Articles/951090/) 2023-11-15T12:57:38Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (libclamunrar and ruby-sanitize), **Fedora** (frr, roundcubemail, and webkitgtk), **Mageia** (freerdp and tomcat), **Red Hat** (avahi, bind, c-ares, cloud-init, container-tools:4.0, container-tools:rhel8, cups, dnsmasq, edk2, emacs, flatpak, fwupd, ghostscript, grafana, java-21-openjdk, kernel, kernel-rt, libfastjson, libmicrohttpd, libpq, librabbitmq, libreoffice, libreswan, libX11, linux-firmware, mod\_auth\_openidc:2.3, nodejs:20, opensc, perl-HTTP-Tiny, ... ⌘ [Read more](https://lwn.net/Articles/951480/) 2023-11-15T13:47:45Z **A GNU COBOL status update**
For the COBOL users out there, James K. Lowden has [posted\
an update](https://lwn.net/ml/gcc/20231113163647.ddbda1708295a0a5e41f9875@schemamania.org/) on the current status of the GNU COBOL compiler.

> When in November we turn back our clocks, then naturally do
> programmers' thoughts turn to Cobol, its promise, and future.
>
> At last post, nine months ago, we were working our way through the
> NIST CCVS/85 test suite. I am pleased to report that process is
> complete. As far as NIST is concerned, gcobol ... ⌘ [Read more](https://lwn.net/Articles/951498/) 2023-11-15T13:58:04Z **Intel's "redundant prefix issue"**
Tavis Ormandy has [described a bug](https://lock.cmpxchg8b.com/reptar.html)
in some Intel CPUs that can lead to a crash (or worse):

> We believe this bug causes the frontend to miscalculate the size of
> the movsb instruction, causing subsequent entries in the ROB [reorder buffer] to be
> associated with incorrect addresses. When this happens, the CPU
> enters a confused state that causes the instruction pointer to be
> miscalculated.
>
> The machine can eventually recover from this state, perhaps ... ⌘ [Read more](https://lwn.net/Articles/951500/) 2023-11-15T21:37:22Z **[$] Faster kernel testing with virtme-ng**
Building new kernels and booting into them is an unavoidable—and
time-consuming—part of kernel development. Andrea Righi works for
Canonical on the Ubuntu kernel team, so he does a lot of that and wanted to
find a way to speed up the task. To that end, he has been working
on [virtme-ng](https://github.com/arighi/virtme-ng), which is a
way to boot a new kernel in a virtual machine, and it does
so quickly. He came to the [2023\
Linux Plumbers Conference](https://lpc.events) (LPC) in Richmond, Vir ... ⌘ [Read more](https://lwn.net/Articles/951313/) 2023-11-16T02:41:00Z **[$] LWN.net Weekly Edition for November 16, 2023**
The LWN.net Weekly Edition for November 16, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/950829/) 2023-11-16T13:36:45Z **[$] The real realtime preemption end game**
The addition of realtime support to Linux is a long story; it first
[shows up in LWN](https://lwn.net/Articles/106010/) in 2004. For much of that
time, it has seemed like only a little more work was needed to get across
the finish line; thus we ran headlines like [the\
realtime preemption endgame](https://lwn.net/Articles/345076/) — in 2009. At the [2023 Linux Plumbers Conference](https://lpc.events/), Thomas
Gleixner informed the group that, now, the end truly is near. There is
really only on ... ⌘ [Read more](https://lwn.net/Articles/951337/) 2023-11-16T13:36:25Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium and openvpn), **Oracle** (kernel, microcode\_ctl, plexus-archiver, and python), **Red Hat** (.NET 6.0, dotnet6.0, dotnet7.0, dotnet8.0, kernel, linux-firmware, and open-vm-tools), **SUSE** (apache2, chromium, jhead, postgresql12, postgresql13, and qemu), and **Ubuntu** (dotnet6, dotnet7, dotnet8, frr, python-pip, quagga, and tidy-html5). ⌘ [Read more](https://lwn.net/Articles/951681/) 2023-11-16T20:30:44Z **Rust 1.74.0 released**
[Version\
1.74.0](https://blog.rust-lang.org/2023/11/16/Rust-1.74.0.html) of the Rust language has been released. New features include
better configuration for linters, authenticated cargo repositories, and
support for projections in opaque return types. ⌘ [Read more](https://lwn.net/Articles/951750/) 2023-11-17T13:43:13Z **Security updates for Friday**
Security updates have been issued by **Debian** (webkit2gtk), **Fedora** (microcode\_ctl, pack, and tigervnc), **Slackware** (gimp), **SUSE** (frr, gcc13, go1.20, go1.20-openssl, go1.21, go1.21-openssl, libnbd, libxml2, python-Pillow, python-urllib3, and xen), and **Ubuntu** (intel-microcode and openvpn). ⌘ [Read more](https://lwn.net/Articles/951801/) 2023-11-17T16:04:11Z **[$] Preventing atomic-context violations in Rust code with klint**
One of the core constraints when programming in the kernel is the need to
avoid sleeping when running in atomic context. For the most part, the
responsibility for adherence to this rule is placed on the developer's
shoulders; Rust developers, though, want the compiler to ensure that code
is safe whenever possible. At the [2023 Linux\
Plumbers Conference](https://lpc.events/), Gary Guo presented (via a remote link) the klint
tool, which can find
and flag many atomic-conte ... ⌘ [Read more](https://lwn.net/Articles/951550/) 2023-11-20T00:20:53Z **Kernel prepatch 6.7-rc2**
The [second 6.7 kernel prepatch](https://lwn.net/Articles/951906/) is out for
testing. "The most noticeable thing is probably the turbostat tool
update, which actually came in during the merge window, but was delayed by
just waiting for getting the pull request properly signed." ⌘ [Read more](https://lwn.net/Articles/951907/) 2023-11-20T14:30:19Z **Security updates for Monday**
Security updates have been issued by **Debian** (freerdp2, lwip, netty, and wireshark), **Fedora** (dotnet6.0, dotnet7.0, golang, gst-devtools, gstreamer1, gstreamer1-doc, gstreamer1-plugin-libav, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-rtsp-server, gstreamer1-vaapi, podman-tui, prometheus-podman-exporter, python-gstreamer1, syncthing, and tigervnc), **Mageia** (chromium-browser-stable, haproxy, and tigervnc), **Oracle** (curl, ... ⌘ [Read more](https://lwn.net/Articles/951999/) 2023-11-21T14:58:33Z **Ekstrand: NVK reaches Vulkan 1.0 conformance**
Faith Ekstrand has [announced](https://www.collabora.com/news-and-blog/news-and-events/nvk-reaches-vulkan-conformance.html)
that the NVK Vulkan driver for NVIDIA "Turing" GPUs has been certified as
being fully compliant with the Vulkan 1.0 API.

> Practically, it means that we can pass the entire Vulkan
> conformance test suite. From the Khronos perspective, it means that
> NVK now meets the bar required to claim to support the Vulkan API
> officially. (There are some legal implications ... ⌘ [Read more](https://lwn.net/Articles/952089/) 2023-11-21T14:52:01Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (activemq, strongswan, and wordpress), **Mageia** (u-boot), **SUSE** (avahi, frr, libreoffice, nghttp2, openssl, openssl1, postgresql, postgresql15, postgresql16, python-Twisted, ucode-intel, and xen), and **Ubuntu** (avahi, hibagent, nodejs, strongswan, tang, and webkit2gtk). ⌘ [Read more](https://lwn.net/Articles/952088/) 2023-11-21T15:03:02Z **Firefox 120.0 released**
[Version\
120.0](https://www.mozilla.org/en-US/firefox/120.0/releasenotes/) of the Firefox browser is out. Changes include a new "copy link
without site tracking" option, the ability to enable the [Global Privacy Control](https://globalprivacycontrol.org/)
feature, and some additional privacy features seemingly restricted to users
in Germany. The browser will now also import TLS root certificates from
the operating system by default on Windows, macOS, and Android. ⌘ [Read more](https://lwn.net/Articles/952090/) 2023-11-21T15:06:55Z **[$] Trust in and maintenance of filesystems**
The Linux kernel supports a wide variety of filesystems, many of which are
no longer in heavy use — or, perhaps, any use at all. The kernel code
implementing the less-popular filesystems tends to be relatively unpopular
as well, receiving little in the way of maintenance. Keeping old
filesystems alive does place a burden on kernel developers, though, so it
is not surprising that there is pressure to remove the least popular ones.
At the 2023 Kernel Maintainers Summit, the developers talked a ... ⌘ [Read more](https://lwn.net/Articles/951846/) 2023-11-21T16:42:58Z **Git 2.43.0 released**
[Version 2.43.0](https://lwn.net/ml/git/xmqqzfz8l5or.fsf@gitster.g/) of the Git
source-code management system has been release. It includes a long list of
improvements and minor new features. ⌘ [Read more](https://lwn.net/Articles/952121/) 2023-11-21T16:47:28Z **RFC 9498: The GNU Name System**
The GNU Name System has now been formalized as [RFC 9498](https://www.rfc-editor.org/rfc/rfc9498.html).

> GNS addresses long-standing security and privacy issues in the
> ubiquitous Domain Name System (DNS). Previous attempts to secure
> DNS (DNSSEC) fail to address critical security issues such as
> end-to-end security, query privacy, censorship, and centralization
> of root zone governance. After 40 years of patching, it is time for
> a new beginning. ⌘ [Read more](https://lwn.net/Articles/952122/) 2023-11-22T15:17:35Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (gimp), **Fedora** (audiofile and firefox), **Mageia** (postgresql), **Red Hat** (binutils, c-ares, fence-agents, glibc, kernel, kernel-rt, kpatch-patch, libcap, libqb, linux-firmware, ncurses, pixman, python-setuptools, samba, and tigervnc), **Slackware** (kernel and mozilla), **SUSE** (apache2-mod\_jk, avahi, container-suseconnect, java-1\_8\_0-openjdk, libxml2, openssl-1\_0\_0, openssl-1\_1, openvswitch, python3-setuptools, strongswan, ucode-intel, and u ... ⌘ [Read more](https://lwn.net/Articles/952312/) 2023-11-22T16:37:04Z **Happy Thanksgiving**
November 23 is the US Thanksgiving holiday; as is our tradition, we will
not be publishing an LWN Weekly Edition this week as we will be far too
busy eating. We wish a good holiday to all of our readers (whether they
celebrate it or not); the weekly edition will return on December 7. ⌘ [Read more](https://lwn.net/Articles/952354/) 2023-11-24T14:26:47Z **Security updates for Friday**
Security updates have been issued by **Debian** (firefox-esr, gnutls28, intel-microcode, and tor), **Fedora** (chromium, microcode\_ctl, openvpn, and vim), **Gentoo** (LinuxCIFS utils, SQLite, and Zeppelin), **Oracle** (c-ares, container-tools:4.0, dotnet7.0, kernel, kernel-container, nodejs:20, open-vm-tools, squid:4, and tigervnc), **Red Hat** (samba and squid), **Slackware** (mozilla), **SUSE** (fdo-client, firefox, libxml2, maven, maven-resolver, sbt, xmvn, poppler, python-Pillow, squid, strongswan, and ... ⌘ [Read more](https://lwn.net/Articles/952602/) 2023-11-24T16:45:21Z **[$] Reducing kernel-maintainer burnout**
Overstressed maintainers are a constant topic of conversation throughout
the open-source community. Kernel maintainers have been complaining more
loudly than usual recently about overwork and stress. The problems that
maintainers are facing are clear; what to do about them is rather less so.
A session at the 2023 Maintainers Summit took up the topic yet again with
the hope of finding some solutions; there may be answers, perhaps even
within the kernel community, but a general solution still seems ... ⌘ [Read more](https://lwn.net/Articles/952034/) 2023-11-26T21:14:57Z **OpenSSL 3.2.0 released**
[OpenSSL\
3.2.0](https://www.openssl.org/news/openssl-3.2-notes.html) has been released. New features include client-side QUIC
support, a number of new cryptographic algorithms, support for TCP fast
open, TLS certificate compression, and more. ⌘ [Read more](https://lwn.net/Articles/952782/) 2023-11-27T14:13:17Z **Kernel prepatch 6.7-rc3**
Linus has released [6.7-rc3](https://lwn.net/Articles/952841/) for testing.
"The diffstat here is dominated by a couple of reverts of some Realtek
phy code (accounting for almost a third of the diff).

But ignoring that, it's mostly fairly small, and all over the place." ⌘ [Read more](https://lwn.net/Articles/952842/) 2023-11-27T14:45:30Z **Pipewire 1.0 released**
[PipeWire](https://pipewire.org), the audio/video bus meant to
replace PulseAudio, JACK, and other systems, has [reached\
1.0](https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/1.0.0). In celebration, Fedora Magazine is running [an\
interview with PipeWire creator Wim Taymans](https://fedoramagazine.org/pipewire-1-0-an-interview-with-pipewire-creator-wim-taymans/).

> PipeWire is an IPC mechanism for multimedia. The most interesting
> stuff will happen in the session manager, the modules, the
> applic ... ⌘ [Read more](https://lwn.net/Articles/952848/) 2023-11-27T15:00:50Z **Security updates for Monday**
Security updates have been issued by **Debian** (freeimage, gimp, gst-plugins-bad1.0, node-json5, opensc, python-requestbuilder, reportbug, strongswan, symfony, thunderbird, and tiff), **Fedora** (chromium, galera, golang, kubernetes, mariadb, python-asyncssh, thunderbird, vim, and webkitgtk), **Gentoo** (AIDE, Apptainer, GLib, GNU Libmicrohttpd, Go, GRUB, LibreOffice, MiniDLNA, multipath-tools, Open vSwitch, phpMyAdmin, QtWebEngine, and RenderDoc), **Slackware** (vim), **SUSE** (gstreamer-plugins-bad, java ... ⌘ [Read more](https://lwn.net/Articles/952923/) 2023-11-27T15:09:39Z **[$] A discussion on kernel-maintainer pain points**
A regular feature of the Kernel Maintainers Summit is a session where Linus
Torvalds discusses the problems that he has been encountering. In recent
years, though, there have been relatively few of those problems, so this
year he turned things around a bit by [asking\
the community](https://lwn.net/ml/ksummit-discuss/CAHk-=whGOUw=YDsPxd9o5M_JqcisE+TjcQQ-=SLYOnHd12D0Fw@mail.gmail.com/) what problems it was seeing instead. He then addressed
them at the Summit in a session covering aspect ... ⌘ [Read more](https://lwn.net/Articles/952146/) 2023-11-28T14:58:02Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (cryptojs, fastdds, mediawiki, and minizip), **Fedora** (chromium, kubernetes, and thunderbird), **Mageia** (lilypond, mariadb, and packages), **Red Hat** (firefox, linux-firmware, and thunderbird), **SUSE** (compat-openssl098, gstreamer-plugins-bad, squashfs, squid, thunderbird, vim, and xerces-c), and **Ubuntu** (libtommath, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, perl, and python3.8, python3.10, python3.11). ⌘ [Read more](https://lwn.net/Articles/953099/) 2023-11-28T19:24:24Z **A pile of stable kernel updates**
The large
[6.6.3](https://lwn.net/Articles/953135/),
[6.5.13](https://lwn.net/Articles/953133/),
[6.1.64](https://lwn.net/Articles/953132/),
[5.15.140](https://lwn.net/Articles/953130/),
[5.10.202](https://lwn.net/Articles/953129/),
[5.4.262](https://lwn.net/Articles/953128/),
[4.19.300](https://lwn.net/Articles/953131/),
[4.14.331](https://lwn.net/Articles/953127/)
stable kernel updates have all been released; each contains another set of
important fixes. Note that 6.5.13 is the final update for 6.5. ⌘ [Read more](https://lwn.net/Articles/953126/) 2023-11-28T21:07:19Z **[$] Using drgn on production kernels**
The [drgn](https://github.com/osandov/drgn) Python-based kernel
debugger was developed by Omar Sandoval for use in his job on the kernel
team at Meta. He now spends most of his time working on drgn, both in
developing new features for the tool and in using
it to debug production problems at Meta, which gives him a view of both
ends of that feedback loop. At the [2023 \
Linux Plumbers \
Conference](https://lpc.events/event/17/page/198-lpc-2023-overview) (LPC), he led a session on drgn in the [kernel ... ⌘ [Read more](https://lwn.net/Articles/952942/) 2023-11-29T14:47:17Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (gst-plugins-bad1.0 and postgresql-multicorn), **Fedora** (golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, libcap, nats-server, openvpn, and python-geopandas), **Mageia** (kernel), **Red Hat** (c-ares, curl, fence-agents, firefox, kernel, kernel-rt, kpatch-patch, libxml2, pixman, postgresql, and tigervnc), **SUSE** (python-azure-storage-queue, python-Twisted, and python3-Twisted), and ... ⌘ [Read more](https://lwn.net/Articles/953226/) 2023-11-29T15:11:37Z **Roundcube becomes part of Nextcloud**
Nextcloud has [announced](https://nextcloud.com/blog/open-source-email-pioneer-roundcube-comes-aboard-nextcloud/)
the "acquisition" of the Roundcube webmail system.

> As a product, Roundcube has an established path to success on its
> own. With opportunities remaining to be explored, a direct merger
> between Roundcube and Nextcloud is not planned. Neither will
> Roundcube replace Nextcloud Mail or the other way around. The
> products both have strengths and weaknesses and as open source
> pro ... ⌘ [Read more](https://lwn.net/Articles/953228/) 2023-11-29T21:45:22Z **[$] An overview of kernel samepage merging (KSM)**
In the [Kernel Summit\
track](https://lpc.events/event/17/sessions/153/) at the [2023 Linux\
Plumbers Conference](https://lpc.events/event/17/page/198-lpc-2023-overview) (LPC), Stefan Roesch led a session on [kernel\
samepage merging](https://www.kernel.org/doc/html/latest/admin-guide/mm/ksm.html) (KSM). He gave an overview of the feature and described
[some recent changes to KSM](https://lwn.net/Articles/928510/). He showed how
an application can enable KSM to deduplicate its memory an ... ⌘ [Read more](https://lwn.net/Articles/953141/) 2023-11-29T22:05:33Z **LibreQoS 1.4 released**
The [LibreQoS project](https://github.com/LibreQoE/LibreQoS)
describes itself as:

> LibreQoS is a Quality of Experience (QoE) Smart Queue Management
> (SQM) system designed for Internet Service Providers to optimize
> the flow of their network traffic and thus reduce bufferbloat, keep
> the network responsive, and improve the end-user experience.

[Version\
1.4](https://github.com/LibreQoE/LibreQoS/releases/tag/v1.4) of LibreQoS was released on November 17. "Version 1.4 is a
huge milestone. A whole new back-e ... ⌘ [Read more](https://lwn.net/Articles/953286/) 2023-11-30T00:18:12Z **[$] LWN.net Weekly Edition for November 30, 2023**
The LWN.net Weekly Edition for November 30, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/951631/) 2023-11-30T13:58:49Z **Security updates for Thursday**
Security updates have been issued by **Fedora** (chromium, gnutls, gst-devtools, gstreamer1, gstreamer1-doc, libcap, mingw-poppler, python-gstreamer1, qbittorrent, webkitgtk, and xen), **Mageia** (docker, kernel-linus, and python-django), **Oracle** (dotnet6.0, dotnet7.0, dotnet8.0, firefox, samba, squid, and thunderbird), **Red Hat** (firefox, postgresql:13, squid, and thunderbird), **SUSE** (cilium, freerdp, java-1\_8\_0-ibm, and java-1\_8\_0-openj9), and **Ubuntu** (ec2-hibinit-agent, freerdp2, gimp, g ... ⌘ [Read more](https://lwn.net/Articles/953379/) 2023-11-30T14:54:30Z **[$] A Rust implementation of Android's Binder**
The Android system was once famous for extensive, out-of-tree kernel
enhancements. Many of those have been eliminated or upstreamed over
the years, bringing Android much closer to the mainline kernel. One
significant component in the "upstreamed" category is Binder, an
interprocess communication mechanism that is used only by Android. There
are a number of factors that make Binder a good candidate for rewriting in
the Rust language; at the [2023 Linux\
Plumbers Conference](https://lpc.even ... ⌘ [Read more](https://lwn.net/Articles/953116/) 2023-12-01T15:15:17Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, gimp-dds, horizon, libde265, thunderbird, vlc, and zbar), **Fedora** (java-17-openjdk and xen), **Mageia** (optipng, roundcubemail, and xrdp), **Red Hat** (postgresql), **Slackware** (samba), **SUSE** (chromium, containerd, docker, runc, libqt4, opera, python-django-grappelli, sqlite3, and traceroute), and **Ubuntu** (linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15,
 linu ... ⌘ [Read more](https://lwn.net/Articles/953512/) 2023-12-01T16:13:42Z **[$] A Nouveau graphics driver update**
Support for NVIDIA graphics processors has traditionally been a sore point
for Linux users; NVIDIA has not felt the need to cooperate with the kernel
community or make free drivers available, and the reverse-engineered
Nouveau driver has often struggled to keep up with product releases. There
have, however, been signs of improvement in recent years. At the [2023 Linux\
Plumbers Conference](https://lpc.events/event/17/page/198-lpc-2023-overview), graphics subsystem maintainer Dave Airlie provided
an ... ⌘ [Read more](https://lwn.net/Articles/953144/) 2023-12-04T00:54:18Z **6.7-rc4 and stable kernels too**
Linus has [released 6.7-rc4](https://lwn.net/Articles/953646/) for testing.
"And things look fine for now, with a fairly
small rc4".

Meanwhile, the
[6.6.4](https://lwn.net/Articles/953647/),
[6.1.65](https://lwn.net/Articles/953648/), and
[5.15.141](https://lwn.net/Articles/953649/)
stable kernel updates have been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/953645/) 2023-12-04T14:22:40Z **Security updates for Monday**
Security updates have been issued by **Debian** (amanda, ncurses, nghttp2, opendkim, rabbitmq-server, and roundcube), **Fedora** (golang-github-openprinting-ipp-usb, kernel, kernel-headers, kernel-tools, and samba), **Mageia** (audiofile, galera, libvpx, and virtualbox), **Oracle** (kernel and postgresql:13), **SUSE** (openssl-3, optipng, and python-Pillow), and **Ubuntu** (firefox). ⌘ [Read more](https://lwn.net/Articles/953702/) 2023-12-04T14:49:16Z **Bueso: LPC 2023: CXL Microconference**
Davidlohr Bueso has posted [a\
summary of the CXL microconference](https://blog.stgolabs.net/2023/12/lpc-2023-cxl-microconference.html) at the recently concluded Linux
Plumbers Conference. "The goals for the track were to openly discuss
current on-going development efforts around the core driver, as well as
experimental memory management topics which lead to accommodating kernel
infrastructure for new technology and use cases." ⌘ [Read more](https://lwn.net/Articles/953706/) 2023-12-04T15:54:20Z **GDB 14.1 released**
Version 14.1 of the GDB debugger is out. Changes include initial support
for the [debugger\
adapter protocol](https://microsoft.github.io/debug-adapter-protocol//), NO\_COLOR support, the ability to work with
integer types larger than 64 bits, a number of enhancements to the
Python API, and more. ⌘ [Read more](https://lwn.net/Articles/953732/) 2023-12-04T16:00:05Z **[$] What remains to be done for proxy execution**
The kernel's [deadline scheduling class](https://lwn.net/Articles/743740/)
offers a solution to a number of realtime (or generally latency-sensitive)
problems, but it is also resistant to the usual solutions for the [priority-inversion](https://en.wikipedia.org/wiki/Priority_inversion)
problem. The development community has been pursuing proxy execution as a
solution to a few scheduling challenges, including this one; the problem is
difficult and progress has been slow. LWN last [looked ... ⌘ [Read more](https://lwn.net/Articles/953438/) 2023-12-04T16:03:23Z **Django 5.0 released**
[Version\
5.0](https://www.djangoproject.com/weblog/2023/dec/04/django-50-released/) of the Django web framework is out. Significant changes include [database-computed\
default values](https://docs.djangoproject.com/en/5.0/releases/5.0/#database-computed-default-values), field groups in the templating system, and more; see [the release\
notes](https://docs.djangoproject.com/en/5.0/releases/5.0/) for details. ⌘ [Read more](https://lwn.net/Articles/953736/) 2023-12-05T14:09:15Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (roundcube), **Fedora** (java-latest-openjdk), **Mageia** (libqb), **SUSE** (python-Django1), and **Ubuntu** (request-tracker4). ⌘ [Read more](https://lwn.net/Articles/953783/) 2023-12-05T20:34:50Z **[$] Supplementing CVEs with !CVEs**
The [Common Vulnerabilities and Exploits](https://www.cve.org/)
(CVE) system is the main mechanism for tracking various security
flaws,
using the omnipresent CVE number—even vulnerabilities with fancy names and
web sites
have CVE numbers. But the CVE system is not without its critics and, in
truth, the incentives between the reporting side and those responsible for
handling the bugs have always been misaligned, which leads to abuse of
various kinds. There have been [efforts to\
combat some of those ab ... ⌘ [Read more](https://lwn.net/Articles/953738/) 2023-12-06T14:33:07Z **Security updates for Wednesday**
Security updates have been issued by **Fedora** (chromium, clevis-pin-tpm2, firefox, keyring-ima-signer, libkrun, perl, perl-PAR-Packer, polymake, poppler, rust-bodhi-cli, rust-coreos-installer, rust-fedora-update-feedback, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sequoia-wot, rust-sevctl, rust-snphost, and rust-tealdeer), **Mageia** (samba), **Red Hat** (postgresql:12), **SUSE** (haproxy and kernel-firmware), and ... ⌘ [Read more](https://lwn.net/Articles/953861/) 2023-12-06T16:03:13Z **SLAM: a new Spectre technique**
Many processor vendors provide a mechanism to allow some bits of a pointer
value to be used to store unrelated data; these include Intel's [linear address masking (LAM)](https://lwn.net/Articles/902094/), AMD's [upper address ignore](https://lwn.net/Articles/888914/), and Arm's [top-byte\
ignore](https://www.linaro.org/blog/top-byte-ignore-for-fun-and-memory-savings/). A set of researchers has now [come up with a way](https://www.vusec.net/projects/slam/) (that
they call "SLAM") to use those features to b ... ⌘ [Read more](https://lwn.net/Articles/953880/) 2023-12-06T22:16:21Z **[$] A schism in the OpenPGP world**
The [OpenPGP](https://www.openpgp.org/) standard for email
encryption has been around since 1997, when it was derived from the
venerable [Pretty Good\
Privacy](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) (PGP) program that was released in 1991. Since it came about,
OpenPGP has been the decentralized, interoperable way to exchange encrypted
email, though
its use never really took off as advocates hoped. Now, though, it
would seem that a split in the OpenPGP community threatens to
fragment the Op ... ⌘ [Read more](https://lwn.net/Articles/953797/) 2023-12-07T00:58:03Z **[$] LWN.net Weekly Edition for December 7, 2023**
The LWN.net Weekly Edition for December 7, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/953381/) 2023-12-07T14:18:27Z **Security updates for Thursday**
Security updates have been issued by **Debian** (tzdata), **Fedora** (gmailctl), **Oracle** (kernel), **Red Hat** (linux-firmware, postgresql:12, postgresql:13, and squid:4), **SUSE** (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, frr, libtorrent-rasterbar, qbittorrent, openssl-3, openvswitch, openvswitch3, and suse-build-key), and **Ubuntu** (bluez, curl, linux, linux- ... ⌘ [Read more](https://lwn.net/Articles/953977/) 2023-12-07T15:10:25Z **Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
(ars technica)**
[This\
ars technica article](https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/) describes how secure-boot firmware on a huge range
of systems can be subverted with a malicious image file:

> As its name suggests, LogoFAIL involves logos, specifically those
> of the hardware seller that are displayed on the device screen
> early in the boot process, while the ... ⌘ [Read more](https://lwn.net/Articles/953985/) 2023-12-07T16:28:53Z **[$] Controlling shadow-stack allocation in clone3()**
User-space shadow stacks are a relatively new feature in Linux; support was
only added for 6.6, and [is limited to the x86\
architecture](https://lwn.net/Articles/926649/). As support for other architectures (including [arm64](https://lwn.net/Articles/940403/) and RISC-V) approaches readiness,
though, more thought is going into the API for this feature. As a recent
discussion on the integration of shadow stacks with the [clone3() system call](https://lwn.net/Articles/792628/) shows, ... ⌘ [Read more](https://lwn.net/Articles/953794/) 2023-12-08T14:53:46Z **Security updates for Friday**
Security updates have been issued by **Fedora** (chromium), **Mageia** (firefox, thunderbird, and vim), **SUSE** (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container), and **Ubuntu** (freerdp2, glibc, and tinyxml). ⌘ [Read more](https://lwn.net/Articles/954092/) 2023-12-08T15:42:32Z **A bunch of new stable kernels**
The [6.6.5](https://lwn.net/Articles/954111/), [6.1.66](https://lwn.net/Articles/954112/), [5.15.142](https://lwn.net/Articles/954114/), [5.10.203](https://lwn.net/Articles/954115/), [5.4.263](https://lwn.net/Articles/954116/), [4.19.301](https://lwn.net/Articles/954117/), and [4.14.332](https://lwn.net/Articles/954120/) stable kernels have been released.
As usual, they contain important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/954107/) 2023-12-08T16:02:11Z **[$] Modern C for Fedora (and the world)**
It can be instructive to pull down the dog-eared copy of the first edition
of _The C Programming Language_ that many of us still have on our
bookshelves; the language has changed considerably since that book was
published. Many "features" of early C have been left behind, usually for
good reasons, but there is still a lot of code in the wild that is still
using those features. A concerted effort is being made in both the Fedora
and GCC communities to fix that old code and enable some new errors ... ⌘ [Read more](https://lwn.net/Articles/954018/) 2023-12-09T22:55:31Z **Ext4 data corruption in stable kernels**
There is a problem in multiple stable kernel releases that is causing data corruption in ext4 filesystems. It is [caused](https://lore.kernel.org/stable/20231205122122.dfhhoaswsfscuhc3@quack3/) by a problematic commit that is in multiple stable kernels:

> The commit got merged in 6.5-rc1 so all stable kernels that have
> 91562895f803 ("ext4: properly sync file size update after O\_SYNC direct
> IO") before 6.5 are corrupting data - I've noticed at least 6.1 is still
> carrying the problematic co ... ⌘ [Read more](https://lwn.net/Articles/954285/) 2023-12-11T14:02:19Z **Security updates for Monday**
Security updates have been issued by **Debian** (chromium), **Fedora** (bluez, chromium, and curl), **Red Hat** (apr), **Slackware** (libxml2), and **Ubuntu** (squid3 and tar). ⌘ [Read more](https://lwn.net/Articles/954449/) 2023-12-11T14:13:27Z **Two stable kernels**
Greg Kroah-Hartman has announced the release of the [6.6.6](https://lwn.net/Articles/954453/) and [6.1.67](https://lwn.net/Articles/954455/) stable kernels. Both contain a single
reversion of the "wifi: cfg80211: fix CQM for non-range use" patch. ⌘ [Read more](https://lwn.net/Articles/954454/) 2023-12-11T14:51:59Z **Kernel prepatch 6.7-rc5**
The [6.7-rc5](https://lwn.net/Articles/954468/) kernel prepatch is out for
testing.

> Nothing looks particularly scary, which is good, because if it had
> been, I wouldn't have had the capacity to deal with it last week.
>
> Let's hope it stays that way even as I am getting better. Because the
> holidays are almost upon us, and I'm woefully underprepared. ⌘ [Read more](https://lwn.net/Articles/954469/) 2023-12-11T17:35:12Z **[$] Some recent and notable changes to Rust**
The Rust project makes incremental releases every six
weeks, a fact that makes it easy to overlook some of the
interesting changes coming to the language, such as new
ABIs, better debugger support, asynchronous traits, and
support for C strings.
The end of the year provides an opportunity to look back
over the past several months of updates, and to look
forward to what to expect in 2024. ⌘ [Read more](https://lwn.net/Articles/954033/) 2023-12-11T19:55:53Z **Bottomley: Solving the Looming Developer Liability Problem**
James Bottomley [writes](https://blog.hansenpartnership.com/solving-the-looming-developer-liability-problem/)
that open-source developers are increasingly likely to be held liable for
flaws in their code and suggests a solution:

> Indemnification means one party, in particular circumstances,
> agreeing to be on the hook for the legal responsibilities of
> another party. This is actually a well known way not of avoiding
> liability but transferring it to where it belongs. A ... ⌘ [Read more](https://lwn.net/Articles/954528/) 2023-12-12T15:32:34Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (libreoffice and webkit2gtk), **Fedora** (java-1.8.0-openjdk and seamonkey), **Oracle** (apr, edk2, kernel, and squid:4), **Red Hat** (postgresql:12, tracker-miners, and webkit2gtk3), **SUSE** (curl, go1.20, go1.21, hplip, openvswitch, opera, squid, and xerces-c), and **Ubuntu** (binutils, ghostscript, libreoffice, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
 linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke,
 linux-hwe-5.15, li ... ⌘ [Read more](https://lwn.net/Articles/954706/) 2023-12-12T17:56:45Z **[$] Project Bluefin: A customized Fedora Silverblue desktop image**
So-called "immutable" Linux distributions have been in development for
some time, but (unless you count Chrome OS) haven't gained much traction. [Project Bluefin](https://projectbluefin.io/), is a heavily
customized set of [Fedora\
Silverblue](https://fedoraproject.org/silverblue/) images coming from the [Universal Blue](https://universal-blue.org/) community; they are
designed to deliver a reliable Linux desktop that's as easy to use as a
Chromebook but more customizab ... ⌘ [Read more](https://lwn.net/Articles/954059/) 2023-12-12T21:48:09Z **Graber: LXD now re-licensed and under a CLA**
The story of Canonical's takeover of the [LXD container manager](https://github.com/canonical/lxd), and the
subsequent creation of the [Incus fork](https://linuxcontainers.org/incus/), has been
simmering for a while. Now Incus developer Stéphane Graber [reports](https://stgraber.org/2023/12/12/lxd-now-re-licensed-and-under-a-cla/)
that Canonical has changed the license and contribution terms for LXD:

> Per the commit message performing the re-licensing, all further
> contributions will be ... ⌘ [Read more](https://lwn.net/Articles/954777/) 2023-12-12T22:04:15Z **The end of vger.kernel.org**
Konstantin Ryabitsev has [announced](https://lwn.net/ml/linux-kernel/20231212-unselfish-real-myna-67e444@lemur/)
that the movement of kernel mailing lists away from the venerable
vger.kernel.org system is nearly complete:

> Over the past few months we've migrated all of the vger.kernel.org
> mailing lists, with the exception of the Big One (linux-kernel, aka
> LKML). This list alone is responsible for about 80% of all vger
> mailing list traffic, so we left it for the last.
>
> This Thursday, December 14 ... ⌘ [Read more](https://lwn.net/Articles/954783/) 2023-12-13T14:49:38Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (debian-security-support and xorg-server), **Fedora** (java-17-openjdk, libcmis, and libreoffice), **Mageia** (fish), **Red Hat** (buildah, containernetworking-plugins, curl, fence-agents, kernel, kpatch-patch, libxml2, pixman, podman, runc, skopeo, and tracker-miners), **SUSE** (kernel, SUSE Manager 4.3.10 Release Notes, and SUSE Manager Client Tools), and **Ubuntu** (gnome-control-center, linux-gcp, linux-kvm, linux-gkeop, linux-gkeop-5.15, linux-hwe-6.2, ... ⌘ [Read more](https://lwn.net/Articles/954921/) 2023-12-13T16:37:51Z **OpenPGP for application developers**
A new book called [OpenPGP for application\
developers](https://openpgp.dev/) has been released under the Creative Commons BY-SA license.

> This document is not intended for end-users or implementers of
> OpenPGP libraries (or other software that directly handles internal
> OpenPGP data structures).
>
> Instead, this document is focused on the second group, application
> developers, who use OpenPGP functionality in their software
> projects. It describes the properties of the OpenPGP system and it ... ⌘ [Read more](https://lwn.net/Articles/954964/) 2023-12-13T17:28:03Z **Rust for Linux — in space**
The Rust for Linux (RFL) project may not have (yet) resulted in user-visible
changes to the Linux kernel, but it seems the wider world has taken notice.
Hongyu Li has [announced](https://rust-for-linux.zulipchat.com/#narrow/stream/288089-General/topic/We.20build.20a.20Rust.20Realtime.20Operating.20System.28.60RROS.60.29.20using.20RFL!/near/407428553)
that the Rust for Linux code is now part of a satellite just [launched](https://bupt-os.github.io/website/news/2023_12_9/satellite_launch/)
out of China. The sat ... ⌘ [Read more](https://lwn.net/Articles/954974/) 2023-12-13T20:39:52Z **More stable kernel updates**
The
[6.6.7](https://lwn.net/Articles/954990/),
[6.1.68](https://lwn.net/Articles/954989/),
[5.15.143](https://lwn.net/Articles/954988/),
[5.10.204](https://lwn.net/Articles/954987/),
[5.4.264](https://lwn.net/Articles/954986/),
[4.19.302](https://lwn.net/Articles/954985/), and
[4.14.333](https://lwn.net/Articles/954984/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/954983/) 2023-12-13T21:49:25Z **[$] Logo and trademark issues for openSUSE**
A [contest for new logos](https://en.opensuse.org/Logocontest)
for the [openSUSE project](https://www.opensuse.org/) and for
four separate distributions of it,
[Tumbleweed](https://en.opensuse.org/Portal:Tumbleweed), [Leap](https://en.opensuse.org/Portal:Leap), [Slowroll](https://en.opensuse.org/openSUSE:Slowroll), and
[Kalpa](https://en.opensuse.org/Portal:Kalpa), has turned into a
bit of an uproar in that community. A [vote\
has been held on the candidates](https://news.opensuse.org/2023/11 ... ⌘ [Read more](https://lwn.net/Articles/954760/) 2023-12-14T00:45:15Z **[$] LWN.net Weekly Edition for December 14, 2023**
The LWN.net Weekly Edition for December 14, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/953980/) 2023-12-14T14:20:24Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium and rabbitmq-server), **Fedora** (chromium, kernel, perl-CryptX, and python-jupyter-server), **Mageia** (curl), **Oracle** (curl and postgresql), **Red Hat** (gstreamer1-plugins-bad-free, linux-firmware, postgresql, postgresql:10, and postgresql:15), **Slackware** (xorg), **SUSE** (catatonit, containerd, runc, container-suseconnect, gimp, kernel, openvswitch, poppler, python-cryptography, python-Twisted, python3-cryptography, qemu, squid, tiff, web ... ⌘ [Read more](https://lwn.net/Articles/955130/) 2023-12-14T15:45:03Z **[$] Ext4 data corruption hits the stable kernels**
The kernel's stable-update process is intended to produce kernels that are,
well, stable; when that promise is lived up to, users can update to newer
stable updates without fear. By any account, a bug that corrupts data on
ext4 filesystems constitutes a failure to hold to that promise. As is so
often the case, this problem is the result of a chain of failures in a
system that works well most of the time. ⌘ [Read more](https://lwn.net/Articles/954770/) 2023-12-14T23:11:57Z **25 years of Postfix**
Wietse Venema posted a [note](https://marc.info/?l=postfix-users&m=170256002601828&w=2) to the postfix-users mailing list about the 25th anniversary of the [Postfix](https://www.postfix.org/) mail server. As can be seen, it had a pivotal role in bringing more awareness of open-source software to IBM. Beyond that, of course, it is an excellent piece of software in its own right.

> As a few on this list may recall, it is 25 years ago today that the
> "IBM secure mailer" had its public beta release. This was accompan ... ⌘ [Read more](https://lwn.net/Articles/955248/) 2023-12-15T14:13:04Z **Security updates for Friday**
Security updates have been issued by **Debian** (bluez and haproxy), **Fedora** (curl, dotnet6.0, dotnet7.0, tigervnc, and xorg-x11-server), **Red Hat** (avahi and gstreamer1-plugins-bad-free), **Slackware** (bluez), **SUSE** (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cosign, curl, gstreamer-plugins-bad, haproxy, ImageMagick, kernel, kernel-firmware, libreoffice, tiff ... ⌘ [Read more](https://lwn.net/Articles/955336/) 2023-12-15T15:04:11Z **[$] Progress toward a GCC-based Rust compiler**
The [gccrs](https://rust-gcc.github.io/) project is an ambitious
effort started in 2014 to implement a Rust compiler within The GNU Compiler
Collection (GCC). Even though the task is far from complete, progress has
been made since LWN's [previous coverage](https://lwn.net/Articles/909887/),
according to reports from the project. Meanwhile, another hybrid and more
mature approach to GCC Rust code generation is available in [rust\_codegen\_gcc](https://github.com/rust-lang/rustc_codegen_gcc) ... ⌘ [Read more](https://lwn.net/Articles/954787/) 2023-12-15T16:23:08Z **DeMaio: Insights from the openSUSE Logo Contest**
In response to the expressed unhappiness over the recent logo-selection
process in the openSUSE project (covered in [this article](https://lwn.net/Articles/954760/)), the project has [announced](https://news.opensuse.org/2023/12/15/insights-from-the-os-logo-contest/)
that there will be a new vote:

> During the community meeting this week where the results were
> discussed, participants expressed the view that members of the
> openSUSE Project have an opportunity to participate in the
 ... ⌘ [Read more](https://lwn.net/Articles/955366/) 2023-12-17T20:15:00Z **Min: sched_ext: a BPF-extensible scheduler class (Part 1)**
Changwoo Min [provides\
an introduction to the sched\_ext scheduling class](https://blogs.igalia.com/changwoo/sched-ext-a-bpf-extensible-scheduler-class-part-1/):

> Sched\_ext was proposed to address the problems mentioned above. It
> allows users to write a custom scheduling policy using BPF without
> modifying the kernel code. You don't need to struggle to maintain
> the out-of-tree custom scheduler. In addition, BPF provides a safe
> kernel programming environment. In p ... ⌘ [Read more](https://lwn.net/Articles/955481/) 2023-12-18T00:19:56Z **Kernel prepatch 6.7-rc6**
Linus has released [6.7-rc6](https://lwn.net/Articles/955484/) for testing.
" Please do give this a test in between the last-minute xmas shopping or
whatever else is going on ..." ⌘ [Read more](https://lwn.net/Articles/955485/) 2023-12-18T14:00:13Z **Security updates for Monday**
Security updates have been issued by **Debian** (freeimage, ghostscript, intel-microcode, spip, and xorg-server), **Fedora** (chromium, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, PyDrive2, seamonkey, and vim), **Gentoo** (Leptonica), **Mageia** (audiofile, gimp, golang, and poppler), **Oracle** (buildah, containernetworking-plugins, gstreamer1-plugins-bad-free, kernel, kernel-container, libxml2, pixman, podman, postgresql, postgresql:15, runc, skopeo, tracker-miners, and webkit2gtk3), and **SUSE** ( ... ⌘ [Read more](https://lwn.net/Articles/955566/) 2023-12-18T15:01:32Z **[$] The intersection of mlx5, netdev, and lockdown**
The NVIDIA Mellanox ConnectX HW family of adapters is a complex beast,
supporting networking, InfiniBand, RDMA, and more. As a result, the mlx5
kernel driver that supports this hardware is also complex, as is the
interface that it provides to user space. The mlx5 developers have, for a
while now, been [proposing](https://lwn.net/ml/linux-kernel/20231121070619.9836-1-saeed@kernel.org/)
the addition of a new control interface, in the form of a separate virtual
device exported by the ker ... ⌘ [Read more](https://lwn.net/Articles/955001/) 2023-12-19T14:49:21Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (webkit2gtk), **Fedora** (rdiff-backup and xorg-x11-server-Xwayland), **Mageia** (cjose and ghostscript), **Oracle** (avahi), **Red Hat** (postgresql:10), and **SUSE** (avahi, freerdp, libsass, and ncurses). ⌘ [Read more](https://lwn.net/Articles/955678/) 2023-12-19T14:56:31Z **Firefox 121.0 released**
[Version\
121.0](https://www.mozilla.org/en-US/firefox/121.0/releasenotes/) of the Firefox browser is out. Along with the usual pile of
security fixes, this release add the ability to force links to be rendered
with underlines and use of Wayland by default if it is available: "This
brings support for touchpad & touchscreen gestures, swipe-to-nav,
per-monitor DPI settings, better graphics performance, and more." ⌘ [Read more](https://lwn.net/Articles/955679/) 2023-12-19T15:05:31Z **OpenSSH 9.6 released**
[OpenSSH\
9.6](https://lwn.net/ml/oss-security/fac431e499f4d173@cvs.openbsd.org/) has been released. It includes some minor improvements and a fix
for the so-called [Terrapin\
attack](https://terrapin-attack.com/).

> While cryptographically novel, the security impact of this attack
> is fortunately very limited as it only allows deletion of
> consecutive messages, and deleting most messages at this stage of
> the protocol prevents user authentication from proceeding and
> results in a stuck connection. ⌘ [Read more](https://lwn.net/Articles/955680/) 2023-12-19T15:50:42Z **Qubes OS 4.2.0 released**
Version 4.2.0 of the Qubes OS distribution has been released; changes
include a switch to Xfce for the Fedora and Debian templates, a number of
rewritten graphical applications, PipeWire support, and more. See [the release\
notes](https://www.qubes-os.org/doc/releases/4.2/release-notes/) for details. (Qubes OS was last [covered here](https://lwn.net/Articles/873255/) in 2021). ⌘ [Read more](https://lwn.net/Articles/955691/) 2023-12-19T17:19:37Z **[$] The Linux graphics stack in a nutshell, part 1**
Linux graphics developers often speak of _modern_ Linux graphics
when they refer to a number of individual software components and how they
interact
with each other.
Among other things, it's a mix of kernel-managed display resources,
Wayland for compositing, accelerated 3D rendering, and decidedly not X11.
In a two-part series, we will take a fast-paced journey
through the graphics code to see how it converts application data
to pixel data and displays it on the screen. In this instal ... ⌘ [Read more](https://lwn.net/Articles/955376/) 2023-12-20T15:04:36Z **Security updates for Wednesday**
Security updates have been issued by **Fedora** (ansible and ansible-core), **Gentoo** (Minecraft Server and thunderbird), **Mageia** (fusiondirectory), **Red Hat** (gstreamer1-plugins-bad-free, opensc, and openssl), **Slackware** (libssh and mozilla), **SUSE** (avahi, firefox, ghostscript, gstreamer-plugins-bad, mariadb, openssh, openssl-1\_1-livepatches, python-aiohttp, python-cryptography, xorg-x11-server, and xwayland), and **Ubuntu** (libssh and openssh). ⌘ [Read more](https://lwn.net/Articles/955786/) 2023-12-20T16:28:28Z **Seven stable kernels**
The
[6.6.8](https://lwn.net/Articles/955813/),
[6.1.69](https://lwn.net/Articles/955814/),
[5.15.144](https://lwn.net/Articles/955815/),
[5.10.205](https://lwn.net/Articles/955816/),
[5.4.265](https://lwn.net/Articles/955817/),
[4.19.303](https://lwn.net/Articles/955818/), and
[4.14.334](https://lwn.net/Articles/955819/)
stable kernel updates have all been released; each contains another set of
important fixes.

Note that [5.15.145](https://lwn.net/ml/linux-kernel/20231220160931.251686445@linuxfoundation.org/)
is ... ⌘ [Read more](https://lwn.net/Articles/955812/) 2023-12-20T16:52:00Z **LSFMM+BPF 2024 call for proposals**
The 2024 Linux Storage, Filesystem, Memory-Management, and BPF Summit will
be held May 13 to 15 in Salt Lake City, Utah, USA. The [call\
for proposals](https://lwn.net/ml/linux-mm/4343d07b-b1b2-d43b-c201-a48e89145e5c@iogearbox.net/) has already gone out, with a deadline of March 1.
"LSF/MM/BPF is an invitation-only technical workshop to map out
improvements to the Linux storage, filesystem, BPF, and memory management
subsystems that will make their way into the mainline kernel within the
coming years. ... ⌘ [Read more](https://lwn.net/Articles/955827/) 2023-12-20T17:40:13Z **[$] Looking back at 2023**
Yet another year has come to an end. Much to our dismay, 2023 did not, in
fact, happen exactly as we [predicted back in\
January](https://lwn.net/Articles/918790/). So it seems that, once again, we will have to go through the
process of looking at the predictions that we made and mocking each in
turn, before getting into what was missed altogether. A lot happened in
2023, not all of which was predictable. ⌘ [Read more](https://lwn.net/Articles/954535/) 2023-12-20T20:21:00Z **QEMU 8.2.0 released**
[Version 8.2.0](https://www.qemu.org/2023/12/20/qemu-8-2-0/) of
the QEMU emulator is out. Changes include new emulations for virtio-sound
devices, universal flash storage devices, Xilinx Versai boards, and much
more. ⌘ [Read more](https://lwn.net/Articles/955832/) 2023-12-21T00:45:28Z **[$] LWN.net Weekly Edition for December 21, 2023**
The LWN.net Weekly Edition for December 21, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/955132/) 2023-12-21T13:58:45Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr), **Fedora** (kernel), **Mageia** (bluez), **Oracle** (fence-agents, gstreamer1-plugins-bad-free, opensc, openssl, postgresql:10, and postgresql:12), **Red Hat** (postgresql:15 and tigervnc), **Slackware** (proftpd), and **SUSE** (docker, rootlesskit, firefox, go1.20-openssl, go1.21-openssl, gstreamer-plugins-bad, libreoffice, libssh2\_org, poppler, putty, rabbitmq-server, wireshark, xen, xorg-x11-server, and xwayland). ⌘ [Read more](https://lwn.net/Articles/955914/) 2023-12-21T16:02:37Z **Announcing `async fn` and return-position `impl Trait` in traits (Rust Blog)**
The Rust Blog [announces](https://blog.rust-lang.org/2023/12/21/async-fn-rpit-in-traits.html)
the stabilization of a couple of trait features aimed at improving support
for async code:

> Ever since the stabilization of RFC #1522 in Rust 1.26, Rust has
> allowed users to write impl Trait as the return type of
> functions (often called "RPIT"). This means that the function
> returns "some type that implements Trait". This is
> commonly used to return closu ... ⌘ [Read more](https://lwn.net/Articles/955925/) 2023-12-21T16:41:10Z **[$] Data-type profiling for perf**
Tooling for profiling the effects of memory usage and layout has always
lagged behind that for profiling processor activity, so Namhyung Kim's [patch set for data-type profiling\
in perf](https://lwn.net/Articles/954938/) is a welcome addition. It provides aggregated breakdowns of
memory accesses by data type that can inform structure layout and access
pattern changes. Existing tools have either, like [heaptrack](https://invent.kde.org/sdk/heaptrack), focused on
profiling allocations, or, like perf mem ... ⌘ [Read more](https://lwn.net/Articles/955709/) 2023-12-21T22:48:42Z **The 6.7 kernel will be released on January 7**
Unsurprisingly, Linus Torvalds has [let\
it be known](https://lwn.net/ml/bpf/CAHk-=whceLbGZwuLnR0S3V_ajedDXj=s86sm89m+VT2YrbG1NA@mail.gmail.com/) that he will do a 6.7-rc8 release (rather than 6.7 final)
on December 31, thus avoiding opening the 6.8 merge window on New
Year's Day.

> Just FYI - my current plan is that -rc7 will happen this Saturday
> (because I still follow the Finnish customs of Christmas \_Eve\_
> being the important day, so Sunday I'll be off), and then if
> anything ... ⌘ [Read more](https://lwn.net/Articles/955970/) 2023-12-22T13:57:00Z **Security updates for Friday**
Security updates have been issued by **Debian** (bluez, chromium, gst-plugins-bad1.0, openssh, and thunderbird), **Fedora** (chromium, firefox, kernel, libssh, nss, opensc, and thunderbird), **Gentoo** (Arduino, Exiv2, LibRaw, libssh, NASM, and QtWebEngine), **Mageia** (gstreamer), and **SUSE** (gnutls, gstreamer-plugins-bad, libcryptopp, libqt5-qtbase, ppp, tinyxml, xorg-x11-server, and zbar). ⌘ [Read more](https://lwn.net/Articles/956012/) 2023-12-22T17:24:08Z **Darktable 4.6.0 released**
[Version\
4.6.0](https://www.darktable.org/2023/12/darktable-4.6.0-released/) of the darktable photo editor has been released. Changes include
a new "rgb primaries" module that "can be used for delicate color
corrections as well as creative color grading", enhancements to the
sigmoid module, some performance improvements, and more. (LWN [looked at darktable](https://lwn.net/Articles/881853/) in 2022). ⌘ [Read more](https://lwn.net/Articles/956017/) 2023-12-23T22:16:03Z **Stable kernel 5.15.145**
The [5.15.145](https://lwn.net/Articles/956081/) stable kernel has been
released. It consists mostly of fixes to the ksmbd subsystem, which has
been marked as broken due to (until now) a lack of support for the 5.15.x
kernels. ⌘ [Read more](https://lwn.net/Articles/956082/) 2023-12-24T01:26:17Z **Kernel prepatch 6.7-rc7**
The [6.7-rc7](https://lwn.net/Articles/956091/) kernel prepatch is out for
testing.

> Anyway, rc7 itself looks fairly normal. It's actually a bit bigger
> than rc6 was, but not hugely so, and nothing in here looks at all
> strange. Please do give it a whirl if you have the time and the
> energy, but let's face it, I expect things to be very quiet and
> this to be one of those "nothing happens" weeks. Because even if
> you aren't celebrating this time of year, you might take advantage
> of the peace and q ... ⌘ [Read more](https://lwn.net/Articles/956092/) 2023-12-25T17:58:18Z **Ruby 3.3.0 Released**
As is the tradition for the [Ruby programming language](https://www.ruby-lang.org/en/), December 25 is the date for new major releases; this year, [Ruby 3.3.0 was released](https://www.ruby-lang.org/en/news/2023/12/25/ruby-3-3-0-released/). It comes with a new parser called " [Prism](https://github.com/ruby/prism)" that is "both a C library that will be used internally by CRuby and a Ruby gem that can be used by any tooling which needs to parse Ruby code". The release also has many performance improvements, especia ... ⌘ [Read more](https://lwn.net/Articles/956115/) 2023-12-26T14:58:51Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (curl, openssh, osslsigncode, and putty), **Fedora** (chromium, filezilla, libfilezilla, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, opensc, thunderbird, unrealircd, and xorg-x11-server-Xwayland), **Gentoo** (Ceph, FFmpeg, Flatpak, Gitea, and SABnzbd), **Mageia** (chromium-browser-stable), **Slackware** (kernel and postfix), and **SUSE** (cppcheck, distribution, gstreamer-plugins-bad, jbig ... ⌘ [Read more](https://lwn.net/Articles/956156/) 2023-12-27T18:35:45Z **Debian statement on the Cyber Resilience Act**
The Debian project has [completed a\
general-resolution vote](https://www.debian.org/vote/2023/vote_002), adopting a statement expressing concern about
the Cyber Resilience Act (CRA) pending in the European Union.

> Even if only "commercial activities" are in the scope of CRA, the
> Free Software community - and as a consequence, everybody - will
> lose a lot of small projects. CRA will force many small enterprises
> and most probably all self employed developers out of business
> beca ... ⌘ [Read more](https://lwn.net/Articles/956187/) 2023-12-28T14:46:18Z **[$] The Linux graphics stack in a nutshell, part 2**
Displaying an application's graphical output onto the screen requires
compositing and
mode setting that are correctly synchronized among the various pieces,
with low overhead.
In this second and final article in the series, we will look at
those pieces of the Linux graphics stack. In the [first installment](https://lwn.net/Articles/955376/), we
followed the path of graphics from the application, through Mesa, while
using the
memory-management features of the kernel's [Direct\
Renderin ... ⌘ [Read more](https://lwn.net/Articles/955708/) 2023-12-28T14:45:29Z **Security updates for Thursday**
Security updates have been issued by **Debian** (haproxy, libssh, and nodejs), **Fedora** (filezilla and minizip-ng), **Gentoo** (Git, libssh, and OpenSSH), and **SUSE** (gstreamer, postfix, webkit2gtk3, and zabbix). ⌘ [Read more](https://lwn.net/Articles/956257/) 2023-12-28T18:33:02Z **Rust 1.75.0 released**
[Version\
1.75.0](https://blog.rust-lang.org/2023/12/28/Rust-1.75.0.html) of the Rust language has been released. Notable changes include
" [async\
fn and -\> impl Trait in traits](https://blog.rust-lang.org/2023/12/21/async-fn-rpit-in-traits.html)", a pointer byte-offset
API, some compiler performance improvements, and a number of stabilized APIs. ⌘ [Read more](https://lwn.net/Articles/956303/) 2023-12-29T15:17:50Z **Gentoo in binary form**
Gentoo Linux is the prototypical source-based distribution, but there is
now [a\
binary installation option](https://www.gentoo.org/news/2023/12/29/Gentoo-binary.html) available as well.

> To speed up working with slow hardware and for overall convenience,
> we’re now also offering binary packages for download and direct
> installation! For most architectures, this is limited to the core
> system and weekly updates - not so for amd64 and arm64
> however. There we’ve got a stunning >20 GByte of packages on ou ... ⌘ [Read more](https://lwn.net/Articles/956366/) 2023-12-31T19:47:29Z **Gnuplot 6.0 released**
Version 6.0 of the Gnuplot plotting system
has been released.

> Gnuplot has been supported and under active development since 1986.
> This is the first new major version of gnuplot since the release of
> version 5 in January 2015. It introduces extensions to the gnuplot
> command language, an expanded collection of special and
> complex-valued functions, additional 2D and 3D plotting styles, and
> support for new output protocols.

See [the\
release notes](https://gnuplot.sourceforge.net/ReleaseNotes_6_0_0.h ... ⌘ [Read more](https://lwn.net/Articles/956454/) 2023-12-31T21:05:28Z **Julia 1.10 released**
The [Julia programming language](https://julialang.org/) project has released [Julia v1.10](https://docs.julialang.org/en/v1/NEWS/#Julia-v1.10-Release-Notes). It is mainly a performance release, with only two new language features mentioned in the release notes: "JuliaSyntax.jl is now used as the default parser, providing better diagnostics and faster parsing." and the addition of two Unicode symbols for use as binary operators: "⥺ (U+297A, \\leftarrowsubset) and ⥷ (U+2977, \\leftarrowless)". Package-loading time h ... ⌘ [Read more](https://lwn.net/Articles/956456/) 2023-12-31T21:44:30Z **Kernel prepatch 6.7-rc8**
Linus has released [6.7-rc8](https://lwn.net/Articles/956466/) for testing.

> So as expected, pretty much nothing happened over the holiday week.
> We've got literally just 45 files changed, and almost a third of
> those files aren't even kernel code (ie things like selftests,
> scripting, Kconfig and maintainer file updates). And some of the
> rest is prep-work and cleanups for future (real) changes.
>
> But we do have a couple of real fixes in there, and I suspect we'll
> get a few more next week as peop ... ⌘ [Read more](https://lwn.net/Articles/956467/) 2024-01-01T15:30:05Z **Security updates for Monday**
Security updates have been issued by **Debian** (ansible, asterisk, cjson, firefox-esr, kernel, libde265, libreoffice, libspreadsheet-parseexcel-perl, php-guzzlehttp-psr7, thunderbird, tinyxml, and xerces-c), **Fedora** (podman-tui, proftpd, python-asyncssh, squid, and xerces-c), **Mageia** (libssh and proftpd), and **SUSE** (deepin-compressor, gnutls, gstreamer, libreoffice, opera, proftpd, and python-pip). ⌘ [Read more](https://lwn.net/Articles/956521/) 2024-01-01T15:46:04Z **Scribus 1.6.0 released**
Version 1.6.0 of the [Scribus\
desktop-publishing application](https://www.scribus.net/) has been [released](https://www.scribus.net/scribus-1-6-0-released/). The
list of new features is rather long and includes a user interface overhaul,
improvements for HiDPI screens, new scripting commands, lots of
typographical improvements and features, a new picture browser for
graphical asset management, support for more gradient types, and much more.

> Scribus 1.6.0 is the long awaited release in the next stable series, ... ⌘ [Read more](https://lwn.net/Articles/956522/) 2024-01-01T16:14:41Z **[$] The trouble with MAX_ORDER**
One might not think that much could be said about a simple macro defining a
constant integer value. But the kernel is special, it seems. A change to
the definition of MAX\_ORDER has had a number of follow-on effects,
and the task of cleaning up after this change is not done yet. So perhaps
a look at MAX\_ORDER is in order. ⌘ [Read more](https://lwn.net/Articles/956321/) 2024-01-02T15:09:33Z **Security updates for Tuesday**
Security updates have been issued by **Red Hat** (firefox and thunderbird), **SUSE** (gstreamer-plugins-bad, libssh2\_org, and webkit2gtk3), and **Ubuntu** (firefox and thunderbird). ⌘ [Read more](https://lwn.net/Articles/956568/) 2024-01-02T22:40:28Z **[$] LWN's guide to 2024**
The calendar has flipped over into 2024 — another year has begun. Here at
LWN, we do not have a better idea of what this year will bring than anybody
else does, but that doesn't keep us from going out on a shaky limb and
making predictions anyway. Here, for the curious, are a few things that we
think may be in store for 2024. ⌘ [Read more](https://lwn.net/Articles/954544/) 2024-01-03T15:21:20Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (kernel), **Fedora** (slurm), **Oracle** (kernel and postgresql:15), **Red Hat** (firefox, gstreamer1-plugins-bad-free, thunderbird, tigervnc, and xorg-x11-server), **SUSE** (polkit, postfix, putty, w3m, and webkit2gtk3), and **Ubuntu** (nodejs). ⌘ [Read more](https://lwn.net/Articles/956694/) 2024-01-03T15:36:25Z **Vim 9.1 released**
[Version 9.1](https://www.vim.org/vim-9.1-released.php) of the
Vim editor has been released. "This release is dedicated to Bram
Moolenaar, Vims lead developer for more than 30 years, who passed away half
a year ago. The Vim project wouldn't exist without his work". Changes
include new support for classes and objects in the scripting language,
smooth scrolling support, an EditorConfig plugin, and more. ⌘ [Read more](https://lwn.net/Articles/956696/) 2024-01-03T16:05:57Z **Lenôtre: Maestro - Introduction**
On his blog,
Luc Lenôtre [introduces\
Maestro](https://blog.lenot.re/a/introduction), "a Unix-like kernel and operating system written from
scratch in Rust". [Maestro](https://github.com/llenotre/maestro) is intended to be
"lightweight and compatible-enough with Linux to be usable in everyday
life". The project began, in C, back in 2018, but switched over to
Rust after a year-and-a-half. The current status:

> Maestro is a monolithic kernel, supporting only the x86 (in 32 bits)
> architecture for now.
> ... ⌘ [Read more](https://lwn.net/Articles/956699/) 2024-01-03T22:42:12Z **[$] Smuggling email inside of email**
Normally, when a new vulnerability is discovered and releases are
coordinated with those affected, the announcement is done at
a convenient time—not generally right before the end-of-year holidays, for
example. The [SMTP\
Smuggling vulnerability](https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/) has taken a different path, however, with its
announcement landing on December 18. That may well have been
unpleasant for some administrators that had not yet updated, but it wa ... ⌘ [Read more](https://lwn.net/Articles/956533/) 2024-01-04T01:40:06Z **[$] LWN.net Weekly Edition for January 4, 2024**
The LWN.net Weekly Edition for January 4, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/955921/) 2024-01-04T14:29:13Z **Security updates for Thursday**
Security updates have been issued by **Oracle** (firefox, gstreamer1-plugins-bad-free, thunderbird, tigervnc, and xorg-x11-server), **Red Hat** (squid:4), **SUSE** (exim, libcryptopp, and proftpd), and **Ubuntu** (openssh and sqlite3). ⌘ [Read more](https://lwn.net/Articles/956855/) 2024-01-04T15:30:08Z **Computer science pioneer Niklaus Wirth passes away (ITWire)**
ITWire [covers\
the passing of Niklaus Wirth](https://itwire.com/it-people-news/people-moves/computer-science-pioneer-niklaus-wirth-passes-away.html).

> Wirth is well-remembered for his pioneering work in programming
> languages and algorithms. For these achievements, he received the
> ACM Turing Award in 1984, inducted as a Fellow of the ACM in 1994,
> and a Fellow of the Computer History Museum in 2004.
>
> They include, among many, being chief designer for the programm ... ⌘ [Read more](https://lwn.net/Articles/956864/) 2024-01-05T00:24:06Z **[$] The return of None-aware operators for Python**
The saga of the None-aware (or null-coalescing) operators for Python
continues. We last [looked in on the topic](https://lwn.net/Articles/918058/)
a little over a year ago and noted that either adoption or a clear
rejection of the idea might help tamp down its regular recurrence. That
has not happened, so, predictably, it was raised again—and does not look
any closer to resolution this time around. ⌘ [Read more](https://lwn.net/Articles/956862/) 2024-01-05T14:45:41Z **Security updates for Friday**
Security updates have been issued by **Debian** (asterisk, chromium, exim4, netatalk, and tomcat9), **Fedora** (chromium), **Gentoo** (BlueZ, c-ares, CUPS filters, RDoc, and WebKitGTK+), **Oracle** (firefox, squid:4, thunderbird, and tigervnc), **SUSE** (python-aiohttp and python-paramiko), and **Ubuntu** (linux-intel-iotg). ⌘ [Read more](https://lwn.net/Articles/957005/) 2024-01-05T14:57:34Z **Four stable kernels released**
The [6.6.10](https://lwn.net/Articles/957008/), [6.1.71](https://lwn.net/Articles/957009/), [5.15.146](https://lwn.net/Articles/957010/), and [5.10.206](https://lwn.net/Articles/957011/) stable kernels have been released.
They contain numerous important fixes, as usual. ⌘ [Read more](https://lwn.net/Articles/957007/) 2024-01-05T15:41:27Z **[$] Kernel-text replication on NUMA systems**
Kernel developers often go out of their way to reduce the memory used by
the kernel itself; that memory is not available for the workloads that
people are actually interested in running on their systems. Lower memory
usage also tends to lead to better performance overall. But there are
times when the expenditure of some extra memory can make the system faster.
The replication of the kernel's text (executable code) and read-only data
across a NUMA system may be a case in point; patch sets hav ... ⌘ [Read more](https://lwn.net/Articles/956900/) 2024-01-07T20:48:56Z **The 6.7 kernel has been released**
Linus has [released the 6.7 kernel](https://lwn.net/Articles/957104/).

> End result: 6.7 is (in number of commits: over 17k non-merge
> commits, with 1k+ merges) one of the largest kernel releases we've
> ever had, but the extra rc8 week was purely due to timing with the
> holidays, not about any difficulties with the larger release.

Some of the headline features in this release are:
the [removal](https://lwn.net/Articles/920259/) of support for the Itanium
architecture,
the first part of the [fut ... ⌘ [Read more](https://lwn.net/Articles/957098/) 2024-01-08T14:25:42Z **Security updates for Monday**
Security updates have been issued by **Debian** (exim4), **Fedora** (chromium, perl-Spreadsheet-ParseExcel, python-aiohttp, python-pysqueezebox, and tinyxml), **Gentoo** (Apache Batik, Eclipse Mosquitto, firefox, R, Synapse, and util-linux), **Mageia** (libssh2 and putty), **Red Hat** (squid), **SUSE** (libxkbcommon), and **Ubuntu** (gnutls28). ⌘ [Read more](https://lwn.net/Articles/957146/) 2024-01-08T14:48:44Z **Three new stable kernels**
Greg Kroah-Hartman has announced the release of the [5.4.266](https://lwn.net/Articles/957149/), [4.19.304](https://lwn.net/Articles/957151/), and [4.14.335](https://lwn.net/Articles/957152/) stable kernels. They contain
important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/957148/) 2024-01-08T18:08:05Z **[$] Some 6.7 development statistics**
The 6.7 kernel was [released](https://lwn.net/ml/linux-kernel/CAHk-=widprp4XoHUcsDe7e16YZjLYJWra-dK0hE1MnfPMf6C3Q@mail.gmail.com/)
on January 7 after a ten-week development cycle. This was, as it
turns out, the busiest cycle ever with regard to the number of changesets
merged. The time has come for our usual look at where all those changesets
came from, with a side trip into how long kernel developers tend to stick
around. ⌘ [Read more](https://lwn.net/Articles/956765/) 2024-01-09T14:50:58Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (squid), **Fedora** (podman), **Mageia** (dropbear), **SUSE** (eclipse-jgit, jsch, gcc13, helm3, opusfile, qt6-base, thunderbird, and wireshark), and **Ubuntu** (clamav, libclamunrar, and qemu). ⌘ [Read more](https://lwn.net/Articles/957236/) 2024-01-09T15:00:01Z **Solus 4.5 released**
[Version 4.5\
("Resilience")](https://getsol.us/2024/01/08/solus-4-5-released/) of the Solus distribution has been released. "This
release brings updated applications and kernels, refreshed software stacks,
a new installer, and a new ISO edition featuring the XFCE desktop
environment." ⌘ [Read more](https://lwn.net/Articles/957221/) 2024-01-09T15:21:12Z **Shaw: Python 3.13 gets a JIT**
Anthony Shaw [describes\
the new copy-and-patch JIT](https://tonybaloney.github.io/posts/python-gets-a-jit.html) that has been proposed for Python 3.13.

> Copy-and-patch was selected because the compilation from bytecodes
> to machine code is done as a set of “templates” that are then
> stitched together and patched at runtime with the correct
> values. This means that your average Python user isn’t running this
> complex JIT compiler architecture inside their Python
> runtime. Python writing it’s ow ... ⌘ [Read more](https://lwn.net/Articles/957239/) 2024-01-09T16:53:29Z **Leemhuis: Regression tracking: state of the union early 2024**
Thorsten Leemhuis [writes\
about his plans](https://linux-regtracking.leemhuis.info/post/status-jan2024/) for improving the kernel's regression handling in the
coming year.

> Top-priority will be "make regzbot more useful for kernel subsystem
> maintainers" from now on. My tracking efforts of course will
> continue, but everything except regressions in the current and the
> previous mainline cycle might not see much attention from my
> side. This refocusing also means t ... ⌘ [Read more](https://lwn.net/Articles/957252/) 2024-01-09T17:05:54Z **The OpenWrt One project**
OpenWrt developer John Crispin [says](https://lwn.net/ml/openwrt-devel/a8aaa495-da0b-4ddc-8c4f-3e1192d8b012@phrozen.org/):
"In 2024 the OpenWrt project turns 20 years! Let's celebrate this
anniversary by launching our own first and fully upstream supported
hardware design." The rest of the message describes the proposed
OpenWrt-native network-routing system, based [Banana Pi](https://www.banana-pi.org/) boards; the project is
being organized through the Software Freedom Conservancy. (Thanks to Dave
Täht). ⌘ [Read more](https://lwn.net/Articles/957255/) 2024-01-09T19:32:58Z **Vcc: a Clang compiler for Vulkan**
The Vcc compiler [has been\
announced](https://xol.io/blah/introducing-vcc/).

> It’s exactly what the name implies: a clang-based compiler that
> outputs code that runs on Vulkan.
>
> Vcc can be thought of as a GLSL and HLSL competitor, but the true
> intent of this project is to retire the concept of shading
> languages entirely. Unlike existing shading languages, Vcc makes a
> honest attempt to bring the entire C/C++ language family to Vulkan,
> which means implementing a number of previously unsee ... ⌘ [Read more](https://lwn.net/Articles/957269/) 2024-01-10T00:08:36Z **[$] The odd saga of CVE-2012-5639**
A new [release](https://openoffice.apache.org/blog/announcing-apache-openoffice-4-1-15.html)
for any project with a fix for a 12-year old CVE is going to stand
out pretty
obviously; a recent release has a fix of that nature, but the trail of [CVE-2012-5639](https://www.cve.org/CVERecord?id=CVE-2012-5639) is
rather elusive. The [Apache\
OpenOffice](https://openoffice.apache.org/) project made its [4.1.15\
release](https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.15+Release+Notes) with fixes ... ⌘ [Read more](https://lwn.net/Articles/957219/) 2024-01-10T14:52:39Z **Security updates for Wednesday**
Security updates have been issued by **Fedora** (libssh), **Gentoo** (FAAD2 and RedCloth), **Red Hat** (kpatch-patch and nss), **SUSE** (hawk2, LibreOffice, opera, and tar), and **Ubuntu** (glibc, golang-1.13, golang-1.16, linux-azure, linux-gkeop, monit, and postgresql-9.5). ⌘ [Read more](https://lwn.net/Articles/957340/) 2024-01-10T16:03:44Z **Stable kernel 4.14.336**
The [4.14.336](https://lwn.net/Articles/957350/) stable kernel update has been
released with a small handful of fixes; this is the end of the line for the
4.14 stable series:

> This is the LAST 4.14.y kernel to be released. It is now
> officially end-of-life. Do NOT use this kernel version anymore,
> please move to a newer one, as shown on the kernel.org releases
> page.
>
> All users of the 4.14 kernel series must upgrade. But then, move
> to a newer release. If you are stuck at this version due to a
> vend ... ⌘ [Read more](https://lwn.net/Articles/957351/) 2024-01-10T23:32:46Z **[$] Notes on Emacs Org mode**
As part of my quest to [master Emacs](https://lwn.net/Articles/942962/), which
is sort of a sub-quest on the way toward learning more about Lisp, I have
spent a fair amount of time discovering various corners of the Emacs
world. One of those is the famous " [Org\
mode](https://orgmode.org/)" that is used for a wide variety of organizational tasks within
the editor—and not just Emacs, but [for Vim](https://github.com/jceb/vim-orgmode) and others too.
Org mode can be
used for to-do lists, notes with interconn ... ⌘ [Read more](https://lwn.net/Articles/957316/) 2024-01-11T00:16:39Z **[$] LWN.net Weekly Edition for January 11, 2024**
The LWN.net Weekly Edition for January 11, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/956868/) 2024-01-11T14:29:40Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium), **Fedora** (chromium, python-paramiko, tigervnc, and xorg-x11-server), **Oracle** (ipa, libxml2, python-urllib3, python3, and squid), **Red Hat** (.NET 6.0, .NET 7.0, .NET 8.0, container-tools:4.0, fence-agents, frr, gnutls, idm:DL1, ipa, kernel, kernel-rt, libarchive, libxml2, nss, openssl, pixman, python-urllib3, python3, tigervnc, tomcat, and virt:rhel and virt-devel:rhel modules), **SUSE** (gstreamer-plugins-bad), and **Ubuntu** (firefox, Go, ... ⌘ [Read more](https://lwn.net/Articles/958029/) 2024-01-11T15:09:58Z **[$] The kernel "closure" API**
The data structure known as a "closure" first found its way into the
mainline kernel with the addition of [bcache](https://bcache.evilpiepirate.org/) in the 3.10 development
cycle. With the advent of [bcachefs](https://bcachefs.org/) in
6.7, though, it acquired a second user and was moved to the kernel's
lib directory, making it available to other kernel users as well.
The documentation of closures in the source is better than that of many
things in the kernel, but there is still room for a gentler introdu ... ⌘ [Read more](https://lwn.net/Articles/957187/) 2024-01-11T15:20:23Z **OpenSSH announces DSA-removal timeline**
For those of you still using DSA keys with SSH: the project has announced
its plans to remove support for that algorithm around the beginning of
2025.

> The only remaining use of DSA at this point should be deeply legacy
> devices. As such, we no longer consider the costs of maintaining
> DSA in OpenSSH to be justified. Moreover, we hope that OpenSSH's
> final removal of this insecure algorithm accelerates its
> deprecation in other SSH implementations and allows maintainers of
> cryptograp ... ⌘ [Read more](https://lwn.net/Articles/958048/) 2024-01-12T14:04:06Z **Security updates for Friday**
Security updates have been issued by **Debian** (kernel, linux-5.10, php-phpseclib, php-phpseclib3, and phpseclib), **Fedora** (openssh and tinyxml), **Gentoo** (FreeRDP and Prometheus SNMP Exporter), **Mageia** (packages), **Red Hat** (openssl), **SUSE** (gstreamer-plugins-rs and python-django-grappelli), and **Ubuntu** (dotnet6, dotnet7, dotnet8, openssh, and xerces-c). ⌘ [Read more](https://lwn.net/Articles/958124/) 2024-01-12T14:53:41Z **Information on the SourceHut outage**
Users of SourceHut will have noticed that the site has been unreachable;
Drew DeVault has now [posted a report on\
what is happening](https://outage.sr.ht/) (it's a distributed denial-of-service attack) and
what is being done to recover.

> We deal with ordinary DDoS attacks in the normal course of
> operations, and we are generally able to mitigate them on our
> end. However, this is not an ordinary DDoS attack; the attacker
> posesses considerable resources and is operating at a scale beyond
> ... ⌘ [Read more](https://lwn.net/Articles/958125/) 2024-01-12T15:12:36Z **[$] The first half of the 6.8 merge window**
The 6.8 merge window has gotten off to a relatively slow start; reasons for
that include a significant scheduler performance regression that Linus
Torvalds [stumbled\
into](https://lwn.net/ml/linux-kernel/CAHk-=wgWcYX2oXKtgvNN2LLDXP7kXkbo-xTfumEjmPbjSer2RQ@mail.gmail.com/) and has spent time tracking down. Even so, 4,282 non-merge
changesets have found their way into the mainline repository for the 6.8
release as of this writing. These commits have brought a number of
significant changes and ... ⌘ [Read more](https://lwn.net/Articles/957188/) 2024-01-12T20:05:21Z **Linux Mint 21.3 “Virginia” released**
The [Linux Mint](https://linuxmint.com/) distribution has [announced](https://blog.linuxmint.com/?p=4624) the release of [Linux Mint 21.3](https://www.linuxmint.com/rel_virginia_whatsnew.php), which is codenamed "Virginia". It has the [Cinnamon](https://projects.linuxmint.com/cinnamon/) 6.0 desktop, "comes with full support for SecureBoot and compatibility with a wider variety of BIOS and EFI implementation", has added new features to the [Hypnotix](https://github.com/linuxmint/hypnotix) TV-viewer a ... ⌘ [Read more](https://lwn.net/Articles/958162/) 2024-01-12T22:00:55Z **Stable kernel 5.10.207**
The [5.10.207](https://lwn.net/Articles/958173/) stable kernel update has been
released; it consists entirely of a handful of reverts of SCSI patches. ⌘ [Read more](https://lwn.net/Articles/958174/) 2024-01-15T14:05:20Z **Security updates for Monday**
Security updates have been issued by **CentOS** (bind, cups, curl, firefox, ipa, iperf3, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, linux-firmware, open-vm-tools, openssh, postgresql, python, python3, squid, thunderbird, tigervnc, and xorg-x11-server), **Fedora** (chromium, python-flask-security-too, and tkimg), **Gentoo** (libgit2, Opera, QPDF, and zlib), **Mageia** (chromium-browser-stable, gnutls, openssh, packages, and vlc), **Oracle** (.NET 6.0, fence-agents, frr, ipa, kernel, nss, pixman, a ... ⌘ [Read more](https://lwn.net/Articles/958315/) 2024-01-15T14:05:20Z **Security updates for Monday**
Security updates have been issued by **CentOS** (bind, cups, curl, firefox, ipa, iperf3, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, linux-firmware, open-vm-tools, openssh, postgresql, python, python3, squid, thunderbird, tigervnc, and xorg-x11-server), **Fedora** (chromium, python-flask-security-too, and tkimg), **Gentoo** (libgit2, Opera, QPDF, and zlib), **Mageia** (chromium-browser-stable, gnutls, openssh, packages, and vlc), **Oracle** (.NET 6.0, fence-agents, frr, ipa, kernel, nss, pixman, a ... ⌘ [Read more](https://lwn.net/Articles/958315/) 2024-01-15T15:09:00Z **[$] Rust and C filesystem APIs**
As the [Rust-for-Linux project](https://rust-for-linux.com/)
advances, the kernel is gradually
accumulating abstraction layers that enable Rust code to interface with the
existing C code. As the discussion around the set of [filesystem\
abstractions](https://lwn.net/ml/linux-fsdevel/20231018122518.128049-1-wedsonaf@gmail.com/) posted by Wedson Almeida Filho in December shows, though,
there is some tension between two approaches to the design of those
abstractions. The approach favored by most of the kern ... ⌘ [Read more](https://lwn.net/Articles/958072/) 2024-01-15T15:21:40Z **OpenSUSE Leap 16 is coming**
The openSUSE project has [confirmed](https://news.opensuse.org/2024/01/15/clear-course-is-set-for-os-leap/)
that there will be a successor to openSUSE Leap 15, but is not sharing
a lot of details at this point.

> The transition to Leap 16 is not just a numerical step-up but
> symbolizes a significant path forward in technology and user
> experiences. The future of openSUSE Leap is based on the innovative
> concept of SUSE’s Adaptable Linux Platform.
>
> The Adaptable Linux Platform powers the next-genera ... ⌘ [Read more](https://lwn.net/Articles/958319/) 2024-01-15T15:16:39Z **Stawinski: How We Executed a Critical Supply Chain Attack on PyTorch**
John Stawinski IV [describes](https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/),
in detail, how he and a partner were able to compromise the security of the
heavily used PyTorch project.

> Our exploit path resulted in the ability to upload malicious
> PyTorch releases to GitHub, upload releases to AWS, potentially add
> code to the main repository branch, backdoor PyTorch dependencies –
> the list g ... ⌘ [Read more](https://lwn.net/Articles/958318/) 2024-01-15T19:02:46Z **A new crop of stable kernels**
The [6.6.12](https://lwn.net/Articles/958342/), [6.1.73](https://lwn.net/Articles/958343/), [5.15.147](https://lwn.net/Articles/958344/), [5.10.208](https://lwn.net/Articles/958345/), [5.4.267](https://lwn.net/Articles/958346/), and [4.19.305](https://lwn.net/Articles/958347/) stable kernels have been
released. They contain a relatively small number of important fixes. ⌘ [Read more](https://lwn.net/Articles/958341/) 2024-01-16T14:58:33Z **Security updates for Tuesday**
Security updates have been issued by **Gentoo** (KTextEditor, libspf2, libuv, and Nettle), **Mageia** (hplip), **Oracle** (container-tools:4.0, gnutls, idm:DL1, squid, squid34, and virt:ol, virt-devel:rhel), **Red Hat** (.NET 6.0, krb5, python3, rsync, and sqlite), **SUSE** (chromium, perl-Spreadsheet-ParseXLSX, postgresql, postgresql15, postgresql16, and rubygem-actionpack-5\_1), and **Ubuntu** (binutils, libspf2, libssh2, mysql-5.7, w3m, webkit2gtk, and xerces-c). ⌘ [Read more](https://lwn.net/Articles/958416/) 2024-01-16T16:20:56Z **A glitch in the merge window**
On January 13, Linus Torvalds [let\
it be known](https://lwn.net/ml/linux-kernel/CAHk-=wjMWpmXtKeiN__vnNO4TcttZR-8dVvd_oBq+hjeSsWUwg@mail.gmail.com/) that he had lost power due to the bad weather in the US
Pacific Northwest. As of this writing, he has not yet resurfaced, so the
6.8 merge window has ground to a halt.

> There's apparently about 100k people without power, and I doubt our
> neighborhood is the priority, so I expect to be without power for
> some time still. I hope I'm wrong, but a few years ... ⌘ [Read more](https://lwn.net/Articles/958424/) 2024-01-16T22:32:54Z **Wine 9.0 released**
[Version\
9.0](https://gitlab.winehq.org/wine/wine/-/releases/wine-9.0) of the Wine Windows-compatibility system has been released.
"This release represents a year of development effort and over 7,000
individual changes. It contains a large number of improvements that are
listed below. The main highlights are the new WoW64 architecture and the
experimental Wayland driver." ⌘ [Read more](https://lwn.net/Articles/958443/) 2024-01-17T01:58:55Z **[$] Julia v1.10: Performance, a new parser, and more**
The new year arrived bearing a new version of [Julia](http://julialang.org/), a general-purpose, open-source
programming language
with a [focus on high-performance\
scientific computing](https://lwn.net/Articles/834571/).
Some of Julia's unusual features are Lisp-inspired
metaprogramming, the ability to examine compiled representations of code in
the REPL or in a " [reactive\
notebook](https://lwn.net/Articles/835930/)", an advanced type and dispatch system, and a sophisticated,
bui ... ⌘ [Read more](https://lwn.net/Articles/958337/) 2024-01-17T15:00:23Z **Security updates for Wednesday**
Security updates have been issued by **Fedora** (zabbix), **Gentoo** (OpenJDK), **Red Hat** (kernel), **Slackware** (gnutls and xorg), **SUSE** (cloud-init, kernel, xorg-x11-server, and xwayland), and **Ubuntu** (freeimage, postgresql-10, and xorg-server, xwayland). ⌘ [Read more](https://lwn.net/Articles/958497/) 2024-01-17T19:52:19Z **Kicinski: netdev in 2023**
Networking maintainer Jakub Kicinski (along with several collaborators) has
put up [a summary of\
what happened in the kernel's network stack](https://people.kernel.org/kuba/netdev-in-2023) during 2023.

> Throughout those releases netdev patch handlers (DaveM, Jakub,
> Paolo) applied 7243 patches, and the resulting pull requests to
> Linus described the changes in 6398 words. Given the volume of work
> we cannot go over every improvement, or even cover networking
> sub-trees in much detail (BPF enhancemen ... ⌘ [Read more](https://lwn.net/Articles/958518/) 2024-01-17T20:13:24Z **Please welcome Daroc Alden**
When, at the beginning of November, we posted [an open position at LWN](https://lwn.net/Articles/949461/), we were only so
hopeful; experience has shown that finding writers who are both capable of
and interested in writing our sort of material is a challenging task. This
time, though, hope was justified: we got a surprising number of
applications from highly qualified applicants. The hardest part of the
task has, instead, been narrowing down the choice to a hiring decision.

We are pleased to announce that ... ⌘ [Read more](https://lwn.net/Articles/958444/) 2024-01-17T20:32:28Z **[$] Growing pains for typing in Python**
Python's static-typing feature has come a long way since it was [introduced in 2014](https://lwn.net/Articles/627418/). Adding type
information to functions has always been—and will remain—optional, but typing
still remains somewhat contentious. There are multiple kinds of
consumers of the information, each with their own needs and
wishes, as well as users of the feature with expectations of their own. That has
led to the formation of a [Python typing council](https://github.com/python/typing-cou ... ⌘ [Read more](https://lwn.net/Articles/958326/) 2024-01-18T00:55:05Z **[$] LWN.net Weekly Edition for January 18, 2024**
The LWN.net Weekly Edition for January 18, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/958030/) 2024-01-18T17:41:34Z **Security updates for Thursday**
Security updates have been issued by **CentOS** (ImageMagick), **Debian** (chromium), **Fedora** (golang-x-crypto, golang-x-mod, golang-x-net, golang-x-text, gtkwave, redis, and zbar), **Mageia** (tinyxml), **Oracle** (.NET 7.0, .NET 8.0, java-1.8.0-openjdk, java-11-openjdk, python3, and sqlite), **Red Hat** (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-21-openjdk), **SUSE** (kernel, libqt5-qtbase, libssh, pam, rear23a, and rear27a), and **Ubuntu** (pam and zo ... ⌘ [Read more](https://lwn.net/Articles/958676/) 2024-01-18T17:57:53Z **[$] Improved code generation in the CPython JIT**
Ken Jin from the
[Faster CPython](https://lwn.net/Articles/931197/)
project has been working on
taking Python's
[recently-added just-in-time (JIT) compiler](https://github.com/python/cpython/pull/113465)
further by adding
[support for a peephole optimizer](https://github.com/Fidget-Spinner/cpython_optimization_notes/blob/main/3.13/uops_optimizer.md)
that rewrites the JIT's intermediate representation to introduce
constant folding, type specialization, and other optimizations.
Those techn ... ⌘ [Read more](https://lwn.net/Articles/958350/) 2024-01-18T19:29:00Z **Villa: Will the new judicial ruling in the Vizio lawsuit strengthen the GPL?**
Luis Villa [writes\
about the recent ruling](https://blog.tidelift.com/will-the-new-judicial-ruling-in-the-vizio-lawsuit-strengthen-the-gpl) in the Software Freedom Conservancy's
GPL-violation lawsuit against Vizio, wherein the judge refused to agree
that the SFC lacks standing to sue.

> In some sense, not much has changed: if you were obligated to
> comply with the GPL two weeks ago, you have the same obligations
> today. If you didn’t have obligations th ... ⌘ [Read more](https://lwn.net/Articles/958682/) 2024-01-19T14:56:43Z **Clarifying Misunderstandings of Slowroll (openSUSE News)**
The openSUSE News site has put up [a\
brief article](https://news.opensuse.org/2024/01/19/clarifying-misunderstandings-of-slowroll/) on how Slowroll fits into the spectrum of openSUSE
distributions.

> The idea behind Slowroll is to offer a distribution that improves
> stability without losing access to new features in the base
> packages such as the kernel, desktop environments and
> packaging. These slower update cycles allow for more extensive
> testing and validation of ... ⌘ [Read more](https://lwn.net/Articles/958759/) 2024-01-19T14:55:54Z **Security updates for Friday**
Security updates have been issued by **Fedora** (chromium, golang-github-facebook-time, podman, and xorg-x11-server-Xwayland), **Oracle** (.NET 6.0, java-1.8.0-openjdk, java-11-openjdk, and python3.11-cryptography), **Red Hat** (java-11-openjdk, python-requests, and python-urllib3), **SUSE** (chromium, kernel, libcryptopp, libuev, perl-Spreadsheet-ParseExcel, suse-module-tools, and xwayland), and **Ubuntu** (filezilla and xerces-c). ⌘ [Read more](https://lwn.net/Articles/958760/) 2024-01-19T15:14:11Z **[$] mseal() gets closer**
The [proposed mseal() system call](https://lwn.net/Articles/948129/)
stirred up some controversy when it was first posted in October 2023.
Since then, it has been evolving in a quieter fashion, and seems to have
reached a point where the relevant commenters are willing to accept it.
Should mseal() be merged in a future development cycle, it will
look rather different than it did at the outset. ⌘ [Read more](https://lwn.net/Articles/958438/) 2024-01-19T16:39:31Z **Dave Mills RIP**
Internet pioneer and Network Time Protocol (NTP) inventor Dave Mills has died, as [reported by Vint Cerf](https://elists.isoc.org/pipermail/internet-history/2024-January/009265.html):

> His daughter, Leigh, just sent me the news that Dave passed away peacefully
> on January 17, 2024. He was such an iconic element of the early Internet.
> Network Time Protocol, the Fuzzball routers of the early NSFNET, INARG
> taskforce lead, COMSAT Labs and University of Delaware and so much more.

More information about Mills can be f ... ⌘ [Read more](https://lwn.net/Articles/958781/) 2024-01-19T20:20:54Z **SourceHut outage post-mortem**
SourceHut has published
[a post-mortem](https://sourcehut.org/blog/2024-01-19-outage-post-mortem/) of its
[outage earlier this month](https://lwn.net/Articles/958125/).
The post-mortem covers the causes of the outage and what steps SourceHut
took to mitigate it, ending by saying:

> As unfortunate as these events were, we welcome opportunities to stress-test
> our emergency procedures; we found them to be compatible with our objectives
> for the alpha and we learned a lot of ways to improve our reliabili ... ⌘ [Read more](https://lwn.net/Articles/958794/) 2024-01-19T20:15:53Z **[$] Jujutsu: a new, Git-compatible version control system**
[Jujutsu](https://github.com/martinvonz/jj) is a Git-compatible
distributed version control system originally started as a hobby project by
Martin von Zweigbergk in 2019. It is intended to be a simpler, more performant
Git replacement. Jujutsu boasts a radically simplified user interface and integrates
ideas from patch-based version control systems for a novel take on resolving
merge conflicts. It is written in Rust and available under an Apache 2.0 license. ⌘ [Read more](https://lwn.net/Articles/958468/) 2024-01-20T17:00:16Z **Some weekend stable kernel updates**
The
[6.7.1](https://lwn.net/Articles/958861/),
[6.6.13](https://lwn.net/Articles/958862/), and
[6.1.74](https://lwn.net/Articles/958863/)
stable kernel updates have been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/958860/) 2024-01-22T00:47:05Z **Kernel prepatch 6.8-rc1**
The [6.8-rc1](https://lwn.net/Articles/958944/) kernel prepatch is out for
testing.

> So this wasn't the most pleasant merge window, but most of the
> unpleasantness was entirely unrelated to the code base and almost
> entirely related to nasty weather. Just a few technical
> hiccups. And after a very big 6.7 release, 6.8 looks to actually be
> smaller than average, although not really all that significantly
> so. ⌘ [Read more](https://lwn.net/Articles/958945/) 2024-01-22T14:36:35Z **Security updates for Monday**
Security updates have been issued by **Debian** (keystone and subunit), **Fedora** (dotnet6.0, golang, kernel, sos, and tigervnc), **Mageia** (erlang), **Red Hat** (openssl), **SUSE** (bluez, python-aiohttp, and seamonkey), and **Ubuntu** (postfix and xorg-server). ⌘ [Read more](https://lwn.net/Articles/959006/) 2024-01-22T17:20:31Z **[$] The rest of the 6.8 merge window**
Linus Torvalds was able to release [6.8-rc1](https://lwn.net/ml/linux-kernel/CAHk-=wiB4iHTtfZKiy5pC24uOjun4fbj4kSX0=ZnGsOXadMf6g@mail.gmail.com/)
and close the 6.8 merge window on time despite losing power to his home for
most of a week. He noted that this merge window is "maybe a bit smaller
than usual", but 12,239 non-merge changesets found their way into the
mainline, so it's not _that_ small. About 8,000 of those changes were
merged since [the first-half summary](https://lwn.net/Articles/957188 ... ⌘ [Read more](https://lwn.net/Articles/958178/) 2024-01-23T14:48:53Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (kodi and squid), **Fedora** (ansible-core, java-latest-openjdk, mingw-python-jinja2, openssh, and pgadmin4), **Gentoo** (Apache XML-RPC), **Red Hat** (gnutls and xorg-x11-server), **Slackware** (postfix), **SUSE** (bluez and openssl-3), and **Ubuntu** (gnutls28, libssh, and squid). ⌘ [Read more](https://lwn.net/Articles/959127/) 2024-01-23T16:21:50Z **Firefox 122.0 released**
[Version\
122.0](https://www.mozilla.org/en-US/firefox/122.0/releasenotes/) of the Firefox browser it out. Changes include improved search
suggestions, improvements to the [in-browser\
translation feature](https://support.mozilla.org/en-US/kb/website-translation), better line-breaking compatibility, and a shiny
new .deb package. ⌘ [Read more](https://lwn.net/Articles/959163/) 2024-01-23T22:51:14Z **[$] Microdot: a web framework for microntrollers**
There are many different Python [web frameworks](https://wiki.python.org/moin/WebFrameworks), from
nano-frameworks all the way up to the full-stack variety. One that
recently caught my eye is [Microdot](https://github.com/miguelgrinberg/microdot), the
"impossibly small web framework for Python and MicroPython"; since
it
targets [MicroPython](https://micropython.org/), it is
plausible for running the user
interface of an "internet of things" (IoT) device, for example. Beyond
that, it is ... ⌘ [Read more](https://lwn.net/Articles/959067/) 2024-01-24T14:46:13Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (jinja2, openjdk-11, ruby-httparty, and xorg-server), **Fedora** (ansible-core and mingw-jasper), **Gentoo** (GOCR, Ruby, and sudo), **Oracle** (gstreamer-plugins-bad-free, java-17-openjdk, java-21-openjdk, python-cryptography, and xorg-x11-server), **Red Hat** (kernel, kernel-rt, kpatch-patch, LibRaw, python-pillow, and python-pip), **Slackware** (mozilla), **SUSE** (python-Pillow, rear118a, and redis7), and **Ubuntu** (libapache-session-ldap-perl and pycr ... ⌘ [Read more](https://lwn.net/Articles/959325/) 2024-01-24T22:19:14Z **[$] Python, packaging, and pip—again**
Python packaging discussions seem like they often just go around and
around, ending up where they started and recapitulating many of the points that
have come up before. A recent discussion revolves around the [pip](https://pip.pypa.io/en/stable/) package installer, as they
often do. The central role that is occupied by pip has both
good points and bad. There is a clear need for _something_ that
can install from the [Python Package Index](https://pypi.org/)
(PyPI) immediately after Python itself is ... ⌘ [Read more](https://lwn.net/Articles/959236/) 2024-01-25T00:23:52Z **[$] LWN.net Weekly Edition for January 25, 2024**
The LWN.net Weekly Edition for January 25, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/958597/) 2024-01-25T14:18:02Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium, firefox-esr, php-phpseclib, phpseclib, thunderbird, and zabbix), **Fedora** (dotnet7.0, firefox, fonttools, and python-jinja2), **Mageia** (avahi and chromium-browser-stable), **Oracle** (java-1.8.0-openjdk, java-11-openjdk, LibRaw, openssl, and python-pillow), **Red Hat** (gnutls, kpatch-patch, php:8.1, and squid:4), **SUSE** (apache-parent, apache-sshd, bluez, cacti, cacti-spine, erlang, firefox, java-11-openjdk, opera, python-Pillow, tomcat, to ... ⌘ [Read more](https://lwn.net/Articles/959455/) 2024-01-25T15:10:41Z **GCC security features from AdaCore**
The AdaCore blog [describes\
some hardening features](https://blog.adacore.com/adacore-enhances-gcc-security-with-innovative-features) contributed to GCC for the GCC 14 release.

> With -fharden-control-flow-redundancy, the compiler now verifies,
> at the end of functions, whether the traversed basic blocks align
> with a legitimate execution path. The purpose of this protective
> measure is to detect and thwart attacks attempting to infiltrate
> the middle of functions, thereby enhancing the ove ... ⌘ [Read more](https://lwn.net/Articles/959461/) 2024-01-25T15:53:59Z **[$] The things nobody wants to pay for**
The free-software community has managed to build a body of software that is
worth, by most estimates, many billions of dollars; all of this code is
freely available to anybody who wants to use or modify it. It is an
unparalleled example of independent actors working cooperatively on a
common resource. Free software is certainly a success story, but all is
not perfect. One of the community's greatest strengths — convincing
companies to contribute to this common resource — is also part of one of
it ... ⌘ [Read more](https://lwn.net/Articles/959069/) 2024-01-26T00:22:53Z **Seven new stable kernels**
Greg Kroah-Hartman has announced the release of the [6.7.2](https://lwn.net/Articles/959511/), [6.6.14](https://lwn.net/Articles/959512/),
[6.1.75](https://lwn.net/Articles/959513/), [5.15.148](https://lwn.net/Articles/959514/), [5.10.209](https://lwn.net/Articles/959515/), [5.4.268](https://lwn.net/Articles/959516/), and [4.19.306](https://lwn.net/Articles/959517/) stable kernels. As usual, they
contain a long list of fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/959509/) 2024-01-26T14:49:04Z **Security updates for Friday**
Security updates have been issued by **Debian** (xorg-server), **Fedora** (chromium, dotnet8.0, firefox, freeipa, and thunderbird), **Red Hat** (avahi, c-ares, curl, edk2, expat, freetype, frr, git, gnutls, grub2, kernel, kernel-rt, libcap, libfastjson, libssh, libtasn1, libxml2, linux-firmware, ncurses, oniguruma, openssh, openssl, perl-HTTP-Tiny, protobuf-c, python-urllib3, python3, python3.9, rpm, samba, shadow-utils, sqlite, tcpdump, tomcat, and virt:rhel and virt-devel:rhel modules), **SUSE** (cpio, ja ... ⌘ [Read more](https://lwn.net/Articles/959640/) 2024-01-26T15:41:49Z **[$] Better handling of integer wraparound in the kernel**
While the mathematical realm of numbers is infinite, computers are only
able to represent a finite subset of them. That can lead to problems when
arithmetic operations would create numbers that the computer is unable to
store as the intended type. This condition, called "overflow" or
"wraparound" depending on the
context, can be the source of bugs, including unpleasant security
vulnerabilities, so it is worth avoiding. [This patch\
series](https://lwn.net/ml/linux-kernel/20240122 ... ⌘ [Read more](https://lwn.net/Articles/959189/) 2024-01-29T02:03:48Z **Kernel prepatch 6.8-rc2**
Linus has released [6.8-rc2](https://lwn.net/Articles/959814/) for testing.
"So go out and test. It's safe now. You trust me, right?" ⌘ [Read more](https://lwn.net/Articles/959815/) 2024-01-29T16:04:55Z **Security updates for Monday**
Security updates have been issued by **CentOS** (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, kernel, LibRaw, python-pillow, and xorg-x11-server), **Debian** (gst-plugins-bad1.0, libspreadsheet-parsexlsx-perl, mariadb-10.3, and slurm-wlm), **Fedora** (atril, dotnet8.0, gnutls, prometheus-podman-exporter, python-jinja2, sudo, and vips), **Oracle** (frr, kernel, php:8.1, python-urllib3, python3.9, rpm, sqlite, and tomcat), **Slackware** (pam), **SUSE** (cpio, rear23a, rear27a, sevctl, and ... ⌘ [Read more](https://lwn.net/Articles/959882/) 2024-01-29T17:22:55Z **[$] Defining the Rust 2024 edition**
In December, the Rust project released
[a call for proposals](https://blog.rust-lang.org/2023/12/15/2024-Edition-CFP.html) for inclusion in the 2024 edition. Rust handles
backward incompatible changes by using
[Editions](https://doc.rust-lang.org/edition-guide/editions/),
which permit projects to specify a single stable edition for their code
and allow libraries written
in different editions to be linked together. Proposals for Rust 2024 are
now in, and have until the end of February to be debated an ... ⌘ [Read more](https://lwn.net/Articles/958792/) 2024-01-30T14:26:48Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (pillow, postfix, and redis), **Fedora** (python-templated-dictionary and selinux-policy), **Red Hat** (gnutls, kpatch-patch, libssh, and tomcat), and **Ubuntu** (amanda, ceph, linux-azure, linux-azure-4.15, linux-kvm, and tinyxml). ⌘ [Read more](https://lwn.net/Articles/960008/) 2024-01-30T16:01:13Z **The state of eBPF**
The eBPF Foundation has published a glossy document called [The\
State of eBPF](https://www.linuxfoundation.org/hubfs/eBPF/The_State_of_eBPF.pdf); it seems mostly concerned with how a small number of
large companies are using and developing this technology.

> No doubt, eBPF will become the new layer in the new cloud native
> infrastructure stack, impacting the observability, performance,
> reliability, networking, and security of all applications,
> supporters say. Platform engineers will cobble together
> eBPF- ... ⌘ [Read more](https://lwn.net/Articles/960036/) 2024-01-30T21:29:34Z **[$] Looking ahead to Emacs 30**
[EmacsConf 2023](https://emacsconf.org/2023/) was, like its
recent predecessors, an online conference with lots of talks about various
aspects of the [Emacs\
editor](https://www.gnu.org/software/emacs/)—though, of course, it is way more than just an editor. Last year's
edition was held in early December. One of the
talks that looked interesting was [on Emacs\
development](https://emacsconf.org/2023/talks/devel/), which was given live by John Wiegley. In it, he briefly
described some
of the biggest feature ... ⌘ [Read more](https://lwn.net/Articles/959931/) 2024-01-31T14:33:12Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (bind9 and glibc), **Fedora** (ncurses), **Gentoo** (containerd, libaom, and xorg-server, xwayland), **Mageia** (python-pillow and zlib), **Oracle** (grub2 and tomcat), **Red Hat** (avahi, c-ares, container-tools:3.0, curl, firefox, frr, kernel, kernel-rt, kpatch-patch, libfastjson, libmicrohttpd, linux-firmware, oniguruma, openssh, perl-HTTP-Tiny, python-pip, python-urllib3, python3, rpm, samba, sqlite, tcpdump, thunderbird, tigervnc, and virt:rhel and vir ... ⌘ [Read more](https://lwn.net/Articles/960248/) 2024-01-31T16:25:44Z **A locally exploitable glibc vulnerability**
Qualys has [disclosed](https://lwn.net/ml/oss-security/20240130183113.GA16546@localhost.localdomain/)
a vulnerability in the GNU C Library that can be exploited by a local
attacker for root access. It was introduced in the 2.37 release, and also
backported to 2.36.

> For example, we confirmed that Debian 12 and 13, Ubuntu 23.04 and
> 23.10, and Fedora 37 to 39 are vulnerable to this buffer
> overflow. Furthermore, we successfully exploited an up-to-date,
> default installation of Fedora 38 ... ⌘ [Read more](https://lwn.net/Articles/960289/) 2024-01-31T19:46:44Z **[$] OpenBSD system-call pinning**
[Return-oriented programming](https://en.wikipedia.org/wiki/Return-oriented_programming) (ROP) attacks are hard to defend against.
Partial mitigations such as address-space layout randomization, stack
canaries, and other techniques are commonly deployed to try and frustrate
ROP attacks. Now, OpenBSD is experimenting with a new
mitigation that makes it harder for attackers to make system
calls, although some security researchers have expressed doubt that it will
prove effective at stopping real-world att ... ⌘ [Read more](https://lwn.net/Articles/959562/) 2024-01-31T20:41:23Z **LibreOffice 24.2 Community released**
[Version\
24.2](https://blog.documentfoundation.org/blog/2024/01/31/libreoffice-24-2/) of the LibreOffice office suite is available. Changes include
AutoRecovery enabled by default, styling of comments, better floating-table
support, improved accessibility, and more. See [the release\
notes](https://wiki.documentfoundation.org/ReleaseNotes/24.2) for details. ⌘ [Read more](https://lwn.net/Articles/960344/) 2024-01-31T23:41:37Z **GNU C Library 2.39 released**
[Version 2.39](https://lwn.net/ml/libc-alpha/38790850.J2Yia2DhmK@pinacolada/)
of the GNU C Library has been released. Changes include integration with
the [x86 shadow-stack mechanism](https://lwn.net/Articles/926649/), a couple of
new posix\_spawn() variants for working with control groups, [pidfd\_spawn() and\
pidfd\_spawnp()](https://lwn.net/Articles/943022/), the C2X stdbit.h header, the removal
of the libcrypt library, and more. See [the release notes](https://sourceware.org/glibc/wiki/Release/2.39)
for ... ⌘ [Read more](https://lwn.net/Articles/960357/) 2024-02-01T00:57:16Z **[$] LWN.net Weekly Edition for February 1, 2024**
The LWN.net Weekly Edition for February 1, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/959457/) 2024-02-01T13:57:14Z **Security updates for Thursday**
Security updates have been issued by **Debian** (debian-security-support, firefox-esr, openjdk-11, and python-asyncssh), **Fedora** (glibc, python-templated-dictionary, thunderbird, and xorg-x11-server-Xwayland), **Gentoo** (Chromium, Google Chrome, Microsoft Edge and WebKitGTK+), **Red Hat** (firefox, gnutls, libssh, thunderbird, and tigervnc), **SUSE** (mbedtls, rear116, rear1172a, runc, squid, and tinyssh), and **Ubuntu** (glibc and runc). ⌘ [Read more](https://lwn.net/Articles/960436/) 2024-02-01T14:08:19Z **Stable kernels 6.7.3, 6.6.15, and 6.1.76**
The [6.7.3](https://lwn.net/Articles/960440/), [6.6.15](https://lwn.net/Articles/960441/), and [6.1.76](https://lwn.net/Articles/960442/) stable kernels have been released.
These contain a large number of important fixes throughout the tree, as is
the norm. ⌘ [Read more](https://lwn.net/Articles/960439/) 2024-02-01T14:53:40Z **Damn Small Linux 2024 released**
A new version of the [Damn Small\
Linux](https://www.damnsmalllinux.org/) distribution has come out with an updated definition of "damn
small":

> The new goal of DSL is to pack as much usable desktop distribution
> into an image small enough to fit on a single CD, or a hard limit
> of 700MB. This project is meant to service older computers and have
> them continue to be useful far into the future. Such a notion sits
> well with my values. I think of this project as my way of keeping
> otherwise usa ... ⌘ [Read more](https://lwn.net/Articles/960446/) 2024-02-01T16:56:19Z **[$] The hard life of a virtual-filesystem developer**
Filesystem development is not an easy task; the performance demands are
typically high, and the consequences for mistakes usually involve lost data
and irate users. The implementation of a virtual (or "pseudo") filesystem
— a filesystem implemented within the kernel and lacking a normal backing
store — can also be challenging, but for different reasons. A series of
conversations around the eventfs virtual filesystem has turned a spotlight
on the difficulty of creating a virtual files ... ⌘ [Read more](https://lwn.net/Articles/960088/) 2024-02-02T14:09:35Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, man-db, and openjdk-17), **Fedora** (chromium, indent, jupyterlab, kernel, and python-notebook), **Gentoo** (glibc), **Oracle** (firefox, thunderbird, and tigervnc), **Red Hat** (rpm), **SUSE** (cpio, gdb, gstreamer, openconnect, slurm, slurm\_18\_08, slurm\_20\_02, slurm\_20\_11, slurm\_22\_05, slurm\_23\_02, squid, webkit2gtk3, and xerces-c), and **Ubuntu** (imagemagick and xorg-server, xwayland). ⌘ [Read more](https://lwn.net/Articles/960604/) 2024-02-02T14:14:30Z **Phipps: The European regulators listened to the Open Source communities**
Simon Phipps [writes\
on the Open Source Initiative blog](https://blog.opensource.org/the-european-regulators-listened-to-the-open-source-communities/) that the latest version of the
European Cyber Resilience Act is much improved: "As a result of all this
effort from so many people, the final text of the CRA mitigated pretty much
all the risks we had identified to individual developers and to Open Source
foundations." ⌘ [Read more](https://lwn.net/Articles/960606/) 2024-02-02T15:12:43Z **[$] Zig 2024 roadmap**
The [Zig language](https://ziglang.org/) [2024 roadmap](https://www.youtube.com/watch?v=5eL_LcxwwHg)
was presented in a talk last week on
[Zig Showtime](https://zig.show/) (a show covering
Zig news). Andrew Kelley, the benevolent dictator for life of the Zig project,
presented his goals
for the language, largely focusing on compiler performance and continuing
progress toward stabilization for the language. He discussed details of his plan
for incremental compilation, and addressed the sustainability of the project ... ⌘ [Read more](https://lwn.net/Articles/959915/) 2024-02-04T15:46:39Z **Kernel prepatch 6.8-rc3**
The [6.8-rc3](https://lwn.net/Articles/960841/) kernel prepatch is out for
testing. "A slightly larger rc3 that I'd have hoped for, although at
this stage in the release process it's not something that really worries me
yet." ⌘ [Read more](https://lwn.net/Articles/960842/) 2024-02-05T15:04:15Z **Security updates for Monday**
Security updates have been issued by **Debian** (rear, runc, sudo, and zbar), **Fedora** (chromium, grub2, libebml, mingw-python-pygments, and python-aiohttp), **Gentoo** (FreeType, GNAT Ada Suite, Microsoft Edge, NBD Tools, OpenSSL, QtGui, SDDM, Wireshark, and Xen), **Mageia** (dracut, glibc, nss and firefox, openssl, packages, perl, and thunderbird), **Slackware** (libxml2), **SUSE** (java-11-openjdk, java-17-openjdk, perl, python-uamqp, slurm, and xerces-c), and **Ubuntu** (libssh and openssl). ⌘ [Read more](https://lwn.net/Articles/960952/) 2024-02-05T15:36:21Z **[$] The end of tasklets**
A common problem in kernel development is controlling _when_ a
specific task should be done. Kernel code often executes in contexts where
some actions (sleeping, for example, or calling into filesystems) are not
possible. Other actions, while possible, may prevent the kernel from
taking care of a more important task in a timely manner. The kernel
community has developed a number of deferred-execution mechanisms designed
to ensure that every task is handled at the right time. One of those
mechanisms, tasklets, h ... ⌘ [Read more](https://lwn.net/Articles/960041/) 2024-02-05T20:37:25Z **Three new stable kernels**
Greg Kroah-Hartman has announced the release of the [6.7.4](https://lwn.net/Articles/961010/), [6.6.16](https://lwn.net/Articles/961011/),
and [6.1.77](https://lwn.net/Articles/961012/) stable kernels. As usual, they
contain important fixes all over the kernel tree. ⌘ [Read more](https://lwn.net/Articles/961009/) 2024-02-06T14:34:25Z **Security updates for Tuesday**
Security updates have been issued by **CentOS** (firefox, gstreamer1-plugins-bad-free, and tigervnc), **Debian** (ruby-sanitize), **Fedora** (kernel, kernel-headers, qt5-qtwebengine, and runc), **Oracle** (gnutls, kernel, libssh, rpm, runc, and tigervnc), **Red Hat** (runc), and **SUSE** (bouncycastle, jsch, python, and runc). ⌘ [Read more](https://lwn.net/Articles/961083/) 2024-02-06T21:32:37Z **[$] GNU C Library version 2.39**
The GNU C Library (glibc)
[released version 2.39](https://sourceware.org/pipermail/libc-alpha/2024-January/154363.html) on January 31, including
several new features. Notable highlights include new functions for spawning
child processes, support for shadow stacks on x86\_64, new security features, and
the removal of libcrypt. The glibc maintainers had also hoped to include
improvements to qsort(), which ended up not making it into this
release. Glibc releases are made every six months. ⌘ [Read more](https://lwn.net/Articles/960309/) 2024-02-07T14:32:05Z **Security updates for Wednesday**
Security updates have been issued by **Red Hat** (gimp) and **Ubuntu** (firefox, linux-oracle, linux-oracle-5.15, and python-django). ⌘ [Read more](https://lwn.net/Articles/961173/) 2024-02-07T16:06:31Z **[$] So you think you understand IP fragmentation?**
What is IP fragmentation, why is it important, and do people understand
it? The answer to that last question is "not as well as they think". This
article will also answer the rest of those
questions and introduce [fragquiz](https://valerieaurora.org/fragquiz.html), a game that I
wrote to allow players to guess how IP packets will behave when they are
too large for the network. As evidence that IP fragmentation is not
well-understood, a room full of networking experts played fragquiz an ... ⌘ [Read more](https://lwn.net/Articles/960913/) 2024-02-07T16:20:47Z **Go 1.22 released**
[Go 1.22](https://go.dev/blog/go1.22), the most recent version of the [Go programming language](https://go.dev/), has been released. It comes with two language changes to for loops: a [fix](https://go.dev/blog/loopvar-preview) for a longstanding "gotcha" with accidentally sharing loop variables between iterations and adding the ability to range over integer values. There are also additions to the standard library, improved performance, and more. See the [release notes](https://go.dev/doc/go1.22) for further informatio ... ⌘ [Read more](https://lwn.net/Articles/961196/) 2024-02-07T19:58:47Z **Please welcome Joe Brockmeier to LWN**
At the beginning of November, we [let it be\
known](https://lwn.net/Articles/949461/) that we were looking to hire a writer/editor to augment the LWN
team. In past attempts, we have found it difficult to attract writers who
could produce the kind of content that LWN readers expect. This time
around, as we have said before, was different; we had a number of
candidates who could have filled the bill and were forced to make some
difficult choices.

While "hire them all" was an attractive idea, it was ... ⌘ [Read more](https://lwn.net/Articles/961116/) 2024-02-08T00:19:11Z **[$] LWN.net Weekly Edition for February 8, 2024**
The LWN.net Weekly Edition for February 8, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/960456/) 2024-02-08T14:40:59Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium), **Red Hat** (gimp, kernel, kernel-rt, and runc), **Slackware** (expat), **SUSE** (libavif), and **Ubuntu** (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,
 linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,
 linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle,
 linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
 linux-bluefield, linux-gkeop, linux-hwe-5.4, ... ⌘ [Read more](https://lwn.net/Articles/961330/) 2024-02-08T15:07:53Z **Glibc becomes a CVE Numbering Authority**
The GNU C Library project [has\
been accepted](https://lwn.net/ml/oss-security/ec94d28c-dbf4-4506-98e3-313c38ae15d5@redhat.com/) as a CVE Numbering Authority (CNA), meaning that the
project is now in control of the CVE numbers assigned to its code.

> As a CNA the glibc security team will be working to improve the
> quality and response time of security advisories and mitigations.
>
> Over the coming months, the glibc security team will define the
> process for the CNA and establish best practi ... ⌘ [Read more](https://lwn.net/Articles/961355/) 2024-02-08T15:09:23Z **[$] Pitchforks for RDSEED**
The generation of random (or, at least, unpredictable) numbers is key to
many security technologies. For this reason, the provision of random data
as a CPU feature has drawn a lot of attention over the years. A proper
hardware-based random-number generator can address the problems that make
randomness hard to obtain in some systems, but only if the manufacturer can
be trusted to not have compromised that generator in some way. A recent
discussion has brought to light a different problem, though: what happens
 ... ⌘ [Read more](https://lwn.net/Articles/961121/) 2024-02-08T15:27:51Z **A new CEO for Mozilla**
Mitchell Baker has [announced](https://blog.mozilla.org/en/mozilla/a-new-chapter-for-mozilla-laura-chambers-expanded-role/)
that she is stepping down from the role of Mozilla CEO, effective
immediately. Laura Chambers will be the new CEO "for the remainder of
the year".

> We’re at a critical juncture where public trust in institutions,
> governments, and the fabric of the internet has reached
> unprecedented lows. There’s a tectonic shift underway as everyone
> battles to own the future of AI. It is Mozilla’s ... ⌘ [Read more](https://lwn.net/Articles/961359/) 2024-02-08T19:53:29Z **Brennan: What's Inside a Linux Kernel Core Dump**
Stephen Brennan [describes\
kernel core dumps](https://blogs.oracle.com/linux/post/whats-inside-a-linux-kernel-core-dump) in excruciating detail.

> Kernel core dumps are complex. They are not simply copies of system
> memory; they contain plenty of extra metadata which is critical to
> understanding their contents. And like any other type of data, the
> design of the file formats can enable lots of flexibility and
> power. However, due to the broad variety of tools out there, the
> ... ⌘ [Read more](https://lwn.net/Articles/961414/) 2024-02-08T20:14:32Z **Google announces 2024 season of docs**
On February 2, Google announced this year's
["Season of Docs"](https://opensource.googleblog.com/2024/02/announcing-google-season-of-docs-2024.html?m=1), a program complementing its Summer of Code program
by providing funding to open source projects to hire technical writers to improve
their documentation. Interested projects have until April 2 to apply.

> Google Season of Docs provides direct grants to open source projects to improve their documentation and gives professional technical writers an ... ⌘ [Read more](https://lwn.net/Articles/961405/) 2024-02-09T14:50:40Z **Security updates for Friday**
Security updates have been issued by **Debian** (webkit2gtk), **Fedora** (atril, chromium, gnutls, python-aiohttp, and webkitgtk), **Gentoo** (libxml2), **Mageia** (gnutls, gpac, kernel, kernel-linus, microcode, pam, and postfix), **Red Hat** (container-tools:2.0, container-tools:3.0, container-tools:4.0, container-tools:rhel8, gimp, libmaxminddb, python-pillow, runc, and unbound), **SUSE** (cosign, netpbm, python, python-Pillow, python3, and python36), and **Ubuntu** (libde265, linux-gcp, linux-gcp-5.4, an ... ⌘ [Read more](https://lwn.net/Articles/961584/) 2024-02-09T14:57:14Z **Rowley: What’s new in the Postgres 16 query planner / optimizer**
David Rowley [looks\
deeply](https://www.citusdata.com/blog/2024/02/08/whats-new-in-postgres-16-query-planner-optimizer/) into the improvements coming to the query planner in
PostgreSQL 16.

> For a long time now, PostgreSQL has been able to remove a LEFT JOIN
> where no column from the left joined table was required in the
> query and the join could not possibly duplicate any rows.
>
> However, in versions prior to PostgreSQL 16, there was no support
> for left join re ... ⌘ [Read more](https://lwn.net/Articles/961545/) 2024-02-09T17:53:51Z **[$] Gnuplot 6 comes with pie**
[Gnuplot](http://gnuplot.info/) 6.0 was [released](http://gnuplot.info/ReleaseNotes_6_0_0.html) in
December 2023, bringing a host of significant improvements and new
capabilities to the open-source graphing tool. Here we survey the major
new features, including
filled contours in 3D, adaptive plotting resolution, watchpoints, clipping
of surfaces, sector plots for making things like pie charts, and new
syntax for conditionals in gnuplot's scripting language. In addition, there
are
detailed examples of the ... ⌘ [Read more](https://lwn.net/Articles/961003/) 2024-02-09T22:19:34Z **Introducing Fedora Atomic Desktops (Fedora Magazine)**
Fedora Magazine has [announced the creation Fedora Atomic Desktops](https://fedoramagazine.org/introducing-fedora-atomic-desktops/): a way of branding Fedora's growing set of rpm-ostree spins. Joseph Gayso wrote "we’ve seen more of our mainline Fedora Linux spins make the jump to offer a version that implements rpm-ostree. It’s reached the point where it can be hard to talk about all of them at the same time. Therefore we’ve introduced a new brand that will serve to simplify how we ... ⌘ [Read more](https://lwn.net/Articles/961653/) 2024-02-09T22:15:56Z **DRM-CI: A GitLab-CI pipeline for Linux kernel testing (Collabora Blog)**
Over on the Collabora blog, Helen Koike [writes](https://www.collabora.com/news-and-blog/blog/2024/02/08/drm-ci-a-gitlab-ci-pipeline-for-linux-kernel-testing/)
about the DRM-CI project for running automated continuous integration (CI)
tests on multiple graphics devices in several different labs. It uses the
[IGT GPU\
tools](https://gitlab.freedesktop.org/drm/igt-gpu-tools) for testing, though there are plans to expand:

> The roadmap for DRM-CI includes enabling ot ... ⌘ [Read more](https://lwn.net/Articles/961655/) 2024-02-11T20:43:26Z **Kernel prepatch 6.8-rc4**
The [6.8-rc4](https://lwn.net/Articles/961763/) kernel prepatch is out for
testing. "Commit counts and contents look normal for this phase of the
release, nothing here really stands out." ⌘ [Read more](https://lwn.net/Articles/961764/) 2024-02-12T14:42:38Z **Security updates for Monday**
Security updates have been issued by **Debian** (libgit2), **Fedora** (chromium, firecracker, libkrun, openssh, python-nikola, runc, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, virtiofsd, webkitgtk, and wireshark), **Mageia** (filezilla and xpdf), **Oracle** (gimp), **Red Hat** (libmaxminddb, linux-firmware, squid:4, and tcpdump), **Sla ... ⌘ [Read more](https://lwn.net/Articles/961842/) 2024-02-12T15:57:00Z **[$] Another runc container breakout**
Once again, [runc](https://github.com/opencontainers/runc)—a tool
for spawning and running OCI containers—is drawing attention due to a [high\
severity container breakout attack](https://lwn.net/ml/oss-security/20240131.201014-manual.rungs.vicious.preface-640Q4W5TLTW7@cyphar.com/). This vulnerability is interesting for
several reasons: its potential for widespread impact, the continued difficulty
in actually _containing_ containers, the dangers of running containers
as a privileged user, and the fac ... ⌘ [Read more](https://lwn.net/Articles/961086/) 2024-02-12T19:27:17Z **FreeBSD phasing out 32-bit platforms**
The FreeBSD Project [has announced that it intends to deprecate 32-bit platforms](https://lists.freebsd.org/archives/freebsd-announce/2024-February/000117.html) "over the next couple of major releases".

> We anticipate FreeBSD 15.0 will not include the armv6, i386, and powerpc platforms, and FreeBSD 16.0 will not include armv7. Support for executing 32-bit binaries on 64-bit kernels will be retained through at least the lifetime of the stable/16 branch if not longer.

The announcement notes that s ... ⌘ [Read more](https://lwn.net/Articles/961871/) 2024-02-13T14:47:39Z **Security updates for Tuesday**
Security updates have been issued by **Fedora** (clamav and virtiofsd), **Oracle** (gimp), **Red Hat** (gnutls and nss), **SUSE** (kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t and squid), and **Ubuntu** (openssl). ⌘ [Read more](https://lwn.net/Articles/961937/) 2024-02-13T14:54:47Z **[$] A look at dynamic linking**
The dynamic linker is a critical component of modern Linux systems, being
responsible for setting up the address space of most processes. While statically
linked binaries have become more popular over time as the tradeoffs that
originally led to dynamic linking become less relevant, dynamic linking is still
the default. This article looks at what steps the dynamic linker takes to
prepare a program for execution. ⌘ [Read more](https://lwn.net/Articles/961117/) 2024-02-13T19:13:10Z **The kernel becomes its own CNA**
Greg Kroah-Hartman has [announced](http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/)
that the kernel project has been accepted as a CVE numbering authority
(CNA). The way that CVE numbers will be handled by the kernel is described
in [this\
documentation patch](https://lwn.net/ml/linux-kernel/2024021314-unwelcome-shrill-690e@gregkh/):

> As part of the normal stable release process, kernel changes that
> are potentially security issues are identified by the developers
> responsible for CVE numb ... ⌘ [Read more](https://lwn.net/Articles/961961/) 2024-02-14T14:09:31Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (bind9 and unbound), **Fedora** (clamav, firecracker, libkrun, rust-event-manager, rust-kvm-bindings, rust-kvm-ioctls, rust-linux-loader, rust-userfaultfd, rust-versionize, rust-vhost, rust-vhost-user-backend, rust-virtio-queue, rust-vm-memory, rust-vm-superio, rust-vmm-sys-util, and virtiofsd), **Red Hat** (.NET 6.0, dotnet6.0, and dotnet7.0), **Slackware** (bind and dnsmasq), and **Ubuntu** (dotnet6, dotnet7, dotnet8, linux-lowlatency, linux-raspi, linux- ... ⌘ [Read more](https://lwn.net/Articles/962077/) 2024-02-14T17:05:48Z **[$] A turning point for CVE numbers**
The [Common Vulnerabilities and\
Exposures](https://cve.mitre.org/) (CVE) system was set up in 1999 as a way to refer
unambiguously to known vulnerabilities in software. That system has found
itself under increasing strain over the years, and numerous projects have
responded by trying to assert greater control over how CVE numbers are
assigned for their code. On February 13, though, a big shoe dropped when
the Linux kernel project [announced](http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/) ... ⌘ [Read more](https://lwn.net/Articles/961978/) 2024-02-14T19:06:34Z **[$] KDE Plasma X11 support gets a reprieve for Fedora 40**
The Fedora Project is working toward the release
of Fedora Linux 40, and (as with each release) that means changes
to the way the project works and the software included in its repositories. Most
of the [changes\
set](https://fedoraproject.org/wiki/Releases/40/ChangeSet) for Fedora 40 are uncontroversial, but one change is causing quite
a stir. The KDE Special Interest Group's (SIG) [proposal](https://pagure.io/fesco/issue/3086) to adopt KDE Plasma 6 with only Wayland session su ... ⌘ [Read more](https://lwn.net/Articles/961899/) 2024-02-14T19:52:25Z **The Ubuntu community mourns the loss of Gunnar Hjalmarsson**
The [Ubuntu Weekly Newsletter](https://lwn.net/Articles/961898/) carries the sad news that long-time contributor Gunnar Hjalmarsson [has passed away](https://discourse.ubuntu.com/t/in-memoriam-gunnar-hjalmarsson/42284).

> Gunnar has been a steadfast contributor to Ubuntu and Debian for well over a decade. His work around translation and localization efforts has helped enable people from around the world to use and enjoy the software that we all love. It goes without saying th ... ⌘ [Read more](https://lwn.net/Articles/962135/) 2024-02-14T23:03:50Z **LineageOS 21 released**
[Version 21](https://lineageos.org/Changelog-28/) of LineageOS,
an Android-based distribution, has been released.

> With all that said, we have been working extremely hard since
> Android 14’s release last October to port our features to this new
> version of Android. Thanks to our hard work adapting to Google’s
> largely UI-based changes in Android 12/13, and Android 14’s
> dead-simple device bring-up requirements, we were able to rebase
> our changes onto Android 14 much more efficiently.
>
> This lets us ... ⌘ [Read more](https://lwn.net/Articles/962168/) 2024-02-15T00:44:55Z **[$] LWN.net Weekly Edition for February 15, 2024**
The LWN.net Weekly Edition for February 15, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/961331/) 2024-02-15T13:47:10Z **Security updates for Thursday**
Security updates have been issued by **Debian** (edk2, postgresql-13, and postgresql-15), **Fedora** (engrampa, vim, and xen), **Mageia** (mbedtls and quictls), **Oracle** (nss, openssh, and tcpdump), **Red Hat** (.NET 8.0), **SUSE** (hugin, kernel, pdns-recursor, python3, tomcat, and tomcat10), and **Ubuntu** (clamav, edk2, linux-gcp-6.2, linux-intel-iotg-5.15, linux-oem-6.1, and ujson). ⌘ [Read more](https://lwn.net/Articles/962284/) 2024-02-15T17:33:02Z **[$] Open-source AI at FOSDEM**
At [FOSDEM 2024](https://fosdem.org/2024/) in Brussels, the
[AI and Machine\
Learning devroom](https://fosdem.org/2024/schedule/track/ai_ml/) hosted several talks about open-source AI models. With
talks about a definition of open-source AI, "ethical" restrictions in
licenses, and the importance of open data sets, in particular for
non-English languages, the devroom provided an overview of the current state
of the domain. ⌘ [Read more](https://lwn.net/Articles/961868/) 2024-02-16T14:24:40Z **Security updates for Friday**
Security updates have been issued by **Mageia** (bind), **Red Hat** (.NET 8.0 and kpatch-patch), **SUSE** (golang-github-prometheus-alertmanager, java-1\_8\_0-openj9, kernel, libaom, openssl-3, postgresql15, salt, SUSE Manager Client Tools, SUSE Manager Server 4.3, and webkit2gtk3), and **Ubuntu** (shadow). ⌘ [Read more](https://lwn.net/Articles/962506/) 2024-02-16T16:14:26Z **[$] Windows NT synchronization primitives for Linux**
The [futex](https://man7.org/linux/man-pages/man2/futex.2.html)
mechanism provided by the kernel allows for the creation of efficient and
flexible locking primitives in user space. Futexes work well for many
applications, but not all. One of the exceptions, it seems, is that
perennially difficult-to-support use case: Windows games. With
[this\
patch series](https://lwn.net/ml/linux-kernel/20240214233645.9273-1-zfigura@codeweavers.com/), Elizabeth Figura seeks to provide the sort of l ... ⌘ [Read more](https://lwn.net/Articles/961884/) 2024-02-16T18:50:25Z **Stable kernels 6.7.5, 6.6.17, and 6.1.78**
Greg Kroah-Hartman has announced the release of the [6.7.5](https://lwn.net/Articles/962557/), [6.6.17](https://lwn.net/Articles/962558/),
and [6.1.78](https://lwn.net/Articles/962559/) stable kernels. As is the norm,
they contain important fixes throughout the kernel tree. So far, there are no
new CVEs [reported on\
the linux-cve-announce mailing list](https://lore.kernel.org/linux-cve-announce/), which means that the [new kernel CVE numbering authority](https://lwn.net/Articles/961978/) (CNA) ... ⌘ [Read more](https://lwn.net/Articles/962556/) 2024-02-16T20:42:15Z **Exploring Agama's 2024 roadmap (openSUSE News)**
The openSUSE News blog [looks at the roadmap](https://news.opensuse.org/2024/02/16/exploring-agamas-roadmap/) for [Agama](https://github.com/openSUSE/agama) (a new installer from the [YaST](https://yast.opensuse.org/) development team) with releases planned for April and July:

> The milestone in April is set to revolutionize Agama’s architecture. It will be moving away from its reliance on [Cockpit](https://cockpit-project.org/) toward a more autonomous framework that is coupled with a r ... ⌘ [Read more](https://lwn.net/Articles/962553/) 2024-02-18T21:35:11Z **Kernel prepatch 6.8-rc5**
The [6.8-rc5](https://lwn.net/Articles/962667/) kernel prepatch is out for
testing. "Absolutely nothing stands out here, although I do wish
things should have calmed down a bit more at this point in the release
process." ⌘ [Read more](https://lwn.net/Articles/962668/) 2024-02-19T14:00:05Z **Security updates for Monday**
Security updates have been issued by **Debian** (engrampa, openvswitch, pdns-recursor, and runc), **Fedora** (caddy, expat, freerdp, libgit2, libgit2\_1.6, mbedtls, python-cryptography, qt5-qtbase, and sudo), **Gentoo** (Apache Log4j, Chromium, Google Chrome, Microsoft Edge, CUPS, e2fsprogs, Exim, firefox, Glade, GNU Tar, intel-microcode, libcaca, QtNetwork, QtWebEngine, Samba, Seamonkey, TACACS+, Thunar, and thunderbird), **Mageia** (dnsmasq, unbound, and vim), **Oracle** (container-tools:4.0, container-to ... ⌘ [Read more](https://lwn.net/Articles/962753/) 2024-02-19T17:34:42Z **[$] A Spritely distributed-computing library**
[Spritely](https://spritely.institute/) is a project seeking to
build a platform for sovereign distributed applications — applications where
users run their own nodes in order to control their own data — as the basis of a
new social internet.
While there are many such existing
projects, Spritely takes an unusual approach based on a new
interoperable protocol for
efficient, secure remote procedure calls (RPC). The project is in its early stages,
with many additional features planned, but it ... ⌘ [Read more](https://lwn.net/Articles/960912/) 2024-02-20T13:42:38Z **Security updates for Tuesday**
Security updates have been issued by **Fedora** (freeglut, hugin, libmodsecurity, qemu, rust-asyncgit, rust-bat, rust-cargo-c, rust-eza, rust-git-absorb, rust-git-delta, rust-git2, rust-gitui, rust-libgit2-sys, rust-lsd, rust-pore, rust-pretty-git-prompt, rust-shadow-rs, rust-silver, rust-tokei, and rust-vergen), **Mageia** (packages, radare2, ruby-rack, and wireshark), **Oracle** (.NET 8.0 and python-pillow), **Red Hat** (gimp:2.8, java-1.8.0-ibm, and kpatch-patch), **SUSE** (dpdk and opera), and **Ubuntu ... ⌘ [Read more](https://lwn.net/Articles/962881/) 2024-02-20T14:13:18Z **Hare programming language 0.24.0 released**
Drew DeVault [announced](https://harelang.org/blog/2024-02-16-hare-0.24.0-released/) the first numbered release of the [Hare programming language](https://harelang.org/) on February 16.

> Many Hare users want to ship their Hare projects to users, and as such, software written in Hare is making its way into Linux distributions and the like. However, due to Hare’s unstable nature, we have not provided any versioned releases, forcing any distributions who want to package Hare to package Hare’s m ... ⌘ [Read more](https://lwn.net/Articles/962882/) 2024-02-20T14:32:27Z **Righi: Writing a scheduler for Linux in Rust that runs in user-space**
Andrea Righi has [started\
a blog series](https://arighi.blogspot.com/2024/02/writing-scheduler-for-linux-in-rust.html) on writing a user-space CPU scheduler with the BPF-based
[extensible scheduler class](https://lwn.net/Articles/922405/):

> .select\_cpu() implements the logic to assign a target CPU to a task
> that wants to run, typically you have to decide if you want to keep
> the task on the same CPU or if it needs to be migrated to a
> different one (for ex ... ⌘ [Read more](https://lwn.net/Articles/962897/) 2024-02-20T18:58:01Z **[$] A modest update to Qubes OS**
[Qubes OS](https://www.qubes-os.org/) is a security-focused desktop Linux distribution built on Fedora Linux and the [Xen hypervisor](https://www.qubes-os.org/faq/#why-does-qubes-use-xen-instead-of-kvm-or-some-other-hypervisor). Qubes uses virtualization to run applications, system services, and devices access via virtual machines called " [qubes](https://www.qubes-os.org/doc/glossary/#qube)" that have varying levels of trust and [persistence](https://www.qubes-os.org/doc/how-to-use-disposables/) to pro ... ⌘ [Read more](https://lwn.net/Articles/962787/) 2024-02-20T19:01:07Z **The "KeyTrap" DNS vulnerability**
DNS resolvers (those that handle DNSSEC, at least) are almost uniformly
vulnerable to [an exploit\
that has been named "KeyTrap"](https://www.athene-center.de/en/keytrap). In short, the right type of packet can
send a DNS system into something close to an infinite loop, taking it out
of service indefinitely.

> With just a single DNS packet, hackers could paralyze all common
> DNS implementations and public DNS providers. Exploiting this
> attack would have serious consequences for any application tha ... ⌘ [Read more](https://lwn.net/Articles/962924/) 2024-02-21T14:05:09Z **Security updates for Wednesday**
Security updates have been issued by **CentOS** (linux-firmware and python-reportlab), **Debian** (unbound), **Fedora** (freeglut and syncthing), **Red Hat** (edk2, go-toolset:rhel8, java-1.8.0-ibm, kernel, kernel-rt, mysql:8.0, oniguruma, and python-pillow), **Slackware** (libuv and mozilla), **SUSE** (abseil-cpp, grpc, opencensus-proto, protobuf, python- abseil, python-grpcio, re2, bind, dpdk, firefox, hdf5, libssh, libssh2\_org, libxml2, mozilla-nss, openssl-1\_1, openvswitch, postgresql12, postgresql ... ⌘ [Read more](https://lwn.net/Articles/963035/) 2024-02-21T14:15:46Z **RawTherapee 5.10 released**
[Version 5.10](https://rawtherapee.com/downloads/5.10/) of the
RawTherapee raw photo editor is out. The list of changes is long, and
includes improved support for many camera-specific formats. (LWN [looked at RawTherapee](https://lwn.net/Articles/883599/) in 2022). ⌘ [Read more](https://lwn.net/Articles/963036/) 2024-02-21T15:03:39Z **[$] A proposal for shared memory in BPF programs**
Alexei Starovoitov introduced
[a patch series](https://lwn.net/ml/linux-mm/20240206220441.38311-1-alexei.starovoitov@gmail.com/) for the Linux kernel on February 6 to add bpf\_arena, a new type
of shared memory between
[BPF](https://lwn.net/Articles/740157/)
programs and user space.
Starovitov expects arenas to be useful both for bidirectional communication
between user space and BPF programs, and for use as an additional heap for BPF
programs. This will likely be useful to BPF programs ... ⌘ [Read more](https://lwn.net/Articles/961941/) 2024-02-21T19:19:58Z **[$] Sudo and its alternatives**
[Sudo](https://www.sudo.ws/) is a ubiquitous tool for running
commands
with the privileges of another user on Unix-like operating systems. Over
the past decade or so,
some alternatives have
been developed; the base system of OpenBSD now comes with [doas](https://man.openbsd.org/doas.1) instead, [sudo-rs](https://github.com/memorysafety/sudo-rs) is a subset of
sudo reimplemented in Rust, and, somewhat surprisingly, Microsoft also
recently [announced](https://devblogs.microsoft.com/commandline/introducing-s ... ⌘ [Read more](https://lwn.net/Articles/962588/) 2024-02-22T00:13:44Z **[$] LWN.net Weekly Edition for February 22, 2024**
The LWN.net Weekly Edition for February 22, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/962302/) 2024-02-22T14:34:58Z **Security updates for Thursday**
Security updates have been issued by **CentOS** (python-pillow), **Debian** (firefox-esr and imagemagick), **Fedora** (kernel, mbedtls, rust-asyncgit, rust-bat, rust-cargo-c, rust-eza, rust-git-absorb, rust-git-delta, rust-git2, rust-gitui, rust-libgit2-sys, rust-lsd, rust-pore, rust-pretty-git-prompt, rust-shadow-rs, rust-silver, rust-tokei, and rust-vergen), **Gentoo** (LibreOffice), **Red Hat** (kpatch-patch), **Slackware** (mozilla), **SUSE** (docker, python-pycryptodome, python3, and qemu), and **Ubu ... ⌘ [Read more](https://lwn.net/Articles/963205/) 2024-02-22T15:24:11Z **[$] When ELF notes reveal too much**
The Linux kernel uses a number of hardening techniques to try to protect
itself against compromise; one of those is kernel address-space layout
randomization (KASLR). But randomization is of little benefit if the
kernel spills the beans on where its code has ended up. As it happens, the
kernel has been doing exactly that — since 2007, in a behavior that
predates the addition of KASLR. Some changes are in the
works to close that hole, but it is illustrative of just how hard some
secrets are to keep. ⌘ [Read more](https://lwn.net/Articles/962782/) 2024-02-23T14:42:30Z **Stenberg: DISPUTED, not REJECTED**
The Curl project has [previously](https://lwn.net/Articles/944209) had problems with
CVEs issued for things that are not security issues. On February 21,
Daniel Stenberg [wrote](https://daniel.haxx.se/blog/2024/02/21/disputed-not-rejected/) about the Curl project's most recent issue with the CVE system, saying:

> I keep insisting that the CVE system is broken and that the database of
> existing CVEs hosted by MITRE (and imported into lots of other
> databases) is full of questionable content and plent ... ⌘ [Read more](https://lwn.net/Articles/963240/) 2024-02-23T14:49:54Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, imagemagick, and iwd), **Fedora** (chromium, firefox, and pdns-recursor), **Mageia** (nodejs and yarnpkg), **Red Hat** (firefox, postgresql, and postgresql:15), and **SUSE** (bind, mozilla-nss, openssh, php-composer2, python-pycryptodome, python-uamqp, python310, and tiff). ⌘ [Read more](https://lwn.net/Articles/963352/) 2024-02-23T15:15:01Z **Lots of new stable kernels**
Greg Kroah-Hartman has announced the release of seven new stable kernels:
[6.7.6](https://lwn.net/Articles/963356/), [6.6.18](https://lwn.net/Articles/963357/), [6.1.79](https://lwn.net/Articles/963358/), [5.15.149](https://lwn.net/Articles/963359/), [5.10.210](https://lwn.net/Articles/963360/), [5.4.269](https://lwn.net/Articles/963361/), and [4.19.307](https://lwn.net/Articles/963362/). As usual, they contain many
important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/963355/) 2024-02-23T19:31:34Z **[$] Forgejo makes a full break from Gitea**
The world of open-source " [forges](https://en.wikipedia.org/wiki/Forge_(software))" is becoming a little more fragmented. The [Forgejo](https://forgejo.org/) project is a software-development platform that started as a "soft" fork of [Gitea](https://about.gitea.com/) in late 2022. On February 16, Forgejo [announced](https://forgejo.org/2024-02-forking-forward/) its intent to become a "hard fork" of Gitea to help address its mission of community-controlled development and to "liberate software ... ⌘ [Read more](https://lwn.net/Articles/963095/) 2024-02-23T21:42:21Z **Git 2.44.0 released**
[Version 2.44.0](https://lwn.net/ml/git/xmqqbk87w164.fsf@gitster.g/) of the Git
source-code management system has been released. There is a long list of
changes, including the [git\
replay command](https://lwn.net/ml/git/20230907092521.733746-1-christian.couder@gmail.com/) for faster, server-side rebasing, a number of
command-line completion improvements, and more. ⌘ [Read more](https://lwn.net/Articles/963444/) 2024-02-26T00:00:11Z **Kernel prepatch 6.8-rc6**
Linus has [released 6.8-rc6](https://lwn.net/Articles/963590/) for testing.

> Last week I said that I was hoping things would calm down a bit.
> Technically things did calm down a bit, and rc6 is smaller than rc5
> was. But not by a huge amount, and honestly, while there's nothing
> really alarming here, there's more here than I would really like at
> this point in the release.
>
> So this may end up being one of those releases that get an
> rc8. We'll see. ⌘ [Read more](https://lwn.net/Articles/963589/) 2024-02-26T16:14:02Z **Security updates for Monday**
Security updates have been issued by **Debian** (gnutls28, iwd, libjwt, and thunderbird), **Fedora** (chromium, expat, mingw-expat, mingw-openexr, mingw-python3, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtquickcontrols2, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5- ... ⌘ [Read more](https://lwn.net/Articles/963725/) 2024-02-26T16:31:06Z **[$] Treating documentation as code**
At [FOSDEM 2024](https://fosdem.org/2024/),
the ["Tool\
the docs" devroom](https://fosdem.org/2024/schedule/track/tool-the-docs/) hosted several talks about free and open-source tools
for writing, managing, testing, and rendering documentation. The central
concept was to treat documentation as code, which makes it possible to
incorporate various tools into documentation workflows in order to maintain
high
quality. ⌘ [Read more](https://lwn.net/Articles/963037/) 2024-02-26T17:16:42Z **Incus 0.6 released**
Version 0.6 of [Incus](https://linuxcontainers.org/incus/), a fork of LXD, has been released. This release includes a number of changes, including a new storage driver called lvmcluster, improvements for Open Virtual Network (OVN) users, improvements to migration tooling, a number of new security features, and storage bucket backup and re-import. See the [release announcement](https://discuss.linuxcontainers.org/t/incus-0-6-has-been-released/19134) for detailed release notes and complete list of changes. The announc ... ⌘ [Read more](https://lwn.net/Articles/963730/) 2024-02-26T17:53:19Z **[$] A RDRAND followup**
In a recent episode, " [Pitchforks for RDSEED](https://lwn.net/Articles/961121/)",
we learned that there was some uncertainty around whether hardware-based
random-number generators on x86 CPUs could fail. Since the consequences of
failure in some situations (confidential-computing applications in
particular) can be catastrophic, there was some concern about this prospect
and what to do about it. Since then, the situation has come a bit more
into focus, and there would appear to be an agreed-upon plan for changes ... ⌘ [Read more](https://lwn.net/Articles/963281/) 2024-02-27T12:00:40Z **The bpftop tool**
Netflix has [announced](https://netflixtechblog.com/announcing-bpftop-streamlining-ebpf-performance-optimization-6a727c1ae2e5)
the release of a tool called bpftop to help with the performance
optimization of BPF programs in the kernel:

> bpftop provides a dynamic real-time view of running eBPF
> programs. It displays the average execution runtime, events per
> second, and estimated total CPU % for each program. This tool
> minimizes overhead by enabling performance statistics only while it
> is active. ⌘ [Read more](https://lwn.net/Articles/963767/) 2024-02-27T12:00:26Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (engrampa and libgit2), **Fedora** (libxls, perl-Spreadsheet-ParseXLSX, and wpa\_supplicant), **Gentoo** (PyYAML), **Mageia** (packages and thunderbird), **Red Hat** (firefox, kernel, linux-firmware, thunderbird, and unbound), **Slackware** (openjpeg), **SUSE** (golang-github-prometheus-prometheus, installation-images, kernel, python-azure-core, python-azure-storage-blob, salt and python-pyzmq, SUSE Manager 4.2.11, SUSE Manager 4.3, SUSE Manager Server 4.2, a ... ⌘ [Read more](https://lwn.net/Articles/963805/) 2024-02-27T21:24:24Z **[$] A look at Nix and Guix**
[Nix](https://nixos.org/) and
[Guix](https://guix.gnu.org/) are a pair of unusual package managers
based on the idea of declarative configurations. Their associated Linux
distributions — NixOS and the Guix System — take the idea further by allowing users
to define a single centralized configuration describing the state of the entire
system. Both have
been [previously](https://lwn.net/Articles/712318) [mentioned](https://lwn.net/Articles/891752) on LWN, but not covered extensively. They offer different takes ... ⌘ [Read more](https://lwn.net/Articles/962788/) 2024-02-28T14:33:09Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (knot-resolver and wpa), **Fedora** (chromium, kernel, thunderbird, and yarnpkg), **Mageia** (c-ares), **Oracle** (firefox, kernel, opensc, postgresql:13, postgresql:15, and thunderbird), **Red Hat** (edk2, gimp:2.8, and kernel), **SUSE** (bind, bluez, container-suseconnect, dnsdist, freerdp, gcc12, gcc7, glib2, gnutls, kernel, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-cont ... ⌘ [Read more](https://lwn.net/Articles/963957/) 2024-02-28T16:32:40Z **The Open Collective Foundation is shutting down**
The [Open Collective\
Foundation](https://opencollective.foundation/) is an organization created to provide legal and financial
services for non-profit projects, many of which are associated with free
software. Projects hosted there are now [beginning\
to report](https://daniel-lange.com/archives/186-Opencollective-shutting-down.html) that the Open Collective Foundation will be shutting down at
the end of the year, with an unwinding process over that time.

> Unfortunately, over the past ... ⌘ [Read more](https://lwn.net/Articles/963958/) 2024-02-28T18:25:11Z **[$] The KDE desktop gets an overhaul with Plasma 6**
It's been nearly 10 years since
[KDE Plasma 5](https://kde.org/announcements/plasma/5/5.0/),
which is the last major release of the [desktop](https://kde.org/plasma-desktop/).
On February 28 the project [announced](https://kde.org/announcements/megarelease/6/) its "mega release" of KDE
Plasma 6, KDE Frameworks 6, and KDE Gear 24.02 — all based on the [Qt 6](https://www.qt.io/product/qt6) development framework. This
release focuses heavily on migrating to Wayland, and aspires to be a s ... ⌘ [Read more](https://lwn.net/Articles/963851/) 2024-02-28T19:24:11Z **Tails 6.0 released**
[Tails 6.0](https://tails.net/news/version_6.0/index.en.html) is now available. Based on Debian, [Tails](https://tails.net/) is a portable operating system designed to run from a USB stick and help users avoid surveillance and censorship. This release updates most Tails applications, and includes important security and usability improvements.

One major new feature in 6.0 is to provide warnings to users about
[errors when reading or\
writing](https://tails.net/ioerror/) to persistent storage. This release now ignore ... ⌘ [Read more](https://lwn.net/Articles/963986/) 2024-02-29T01:13:09Z **[$] LWN.net Weekly Edition for February 29, 2024**
The LWN.net Weekly Edition for February 29, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/963168/) 2024-02-29T14:14:04Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium), **Fedora** (moodle), **Red Hat** (kernel, kernel-rt, and postgresql:15), **Slackware** (wpa\_supplicant), **SUSE** (Java and rear27a), and **Ubuntu** (libcpanel-json-xs-perl, libuv1, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.4, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, python-openstackclient, and unbound). ⌘ [Read more](https://lwn.net/Articles/964039/) 2024-02-29T15:49:09Z **[$] A sandbox mode for the kernel**
The Linux kernel follows a monolithic design, and that brings a well-known
problem: all code in the kernel has access to the entirety of the kernel's
address space. As a result, a bug in (for example) an obscure driver may
well be exploitable to wreak havoc on core-kernel data structures. Various
attempts have been made over the years to increase the degree of isolation
within the kernel. The latest of these, ["SandBox\
Mode"](https://lwn.net/ml/linux-kernel/20240214113035.2117-1-petrtesarik@huaweiclo ... ⌘ [Read more](https://lwn.net/Articles/963734/) 2024-02-29T18:10:59Z **NVK is now ready for prime time (Collabora blog)**
Over on the Collabora blog, Faith Ekstrand has [announced](https://www.collabora.com/news-and-blog/news-and-events/nvk-is-now-ready-for-prime-time.html) that the [NVK Vulkan driver for NVIDIA devices](https://docs.mesa3d.org/drivers/nvk.html) will be part of [Mesa](https://www.mesa3d.org/) 24.1 and is ready for real-world use. It should be appearing in Linux distributions later this year.

> Back in october, I announced that [NVK had reached Vulkan 1.0 conformance](https://www.collabora ... ⌘ [Read more](https://lwn.net/Articles/964090/) 2024-03-01T13:31:40Z **Security updates for Friday**
Security updates have been issued by **CentOS** (firefox and thunderbird), **Debian** (gsoap, python-django, and wireshark), **Fedora** (dotnet7.0 and gifsicle), **Mageia** (sympa), **Oracle** (postgresql:10, postgresql:12, thunderbird, and unbound), **Red Hat** (kpatch-patch, python-pillow, and squid:4), **SUSE** (nodejs12, nodejs14, nodejs16, nodejs18, and openvswitch3), and **Ubuntu** (linux-azure, linux-lowlatency, linux-starfive-6.5, php-guzzlehttp-psr7, and php-nyholm-psr7). ⌘ [Read more](https://lwn.net/Articles/964166/) 2024-03-01T13:50:56Z **Seven new stable kernel updates**
Greg Kroah-Hartman has announced the release of seven new stable kernels:
[6.7.7](https://lwn.net/Articles/964172/),
[6.6.19](https://lwn.net/Articles/964173/),
[6.1.80](https://lwn.net/Articles/964174/),
[5.15.150](https://lwn.net/Articles/964175/),
[5.10.211](https://lwn.net/Articles/964176/),
[5.4.270](https://lwn.net/Articles/964177/), and
[4.19.308](https://lwn.net/Articles/964178/).
As usual, they contain many important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/964167/) 2024-03-01T14:51:42Z **Musl C library releases support for new architectures**
On February 29, the musl project
[announced](https://www.openwall.com/lists/musl/2024/03/01/2) release
1.2.5, including support for loongarch64 and riscv32. This
release also contains support for the
[statx](https://www.man7.org/linux/man-pages/man2/statx.2.html),
[preadv2,\
and pwritev2](https://man7.org/linux/man-pages/man2/readv.2.html) system calls. ⌘ [Read more](https://lwn.net/Articles/964181/) 2024-03-01T16:30:24Z **[$] An alternate pattern-matching conditional for Elisp**
One of the outcomes of the (extremely) lengthy discussion about using
Common Lisp features in Emacs Lisp (Elisp), which we [looked at](https://lwn.net/Articles/951090/) back in November, was an effort to
start removing some of those uses from Emacs. The rewrite of some of the
Elisp in Emacs that uses the Common Lisp library (cl-lib) was [started by\
Richard Stallman](https://lwn.net/ml/emacs-devel/E1qvq5s-0003LC-O6@fencepost.gnu.org/) as a way to reduce the cognitive load needed ... ⌘ [Read more](https://lwn.net/Articles/961682/) 2024-03-03T13:39:41Z **Stable kernels 6.7.8 and 6.6.20**
The
[6.7.8](https://lwn.net/Articles/964306/) and
[6.6.20](https://lwn.net/Articles/964307/)
stable kernel updates have been released. They contain a single patch
addressing an ntfs3 filesystem build error introduced in the previous
round of updates. ⌘ [Read more](https://lwn.net/Articles/964305/) 2024-03-03T23:03:01Z **Kernel prepatch 6.8-rc7**
The [6.8-rc7](https://lwn.net/Articles/964336/) kernel prepatch is out for
testing.

> So we finally have a week where things have calmed down, and in
> fact 6.8-rc7 is smaller than usual at this point in time. So if
> that keeps up (but that's a fairly notable "if") I won't feel like
> I need to do an rc8 this release after all.
>
> So no guarantees, but assuming no bad surprises, we'll have the
> final 6.8 next weekend. ⌘ [Read more](https://lwn.net/Articles/964337/) 2024-03-04T14:33:42Z **Security updates for Monday**
Security updates have been issued by **Debian** (firefox-esr and thunderbird), **Fedora** (dotnet6.0, dotnet8.0, and mod\_auth\_openidc), **Gentoo** (Blender, Tox, and UltraJSON), **Oracle** (kernel), **Red Hat** (edk2), **SUSE** (sendmail and zabbix), and **Ubuntu** (nodejs and thunderbird). ⌘ [Read more](https://lwn.net/Articles/964376/) 2024-03-04T15:38:35Z **[$] Making multiple interpreters available to Python code**
It has long been possible to run multiple Python interpreters in the same
process — via the C API, but not within the language itself.
Eric Snow has been working to make this ability
available in the language for many years.
Now, Snow has published
[PEP 734](https://peps.python.org/pep-0734/) ("Multiple Interpreters
in the Stdlib"), the latest work in his
quest, and
[submitted](https://github.com/python/steering-council/issues/234)
it to the Python steering council for a decisi ... ⌘ [Read more](https://lwn.net/Articles/963512/) 2024-03-05T12:49:57Z **[$] Formalizing policy zones for memory**
The kernel's memory-management subsystem is built on the concept of
"zones", which were initially added to describe the physical
characteristics of the memory pages contained within them. Over time,
zones have taken on more of a policy-related role as well. With a patch
set called [THP\
allocator optimizations](https://lwn.net/ml/linux-mm/20240229183436.4110845-1-yuzhao@google.com/), Yu Zhao has set out to better define the role
of policy-related zones on the path toward adding two more of them, ... ⌘ [Read more](https://lwn.net/Articles/964239/) 2024-03-05T12:48:58Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (yard), **Oracle** (buildah and kernel), **Red Hat** (389-ds:1.4, edk2, frr, gnutls, haproxy, libfastjson, libX11, postgresql:12, sqlite, squid, squid:4, tcpdump, and tomcat), **SUSE** (apache2-mod\_auth\_openidc and glibc), and **Ubuntu** (linux-gke, python-cryptography, and python-django). ⌘ [Read more](https://lwn.net/Articles/964450/) 2024-03-06T13:49:19Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (libapache2-mod-auth-openidc, libuv1, php-phpseclib, and phpseclib), **Red Hat** (buildah, cups, curl, device-mapper-multipath, emacs, fence-agents, frr, fwupd, gmp, gnutls, golang, haproxy, keylime, libfastjson, libmicrohttpd, linux-firmware, mysql, openssh, rear, skopeo, sqlite, squid, systemd, and tomcat), **Slackware** (mozilla), **SUSE** (kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, postgresql-jdbc, python, python-cryptography, ruby ... ⌘ [Read more](https://lwn.net/Articles/964559/) 2024-03-06T17:44:25Z **Wednesday's stable kernel updates**
Greg Kroah-Hartman has announced another round of stable kernel updates:
[6.7.9](https://lwn.net/Articles/964560), [6.6.21](https://lwn.net/Articles/964561),
[6.1.81](https://lwn.net/Articles/964562/), [5.15.151](https://lwn.net/Articles/964564/),
[5.10.212](https://lwn.net/Articles/964565/), [5.4.271](https://lwn.net/Articles/964563/),
and [4.19.309](https://lwn.net/Articles/964566/) have all been
released. Each contains a set of important fixes. ⌘ [Read more](https://lwn.net/Articles/964567/) 2024-03-06T18:30:35Z **[$] Not so quickly extending QUIC**
[QUIC](https://en.wikipedia.org/wiki/QUIC) is a UDP-based transport protocol that forms the foundation of
[HTTP/3](https://lwn.net/Articles/814522).
It was initially developed at Google in 2012, and became an
[IETF](https://www.ietf.org/) standard in
2021\. Work on the protocol did not stop with its standardization, however. The
[QUIC working group](https://quicwg.org/)
published several follow-up standards. Now, it is working on
four more extensions to QUIC intended to patch over various shortcomings ... ⌘ [Read more](https://lwn.net/Articles/964377/) 2024-03-06T20:11:32Z **Adding systemd to postmarketOS**
The [postmarketOS](https://postmarketos.org/) project, which produces
a Linux distribution for phones and mobile devices,
[has announced](https://postmarketos.org/blog/2024/03/05/adding-systemd/)
that it is in the early stages of adding systemd to make it easier to support GNOME and KDE.

Users who prefer the [OpenRC](https://wiki.gentoo.org/wiki/Project:OpenRC)
init system are assured they will still have that option when building their own
images "as long as OpenRC is in Alpine Linux (on which postmark ... ⌘ [Read more](https://lwn.net/Articles/964574/) 2024-03-06T21:02:53Z **[$] MySQL and MariaDB changes coming in Fedora 40**
The Fedora Project [switched\
to MariaDB](https://fedoraproject.org/wiki/Features/ReplaceMySQLwithMariaDB) as the default implementation of MySQL in Fedora 19 [in 2013](https://lwn.net/Articles/534204/). Once a drop-in
replacement for MySQL, MariaDB has diverged enough that this is no longer
the case—and, despite concerns about Oracle
and optimism that MariaDB would supplant MySQL, the reality is that MySQL
and MariaDB seem to be here to stay. With that in mind, Fedora developer
Michal ... ⌘ [Read more](https://lwn.net/Articles/960630/) 2024-03-07T00:07:39Z **[$] LWN.net Weekly Edition for March 7, 2024**
The LWN.net Weekly Edition for March 7, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/964042/) 2024-03-07T15:05:42Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium and yard), **Fedora** (cpp-jwt, golang-github-tdewolff-argp, golang-github-tdewolff-minify, golang-github-tdewolff-parse, and suricata), **Mageia** (wpa\_supplicant), **Oracle** (curl, edk2, golang, haproxy, keylime, mysql, openssh, and rear), **Red Hat** (kernel and postgresql:12), **SUSE** (containerd, giflib, go1.21, gstreamer-plugins-bad, java-1\_8\_0-openjdk, python3, python311, python39, sudo, and vim), and **Ubuntu** (frr, linux, linux-gcp, ... ⌘ [Read more](https://lwn.net/Articles/964725/) 2024-03-07T15:46:36Z **[$] Vale: enforcing style guidelines for text**
While programmers are used to having tools to check their code for
stylistic problems, writers often limit automatic checks of their texts to
spelling and, sometimes, grammar, because there are not a lot of options
for further checking. If that is the case, [Vale](https://vale.sh), an
open-source, command-line tool to enforce editorial-style guidelines, would
make a
useful addition to their toolbox. The recent [release of\
Vale 3.0](https://github.com/errata-ai/vale/releases/tag/v3.0.0)
wa ... ⌘ [Read more](https://lwn.net/Articles/964075/) 2024-03-08T14:10:56Z **Security updates for Friday**
Security updates have been issued by **Debian** (fontforge), **Fedora** (chromium, iwd, libell, and thunderbird), **Oracle** (buildah, kernel, skopeo, and tomcat), **Red Hat** (opencryptoki), **Slackware** (ghostscript), **SUSE** (go1.21, go1.22, google-oauth-java-client, jetty-minimal, openssl-1\_0\_0, python310, sudo, wpa\_supplicant, and xmlgraphics-batik), and **Ubuntu** (libhtmlcleaner-java, linux, linux-azure, linux-azure-5.15, linux-azure-fde,
 linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-g ... ⌘ [Read more](https://lwn.net/Articles/964832/) 2024-03-08T14:34:01Z **[$] Better linked-list traversal in BPF**
Before loading a BPF program, the kernel must verify that the program is
safe to run; among other things, that verification includes ensuring that
the program will terminate within a bounded time. That requirement has
long made writing loops in BPF a challenging task. The situation has
improved over the years for some types of loops, but others — including
linked-list traversal — are still awkward in BPF programs. A new set of
BPF primitives aims to make life easier for this use case through the ... ⌘ [Read more](https://lwn.net/Articles/964381/) 2024-03-08T20:58:55Z **[$] Untangling the Open Collectives**
Name collisions aren't just a problem for software
development—organizations, projects, and software that have the
same or similar names can cause serious confusion. That was certainly
the case on February 28 when the [Open Collective\
Foundation](https://opencollective.com/foundation) (OCF) began to notify its hosted projects that it would
be shutting down by the end of 2024. The announcement surprised
projects hosted with OCF, as one might expect. It also worried and
confused users of the Open Col ... ⌘ [Read more](https://lwn.net/Articles/964402/) 2024-03-10T10:24:53Z **Huang: IRIS (Infra-Red, in situ) Project Updates**
Andrew 'bunnie' Huang [provides an update](https://www.bunniestudios.com/blog/?p=6937) on
his IRIS infrared chip-scanning project as the starting point for a
detailed summary on how chip customers can detect forgeries and
modifications in general.

> The technique works because although silicon looks opaque at
> visible light, it is transparent starting at near-infrared
> wavelengths (roughly 1000 nm and longer). Today's commodity optics
> and CMOS cameras are actually capable of wor ... ⌘ [Read more](https://lwn.net/Articles/964956/) 2024-03-10T21:37:11Z **The 6.8 kernel has been released**
Linus has [released](https://lwn.net/Articles/964977/) the 6.8 kernel.

> So it took a bit longer for the commit counts to come down this
> release than I tend to prefer, but a lot of that seemed to be about
> various selftest updates (networking in particular) rather than any
> actual real sign of problems. And the last two weeks have been
> pretty quiet, so I feel there's no real reason to delay 6.8.

Significant changes in this release include
the [deadline servers](https://lwn.net/Articles/9344 ... ⌘ [Read more](https://lwn.net/Articles/964784/) 2024-03-11T14:09:38Z **Security updates for Monday**
Security updates have been issued by **Debian** (libuv1, nss, squid, tar, tiff, and wordpress), **Fedora** (chromium, exercism, grub2, qpdf, and wpa\_supplicant), **Oracle** (edk2 and opencryptoki), and **SUSE** (cpio, openssl-1\_0\_0, openssl-1\_1, openssl-3, sudo, tomcat, and xen). ⌘ [Read more](https://lwn.net/Articles/965032/) 2024-03-11T15:59:55Z **[$] Development statistics for 6.8**
The 6.8 kernel was [released](https://lwn.net/Articles/964977/) on March 10
after a typical, nine-week development cycle. Over this time, 1,938
developers contributed 14,405 non-merge changesets, making 6.8 into a
slower cycle than 6.7 (but busier than 6.6), with the lowest number of
developers participating since the 6.5 release. Still, there was
a lot going on during this cycle; read on for some of the details. ⌘ [Read more](https://lwn.net/Articles/964106/) 2024-03-12T08:46:40Z **Huston: KeyTrap!**
Geoff Huston [digs into the\
details](https://www.potaroo.net/ispcol/2024-03/keytrap.html) of the KeyTrap DNS vulnerability, which was [disclosed](https://lwn.net/Articles/962924/) in February.

> It's by no means "devasting" for the DNS, and the fix is much the
> same as the previous fix. As well as limiting the number of queries
> that a resolver can generate to resolve a queried name, a careful
> resolver will limit both the elapsed time and perhaps the amount of
> the resolver's processing resources that are u ... ⌘ [Read more](https://lwn.net/Articles/965067/) 2024-03-12T14:50:11Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (qemu), **Mageia** (libtiff and thunderbird), **Red Hat** (kernel, kpatch-patch, postgresql, and rhc-worker-script), **SUSE** (compat-openssl098, openssl, openssl1, python-Django, python-Django1, and wpa\_supplicant), and **Ubuntu** (accountsservice, libxml2, linux-bluefield, linux-raspi-5.4, linux-xilinx-zynqmp, linux-oem-6.1, openvswitch, postgresql-9.5, and ruby-rack). ⌘ [Read more](https://lwn.net/Articles/965113/) 2024-03-12T15:35:34Z **[$] Insecurity and Python pickles**
Serialization is the process of transforming Python objects into a sequence of
bytes which can be used to recreate a copy of the object later — or on another
machine.
[pickle](https://docs.python.org/3/library/pickle.html) is Python's native serialization module. It can store complex Python
objects,
making it an appealing prospect for moving data without having to write
custom serialization code. For example, pickle is an integral component of
[several file\
formats](https://github.com/trailofbits/ml- ... ⌘ [Read more](https://lwn.net/Articles/964392/) 2024-03-12T19:21:16Z **Herb Sutter on increasing safety in C++**
Herb Sutter, chair of the ISO C++ standards committee,
[writes](https://herbsutter.com/2024/03/11/safety-in-context/) about the current problems with writing secure C++,
and his personal opinion on next steps to address this while maintaining
backward compatibility.

> **If there were 90-98% fewer C++ type/bounds/initialization/lifetime
> vulnerabilities we wouldn't be having this discussion.** All languages have CVEs,
> C++ just has more (and C still more); so far in 2024,
> [Rust has 6 CVEs](h ... ⌘ [Read more](https://lwn.net/Articles/965147/) 2024-03-12T20:38:49Z **Today's hardware vulnerability: register file data sampling**
The mainline kernel has just received a set of commits addressing the
"register file data sampling" hardware vulnerability.

> RFDS may allow a malicious actor to infer data values previously
> used in floating point registers, vector registers, or integer
> registers. RFDS does not provide the ability to choose which data
> is inferred

Only Atom cores are affected, but those cores can be found inside a number
of processors. See [this documentation\
commit](https://git.ke ... ⌘ [Read more](https://lwn.net/Articles/965167/) 2024-03-13T08:20:54Z **[$] A new filesystem for pidfds**
The [pidfd](https://lwn.net/Articles/794707/) abstraction is a Linux-specific
way of referring to processes that avoids the race conditions inherent in
Unix process ID numbers. Since a pidfd is a file descriptor, it needs a
filesystem to implement the usual operations performed on files. As the
use of pidfds has grown, they have stressed the limits of the simple
filesystem that was created for them. Christian Brauner has [created\
a new filesystem for pidfds](https://lwn.net/ml/linux-fsdevel/20240213-vf ... ⌘ [Read more](https://lwn.net/Articles/963749/) 2024-03-13T12:54:02Z **Security updates for Wednesday**
Security updates have been issued by **Fedora** (edk2, freeipa, kernel, and liblas), **Oracle** (kernel), **Red Hat** (docker, edk2, kernel, kernel-rt, and kpatch-patch), **SUSE** (axis, fontforge, gnutls, java-1\_8\_0-openjdk, kernel, python3, sudo, and zabbix), and **Ubuntu** (dotnet7, dotnet8, libgoogle-gson-java, openssl, and ovn). ⌘ [Read more](https://lwn.net/Articles/965278/) 2024-03-13T18:08:10Z **[$] Questions about machine learning models for Fedora**
Kaitlyn Abdo of Fedora's [AI/ML\
SIG](https://fedoraproject.org/wiki/SIGs/AI-ML) opened [an issue](https://pagure.io/fesco/issue/3175) with the
Fedora Engineering Steering Committee (FESCo) recently that carried a few tricky
questions about packaging machine-learning (ML) models for Fedora.
Specifically, the SIG is looking for guidance on whether pre-trained weights for
[PyTorch](https://pytorch.org/) constitute code or content. And, if the models are released under a
[license app ... ⌘ [Read more](https://lwn.net/Articles/964739/) 2024-03-14T00:17:54Z **[$] LWN.net Weekly Edition for March 14, 2024**
The LWN.net Weekly Edition for March 14, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/964623/) 2024-03-14T14:06:04Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium and openvswitch), **Fedora** (chromium, python-multipart, thunderbird, and xen), **Mageia** (java-17-openjdk and screen), **Red Hat** (.NET 7.0, .NET 8.0, kernel-rt, kpatch-patch, postgresql:13, and postgresql:15), **Slackware** (expat), **SUSE** (glibc, python-Django, python-Django1, sudo, and vim), and **Ubuntu** (expat, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-lowlatency, linux-raspi, python-cryptography, texlive-bin, and ... ⌘ [Read more](https://lwn.net/Articles/965470/) 2024-03-14T15:00:05Z **[$] The first half of the 6.9 merge window**
As of this writing, just over 4,900 non-merge changesets have been pulled
into the mainline for the 6.9 release. This work includes the usual array
of changes all over the kernel tree; read on for a summary of the most
significant work merged during the first part of the 6.9 merge window. ⌘ [Read more](https://lwn.net/Articles/965141/) 2024-03-15T13:12:09Z **Security updates for Friday**
Security updates have been issued by **Debian** (composer and node-xml2js), **Fedora** (baresip), **Mageia** (fonttools, libgit2, mplayer, open-vm-tools, and packages), **Red Hat** (dnsmasq, gimp:2.8, and kernel-rt), and **SUSE** (389-ds, gdb, kernel, python-Django, python3, python36-pip, spectre-meltdown-checker, sudo, and thunderbird). ⌘ [Read more](https://lwn.net/Articles/965576/) 2024-03-15T19:26:48Z **Eight stable kernel updates for the weekend**
Sasha Levin has announced the release of the [6.8.1](https://lwn.net/Articles/965604/),
[6.7.10](https://lwn.net/Articles/965605/), [6.6.22](https://lwn.net/Articles/965606/),
[6.1.82](https://lwn.net/Articles/965607/), [5.15.152](https://lwn.net/Articles/965608/),
[5.10.213](https://lwn.net/Articles/965609/), [5.4.272](https://lwn.net/Articles/965610/),
and [4.19.310](https://lwn.net/Articles/965611/) stable kernels. As always, they contain important fixes throughout the tree. Users of thos ... ⌘ [Read more](https://lwn.net/Articles/965603/) 2024-03-15T19:49:17Z **Mitchell: Today we launched Flox 1.0**
Zach Mitchell has [announced](https://tinkering.xyz/releasing-flox/) the 1.0 release of [Flox](https://github.com/flox/flox), a tool that lets its users install packages from [nixpkgs](https://flox.dev/blog/nixpkgs) inside portable virtual environments, and share those virtual environments with others as an [alternative](https://tinkering.xyz/releasing-flox/#containers-are-fine-right) to Docker-style containers. Flox is based on Nix but allows users to skip learning how to work with the Nix languag ... ⌘ [Read more](https://lwn.net/Articles/965584/) 2024-03-15T20:05:21Z **[$] Cranelift code generation comes to Rust**
[Cranelift](https://cranelift.dev/) is an Apache-2.0-licensed
code-generation backend being developed as part
of the [Wasmtime](https://wasmtime.dev/) runtime for
[WebAssembly](https://webassembly.org/).
In October 2023, the Rust project made Cranelift available as an optional
component in its nightly toolchain.
Users can now use Cranelift as the code-generation backend for debug builds of
projects written in Rust,
making it an opportune time to look at what makes Cranelift different.
Cranel ... ⌘ [Read more](https://lwn.net/Articles/964735/) 2024-03-18T14:17:39Z **Security updates for Monday**
Security updates have been issued by **Debian** (curl, spip, and unadf), **Fedora** (chromium, iwd, opensc, openvswitch, python3.6, shim, shim-unsigned-aarch64, and shim-unsigned-x64), **Mageia** (batik, imagemagick, irssi, jackson-databind, jupyter-notebook, ncurses, and yajl), **Oracle** (.NET 7.0, .NET 8.0, and dnsmasq), **Red Hat** (postgresql:10), **SUSE** (chromium, kernel, openvswitch, python-rpyc, and tiff), and **Ubuntu** (openjdk-8). ⌘ [Read more](https://lwn.net/Articles/965829/) 2024-03-18T15:17:14Z **[$] Toward a real "too small to fail" rule**
Kernel developers have long been told that any attempt to allocate memory
might fail, so their code must be prepared for memory to be unavailable.
Informally, though, the kernel's memory-management subsystem implements a
policy whereby requests below a certain size will not fail (in process
context, at least), regardless of
how tight memory may be. A recent discussion on the linux-mm list has
looked at the idea of making [the "too small to\
fail" rule](https://lwn.net/Articles/723317/) a poli ... ⌘ [Read more](https://lwn.net/Articles/964793/) 2024-03-19T13:39:04Z **Man Yue Mo: Gaining kernel code execution on an MTE-enabled Pixel 8**
Man Yue Mo [explains\
how to compromise a Pixel 8 phone](https://github.blog/2024-03-18-gaining-kernel-code-execution-on-an-mte-enabled-pixel-8/) even when the Arm [memory-tagging extension](https://lwn.net/Articles/834289/) is in use, by taking
advantage of the Mali GPU.

> So, by using the GPU to access physical addresses directly, I'm
> able to completely bypass the protection that MTE
> offers. Ultimately, there is no memory safe code in the code that
> manages ... ⌘ [Read more](https://lwn.net/Articles/965926/) 2024-03-19T16:57:36Z **Firefox 124.0 released**
[Version\
124.0](https://www.mozilla.org/en-US/firefox/124.0/releasenotes/) of the Firefox browser is out. Changes include support for
"caret browsing mode" in the PDF viewer and the ability to control the
sorting of tabs in the Firefox View screen. ⌘ [Read more](https://lwn.net/Articles/965959/) 2024-03-19T16:55:09Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (cacti, postgresql-11, and zfs-linux), **Fedora** (freeimage, mingw-expat, and mingw-freeimage), **Mageia** (apache-mod\_security-crs, expat, and multipath-tools), **Oracle** (.NET 7.0 and kernel), **Red Hat** (kernel, kernel-rt, and kpatch-patch), and **Ubuntu** (bash, kernel, linux, linux-aws, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, and vim). ⌘ [Read more](https://lwn.net/Articles/965958/) 2024-03-19T21:18:30Z **[$] "Real" anonymous functions for Python**
There are a number of different language-enhancement ideas that crop up
with some
regularity in
the Python community; many of them have been debated and shot down multiple
times over the years. When one inevitably arises anew, it can sometimes be
difficult to tamp it down, even if it is unlikely that the idea will go
any further than the last N times it cropped up. A recent discussion about
"real" anonymous functions follows a somewhat predictable path, but there
are still reasons to participa ... ⌘ [Read more](https://lwn.net/Articles/964839/) 2024-03-20T12:51:11Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (fontforge and imagemagick), **Fedora** (firefox), **Mageia** (cherrytree, python-django, qpdf, and sqlite3), **Red Hat** (bind, cups, emacs, fwupd, gmp, kernel, libreoffice, libX11, nodejs, opencryptoki, postgresql-jdbc, postgresql:10, postgresql:13, and ruby:3.1), **Slackware** (gnutls and mozilla), and **Ubuntu** (firefox, linux, linux-bluefield, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm,
 linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-o ... ⌘ [Read more](https://lwn.net/Articles/966053/) 2024-03-20T16:42:32Z **Python announces first security releases since becoming a CNA**
The Python project has [announced](https://lwn.net/Articles/966069/) three security releases, [3.10.14](https://www.python.org/downloads/release/python-31014/),
[3.9.19](https://www.python.org/downloads/release/python-3919/),
and [3.8.19](https://www.python.org/downloads/release/python-3819/).
In addition to the security fixes, these releases are notable for two reasons;
they are the first to make use of GitHub Actions to [perform\
public builds](https://github.com/python/r ... ⌘ [Read more](https://lwn.net/Articles/966056/) 2024-03-20T17:53:20Z **[$] Managing Linux servers with Cockpit**
[Cockpit](https://cockpit-project.org/) is an interesting
project for web-based Linux administration that has received
relatively little attention over the years. Part of that may be due to
the project's strategy of minor releases roughly every two weeks,
rather than larger releases with many new features. While the strategy
has done little to garner headlines, it has delivered a useful and
extensible tool to observe, manage, and troubleshoot Linux servers. ⌘ [Read more](https://lwn.net/Articles/965434/) 2024-03-20T21:07:55Z **GNOME 46 released**
[Version 46](https://release.gnome.org/46/) of the GNOME desktop
has been released. "GNOME 46 is code-named 'Kathmandu', in recognition
of the amazing work done by the organizers of GNOME.Asia 2023."
Significant changes include a new global search feature, enhancements to
the Files app, improved remote login support, and more. ⌘ [Read more](https://lwn.net/Articles/966096/) 2024-03-21T00:50:37Z **[$] LWN.net Weekly Edition for March 21, 2024**
The LWN.net Weekly Edition for March 21, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/965368/) 2024-03-21T07:10:14Z **The "Nova" driver for NVIDIA chipsets**
Danilo Krummrich has [announced](https://lwn.net/ml/nouveau/Zfsj0_tb-0-tNrJy@cassiopeiae/) the
existence of the "Nova" project within Red Hat.

> We just started to work on Nova, a Rust-based GSP-only driver for
> Nvidia GPUs. Nova, in the long term, is intended to serve as the
> successor of Nouveau for GSP-firmware-based GPUs.
>
> With Nova we see the chance to significantly decrease the
> complexity of the driver compared to Nouveau for mainly two
> reasons. First, Nouveau's historic architec ... ⌘ [Read more](https://lwn.net/Articles/966129/) 2024-03-21T07:33:03Z **Redis is no longer free software**
The Redis in-memory database system has [had\
its license changed](https://redis.com/blog/redis-adopts-dual-source-available-licensing/) to either the [Redis Source Available\
License](https://redis.com/legal/rsalv2-agreement/) or the [Server Side\
Public License](https://redis.com/legal/server-side-public-license-sspl/) ( [covered here](https://lwn.net/Articles/768670/) in 2018);
neither license qualifies as free software.

> Under the new license, cloud service providers hosting Redis
> offerings wi ... ⌘ [Read more](https://lwn.net/Articles/966133/) 2024-03-21T11:16:57Z **Perl 5.39.9 released**
Verson 5.39.9 of the Perl language has been released. Changes this time
include a new "medium-precedence" logical exclusive-or operator, a number
of updated modules, and more; see [this\
page](https://metacpan.org/release/PEVANS/perl-5.39.9/view/pod/perldelta.pod) for details. ⌘ [Read more](https://lwn.net/Articles/966181/) 2024-03-21T13:48:04Z **Rust 1.77.0 released**
[Version\
1.77.0](https://blog.rust-lang.org/2024/03/21/Rust-1.77.0.html) of the Rust language has been released. Changes include support
for NUL-terminated C-string literals, the ability for async
functions to call themselves recursively, the stabilization of the
offset\_of!() macro, and more. ⌘ [Read more](https://lwn.net/Articles/966205/) 2024-03-21T14:57:19Z **Security updates for Thursday**
Security updates have been issued by **Debian** (pdns-recursor and php-dompdf-svg-lib), **Fedora** (grub2, libreswan, rubygem-yard, and thunderbird), **Mageia** (libtiff and python-scipy), **Red Hat** (golang, nodejs, and nodejs:16), **Slackware** (python3), and **Ubuntu** (linux, linux-azure, linux-azure-5.15, linux-azure-fde,
 linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,
 linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm,
 linux-lowlatency, linux-lowlaten ... ⌘ [Read more](https://lwn.net/Articles/966246/) 2024-03-21T15:07:29Z **[$] Hardening the kernel against heap-spraying attacks**
While a programming error in the kernel may be subject to direct
exploitation, usually a more roundabout approach is required to take
advantage of a security bug. One popular approach for those wishing to
take advantage of vulnerabilities is [heap spraying](https://en.wikipedia.org/wiki/Heap_spraying), and
it has often been employed to compromise the kernel. In the future,
though, heap-spraying attacks may be a bit harder to pull off, thanks to [the\
"dedicated bucket allocator"]( ... ⌘ [Read more](https://lwn.net/Articles/965837/) 2024-03-22T12:50:22Z **Security updates for Friday**
Security updates have been issued by **Debian** (firefox-esr, pillow, and thunderbird), **Fedora** (apptainer, chromium, ovn, and webkitgtk), **Mageia** (apache-mod\_auth\_openidc, ffmpeg, fontforge, libuv, and nodejs-tough-cookie), **Oracle** (kernel, libreoffice, postgresql-jdbc, ruby:3.1, squid, and squid:4), **Red Hat** (go-toolset:rhel8 and libreoffice), **SUSE** (firefox, jbcrypt, trilead-ssh2, jsch-agent-proxy, kernel, tiff, and zziplib), and **Ubuntu** (linux-aws and openssl1.0). ⌘ [Read more](https://lwn.net/Articles/966415/) 2024-03-24T23:10:05Z **Kernel prepatch 6.9-rc1**
The [6.9-rc1](https://lwn.net/Articles/966524/) kernel prepatch is out for
testing. Linus Torvalds described some rather large updates to the core
kernel code that are coming for 6.9:

> The timer subsystem had a fairly big rewrite, to have per-cpu timer
> wheels to improve performance of timers, which can be a big deal
> particularly for networking. The other fairly notable core update is
> to the workqueue subsystem, where one notable addition is for BH
> workqueue support. That's notable mainly because it me ... ⌘ [Read more](https://lwn.net/Articles/966525/) 2024-03-25T11:11:13Z **Emacs 29.3 released**
[Version 29.3](https://lwn.net/ml/emacs-devel/86edbzyavw.fsf@gnu.org/) of the
Emacs editor has been released:

> Emacs 29.3 is an emergency bugfix release; it includes no new
> features except a small number of changes intended to resolve
> security vulnerabilities uncovered in Emacs 29.2.

Those vulnerabilities mostly have to do with executing untrusted Lisp code;
see [the\
NEWS file](https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29#n46) for a bit more information. ⌘ [Read more](https://lwn.net/Articles/966547/) 2024-03-25T15:11:39Z **Security updates for Monday**
Security updates have been issued by **Debian** (cacti, firefox-esr, freeipa, gross, libnet-cidr-lite-perl, python2.7, python3.7, samba, and thunderbird), **Fedora** (amavis, chromium, clojure, firefox, gnutls, kubernetes, and tcpreplay), **Mageia** (freeimage, libreswan, nodejs-hawk, and python, python3), **Oracle** (golang, nodejs, nodejs:16, and postgresql-jdbc), **Slackware** (emacs and mozilla), **SUSE** (dav1d, ghostscript, go1.22, indent, kernel, openvswitch, PackageKit, python-uamqp, rubygem-rack-1\ ... ⌘ [Read more](https://lwn.net/Articles/966611/) 2024-03-25T16:08:21Z **[$] The rest of the 6.9 merge window**
The [6.9-rc1](https://lwn.net/ml/linux-kernel/CAHk-=wgOw_13JuuX4khpn4K+n09cRG3EBQWufAPBWoa0GLLQ0A@mail.gmail.com/)
kernel prepatch was released on March 24, closing the merge window for
this development cycle. By that time, 12,435 non-merge changesets had been
merged into the mainline, making for a less-busy merge window than the last
couple of kernel releases (but similar to the 12,492 seen for 6.5). Well
over 7,000 of those changes were merged after [the first-half merge-window summary](https://l ... ⌘ [Read more](https://lwn.net/Articles/965541/) 2024-03-25T17:35:09Z **[$] Nix at SCALE**
The first-ever [NixCon](https://2024-na.nixcon.org/)
in North America was co-located with
[SCALE](https://www.socallinuxexpo.org/scale/21x) this year. The
event drew a mix of experienced
[Nix](https://nixos.org/) users
and people new to the project.
I attended talks that covered using Nix to build Docker images, upcoming changes
to how NixOS performs early booting, and ideas for making the set of services
provided in [nixpkgs](https://github.com/NixOS/nixpkgs)
more useful for self hosting. (LWN covered the relationshi ... ⌘ [Read more](https://lwn.net/Articles/965631/) 2024-03-26T14:16:34Z **Security updates for Tuesday**
Security updates have been issued by **CentOS** (kernel), **Debian** (firefox-esr), **Fedora** (webkitgtk), **Mageia** (curaengine & blender and gnutls), **Red Hat** (firefox, grafana, grafana-pcp, libreoffice, nodejs:18, and thunderbird), **SUSE** (glade), and **Ubuntu** (crmsh, debian-goodies, linux-aws, linux-aws-6.5, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-oracle, linux-azure, linux-azure-5.4, linux-oracle, linux-oracle-5.15, pam, and thunderbird). ⌘ [Read more](https://lwn.net/Articles/966678/) 2024-03-26T16:58:31Z **[$] GNOME 46 puts Flatpaks front and center**
The [GNOME](https://www.gnome.org/) project [announced](https://release.gnome.org/46/)
GNOME 46 (code-named "Kathmandu") on March 20. The release has quite a few updates and improvements
across user applications, developer tools, and under the hood. One
thing stood out while looking over this release—a major emphasis on
Flatpaks as the way to acquire and update GNOME software. ⌘ [Read more](https://lwn.net/Articles/966187/) 2024-03-26T22:59:30Z **Eight new stable kernels**
Sasha Levin has announced the release of the [6.8.2](https://lwn.net/Articles/966756/), [6.7.11](https://lwn.net/Articles/966757/),
[6.6.23](https://lwn.net/Articles/966758/), [6.1.83](https://lwn.net/Articles/966759/), [5.15.153](https://lwn.net/Articles/966760/), [5.10.214](https://lwn.net/Articles/966761/), [5.4.273](https://lwn.net/Articles/966762/), and [4.19.311](https://lwn.net/Articles/966763/) stable kernels. Each contains a long
list of important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/966755/) 2024-03-27T13:18:26Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (composer and nodejs), **Fedora** (w3m), **Mageia** (tomcat), **Oracle** (expat, firefox, go-toolset:ol8, grafana, grafana-pcp, nodejs:18, and thunderbird), **Red Hat** (dnsmasq, expat, kernel, kernel-rt, libreoffice, and squid), and **SUSE** (firefox, krb5, libvirt, and shadow). ⌘ [Read more](https://lwn.net/Articles/966835/) 2024-03-27T15:36:15Z **[$] High-performance computing with Ubuntu**
Jason Nucciarone and Felipe Reyes gave back-to-back talks
about high-performance computing (HPC) using Ubuntu at
[SCALE](https://www.socallinuxexpo.org/scale/21x) this
year. Nucciarone talked about ongoing work packaging
[Open OnDemand](https://openondemand.org/) — a web-based HPC cluster interface —
to make high-performance-computing clusters
more user friendly. Reyes presented on using
[OpenStack](https://www.openstack.org/) — a cloud-computing platform
— to pass the performance benefits of ... ⌘ [Read more](https://lwn.net/Articles/965516/) 2024-03-27T15:51:25Z **The PostgreSQL community mourns Simon Riggs**
The PostgreSQL community is dealing with the loss of Simon Riggs, who
passed away on March 26:

> Simon was responsible for many of the enterprise features we find
> in PostgreSQL today, including point in time recovery, hot standby,
> and synchronous replication. He was the founder of 2ndQuadrant
> which employed many of the PostgreSQL developers, later becoming
> part of EDB where he worked as a Postgres Fellow until his
> retirement. He was responsible for the UK PostgreSQL conferenc ... ⌘ [Read more](https://lwn.net/Articles/966868/) 2024-03-28T00:22:04Z **[$] LWN.net Weekly Edition for March 28, 2024**
The LWN.net Weekly Edition for March 28, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/966118/) 2024-03-28T13:54:43Z **Security updates for Thursday**
Security updates have been issued by **Fedora** (perl-Data-UUID, python-pygments, and thunderbird), **Mageia** (clojure, grub2, kernel,kmod-xtables-addons,kmod-virtualbox, kernel-linus, nss firefox, nss, python3, python, tcpreplay, and thunderbird), **Oracle** (nodejs:18), **Red Hat** (.NET 6.0 and dnsmasq), **SUSE** (avahi and python39), and **Ubuntu** (curl, linux-intel-iotg, linux-intel-iotg-5.15, unixodbc, and util-linux). ⌘ [Read more](https://lwn.net/Articles/966961/) 2024-03-28T14:19:35Z **Samba 4.20.0 released**
Version 4.10.0 of the Samba Windows interoperability suite has been
released. Changes include better support for group-managed service
accounts, an experimental Windows search protocol client, support for
conditional access control entries, and more. ⌘ [Read more](https://lwn.net/Articles/966996/) 2024-03-28T15:34:47Z **[$] Declarative partitioning in PostgreSQL**
Keith Fiske gave a talk
(with [slides](https://www.socallinuxexpo.org/sites/default/files/presentations/state_of_partitioning_0.pdf)) about the state of partitioning — splitting a large
table into smaller tables for performance reasons — in
[PostgreSQL](https://www.postgresql.org/) at
[SCALE](https://www.socallinuxexpo.org/scale/21x)
this year. He spoke about the existing support for partitioning, what work still
needs to be done, and what place existing partitioning tools, like his own
[pg\_ ... ⌘ [Read more](https://lwn.net/Articles/965508/) 2024-03-28T20:31:35Z **[$] The race to replace Redis**
On March 21, [Redis Ltd.](https://redis.com/company/) announced that the [Redis](https://redis.io/) "in-memory data store" project would now be
released under non-free, source-available licenses, starting with Redis 7.4. The
news is unwelcome, but not entirely unexpected. What is unusual with this situation is
the number of Redis alternatives to choose from; there are at least
four options to choose as a replacement for those who wish to stay
with free software, including a pre-existing fork called [KeyDB ... ⌘ [Read more](https://lwn.net/Articles/966631/) 2024-03-29T12:56:12Z **Schaller: Fedora Workstation 40 – what are we working on**
Christian Schaller [writes\
about the desktop-oriented work](https://blogs.gnome.org/uraeus/2024/03/28/fedora-workstation-40-what-are-we-working-on/) aimed at the upcoming Fedora 40
release.

> Another major feature landing in Fedora Workstation 40 that Jonas
> Ådahl and Ray Strode has spent a lot of effort on is finalizing the
> remote desktop support for GNOME on Wayland. So there has been
> support for remote connections for already logged in sessions
> already, but with ... ⌘ [Read more](https://lwn.net/Articles/967107/) 2024-03-29T13:11:27Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium), **Fedora** (apache-commons-configuration, chromium, csmock, ofono, onnx, php-tcpdf, and podman-tui), **Mageia** (curl), **Oracle** (libreoffice), **Slackware** (coreutils, seamonkey, and util), **SUSE** (minidlna, PackageKit, and podman), and **Ubuntu** (linux-azure-6.5 and linux-intel-iotg, linux-intel-iotg-5.15). ⌘ [Read more](https://lwn.net/Articles/967134/) 2024-03-29T13:40:35Z **[$] Radicle: peer-to-peer collaboration with Git**
[Radicle](https://radicle.xyz/) is a new, peer-to-peer,
MIT/Apache-licensed collaboration platform written in Rust and built on top
of Git. It adds support for issues and pull requests (which Radicle calls
"patches") on top of core Git, which are stored in the Git repository
itself. Unlike GitHub, GitLab, and similar forges, Radicle is distributed;
it doesn't rely on having everyone use the same server. Instead, Radicle
instances form a network that synchronizes changes between nodes. ⌘ [Read more](https://lwn.net/Articles/966869/) 2024-03-29T17:33:57Z **A backdoor in xz**
Andres Freund has posted [a\
detailed investigation](https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/) into a backdoor that was shipped with versions
5.6.0 and 5.6.1 of the xz compression utility. It appears that the
malicious code may be aimed at allowing SSH authentication to be bypassed.

> I have not yet analyzed precisely what is being checked for in the
> injected code, to allow unauthorized access. Since this is running
> in a pre-authentication context, it seems likely to a ... ⌘ [Read more](https://lwn.net/Articles/967180/) 2024-03-30T14:18:07Z **A few relevant quotes**
> I'm on a holiday and only happened to look at my emails and it
> seems to be a major mess.

— [Lasse Collin](https://lwn.net/ml/linux-kernel/20240330144848.102a1e8c@kaneli/)

> The reality that we are struggling with is that the free software
> infrastructure on which much of computing runs is massively and
> painfully underfunded by society as a whole, and is almost entirely
> dependent on random people maintaining things in their free time
> because they find it fun, many of whom are close to burnout. Th ... ⌘ [Read more](https://lwn.net/Articles/967420/) 2024-04-01T13:30:38Z **Kernel prepatch 6.9-rc2**
The [6.9-rc2](https://lwn.net/Articles/967791/) kernel prepatch is out for
testing. "Neither snow nor rain nor heat nor gloom of night stays kernel rc releases.

Nor does Easter." ⌘ [Read more](https://lwn.net/Articles/967792/) 2024-04-01T14:10:19Z **Security updates for Monday**
Security updates have been issued by **Arch Linux** (xz), **Debian** (libvirt, mediawiki, util-linux, and xz-utils), **Fedora** (apache-commons-configuration, cockpit, ghc-base64, ghc-hakyll, ghc-isocline, ghc-toml-parser, gitit, gnutls, pandoc, pandoc-cli, patat, podman-tui, prometheus-podman-exporter, seamonkey, suricata, and xen), **Gentoo** (XZ utils), **Mageia** (aide & mhash, emacs, microcode, opensc, and squid), **Red Hat** (ruby:3.1), and **SUSE** (kanidm and qpid-proton). ⌘ [Read more](https://lwn.net/Articles/967851/) 2024-04-01T14:28:56Z **NetBSD 10.0 released**
Version 10.0 of the NetBSD system has been released.

> The netbsd-10 release branch is more than a year old now, so it is
> high time the 10.0 release makes it to the front stage. This
> matches the long time it took for the development branch to get
> ready for branching, a lot of development went into this new
> release.
>
> This also caused the release announcement to be one of the longest
> we ever did.

As might be imagined, there are a lot of changes; see [the\
above-mentioned release announcement](http ... ⌘ [Read more](https://lwn.net/Articles/967856/) 2024-04-01T17:57:19Z **[$] Improving performance with SCHED_EXT and IOCost**
At [SCALE](https://www.socallinuxexpo.org/scale/21x)
this year Dan Schatzberg and Tejun Heo,
both from Meta, gave back-to-back talks about some
of the performance-engineering work that they do there. Schatzberg presented on
the [extensible BPF scheduler](https://lwn.net/Articles/922405), which has been
discussed extensively on the kernel mailing list.
Heo presented on IOCost — a control group (cgroup) I/O controller
optimized for solid-state disks (SSDs) — and the benchmark suite tha ... ⌘ [Read more](https://lwn.net/Articles/966618/) 2024-04-02T13:41:40Z **Security updates for Tuesday**
Security updates have been issued by **Fedora** (kernel and webkitgtk), **Mageia** (unixODBC and w3m), and **SUSE** (libvirt, netty, netty-tcnative, and perl-DBD-SQLite). ⌘ [Read more](https://lwn.net/Articles/967959/) 2024-04-02T16:22:13Z **[$] Free software's not-so-eXZellent adventure**
A common theme in early-days anti-Linux FUD was that, since anybody can
contribute to the code, it cannot be trusted. Over two decades later, one
rarely hears that line anymore; experience has shown that free-software
communities are not prone to shipping overtly hostile code. But, as [the backdooring of XZ](https://lwn.net/Articles/967180/) has reminded us, the
embedding of malicious code is, unfortunately, not limited to the
proprietary realm. Our community will be busy analyzing this i ... ⌘ [Read more](https://lwn.net/Articles/967866/) 2024-04-02T20:41:41Z **[$] How the XZ backdoor works**
Versions 5.6.0 and 5.6.1 of the
[XZ](https://git.tukaani.org/?p=xz.git;a=summary)
compression utility and library
were shipped with [a backdoor](https://lwn.net/Articles/967180) that targeted
[OpenSSH](https://www.openssh.com/).
Andres Freund
[discovered](https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/) the backdoor by
noticing that [failed SSH logins were taking a lot of\
CPU time](https://lwn.net/Articles/967194/) while doing some
micro-benchmarking, and tracking down ... ⌘ [Read more](https://lwn.net/Articles/967192/) 2024-04-03T13:24:22Z **Redict 7.3.0 released**
The first stable release of Redict, a fork of the Redis in-memory database
under a copyleft license, has been [announced](https://redict.io/posts/2024-04-03-redict-7.3.0-released/).

> You may be wondering why Redict would be of interest to you,
> particularly when compared with [Valkey](https://www.linuxfoundation.org/press/linux-foundation-launches-open-source-valkey-community),
> another Redis fork that was announced on Thursday.
>
> In technical terms, we are focusing on stability and long-term
> maintenanc ... ⌘ [Read more](https://lwn.net/Articles/968183/) 2024-04-03T13:45:43Z **KDE6 release: D-Bus and Polkit Galore (SUSE security team blog)**
The SUSE Security Team Blog is carrying [a\
detailed article](https://security.opensuse.org/2024/04/02/kde6-dbus-polkit.html) on SUSE's review of the KDE6 release.

> The SUSE security team restricts the installation of system wide
> D-Bus services and Polkit policies in openSUSE distributions and
> derived SUSE products. Any package that ships these features needs
> to be reviewed by us first, before it can be added to production
> repositories.
>
> In November, open ... ⌘ [Read more](https://lwn.net/Articles/968220/) 2024-04-03T13:41:17Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (py7zr), **Fedora** (biosig4c++ and podman), **Oracle** (kernel, kernel-container, and ruby:3.1), **Red Hat** (.NET 7.0, bind9.16, curl, expat, grafana, grafana-pcp, kernel, kernel-rt, kpatch-patch, less, opencryptoki, and postgresql-jdbc), and **Ubuntu** (cacti). ⌘ [Read more](https://lwn.net/Articles/968218/) 2024-04-03T14:36:13Z **[$] A memory model for Rust code in the kernel**
The Rust programming language differs from C in many ways; those
differences tend to be what users admire in the language. But those
differences can also lead to an impedance mismatch when Rust code is
integrated into a C-dominated system, and it can be even worse in the
kernel, which is not a typical C program. Memory models are a case in
point. A programming language's view of memory is sufficiently fundamental
and arcane that many developers never have to learn much about it. It is
har ... ⌘ [Read more](https://lwn.net/Articles/967049/) 2024-04-03T14:53:12Z **Four stable kernel updates**
The [6.8.3](https://lwn.net/Articles/968251/), [6.7.12](https://lwn.net/Articles/968252/), [6.6.24](https://lwn.net/Articles/968253/), and [6.1.84](https://lwn.net/Articles/968254/) stable kernel updates have been
released. Each contains an important set of fixes. Note that 6.7.12 is
the final release for the 6.7.y series, and that branch is now
end-of-life. Users should move to the 6.8.y branch. ⌘ [Read more](https://lwn.net/Articles/968250/) 2024-04-03T16:44:48Z **Malcolm: Improvements to static analysis in the GCC 14 compiler**
David Malcolm [writes\
about some static-analyzer features](https://developers.redhat.com/articles/2024/04/03/improvements-static-analysis-gcc-14-compiler#) that are coming in the GCC 14
release.

> Solving the halting problem?
>
> Obviously I'm kidding with the title here, but for GCC 14 I've
> implemented a new warning: -Wanalyzer-infinite-loop that's able to
> detect some simple cases of infinite loops.

See also: [this report](https://lwn.net/Articles/946733/) from th ... ⌘ [Read more](https://lwn.net/Articles/968297/) 2024-04-03T18:39:45Z **AlmaLinux OS - CVE-2024-1086 and XZ (AlmaLinux blog)**
[AlmaLinux](https://almalinux.org/) has [announced](https://almalinux.org/blog/2024-04-02-xz-and-cve-2024-1086/)
updated kernels for AlmaLinux 8 and 9 to address CVE-2024-1086, a
use-after-free vulnerability in the kernel that could be exploited to
gain local privilege escalation. This is notable because the fix
marks a divergence between AlmaLinux and Red Hat Enterprise Linux (RHEL):

> In January of this year, a kernel flaw was disclosed and named [CVE-2024-1086](https://nvd.nist. ... ⌘ [Read more](https://lwn.net/Articles/968299/) 2024-04-04T00:01:07Z **[$] LWN.net Weekly Edition for April 4, 2024**
The LWN.net Weekly Edition for April 4, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/966925/) 2024-04-04T14:21:52Z **Security updates for Thursday**
Security updates have been issued by **CentOS** (firefox and thunderbird), **Debian** (chromium and gtkwave), **Fedora** (micropython), **Slackware** (xorg), **SUSE** (util-linux and xen), and **Ubuntu** (firefox). ⌘ [Read more](https://lwn.net/Articles/968395/) 2024-04-04T15:38:14Z **Incus 6.0 LTS released**
[Version\
6.0 LTS](https://discuss.linuxcontainers.org/t/incus-6-0-lts-has-been-released/19576) of the Incus container management system has been released.
"This is a major milestone for Incus as it marks our first release with
extended support, suitable for use in production environments where monthly
feature releases aren't suitable." Changes include swap limits for
containers, a new shell completion mechanism, support for the creation of
VLAN interfaces, improved live migration, and more. ⌘ [Read more](https://lwn.net/Articles/968421/) 2024-04-04T17:38:16Z **[$] A focus on FOSS funding**
Among the numerous approaches to funding the development and advancement of
open-source software, corporate sponsorship in the form of donations to umbrella
organizations is perhaps the most visible. At [SCALE21x](https://www.socallinuxexpo.org/scale/21x/) in Pasadena, California, Duane O'Brien
[presented](https://www.socallinuxexpo.org/scale/21x/presentations/10-years-open-source-funding-trends-deep-dive)
a slice of his recent research into the landscape of such sponsorship arrangements,
with an overview o ... ⌘ [Read more](https://lwn.net/Articles/967001/) 2024-04-04T17:46:56Z **V8 incorporates new sandbox**
[V8](https://v8.dev), the JavaScript engine used in Chrome,
[announced](https://v8.dev/blog/sandbox)
that its memory sandbox is no longer experimental.

> Chrome 123 could therefore be considered to be a sort of "beta"
> release for the sandbox. This blog post uses this opportunity to
> discuss the motivation behind the sandbox, show how it prevents
> memory corruption in V8 from spreading within the host process, and
> ultimately explain why it is a necessary step towards memory safety. ⌘ [Read more](https://lwn.net/Articles/968429/) 2024-04-04T19:13:44Z **Stable kernels 6.8.4 and 6.6.25**
The [6.8.4](https://lwn.net/Articles/968469/) and [6.6.25](https://lwn.net/Articles/968470/) stable kernels have been released.
They both contain 11 reversions of workqueue patches. ⌘ [Read more](https://lwn.net/Articles/968468/) 2024-04-05T13:35:04Z **Security updates for Friday**
Security updates have been issued by **Debian** (cockpit), **Mageia** (python-pygments), **Red Hat** (nodejs), **Slackware** (httpd and nghttp2), **SUSE** (avahi, gradle, gradle-bootstrap, and squid), and **Ubuntu** (xorg-server, xwayland). ⌘ [Read more](https://lwn.net/Articles/968561/) 2024-04-05T13:47:12Z **FFmpeg 7.0 released**
[Version 7.0](https://ffmpeg.org//index.html#pr7.0) of the
FFmpeg audio/video toolkit is out. "The most noteworthy changes for
most users are a native VVC decoder (currently experimental, until more
fuzzing is done), IAMF support, or a multi-threaded ffmpeg CLI tool".
There's also the usual list of new formats and codecs, and a few deprecated
features have been removed. ⌘ [Read more](https://lwn.net/Articles/968565/) 2024-04-05T14:34:21Z **Eclipse Foundation announces collaboration for CRA compliance**
[The Eclipse Foundation](https://www.eclipse.org/), the organization
behind the Eclipse IDE and many other software projects, [announced](https://eclipse-foundation.blog/2024/04/02/open-source-community-cra-compliance/)
a collaboration between several different open-source-software foundations to
create a specification describing secure software development best practices.
This work is motivated by the European Union's Cyber Resilience Act (CRA).

> The leading open source ... ⌘ [Read more](https://lwn.net/Articles/968566/) 2024-04-05T14:44:18Z **OpenBSD 7.5 released**
OpenBSD 7.5 has been released. The list of changes and improvements is, as
usual, long; it includes the [pinsyscalls()](https://lwn.net/Articles/959562/) functionality covered
here in January. ⌘ [Read more](https://lwn.net/Articles/968584/) 2024-04-05T18:11:45Z **[$] A look at the 2024 Debian Project Leader election**
The nominations have closed and campaigning is underway to see who
will be the next [Debian\
Project Leader](https://www.debian.org/devel/leader) (DPL). This year, [two\
candidates](https://lwn.net/ml/debian-vote/Zfi3P8BgRgcNdrfW%40roeckx.be/) are campaigning for the position Jonathan Carter has
held for four eventful years: Sruthi Chandran and
Andreas Tille. Topics that have emerged so far include how the
prospective DPLs would spend project money, their opinions on handling
contr ... ⌘ [Read more](https://lwn.net/Articles/967981/) 2024-04-06T21:24:08Z **Tridge returns to rsync**
Wayne Davison has [announced](https://lists.samba.org/archive/rsync-announce/2024/000119.html)
the release of [rsync](https://rsync.samba.org/) [version 3.3.0](https://rsync.samba.org/ftp/rsync/NEWS#3.3.0), which
contains a number of bug fixes and minor enhancements. Davison has
also announced a change in maintainers and a move to a new GitHub
project:

> The github repos have moved to a new RsyncProject organization. Because
> various life events have been monopolizing my time, I reached out to
> Tridge [Andre ... ⌘ [Read more](https://lwn.net/Articles/968732/) 2024-04-08T13:43:37Z **Kernel prepatch 6.9-rc3**
The [6.9-rc3](https://lwn.net/Articles/968936/) kernel prepatch is out for
testing.

> Ok, so this rc3 looks a bit different than the usual ones, because
> there's a large series to bcachefs to do filesystem repair after
> corruption. Not normally something we'd see in an rc kernel, but
> hey, if you had a corrupted bcachefs filesystem you'd probably want
> this, and if you thought bcachefs was stable already, I have a
> bridge to sell you. Special deal only for you, real cheap. ⌘ [Read more](https://lwn.net/Articles/968937/) 2024-04-08T14:12:14Z **Security updates for Monday**
Security updates have been issued by **Debian** (jetty9, libcaca, libgd2, tomcat9, and util-linux), **Fedora** (chromium, micropython, and upx), **Mageia** (chromium-browser-stable, dav1d, libreswan, libvirt, nodejs, texlive-20220321, and util-linux), **Red Hat** (less, nodejs:20, and varnish), **Slackware** (tigervnc), and **SUSE** (buildah, c-ares, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploa ... ⌘ [Read more](https://lwn.net/Articles/968999/) 2024-04-08T15:06:25Z **GNU Stow 2.4.0 released**
Version 2.4.0 of the GNU Stow symbolic-link manager has been released.
This marks the first release for
GNU Stow since [2019](https://lists.gnu.org/archive/html/info-stow/2019-07/msg00000.html). Maintainer
Adam Spires wrote:

> I would like to sincerely apologise to all Stow users for this
> incredibly overdue release, the cadence of which is perhaps vaguely
> reminiscent of releases by the great Donald Knuth, except with none of
> the grace and deliberate planning.

Spires notes that this release "makes consid ... ⌘ [Read more](https://lwn.net/Articles/969003/) 2024-04-08T15:18:48Z **[$] The PostgreSQL community debates ALTER SYSTEM**
Sometimes the smallest patches create the biggest discussions. A case in
point would be the process by which the PostgreSQL community — not a group
normally prone to extended, strongly worded megathreads — resolved the question of
whether to merge a brief patch adding a new configuration parameter.
Sometimes, a proposal that looks like a security patch is not, in
fact, intended to be a security patch, but getting that point across can be
difficult. ⌘ [Read more](https://lwn.net/Articles/968300/) 2024-04-08T15:25:52Z **Introducing Jpegli: A New JPEG Coding Library (Google Open Source Blog)**
The Google Open Source Blog is carrying [an\
announcement](https://opensource.googleblog.com/2024/04/introducing-jpegli-new-jpeg-coding-library.html) for a new JPEG library called "Jpegli". There are a
number of advantages claimed, including:

> Jpegli can be encoded with 10+ bits per component. Traditional JPEG
> coding solutions offer only 8 bit per component dynamics causing
> visible banding artifacts in slow gradients. Jpegli's 10+ bits
> coding happens in ... ⌘ [Read more](https://lwn.net/Articles/969027/) 2024-04-08T20:02:12Z **Rivendell v4.2.0 released**
Version 4.2.0 of the [Rivendell](https://www.rivendellaudio.org/)
radio automation system has been released. Changes include a new data
feed for 'next' data objects, improvements to its podcast system,
numerous bug fixes, and more. ⌘ [Read more](https://lwn.net/Articles/969046/) 2024-04-09T13:25:51Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (expat), **Oracle** (less and nodejs:20), **Slackware** (libarchive), **SUSE** (kubernetes1.23, nghttp2, qt6-base, and util-linux), and **Ubuntu** (python-django). ⌘ [Read more](https://lwn.net/Articles/969141/) 2024-04-09T13:51:46Z **[$] Diagnosing workqueues**
There are many mechanisms for deferred work in the Linux kernel. One of them,
[workqueues](https://docs.kernel.org/core-api/workqueue.html), has seen increasing use as part of
the move away from software interrupts. Alison Chaiken gave a talk
at [SCALE](https://www.socallinuxexpo.org/scale/21x)
about how they compare to software interrupts, the new challenges they pose for
system administrators, and what tools are available to
kernel developers wishing to diagnose problems with workqueues as they become
incre ... ⌘ [Read more](https://lwn.net/Articles/967016/) 2024-04-09T14:18:38Z **OpenSSL 3.3.0 released**
Version 3.3.0 of the OpenSSL SSL/TLS implementation has been released.
Changes include a number of additions to its QUIC protocol support, some
year-2038 improvements for 32-bit systems, and a lot of cryptographic
features with descriptions like "Added a new EVP\_DigestSqueeze()
API. This allows SHAKE to squeeze multiple times with different output
sizes." See [the release\
notes](https://www.openssl.org/news/openssl-3.3-notes.html) for details. ⌘ [Read more](https://lwn.net/Articles/969172/) 2024-04-09T14:50:28Z **[$] The first Linaro Forum for Arm Linux kernel topics**
On February 20, [Linaro](https://linaro.org/) held the initial
get-together for what is intended to be a regular Linux Kernel Forum for
the Arm-focused kernel community. This gathering aims to convene
approximately a few weeks prior to the merge window opening and prior to
the release of the current kernel version under development. Topics
covered in the first gathering include preparing 64-bit Arm kernels for
low-end embedded systems, memory errors and [Compute Express\
Link (CXL ... ⌘ [Read more](https://lwn.net/Articles/969031/) 2024-04-09T19:22:50Z **The "branch history injection" hardware vulnerability**
The mainline kernel has just received a set of commits mitigating the
latest x86 hardware vulnerability, known as "branch history injection".
From [this commit](https://git.kernel.org/linus/7390db8aea0d):

> Branch History Injection (BHI) attacks may allow a malicious
> application to influence indirect branch prediction in kernel by
> poisoning the branch history. eIBRS isolates indirect branch
> targets in ring0. The BHB can still influence the choice of
> indirect branch pre ... ⌘ [Read more](https://lwn.net/Articles/969210/) 2024-04-10T12:53:39Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (gtkwave), **Fedora** (dotnet7.0, dotnet8.0, and python-pillow), **Mageia** (apache, gstreamer1.0, libreoffice, perl-Data-UUID, and xen), **Oracle** (kernel, kernel-container, and varnish), **Red Hat** (edk2, kernel, rear, and unbound), **SUSE** (apache2-mod\_jk, gnutls, less, and xfig), and **Ubuntu** (bind9, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4,
 linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4,
 linux-ibm, li ... ⌘ [Read more](https://lwn.net/Articles/969314/) 2024-04-10T13:52:16Z **[$] Continued attacks on HTTP/2**
On April 3 security researcher Bartek Nowotarski
[published](https://nowotarski.info/http2-continuation-flood-technical-details/) the details of a new denial-of-service (DoS)
attack, called a "continuation flood", against many
[HTTP/2](https://en.wikipedia.org/wiki/HTTP/2)-capable web
servers. While the attack is not terribly complex, it affects many independent
implementations of the HTTP/2 protocol, even though multiple
similar vulnerabilities over the years have given implementers plenty of warning. ⌘ [Read more](https://lwn.net/Articles/968600/) 2024-04-10T14:31:33Z **[$] Book review: Practical Julia**
A recent book by [LWN guest \
author Lee Phillips](https://lwn.net/Archives/GuestIndex/#Phillips_Lee) provides a nice introduction to the [Julia](https://julialang.org/) programming language.
[_Practical Julia_](https://nostarch.com/practical-julia)
does more than that, however. As its subtitle ("A Hands-On Introduction
for Scientific Minds") implies, the book focuses on bringing Julia to
scientists, rather than programmers, which gives it something of a
different feel from most other books of this sor ... ⌘ [Read more](https://lwn.net/Articles/966684/) 2024-04-10T15:25:47Z **Four stable kernel updates**
Greg Kroah-Hartman has announced another round of stable kernel
updates: [6.8.5](https://lwn.net/Articles/969353/), [6.6.26](https://lwn.net/Articles/969354/), [6.1.85](https://lwn.net/Articles/969355/), and [5.15.154](https://lwn.net/Articles/969357/) have all been released; each
contains another set of important fixes, including the mitigations for the
recently disclosed [branch history injection](https://lwn.net/Articles/969210/)
hardware vulnerability. ⌘ [Read more](https://lwn.net/Articles/969352/) 2024-04-10T19:10:40Z **Gentoo Linux becomes an SPI Associated Project**
The [Gentoo Linux](https://www.gentoo.org/) project has [announced](https://www.gentoo.org/news/2024/04/10/SPI-associated-project.html)
that it is now an Associated Project of [Software in the Public Interest](https://www.spi-inc.org/)
(SPI), which will allow it to accept tax deductible donations in the
US and reduce its "non-technical workload":

> The current Gentoo Foundation has bylaws restricting its behavior
> to that of a non-profit, is a recognized non-profit only in New
> Mexico, ... ⌘ [Read more](https://lwn.net/Articles/969373/) 2024-04-11T00:47:49Z **[$] LWN.net Weekly Edition for April 11, 2024**
The LWN.net Weekly Edition for April 11, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/968375/) 2024-04-11T13:49:00Z **Security updates for Thursday**
Security updates have been issued by **AlmaLinux** (kernel, less, libreoffice, nodejs:18, nodejs:20, rear, thunderbird, and varnish), **Debian** (pillow), **Fedora** (dotnet7.0), **SUSE** (sngrep, texlive-specs-k, tomcat, tomcat10, and xorg-x11-server), and **Ubuntu** (nss, squid, and util-linux). ⌘ [Read more](https://lwn.net/Articles/969468/) 2024-04-11T14:26:37Z **[$] Completing the EEVDF scheduler**
The [Earliest Virtual Deadline First (EEVDF)\
scheduler](https://lwn.net/Articles/925371/) was merged as an option for the 6.6 kernel. It represents a
major change to how CPU scheduling is done on Linux systems, but the EEVDF
front has been relatively quiet since then. Now, though, scheduler
developer Peter Zijlstra has returned from a long absence to post [a patch\
series](https://lwn.net/ml/linux-kernel/20240405102754.435410987@infradead.org/) intended to finish the EEVDF work. Beyond some fixes, t ... ⌘ [Read more](https://lwn.net/Articles/969062/) 2024-04-12T13:25:15Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium), **Fedora** (rust, trafficserver, and upx), **Mageia** (postgresql-jdbc and x11-server, x11-server-xwayland, tigervnc), **Red Hat** (bind, bind9.16, gnutls, httpd:2.4, squid, unbound, and xorg-x11-server), **SUSE** (perl-Net-CIDR-Lite), and **Ubuntu** (apache2, maven-shared-utils, and nss). ⌘ [Read more](https://lwn.net/Articles/969590/) 2024-04-12T13:55:34Z **What we need to take away from the XZ Backdoor (openSUSE News)**
Dirk Mueller has posted [a\
lengthy analysis](https://news.opensuse.org/2024/04/12/learn-from-the-xz-backdoor/) of the XZ backdoor on the openSUSE News site, with a
focus on openSUSE's response.

> Debian, as well as the other affected distributions like openSUSE
> are carrying a significant amount of downstream-only patches to
> essential open-source projects, like in this case OpenSSH. With
> hindsight, that should be another Heartbleed-level learning for the
> work ... ⌘ [Read more](https://lwn.net/Articles/969591/) 2024-04-12T14:29:59Z **[$] A tale of two troublesome drivers**
The kernel project merges dozens of drivers with every development cycle,
and almost every one of those drivers is entirely uncontroversial.
Occasionally, though, a driver submission raises wider questions, leading
to lengthy discussion and, perhaps, opposition. That is currently the case
with two separate drivers, both with ties to the networking subsystem. One
of them is hung up on questions of whether (and how) all device
functionality should be made available to user space, while the other has ... ⌘ [Read more](https://lwn.net/Articles/969383/) 2024-04-13T21:30:30Z **Saturday's stable kernel updates**
The
[6.8.6](https://lwn.net/Articles/969733/),
[6.6.27](https://lwn.net/Articles/969734/),
[6.1.86](https://lwn.net/Articles/969735/),
[5.15.155](https://lwn.net/Articles/969736/),
[5.10.215](https://lwn.net/Articles/969737/),
[5.4.274](https://lwn.net/Articles/969738/), and
[4.19.312](https://lwn.net/Articles/969739/)
stable kernel updates have all been released; each contains a relatively
large number of important fixes. ⌘ [Read more](https://lwn.net/Articles/969732/) 2024-04-14T21:18:42Z **Kernel prepatch 6.9-rc4**
The [6.9-rc4](https://lwn.net/Articles/969790/) kernel prepatch is out for
testing. "Nothing particularly unusual going on this week - some new hw
mitigations may stand out, but after a decade of this I can't really call
it 'unusual' any more, can I?" ⌘ [Read more](https://lwn.net/Articles/969791/) 2024-04-15T13:42:42Z **Security updates for Monday**
Security updates have been issued by **AlmaLinux** (bind, bind and dhcp, bind9.16, gnutls, httpd:2.4/mod\_http2, squid:4, and unbound), **Debian** (kernel, trafficserver, and xorg-server), **Fedora** (chromium, kernel, libopenmpt, and rust-h2), **Mageia** (apache-mod\_jk, golang, indent, openssl, perl-HTTP-Body, php, rear, ruby-rack, squid, varnish, and xfig), **Oracle** (bind, squid, unbound, and X.Org server), **Red Hat** (bind and dhcp and unbound), **Slackware** (less and php), **SUSE** (gnutls, python- ... ⌘ [Read more](https://lwn.net/Articles/969873/) 2024-04-15T14:56:31Z **[$] Cleaning up after BPF exceptions**
Kumar Kartikeya Dwivedi has been working to add support for exceptions to BPF
since mid-2023. In July, Dwivedi posted
[the first patch set](https://lwn.net/Articles/938435/) in this effort, which adds support for basic stack unwinding.
In February 2024, he posted
[the second patch set](https://lwn.net/ml/bpf/20240201042109.1150490-1-memxor@gmail.com/)
aimed at letting the kernel release resources held by the BPF program when an
exception occurs. This makes exceptions usable in many more contexts. ⌘ [Read more](https://lwn.net/Articles/969185/) 2024-04-15T16:48:17Z **OpenSSF and OpenJS warn about social-engineering attacks**
The Open Source Security Foundation and the OpenJS Foundation have jointly
posted [a\
warning about XZ-like social-engineering attacks](https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/) after OpenJS was
seemingly targeted.

> The OpenJS Foundation Cross Project Council received a suspicious
> series of emails with similar messages, bearing different names and
> overlapp ... ⌘ [Read more](https://lwn.net/Articles/969919/) 2024-04-16T14:00:19Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (php7.4 and php8.2), **Fedora** (c-ares), **Mageia** (python-pillow and upx), **Oracle** (bind and dhcp, bind9.16, httpd:2.4/mod\_http2, kernel, rear, and unbound), **SUSE** (eclipse, maven-surefire, tycho, emacs, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, nodejs16, nodejs18, nodejs20, texlive, vim, webkit2gtk3, and xen), ... ⌘ [Read more](https://lwn.net/Articles/970036/) 2024-04-16T15:33:16Z **PuTTY 0.81 security release**
[Version\
0.81](https://www.chiark.greenend.org.uk/~sgtatham/putty/) of the PuTTY SSH client is out with a fix for [CVE-2024-31497](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31497);
some users will want to update and generate new keys:

> PuTTY 0.81, released today, fixes a critical vulnerability
> CVE-2024-31497 in the use of 521-bit ECDSA keys
> (ecdsa-sha2-nistp521). If you have used a 521-bit ECDSA private
> key with any previous version of PuTTY, consider the private key
> compromised ... ⌘ [Read more](https://lwn.net/Articles/970045/) 2024-04-16T16:00:59Z **[$] Fedora 40 firms up for release**
Fedora 40 Beta was [released](https://fedoramagazine.org/announcing-fedora-linux-40-beta/)
on March 26, and the final release is nearing completion. So far,
the release is coming together nicely with major
updates for GNOME, KDE Plasma, and the usual cavalcade of
smaller updates and enhancements. As part of the release, the project also scuttled [Delta\
RPMs](https://fedoraproject.org/wiki/Changes/Drop_Delta_RPMs) and [OpenSSL 1.1](https://fedoraproject.org/wiki/Changes/RemoveOpensslCompat). ⌘ [Read more](https://lwn.net/Articles/969145/) 2024-04-16T19:54:38Z **[$] Identifying dependencies used via dlopen()**
[The recent XZ backdoor](https://lwn.net/Articles/967180) has sparked a lot of discussion about how the open-source
community links and packages software. One possible
security improvement being discussed
is changing how
projects like systemd link to dynamic libraries that are only used for
optional functionality: using
[dlopen()](https://man7.org/linux/man-pages/man3/dlopen.3.html) to load those libraries only
when required. This could
shrink the attack surface exposed by dependencies, b ... ⌘ [Read more](https://lwn.net/Articles/969908/) 2024-04-17T12:36:34Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (apache2 and cockpit), **Fedora** (firefox, kernel, mbedtls, python-cbor2, wireshark, and yyjson), **Mageia** (nghttp2), **Red Hat** (kernel, kernel-rt, opencryptoki, pcs, shim, squid, and squid:4), **Slackware** (firefox), **SUSE** (emacs, firefox, and kernel), and **Ubuntu** (linux-aws, linux-aws-5.15, linux-aws-6.5, linux-raspi, and linux-iot). ⌘ [Read more](https://lwn.net/Articles/970169/) 2024-04-17T12:47:09Z **Four more stable kernels**
The
[6.8.7](https://lwn.net/Articles/970171/),
[6.6.28](https://lwn.net/Articles/970172/),
[6.1.87](https://lwn.net/Articles/970173/), and
[5.15.156](https://lwn.net/Articles/970174/) stable kernel updates have all been
released. ⌘ [Read more](https://lwn.net/Articles/970086/) 2024-04-17T15:25:41Z **[$] Managing to-do lists on the command line with Taskwarrior**
Managing to-do lists is something of a universal necessity. While some
people handle them mentally or on paper, others resort to a web-based tool or
a mobile
application. For those preferring the command line, the MIT-licensed [Taskwarrior](https://taskwarrior.org) offers a flexible solution
with a healthy community and lots of extensions. ⌘ [Read more](https://lwn.net/Articles/969904/) 2024-04-18T00:29:20Z **[$] LWN.net Weekly Edition for April 18, 2024**
The LWN.net Weekly Edition for April 18, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/969442/) 2024-04-18T14:03:30Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr, jetty9, libdatetime-timezone-perl, tomcat10, and tzdata), **Fedora** (cockpit, filezilla, and libfilezilla), **Red Hat** (firefox, gnutls, java-1.8.0-openjdk, java-17-openjdk, kernel, kernel-rt, less, mod\_http2, nodejs:18, rhc-worker-script, and shim), **Slackware** (mozilla), **SUSE** (kernel), and **Ubuntu** (apache2, glibc, and linux-xilinx-zynqmp). ⌘ [Read more](https://lwn.net/Articles/970324/) 2024-04-18T14:24:50Z **[$] Warning about WARN_ON()**
Kernel developers, like conscientious developers for many projects, will
often include checks in the code for conditions that are never expected to
occur, but which would indicate a serious problem should that expectation
turn out to be incorrect. For years, developers have been encouraged (to
put it politely) to avoid using assertions that crash the machine for such
conditions unless there is truly no alternative. Increasingly, though, use
of the kernel's WARN\_ON() family of macros, which developers were
 ... ⌘ [Read more](https://lwn.net/Articles/969923/) 2024-04-18T15:11:41Z **[$] Gentoo bans AI-created contributions**
[Gentoo Council](https://wiki.gentoo.org/wiki/Project:Council) member Michał Górny [posted](https://lwn.net/ml/gentoo-dev/a2b8c68b1649213cf237f40e41f9a460a5667c34.camel@gentoo.org/)
an RFC to the gentoo-dev mailing
list in late February about banning "'AI'-backed (LLM/GPT/whatever)
contributions" to the Gentoo Linux project. Górny wrote that the spread of the
"AI bubble" indicated a need for Gentoo to formally take a stand on AI
tools. After a lengthy discussion, the Gentoo Council [voted](http ... ⌘ [Read more](https://lwn.net/Articles/970072/) 2024-04-19T13:08:42Z **Security updates for Friday**
Security updates have been issued by **AlmaLinux** (gnutls, java-17-openjdk, mod\_http2, and squid), **Debian** (firefox-esr), **Fedora** (editorconfig, perl-Clipboard, php, rust, and wordpress), **Mageia** (less, libreswan, puppet, and x11-server, x11-server-xwayland, and tigervnc), **Slackware** (aaa\_glibc), and **SUSE** (firefox, graphviz, kernel, nodejs12, pgadmin4, tomcat, and wireshark). ⌘ [Read more](https://lwn.net/Articles/970508/) 2024-04-19T14:12:55Z **[$] Weighted memory interleaving and new system calls**
Gregory Price recently posted
[a patch set](https://lwn.net/ml/linux-kernel/20231223181101.1954-1-gregory.price@memverge.com/) that adds support for weighted memory interleaving — allowing a
process's memory to be distributed between
[non-uniform memory access](https://en.wikipedia.org/wiki/Non-uniform_memory_access) (NUMA)
nodes in a more controlled way.
According to his performance measurements, the patch set could provide a
significant improvement for computers with network-atta ... ⌘ [Read more](https://lwn.net/Articles/969379/) 2024-04-21T21:55:42Z **Kernel prepatch 6.9-rc5**
Linus has [released 6.9-rc5](https://lwn.net/Articles/970666/) for testing.

> But if you ignore those oddities, it all looks pretty normal and
> things appear fairly calm. Which is just as well, since the first
> part of the week I was on a quick trip to Seattle, and the second
> part of the week I've been doing a passable imitation of the
> Fontana di Trevi, except my medium is mucus. ⌘ [Read more](https://lwn.net/Articles/970667/) 2024-04-22T14:38:05Z **Security updates for Monday**
Security updates have been issued by **AlmaLinux** (firefox and java-1.8.0-openjdk), **Debian** (chromium, flatpak, guix, openjdk-11, openjdk-17, thunderbird, and tomcat9), **Fedora** (chromium, firefox, glibc, nghttp2, nodejs18, python-aiohttp, python-django3, python-pip, and uxplay), **Mageia** (putty & filezilla), **Red Hat** (Firefox, firefox, java-1.8.0-openjdk, java-21-openjdk, nodejs:18, shim, and thunderbird), **Slackware** (freerdp), **SUSE** (apache-commons-configuration2, nodejs14, perl-CryptX, p ... ⌘ [Read more](https://lwn.net/Articles/970793/) 2024-04-22T14:44:00Z **Hutterer: udev-hid-bpf: quickstart tooling to fix your HID devices with eBPF**
Peter Hutterer [announces\
udev-hid-bpf](http://who-t.blogspot.com/2024/04/udev-hid-bpf-quickstart-tooling-to-fix.html), a tool to facilitate the loading of BPF programs that
make human-input devices work correctly.

> eBPF was originally written for network packet filters but as of
> kernel v6.3 and thanks to Benjamin, we have BPF in the HID
> subsystem. HID actually lends itself really well to BPF because,
> well, we have a byte array and to fix our devi ... ⌘ [Read more](https://lwn.net/Articles/970702/) 2024-04-22T17:39:02Z **[$] Linus and Dirk chat about AI, XZ, hardware, and more**
One of the mainstays of the the Linux Foundation's Open Source Summit is the "fireside chat"
(sans fire) between Linus Torvalds and Dirk Hohndel to discuss open source and
Linux kernel topics of the day. On April 17, at [Open Source Summit\
North America](https://events.linuxfoundation.org/open-source-summit-north-america/) (OSSNA) in Seattle, Washington, they held with tradition
and discussed a range of topics including proper whitespace parsing,
security, and the current AI cr ... ⌘ [Read more](https://lwn.net/Articles/970293/) 2024-04-22T19:37:35Z **Andreas Tille elected as Debian project leader**
The Debian project leader

[election results are in](https://lwn.net/Articles/970815/) and Andreas Tille
[has been elected](https://www.debian.org/vote/2024/vote_001).
In a fairly competitive vote, Tille beat Sruthi Chandran to fill the
position for
the coming year. We [looked at the election and the\
candidates](https://lwn.net/Articles/967981/) a few weeks back. ⌘ [Read more](https://lwn.net/Articles/970814/) 2024-04-22T22:34:19Z **The Open Home Foundation launches**
The Open Home Foundation has [announced\
its existence](https://www.openhomefoundation.org/blog/announcing-the-open-home-foundation/) as a home and support resource for free home-automation
projects.

> We created the Open Home Foundation to fight for the fundamental
> principles of privacy, choice, and sustainability for smart
> homes. And every person who lives in one.
>
> Ahead of today, we've transferred over 240 projects, standards,
> drivers, and libraries—Home Assistant, ESPHome, Zigpy, Piper ... ⌘ [Read more](https://lwn.net/Articles/970835/) 2024-04-23T13:31:41Z **[$] Rust for embedded Linux kernels**
The Rust programming language, it is hoped, will bring a new level of
safety to the Linux kernel. At the moment, though, there are still a
number of impediments to getting useful Rust code into the kernel. In the
Embedded Open Source Summit track of the [Open\
Source Summit North America](https://events.linuxfoundation.org/open-source-summit-north-america/), Fabien Parent provided an overview of his
work aimed at improving the infrastructure needed to write the device
drivers needed by embedded syst ... ⌘ [Read more](https://lwn.net/Articles/970216/) 2024-04-23T13:30:58Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (glibc and samba), **Fedora** (chromium, cjson, mingw-python-idna, and pgadmin4), **Mageia** (kernel, kmod-xtables-addons, kmod-virtualbox, kernel-linus, and perl-Clipboard), **Red Hat** (go-toolset:rhel8, golang, java-11-openjdk, kpatch-patch, and shim), **Slackware** (freerdp), **SUSE** (apache-commons-configuration, glibc, jasper, polkit, and qemu), and **Ubuntu** (google-guest-agent, google-osconfig-agent, linux-lowlatency-hwe-6.5, pillow, and squid). ⌘ [Read more](https://lwn.net/Articles/970889/) 2024-04-23T14:12:11Z **Fedora 40 released**
The Fedora 40 distribution [has been\
released](https://fedoramagazine.org/announcing-fedora-linux-40/). See the "what's new" pages for [Fedora\
Workstation](https://fedoramagazine.org/whats-new-fedora-workstation-40/) and [Fedora\
KDE](https://fedoramagazine.org/whats-new-in-fedora-kde-40/) to learn more about the desktop spins, along with [this LWN article](https://lwn.net/Articles/969145/), for more information. ⌘ [Read more](https://lwn.net/Articles/970893/) 2024-04-23T17:50:27Z **[$] A change in direction for security-module stacking?**
The long-running effort to complete the work on stacking (or composing) the
Linux security modules (LSMs) recently encountered a barrier—in the form of
a "suggestion" to discontinue it from Linus Torvalds. His complaint
revolved around the indirect function calls that are used to implement
LSMs, but he also did not think much of the effort to switch away from
those calls. While it does not appear that a major course-change is in store
for LSMs, it is clear that Torvalds is not ha ... ⌘ [Read more](https://lwn.net/Articles/970070/) 2024-04-24T12:26:02Z **Security updates for Wednesday**
Security updates have been issued by **Fedora** (abseil-cpp, chromium, filezilla, libfilezilla, and xorg-x11-server-Xwayland), **Oracle** (firefox, gnutls, golang, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, libreswan, mod\_http2, owO: thunderbird, and thunderbird), **Red Hat** (container-tools:rhel8, gnutls, grub2, kernel, kernel-rt, less, linux-firmware, opencryptoki, pcs, postgresql-jdbc, and thunderbird), **Slackware** (ruby), **SUSE** (kubernetes1.23, kubernetes1.2 ... ⌘ [Read more](https://lwn.net/Articles/971004/) 2024-04-24T12:49:16Z **[$] Existential types in Rust**
For several years, contributors to the Rust project have
been working to improve support for asynchronous
code. The benefits of these efforts are not confined to asynchronous code,
however. Members of the Rust community have been working toward adding explicit
[existential types](https://en.wikipedia.org/wiki/Type_system#Existential_types) to Rust since 2017. Existential types are not a common feature
of programming languages (something
[the RFC](https://rust-lang.github.io/rfcs/2515-type_alias_impl_trait ... ⌘ [Read more](https://lwn.net/Articles/970186/) 2024-04-24T13:10:49Z **QEMU 9.0 released**
[Version 9.0](https://www.qemu.org/2024/04/23/qemu-9-0-0/) of
the QEMU emulator has been released. "This release contains 2700+
commits from 220 authors." The list of improvements is long; see the
announcement and [the\
changelog](https://wiki.qemu.org/ChangeLog/9.0) for details. ⌘ [Read more](https://lwn.net/Articles/971007/) 2024-04-24T14:10:53Z **A new crash reporter for Firefox**
On April 23, Mozilla
[announced](https://hacks.mozilla.org/2024/04/porting-a-cross-platform-gui-application-to-rust/) that Firefox's crash reporter has been rewritten in Rust, allowing the
project to address a backlog of issues.

> Even though it is important to properly handle main process crashes, the crash
> reporter hasn't received significant development in a while (aside from
> development to ensure that crash reports and telemetry continue to reliably be
> delivered)! It has long been stuck in a ... ⌘ [Read more](https://lwn.net/Articles/971006/) 2024-04-24T14:25:25Z **GitHub comments used to distribute malware (BleepingComputer)**
BleepingComputer
[reported](https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/) on April 20 that some malware was being distributed via GitHub.
Uploading files as part of a comment gives them a URL that appears to be
associated with a repository, even if the comment is never posted.

> A GitHub flaw, or possibly a design decision, is being abused by threat actors
> to distribute malware using URLs associated with M ... ⌘ [Read more](https://lwn.net/Articles/971008/) 2024-04-25T01:21:39Z **[$] LWN.net Weekly Edition for April 25, 2024**
The LWN.net Weekly Edition for April 25, 2024 is available. ⌘ [Read more](https://lwn.net/Articles/970328/)