# Twtxt is an open, distributed microblogging platform that # uses human-readable text files, common transport protocols, # and free software. # # Learn more about twtxt at https://github.com/buckket/twtxt # # This is an automated Yarn.social feed running feeds v0.1.0@72e53a9 # Learn more about Yarn.social at https://yarn.social # # nick = lwn-net # url = https://feeds.twtxt.net/lwn-net/twtxt.txt # type = rss # source = https://lwn.net/headlines/newrss # avatar = # description = # updated_at = 2023-12-08T16:08:22Z # 2023-06-20T12:56:23Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (libxpm and php7.3), **Fedora** (chromium), **Mageia** (kernel, kernel-linus, and sysstat), **Red Hat** (c-ares), **SUSE** (libwebp), and **Ubuntu** (cups-filters, libjettison-java, and libsvgpp-dev). ⌘ [Read more](https://lwn.net/Articles/935353/) 2023-06-20T13:08:40Z **The Rust Leadership Council**
The Rust project has [announced](https://blog.rust-lang.org/2023/06/20/introducing-leadership-council.html)
the formation of the Rust Leadership Council, which will take the place of
the existing Core Team and Leadership Chat groups.

> The Council will assume responsibility for top-level governance
> concerns while most of the responsibilities of the Rust Project
> (such as maintenance of the compiler and core tooling, evolution of
> the language and standard libraries, administration of
> infrastructu ... ⌘ [Read more](https://lwn.net/Articles/935354/) 2023-06-20T18:47:27Z **[$] Backporting XFS fixes to stable**
Backporting fixes to stable kernels is an ongoing process that, in general,
is handled by the stable maintainers or the developers of the fixes.
However, due
to some unhappiness in the XFS development
community with the process of handling stable fixes for that filesystem,
a different process has come about for backporting XFS patches to the
stable kernels. The three developers doing that work, Leah Rumancik, Amir
Goldstein, and Chandan Babu Rajendra, led a plenary session at the
[2023 Linux Storage ... ⌘ [Read more](https://lwn.net/Articles/934941/) 2023-06-21T12:34:31Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (libfastjson, libx11, opensc, python-mechanize, and wordpress), **SUSE** (salt and terraform-provider-helm), and **Ubuntu** (firefox, libx11, pngcheck, python-werkzeug, ruby3.1, and vlc). ⌘ [Read more](https://lwn.net/Articles/935552/) 2023-06-21T13:48:53Z **[$] Armbian 23.05: optimized for single-board computers**
Running a Linux distribution on Arm-based single-board computers (SBCs)
is still not as easy as on x86 systems because many Arm devices require a
vendor-supplied kernel, a patched bootloader, and other device-specific
components. One distribution that addresses this problem is [Armbian](https://www.armbian.com), which offers Debian- and
Ubuntu-based distributions for
many devices. The headline feature in the recent release, [Armbian\
23.05](https://www.armbian.com/newsflash/armbi ... ⌘ [Read more](https://lwn.net/Articles/935079/) 2023-06-21T14:32:49Z **Seven more stable kernels**
The
[6.3.9](https://lwn.net/Articles/935589/),
[6.1.35](https://lwn.net/Articles/935588/),
[5.15.118](https://lwn.net/Articles/935584/),
[5.10.185](https://lwn.net/Articles/935583/),
[5.4.248](https://lwn.net/Articles/935582/),
[4.19.287](https://lwn.net/Articles/935581/), and
[4.14.319](https://lwn.net/Articles/935580/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/935579/) 2023-06-21T14:42:19Z **Red Hat cutting back RHEL source availability**
Red Hat has [announced](https://www.redhat.com/en/blog/furthering-evolution-centos-stream)
that public source releases will be restricted to CentOS Stream going
forward:

> As the CentOS Stream community grows and the enterprise software
> world tackles new dynamics, we want to sharpen our focus on CentOS
> Stream as the backbone of enterprise Linux innovation. We are
> continuing our investment in and increasing our commitment to
> CentOS Stream. **CentOS Stream will now be the sole r ... ⌘ [Read more](https://lwn.net/Articles/935592/) 2023-06-21T17:57:08Z **[$] Merging copy offload**
Kernel support for copy offload is a feature that has been floating around
in limbo for a decade or more at this point; it has been implemented along
the way, but never merged. The idea is that the host
system can simply ask a block storage device to copy some data within the device
and it
will do so without further involving the host; instead of reading data into
the host so that it can be written back out again, the device circumvents
that process. At the
[2023 Linux Storage, Filesystem,\
Memory-Management a ... ⌘ [Read more](https://lwn.net/Articles/935260/) 2023-06-22T01:27:29Z **[$] LWN.net Weekly Edition for June 22, 2023**
The LWN.net Weekly Edition for June 22, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/934727/) 2023-06-22T14:24:06Z **Security updates for Thursday**
Security updates have been issued by **Debian** (avahi, hsqldb, hsqldb1.8.0, minidlna, trafficserver, and xmltooling), **Oracle** (.NET 6.0, .NET 7.0, 18, c-ares, firefox, kernel, less, libtiff, libvirt, python, python3.11, texlive, and thunderbird), **Red Hat** (c-ares, kernel, kernel-rt, kpatch-patch, less, libtiff, libvirt, openssl, and postgresql), **Slackware** (bind and kernel), **SUSE** (bluez, curl, geoipupdate, kernel, netty, netty-tcnative, ntp, open-vm-tools, php8, python-reportlab, rustup, Sal ... ⌘ [Read more](https://lwn.net/Articles/935872/) 2023-06-22T15:23:26Z **[$] Delegating privilege with BPF tokens**
The quest to enable limited use of BPF features in unprivileged processes
continues. In [the previous episode](https://lwn.net/Articles/929746/), an
attempt to use authoritative Linux security module (LSM) hooks for this
purpose was strongly rejected by the LSM developers. BPF developer Andrii
Nakryiko has now returned with a new mechanism based on a
privilege-conveying token. That approach, too, has run into some
resistance, but a solution for the strongest concerns might be in sight. ⌘ [Read more](https://lwn.net/Articles/935195/) 2023-06-22T20:27:09Z **AlmaLinux's response to Red Hat's policy change**
The AlmaLinux organization has posted [a message](https://almalinux.org/blog/impact-of-rhel-changes/)
describing the impact of Red Hat's decision to stop releasing the source to
the RHEL distribution and how AlmaLinux will respond.

> In the immediate term, our plan is to pull from CentOS Stream
> updates and Oracle Linux updates to ensure security patches
> continue to be released. These updates will be carefully curated to
> ensure they are 1:1 compatible with RHEL, while not violat ... ⌘ [Read more](https://lwn.net/Articles/935918/) 2023-06-23T13:58:28Z **Security updates for Friday**
Security updates have been issued by **Debian** (asterisk, lua5.3, and trafficserver), **Fedora** (tang and trafficserver), **Oracle** (.NET 7.0, c-ares, firefox, openssl, postgresql, python3, texlive, and thunderbird), **Red Hat** (python27:2.7 and python39:3.9 and python39-devel:3.9), **Scientific Linux** (c-ares), **Slackware** (cups), **SUSE** (cups, dav1d, google-cloud-sap-agent, java-1\_8\_0-openjdk, libX11, openssl-1\_0\_0, openssl-1\_1, openssl-3, openvswitch, and python-sqlparse), and **Ubuntu** (c ... ⌘ [Read more](https://lwn.net/Articles/936040/) 2023-06-23T14:06:45Z **[$] Reports from OSPM 2023, part 3**
The [fifth conference on Power\
Management and Scheduling in the Linux Kernel](http://retis.sssup.it/ospm-summit/) (abbreviated "OSPM") was
held on April 17 to 19 in Ancona, Italy. LWN was not there,
unfortunately, but the attendees of the event have gotten together to write
up summaries of the discussions that took place and LWN has the privilege
of being able to publish them. Reports from the third and final day of the
event appear below. ⌘ [Read more](https://lwn.net/Articles/935180/) 2023-06-23T16:27:55Z **[$] Removing the kthread freezer**
The final day of the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2023) featured three separate sessions led by
Luis Chamberlain (he also led a [plenary](https://lwn.net/Articles/933437/) on
day two); the first of those was a filesystem session on the status of the
kthread-freezer-removal effort. The kthread freezer is meant to help
filesystems freeze their state in order to
suspend or hibernate the system, but since at least 2015, the [freezer ha ... ⌘ [Read more](https://lwn.net/Articles/935602/) 2023-06-23T21:23:15Z **Kuhn: A Comprehensive Analysis of the GPL Issues With the Red Hat Enterprise Linux (RHEL) Business Model**
Over on the [Software Freedom Conservancy](https://sfconservancy.org/) blog, Policy Fellow and Hacker-in-Residence Bradley M. Kuhn [analyzes](https://sfconservancy.org/blog/2023/jun/23/rhel-gpl-analysis/) the [recent changes to Red Hat Enterprise Linux (RHEL) source availability](https://lwn.net/Articles/935592/) in light of the GPL. It contains some interesting information about two alleged GPL violations that came about because t ... ⌘ [Read more](https://lwn.net/Articles/936127/) 2023-06-26T00:11:56Z **The 6.4 kernel has been released**
Linus has [released the 6.4 kernel](https://lwn.net/Articles/936310/).

> Most of the stuff in my mailbox the last week has been about
> upcoming things for 6.5, and I already have 15 pull requests
> pending. I appreciate all you proactive people.
>
> But that's for tomorrow. Today we're all busy build-testing the
> newest kernel release, and checking that it's all good. Right?

Headline features in this release include:
[generic iterators](https://lwn.net/Articles/926041/) for BPF,
the [removal](htt ... ⌘ [Read more](https://lwn.net/Articles/936132/) 2023-06-26T07:44:09Z **Security updates for Monday**
Security updates have been issued by **Debian** (bind9 and owslib), **Fedora** (dav1d, dotnet6.0, dotnet7.0, mingw-dbus, vim, and wabt), and **SUSE** (cloud-init and golang-github-vpenso-prometheus\_slurm\_exporter). ⌘ [Read more](https://lwn.net/Articles/936332/) 2023-06-26T16:12:29Z **[$] Development statistics for 6.4**
The 6.4 kernel was [released](https://lwn.net/ml/linux-kernel/CAHk-=wi7fwNWfqj-QQqEfZTUOB4bbKT8QiEUDHoPk0ecuYA7cA@mail.gmail.com/)
on June 25 after a nine-week development cycle. By that point, 14,835
non-merge changesets had been pulled into the mainline kernel, a slight
increase from 6.3 (14,424 changesets) but still lower than many other
development cycles. As usual, LWN has taken a look at those changesets,
who contributed them, and what the most active developers were up to. ⌘ [Read more](https://lwn.net/Articles/936113/) 2023-06-26T19:38:39Z **McGrath: Red Hat’s commitment to open source**
Red Hat's Mike McGrath [responds](https://www.redhat.com/en/blog/red-hats-commitment-open-source-response-gitcentosorg-changes)
to the many criticisms aimed at the company since it changed its policy
regarding RHEL source code.

> Ultimately, we do not find value in a RHEL rebuild and we are not
> under any obligation to make things easier for rebuilders; this is
> our call to make. That brings me to CentOS Stream, of which there
> is immense confusion. I acknowledge that this is a chang ... ⌘ [Read more](https://lwn.net/Articles/936405/) 2023-06-27T14:03:33Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (c-ares and libx11), **Fedora** (chromium and kubernetes), **Red Hat** (python3 and python38:3.8, python38-devel:3.8), and **SUSE** (amazon-ssm-agent, kernel, kubernetes1.24, libvirt, nodejs16, openssl-1\_1, and webkit2gtk3). ⌘ [Read more](https://lwn.net/Articles/936549/) 2023-06-27T14:40:23Z **Ekstrand: NVK update: Enabling new extensions, conformance status & more**
Faith Ekstrand has [provided\
an update](https://www.collabora.com/news-and-blog/news-and-events/nvk-update-enabling-new-extensions-conformance-status-more.html) on the status of the [NVK](https://www.collabora.com/news-and-blog/news-and-events/introducing-nvk.html)
Vulkan driver for NVIDIA GPUs.

> Probably the single most common question I get from folks is, "When
> will NVK be in upstream mesa?" The short answer is that it'll be
> upstreamed along with the n ... ⌘ [Read more](https://lwn.net/Articles/936554/) 2023-06-27T16:29:29Z **[$] Converting filesystems to iomap**
A discussion that largely centered around the [documentation of\
iomap](https://kernelnewbies.org/KernelProjects/iomap), which provides a block-mapping interface for modern filesystems,
was led by Luis Chamberlain that the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2023). There is an ongoing process of
converting filesystems to use iomap, in order to [leave buffer heads \
behind](https://lwn.net/Articles/931809/) and to better support [folios ... ⌘ [Read more](https://lwn.net/Articles/935934/) 2023-06-28T12:58:59Z **Security updates for Wednesday**
Security updates have been issued by **Mageia** (docker-docker-registry, libcap, libx11, mediawiki, python-requests, python-tornado, sofia-sip, sqlite, and xonotic), **Red Hat** (kernel, kernel-rt, kpatch-patch, libssh, libtiff, python27:2.7, python39:3.9, python39-devel:3.9, ruby:2.7, sqlite, systemd, and virt:rhel, virt-devel:rhel), **SUSE** (bind, cosign, guile1, lilypond, keepass, kubernetes1.24, nodejs16, nodejs18, phpMyAdmin, and sqlite3), and **Ubuntu** (etcd). ⌘ [Read more](https://lwn.net/Articles/936671/) 2023-06-28T13:02:55Z **Stable kernel updates for Wednesday**
The
[6.3.10](https://lwn.net/Articles/936673/),
[6.1.36](https://lwn.net/Articles/936674/),
[5.15.119](https://lwn.net/Articles/936675/),
[5.10.186](https://lwn.net/Articles/936676/),
[5.4.249](https://lwn.net/Articles/936677/),
[4.19.288](https://lwn.net/Articles/936678/), and
[4.14.320](https://lwn.net/Articles/936679/)
stable kernels have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/936672/) 2023-06-28T15:55:50Z **[$] JupyterLab 4.0: a development environment for education and research**
[JupyterLab](https://jupyterlab.readthedocs.io) is a
web-based development environment widely used by data scientists,
engineers, and educators for data visualization, data analysis,
prototyping, and interactive learning materials. The [Jupyter](https://jupyter.org) community has recently announced the
release of [JupyterLab 4.0](https://blog.jupyter.org/jupyterlab-4-0-is-here-388d05e03442), introducing lots of new features and performance
improvements to enhance ... ⌘ [Read more](https://lwn.net/Articles/936340/) 2023-06-29T01:58:13Z **[$] LWN.net Weekly Edition for June 29, 2023**
The LWN.net Weekly Edition for June 29, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/935773/) 2023-06-29T07:27:51Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium and maradns), **SUSE** (iniparser, kubernetes1.23, python-reportlab, and python-sqlparse), and **Ubuntu** (accountsservice and linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
 linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm,
 linux-oracle, linux-raspi2, linux-snapdragon). ⌘ [Read more](https://lwn.net/Articles/936752/) 2023-06-29T14:40:17Z **[$] Emacs for Android**
The Emacs editor is not tied to the Linux kernel; indeed, it was created
some years before Linux existed. The Emacs code base is intended to be
portable, and the editor runs, with varying levels of support, on a wide
variety of systems. Recently, an energetic developer has worked to extend
the set of supported systems to Android; the result is a working port, but
whether that port will be accepted into the Emacs mainline is the topic of
ongoing conversation. ⌘ [Read more](https://lwn.net/Articles/936576/) 2023-06-30T07:48:32Z **Security updates for Friday**
Security updates have been issued by **Debian** (docker-registry, flask, systemd, and trafficserver), **Fedora** (moodle, python-reportlab, suricata, and vim), **Red Hat** (go-toolset and golang, go-toolset-1.19 and go-toolset-1.19-golang, go-toolset:rhel8, open-vm-tools, python27:2.7, and python3), **SUSE** (buildah, chromium, gifsicle, libjxl, sqlite3, and xonotic), and **Ubuntu** (linux, linux-allwinner, linux-allwinner-5.19, linux-aws, linux-aws-5.19,
 linux-azure, linux-gcp, linux-gcp-5.19, linux-hwe-5 ... ⌘ [Read more](https://lwn.net/Articles/936949/) 2023-06-30T13:00:29Z **What it takes to keep an enterprise 'Frankenkernel' alive (Register)**
The Register [reports\
from Jiří Benc's DevConf.cz talk](https://www.theregister.com/2023/06/30/enterprise_distro_feature_devconf/) on the making of the CentOS Stream
kernel.

> So, what the team are working on is a Frankenstein's monster, sewn
> together from different codebases. Although the base kernel is
> still version 5.14, it is full of backports from upstream. It has
> the XFS filesystem code from kernel 6.0, the USB subsystem –
> complete with drivers – ... ⌘ [Read more](https://lwn.net/Articles/936976/) 2023-06-30T14:53:20Z **[$] The first half of the 6.5 merge window**
The first days of the 6.5 merge window have been a bit calmer than usual,
with "only" 4,000 non-merge changesets having been pulled into the mainline
repository. Those changesets include a fair amount of significant work,
though. Read on for LWN's summary of the first set of changes merged for
the next major kernel release. ⌘ [Read more](https://lwn.net/Articles/936418/) 2023-07-01T20:50:28Z **Three 6.x stable kernels**
The
[6.4.1](https://lwn.net/Articles/937080/),
[6.3.11](https://lwn.net/Articles/937081/), and
[6.1.37](https://lwn.net/Articles/937082/)
stable kernels have been released; each contains another set of important
fixes. ⌘ [Read more](https://lwn.net/Articles/937079/) 2023-07-03T13:17:06Z **Security updates for Monday**
Security updates have been issued by **Debian** (cups, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, python3.7, and yajl), **Fedora** (chromium, kubernetes, pcs, and webkitgtk), **Scientific Linux** (open-vm-tools), **SUSE** (iniparser, keepass, libvirt, prometheus-ha\_cluster\_exporter, prometheus-sap\_host\_exporter, rekor, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and **Ubuntu** (python-reportlab and vim). ⌘ [Read more](https://lwn.net/Articles/937189/) 2023-07-03T13:42:21Z **[$] Documenting counted-by relationships in kernel data structures**
The C language is expressive in many ways, but it still does not have ways
to express many of the relationships between fields in a data structure.
That gap can be at least partially filled, though, if one is willing to
create and use non-standard extensions. The adoption of of those
extensions, in the form of the \_\_counted\_by() macro, has been
merged for the 6.5 kernel release, even though the compiler feature it
depends on has not yet been finalized. ⌘ [Read more](https://lwn.net/Articles/936728/) 2023-07-03T13:41:54Z **Perl v5.38.0 released**
Version 5.38.0 of the Perl language is out. "Perl 5.38.0 represents
approximately 12 months of development since Perl 5.36.0 and contains
approximately 290,000 lines of changes across 1,500 files from 100
authors." Significant changes include a new class feature,
Unicode 15.0 support, a new API for hooking into functions, and more; see
[the\
5.38.0 perldelta page](https://metacpan.org/release/RJBS/perl-5.38.0/view/pod/perldelta.pod) for details. ⌘ [Read more](https://lwn.net/Articles/937204/) 2023-07-04T14:04:50Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (ghostscript), **Fedora** (apache-ivy, chromium, golang-github-schollz-croc, golang-github-schollz-mnemonicode, and webkitgtk), **SUSE** (amazon-ecs-init, dnsdist, libcap, python-tornado, terraform, and xmltooling), and **Ubuntu** (imagemagick, openldap, php7.4, php8.1, and screen). ⌘ [Read more](https://lwn.net/Articles/937292/) 2023-07-04T14:23:02Z **[$] Converting NFSD to use iomap and folios**
Chuck Lever led a filesystem session at the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2023) on the Linux NFS server, which is also
known as NFSD. He wanted to talk about converting the network filesystem
to use iomap; that kind of
conversion
was the topic of the [previous session](https://lwn.net/Articles/935934/) at
the summit. Beyond that, he wanted to discuss using folios, which has been
a frequent topic at recent LSFMM+BPF gather ... ⌘ [Read more](https://lwn.net/Articles/936628/) 2023-07-04T19:06:24Z **Firefox 115 released**
[Version\
115](https://www.mozilla.org/en-US/firefox/115.0/releasenotes/) of the Firefox browser has been released. New features include
support for hardware video decoding on Intel GPUs on Linux and a new
"close" option on the tab-manager dropdown. This release is also the end
of the line for Windows 7 and 8 support, and for macOS 10.12,
10.13, and 10.14 support as well. ⌘ [Read more](https://lwn.net/Articles/937316/) 2023-07-04T19:17:27Z **Brockmeier: Red Hat and the Clone Wars III: The dawn of CentOS**
Joe "Zonker" Brockmeier has been a part of the Linux community for decades;
he is now using that experience to write a series on "Red Hat and the Clone
Wars". The first two episodes were [Red\
Hat and the Clone Wars](https://dissociatedpress.net/2023/06/24/red-hat-and-the-clone-wars/) and [A\
history of the early 2000s Linux landscape](https://dissociatedpress.net/2023/06/26/red-hat-and-the-clone-wars-ii-a-history-of-the-early-2000s-linux-landscape/); the latest is [The\
d ... ⌘ [Read more](https://lwn.net/Articles/937317/) 2023-07-05T13:51:45Z **Security updates for Wednesday**
Security updates have been issued by **Fedora** (firefox and python-reportlab), **Slackware** (mozilla), **SUSE** (dnsdist, grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, pyt, kernel, kubernetes1.18, libdwarf, python311, qt6-base, rmt-server, and virtualbox), and **Ubuntu** (containerd, firefox, and python-django). ⌘ [Read more](https://lwn.net/Articles/937368/) 2023-07-05T13:56:56Z **LXD moves into Canonical**
The LXD container-management system is no longer a part of the [linuxcontainers.org](https://linuxcontainers.org/) project:

> Canonical, the creator and main contributor of the LXD project has
> decided that after over 8 years as part of the Linux Containers
> community, the project would now be better served directly under
> Canonical’s own set of projects.
>
> While the team behind Linux Containers regrets that decision and
> will be missing LXD as one of its projects, it does respect
> Canonical’s decis ... ⌘ [Read more](https://lwn.net/Articles/937369/) 2023-07-05T14:25:14Z **[$] Termux: Linux applications on Android**
[Termux](https://termux.dev/en/) is an Android app that
provides a Linux environment and terminal emulator for such devices. Most
command-line software can be used quite easily with Termux,
and GUI software can be run by installing a few extra apps. It is an excellent
option for Android users who want to run Linux software occasionally on a
device more portable than a laptop but do not want to use a dedicated Linux
phone due to the cost or limitations of such devices. ⌘ [Read more](https://lwn.net/Articles/936953/) 2023-07-05T14:34:55Z **The "StackRot" kernel vulnerability**
Ruihan Li has [disclosed\
a significant vulnerability](https://lwn.net/ml/oss-security/xhhkp3aknwwlmrmmqmr532yfq3ioqh6jbkrxfqf6ovlj2szsai@f3sjwakyq323/) introduced into the 6.1 kernel:

> A flaw was found in the handling of stack expansion in the Linux
> kernel 6.1 through 6.4, aka "Stack Rot". The maple tree,
> responsible for managing virtual memory areas, can undergo node
> replacement without properly acquiring the MM write lock, leading
> to use-after-free issues. An unprivileged local user ... ⌘ [Read more](https://lwn.net/Articles/937377/) 2023-07-05T16:09:45Z **[$] Improving i_version**
The [i\_version](https://elixir.bootlin.com/linux/v6.4.1/source/include/linux/fs.h#L684)
field in [struct inode](https://elixir.bootlin.com/linux/v6.4.1/source/include/linux/fs.h#L608)
is meant to track changes to the data or metadata of a file. There are
some [problems](https://lwn.net/Articles/905931/) with the way that
i\_version is being handled in the kernel,
so Jeff Layton led a filesystem session at the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2 ... ⌘ [Read more](https://lwn.net/Articles/937247/) 2023-07-05T18:24:08Z **Four stable kernel updates**
The
[6.4.2](https://lwn.net/Articles/937401/),
[6.3.12](https://lwn.net/Articles/937402/),
[6.1.38](https://lwn.net/Articles/937403/), and
[5.15.120](https://lwn.net/Articles/937404/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/937400/) 2023-07-06T01:29:25Z **[$] LWN.net Weekly Edition for July 6, 2023**
The LWN.net Weekly Edition for July 6, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/936800/) 2023-07-06T13:52:37Z **[$] Large folios for anonymous memory**
The transition to [folios](https://lwn.net/Articles/849538/) has transformed
the memory-management subsystem in a number of ways, but has also resulted
in a lot of code churn that has not been welcomed by all developers. As
this work proceeds, though, some of the benefits from it are beginning to
become clear. One example may well be in the handling of anonymous memory,
as can be seen in a pair of patch sets from Ryan Roberts. ⌘ [Read more](https://lwn.net/Articles/937239/) 2023-07-06T13:50:27Z **Security updates for Thursday**
Security updates have been issued by **Debian** (golang-yaml.v2, kernel, and mediawiki), **Fedora** (kernel and picocli), **SUSE** (bind and python-sqlparse), and **Ubuntu** (cpdb-libs). ⌘ [Read more](https://lwn.net/Articles/937481/) 2023-07-06T15:48:29Z **[$] BPF iterators for filesystems**
In the first of two combined BPF and filesystem sessions at the
[2023 Linux Storage, Filesystem,\
Memory-Management and BPF Summit](https://lwn.net/Articles/lsfmmbpf2023), Hou Tao introduced his BPF iterators
for filesystem information. [Iterators for\
BPF](https://lwn.net/Articles/926041/) are a relatively recent addition to the BPF landscape; they help
BPF programs step through kernel data structures in a loop-like manner, but
without running afoul of the BPF verifier, which is notoriously hard to
c ... ⌘ [Read more](https://lwn.net/Articles/937326/) 2023-07-06T22:56:50Z **Fedora considers "privacy-preserving" telemetry**
The Fedora project is considering [a\
Fedora 40 change proposal](https://lwn.net/ml/fedora-devel/CAJqbrbeOZrHvYjvMCc=qGZD_VXBs3-qReeirr+F8t01Eq1sYhw@mail.gmail.com/) to add limited, opt-out telemetry to the
workstation edition. The proposal is detailed; it is clear that the
developers involved understand that this will be a hard sell in that
community.

> We believe an open source community can ethically collect limited
> aggregate data on how its software is used without involving big
 ... ⌘ [Read more](https://lwn.net/Articles/937528/) 2023-07-07T13:56:52Z **Security updates for Friday**
Security updates have been issued by **Debian** (debian-archive-keyring, libusrsctp, nsis, ruby-redcloth, and webkit2gtk), **Fedora** (firefox), **Mageia** (apache-ivy, cups, curaengine, glances, golang, keepass, libreoffice, minidlna, nodejs, opensc, perl-DBD-SQLite, python-setuptools, python-wheel, skopeo/buildah/podman, systemd, testng, and webkit2), **SUSE** (bind), and **Ubuntu** (Gerbv, golang-websocket, linux-gke, linux-intel-iotg, and linux-oem-5.17). ⌘ [Read more](https://lwn.net/Articles/937616/) 2023-07-07T14:52:01Z **[$] A pair of workqueue improvements**
Over the years, the kernel has developed a number of deferred-execution
mechanisms to take care of work that cannot be done immediately. For many
(or most) needs, the [workqueue\
subsystem](https://www.kernel.org/doc/html/latest/core-api/workqueue.html) is the tool that developers reach for first. Workqueues
[took their current form](https://lwn.net/Articles/355700/) over a dozen years
ago, but that does not mean that there are not improvements to be made.
Two sets of patches from Tejun Heo show th ... ⌘ [Read more](https://lwn.net/Articles/937416/) 2023-07-07T18:15:29Z **Going Rogue (Digital Antiquarian)**
After an initial foray into the ways that open-source software has failed
to live up to its early hype,
[this Digital\
Antiquarian article](https://www.filfre.net/2023/07/going-rogue/) covers the history of rogue-like games in great
detail.

> This brings us back around to a statement I made at the outset:
> that roguelikes are the exception that proves the rule of
> open-source game development — and just possibly of open-source
> software development in general. The cast of thousands who
> contr ... ⌘ [Read more](https://lwn.net/Articles/937631/) 2023-07-09T23:54:20Z **Kernel prepatch 6.5-rc1**
Linus has [released 6.5-rc1](https://lwn.net/Articles/937731/) and closed the
merge window for this release.

> Anyway, none of it looks hugely unusual. The biggest single mention
> probably goes to what wasn't merged, with the bcachefs pull request
> resulting in a long thread (we didn't hit a hundred emails yet, but
> it's not far away).

The curious can read that [long\
thread](https://lwn.net/ml/linux-kernel/20230626214656.hcp4puionmtoloat@moria.home.lan/) in the list archives. ⌘ [Read more](https://lwn.net/Articles/937732/) 2023-07-10T14:28:27Z **Security updates for Monday**
Security updates have been issued by **Debian** (firefox-esr, fusiondirectory, ocsinventory-server, php-cas, and thunderbird), **Fedora** (dav1d, perl-CPAN, and yt-dlp), **Red Hat** (python39:3.9 and python39-devel:3.9), **Slackware** (mozilla), **SUSE** (prometheus-ha\_cluster\_exporter and prometheus-sap\_host\_exporter), and **Ubuntu** (ghostscript, linux-azure, linux-intel-iotg, linux-intel-iotg-5.15, and ruby-doorkeeper). ⌘ [Read more](https://lwn.net/Articles/937803/) 2023-07-10T14:52:18Z **[$] The rest of the 6.5 merge window**
Linus Torvalds [released\
6.5-rc1](https://lwn.net/ml/linux-kernel/CAHk-=wj8sPDVoWgaceAs1AiwZrHV8mtC3vQNGbeV6-RypJi6aw@mail.gmail.com/) and closed the merge window for this development cycle on
July 9. By that point, 11,730 non-merge changesets had been pulled
into the mainline for 6.5; over 7,700 of those were pulled after
[the first-half merge-window summary](https://lwn.net/Articles/936418/) was
written. The second half of the merge window saw a lot of code coming into
the mainline and a long li ... ⌘ [Read more](https://lwn.net/Articles/937006/) 2023-07-11T12:57:38Z **SUSE to create a fork of RHEL**
SUSE has [announced](https://www.suse.com/news/SUSE-Preserves-Choice-in-Enterprise-Linux/)
that it is getting into the business of creating RHEL clones and investing
$10 million in the project.

> SUSE remains fully committed to investing in its highly regarded
> Linux solutions such as SLE and openSUSE that countless satisfied
> enterprise customers and the community rely on. At the same time,
> it acknowledges that enterprises and the open source community
> deserve choice and freedom from vendor lo ... ⌘ [Read more](https://lwn.net/Articles/937863/) 2023-07-11T12:55:04Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (mediawiki and node-tough-cookie), **Red Hat** (bind, kernel, kpatch-patch, and python38:3.8, python38-devel:3.8), **SUSE** (kernel, nextcloud-desktop, and python-tornado), and **Ubuntu** (dwarves-dfsg and thunderbird). ⌘ [Read more](https://lwn.net/Articles/937879/) 2023-07-11T13:28:38Z **Stable kernel 6.4.3 released**
The [6.4.3](https://lwn.net/Articles/937886/) stable kernel has been released;
it contains a handful of fixes, mostly for problems associated with the [per-VMA locking](https://lwn.net/Articles/906852/) code. Anybody running 6.4
probably wants this update.

Note that there is a much larger [6.3.13](https://lwn.net/ml/linux-kernel/20230710142227.965586663@linuxfoundation.org/)
update going through a longer-than-usual review process that should show up
soon. ⌘ [Read more](https://lwn.net/Articles/937885/) 2023-07-11T14:30:41Z **[$] The FUSE BPF filesystem**
The [Filesystem\
in Userspace](https://www.kernel.org/doc/html/next/filesystems/fuse.html) (FUSE) framework can be used to create a "stacked"
filesystem, where the FUSE piece adds specialized functionality
(e.g. reporting different file metadata) atop an
underlying kernel filesystem. The performance of such filesystems leaves a
lot to be desired, however, so
the [FUSE\
BPF filesystem](https://lwn.net/ml/linux-kernel/20230418014037.2412394-1-drosen@google.com/) has been proposed to try to improve the perform ... ⌘ [Read more](https://lwn.net/Articles/937433/) 2023-07-12T12:55:40Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (erlang, symfony, thunderbird, and yajl), **Fedora** (cutter-re, kernel, rizin, and yt-dlp), **Red Hat** (grafana), **SUSE** (kernel and python-Django), and **Ubuntu** (dotnet6, dotnet7 and firefox). ⌘ [Read more](https://lwn.net/Articles/937972/) 2023-07-12T21:16:05Z **Convening public benefit and charitable foundations working in open domains (OSI blog)**
Over on the [Open Source Initiative](https://opensource.org/) (OSI) blog, the organization has [announced](https://blog.opensource.org/convening-public-benefit-and-charitable-foundations-working-in-open-domains/) the [Open Policy Alliance](https://opensource.org/programs/open-policy-alliance/) (OPA), which is meant to bring together various non-profit organizations to help educate and inform US policy makers about open-source software and its needs: ... ⌘ [Read more](https://lwn.net/Articles/938021/) 2023-07-12T22:11:07Z **[$] Testing for storage and filesystems**
The [kdevops](https://github.com/linux-kdevops/kdevops)
kernel-testing framework has come up at several earlier summits, including
in two [separate](https://lwn.net/Articles/896670/) [sessions](https://lwn.net/Articles/897061/) at last year's event.
Testing kernel filesystems and the block layer, not to mention lots of
other kernel subsystems, has become increasingly
important over time.
 So it was no
surprise that Luis Chamberlain led a
combined storage and filesystem session at the
[2023 Linux ... ⌘ [Read more](https://lwn.net/Articles/937830/) 2023-07-13T01:01:32Z **[$] LWN.net Weekly Edition for July 13, 2023**
The LWN.net Weekly Edition for July 13, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/937458/) 2023-07-13T14:11:49Z **Security updates for Thursday**
Security updates have been issued by **Debian** (ruby-doorkeeper), **Fedora** (mingw-nsis and thunderbird), **Red Hat** (bind9.16, nodejs, nodejs:16, nodejs:18, python38:3.8 and python38-devel:3.8, and rh-nodejs14-nodejs), **Slackware** (krb5), **SUSE** (geoipupdate, installation-images, libqt5-qtbase, python-Django1, and skopeo), and **Ubuntu** (knot-resolver, lib3mf, linux, linux-aws, linux-kvm, linux-lowlatency, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-gcp, linux-i ... ⌘ [Read more](https://lwn.net/Articles/938108/) 2023-07-13T15:18:13Z **[$] Stabilizing per-VMA locking**
The kernel-development process routinely absorbs large changes to
fundamental subsystems and still produces stable releases every nine or ten
weeks. On occasion, though, the development community's luck runs out.
The [per-VMA locking work](https://lwn.net/Articles/906852/) that went into the
6.4 release is a case in point; it looked like a well-tested change that
improved page-fault scalability. There turned out to be a few demons
hiding in that code, though, that made life difficult for early adopters ... ⌘ [Read more](https://lwn.net/Articles/937943/) 2023-07-13T16:03:58Z **Rust 1.71.0 released**
[Version\
1.71.0](https://blog.rust-lang.org/2023/07/13/Rust-1.71.0.html) of the Rust language has been released. Changes this time
include the [C-unwind\
ABI](https://github.com/rust-lang/rfcs/blob/master/text/2945-c-unwind-abi.md), an upgrade to musl 1.2, and more. ⌘ [Read more](https://lwn.net/Articles/938120/) 2023-07-13T22:57:23Z **AlmaLinux to diverge (slightly) from RHEL**
AlmaLinux has [announced](https://almalinux.org/blog/future-of-almalinux/) that
the distribution will no longer be a strict clone of Red Hat Enterprise
Linux, but will maintain ABI compatibility.

> For a typical user, this will mean very little change in your use
> of AlmaLinux. Red Hat-compatible applications will still be able to
> run on AlmaLinux OS, and your installs of AlmaLinux will continue
> to receive timely security updates. The most remarkable potential
> impact of the change ... ⌘ [Read more](https://lwn.net/Articles/938165/) 2023-07-14T13:55:49Z **Security updates for Friday**
Security updates have been issued by **Debian** (lemonldap-ng and php-dompdf), **Red Hat** (.NET 6.0, .NET 7.0, firefox, and thunderbird), **Scientific Linux** (firefox and thunderbird), **SUSE** (ghostscript, installation-images, kernel, php7, python, and python-Django), and **Ubuntu** (linux-azure, linux-gcp, linux-ibm, linux-oracle, mozjs102, postgresql-9.5, and tiff). ⌘ [Read more](https://lwn.net/Articles/938233/) 2023-07-14T14:30:55Z **[$] The proper time to split struct page**
The page structure sits at the core of the kernel's
memory-management subsystem; one such structure exists for every page of
installed RAM. This structure is increasingly seen as a problem, though,
and phasing it out is one of the many side projects associated with the [folio conversion](https://lwn.net/Articles/849538/). One step in that direction
is currently meeting some pushback from memory-management developers,
though, who think that some of these changes are coming too soon. ⌘ [Read more](https://lwn.net/Articles/937839/) 2023-07-17T00:57:58Z **Kernel prepatch 6.5-rc2**
The [second 6.5 prepatch](https://lwn.net/Articles/938327/) is out for testing.
"No surprises here: this thing looks very normal." ⌘ [Read more](https://lwn.net/Articles/938328/) 2023-07-17T14:21:46Z **Security updates for Monday**
Security updates have been issued by **Debian** (gpac, iperf3, kanboard, kernel, and pypdf2), **Fedora** (ghostscript), **SUSE** (bind, bouncycastle, ghostscript, go1.19, go1.20, installation-images, kernel, mariadb, MozillaFirefox, MozillaFirefox-branding-SLE, php74, poppler, and python-Django), and **Ubuntu** (cups, linux-oem-6.1, and ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1). ⌘ [Read more](https://lwn.net/Articles/938375/) 2023-07-17T14:29:30Z **[$] Debian looks forward to 2038**
On January 19, 2038, the time\_t value used on many 32-bit Linux
systems will overflow and wrap around, causing those systems to believe
they have returned to 1970 and wonder why they feel like they have heard [_Déjà\
Vu_](https://en.wikipedia.org/wiki/D%C3%A9j%C3%A0_Vu_(Crosby,_Stills,_Nash_%26_Young_album)) before. Much work has gone into preparing many layers of the
system for this event, but not all distributions have completed their
preparations. One of those is Debian but, as was seen in a conver ... ⌘ [Read more](https://lwn.net/Articles/938149/) 2023-07-18T13:19:56Z **Security updates for Tuesday**
Security updates have been issued by **Fedora** (java-1.8.0-openjdk), **Red Hat** (bind, bind9.16, curl, edk2, java-1.8.0-ibm, kernel, kernel-rt, and kpatch-patch), **SUSE** (iniparser, installation-images, java-1\_8\_0-ibm, kernel, libqt5-qtbase, nodejs16, openvswitch, and ucode-intel), and **Ubuntu** (linux-oem-6.0 and linux-xilinx-zynqmp). ⌘ [Read more](https://lwn.net/Articles/938488/) 2023-07-18T14:06:48Z **[$] A Q&A about the realtime patches**
In a session at the 2023 Real Time Linux Summit, Thomas Gleixner answered
questions about the realtime feature of the kernel, its status, and the [Real-Time Linux](https://wiki.linuxfoundation.org/realtime/start)
project's plans for the future. The talk was billed as a "Q&A about
PREEMPT\_RT" with a caveat: "anything except printk() and
documentation". As might be guessed, the first two questions were on just
those topics, but there were plenty of other questions (and answers) too.
The summit was
h ... ⌘ [Read more](https://lwn.net/Articles/938236/) 2023-07-18T18:41:46Z **SambaXP 2023 videos posted**
The 2023 sambaXP conference was held May 10 and 11 in Goettingen, Germany.
[Videos\
of the talks](https://www.youtube.com/playlist?list=PLbw4szFfveGoyJGxWdl5HddMTTySDYaW2) held there have now been posted on YouTube; topics covered
include an io\_uring update, fuzzing, passwordless services, GPL compliance,
and much more. ⌘ [Read more](https://lwn.net/Articles/938524/) 2023-07-18T21:50:33Z **Cython 3.0 released**
[Version\
3.0](https://cython.readthedocs.io/en/latest/src/changes.html#major-themes-in-3-0-0) of Cython ( [described](https://cython.readthedocs.io/en/latest/src/quickstart/overview.html)
as "a programming language that makes writing C
extensions for the Python language as easy as Python itself") has been
released. Changes include support for Python through 3.11 (but 2.6 support
was dropped), the implementation of a number of PEPs, initial support for
the CPython limited API, better exception handling, and more. ⌘ [Read more](https://lwn.net/Articles/938536/) 2023-07-19T13:30:41Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (bind9, libapache2-mod-auth-openidc, and python-django), **Fedora** (nodejs18 and redis), **Red Hat** (python3.9 and webkit2gtk3), **Scientific Linux** (bind and kernel), **SUSE** (cni, cni-plugins, cups-filters, curl, dbus-1, ImageMagick, kernel, libheif, and python-requests), and **Ubuntu** (bind9, connman, curl, libwebp, and yajl). ⌘ [Read more](https://lwn.net/Articles/938596/) 2023-07-19T16:33:01Z **Two large stable kernel updates**
The
[6.4.4](https://lwn.net/Articles/938618/) and
[6.1.39](https://lwn.net/Articles/938619/)
stable kernel updates have been released; each contains a large number of
important fixes. ⌘ [Read more](https://lwn.net/Articles/938617/) 2023-07-19T19:26:42Z **[$] Rust for embedded**
The advantages of the Rust programming language are generally well-known;
memory safety is a feature that has attracted a lot of developer attention
over the last few years. At the inaugural [Embedded\
Open Source Summit](https://events.linuxfoundation.org/embedded-open-source-summit/) (EOSS), which is an umbrella event for numerous
embedded-related conferences, Martin Mosler presented on using Rust for an
embedded project. In the talk, he showed how easy it is to get up and
running with a Rust-based application ... ⌘ [Read more](https://lwn.net/Articles/938409/) 2023-07-20T02:05:40Z **[$] LWN.net Weekly Edition for July 20, 2023**
The LWN.net Weekly Edition for July 20, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/938053/) 2023-07-20T14:19:56Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium), **Fedora** (sysstat), **Gentoo** (openssh), **Mageia** (firefox/nss, kernel, kernel-linus, maven, mingw-nsis, mutt/neomutt, php, qt4/qtsvg5, and texlive), **Red Hat** (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and kpatch-patch), **Slackware** (curl and openssh), **SUSE** (curl, grafana, kernel, mariadb, MozillaFirefox, MozillaFirefox-branding-SLE, poppler, python-Flask, python310, samba, SUSE Manager Client Tools, and texlive), and ** ... ⌘ [Read more](https://lwn.net/Articles/938711/) 2023-07-20T14:39:14Z **[$] Much ado about SBAT**
Sometimes, the shortest patches lead to the longest threads; for a case in
point, see [this\
three-line change](https://lwn.net/ml/linux-kernel/20230711154449.1378385-1-eesposit@redhat.com/) posted by Emanuele Giuseppe Esposito. The purpose of
this change is to improve the security of locked-down systems by adding a
"revocation number" to the kernel image. But, as the discussion revealed,
both the cost and the value of this feature are seen differently across the
kernel-development community. ⌘ [Read more](https://lwn.net/Articles/938422/) 2023-07-21T14:30:40Z **Security updates for Friday**
Security updates have been issued by **Fedora** (golang, nodejs16, nodejs18, and R-jsonlite), **Red Hat** (java-1.8.0-openjdk and java-17-openjdk), **SUSE** (container-suseconnect, redis, and redis7), and **Ubuntu** (wkhtmltopdf). ⌘ [Read more](https://lwn.net/Articles/938878/) 2023-07-21T15:06:10Z **[$] Exceptions in BPF**
The BPF virtual machine in the kernel has been steadily gaining new
features for years, many of which add capabilities that C programmers do
not ordinarily have. So, from one point of view, it was only a matter of
time before BPF gained support for exceptions. As it turns out, though,
this "exceptions" feature is aimed at a specific use case, and its use in
most programs will be truly exceptional. ⌘ [Read more](https://lwn.net/Articles/938435/) 2023-07-23T23:32:28Z **Kernel prepatch 6.5-rc3 and three stable kernels**
Linus has released [6.5-rc3](https://lwn.net/Articles/939013/) for testing.
"Things continue to look pretty normal - there's nothing here that would
seem to stand out, with both the commit counts and the diffs looking pretty
much normal for rc3".

Meanwhile, Greg Kroah-Hartman has released the large
[6.4.5](https://lwn.net/Articles/939014/),
[6.1.40](https://lwn.net/Articles/939015/), and
[5.15.121](https://lwn.net/Articles/939016/)
stable updates; each contains another set of important ... ⌘ [Read more](https://lwn.net/Articles/939012/) 2023-07-24T14:06:23Z **Security updates for Monday**
Security updates have been issued by **Debian** (webkit2gtk), **Fedora** (curl, dotnet6.0, dotnet7.0, ghostscript, kernel-headers, kernel-tools, libopenmpt, openssh, and samba), **Mageia** (virtualbox), **Red Hat** (java-1.8.0-openjdk and java-11-openjdk), and **Scientific Linux** (java-1.8.0-openjdk and java-11-openjdk). ⌘ [Read more](https://lwn.net/Articles/939059/) 2023-07-24T14:12:14Z **Inkscape 1.3 released**
[Version\
1.3](https://inkscape.org/news/2023/07/23/inkscape-launches-version-13-focus-organizing-work/) of the Inkscape drawing editor has been released. "With version
1.3 of Inkscape, you’ll find improved performance, several new features,
and a solid set of improvements to a few existing ones". Changes
include a new shape-builder tool, a "document resources" dialog for the
management of drawings, a new pattern editor, and more. ⌘ [Read more](https://lwn.net/Articles/939035/) 2023-07-24T14:50:51Z **[$] Randomness for kmalloc()**
The kernel's address-space layout randomization is intended to make life
harder for attackers by changing the placement of kernel text and data at
each boot. With this randomization, an attacker cannot know ahead of time
where a vulnerable target will be found on any given system. There are
techniques, though, that can be effective without knowing precisely where a
given object is stored. As a way of hardening systems against such
attacks, the kernel will be gaining yet another form of randomization. ⌘ [Read more](https://lwn.net/Articles/938637/) 2023-07-24T14:50:35Z **Debian adds RISC-V as an official architecture**
The Debian project [is now\
supporting 64-bit RISC-V systems](https://lists.debian.org/debian-riscv/2023/07/msg00053.html) as an official architecture. Some
work remains to be done, though:

> However before you rush to update your sources.list file, I want to
> warn you that the archive is currently almost empty, and that only
> the sid and experimental suites are available. The procedure is to
> rebootstrap the port within the official archive, which means we
> won't import the full ... ⌘ [Read more](https://lwn.net/Articles/939095/) 2023-07-24T17:41:58Z **Zenbleed: an AMD Zen 2 speculative vulnerability**
Tavis Ormandy [reports](https://web.archive.org/web/20230724143835/https://lock.cmpxchg8b.com/zenbleed.html)
on a vulnerability that he has found in "all Zen 2 class processors"
from AMD. (Wayback Machine link as the original site is overloaded.) It can
allow local attackers to recover data used in string
operations; "If you remove the first word from the string 'hello world',
what should the result be? This is the story of how we discovered that the
answer could be your root password!" ... ⌘ [Read more](https://lwn.net/Articles/939099/) 2023-07-24T17:51:01Z **Stable kernels to address Zenbleed released**
Greg Kroah-Hartman has released six new stable kernels to address the [Zenbleed vulnerability](https://lwn.net/Articles/939099/) for AMD processors: [6.4.6](https://lwn.net/Articles/939102/), [6.1.41](https://lwn.net/Articles/939103/),
[5.15.122](https://lwn.net/Articles/939104/), [5.10.187](https://lwn.net/Articles/939105/), [5.4.250](https://lwn.net/Articles/939106/), and [4.19.289](https://lwn.net/Articles/939107/). "All AMD processor users of the
[...] kernel series who have not updated
 ... ⌘ [Read more](https://lwn.net/Articles/939101/) 2023-07-25T13:24:17Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (python-git and renderdoc), **Red Hat** (edk2, kernel, kernel-rt, and kpatch-patch), **Slackware** (kernel), **SUSE** (firefox, libcap, openssh, openssl-1\_1, python39, and zabbix), and **Ubuntu** (cinder, ironic, nova, python-glance-store, python-os-brick, frr, graphite-web, and openssh). ⌘ [Read more](https://lwn.net/Articles/939179/) 2023-07-25T15:03:55Z **[$] A discussion on Linux in space**
There was something of a space theme that pervaded the Embedded Linux
Conference (ELC) portion of the 2023 [Embedded\
Open Source Summit](https://events.linuxfoundation.org/embedded-open-source-summit/) (EOSS), which is an umbrella event for various
sub-conferences related to embedded open-source development. That may
partly be because one of the organizers of EOSS (and ELC), Tim Bird,
described himself as "a bit of a space junkie"; he made that observation
during a panel session that he led on embed ... ⌘ [Read more](https://lwn.net/Articles/938779/) 2023-07-26T13:50:47Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (amd64-microcode, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, iperf3, openjdk-17, and pandoc), **Fedora** (389-ds-base, kitty, and thunderbird), **SUSE** (libqt5-qtbase, libqt5-qtsvg, mysql-connector-java, netty, netty-tcnative, openssl, openssl-1\_1, openssl1, php7, python-scipy, and xmltooling), and **Ubuntu** (amd64-microcode, avahi, libxpm, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
 linux-azure-fde, linux-azure-f ... ⌘ [Read more](https://lwn.net/Articles/939305/) 2023-07-26T17:34:15Z **Extensible scheduler class rejected**
The [extensible scheduler class](https://lwn.net/Articles/922405/) enables the
creation of CPU schedulers in BPF. After [the fourth\
version](https://lwn.net/ml/linux-kernel/20230711011412.100319-1-tj@kernel.org/) of this series was greeted with relative silence, Tejun Heo [asked](https://lwn.net/ml/linux-kernel/ZLrQdTvzbmi5XFeq@slm.duckdns.org/) about
the status of this work:

> We are comfortable with the current API. Everything we tried fit
> pretty well. It will continue to evolve but sched\_ex ... ⌘ [Read more](https://lwn.net/Articles/939332/) 2023-07-26T21:12:05Z **[$] A status update for U-Boot**
The [U-Boot](https://u-boot.readthedocs.io/en/latest/)
"universal boot loader" is used extensively in the embedded-Linux world.
At the 2023 [Embedded\
Open Source Summit](https://events.linuxfoundation.org/embedded-open-source-summit/) (EOSS), Simon Glass gave a presentation ( [slides](https://static.sched.com/hosted_files/eoss2023/b3/Recent%20Advances%20in%20U-Boot.pdf),
[YouTube video](https://www.youtube.com/watch?v=YlJBsVZJkDI)) on
the status of the project, with a focus on new features added over th ... ⌘ [Read more](https://lwn.net/Articles/938769/) 2023-07-27T02:59:54Z **[$] LWN.net Weekly Edition for July 27, 2023**
The LWN.net Weekly Edition for July 27, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/938712/) 2023-07-27T14:48:15Z **Five new stable kernels**
The [6.4.7](https://lwn.net/Articles/939422/), [6.1.42](https://lwn.net/Articles/939423/), [5.15.123](https://lwn.net/Articles/939424/), [5.10.188](https://lwn.net/Articles/939425/), and [5.4.251](https://lwn.net/Articles/939426/) stable kernels have been released. As
usual, they all contain lots of important fixes; users of those series
should upgrade. ⌘ [Read more](https://lwn.net/Articles/939421/) 2023-07-27T17:35:49Z **[$] Flags for fchmodat()**
The [fchmodat()](https://man7.org/linux/man-pages/man3/chmod.3p.html)
system call on Linux hides a little secret: it does not actually implement
all of the functionality that the man page claims (and that [POSIX\
calls for](https://pubs.opengroup.org/onlinepubs/9699919799/functions/chmod.html)). As a result, C libraries have to do a bit of a complicated
workaround to provide the API that applications expect. That situation
looks likely to change with the 6.6 kernel, though, as the result of [this patch\
series ... ⌘ [Read more](https://lwn.net/Articles/939217/) 2023-07-27T19:27:55Z **Security updates for Thursday**
Security updates have been issued by **Debian** (curl), **Fedora** (kitty, mingw-qt5-qtbase, and mingw-qt6-qtbase), **Mageia** (cri-o, kernel, kernel-linus, mediawiki, and microcode), **SUSE** (chromium, conmon, go1.20-openssl, iperf, java-11-openjdk, kernel-firmware, and mariadb), and **Ubuntu** (libvirt, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
 linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm,
 linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, lin ... ⌘ [Read more](https://lwn.net/Articles/939445/) 2023-07-28T14:29:23Z **Systemd 254 released**
Systemd 254 has been released. As usual, there is a long list of changes,
including a new list-paths command for systemctl, the
ability to send POSIX signals to services, a "soft reboot" feature that
restarts user space while leaving the kernel in place, improved support for
" [confidential\
virtual machines](https://www.redhat.com/en/blog/introduction-confidential-virtual-machines)", and a lot more.

The announcement also notes the support for split-/usr systems
will be removed in the next release, and support fo ... ⌘ [Read more](https://lwn.net/Articles/939511/) 2023-07-28T14:43:03Z **Security updates for Friday**
Security updates have been issued by **Debian** (kernel and libmail-dkim-perl), **Fedora** (openssh), and **SUSE** (kernel). ⌘ [Read more](https://lwn.net/Articles/939519/) 2023-07-28T16:28:45Z **[$] Unmaintained filesystems as a threat vector**
One of the longstanding strengths of Linux, and a key to its early success,
is its ability to interoperate with other systems. That interoperability
includes filesystems; Linux supports a wide range of filesystem types,
allowing it to mount filesystems created by many other operating systems.
Some of those filesystem implementations, though, are better maintained
than others; developers at both the kernel and distribution levels are
currently considering, again, how to minimize the secur ... ⌘ [Read more](https://lwn.net/Articles/939097/) 2023-07-28T18:16:37Z **Exploiting the StackRot vulnerability**
For those who are interested in the gory details of how the [StackRot](https://lwn.net/Articles/937377/) vulnerability works, Ruihan Li has
posted [a detailed\
writeup](https://github.com/lrh2000/StackRot#readme) of the bug and how it can be exploited.

> As StackRot is a Linux kernel vulnerability found in the memory
> management subsystem, it affects almost all kernel configurations
> and requires minimal capabilities to trigger. However, it should be
> noted that maple nodes are freed using ... ⌘ [Read more](https://lwn.net/Articles/939542/) 2023-07-28T22:03:51Z **No-GIL mode coming for Python**
The Python Steering Council has [announced\
its intent](https://discuss.python.org/t/a-steering-council-notice-about-pep-703-making-the-global-interpreter-lock-optional-in-cpython/30474) to accept [PEP\
703 (Making the Global Interpreter Lock Optional in CPython)](https://peps.python.org/pep-0703/), with
initial support possibly showing up in the 3.13 release. There are still
some details to work out, though.

> We want to be very careful with backward compatibility. We do not
> want another Python 3 sit ... ⌘ [Read more](https://lwn.net/Articles/939568/) 2023-07-30T21:14:43Z **Kernel prepatch 6.5-rc4**
The [6.5-rc4](https://lwn.net/Articles/939684/) kernel prepatch is out for
testing.

> So here we are, and the 6.5 release cycle continues to look
> entirely normal.
>
> In fact, it's \*so\* normal that we have hit on a very particular
> (and peculiar) pattern with the rc4 releases: we have had \*exactly\*
> 328 non-merge commits in rc4 in 6.2, 6.3 and now 6.5. Weird
> coincidence.
>
> And honestly, that weird numerological coincidence is just about
> the most interesting thing here. ⌘ [Read more](https://lwn.net/Articles/939685/) 2023-07-31T14:04:13Z **Security updates for Monday**
Security updates have been issued by **CentOS** (apr-util, bcel, c-ares, emacs, git, java-1.8.0-openjdk, libwebp, open-vm-tools, python, and python3), **Debian** (amd64-microcode, kernel, and thunderbird), **Fedora** (iperf3), **SUSE** (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cjose, java-17-openjdk, jtidy, kernel-firmware, kubevirt, virt-api-container, virt-controll ... ⌘ [Read more](https://lwn.net/Articles/939770/) 2023-07-31T14:46:19Z **[$] A virtual filesystem locking surprise**
It is well understood that concurrency makes programming problems harder;
the high level of concurrency inherent in kernel development is one of the
reasons why kernel work can be challenging. Things can get even worse,
though, if concurrent access happens in places where the code is not
expecting it. The long story accompanying [this\
short patch](https://lwn.net/ml/linux-fsdevel/20230724-vfs-fdget_pos-v1-1-a4abfd7103f3@kernel.org/) from Christian Brauner is illustrative of the kind of
proble ... ⌘ [Read more](https://lwn.net/Articles/939389/) 2023-07-31T14:58:54Z **GnuCOBOL 3.2 released**
Version 3.2 of the GNU COBOL compiler is out. "The amount of features
are too much to note, but you can skip over the attached NEWS file to
investigate them." These new features include improved support for
COBOL dialects, performance improvements, better GDB debugging support, and
more. ⌘ [Read more](https://lwn.net/Articles/939807/) 2023-07-31T15:05:28Z **Emacs 29.1 released**
Version 29.1 of the Emacs editor has been released. There is a long list
of changes, including integration with the [Tree-sitter](https://tree-sitter.github.io/tree-sitter/)
incremental parsing library, the ability to access SQLite databases,
"pure GTK" display support (which enables [Wayland support](https://lwn.net/Articles/843896/)), and a lot more; see [the\
NEWS file](https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29) for all the details. ⌘ [Read more](https://lwn.net/Articles/939808/) 2023-08-01T13:23:22Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (tiff), **Fedora** (curl), **Red Hat** (bind, ghostscript, iperf3, java-1.8.0-ibm, nodejs, nodejs:18, openssh, postgresql:15, and samba), **Scientific Linux** (iperf3), **Slackware** (mozilla and seamonkey), **SUSE** (compat-openssl098, gnuplot, guava, openssl-1\_0\_0, pipewire, python-requests, qemu, samba, and xmltooling), and **Ubuntu** (librsvg, openjdk-8, openjdk-lts, openjdk-17, openssh, rabbitmq-server, and webkit2gtk). ⌘ [Read more](https://lwn.net/Articles/939917/) 2023-08-01T13:54:32Z **Hall: IBM, Red Hat and Free Software: An old maddog’s view**
Here is [a\
long reminiscence](https://www.lpi.org/blog/2023/07/30/ibm-red-hat-and-free-software-an-old-maddogs-view/) from Jon "maddog" Hall leading up to some thoughts on
Red Hat's source-release policy changes.

> Recently I have been seeing some cracks in the dike. As more and
> more users of FOSS come on board, they put more and more demands on
> developers whose numbers are not growing sufficiently fast enough
> to keep all the software working.
>
> I hear from FOSS d ... ⌘ [Read more](https://lwn.net/Articles/939922/) 2023-08-01T20:43:21Z **[$] Challenges for KernelCI**
Kernel testing is a perennial topic at Linux-related conferences and the [KernelCI project](https://kernelci.org/) is one of the larger testing
players. It does its own testing but also coordinates with various other
testing systems and aggregates their
results. At the
2023 [Embedded\
Open Source Summit](https://events.linuxfoundation.org/embedded-open-source-summit/) (EOSS), KernelCI developer Nikolai Kondrashov gave a
presentation on the testing framework, its database, and how others can get
involved in ... ⌘ [Read more](https://lwn.net/Articles/939538/) 2023-08-02T13:54:20Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (bouncycastle), **Fedora** (firefox), **Red Hat** (cjose, curl, iperf3, kernel, kernel-rt, kpatch-patch, libeconf, libxml2, mod\_auth\_openidc:2.3, openssh, and python-requests), **SUSE** (firefox, jtidy, libredwg, openssl, salt, SUSE Manager Client Tools, and SUSE Manager Salt Bundle), and **Ubuntu** (firefox). ⌘ [Read more](https://lwn.net/Articles/940103/) 2023-08-02T16:41:26Z **Asahi Linux to become a Fedora remix**
The [Asahi Linux](https://asahilinux.org/) project, which is
working to create a Linux distribution for Apple hardware, has [announced](https://asahilinux.org/2023/08/fedora-asahi-remix/)
that its new "flagship" distribution will be based on Fedora Linux.

> Working directly with upstream means not only can we integrate more
> closely with the core distribution, but we can also get issues in
> other packages fixed quickly and smoothly. This is particularly
> important for platforms like desktop ... ⌘ [Read more](https://lwn.net/Articles/940144/) 2023-08-02T17:06:48Z **Project Zero on Arm MTE**
Google's Project Zero has spent some time studying the Arm memory tagging
extension (MTE), [support for which](https://lwn.net/Articles/834289/) was
merged into the 5.10 kernel, and [posted\
the results](https://googleprojectzero.blogspot.com/2023/08/summary-mte-as-implemented.html):

> Despite its limitations, MTE is still by far the most promising
> path forward for improving C/C++ software security in 2023. The
> ability of MTE to detect memory corruption exploitation at the
> first dangerous access provi ... ⌘ [Read more](https://lwn.net/Articles/940152/) 2023-08-02T22:01:48Z **[$] GIL removal and the Faster CPython project**
The Python global interpreter lock (GIL) has long been a barrier to
increasing the performance of programs by using multiple threads—the GIL
serializes access to the interpreter's virtual machine such that only one thread
can be executing Python code at any given time. There are other mechanisms
to provide
concurrency for the language, but the specter of the GIL—and its reality as
well—have often been cited as a major negative for Python. Back in October
2021, Sam Gross [introduced](https ... ⌘ [Read more](https://lwn.net/Articles/939981/) 2023-08-03T02:30:31Z **[$] LWN.net Weekly Edition for August 3, 2023**
The LWN.net Weekly Edition for August 3, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/939364/) 2023-08-03T14:23:34Z **Security updates for Thursday**
Security updates have been issued by **Debian** (linux-5.10), **Red Hat** (.NET 6.0 and iperf3), **Slackware** (openssl), **SUSE** (kernel, mariadb, poppler, and python-Django), and **Ubuntu** (gst-plugins-base1.0, gst-plugins-good1.0, maradns, openjdk-20, and vim). ⌘ [Read more](https://lwn.net/Articles/940335/) 2023-08-03T14:30:13Z **Stable kernels 6.4.8, 6.1.43, and 5.15.124**
The [6.4.8](https://lwn.net/Articles/940337/), [6.1.43](https://lwn.net/Articles/940338/), and [5.15.124](https://lwn.net/Articles/940339/) stable kernels have been released.
As usual, they contain important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/940336/) 2023-08-03T14:39:15Z **[$] Making life (even) harder for proprietary modules**
The kernel community has never had a smooth relationship with the purveyors
of proprietary kernel modules. Developers tend to strongly dislike those
modules, which cannot be debugged or fixed by anybody other than their
creator, and many see them as a violation of the kernel's license and their
copyrights on the code. Nonetheless, proprietary modules are tolerated,
within bounds. A recent patch from Christoph Hellwig suggests that those
bounds are about to be tightened slightly, in ... ⌘ [Read more](https://lwn.net/Articles/939842/) 2023-08-04T14:18:12Z **Security updates for Friday**
Security updates have been issued by **CentOS** (bind and kernel), **Debian** (cjose, firefox-esr, ntpsec, and python-django), **Fedora** (chromium, firefox, librsvg2, and webkitgtk), **Red Hat** (firefox), **Scientific Linux** (firefox and openssh), **SUSE** (go1.20, ImageMagick, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, kernel, openssl-1\_1, pipewire, python-pip, and xtrans), and **Ubuntu** (cargo, rust-cargo, cpio, poppler, and xmltooling). ⌘ [Read more](https://lwn.net/Articles/940481/) 2023-08-04T14:26:20Z **[$] Beginning the software-interrupt lock pushdown**
The big kernel lock (BKL) is a distant memory now but, for years, it was
one of the more intractable problems faced by the kernel development
community. The end of the BKL does not mean that the kernel is without
problematic locks, however. In recent times, some attention has been paid
to the software-interrupt (or "bottom half") lock, which can create latency
problems, especially on realtime systems. Frederic Weisbecker is taking a
new tack in his campaign to cut this lock down to si ... ⌘ [Read more](https://lwn.net/Articles/939973/) 2023-08-05T14:29:59Z **Mourning Bram Moolenaar**
Bram Moolenaar, the creator of the vim editor, [passed\
away](https://groups.google.com/g/vim_announce/c/tWahca9zkt4) on August 3. "Bram dedicated a large part of his life to
VIM and he was very proud of the VIM community that you are all part
of." He will be missed. ⌘ [Read more](https://lwn.net/Articles/940551/) 2023-08-05T19:40:47Z **Ekstrand: NVK Has landed**
Faith Ekstrand [announces](https://www.collabora.com/news-and-blog/news-and-events/nvk-has-landed.html)
on the Collabora blog
that NVK, an open-source driver for NVIDIA GPUs, will be included in the
Mesa 23.3 release.

> Merging into mesa/main is certainly a big milestone but NVK is
> nowhere near finished. It will take a long time before we get the
> bugs worked out and get a full feature set with reasonable
> performance. What it does mean is that we're pretty confident in
> the core of the driver and th ... ⌘ [Read more](https://lwn.net/Articles/940567/) 2023-08-06T23:17:03Z **Kernel prepatch 6.5-rc5**
Linus has released [6.5-rc5](https://lwn.net/Articles/940617/) for testing.
"Things continue to look pretty normal. Not a huge number of commits,
and most of the ones here are tiny". ⌘ [Read more](https://lwn.net/Articles/940618/) 2023-08-07T14:24:27Z **[$] Shadow stacks for 64-bit Arm systems**
[Return-oriented\
programming (ROP)](https://en.wikipedia.org/wiki/Return-oriented_programming) has, for some years now, been a valuable tool for
those who would subvert a system's security. It is thus not surprising
that a lot of effort has gone into thwarting ROP attacks, which depend on
corrupting the call stack with a carefully chosen set of return addresses,
at both the hardware and software levels. One result of this work is
shadow stacks, which can detect corruption of the call stack, al ... ⌘ [Read more](https://lwn.net/Articles/940403/) 2023-08-07T14:23:29Z **Security updates for Monday**
Security updates have been issued by **Debian** (burp, chromium, ghostscript, openimageio, pdfcrack, python-werkzeug, thunderbird, and webkit2gtk), **Fedora** (amanda, libopenmpt, llhttp, samba, seamonkey, and xen), **Red Hat** (thunderbird), **Slackware** (mozilla and samba), and **SUSE** (perl-Net-Netmask, python-Django1, trytond, and virtualbox). ⌘ [Read more](https://lwn.net/Articles/940682/) 2023-08-07T14:35:06Z **The Sourceware 25 roadmap**
[Sourceware](https://sourceware.org/), the development home for
the GNU toolchain and more, is about to celebrate its 25th anniversary and
is [looking\
forward](https://lwn.net/ml/gcc/20230807114120.GF12836@gnu.wildebeest.org/) to the next 25 years:

> That is why in the last couple of years we have started to
> diversify our hardware partners, setup new services using
> containers and isolated VMs, investigated secure supply chain
> issues, added redundant mirrors, created a non-profit home,
> collected ... ⌘ [Read more](https://lwn.net/Articles/940683/) 2023-08-07T14:48:30Z **Introducing Incus**
The [Linux Containers project](https://linuxcontainers.org/) has
[announced](https://linuxcontainers.org/incus/) the addition of
[Incus](https://github.com/lxc/incus), which is a fork of LXD
5.16 started by Aleksa Sarai. Incus was created in response to [Canonical's removal of LXD from Linux\
Containers](https://lwn.net/Articles/937369/).

> After some discussion with Aleksa and a fair bit of encouragement from our
> community, we have made the decision to take Incus under the umbrella of
> Linux Containers and will ... ⌘ [Read more](https://lwn.net/Articles/940684/) 2023-08-08T13:18:06Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (libhtmlcleaner-java and thunderbird), **Red Hat** (dbus, kernel, kernel-rt, kpatch-patch, and thunderbird), **Scientific Linux** (thunderbird), **SUSE** (chromium, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, kernel-firmware, libqt5-qtbase, libqt5-qtsvg, librsvg, pcre2, perl-Net-Netmask, qt6-base, and thunderbird), and **Ubuntu** (firefox). ⌘ [Read more](https://lwn.net/Articles/940755/) 2023-08-08T18:00:19Z **Another round of speculative-execution vulnerabilities**
There is a newly disclosed set of vulnerabilities in Intel processors that
have been given the name [Downfall\
attacks](https://downfall.page/).

> Downfall attacks targets a critical weakness found in billions of
> modern processors used in personal and cloud computers. This
> vulnerability, identified as CVE-2022-40982, enables a user to
> access and steal data from other users who share the same
> computer. For instance, a malicious app obtained from an app store
> could u ... ⌘ [Read more](https://lwn.net/Articles/940783/) 2023-08-08T19:04:45Z **Stable kernels with security fixes**
The
[6.4.9](https://lwn.net/Articles/940799/),
[6.1.44](https://lwn.net/Articles/940800/),
[5.15.125](https://lwn.net/Articles/940801/),
[5.10.189](https://lwn.net/Articles/940802/),
[5.4.252](https://lwn.net/Articles/940803/),
[4.19.290](https://lwn.net/Articles/940804/), and
[4.14.321](https://lwn.net/Articles/940805/)
stable kernel updates have all been released; they are dominated by fixes
for [the latest round](https://lwn.net/Articles/940783/) of
speculative-execution vulnerabilities.

Do note ... ⌘ [Read more](https://lwn.net/Articles/940798/) 2023-08-08T20:34:34Z **[$] SFrame: fast, low-overhead stack traces**
Getting a stack trace of a running program is useful in a variety of
scenarios: tracing, profiling, debugging, performance tuning, and more.
There are existing mechanisms to get stack traces, but there are some
downsides to them; the "Simple Frame" (SFrame) stack-trace format came
about to address the shortcomings in the other techniques. Back in May,
Steve Rostedt and Indu Bhagat gave a [talk about\
SFrame support in the kernel](https://lwn.net/Articles/932209/) as part of [LSFMM+BPF](https ... ⌘ [Read more](https://lwn.net/Articles/940686/) 2023-08-09T13:23:42Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (cjose, hdf5, and orthanc), **Fedora** (java-17-openjdk and seamonkey), **Red Hat** (curl, dbus, iperf3, kernel, kpatch-patch, libcap, libxml2, nodejs:16, nodejs:18, postgresql:10, postgresql:12, postgresql:13, and python-requests), **SUSE** (bluez, cjose, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, keylime, openssl-1\_1, openssl-3, pipewire, poppler, qemu, rubygem-actionpack-4\_2, rubygem-actionpack-5\_1, ... ⌘ [Read more](https://lwn.net/Articles/940912/) 2023-08-09T22:27:49Z **[$] CPython without a global interpreter lock**
The global interpreter lock (GIL) has been a part of CPython since the
beginning— [nearly](https://www.backblaze.com/blog/the-python-gil-past-present-and-future/)—but
that seems likely to change over the next five or so
years. As we [described](https://lwn.net/Articles/939981/) last week, the
Python steering council has [announced](https://discuss.python.org/t/a-steering-council-notice-about-pep-703-making-the-global-interpreter-lock-optional-in-cpython/30474)
its [intention to start movin ... ⌘ [Read more](https://lwn.net/Articles/940780/) 2023-08-10T01:46:45Z **[$] LWN.net Weekly Edition for August 10, 2023**
The LWN.net Weekly Edition for August 10, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/940290/) 2023-08-10T14:21:12Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr), **Fedora** (chromium, kernel, krb5, and rust), and **Ubuntu** (graphite-web and velocity). ⌘ [Read more](https://lwn.net/Articles/941082/) 2023-08-10T14:30:59Z **[$] An ioctl() call to detect memory writes**
It is the kernel's business to know when a process's memory has been
written to; among other things, this knowledge is needed to determine which
pages can
be immediately reclaimed or to properly write dirty pages to backing store.
Sometimes, though, user space also needs access to this information in a
reliable and fast manner. [This\
patch series](https://lwn.net/ml/linux-mm/20230808104309.357852-1-usama.anjum@collabora.com/) from Muhammad Usama Anjum adds a new ioctl() call
for this purpos ... ⌘ [Read more](https://lwn.net/Articles/940704/) 2023-08-10T15:32:05Z **The Open Enterprise Linux Association**
The [Open Enterprise Linux Association](https://openela.org/)
has [announced its\
existence](https://openela.org/news/hello_world/). It is a collaboration between CIQ (Rocky Linux), Oracle,
and SUSE to provide an RHEL-compatible distribution.

> Starting later this year, OpenELA will provide sources necessary
> for downstreams compatible with RHEL to exist, with initial focus
> on RHEL versions EL8, EL9 and possibly EL7. The project is
> committed to ensuring the continued availability of OpenE ... ⌘ [Read more](https://lwn.net/Articles/941091/) 2023-08-11T14:15:35Z **Security updates for Friday**
Security updates have been issued by **Debian** (intel-microcode, kernel, and php-dompdf), **Fedora** (linux-firmware, OpenImageIO, and php), **Oracle** (aardvark-dns, kernel, linux-firmware, python-flask, and python-werkzeug), **SUSE** (container-suseconnect, go1.19, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, java-11-openjdk, kernel-firmware, kubernetes1.24, openssl-1\_1, poppler, python-scipy, qatengine, ucode-intel, util-linux, and vim), and **Ubuntu** (dotnet6, dotnet7, php-d ... ⌘ [Read more](https://lwn.net/Articles/941271/) 2023-08-11T14:35:19Z **New stable kernels released**
Greg Kroah-Hartman has announced the release of the
[6.4.10](https://lwn.net/Articles/941274/), [6.1.45](https://lwn.net/Articles/941275/),
[5.10.190](https://lwn.net/Articles/941276/), [5.4.253](https://lwn.net/Articles/941277/), [4.19.291](https://lwn.net/Articles/941278/), and [4.14.322](https://lwn.net/Articles/941279/) stable kernels. Note that 5.15.126
was also [in\
the review process for this batch](https://lwn.net/ml/linux-kernel/20230809103633.485906560@linuxfoundation.org/), but has not (yet) been ... ⌘ [Read more](https://lwn.net/Articles/941273/) 2023-08-11T14:48:59Z **[$] Following up on file-position locking**
LWN recently covered [a discussion on\
file-position locking](https://lwn.net/Articles/939389/) that demonstrated the hazards that can result
from unexpected concurrency. It turns out that this discussion had not yet
fully run its course. Since that article was written, additional changes
intended to address a performance regression evolved into a core virtual
filesystem (VFS) layer API change to carry out some much-delayed housecleaning. ⌘ [Read more](https://lwn.net/Articles/940808/) 2023-08-13T22:49:03Z **Kernel prepatch 6.5-rc6**
The [6.5-rc6](https://lwn.net/Articles/941403/) kernel prepatch is out for
testing.

> So apart from the regularly scheduled hardware mitigation patches,
> everything looks fairly normal. And I guess the hw mitigation is to
> be considered normal too, apart from the inevitable fixup patches
> it then causes because the embargo keeps us from testing it widely
> and keeps it from all our public automation. Sigh. ⌘ [Read more](https://lwn.net/Articles/941405/) 2023-08-14T14:06:57Z **Security updates for Monday**
Security updates have been issued by **Debian** (gst-plugins-ugly1.0, libreoffice, linux-5.10, netatalk, poppler, and sox), **Fedora** (chromium, ghostscript, java-1.8.0-openjdk-portable, java-11-openjdk, java-11-openjdk-portable, java-17-openjdk-portable, java-latest-openjdk-portable, kernel, linux-firmware, mingw-python-certifi, ntpsec, and php), **Oracle** (.NET 6.0, .NET 7.0, 15, 18, bind, bind9.16, buildah, cjose, curl, dbus, emacs, firefox, go-toolset and golang, go-toolset:ol8, grafana, iperf3, java- ... ⌘ [Read more](https://lwn.net/Articles/941587/) 2023-08-14T14:12:23Z **[$] A new futex API**
The Linux fast user-space mutex ("futex") subsystem debuted with the 2.6.0
kernel; it provides a mechanism that can be used to implement user-space
locking. Since futexes avoid calling into the kernel whenever possible,
they can indeed be fast, especially in the uncontended case. The API used
to access futexes has never been seen as one of Linux's strongest points,
though, so there has long been a desire to improve it. [This patch\
series](https://lwn.net/ml/linux-kernel/20230807121843.710612856@infradead.org/) fro ... ⌘ [Read more](https://lwn.net/Articles/940944/) 2023-08-14T14:21:42Z **Nuta: Exploring the internals of Linux v0.01**
For those who find the 6.x kernel intimidating, Seiya Nuta has written [a look at the 0.01\
kernel](https://seiya.me/blog/reading-linux-v0.01), which reflects a simpler time.

> By the way, there's an interesting comment about the scheduler:
>
> ```
> * 'schedule()' is the scheduler function. This is GOOD CODE! There
> * probably won't be any reason to change this, as it should work well
> * in all circumstances (ie gives IO-bound processes good response etc).
>
> ```
>
> Yes i ... ⌘ [Read more](https://lwn.net/Articles/941591/) 2023-08-15T13:00:41Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (samba), **Red Hat** (.NET 6.0, .NET 7.0, rh-dotnet60-dotnet, rust, rust-toolset-1.66-rust, and rust-toolset:rhel8), and **SUSE** (kernel and opensuse-welcome). ⌘ [Read more](https://lwn.net/Articles/941658/) 2023-08-15T13:26:00Z **Maintainers Summit call for topics**
The 2023 Maintainers Summit will be held on November 16 in Richmond, VA,
immediately after the [Linux Plumbers\
Conference](https://lpc.events/).

> As in previous years, the Maintainers Summit is invite-only, where
> the primary focus will be process issues around Linux Kernel
> Development. It will be limited to 30 invitees and a handful of
> sponsored attendees.

The [call for\
topics](https://lwn.net/ml/ksummit-discuss/20230815052947.GA3214753@mit.edu/) has just gone out, with the first invita ... ⌘ [Read more](https://lwn.net/Articles/941660/) 2023-08-15T15:38:59Z **Devuan 5.0.0 released**
[Version\
5.0 ("Daedalus")](https://lwn.net/ml/devuan-devel/20230815152733.e6hlowjxwgwcngli@napoli/) of the Debian-based Devuan distribution has been
released. "This is the result of many months of painstaking work by the
Team and detailed testing by the wider Devuan community." The
announcement lists a couple of new features but mostly defers to [the\
Debian 12 ("bookworm") release notes](https://www.debian.org/releases/bookworm/releasenotes). ⌘ [Read more](https://lwn.net/Articles/941672/) 2023-08-15T21:19:37Z **[$] A per-interpreter GIL**
"Subinterpreters", which are separate Python interpreters running in the
same process that can be
created [using\
the C API](https://docs.python.org/3/c-api/init.html#sub-interpreter-support), have been a part of Python since the previous century
(version 1.5 in 1997), but they are largely unknown and unused.
Eric Snow has been on something of a quest, since 2015 or so, to bring
[better multicore processing to Python](https://lwn.net/Articles/650489/) by
way of subinterpreters (or "multiple interpreters"). He ... ⌘ [Read more](https://lwn.net/Articles/941090/) 2023-08-16T13:04:50Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (datatables.js and openssl), **Fedora** (ghostscript, java-11-openjdk, java-latest-openjdk, microcode\_ctl, and xen), **Red Hat** (redhat-ds:11), **SUSE** (java-1\_8\_0-openj9, kernel, krb5, pcre2, and perl-HTTP-Tiny), and **Ubuntu** (gstreamer1.0, mysql-8.0, tiff, and webkit2gtk). ⌘ [Read more](https://lwn.net/Articles/941722/) 2023-08-16T14:10:50Z **Debian adds LoongArch support**
The Debian project has [added\
the LoongArch architecture](https://lwn.net/ml/debian-devel-announce/c32d3af9f9ebc362431e2f208f75b52ba64779c0.camel@physik.fu-berlin.de/) to its ports collection.

> After an initial manual bootstrap of roughly 200 packages, two
> buildds are now building packages for the newly added "loong64"
> port with the help of qemu-user. After enough packages have been
> built for the port to be self-hosting, we're planning to replace
> these two buildds with real hardware hosted ... ⌘ [Read more](https://lwn.net/Articles/941743/) 2023-08-16T14:26:23Z **Debian turns 30**
On August 16, 1993, Ian Murdock [announced](https://groups.google.com/g/comp.os.linux.development/c/Md3Modzg5TU/m/xty88y5OLaMJ)
a new distribution to the comp.os.linux.development Usenet newsgroup:

> This is just to announce the imminent completion of a brand-new
> Linux release, which I'm calling the Debian Linux Release. This is
> a release that I have put together basically from scratch; in other
> words, I didn't simply make some changes to SLS and call it a new
> release. I was inspired to put together this r ... ⌘ [Read more](https://lwn.net/Articles/941744/) 2023-08-16T17:27:49Z **Wednesday's stable kernel updates**
The
[6.4.11](https://lwn.net/Articles/941773/),
[6.1.46](https://lwn.net/Articles/941774/),
[5.15.127](https://lwn.net/Articles/941775/),
[5.10.191](https://lwn.net/Articles/941777/),
[5.4.254](https://lwn.net/Articles/941776/),
[4.19.292](https://lwn.net/Articles/941778/), and
[4.14.323](https://lwn.net/Articles/941779/)
stable kernels have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/941772/) 2023-08-16T20:07:46Z **[$] Kernel security reporting for distributions**
The [call for topics](https://lwn.net/Articles/941660/) for the [Linux\
Kernel\
Maintainers Summit](https://events.linuxfoundation.org/linux-kernel-maintainer-summit/) went out on August 15; one proposed topic has
generated some interesting discussion about security-bug reporting for the
kernel.
A recent [patch](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4fee0915e649b)
to the kernel's documentation about how to report security bugs recommends
avoiding p ... ⌘ [Read more](https://lwn.net/Articles/941745/) 2023-08-16T22:34:04Z **HashiCorp's license change**
Readers have been pointing us to HashiCorp's [announcement](https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license)
that it is moving to its own "Business Source License" for some of its
(formerly) open-source products. Like other companies ( [example](https://lwn.net/Articles/768670/)) that have taken this path, HashiCorp
is removing the freedom to use its products commercially in ways that it
sees as competitive. This is, in a real sense, an old and tiresome story.

The lessons to be drawn ... ⌘ [Read more](https://lwn.net/Articles/941799/) 2023-08-17T00:59:54Z **[$] LWN.net Weekly Edition for August 17, 2023**
The LWN.net Weekly Edition for August 17, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/941046/) 2023-08-17T14:16:56Z **Security updates for Thursday**
Security updates have been issued by **Debian** (open-vm-tools, openjdk-11, and openssh), **Fedora** (librsvg2, llhttp, opensc, and rust), **Oracle** (.NET 6.0, .NET 7.0, iperf3, microcode\_ctl, postgresql:10, and python-requests), **SUSE** (openssl-1\_0\_0, perl-Cpanel-JSON-XS, postgresql12, and postgresql15), and **Ubuntu** (ceph, haproxy, heat, libpod, and postgresql-12, postgresql-14, postgresql-15). ⌘ [Read more](https://lwn.net/Articles/941935/) 2023-08-17T16:15:54Z **[$] Out-of-memory victim selection with BPF**
In its default configuration, the Linux kernel will allow processes to
allocate more memory than the system can actually provide; this policy
enables better utilization of physical memory and works just fine — most of
the time. On occasions, though, the kernel may find itself unable to
provide memory that processes may think already belongs to them. If the
situation gets bad enough, the only solution (short of rebooting) is to
declare a sort of memory bankruptcy and write off some of the ker ... ⌘ [Read more](https://lwn.net/Articles/941614/) 2023-08-17T19:51:58Z **SUSE to be acquired, taken private**
SUSE's long story of corporate ownership is gaining a new chapter; the
company has [announced](https://www.suse.com/news/EQT-announces-voluntary-public-purchase-offer-and-intention-to-delist-SUSE/)
that it's majority shareholder (Marcel LUX III SARL) will acquiring the
remaining shares, and will take the company private and off of the stock
exchange. "SUSE’s Management Board and Supervisory Board support the
strategic opportunity from delisting of the company as it will allow SUSE
to focus fully on i ... ⌘ [Read more](https://lwn.net/Articles/941985/) 2023-08-18T12:48:39Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, rar, and unrar-nonfree), **Fedora** (microcode\_ctl, trafficserver, and webkitgtk), **SUSE** (ImageMagick, kernel, nodejs16, nodejs18, postgresql12, postgresql15, re2c, and samba), and **Ubuntu** (ghostscript, haproxy, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-hwe-5.15, linux-ibm,
 linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency,
 linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15,
 linux-raspi, li ... ⌘ [Read more](https://lwn.net/Articles/942076/) 2023-08-18T13:48:46Z **[$] DNF5 delayed**
It is fair to say that the [DNF package\
manager](https://docs.fedoraproject.org/en-US/quick-docs/dnf/) is not the favorite tool of many Fedora users. It was brought
in as a replacement for Yum but got off to [a\
rather rocky start](https://lwn.net/Articles/580223/); DNF has
stabilized over the years, though and the complaints have subsided. That can only
mean one thing: it must be time to throw it away and start over from the
beginning. The replacement, called DNF5, was slated to be a part of the
Fedora 39 release, d ... ⌘ [Read more](https://lwn.net/Articles/941154/) 2023-08-20T21:10:32Z **Linux 6.5-rc7 released**
Linus Torvalds has released the [6.5-rc7 kernel\
prepatch](https://lwn.net/Articles/942249/), which looks to be the final release candidate before the likely
release of Linux 6.5 next Sunday. Torvalds released it a little earlier
than usual due to some travel; overall things look to be in good shape:

> But apart from the timezone difference, everything looks entirely
> normal. Drivers (GPU, networking and sound dominate - the usual
> suspects, in other words) and architecture fixes. The latter are
> mostly arm ... ⌘ [Read more](https://lwn.net/Articles/942248/) 2023-08-21T14:46:10Z **Security updates for Monday**
Security updates have been issued by **Debian** (fastdds, flask, and kernel), **Fedora** (chromium, dotnet6.0, dotnet7.0, gerbv, java-1.8.0-openjdk, libreswan, procps-ng, and spectre-meltdown-checker), **SUSE** (chromium, kernel-firmware, krb5, opensuse-welcome, and python-mitmproxy), and **Ubuntu** (clamav, firefox, and vim). ⌘ [Read more](https://lwn.net/Articles/942311/) 2023-08-21T15:00:29Z **LibreOffice 7.6 Community released**
[The Document Foundation](https://www.documentfoundation.org/)
has [announced\
the release of LibreOffice 7.6 Community](https://blog.documentfoundation.org/blog/2023/08/21/libreoffice-7-6-community/). It is the last release
using the existing numbering scheme as the office suite will move to date-based
release numbers starting with LibreOffice 24.2 in
February, 2024. Highlights of this release include support for
document themes, including import and export of them, a new navigation
panel for Impres ... ⌘ [Read more](https://lwn.net/Articles/942312/) 2023-08-21T17:02:58Z **[$] Defending mounted filesystems from the root user**
Making a filesystem implementation robust in the face of maliciously
created filesystem images is a challenging task even when the
implementation is actively maintained, which [many in the kernel are not](https://lwn.net/Articles/939097/). There is a way to
make that task even harder, though: modify that filesystem image behind the
implementation's back while it is mounted. A recent discussion on the
linux-fsdevel list reveals an ongoing disagreement over whether (and how)
this thre ... ⌘ [Read more](https://lwn.net/Articles/941764/) 2023-08-22T14:20:29Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (intel-microcode, lxc, and zabbix), **Fedora** (clamav), **SUSE** (python-configobj), and **Ubuntu** (clamav). ⌘ [Read more](https://lwn.net/Articles/942405/) 2023-08-22T14:47:30Z **[$] PineTime: a smartwatch for open-source software**
The
[PineTime](https://www.pine64.org/pinetime/) is an inexpensive
smartwatch developed by [PINE64](https://www.pine64.org/) that is
designed to run open-source operating systems. Despite its low cost, however,
it has most of the features expected from more expensive, proprietary
smartwatches. Because it runs open-source software, though, interested
developers
can add any other useful features that they dream up. ⌘ [Read more](https://lwn.net/Articles/941796/) 2023-08-23T14:15:07Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (mediawiki and qt4-x11), **Fedora** (java-17-openjdk, linux-firmware, and python-yfinance), **Red Hat** (kernel, kpatch-patch, and subscription-manager), **SUSE** (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and **Ubuntu** (inetutils). ⌘ [Read more](https://lwn.net/Articles/942514/) 2023-08-23T15:39:14Z **[$] HashiCorp, Terraform, and OpenTF**
Over the years, there have been multiple examples of open-source software
that, suddenly, was no longer open source; on August 10, some further
examples were added to the pile. That happened when HashiCorp [announced](https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license)
that it would be switching the license on its products from the [Mozilla Public\
License 2.0](https://www.mozilla.org/en-US/MPL/2.0/) (MPL) to the [Business Source License 1.1](https://www.hashicorp.com/bsl)
(BSL ... ⌘ [Read more](https://lwn.net/Articles/942346/) 2023-08-23T17:44:57Z **Stable kernels 6.4.12 and 6.1.47**
Greg Kroah-Hartman has announced the release of two new stable kernels: [6.4.12](https://lwn.net/Articles/942530/) and [6.1.47](https://lwn.net/Articles/942531/). Both contain lots of important fixes
throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/942529/) 2023-08-24T02:24:37Z **[$] LWN.net Weekly Edition for August 24, 2023**
The LWN.net Weekly Edition for August 24, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/941867/) 2023-08-24T14:26:07Z **Security updates for Thursday**
Security updates have been issued by **Debian** (w3m), **Fedora** (libqb), **Mageia** (docker-containerd, kernel, kernel-linus, microcode, php, redis, and samba), **Oracle** (kernel, kernel-container, and openssh), **Scientific Linux** (subscription-manager), **SUSE** (ca-certificates-mozilla, erlang, gawk, gstreamer-plugins-base, indent, java-1\_8\_0-ibm, kernel, kernel-firmware, krb5, libcares2, nodejs14, nodejs16, openssl-1\_1, openssl-3, poppler, postfix, redis, webkit2gtk3, and xen), and **Ubuntu** ( ... ⌘ [Read more](https://lwn.net/Articles/942654/) 2023-08-24T15:20:35Z **Rust 1.72.0 released**
[Version\
1.72.0](https://blog.rust-lang.org/2023/08/24/Rust-1.72.0.html) of the Rust compiler has been released. Changes include
improved diagnostics and the removal of a limit on const evaluation:

> To prevent user-provided const evaluation from getting into a
> compile-time infinite loop or otherwise taking unbounded time at
> compile time, Rust previously limited the maximum number of
> statements run as part of any given constant evaluation. However,
> especially creative Rust code could hit these limits ... ⌘ [Read more](https://lwn.net/Articles/942656/) 2023-08-24T15:32:06Z **[$] A more dynamic software I/O TLB**
The kernel's software I/O translation lookaside buffer ("swiotlb") is an
obscure corner of the DMA-support layer. The swiotlb was initially
introduced to enable DMA for devices with special challenges, and one might
have expected it to fade away as newer peripherals came along. Instead,
though, the swiotlb has turned out to be useful in places outside of its
original use cases. [This\
patch set](https://lwn.net/ml/linux-kernel/cover.1690871004.git.petr.tesarik.ext@huawei.com/) from Petr Tesarik now ... ⌘ [Read more](https://lwn.net/Articles/940973/) 2023-08-25T15:14:51Z **Security updates for Friday**
Security updates have been issued by **Debian** (tryton-server), **Fedora** (youtube-dl), **SUSE** (clamav and krb5), and **Ubuntu** (cjose and fastdds). ⌘ [Read more](https://lwn.net/Articles/942766/) 2023-08-25T16:27:19Z **[$] The OpenSprinkler controller**
The more one pays attention to the Internet of Things (IoT), the more one
learns to appreciate simple, unconnected devices. Your editor long ago
acquired an aversion to products that advertise themselves as "smart"
or "WiFi-enabled". There can be advantages, though, to devices that
contain microprocessors, are Internet connected, and are remotely
accessible, if they are implemented well. The [OpenSprinkler](https://opensprinkler.com/) sprinkler timer would
appear to be a case in point. ⌘ [Read more](https://lwn.net/Articles/940509/) 2023-08-25T17:56:53Z **OpenTF Announces Fork of Terraform**
The [OpenTF Foundation](https://opentf.org/) has [announced](https://opentf.org/announcement) that it is moving forward with its eponymous fork of [HashiCorp Terraform](https://www.terraform.io/), which was recently [changed to a non-FOSS license](https://lwn.net/Articles/942346/) by the company. The organization has applied to become part of the Linux Foundation, "with the end goal of having **OpenTF as part of Cloud Native Computing Foundation**". There is a [GitHub repository for its manifesto](ht ... ⌘ [Read more](https://lwn.net/Articles/942770/) 2023-08-27T18:05:03Z **Three stable kernels**
The
[6.1.48](https://lwn.net/Articles/942865/),
[5.15.128](https://lwn.net/Articles/942866/), and
[5.10.192](https://lwn.net/Articles/942867/)
stable kernels have been released; each contains another set of important
fixes. ⌘ [Read more](https://lwn.net/Articles/942864/) 2023-08-27T22:30:38Z **The 6.5 kernel has been released**
Linus has, as expected, [released the 6.5\
kernel](https://lwn.net/Articles/942879/).

> I still have this nagging feeling that a lot of people are on
> vacation and that things have been quiet partly due to that. But
> this release has been going smoothly, so that's probably just me
> being paranoid. The biggest patches this last week were literally
> just to our selftests.

Headline features in 6.5 include
faster booting on large x86 systems,
Arm [Permission Indirection Extension](https://lwn.net ... ⌘ [Read more](https://lwn.net/Articles/942876/) 2023-08-28T14:32:55Z **Security updates for Monday**
Security updates have been issued by **Debian** (chromium, clamav, librsvg, rar, and unrar-nonfree), **Fedora** (caddy, chromium, and xen), and **SUSE** (ca-certificates-mozilla, gawk, ghostscript, java-1\_8\_0-ibm, java-1\_8\_0-openjdk, php7, qemu, and xen). ⌘ [Read more](https://lwn.net/Articles/942922/) 2023-08-28T15:10:17Z **Bugzilla Celebrates 25 Years With Special Announcements (Bugzilla blog)**
August 26 was the 25th anniversary of the release of the [Bugzilla](https://www.bugzilla.org/) bug tracker as open-source software under the Mozilla Public License (MPL). A [blog post](https://www.bugzilla.org/blog/2023/08/26/bugzilla-celebrates-25-years/) for the occasion has some announcements, including several upcoming releases, help wanted, and a new legal entity to house the project:

> Which now brings us to today, when I’m happy to announce the formation o ... ⌘ [Read more](https://lwn.net/Articles/942937/) 2023-08-28T15:16:18Z **[$] Development statistics for the 6.5 kernel**
The 6.5 kernel was [released](https://lwn.net/ml/linux-kernel/CAHk-=wgmKhCrdrOCjp=5v9NO6C=PJ8ZTZcCXj09piHzsZ7qqmw@mail.gmail.com/)
on August 27 after a nine-week development cycle. By that time, some
13,561 non-merge changesets had found their way into the mainline
repository, the lowest number seen since the 5.15 release (12,377
changesets) in late 2021. Nonetheless, quite a bit of significant work was
done in this cycle; read on for a look at where that work came from. ⌘ [Read more](https://lwn.net/Articles/941675/) 2023-08-29T13:50:16Z **Rest in peace Satoru Ueda**
[![[Satoru Ueda]](https://lwn.net/images/2023/ueda.png)](https://lwn.net/Articles/358757/)
The OpenChain site carries the sad news of [the\
passing of Satoru Ueda](https://www.openchainproject.org/news/2023/08/28/in-memory-of-ueda-san). Your editor first met Ueda San at the [2007 Linux Foundation Japan Symposium](https://lwn.net/Articles/241898/), where a
small group of dedicated developers and managers was working hard to bring
open-source development practices to the country. Ueda San was always a
strong ad ... ⌘ [Read more](https://lwn.net/Articles/942973/) 2023-08-29T14:00:10Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (flask-security and opendmarc), **Fedora** (qemu), **Oracle** (rust and rust-toolset:ol8), **Red Hat** (cups and libxml2), **Scientific Linux** (cups), **SUSE** (ca-certificates-mozilla, chromium, clamav, freetype2, haproxy, nodejs12, procps, and vim), and **Ubuntu** (faad2, json-c, libqb, linux, linux-aws, linux-lts-xenial, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, and linux-gke, linux-ibm-5.4). ⌘ [Read more](https://lwn.net/Articles/943006/) 2023-08-29T15:46:01Z **[$] Python is (mostly) made of syntactic sugar**
"Sugar" is, to a certain extent, in the eye of the beholder—at least when
it comes to syntax. Programming languages are often made up of a (mostly)
irreducible core, with lots of sugary constructs sprinkled on top—the [syntactic sugar](https://en.wikipedia.org/wiki/Syntactic_sugar). No one
wants to be forced to do without the extra syntax—at least not for their
favorite pieces—but it is worth looking at how a language's constructs can
be built from the core. That is just what Brett Cannon ... ⌘ [Read more](https://lwn.net/Articles/942767/) 2023-08-30T13:22:58Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (qpdf, ring, and tryton-server), **Fedora** (mingw-qt5-qtbase and moby-engine), **Red Hat** (cups, kernel, kernel-rt, kpatch-patch, librsvg2, and virt:rhel and virt-devel:rhel), and **Ubuntu** (amd64-microcode, firefox, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop,
 linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency,
 linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-aws-5.4, linux-g ... ⌘ [Read more](https://lwn.net/Articles/943087/) 2023-08-30T17:12:47Z **Seven stable kernels**
The
[6.4.13](https://lwn.net/Articles/943111/),
[6.1.50](https://lwn.net/Articles/943112/),
[5.15.129](https://lwn.net/Articles/943113/),
[5.10.193](https://lwn.net/Articles/943114/),
[5.4.255](https://lwn.net/Articles/943115/),
[4.19.293](https://lwn.net/Articles/943116/), and
[4.14.324](https://lwn.net/Articles/943117/)
stable kernels have been released; each contains another set of important
fixes. ⌘ [Read more](https://lwn.net/Articles/943110/) 2023-08-30T18:50:13Z **[$] Mastering Emacs**
A series of rabbit holes, some of which led to [unshaved\
yaks](https://projects.csail.mit.edu/gsb/old-archive/gsb-archive/gsb2000-02-11.html),
recently landed me on a book called [_Mastering Emacs_](https://www.masteringemacs.org/book).
Given that I have been using Emacs "professionally" for more than 16
years—and first looked into it a good ways into the previous century—I
should probably be pretty well-versed in that editor-cum-operating-system.
Sadly, for a variety of reasons, that is not really true, but the b ... ⌘ [Read more](https://lwn.net/Articles/942962/) 2023-08-31T00:14:29Z **[$] LWN.net Weekly Edition for August 31, 2023**
The LWN.net Weekly Edition for August 31, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/942601/) 2023-08-31T13:51:21Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr, json-c, opendmarc, and otrs2), **Red Hat** (java-1.8.0-ibm and kpatch-patch), **Scientific Linux** (kernel), **Slackware** (mozilla), **SUSE** (haproxy, php7, vim, and xen), and **Ubuntu** (elfutils, frr, and linux-gcp, linux-starfive). ⌘ [Read more](https://lwn.net/Articles/943192/) 2023-08-31T15:09:51Z **[$] The first half of the 6.6 merge window**
As of this writing, 4,588 non-merge changesets have been pulled into the
mainline repository for the 6.6 kernel release. The 6.6 merge window, in
other words, is just getting started. Nonetheless, a fair amount of
significant work has already been pulled, so the time has come to summarize
what has happened so far in this development cycle. ⌘ [Read more](https://lwn.net/Articles/942954/) 2023-09-01T14:05:27Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, firefox-esr, and gst-plugins-ugly1.0), **Fedora** (firefox, libeconf, libwebsockets, mosquitto, and rust-rustls-webpki), **SUSE** (amazon-ssm-agent, open-vm-tools, and terraform-provider-helm), and **Ubuntu** (linux-azure, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp-5.15, linux-gcp-5.4, linux-oracle-5.4, linux-gkeop, linux-gkeop-5.15, linux-intel-iotg, linux-kvm, linux-oracle, and python-git). ⌘ [Read more](https://lwn.net/Articles/943302/) 2023-09-01T14:46:06Z **[$] Race-free process creation in the GNU C Library**
The [pidfd API](https://lwn.net/Articles/794707/) has been added to the kernel
over the last several years to provide a race-free way for processes to
refer to each other. While the [GNU C Library](https://www.gnu.org/software/libc/) (glibc) gained
basic pidfd support with the 2.36 release in 2022, it still lacks a
complete solution for race-free process creation. [This\
patch set](https://lwn.net/ml/libc-alpha/20230706134508.422526-1-adhemerval.zanella@linaro.org/) from Adhemerval Z ... ⌘ [Read more](https://lwn.net/Articles/943022/) 2023-09-02T14:01:10Z **A pile of stable kernel updates**
The
[6.5.1](https://lwn.net/Articles/943401/),
[6.4.14](https://lwn.net/Articles/943402/),
[6.1.51](https://lwn.net/Articles/943403/),
[5.15.130](https://lwn.net/Articles/943404/),
[5.10.194](https://lwn.net/Articles/943405/),
[5.4.256](https://lwn.net/Articles/943406/),
[4.19.294](https://lwn.net/Articles/943407/), and
[4.14.325](https://lwn.net/Articles/943408/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/943400/) 2023-09-04T13:54:40Z **Security updates for Monday**
Security updates have been issued by **Debian** (thunderbird), **Fedora** (firefox, kernel, kubernetes, and mediawiki), **Mageia** (openldap), **SUSE** (terraform), and **Ubuntu** (atftp, busybox, and thunderbird). ⌘ [Read more](https://lwn.net/Articles/943492/) 2023-09-04T14:24:54Z **[$] Security topics: io_uring, VM attestation, and random-reseed notifications**
The kernel-development community has recently been discussing a number of
independent patches, each of which is intended to help improve the security
of deployed systems in some way. They touch on a number of areas within the
kernel, including the question of how widely io\_uring should be available,
how to allow virtual machines to attest to their integrity, and the best
way to inform applications when their random-number generators need to be
reseeded. ⌘ [Read more](https://lwn.net/Articles/943239/) 2023-09-05T13:46:43Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (file and thunderbird), **Fedora** (exercism, libtommath, moby-engine, and python-pyramid), **Oracle** (cups and kernel), **Red Hat** (firefox, kernel, kernel-rt, kpatch-patch, and thunderbird), **SUSE** (amazon-ecs-init, buildah, busybox, djvulibre, exempi, firefox, gsl, keylime, kubernetes1.18, php7, and sccache), and **Ubuntu** (docker-registry and linux-azure-5.4). ⌘ [Read more](https://lwn.net/Articles/943584/) 2023-09-05T16:44:20Z **KDE Gear 23.08 Arrived With Plenty of Changes (FOSS Force)**
FOSS Force [looks\
at the KDE Gear 23.08 release](https://fossforce.com/2023/09/kde-gear-23-08-arrives-with-plenty-of-changes-heres-whats-new/).

> For this release, developers have been working in high gear (no pun
> intended) as there were important improvements made to many of
> Gear’s most iconic applications. Not only that: just a little over
> a year after its arrival, the Kalendar app is going through a name
> change as it morphs into what appears will eventually be ... ⌘ [Read more](https://lwn.net/Articles/943596/) 2023-09-05T19:38:33Z **[$] Reducing the bandwidth needs for fwupd**
The [Linux Vendor Firmware Service](https://fwupd.org/) (LVFS)
provides a repository where vendors can upload firmware updates that can be
accessed by the [fwupd](https://github.com/fwupd/fwupd)
firmware update daemon on Linux systems. That mechanism allows users to keep
the hardware components of their systems up to date with the latest firmware
releases, but it has gotten so
popular that the daily metadata queries are starting to swamp the LVFS
content delivery network (CDN) server. So Rich ... ⌘ [Read more](https://lwn.net/Articles/943498/) 2023-09-06T13:13:52Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (aom and php7.3), **Fedora** (freeimage and mingw-freeimage), **Scientific Linux** (thunderbird), **SUSE** (amazon-ssm-agent, chromium, container-suseconnect, docker, glib2, php7, python-Django1, and rubygem-rails-html-sanitizer), and **Ubuntu** (kernel, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-ibm,
 linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm,
 linux-lowlatency, lin ... ⌘ [Read more](https://lwn.net/Articles/943679/) 2023-09-06T14:46:27Z **A guide to network performance tuning**
Leandro Moreira is maintaining [a\
detailed description of Linux network tuning parameters](https://github.com/leandromoreira/linux-network-performance-parameters) and how they
all tie together. There is a lot of good information for administrators
seeking a better understanding of how all those knobs work and
interoperate. (Seen on [HN](https://news.ycombinator.com/item?id=37403799#37405835)). ⌘ [Read more](https://lwn.net/Articles/943697/) 2023-09-06T14:57:35Z **Mozilla: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy**
The Mozilla Foundation has published [a\
report](https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/) on the data-collection and privacy practices of 25 car brands.

> We reviewed 25 car brands in our research and we handed out 25
> "dings" for how those companies collect and use data and personal
> information. That’s right: every car brand we loo ... ⌘ [Read more](https://lwn.net/Articles/943699/) 2023-09-06T19:29:17Z **[$] Altering Python attribute handling for modules**
A recent discussion on the [Python forum](https://discuss.python.org/) looked at a way to
protect module objects (and users) from mistaken attribute assignment and
deletion.
There are ways
to get the same effect today, but the mechanism that would be used causes a
performance penalty for an unrelated, and heavily used, action: attribute
lookup on modules. Back in 2017, [PEP 562](https://peps.python.org/pep-0562/) ("Module \_\_getattr\_\_
and \_\_dir\_\_") set the stage for adding magi ... ⌘ [Read more](https://lwn.net/Articles/943619/) 2023-09-06T20:50:42Z **Four stable kernel releases**
The
[6.5.2](https://lwn.net/Articles/943752/),
[6.4.15](https://lwn.net/Articles/943753/),
[6.1.52](https://lwn.net/Articles/943754/), and
[5.15.131](https://lwn.net/Articles/943755/)
stable kernels have been released; each contains another set of important
fixes. ⌘ [Read more](https://lwn.net/Articles/943751/) 2023-09-07T01:56:39Z **[$] LWN.net Weekly Edition for September 7, 2023**
The LWN.net Weekly Edition for September 7, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/943199/) 2023-09-07T13:39:09Z **Security updates for Thursday**
Security updates have been issued by **Fedora** (erofs-utils, htmltest, indent, libeconf, netconsd, php-phpmailer6, tinyexr, and vim), **Red Hat** (firefox), and **Ubuntu** (linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15, linux-azure, linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-intel-iotg-5.15, linux-raspi, linux-oem-6.1, linux-raspi, linux-raspi-5.4, shiro, and sox). ⌘ [Read more](https://lwn.net/Articles/943856/) 2023-09-07T14:47:35Z **[$] Replacing openSUSE Leap**
[OpenSUSE Leap](https://get.opensuse.org/leap/15.5/) is a hybrid
distribution; it is based on SUSE's enterprise distribution (SLE), which
follows the "slow and stable" approach, but adds a number of newer packages
on top. Leap is intended to be a desktop-oriented distribution with a stable
and reliable base. As SUSE transitions away from its traditional
enterprise distribution toward its ["Adaptable\
Linux Platform" (ALP)](https://susealp.io/), though, the stable base upon which openSUSE Leap
is built is go ... ⌘ [Read more](https://lwn.net/Articles/943591/) 2023-09-07T16:56:27Z **Ubuntu to add TPM-backed full-disk encryption**
The Ubuntu blog has [a\
detailed article](https://ubuntu.com/blog/tpm-backed-full-disk-encryption-is-coming-to-ubuntu) on plans to add full-disk encryption, with the key
stored in the system's trusted platform module (TPM), to the desktop
distribution.

> In order to deliver these benefits, the implementation of
> TPM-backed FDE relies on two main design principles. First, it
> seals the FDE secret key to the full EFI state, including the
> kernel command line. Second, access to the dec ... ⌘ [Read more](https://lwn.net/Articles/943869/) 2023-09-08T13:40:24Z **Google bakes a user-tracking ad platform directly into Chrome (ars technica)**
[This\
ars technica article](https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/) looks at the widespread deployment of Google's
"privacy sandbox" in the Chrome browser:

> If you haven't been following this, this feature will track the web
> pages you visit and generate a list of advertising topics that it
> will share with web pages whenever they ask, and it's built
> directly into the Chrome ... ⌘ [Read more](https://lwn.net/Articles/943969/) 2023-09-08T14:23:00Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, libssh2, memcached, and python-django), **Fedora** (netconsd), **Oracle** (firefox and thunderbird), **Scientific Linux** (firefox), **SUSE** (open-vm-tools), and **Ubuntu** (grub2-signed, grub2-unsigned, shim, and shim-signed, plib, and python2.7, python3.5). ⌘ [Read more](https://lwn.net/Articles/943990/) 2023-09-08T14:41:27Z **[$] Prerequisites for large anonymous folios**
The work to add support for [large anonymous\
folios](https://lwn.net/Articles/937239/) to the kernel has been underway for some time, but this feature
has not yet landed in the mainline. The author of this work, Ryan Roberts,
has been trying to get a handle on what the remaining obstacles are so he
can address them. On September 6, an online meeting of
memory-management developers discussed that topic and made some progress;
there is still some work to do, though, before large anonymous fo ... ⌘ [Read more](https://lwn.net/Articles/943758/) 2023-09-08T15:54:21Z **Benjamin: Towards a new SymPy**
In a [series of posts on his blog](https://oscarbenjamin.github.io/blog/czi/index.html#new-sympy), Oscar Benjamin looks at [SymPy](https://www.sympy.org/en/index.html), which is a Python-based symbolic-mathematics library. In the [first article](https://oscarbenjamin.github.io/blog/czi/post1.html), he outlines the "big changes for SymPy with particular focus on speed". The [second](https://oscarbenjamin.github.io/blog/czi/post2.html) covers polynomial handling; subsequent articles will examine other piece ... ⌘ [Read more](https://lwn.net/Articles/943995/) 2023-09-10T23:54:46Z **Kernel prepatch 6.6-rc1**
Linus has [released 6.6-rc1](https://lwn.net/Articles/944122/) and closed the
merge window for this release.

> All the stats for 6.6 look fairly normal so far - as always, the
> bulk of the patch is drivers (a bit of everything, but networking
> and gpu are the two biggest areas), with arch updates coming in as
> a notable second, and then we have tooling and documentation. ⌘ [Read more](https://lwn.net/Articles/944121/) 2023-09-11T13:56:30Z **Security updates for Monday**
Security updates have been issued by **Debian** (frr, kernel, libraw, mutt, and open-vm-tools), **Fedora** (cjose, pypy, vim, wireshark, and xrdp), **Gentoo** (apache), **Mageia** (chromium-browser-stable, clamav, ghostscript, librsvg, libtiff, openssl, poppler, postgresql, python-pypdf2, and unrar), **Red Hat** (flac), **SUSE** (firefox, geoipupdate, icu73\_2, libssh2\_org, rekor, skopeo, and webkit2gtk3), and **Ubuntu** (linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp-5.4, linux-gkeop, linux-ras ... ⌘ [Read more](https://lwn.net/Articles/944190/) 2023-09-11T14:24:45Z **[$] The rest of the 6.6 merge window**
Linus Torvalds [released\
6.6-rc1](https://lwn.net/ml/linux-kernel/CAHk-=wgfL1rwyvELk2VwJTtiLNpwxTFeFtStLeAQ-2rTRd34eQ@mail.gmail.com/) and closed the 6.6 merge window on September 10. At that
point, 12,230 non-merge changesets had been pulled into the mainline
repository, which is exactly 500 more than were pulled for 6.5 at this stage
in the cycle. Over 7,000 of those changes were pulled after [our first-half summary](https://lwn.net/Articles/942954/) was written; they
brought a fair amount of ne ... ⌘ [Read more](https://lwn.net/Articles/943245/) 2023-09-12T12:23:00Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (node-cookiejar and orthanc), **Oracle** (firefox, kernel, and kernel-container), **Red Hat** (flac and httpd:2.4), **Slackware** (vim), **SUSE** (python-Django, terraform-provider-aws, terraform-provider-helm, and terraform-provider-null), and **Ubuntu** (c-ares, curl, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15,
 linux-raspi, and linux-ibm, linux-ibm-5.4). ⌘ [Read more](https://lwn.net/Articles/944263/) 2023-09-12T20:26:30Z **Password-stealing Linux malware served for 3 years and no one noticed (Ars Technica)**
Ars Technica [reports](https://arstechnica.com/security/2023/09/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed/) on a credential-stealing Trojan horse that would infect only some of those who installed the "Free Download Manager". The article is based on a [Kaspersky report](https://securelist.com/backdoored-free-download-manager-linux-malware/110465/) that details the malicious payload offered up at that site from 2020 to 2022. ... ⌘ [Read more](https://lwn.net/Articles/944306/) 2023-09-12T21:18:11Z **A GCC -fstack-protector vulnerability on arm64**
The GCC stack-protector feature detects stack-based buffer overruns by
putting a canary value on the stack and noticing if that value is changed.
[It\
turns out](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf), though, that dynamically allocated local variables (such as
variable-length arrays and space obtained with alloca()) are
placed beyond the canary, so overflows of those variables will not be
detected. As a result, arm64 binaries built wi ... ⌘ [Read more](https://lwn.net/Articles/944307/) 2023-09-13T11:33:35Z **Stable kernels 6.5.3, 6.4.16, and 6.1.53**
The
[6.5.3](https://lwn.net/Articles/944356/),
[6.4.16](https://lwn.net/Articles/944357/), and
[6.1.53](https://lwn.net/Articles/944358/)
stable kernel updates have been released; each contains a large number of
important fixes. Note that the 6.4.x line ends with 6.4.16. ⌘ [Read more](https://lwn.net/Articles/944355/) 2023-09-13T11:30:51Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (e2guardian), **Fedora** (libeconf), **Red Hat** (dmidecode, kernel, kernel-rt, keylime, kpatch-patch, libcap, librsvg2, linux-firmware, and qemu-kvm), **Slackware** (mozilla), **SUSE** (chromium and shadow), and **Ubuntu** (cups, dotnet6, dotnet7, file, flac, and ruby-redcloth). ⌘ [Read more](https://lwn.net/Articles/944354/) 2023-09-13T20:46:31Z **[$] The bogus CVE problem**
The " [Common Vulnerabilities and\
Exposures](https://cve.mitre.org/)" (CVE) system was launched late
in the previous century (September 1999) to track vulnerabilities in
software. Over the years since, it has had a [somewhat checkered\
reputation](https://lwn.net/Articles/679315/), along with some [some attempts to\
replace it](https://lwn.net/Articles/851849/), but CVE numbers are still the only effective way to track
vulnerabilities. While that can certainly be useful, the
CVE-assignment (and severity scor ... ⌘ [Read more](https://lwn.net/Articles/944209/) 2023-09-14T00:59:40Z **[$] LWN.net Weekly Edition for September 14, 2023**
The LWN.net Weekly Edition for September 14, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/943823/) 2023-09-14T14:05:15Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr, libwebp, ruby-loofah, and ruby-rails-html-sanitizer), **Fedora** (open-vm-tools and salt), **Oracle** (.NET 7.0, dmidecode, flac, gcc, httpd:2.4, keylime, libcap, librsvg2, and qemu-kvm), **Red Hat** (.NET 6.0 and .NET 7.0), **Slackware** (libarchive and mozilla), **SUSE** (chromium and kernel), and **Ubuntu** (curl, firefox, ghostscript, open-vm-tools, postgresql-9.5, and thunderbird). ⌘ [Read more](https://lwn.net/Articles/944481/) 2023-09-14T16:29:36Z **[$] Why glibc's fstat() is slow**
The [fstat()](https://man7.org/linux/man-pages/man2/stat.2.html)
system call retrieves some of the metadata — owner, size, protections,
timestamps, and so on — associated with an open file descriptor. One might
not think of it as a performance-critical system call, but there are
workloads that make a lot of fstat() calls; it is not something
that should be slowed unnecessarily. As it turns out, though, the GNU C
Library (glibc) has been doing exactly that, but a fix is in the works. ⌘ [Read more](https://lwn.net/Articles/944214/) 2023-09-14T16:59:41Z **Videos from FOSSY released (Software Freedom Conservancy)**
The [Software Freedom Conservancy](https://sfconservancy.org/)
(SFC) has [announced](https://sfconservancy.org/news/2023/sep/14/fossy-videos/)
the availability of [videos](https://archive.org/details/@sfconservancy) from the
first-ever [Free and Open Source Yearly](https://2023.fossy.us/)
(FOSSY) conference, which was held in July in Portland, Oregon in the US.

> During the four days of the conference, there were a wide variety of talks
> from speakers with a range of experien ... ⌘ [Read more](https://lwn.net/Articles/944497/) 2023-09-14T20:58:03Z **PostgreSQL 16 released**
[Version 16](https://www.postgresql.org/docs/16/release-16.html)
of the PostgreSQL database manager has been released.

> PostgreSQL 16 contains many new features and enhancements, including:
>
> - Allow parallelization of FULL and internal right OUTER hash joins
>
> - Allow logical replication from standby servers
>
> - Allow logical replication subscribers to apply large transactions in parallel
>
> - Allow monitoring of I/O statistics using the new pg\_stat\_io view
>
> - Add SQL/JSON constructors and identit ... ⌘ [Read more](https://lwn.net/Articles/944516/) 2023-09-15T14:45:13Z **Security updates for Friday**
Security updates have been issued by **Debian** (c-ares and samba), **Fedora** (borgbackup, firefox, and libwebp), **Oracle** (.NET 6.0 and kernel), **Slackware** (libwebp), **SUSE** (chromium and firefox), and **Ubuntu** (atftp, dbus, gawk, libssh2, libwebp, modsecurity-apache, and mutt). ⌘ [Read more](https://lwn.net/Articles/944581/) 2023-09-15T14:51:21Z **[$] Shrinking shrinker locking overhead**
Much of the kernel's performance is dependent on caching — keeping useful
information around for future use to avoid the cost of looking it up again.
The kernel aggressively caches pages of file data, directory entries,
inodes, slab objects, and much more. Without active measures, though,
caches will tend to grow without bounds, leading to memory exhaustion. The
kernel's "shrinker" mechanism exists to be that active measure, but
shrinkers have some performance difficulties of their own. [This\
p ... ⌘ [Read more](https://lwn.net/Articles/944199/) 2023-09-15T22:50:17Z **The Debian Project mourns the loss of Abraham Raji**
The Debian project is [mourning Abraham Raji](https://www.debian.org/News/2023/20230914), who was killed in an accident on September 13.

> Abraham was a popular and respected Debian Developer as well a prominent free software champion in his home state of Kerala, India. He was a talented graphic designer and led design and branding work for DebConf23 and several other local events in recent years. Abraham gave his time selflessly when mentoring new contributors to the Debian project, ... ⌘ [Read more](https://lwn.net/Articles/944596/) 2023-09-18T05:43:15Z **Kernel prepatch 6.6-rc2**
The [6.6-rc2](https://lwn.net/Articles/944704/) kernel prepatch is out for
testing.

> I think the most notable thing about 6.6-rc2 is simply that it's
> exactly 32 years to the day since the 0.01 release. And that's a round
> number if you are a computer person.
>
> Because other than the random date, I don't see anything that really
> stands out here. ⌘ [Read more](https://lwn.net/Articles/944705/) 2023-09-18T07:14:01Z **Security updates for Monday**
Security updates have been issued by **Debian** (firefox-esr, libwebp, and thunderbird), **Fedora** (chromium, curl, flac, libtommath, libwebp, matrix-synapse, python-matrix-common, redis, and rust-pythonize), **Gentoo** (binwalk, ghostscript, python-requests, rar, samba, and wireshark), **Oracle** (.NET 6.0, kernel, and kernel-container), **Slackware** (python3), and **SUSE** (firefox). ⌘ [Read more](https://lwn.net/Articles/944744/) 2023-09-18T15:10:51Z **[$] Moving physical pages from user space**
Processes in a Linux system run within their own virtual address spaces.
Their virtual addresses map to physical pages provided by the hardware, but
the kernel takes pains to hide the physical addresses of those pages;
processes normally have no way of knowing (and no need to know) where their
memory is located in physical memory. As a result, the system calls for
memory management also deal in virtual addresses. Gregory Price is
currently trying to create an exception to this rule with [a\
pr ... ⌘ [Read more](https://lwn.net/Articles/944115/) 2023-09-19T10:31:12Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (chromium, flac, gnome-shell, libwebp, openjdk-11, and xrdp), **Fedora** (giflib), **Oracle** (kernel), **Red Hat** (busybox, dbus, firefox, frr, kpatch-patch, libwebp, open-vm-tools, and thunderbird), **Slackware** (netatalk), **SUSE** (flac, gcc12, kernel, libeconf, libwebp, libxml2, and thunderbird), and **Ubuntu** (binutils, c-ares, libraw, linux-intel-iotg, nodejs, python-django, and vsftpd). ⌘ [Read more](https://lwn.net/Articles/944848/) 2023-09-19T10:35:56Z **Forty years of GNU**
The Free Software Foundation [looks\
forward to the 40th anniversary of the GNU project](https://www.fsf.org/news/forty-years-of-gnu-and-the-free-software-movement), coming soon:

> On September 27, 1983, a computer scientist named Richard Stallman
> announced the plan to develop a free software Unix-like operating
> system called GNU, for "GNU's not Unix." GNU is the only operating
> system developed specifically for the sake of users' freedom, and
> has remained true to its founding ideals for forty years. ⌘ [Read more](https://lwn.net/Articles/944849/) 2023-09-19T13:12:52Z **[$] The European Cyber Resilience Act**
The security of digital products has become a topic of regulation
in recent years. Currently, the European Union is moving forward
with another new law, which, if it comes into effect in a form
close to the current draft, will affect software developers worldwide.
This new proposal, called the "Cyber
Resilience Act" (CRA), brings mandatory security requirements on all
digital products, both software
and hardware, that are available in Europe. While it aims at a worthy goal, the
proposal is causing ... ⌘ [Read more](https://lwn.net/Articles/944300/) 2023-09-19T14:07:51Z **Four stable kernels released**
The
[6.5.4](https://lwn.net/Articles/944875/),
[6.1.54](https://lwn.net/Articles/944876/),
[5.15.132](https://lwn.net/Articles/944877/), and
[5.10.195](https://lwn.net/Articles/944878/)
stable kernel updates have been released; each contains a relatively large
set of important fixes. ⌘ [Read more](https://lwn.net/Articles/944874/) 2023-09-19T15:39:13Z **JDK 21 released**
JDK 21, the reference implementation of the Java 21 language specification,
[has\
been released](https://mail.openjdk.org/pipermail/jdk-dev/2023-September/008267.html). "This release includes fifteen JEPs [1], including
the final versions of Record Patterns (440), Pattern Matching for switch
(441), and Virtual Threads (444)". ⌘ [Read more](https://lwn.net/Articles/944892/) 2023-09-20T16:11:31Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (frr and libyang), **Fedora** (golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, golang-gopkg-alecthomas-kingpin-2, libpano13, and open-vm-tools), **Oracle** (firefox, frr, and thunderbird), **Red Hat** (dmidecode, kernel, kernel-rt, kpatch-patch, libwebp: critical, linux-firmware, mariadb:10.3, ncurses, postgresql:15, and virt:rhel and virt-devel:rhel), **Scientific Linux** (firefox, open-vm-tools, and thunderbird), **SUSE** (binu ... ⌘ [Read more](https://lwn.net/Articles/945073/) 2023-09-20T16:35:09Z **[$] Using the limited C API for the Python stdlib?**
The "limited" C API for CPython extensions has been around for well over a
decade at this point, but it has not seen much uptake. It is meant to give
extensions an API that will allow binaries built with it to be used for
multiple versions of CPython, because those binaries will only access the stable
A **B** I that will not change when CPython does. Victor Stinner has been
working on better
definition for the
API; as part of that work, he suggested that some of the C extensions in th ... ⌘ [Read more](https://lwn.net/Articles/944764/) 2023-09-21T06:54:18Z **[$] LWN.net Weekly Edition for September 21, 2023**
The LWN.net Weekly Edition for September 21, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/944436/) 2023-09-21T08:29:34Z **Stable kernel 5.10.196**
The [5.10.196](https://lwn.net/Articles/945131/) stable kernel has been
released. It fixes a single regression:

> This release is only needed by any 5.10.y user that uses configfs, it
> resolves a regression in 5.10.195 in that subsystem. Note that many
> kernel subsystems use configfs for configuration so to be safe, you
> probably want to upgrade if you are not sure. ⌘ [Read more](https://lwn.net/Articles/945132/) 2023-09-21T09:44:50Z **Security updates for Thursday**
Security updates have been issued by **Debian** (mutt, netatalk, and python2.7), **Fedora** (chromium, golang-github-prometheus-exporter-toolkit, golang-github-xhit-str2duration, and golang-gopkg-alecthomas-kingpin-2), **Oracle** (dmidecode, frr, libwebp, open-vm-tools, and thunderbird), **Red Hat** (libwebp and open-vm-tools), **SUSE** (cups, frr, mariadb, openvswitch3, python39, qemu, redis7, rubygem-rails-html-sanitizer, and skopeo), and **Ubuntu** (bind9, cups, and libppd). ⌘ [Read more](https://lwn.net/Articles/945173/) 2023-09-21T14:51:27Z **[$] Revisiting the kernel's preemption models (part 1)**
All that Ankur Arora seemingly wanted to do with [this\
patch set](https://lwn.net/ml/linux-kernel/20230830184958.2333078-1-ankur.a.arora@oracle.com/) was to make the process of clearing huge pages on x86
systems go a little faster. What resulted was an extensive discussion on
the difficulties of managing preemption correctly in the kernel. It may be
that some changes will come to the plethora of preemption models that the
kernel currently offers. ⌘ [Read more](https://lwn.net/Articles/944686/) 2023-09-22T12:28:43Z **Security updates for Friday**
Security updates have been issued by **Debian** (gsl), **Fedora** (dotnet6.0 and dotnet7.0), **Oracle** (libwebp), **Slackware** (bind, cups, and seamonkey), **SUSE** (kernel and rust, rust1.72), and **Ubuntu** (cups, flac, gnome-shell, imagemagick, and python3.5). ⌘ [Read more](https://lwn.net/Articles/945322/) 2023-09-22T12:39:01Z **[$] User-space spinlocks with help from rseq()**
Back in May, André Almeida [presented some\
work](https://lwn.net/Articles/931789/) toward the creation of user-space spinlocks using adaptive
spinning. At that time, the work was stalled because there is, in Linux,
currently no way to quickly determine whether a given thread is actually
executing on a CPU. Some progress has since been made on that front; at
the [2023\
Open Source Summit Europe](https://events.linuxfoundation.org/open-source-summit-europe/), Almeida returned to discuss ho ... ⌘ [Read more](https://lwn.net/Articles/944895/) 2023-09-23T11:10:50Z **Saturday's stable kernel updates**
The
[6.5.5](https://lwn.net/Articles/945378/),
[6.1.55](https://lwn.net/Articles/945379/),
[5.15.133](https://lwn.net/Articles/945380/),
[5.10.197](https://lwn.net/Articles/945381/),
[5.4.257](https://lwn.net/Articles/945382/),
[4.19.295](https://lwn.net/Articles/945383/), and
[4.14.326](https://lwn.net/Articles/945384/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/945377/) 2023-09-25T06:19:44Z **Kernel prepatch 6.6-rc3**
The [third 6.6 kernel prepatch](https://lwn.net/Articles/945444/) is out for
testing.

> Unusually, we have a large chunk of changes in filesystems. Part of
> it is the vfs-level revert of some of the timestamp handling that
> needs to soak a bit more, and part of it is some xfs fixes. With a
> few other filesystem fixes too.

The [multi-grain timestamp changes](https://lwn.net/Articles/937247/) turned
out to cause the occasional regression (timestamps that could appear to go
backward) and were taken back ou ... ⌘ [Read more](https://lwn.net/Articles/945445/) 2023-09-25T14:12:29Z **Security updates for Monday**
Security updates have been issued by **Debian** (bind9, elfutils, flac, ghostscript, libapache-mod-jk, lldpd, and roundcube), **Fedora** (linux-firmware, roundcubemail, and thunderbird), **Mageia** (curl, file, firefox/thunderbird, ghostpcl, libtommath, and nodejs), **Oracle** (kernel, open-vm-tools, qemu, and virt:ol and virt-devel:rhel), **SUSE** (bind, busybox, djvulibre, exempi, ImageMagick, libqb, libssh2\_org, opera, postfix, python, python36, renderdoc, webkit2gtk3, and xrdp), and **Ubuntu** (account ... ⌘ [Read more](https://lwn.net/Articles/945503/) 2023-09-25T16:57:47Z **[$] The PuzzleFS container filesystem**
The last year or so has seen the posting of a few new filesystem types that
are aimed at supporting container workloads. PuzzleFS, presented at the
2023 [Kangrejos](https://kangrejos.com/) gathering by Ariel
Miculas, is another contender in this area, but it has some features of its
own, including a novel compression mechanism and an implementation written
in Rust. ⌘ [Read more](https://lwn.net/Articles/945320/) 2023-09-25T20:50:47Z **LibrePCB 1.0.0 Released**
The [1.0 version](https://librepcb.org/blog/2023-09-24_release_1.0.0/) of the [LibrePCB](https://librepcb.org/)
"free, cross-platform, easy-to-use electronic design automation suite to draw schematics and design printed circuit boards".
As noted in a [blog post back in May](https://librepcb.org/blog/2023-05-15_roadmap_1.0/), a grant has helped spur development of the tool.
The focus for the release has been in adding features that were needed so that "there should be no show stopper anymore which prevents you f ... ⌘ [Read more](https://lwn.net/Articles/945519/) 2023-09-26T08:52:14Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (exempi, glib2.0, lldpd, and netatalk), **Fedora** (curl, libppd, and linux-firmware), **Oracle** (kernel), and **SUSE** (Cadence, frr, modsecurity, python-CairoSVG, python-GitPython, and tcpreplay). ⌘ [Read more](https://lwn.net/Articles/945559/) 2023-09-26T14:01:56Z **Firefox 118.0 released**
[Version\
118.0](https://www.mozilla.org/en-US/firefox/118.0/releasenotes/) of the Firefox browser has been released. Changes include
improved fingerprinting prevention and automated translation: "Automated
translation of web content is now available to Firefox users! Unlike
cloud-based alternatives, translation is done locally in Firefox, so that
the text being translated does not leave your machine." ⌘ [Read more](https://lwn.net/Articles/945608/) 2023-09-26T20:04:46Z **[$] AI from a legal perspective**
The AI boom is clearly upon us, but there are still plenty of questions
swirling around this technology. Some of those questions are legal ones
and there have been lawsuits filed to try to get clarification—and perhaps
monetary damages. Van Lindberg is a lawyer who is well-known in the
open-source world; he came to [Open\
Source Summit Europe](https://events.linuxfoundation.org/open-source-summit-europe/) 2023 in Bilbao, Spain to try to put the current
work in AI into its legal context. ⌘ [Read more](https://lwn.net/Articles/945504/) 2023-09-27T08:40:49Z **Security updates for Wednesday**
Security updates have been issued by **Oracle** (libtiff), **Red Hat** (libtiff, nodejs:16, and nodejs:18), **Slackware** (mozilla), **SUSE** (bind, cacti, cacti-spine, ImageMagick, kernel, libwebp, netatalk, open-vm-tools, postfix, quagga, wire, and wireshark), and **Ubuntu** (cups, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp,
 linux-gcp-4.15, linux-hwe, linux-oracle, linux-bluefield, and linux-bluefield, linux-raspi, linux-raspi-5.4). ⌘ [Read more](https://lwn.net/Articles/945700/) 2023-09-27T20:09:14Z **[$] Moving the kernel to large block sizes**
Using larger block sizes in the kernel for I/O is a recurring topic in
storage and
block-layer circles. The topic came up in [discussions](https://lwn.net/Articles/933437/)
at the Linux Storage, Filesystem, Memory-Management and BPF Summit (LSFMM)
back in
May. One of the participants in those discussions, Hannes Reinecke, gave
a talk at Open Source Summit Europe 2023 with an overview of the reasons
behind using larger blocks for I/O, the current status of that work, and
where it all might lea ... ⌘ [Read more](https://lwn.net/Articles/945646/) 2023-09-28T01:11:41Z **[$] LWN.net Weekly Edition for September 28, 2023**
The LWN.net Weekly Edition for September 28, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/945211/) 2023-09-28T13:57:46Z **Security updates for Thursday**
Security updates have been issued by **Debian** (ncurses), **Fedora** (emacs, firecracker, firefox, libkrun, python-oauthlib, and virtiofsd), **Mageia** (glibc and vim), **Oracle** (18), **SUSE** (bind, binutils, busybox, cni, cni-plugins, container-suseconnect, containerd, curl, exempi, ffmpeg, firefox, go1.19-openssl, go1.20-openssl, gpg2, grafana, gsl, gstreamer-plugins-bad, gstreamer-plugins-base, libpng15, libwebp, mutt, nghttp2, open-vm-tools, pmix, python-brotlipy, python3, python310, qemu, quagga, ... ⌘ [Read more](https://lwn.net/Articles/945829/) 2023-09-28T15:07:20Z **[$] Security policies for GNU toolchain projects**
While the CVE process was created in response to real problems, it's [increasingly clear](https://lwn.net/Articles/944209/) that CVE numbers are
creating problems of their own. At the [2023 GNU Tools Cauldron](https://gcc.gnu.org/wiki/cauldron2023),
Siddhesh Poyarekar expressed the frustration that toolchain developers have
felt as the result of arguing with security researchers about CVE-number
assignments. In response, the GNU toolchain community is trying to better
characterize what ... ⌘ [Read more](https://lwn.net/Articles/945536/) 2023-09-29T15:20:04Z **Security updates for Friday**
Security updates have been issued by **Debian** (firefox-esr, jetty9, and vim), **Gentoo** (Fish, GMP, libarchive, libsndfile, Pacemaker, and sudo), **Oracle** (nodejs:16 and nodejs:18), **Red Hat** (virt:av and virt-devel:av), **Slackware** (mozilla), **SUSE** (chromium, firefox, Golang Prometheus, iperf, libqb, and xen), and **Ubuntu** (linux-raspi). ⌘ [Read more](https://lwn.net/Articles/945965/) 2023-09-29T17:25:28Z **[$] Impressions from the GNU Project's 40th anniversary celebration**
On September 27, 1983, Richard Stallman [announced the\
founding of the GNU project](https://www.gnu.org/gnu/initial-announcement.en.html). His goal, which seemed wildly optimistic
and unattainable at the time, was to write a complete Unix-like operating
system from the beginning
and make it freely available. Exactly 40 years later, the GNU project
celebrated with [a hacker meeting](https://www.gnu.org/gnu40) in
Switzerland. Your editor had the good fortune to be able ... ⌘ [Read more](https://lwn.net/Articles/945912/) 2023-09-30T14:22:32Z **Multiple Exim security vulnerabilities disclosed**
The "Zero Day Initiative" site has posted a number of advisories ( [1](https://www.zerodayinitiative.com/advisories/ZDI-23-1473/), [2](https://www.zerodayinitiative.com/advisories/ZDI-23-1472/), [3](https://www.zerodayinitiative.com/advisories/ZDI-23-1471/), [4](https://www.zerodayinitiative.com/advisories/ZDI-23-1470/), [5](https://www.zerodayinitiative.com/advisories/ZDI-23-1469/), [6](https://www.zerodayinitiative.com/advisories/ZDI-23-1468/))
describing a number of flaws in the Exim ... ⌘ [Read more](https://lwn.net/Articles/946004/) 2023-10-02T02:54:07Z **Kernel prepatch 6.6-rc4**
Linus has released [6.6-rc4](https://lwn.net/Articles/946092/) for testing.
"There's nothing particularly odd in here, if you don't count a week of
no networking pull as being odd. That does result in rc4 being fairly
small, but I suspect we'll just see a bigger rc5 to compensate." ⌘ [Read more](https://lwn.net/Articles/946093/) 2023-10-02T14:34:48Z **Security updates for Monday**
Security updates have been issued by **Debian** (chromium, cups, firefox-esr, firmware-nonfree, gerbv, jetty9, libvpx, mosquitto, open-vm-tools, python-git, python-reportlab, and trafficserver), **Fedora** (firefox, giflib, libvpx, libwebp, webkitgtk, and xen), **Gentoo** (Chromium, Google Chrome, Microsoft Edge, ClamAV, GNU Binutils, and wpa\_supplicant, hostapd), **Mageia** (flac, giflib, indent, iperf, java, libvpx, libxml2, quictls, wireshark, and xrdp), **Oracle** (kernel), **Slackware** (libvpx and mo ... ⌘ [Read more](https://lwn.net/Articles/946186/) 2023-10-02T14:48:13Z **Python 3.12 released**
Version 3.12 of the Python programming language has been [released](https://www.python.org/downloads/release/python-3120/). The " [What’s New In Python 3.12](https://docs.python.org/dev/whatsnew/3.12.html)" page has plenty of details. Highlights of the release include [isolated subinterpreter support](https://lwn.net/Articles/941090/), more [improvements to error messages](https://lwn.net/Articles/895587/), [more flexible f-strings](https://lwn.net/Articles/919426/), [Linux perf support](https://lwn.net/Articles/9 ... ⌘ [Read more](https://lwn.net/Articles/946189/) 2023-10-02T16:24:51Z **Notes from the Git Contributor's Summit**
For those who are curious about the recently concluded Git Contributor's
Summit, Taylor Blau has posted [an extensive set of notes](https://lwn.net/ml/git/ZRregi3JJXFs4Msb@nand.local/)
from the event. Topics include next-generation backends, libification,
backward compatibility, project management, and more. ⌘ [Read more](https://lwn.net/Articles/946208/) 2023-10-02T16:30:35Z **[$] Revisiting the kernel's preemption model, part 2**
In [last week's episode](https://lwn.net/Articles/944686/), a need to preempt
kernel code that is executing long-running instructions led to a deeper
reexamination of how the kernel handles preemption. There are a number of
supported preemption modes, varying from "none" (kernel code is never
preemptible) to realtime (where the kernel is almost always preemptible).
Making better use of the kernel's preemption machinery looked like a
possible solution to the immediate problem, but it ... ⌘ [Read more](https://lwn.net/Articles/945422/) 2023-10-03T13:13:37Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (exim4), **Fedora** (firecracker, rust-aes-gcm, rust-axum, rust-tokio-tungstenite, rust-tungstenite, and rust-warp), **Gentoo** (nvidia-drivers), **Mageia** (chromium-browser-stable, glibc, and libwebp), **Red Hat** (kernel), **SUSE** (ghostscript and python3), and **Ubuntu** (firefox, libtommath, libvpx, and thunderbird). ⌘ [Read more](https://lwn.net/Articles/946313/) 2023-10-03T13:31:14Z **Vulnerable Arm GPU drivers under active exploitation (ars technica)**
Ars technica [reports\
on an Arm advisory](https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/) regarding exploitable vulnerabilities in a number of
its GPU drivers.

> The most prevalent platform affected by the vulnerability is
> Google’s line of Pixels, which are one of the only Android models
> to receive security updates on a timely basis. Google patched
> Pixels in its September update ag ... ⌘ [Read more](https://lwn.net/Articles/946315/) 2023-10-03T18:50:31Z **A local root vulnerability in glibc**
Qualys has posted [an\
advisory](https://lwn.net/ml/oss-security/20231003175031.GA16924@localhost.localdomain/) for a vulnerability in the GNU C Library related to the
handling of the GLIBC\_TUNABLES environment variable:

> We successfully exploited this vulnerability and obtained full root
> privileges on the default installations of Fedora 37 and 38, Ubuntu
> 22.04 and 23.04, Debian 12 and 13; other distributions are probably
> also vulnerable and exploitable (one notable exception is Alpine
> ... ⌘ [Read more](https://lwn.net/Articles/946381/) 2023-10-03T19:42:45Z **[$] Linux ecosystem contributions from SteamOS**
The [SteamOS](https://store.steampowered.com/steamos) Linux
distribution is focused on gaming, naturally, but the effort to build it
has resulted
in contributions to multiple areas in the Linux ecosystem. Alberto Garcia
has been working on SteamOS and came to Bilbao, Spain to describe some of those
contributions at Open Source Summit Europe 2023. There are some obvious
areas where a gaming-focused OS might contribute upstream, such as
graphics, but the talk showed contributions in several ... ⌘ [Read more](https://lwn.net/Articles/946188/) 2023-10-04T13:21:32Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (glibc, postgresql-11, and thunderbird), **Fedora** (openmpi, pmix, prrte, and slurm), **Gentoo** (glibc and libvpx), **Oracle** (kernel), **Red Hat** (kernel), **Slackware** (libX11 and libXpm), **SUSE** (firefox, kernel, libeconf, libqb, libraw, libvpx, libX11, libXpm, mdadm, openssl-1\_1, poppler, postfix, python311, rubygem-puma, runc, and vim), and **Ubuntu** (freerdp2, glibc, grub2-signed, grub2-unsigned, libx11, libxpm, linux-intel-iotg, linux-intel- ... ⌘ [Read more](https://lwn.net/Articles/946496/) 2023-10-04T13:26:57Z **OpenSSH 9.5 released**
OpenSSH 9.5 is out. Significant changes include a transport-level ping
mechanism and keystroke timing obfuscation:

> This attempts to hide inter-keystroke timings by sending
> interactive traffic at fixed intervals (default: every 20ms) when
> there is only a small amount of data being sent. It also sends fake
> "chaff" keystrokes for a random interval after the last real
> keystroke. These are controlled by a new ssh\_config
> ObscureKeystrokeTiming keyword. ⌘ [Read more](https://lwn.net/Articles/946497/) 2023-10-04T21:14:09Z **[$] BPF and security**
The [eBPF in-kernel virtual machine](https://lwn.net/Articles/740157/) is
approaching its tenth anniversary as part of Linux; it has grown into a
tool with many types of uses in the ecosystem. Alexei Starovoitov, who
was the creator of eBPF and did much of the development of it, especially
in the early going, gave the opening talk at
[Linux\
Security Summit Europe](https://events.linuxfoundation.org/linux-security-summit-europe/) 2023 on the relationship between BPF and
security. In it, he related some interesting ... ⌘ [Read more](https://lwn.net/Articles/946389/) 2023-10-05T01:17:08Z **[$] LWN.net Weekly Edition for October 5, 2023**
The LWN.net Weekly Edition for October 5, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/945834/) 2023-10-05T14:11:27Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium, libx11, and libxpm), **Fedora** (ckeditor, drupal7, glibc, golang-github-cncf-xds, golang-github-envoyproxy-control-plane, golang-github-hashicorp-msgpack, golang-github-minio-highwayhash, golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, golang-github-protobuf, golang-google-protobuf, nats-server, and pgadmin4), **Red Hat** (firefox and thunderbird), **SUSE** (chromium, exim, ... ⌘ [Read more](https://lwn.net/Articles/946698/) 2023-10-05T14:26:58Z **[$] GCC features to help harden the kernel**
Hardening the Linux kernel is an endless task, with work required on
multiple fronts. Sometimes, that work is not done in the kernel itself;
other tools, including compilers, can have a significant role to play.
At the [2023 GNU Tools\
Cauldron](https://gcc.gnu.org/wiki/cauldron2023), Qing Zhao covered some of the work that has been done in the
GCC compiler to help with the hardening of the kernel — along with work
that still needs to be done. ⌘ [Read more](https://lwn.net/Articles/946041/) 2023-10-05T20:52:55Z **Ferrocene released as open source**
Ferrous Systems has [announced](https://ferrous-systems.com/blog/ferrocene-open-source/)
that its Ferrocene Rust compiler will be released under the Apache-2.0 and
MIT licenses.

> Ferrocene is the main Rust compiler - rustc - but quality managed
> and qualified for use in automotive and industrial environments
> (currently by ISO 26262 and IEC 61508) by Ferrous Systems. It
> operates as a downstream to the Rust project, further increasing
> its testing and quality on specific platforms.

The lice ... ⌘ [Read more](https://lwn.net/Articles/946732/) 2023-10-06T14:34:37Z **Security updates for Friday**
Security updates have been issued by **Debian** (grub2, libvpx, libx11, libxpm, and qemu), **Fedora** (firefox, matrix-synapse, tacacs, thunderbird, and xrdp), **Oracle** (glibc), **Red Hat** (bind, bind9.16, firefox, frr, ghostscript, glibc, ImageMagick, libeconf, python3.11, python3.9, and thunderbird), **Scientific Linux** (ImageMagick), **SUSE** (kernel, libX11, and tomcat), and **Ubuntu** (linux-hwe-5.15, linux-oracle-5.15). ⌘ [Read more](https://lwn.net/Articles/946848/) 2023-10-06T14:38:29Z **[$] The challenge of compiling for verified architectures**
On its surface, the BPF virtual machine resembles many other computer
architectures; it has registers and instructions to perform the usual
operations. But there is a key difference: BPF programs must pass the
kernel's verifier before they can be run. The verifier imposes a long list
of additional restrictions so that it can prove to itself that any given
program is safe to run; getting past those checks can be a source of
frustration for BPF developers. At the [2023 GNU Tools ... ⌘ [Read more](https://lwn.net/Articles/946254/) 2023-10-06T14:49:13Z **Stable kernels 6.5.6, 6.1.56, and 5.15.134**
The latest round of stable kernels, [6.5.6](https://lwn.net/Articles/946853/),
[6.1.56](https://lwn.net/Articles/946854/), and [5.15.134](https://lwn.net/Articles/946855/), have been released. Each contains a
fairly large collection of important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/946852/) 2023-10-06T16:18:12Z **The end of the Red Hat security-announcements list**
Red Hat has [announced](https://listman.redhat.com/archives/rhsa-announce/2023-October/012854.html)
that its longstanding "rhsa-announce" mailing list will be shut down on
October 10. That is the list that receives security advisories for
Red Hat Enterprise Linux and a whole slew of related products. Anybody who
was counting on that list for Red Hat security advisories will need to find
an alternative; a few options are listed in the announcement. ⌘ [Read more](https://lwn.net/Articles/946851/) 2023-10-08T21:11:05Z **Kernel prepatch 6.6-rc5**
Linus has released [6.6-rc5](https://lwn.net/Articles/947053/) for testing.
"Things are back to normal, and we have a networking pull this
week." ⌘ [Read more](https://lwn.net/Articles/947054/) 2023-10-09T14:23:06Z **Security updates for Monday**
Security updates have been issued by **Debian** (freerdp2, gnome-boxes, grub2, inetutils, lemonldap-ng, prometheus-alertmanager, python-urllib3, thunderbird, and vinagre), **Fedora** (freeimage, fwupd, libspf2, mingw-freeimage, thunderbird, and vim), **Gentoo** (c-ares, dav1d, Heimdal, man-db, and Oracle VirtualBox), **Oracle** (bind, bind9.16, firefox, ghostscript, glibc, ImageMagick, and thunderbird), **Slackware** (netatalk), **SUSE** (ImageMagick, nghttp2, poppler, python, python-gevent, and yq), and ** ... ⌘ [Read more](https://lwn.net/Articles/947117/) 2023-10-09T14:50:46Z **[$] Rethinking multi-grain timestamps**
One of the significant features added to the mainline kernel during the 6.6
merge window was multi-grain timestamps, which allow the kernel to
selectively store file modification times with higher resolution without
hurting performance. Unfortunately, this feature also caused some
surprising regressions, and was quickly ushered back out of the kernel as a
result. It is instructive to look at how this feature went wrong, and how
the developers involved plan to move forward from here. ⌘ [Read more](https://lwn.net/Articles/946394/) 2023-10-09T14:55:28Z **Incus 0.1 released**
The [Linux Containers project](https://linuxcontainers.org/) has
[announced](https://discuss.linuxcontainers.org/t/incus-0-1-has-been-released/18036)
the release version 0.1 of the [Incus](https://linuxcontainers.org/incus/) system container and
virtual-machine manager, which is a community-led fork of Canonical's [LXD](https://ubuntu.com/lxd). Incus 0.1 "is roughly
equivalent to LXD 5.18 but with a number of breaking changes on top of the
obvious rename". There have been some changes made in the two months
since th ... ⌘ [Read more](https://lwn.net/Articles/947136/) 2023-10-10T13:27:17Z **Security updates for Tuesday**
Security updates have been issued by **Fedora** (chromium, firefox, and kernel), **Gentoo** (less and libcue), **Red Hat** (bind, libvpx, nodejs, and python3), **Scientific Linux** (firefox and thunderbird), **SUSE** (conmon, go1.20, go1.21, shadow, and thunderbird), and **Ubuntu** (libcue, ring, and ruby-kramdown). ⌘ [Read more](https://lwn.net/Articles/947233/) 2023-10-10T13:47:52Z **A remote code execution vulnerability in GNOME**
The GitHub blog [describes\
a vulnerability in the libcue library](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/) (which is used by the GNOME
desktop) that can be exploited by a remote attacker to run code on a
desktop system if the target can be convinced to click on a malicious link.

> The video shows me clicking a link in a webpage, which causes a cue
> sheet to be downloaded. Because the file is saved to ~/Downloads,
> it is then automat ... ⌘ [Read more](https://lwn.net/Articles/947236/) 2023-10-10T18:03:20Z **[$] Progress on no-GIL CPython**
Back at the end of July, the Python steering council [announced](https://discuss.python.org/t/a-steering-council-notice-about-pep-703-making-the-global-interpreter-lock-optional-in-cpython/30474)
its intention to approve the proposal to make the global interpreter lock
(GIL) optional over the next few Python releases. The details of that
acceptance are still being decided on, but work on the feature is
proceeding—in discussion form at least. Beyond that, though, there are
efforts underway to solve that h ... ⌘ [Read more](https://lwn.net/Articles/947138/) 2023-10-10T20:27:30Z **Seven stable kernel updates**
The
[6.5.7](https://lwn.net/Articles/947297/),
[6.1.57](https://lwn.net/Articles/947298/),
[5.15.135](https://lwn.net/Articles/947299/),
[5.10.198](https://lwn.net/Articles/947300/),
[5.4.258](https://lwn.net/Articles/947301/),
[4.19.296](https://lwn.net/Articles/947302/), and
[4.14.327](https://lwn.net/Articles/947303/)
stable kernel updates have all been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/947296/) 2023-10-11T12:44:58Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (curl, mediawiki, tomcat10, and tomcat9), **Fedora** (libcaca, oneVPL, oneVPL-intel-gpu, and tracker-miners), **Gentoo** (curl), **Mageia** (cups and firefox, thunderbird), **Red Hat** (curl, kernel, kernel-rt, kpatch-patch, libqb, libssh2, linux-firmware, python-reportlab, tar, and the virt:rhel module), **Slackware** (curl, libcue, libnotify, nghttp2, and samba), **SUSE** (conmon, curl, glibc, kernel, php-composer2, python-reportlab, samba, and shadow), a ... ⌘ [Read more](https://lwn.net/Articles/947409/) 2023-10-11T12:52:40Z **Curl 8.4.0 released**
[Version\
8.4.0](https://daniel.haxx.se/blog/2023/10/11/curl-8-4-0/) of the curl data-transfer tool has been released, mostly in
response to a relatively severe security vulnerability that can be
triggered when a SOCKS5 proxy server is in use. See [this\
blog post](https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/) for details on what went wrong. "In hindsight, shipping a
heap overflow in code installed in over twenty billion instances is not an
experience I would recommend." ⌘ [Read more](https://lwn.net/Articles/947411/) 2023-10-11T20:11:02Z **[$] Remote execution in the GNOME tracker**
While the vulnerability itself is pretty run-of-the-mill, the recently [disclosed](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/)
GNOME vulnerability has a number of interesting facets. The problem lies
in a library that reads files in a fairly obscure format, but it turns out
that files in that format are routinely—automatically—processed by GNOME if
they are downloaded to the local system. That turns a vulnerability in a
largely unknown library in ... ⌘ [Read more](https://lwn.net/Articles/947288/) 2023-10-12T00:42:24Z **[$] LWN.net Weekly Edition for October 12, 2023**
The LWN.net Weekly Edition for October 12, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/946626/) 2023-10-12T13:47:47Z **Security updates for Thursday**
Security updates have been issued by **Debian** (libcue, org-mode, python3.7, and samba), **Fedora** (libcue, oneVPL, oneVPL-intel-gpu, and xen), **Mageia** (glibc), **Oracle** (glibc, kernel, libssh2, libvpx, nodejs, and python-reportlab), **Slackware** (libcaca), **SUSE** (gsl, ImageMagick, kernel, opensc, python-urllib3, qemu, rage-encryption, samba, and xen), and **Ubuntu** (curl and samba). ⌘ [Read more](https://lwn.net/Articles/947570/) 2023-10-12T14:40:47Z **[$] Finer-grained BPF tokens**
Programs running in the BPF machine can, depending on how they are
attached, perform a number of privileged operations; the ability to load
and run those programs, thus, must be a privileged operation in its own
right. Almost since the beginning of the extended-BPF era, developers have
struggled to find a way to allow users to run the programs they need
without giving away more privilege than is necessary. Earlier this year,
the idea of a [BPF token](https://lwn.net/Articles/935195/) ran into some
oppositi ... ⌘ [Read more](https://lwn.net/Articles/947173/) 2023-10-12T16:24:23Z **Civil Infrastructure Platform to maintain 6.1 for 10 years**
The Civil Infrastructure Platform project has [announced](https://www.prnewswire.com/news-releases/civil-infrastructure-platform-expands-super-long-term-stable-kernel-program-with-a-6-1-based-series-301955086.html)
that it will be maintaining the 6.1 kernel for a minimum of ten years past
its initial release (and, thus, through 2032).

> CIP kernels are maintained like regular long-term-stable (LTS)
> kernels, and developers of the CIP kernel are also involved in LTS
> kerne ... ⌘ [Read more](https://lwn.net/Articles/947606/) 2023-10-13T14:01:25Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, tomcat9, and webkit2gtk), **Fedora** (cacti, cacti-spine, grafana-pcp, libcue, mbedtls, samba, and vim), **Oracle** (kernel, libvpx, and thunderbird), **Red Hat** (bind and galera, mariadb), **SUSE** (exiv2, go1.20, go1.21, and kernel), and **Ubuntu** (ffmpeg). ⌘ [Read more](https://lwn.net/Articles/947710/) 2023-10-13T14:45:50Z **OpenWrt 23.05.0 released**
[Version\
23.05.0](https://lwn.net/ml/openwrt-announce/5d771d39-3a79-452f-9fe4-eaa69c9aff97@hauke-m.de/) of the OpenWrt distribution has been released: "OpenWrt
23.05 supports over 1790 devices. Support for over 200 new devices was
added in addition to the device support by OpenWrt 22.03". Along with
new device support, this release features a switch to the mbedtls
cryptographic library, the ability to include utilities written in Rust, an
updated toolchain, and more. ⌘ [Read more](https://lwn.net/Articles/947727/) 2023-10-13T15:07:11Z **Ubuntu 23.10 released**
[Version\
23.10](https://canonical.com/blog/canonical-releases-ubuntu-23-10-mantic-minotaur) of the Ubuntu distribution is out. Changes include support for
hardware-backed full-disk encryption, tighter control over user namespaces,
a new App Center application, and more. ⌘ [Read more](https://lwn.net/Articles/947733/) 2023-10-15T19:15:13Z **Stable kernel 6.1.58 released**
The [6.1.58](https://lwn.net/Articles/947820/) stable kernel update has been
released; it consists mostly of a handful of reverts in the NFS subsystem. ⌘ [Read more](https://lwn.net/Articles/947819/) 2023-10-15T22:22:24Z **Kernel prepatch 6.6-rc6**
The [6.6-rc6](https://lwn.net/Articles/947826/) kernel prepatch is out for
testing. "So the previous week has been pretty calm, and a lot of the
discussion has been about future changes as so often happens late in the
release cycle." ⌘ [Read more](https://lwn.net/Articles/947825/) 2023-10-16T13:55:20Z **Security updates for Monday**
Security updates have been issued by **Debian** (batik, poppler, and tomcat9), **Fedora** (chromium, composer, curl, emacs, ghostscript, libwebp, libXpm, netatalk, nghttp2, python-asgiref, python-django, and webkitgtk), **Mageia** (curl and libX11), **Oracle** (bind, busybox, firefox, and kernel), **Red Hat** (curl, dotnet6.0, dotnet7.0, and nginx), **SUSE** (chromium, cni, cni-plugins, grub2, netatalk, opensc, opera, and wireshark), and **Ubuntu** (iperf3). ⌘ [Read more](https://lwn.net/Articles/947891/) 2023-10-16T15:20:27Z **[$] The 2023 Image-Based Linux Summit**
Following up from [last year's first Image-Based\
Linux Summit](https://lwn.net/Articles/912774/)), a second meeting was held in Berlin on September 12th,
2023, the day before [All Systems Go!\
2023](https://all-systems-go.io/), at the Microsoft office. The goal of these summits is to find
common ground among stakeholders from various engineering groups around the
topic of image-based Linux distributions, communicate progress, and attempt
to build a strategy to tackle shared problems together. The ... ⌘ [Read more](https://lwn.net/Articles/946526/) 2023-10-16T16:13:31Z **OpenBSD 7.4 released**
OpenBSD 7.4 is out. Changes include a new kqueue1() system call
that allows close-on-exec behavior, support for better arm64 control-flow
integrity, support for TCP segmentation offloading, and much more. ⌘ [Read more](https://lwn.net/Articles/947927/) 2023-10-17T13:55:34Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (axis, nghttp2, node-babel7, and tomcat9), **Fedora** (curl and ghostscript), **Oracle** (bind, kernel-container, mariadb:10.5, and python3.11), **Red Hat** (.NET 7.0, go-toolset, golang, and go-toolset:rhel8), **SUSE** (kernel, libcue, libxml2, python-Django, and python-gevent), and **Ubuntu** (curl, ghostscript, iperf3, libcue, python2.7, quagga, and samba). ⌘ [Read more](https://lwn.net/Articles/948010/) 2023-10-17T14:48:10Z **[$] Improving C-library scalability with restartable sequences**
The Linux kernel has supported [restartable\
sequences](https://lwn.net/Articles/697979/) (sometimes referred to as "RSEQ") since 2018, but it remains
a bit of a niche feature, mostly useful to performance-oriented developers
who do not mind writing assembly code. According to Mathieu Desnoyers, the
behind the kernel's implementation of restartable sequences, this feature
can be applicable to a much wider range of performance-sensitive code with
proper library support. He ... ⌘ [Read more](https://lwn.net/Articles/946870/) 2023-10-18T13:20:18Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (slurm-wlm), **Fedora** (icecat and python-configobj), **Oracle** (dotnet6.0, kernel-container, nginx, nginx:1.20, nginx:1.22, and python3.9), **Red Hat** (bind9.16, curl, dotnet6.0, kernel-rt, kpatch-patch, nghttp2, nodejs, python-reportlab, and virt:rhel), **Slackware** (util), **SUSE** (buildah, conmon, erlang, glibc, kernel, nghttp2, opensc, python-urllib3, samba, slurm, and suse-module-tools), and **Ubuntu** (frr, linux-azure, and pmix). ⌘ [Read more](https://lwn.net/Articles/948097/) 2023-10-18T13:38:30Z **The GNOME Foundation's new executive director**
The GNOME Foundation has [announced](https://foundation.gnome.org/2023/10/17/foundation-welcomes-new-executive-director/)
the hiring of Holly Million as its new executive director.

> Holly is a multi-talented individual with a diverse background in
> nonprofit leadership, filmmaking, teaching, public speaking, and
> writing. Her commitment to empowering individuals to make a
> positive impact aligns perfectly with the values and goals of the
> GNOME Foundation. ⌘ [Read more](https://lwn.net/Articles/948098/) 2023-10-18T14:18:31Z **[$] Defining open hardware**
Open-source hardware (or open hardware) refers to hardware that is
developed in a manner similar to open-source software. There's a widely
accepted definition of open-source hardware, but it is probably not as well
known as its open-source-software counterpart. In addition, there is a popular
certification program that hardware makers can use to indicate which of
their devices meets that criteria. But there are some vendors that are
showing more enthusiasm than others in participating in the process—or in
pr ... ⌘ [Read more](https://lwn.net/Articles/945870/) 2023-10-19T00:32:03Z **[$] LWN.net Weekly Edition for October 19, 2023**
The LWN.net Weekly Edition for October 19, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/947529/) 2023-10-19T14:15:43Z **Security updates for Thursday**
Security updates have been issued by **Debian** (node-babel), **Fedora** (moodle), **Gentoo** (mailutils), **Oracle** (go-toolset:ol8 and java-11-openjdk), **Red Hat** (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), **SUSE** (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and **Ubuntu** (glib2.0, openssl, and vips). ⌘ [Read more](https://lwn.net/Articles/948246/) 2023-10-19T15:12:56Z **[$] Toward safer GNU C Library tunable handling**
When considering the interface provided by the GNU C Library (glibc),
thoughts naturally turn to the programming interface as specified by POSIX,
along with numerous extensions added over the years. But glibc also
provides a "tunables" interface to control how the library operates; rather
than being managed by a C API, tunables are set with the
GLIBC\_TUNABLES environment
variable. Glibc tunables have been a part of a few security problems
involving setuid binaries, most recently the ["L ... ⌘ [Read more](https://lwn.net/Articles/947736/) 2023-10-19T21:41:31Z **Three stable kernel updates**
The
[6.5.8](https://lwn.net/Articles/948298/),
[6.1.59](https://lwn.net/Articles/948299/), and
[5.15.136](https://lwn.net/Articles/948300/)
stable kernel updates have been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/948297/) 2023-10-20T13:33:46Z **Security updates for Friday**
Security updates have been issued by **Debian** (linux-5.10 and webkit2gtk), **Fedora** (matrix-synapse and trafficserver), **Mageia** (chromium-browser-stable, ghostscript, libxpm, and ruby-RedCloth), **Oracle** (.NET 7.0, curl, dotnet7.0, galera, mariadb, go-toolset, golang, java-1.8.0-openjdk, and python-reportlab), **Red Hat** (php, php:8.0, tomcat, and varnish), **Slackware** (httpd), **SUSE** (bluetuith, grub2, kernel, rxvt-unicode, and suse-module-tools), and **Ubuntu** (dotnet6, dotnet7, dotnet8, li ... ⌘ [Read more](https://lwn.net/Articles/948368/) 2023-10-20T16:27:53Z **[$] mseal() and what comes after**
Jeff Xu recently [proposed](https://lwn.net/ml/linux-kernel/20231016143828.647848-1-jeffxu@chromium.org/)
the addition of a new system call, named mseal(), that would allow
applications to prevent modifications to selected memory mappings. It
would enable the hardening of user-space applications against certain types
of attacks; some other operating systems have this type of feature already.
There is support for adding this type of mechanism to the Linux kernel as
well, but it has become clear that mse ... ⌘ [Read more](https://lwn.net/Articles/948129/) 2023-10-23T00:34:15Z **Kernel prepatch 6.6-rc7**
Linus has released [6.6-rc7](https://lwn.net/Articles/948468/) for testing.

> Anyway, while this is all bigger than I'd have liked it to be, if
> the upcoming week is quiet and normal, this is the last rc and next
> Sunday will see the final release and then we'll open the merge
> window for 6.7. I simply am not aware of any issues that would be
> showstoppers. ⌘ [Read more](https://lwn.net/Articles/948469/) 2023-10-23T13:07:27Z **[$] Hyphens, minus, and dashes in Debian man pages**
It is probably fair to say that most Linux users spend little time thinking
about the troff typesetting program, despite that application's
groundbreaking role in computing history. Troff (along with nroff) is
still with us, though, even if they are called [groff](https://www.gnu.org/software/groff/) these days, and every
now and then they make their presence known. A recent groff change created
a bit of a tempest within the Debian community, and has effectively been
reverted there. I ... ⌘ [Read more](https://lwn.net/Articles/947941/) 2023-10-23T13:06:30Z **Security updates for Monday**
Security updates have been issued by **Debian** (krb5, redis, roundcube, ruby-rack, ruby-rmagick, zabbix, and zookeeper), **Fedora** (ansible-core, chromium, libvpx, mingw-xerces-c, python-asgiref, python-django, and vim), **Mageia** (cadence, kernel, kernel-linus, libxml2, nodejs, and shadow-utils), **Oracle** (nghttp2), **Slackware** (LibRaw), and **SUSE** (chromium, java-11-openjdk, nodejs18, python-Django, python-urllib3, and suse-module-tools). ⌘ [Read more](https://lwn.net/Articles/948522/) 2023-10-23T22:22:04Z **2013 Linux Foundation TAB election call for nominees**
The 2013 election for members of the Linux Foundation Technical Advisory
Board will be held during the upcoming [Linux\
Plumbers Conference](https://lpc.events/). The [call\
for nominees](https://lwn.net/ml/ksummit-discuss/a13b3481-ec35-446d-ac7d-9581ce87646f@intel.com/) has been posted.

> The TAB exists to provide advice from the kernel community to the
> Linux Foundation; it also serves to facilitate interactions both
> within the community and with outside entities. Over the l ... ⌘ [Read more](https://lwn.net/Articles/948589/) 2023-10-24T13:39:07Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (ceph and dbus), **Fedora** (cachelib, fb303, fbthrift, fizz, folly, matrix-synapse, mcrouter, mvfst, nats-server, nodejs18, proxygen, wangle, watchman, and wdt), **Mageia** (libcue), **Oracle** (18, grafana, kernel, nodejs, nodejs:16, nodejs:18, php, php:8.0, and tomcat), **Red Hat** (python27:2.7, python3, python39:3.9, python39-devel:3.9, toolbox, varnish, and varnish:6), **SUSE** (fwupdate, gcc13, icu73\_2, netty, netty-tcnative, and xen), and **Ubuntu** ... ⌘ [Read more](https://lwn.net/Articles/948688/) 2023-10-24T14:40:48Z **[$] Home Assistant: ten years of privacy-focused home automation**
Many home-automation devices come with their own mobile app or cloud
service. However, using multiple apps or services is
inconvenient, so it's (purposely) tempting to only buy devices from the same
vendor, but this can lead to lock-in. One project that lets
users manage home-automation devices from various vendors without lock-in
is [Home Assistant](https://www.home-assistant.io). Over its
ten-year existence, it has developed into a user-friendly home-automation
platfor ... ⌘ [Read more](https://lwn.net/Articles/947843/) 2023-10-24T14:40:13Z **Firefox 119.0 released**
[Version\
119.0](https://www.mozilla.org/en-US/firefox/119.0/releasenotes/) of the Firefox browser has been released. The list of changes
includes improvements to [Firefox\
View](https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view), some PDF-editing improvements, better cookie protection, [encrypted\
client hello](https://blog.mozilla.org/en/products/firefox/encrypted-hello/) support, and more. ⌘ [Read more](https://lwn.net/Articles/948691/) 2023-10-25T15:29:07Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), **Fedora** (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), **Mageia** (redis), **Oracle** (dnsmasq, python27:2.7, python3, tomcat, and varnish), **Red Hat** (python39:3.9, python39-devel:3.9), **Slackware** (mozilla and vim), **SUSE** (openssl-3, poppler, ruby2.5, and xen), and **Ubuntu** (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, an ... ⌘ [Read more](https://lwn.net/Articles/948814/) 2023-10-25T15:45:42Z **The path toward a no-GIL Python**
The Python Steering Council has posted [a\
detailed plan](https://discuss.python.org/t/pep-703-making-the-global-interpreter-lock-optional-in-cpython-acceptance/37075) for the addition of "free-threaded" (no global
interpreter lock) support into the Python mainline. It will not be a short
process and does not have a guaranteed successful outcome.

> Phase I: Experimental phase, which can start immediately, in which
> the free-threaded build is enabled through a build-time
> option. This should not be ... ⌘ [Read more](https://lwn.net/Articles/948823/) 2023-10-25T16:13:08Z **[$] Weighted interleaving for memory tiering**
The kernel has, for many years, had the ability to control how memory
allocation is performed in systems with multiple NUMA nodes. More
recently, NUMA nodes have also been pressed into service to represent
different classes of memory; those nodes are now organized into tiers
according to their performance characteristics. While memory-allocation
policies can control the placement of pages at the NUMA-node level, the
kernel provides no way to connect those policies with memory tiers. [This\
 ... ⌘ [Read more](https://lwn.net/Articles/948037/) 2023-10-26T00:02:05Z **[$] LWN.net Weekly Edition for October 26, 2023**
The LWN.net Weekly Edition for October 26, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/948210/) 2023-10-26T14:12:18Z **Security updates for Thursday**
Security updates have been issued by **Debian** (firefox-esr and xorg-server), **Fedora** (firefox, mbedtls, nodejs18, nodejs20, and xen), **Gentoo** (libinput, unifi, and USBView), **Mageia** (python-nltk), **Oracle** (linux-firmware), **Red Hat** (nginx:1.22), **SUSE** (chromium, firefox, java-11-openjdk, jetty-minimal, nghttp2, nodejs18, webkit2gtk3, and zlib), and **Ubuntu** (linux, linux-lowlatency, linux-oracle-5.15, vim, and xorg-server, xwayland). ⌘ [Read more](https://lwn.net/Articles/948930/) 2023-10-26T14:52:38Z **[$] Better string handling for the kernel**
The C programming language is replete with features that seemed like a good
idea at the time (and perhaps even were good ideas then) that have not aged
well. Most would likely agree that string handling, and the use of
NUL-terminated strings, is one of those. Kernel developers have, for
years, tried to improve the handling of strings in an attempt to slow the
flow of bugs and vulnerabilities that result from mistakes in that area.
Now there is an early discussion on the idea of moving away fro ... ⌘ [Read more](https://lwn.net/Articles/948408/) 2023-10-27T13:06:30Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium and firefox-esr), **Fedora** (firefox, redis, samba, and xen), **Oracle** (python39:3.9, python39-devel:3.9), **Slackware** (mozilla and xorg), and **SUSE** (libnbd, open-vm-tools, python, sox, vorbis-tools, and zchunk). ⌘ [Read more](https://lwn.net/Articles/949057/) 2023-10-27T15:31:32Z **[$] Deferred scheduling for user-space critical sections**
User-space developers working with highly threaded applications would often
like to be able to use spinlocks to protect shared data structures from
concurrent access. There is a fundamental problem with user-space
spinlocks, though: there is no way to prevent a thread from being
preempted. Various ways of working around this problem have been explored,
but [this\
patch](https://lwn.net/ml/linux-kernel/20231025235413.597287e1@gandalf.local.home/) from Steven Rostedt questions the ... ⌘ [Read more](https://lwn.net/Articles/948870/) 2023-10-27T15:31:16Z **Removing syscall() from OpenBSD**
For a view into the OpenBSD approach to security, see this message from
Theo de Raadt, where he describes a plan to remove the [syscall()](https://man.openbsd.org/syscall.2) system call
(which allows the invocation of any available system call by providing its
number) from the kernel. The purpose, of course, is to make it harder for
an attacker to invoke an arbitrary system call, even if they are able to
run some code on the target system.

> I hope I am forcing attack coders into using increasingly mor ... ⌘ [Read more](https://lwn.net/Articles/949078/) 2023-10-30T12:43:41Z **The 6.6 kernel has been released**
Linus has [released the 6.6 kernel](https://lwn.net/Articles/949204/). "So
this last week has been pretty calm, and I have absolutely no excuses to
delay the v6.6 release any more, so here it is."

Headline features in 6.6 include the [earliest\
eligible virtual deadline first (EEVDF) CPU scheduler](https://lwn.net/Articles/925371/), a number of
enhancements (quota support, user extended attributes, direct I/O) to the
tmpfs filesystem, the [fchmodat2()\
system call](https://lwn.net/Articles/939217/), i ... ⌘ [Read more](https://lwn.net/Articles/949179/) 2023-10-30T13:46:50Z **Security updates for Monday**
Security updates have been issued by **Debian** (distro-info, distro-info-data, gst-plugins-bad1.0, node-browserify-sign, nss, openjdk-11, and thunderbird), **Fedora** (chromium, curl, nghttp2, and xorg-x11-server-Xwayland), **Gentoo** (Dovecot, Rack, rxvt-unicode, and UnZip), **Mageia** (apache, bind, and vim), **Red Hat** (varnish:6), **SUSE** (nodejs12, opera, python-bugzilla, python-Django, and vorbis-tools), and **Ubuntu** (exim4, firefox, nodejs, and slurm-llnl, slurm-wlm). ⌘ [Read more](https://lwn.net/Articles/949238/) 2023-10-30T16:18:08Z **[$] Some 6.6 development statistics**
The 6.6 kernel was [released](https://lwn.net/ml/linux-kernel/CAHk-=wiZuU984NWVgP4snp8sEt4Ux5Mp_pxAN5MNV9VpcGUo+A@mail.gmail.com/),
right on schedule, on October 29. This development cycle saw the
addition of 14,069 non-merge changesets from 1,978 developers — fairly
typical numbers for recent releases. The time has come for LWN's
traditional look at where the changes in this release came from, along with
a look at the longer development "supercycle" that (probably) ends with
6.6. ⌘ [Read more](https://lwn.net/Articles/948970/) 2023-10-30T16:43:13Z **Bjarne Stroustrup’s Plan for Bringing Safety to C++ (The New Stack)**
The New Stack [covers\
a conference talk by Bjarne Stroustrup](https://thenewstack.io/bjarne-stroustrups-plan-for-bringing-safety-to-c/) on turning C++ into a safer
language.

> Stroustrup has arrived at his solution: profiles. (That is, a set
> of rules which, when followed, achieve specific safety guarantees.)
> They’d be defined by the ISO C++ standard, addressing common safety
> issues like pointers and array ranges. In response to a later
> question from the ... ⌘ [Read more](https://lwn.net/Articles/949269/) 2023-10-31T13:11:35Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (jetty9, node-browserify-sign, request-tracker4, and request-tracker5), **Fedora** (golang-github-altree-bigfloat, golang-github-seancfoley-bintree, golang-github-seancfoley-ipaddress, kitty, slurm, and thunderbird), **Gentoo** (ConnMan, libxslt, and Salt), **Mageia** (chromium-browser-stable), **Red Hat** (firefox, libguestfs-winsupport, and thunderbird), **SUSE** (clamav, gcc13, gstreamer-plugins-bad, icu73\_2, java-17-openjdk, nodejs10, poppler, python-Wer ... ⌘ [Read more](https://lwn.net/Articles/949391/) 2023-10-31T14:48:34Z **Incus 0.2 released**
[Version\
0.2](https://discuss.linuxcontainers.org/t/incus-0-2-has-been-released/18185) of Incus, an LXD fork, has been released. "This version
incorporates most changes that went into LXD 5.19 as well as introduce a
few additional features and improvements." Changes include NVME
storage support, support for migrating clustered environments from LXD, and
more. ⌘ [Read more](https://lwn.net/Articles/949411/) 2023-10-31T17:43:21Z **[$] Rust code review and netdev**
A fast-moving patch set—seemingly the norm for Linux networking
development—seeks to add some Rust abstractions for physical layer
(PHY) drivers. Lots of
review has been done, and the patch set has been reworked
frequently in response to those comments. Unfortunately, the [Rust-for-Linux](https://github.com/Rust-for-Linux) developers are
having trouble keeping up with that pace. There
is, it would appear, something of a disconnect between the two communities'
development practices. ⌘ [Read more](https://lwn.net/Articles/949270/) 2023-11-01T13:09:20Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (h2o, open-vm-tools, pmix, and zookeeper), **Gentoo** (GitPython), **Oracle** (firefox, java-11-openjdk, java-17-openjdk, libguestfs-winsupport, nginx:1.22, and thunderbird), **Red Hat** (samba), **SUSE** (container-suseconnect, libsndfile, and slurm), and **Ubuntu** (krb5, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
 linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15,
 linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux- ... ⌘ [Read more](https://lwn.net/Articles/949612/) 2023-11-01T13:58:19Z **Garrett: Why ACPI?**
Matthew Garrett [explains\
why ACPI exists](https://mjg59.dreamwidth.org/68350.html) and why it is not as bad a thing as some think.

> There's an alternative universe where we decided to teach the
> kernel about every piece of hardware it should run on. Fortunately
> (or, well, unfortunately) we've seen that in the ARM world. Most
> device-specific simply never reaches mainline, and most users are
> stuck running ancient kernels as a result. Imagine every x86 device
> vendor shipping their own kernel optimised ... ⌘ [Read more](https://lwn.net/Articles/949625/) 2023-11-01T15:57:56Z **A recent talk on kernel maintainership**
LWN editor Jonathan Corbet was asked to give a brief talk about kernel
maintainership at the recently concluded [Linux\
Foundation Member Summit](https://events.linuxfoundation.org/lf-member-summit/). That talk was recorded and has now been [made available\
on YouTube](https://www.youtube.com/watch?v=kuRyYJaXThY&t=10937s). There is little in it that will be news to regular LWN
readers, but it may be instructive to folks who are less well versed in how
kernel development works. ⌘ [Read more](https://lwn.net/Articles/949647/) 2023-11-01T16:57:42Z **[$] Implicit keyword arguments for Python**
Python functions can use both positional and keyword arguments; the latter
provide a certain level of documentation for an argument and its meaning,
while allowing them to be given in any order in a call. But it is often
the case that the name of the local variable to be passed is the same as
the keyword, which can lead to overly repetitive argument lists, at least
in some eyes. A recent proposal to shorten the syntax for calls with
these duplicate names seems to be gaining some steam—a Python ... ⌘ [Read more](https://lwn.net/Articles/949435/) 2023-11-01T19:31:49Z **Help wanted at LWN**
LWN.net is looking to hire a full-time writer/editor to help us keep the
news flowing and to expand our content in areas of interest to our readers.
We are certain that the person we need is out there somewhere, and are
counting on help from LWN readers to find them. Read on for details on who
we are looking for and how we see them fitting in here. ⌘ [Read more](https://lwn.net/Articles/949461/) 2023-11-02T00:05:16Z **[$] LWN.net Weekly Edition for November 2, 2023**
The LWN.net Weekly Edition for November 2, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/948894/) 2023-11-02T14:06:01Z **Security updates for Thursday**
Security updates have been issued by **Gentoo** (Netatalk), **Oracle** (firefox), **Red Hat** (.NET 6.0, .NET 6.0, .NET 7.0, binutils, and qemu-kvm), **SUSE** (gcc13, tomcat, and xorg-x11-server), and **Ubuntu** (axis, libvpx, linux-starfive, thunderbird, and xrdp). ⌘ [Read more](https://lwn.net/Articles/949820/) 2023-11-02T14:23:16Z **Stable kernels 6.5.10 and 6.1.61**
The
[6.5.10](https://lwn.net/Articles/949825/) and [6.1.61](https://lwn.net/Articles/949826/) stable kernels have been released. As
usual, they contain important fixes throughout the kernel tree; users of
those series should upgrade. ⌘ [Read more](https://lwn.net/Articles/949824/) 2023-11-02T14:39:02Z **Gawk 5.3.0 released**
The GNU awk text-processing utility, [gawk](https://www.gnu.org/software/gawk/) has released version
5.3.0. The main new features add compatibility with " [The One True Awk](https://github.com/onetrueawk/awk)" (also known
as "BWK awk"); version 5.3.0 adds CSV (comma-separated values) parsing and
the ability to use \\u escape sequences for Unicode code points.
Read on for other changes in the release. ⌘ [Read more](https://lwn.net/Articles/949829/) 2023-11-02T14:42:06Z **Home Assistant 2023.11 released**
[Home\
Assistant 2023.11](https://www.home-assistant.io/blog/2023/11/01/release-202311/) is available. New features include a to-do list
manager, [Matter\
1.2](https://csa-iot.org/newsroom/matter-1-2-arrives-with-nine-new-device-types-improvements-across-the-board/) support, customizable tile cards, new integrations, and more. (LWN
[looked at Home Assistant](https://lwn.net/Articles/947843/) last month). ⌘ [Read more](https://lwn.net/Articles/949831/) 2023-11-02T14:56:35Z **Evans: Confusing git terminology**
Julia Evans has posted [a list of\
confusing Git terms and behavior](https://jvns.ca/blog/2023/11/01/confusing-git-terminology/) along with explanations of what is
actually going on.

> **“Your branch is up to date with ‘origin/main’”**
>
> This message seems straightforward – it’s saying that your main branch is
> up to date with the origin!
>
> But it’s actually a little misleading. You might think that this means that
> your main branch is up to date. It doesn’t. What it actually means is – if
> you ... ⌘ [Read more](https://lwn.net/Articles/949833/) 2023-11-02T15:28:23Z **[$] Guest-first memory for KVM**
One of the core objectives of any confidential-computing implementation is
to protect a guest system's memory from access by actors outside of the
guest itself. The host computer and hypervisor are part of the group that
is to be excluded from such access; indeed, they are often seen as
threat in their own right. Hardware vendors have added features like memory
encryption to make memory inaccessible to the host, but such features can
be difficult to use and are not available on all CPUs, so there is ongo ... ⌘ [Read more](https://lwn.net/Articles/949277/) 2023-11-03T13:52:12Z **Security updates for Friday**
Security updates have been issued by **Debian** (phppgadmin and vlc), **Fedora** (attract-mode, chromium, and netconsd), **Red Hat** (.NET 7.0, c-ares, curl, ghostscript, insights-client, python, squid, and squid:4), **SUSE** (kernel and roundcubemail), and **Ubuntu** (libsndfile). ⌘ [Read more](https://lwn.net/Articles/950061/) 2023-11-03T14:19:41Z **[$] The first half of the 6.7 merge window**
As of this writing, 9,842 non-merge changesets have found their way into
the mainline repository since the 6.7 merge window opened. Nearly a third
of those consist of the entire bcachefs development history but, even
discounting that, there has been a lot of material landing for the next
release. Read on for a summary of the most interesting changes pulled so
far in this development cycle. ⌘ [Read more](https://lwn.net/Articles/949294/) 2023-11-03T16:33:09Z **OpenELA's first code drop**
The [Open Enterprise Linux Association](https://openela.org/), a
joint venture founded by CIQ, Oracle, and SUSE, has [announced](https://openela.org/news/2023.11.02-governance_and_code_availability/)
its first code release.

> OpenELA is excited to announce that the source code for all
> packages necessary for anyone to build a derivative Enterprise
> Linux operating system is now available. The initial focus is on
> EL8 and EL9, and packages for EL7 are forthcoming. The project is
> committed to ensuring ... ⌘ [Read more](https://lwn.net/Articles/950104/) 2023-11-03T18:24:35Z **First handset with MTE on the market (Project Zero)**
The Google Project Zero blog [celebrates\
the launch of the Pixel 8 handset](https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html), the first to make use of Arm's
Memory Tagging Extension (MTE). Linux has [supported MTE](https://lwn.net/Articles/834289/) since the 5.10 release in 2020,
but that support has only now shown up (in experimental form) in an
available handset.

> I think this is a huge improvement for the general security of the
> device - ... ⌘ [Read more](https://lwn.net/Articles/950123/) 2023-11-06T14:22:17Z **Security updates for Monday**
Security updates have been issued by **Debian** (chromium, open-vm-tools, openjdk-17, pmix, and trafficserver), **Fedora** (netconsd, podman, suricata, and usd), **Oracle** (.NET 6.0, .NET 7.0, binutils, ghostscript, java-1.8.0-openjdk, kernel, and squid), **SUSE** (apache-ivy, gstreamer-plugins-bad, kernel, nodejs12, opera, poppler, rubygem-activesupport-5.2, tiff, util-linux, and virtualbox), and **Ubuntu** (krb5). ⌘ [Read more](https://lwn.net/Articles/950413/) 2023-11-06T16:23:36Z **[$] The BPF-programmable network device**
Containers and virtual machines on Linux communicate with the world via
virtual network devices. This arrangement makes the full power of the
Linux networking stack available, but it imposes the full overhead of that
stack as well. Often, the routing of this networking traffic can be
handled with relatively simple logic; the BPF-programmable network device,
which was merged for the 6.7 kernel release, makes it possible to avoid
expensive network processing, in at least some cases. ⌘ [Read more](https://lwn.net/Articles/949960/) 2023-11-07T14:15:47Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (trapperkeeper-webserver-jetty9-clojure), **Mageia** (libsndfile, packages, thunderbird, and x11-server), **Oracle** (.NET 6.0), **SUSE** (kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, redis, and squid), and **Ubuntu** (gsl). ⌘ [Read more](https://lwn.net/Articles/950523/) 2023-11-07T14:24:52Z **Fedora 39 released**
[Fedora\
39](https://lwn.net/ml/fedora-announce/20231107135605.GA27360@mattdm.org/) has been released, one day after the Fedora project's 20th
anniversary. See [the list of\
approved changes](https://fedoraproject.org/wiki/Releases/39/ChangeSet) and [this Fedora\
Magazine article](https://fedoramagazine.org/announcing-fedora-linux-39/) for more information.

> As always, we’ve updated many, many other packages as we work to
> bring you the best of everything the free and open source software
> world has to offer. ... ⌘ [Read more](https://lwn.net/Articles/950524/) 2023-11-07T15:26:24Z **Sponsorship for the Openwall lists**
Alexander "Solar Designer" Peslyak, the longtime maintainer of the
oss-security and linux-distros mailing lists, has [announced](https://lwn.net/ml/oss-security/20231106202621.GA31244@openwall.com/)
that this work has gained a sponsor:

> After 15+ years of being a 100% volunteer effort, Openwall's
> maintenance of oss-security and (linux-)distros is finally
> sponsored by the OpenSSF, a project of the Linux Foundation. This
> sponsorship does not provide the Linux Foundation with the ability
> t ... ⌘ [Read more](https://lwn.net/Articles/950538/) 2023-11-07T20:12:10Z **[$] Progress in wrangling the Python C API**
There has been a lot of action for the Python C API in the last month or
so—much of it organizational in nature. As predicted in our [late September article](https://lwn.net/Articles/944764/) on using the "limited"
C API in the standard library, the core developer sprint in October was the
scene of some discussions about the API and the plans for it. Out
of those discussions have come two PEPs, one of which describes the API,
its purposes, strengths, and weaknesses, while the other would esta ... ⌘ [Read more](https://lwn.net/Articles/950457/) 2023-11-08T14:30:53Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (python-urllib3 and tang), **Fedora** (chromium, mlpack, open-vm-tools, and salt), **Red Hat** (avahi, binutils, buildah, c-ares, cloud-init, containernetworking-plugins, cups, curl, dnsmasq, edk2, flatpak, frr, gdb, ghostscript, glib2, gmp, grafana, haproxy, httpd, mod\_http2, java-21-openjdk, kernel, krb5, libfastjson, liblouis, libmicrohttpd, libpq, libqb, librabbitmq, LibRaw, libreoffice, libreswan, libssh, libtiff, libvirt, libX11, linux-firmware, mod\ ... ⌘ [Read more](https://lwn.net/Articles/950694/) 2023-11-08T14:37:05Z **Canonical reveals more details about Ubuntu Core Desktop (Register)**
The Register [attended\
a talk](https://www.theregister.com/2023/11/08/ubuntu_core_desktop_details/) about Ubuntu's upcoming Core Desktop immutable distribution.

> We suspect that Core Desktop might yet be the tool that validates
> Canonical's Snap format and helps to overcome some of the
> resistance it faces. Snap's single-file distribution format is
> simple and enables transactional installation – including,
> critically, rollback – without a fancy filesystem ... ⌘ [Read more](https://lwn.net/Articles/950695/) 2023-11-08T14:58:46Z **Chamberlain v. Home Assistant**
The developers of Home Assistant, which has recently been [covered here](https://lwn.net/Articles/947843/), have [announced](https://www.home-assistant.io/blog/2023/11/06/removal-of-myq-integration/)
that they will be removing support for Chamberlain and Liftmaster
garage-door openers after being locked out by the company.

> Because we cannot continue to work around Chamberlain Group if they
> keep blocking access to third parties, the MyQ integration will be
> removed from Home Assistant in the upcomi ... ⌘ [Read more](https://lwn.net/Articles/950696/) 2023-11-08T15:05:07Z **A pile of stable kernel updates**
The
[6.6.1](https://lwn.net/Articles/950698/),
[6.5.11](https://lwn.net/Articles/950699/),
[6.1.62](https://lwn.net/Articles/950700/),
[5.4.260](https://lwn.net/Articles/950701/),
[4.19.298](https://lwn.net/Articles/950702/), and
[4.14.329](https://lwn.net/Articles/950703/)
stable kernel updates have all been released, each contains another set of
important fixes.

Note that [5.15.138](https://lwn.net/ml/linux-kernel/20231107202324.434534294@linuxfoundation.org/)
and [5.10.200](https://lwn.net/ml/linux- ... ⌘ [Read more](https://lwn.net/Articles/950697/) 2023-11-08T20:45:12Z **[$] Reducing patch postings to linux-kernel**
The linux-kernel mailing list famously gets an enormous amount of email on a
daily basis; the volume is so high that various email providers try to
rate-limit it, which can lead to huge backlogs on the sending
side and, of course, delayed mail. Part of the reason there is so much
traffic is that nearly every patch gets copied to the mailing list, even
when it may be unnecessary to do so. A proposed change
would start shunting some of that patch email aside and, as might be
guessed, has both ... ⌘ [Read more](https://lwn.net/Articles/950567/) 2023-11-08T21:15:04Z **The 2023 TAB election deadline is approaching**
The [reminder](https://lwn.net/ml/ksummit-discuss/e851a8e5-c4c2-4b5d-887a-509e591cff49@intel.com/)
has gone out: the deadline for nominations for the Linux Foundation
Technical Advisory Board is November 13. If you are interested in
representing the kernel community on the TAB, now is the time to put
together a self-nomination and get onto the ballot. ⌘ [Read more](https://lwn.net/Articles/950737/) 2023-11-09T00:06:02Z **[$] LWN.net Weekly Edition for November 9, 2023**
The LWN.net Weekly Edition for November 9, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/949837/) 2023-11-09T13:56:59Z **Security updates for Thursday**
Security updates have been issued by **Debian** (cacti and chromium), **Fedora** (CuraEngine, podman, and rubygem-rmagick), **Mageia** (gnome-shell, openssl, and zlib), **SUSE** (salt), and **Ubuntu** (xrdp). ⌘ [Read more](https://lwn.net/Articles/950850/) 2023-11-09T15:25:11Z **[$] The push to save Itanium**
It is (relatively) easy to add code to the kernel; it tends to be much
harder to remove that code later. The most recent example of this dynamic
can be seen in the story of the ia64 ("Itanium") architecture, support for
which was removed during the 6.7 merge window. That removal has left a
small group of dedicated ia64 users unhappy and clinging to a faint hope
that this support could return in a year's time. ⌘ [Read more](https://lwn.net/Articles/950466/) 2023-11-10T14:18:29Z **Security updates for Friday**
Security updates have been issued by **Fedora** (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), **Mageia** (squid and vim), **Oracle** (dnsmasq, python3, squid, squid:4, and xorg-x11-server), **Red Hat** (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), **Scientific Linux** (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), **SUSE ... ⌘ [Read more](https://lwn.net/Articles/951066/) 2023-11-10T14:34:29Z **GNOME supported by the Sovereign Tech Fund**
The GNOME Foundation has [announced](https://foundation.gnome.org/2023/11/09/gnome-recognized-as-public-interest-infrastructure/)
the receipt of a €1 million award from the German [Sovereign Tech Fund](https://sovereigntechfund.de/en/). The
funding will support work on accessibility, privacy, hardware support, and more. ⌘ [Read more](https://lwn.net/Articles/951068/) 2023-11-10T15:26:06Z **[$] listmount() and statmount()**
Years ago, the list of mounted filesystems on a Unix or Linux machine was
relatively short and static. Adding a filesystem, which typically involved
buying a new drive, happened rarely. In contrast, contemporary systems
with a large number of containers can have a long and dynamic list of
mounted filesystems. As was [discussed](https://lwn.net/Articles/934469/) at
the [2023 LSFMM+BPF Summit](https://lwn.net/Articles/lsfmmbpf2023/), the Linux
kernel's mechanism for providing information about mounted fil ... ⌘ [Read more](https://lwn.net/Articles/950569/) 2023-11-10T16:45:35Z **A documentary on the development of eBPF**
For folks with an interest in how extended BPF came to be and a half-hour
to spare, the [announcement](https://www.businesswire.com/news/home/20231108253883/en/Documentary-Film-%E2%80%9CeBPF-Unlocking-the-Kernel%E2%80%9D-Reveals-the-Unfolding-Revolution-of-eBPF)
has gone out of a new film called "eBPF: Unlocking the kernel", released at
the KubeCon+CloudNativeCon event. The documentary [is available on\
YouTube](https://www.youtube.com/watch?v=Wb_vD3XZYOA). ⌘ [Read more](https://lwn.net/Articles/951093/) 2023-11-13T03:34:37Z **Kernel prepatch 6.7-rc1**
Linus Torvalds has released
[6.7-rc1](https://lwn.net/Articles/951200/), thus closing the merge window
for this release. It is the largest merge window ever, but some of that
was due to the bcachefs history that came with merge of that filesystem.

> But 6.7 is pretty
> big in other ways too, with
>
> 12678 files changed, 838819 insertions(+), 280754 deletions(-)
>
> which is also bigger than those historically big releases [4.9, 5.8 and
> 5.13]. And that's
> not due to bcachefs, that's actually mainly due to i ... ⌘ [Read more](https://lwn.net/Articles/951201/) 2023-11-13T14:01:58Z **[$] The rest of the 6.7 merge window**
By the time that the 6.7 merge window closed on November 12, 15,418
non-merge changesets had been pulled into the mainline kernel. That makes
this one of the busiest merge windows ever; if one discounts the lengthy
bcachefs development history (some 2,800 commits), though, then the patch
volume is roughly in line with other recent kernels. Over 5,000 of those
commits were merged after [our first-half\
merge-window summary](https://lwn.net/Articles/949294/) was written. ⌘ [Read more](https://lwn.net/Articles/949957/) 2023-11-13T14:01:19Z **Security updates for Monday**
Security updates have been issued by **Debian** (audiofile and ffmpeg), **Fedora** (keylime, python-pillow, and tigervnc), **Mageia** (quictls and vorbis-tools), **Oracle** (grub2), **Red Hat** (galera, mariadb, plexus-archiver, python, squid, and squid34), and **SUSE** (clamav, kernel, mupdf, postgresql14, tomcat, tor, and vlc). ⌘ [Read more](https://lwn.net/Articles/951237/) 2023-11-14T13:11:43Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (postgresql-11, postgresql-13, and postgresql-15), **Fedora** (chromium, optipng, and radare2), **Scientific Linux** (plexus-archiver and python), **Slackware** (tigervnc), **SUSE** (apache2, containerized-data-importer, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, postgresql, postgresql15, postgresql16, postgresql12, postgresql13, python-Django1, squashfs, and xterm), and **Ubuntu** (firefox and memcached). ⌘ [Read more](https://lwn.net/Articles/951311/) 2023-11-14T15:45:46Z **[$] Using Common Lisp in Emacs**
[Lisp](https://en.wikipedia.org/wiki/Lisp_(programming_language))
is one of the oldest programming languages still in use today, but it has
evolved in multiple directions over its more than 60-year history. Two of
the more prominent descendants, [Common Lisp](https://en.wikipedia.org/wiki/Common_Lisp) and [Emacs Lisp](https://en.wikipedia.org/wiki/Emacs_Lisp) (or Elisp),
are fairly closely related at some level, but there is still something of a
divide between them. Some recent discussion in the emacs-de ... ⌘ [Read more](https://lwn.net/Articles/951090/) 2023-11-15T12:57:38Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (libclamunrar and ruby-sanitize), **Fedora** (frr, roundcubemail, and webkitgtk), **Mageia** (freerdp and tomcat), **Red Hat** (avahi, bind, c-ares, cloud-init, container-tools:4.0, container-tools:rhel8, cups, dnsmasq, edk2, emacs, flatpak, fwupd, ghostscript, grafana, java-21-openjdk, kernel, kernel-rt, libfastjson, libmicrohttpd, libpq, librabbitmq, libreoffice, libreswan, libX11, linux-firmware, mod\_auth\_openidc:2.3, nodejs:20, opensc, perl-HTTP-Tiny, ... ⌘ [Read more](https://lwn.net/Articles/951480/) 2023-11-15T13:47:45Z **A GNU COBOL status update**
For the COBOL users out there, James K. Lowden has [posted\
an update](https://lwn.net/ml/gcc/20231113163647.ddbda1708295a0a5e41f9875@schemamania.org/) on the current status of the GNU COBOL compiler.

> When in November we turn back our clocks, then naturally do
> programmers' thoughts turn to Cobol, its promise, and future.
>
> At last post, nine months ago, we were working our way through the
> NIST CCVS/85 test suite. I am pleased to report that process is
> complete. As far as NIST is concerned, gcobol ... ⌘ [Read more](https://lwn.net/Articles/951498/) 2023-11-15T13:58:04Z **Intel's "redundant prefix issue"**
Tavis Ormandy has [described a bug](https://lock.cmpxchg8b.com/reptar.html)
in some Intel CPUs that can lead to a crash (or worse):

> We believe this bug causes the frontend to miscalculate the size of
> the movsb instruction, causing subsequent entries in the ROB [reorder buffer] to be
> associated with incorrect addresses. When this happens, the CPU
> enters a confused state that causes the instruction pointer to be
> miscalculated.
>
> The machine can eventually recover from this state, perhaps ... ⌘ [Read more](https://lwn.net/Articles/951500/) 2023-11-15T21:37:22Z **[$] Faster kernel testing with virtme-ng**
Building new kernels and booting into them is an unavoidable—and
time-consuming—part of kernel development. Andrea Righi works for
Canonical on the Ubuntu kernel team, so he does a lot of that and wanted to
find a way to speed up the task. To that end, he has been working
on [virtme-ng](https://github.com/arighi/virtme-ng), which is a
way to boot a new kernel in a virtual machine, and it does
so quickly. He came to the [2023\
Linux Plumbers Conference](https://lpc.events) (LPC) in Richmond, Vir ... ⌘ [Read more](https://lwn.net/Articles/951313/) 2023-11-16T02:41:00Z **[$] LWN.net Weekly Edition for November 16, 2023**
The LWN.net Weekly Edition for November 16, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/950829/) 2023-11-16T13:36:45Z **[$] The real realtime preemption end game**
The addition of realtime support to Linux is a long story; it first
[shows up in LWN](https://lwn.net/Articles/106010/) in 2004. For much of that
time, it has seemed like only a little more work was needed to get across
the finish line; thus we ran headlines like [the\
realtime preemption endgame](https://lwn.net/Articles/345076/) — in 2009. At the [2023 Linux Plumbers Conference](https://lpc.events/), Thomas
Gleixner informed the group that, now, the end truly is near. There is
really only on ... ⌘ [Read more](https://lwn.net/Articles/951337/) 2023-11-16T13:36:25Z **Security updates for Thursday**
Security updates have been issued by **Debian** (chromium and openvpn), **Oracle** (kernel, microcode\_ctl, plexus-archiver, and python), **Red Hat** (.NET 6.0, dotnet6.0, dotnet7.0, dotnet8.0, kernel, linux-firmware, and open-vm-tools), **SUSE** (apache2, chromium, jhead, postgresql12, postgresql13, and qemu), and **Ubuntu** (dotnet6, dotnet7, dotnet8, frr, python-pip, quagga, and tidy-html5). ⌘ [Read more](https://lwn.net/Articles/951681/) 2023-11-16T20:30:44Z **Rust 1.74.0 released**
[Version\
1.74.0](https://blog.rust-lang.org/2023/11/16/Rust-1.74.0.html) of the Rust language has been released. New features include
better configuration for linters, authenticated cargo repositories, and
support for projections in opaque return types. ⌘ [Read more](https://lwn.net/Articles/951750/) 2023-11-17T13:43:13Z **Security updates for Friday**
Security updates have been issued by **Debian** (webkit2gtk), **Fedora** (microcode\_ctl, pack, and tigervnc), **Slackware** (gimp), **SUSE** (frr, gcc13, go1.20, go1.20-openssl, go1.21, go1.21-openssl, libnbd, libxml2, python-Pillow, python-urllib3, and xen), and **Ubuntu** (intel-microcode and openvpn). ⌘ [Read more](https://lwn.net/Articles/951801/) 2023-11-17T16:04:11Z **[$] Preventing atomic-context violations in Rust code with klint**
One of the core constraints when programming in the kernel is the need to
avoid sleeping when running in atomic context. For the most part, the
responsibility for adherence to this rule is placed on the developer's
shoulders; Rust developers, though, want the compiler to ensure that code
is safe whenever possible. At the [2023 Linux\
Plumbers Conference](https://lpc.events/), Gary Guo presented (via a remote link) the klint
tool, which can find
and flag many atomic-conte ... ⌘ [Read more](https://lwn.net/Articles/951550/) 2023-11-20T00:20:53Z **Kernel prepatch 6.7-rc2**
The [second 6.7 kernel prepatch](https://lwn.net/Articles/951906/) is out for
testing. "The most noticeable thing is probably the turbostat tool
update, which actually came in during the merge window, but was delayed by
just waiting for getting the pull request properly signed." ⌘ [Read more](https://lwn.net/Articles/951907/) 2023-11-20T14:30:19Z **Security updates for Monday**
Security updates have been issued by **Debian** (freerdp2, lwip, netty, and wireshark), **Fedora** (dotnet6.0, dotnet7.0, golang, gst-devtools, gstreamer1, gstreamer1-doc, gstreamer1-plugin-libav, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-rtsp-server, gstreamer1-vaapi, podman-tui, prometheus-podman-exporter, python-gstreamer1, syncthing, and tigervnc), **Mageia** (chromium-browser-stable, haproxy, and tigervnc), **Oracle** (curl, ... ⌘ [Read more](https://lwn.net/Articles/951999/) 2023-11-21T14:58:33Z **Ekstrand: NVK reaches Vulkan 1.0 conformance**
Faith Ekstrand has [announced](https://www.collabora.com/news-and-blog/news-and-events/nvk-reaches-vulkan-conformance.html)
that the NVK Vulkan driver for NVIDIA "Turing" GPUs has been certified as
being fully compliant with the Vulkan 1.0 API.

> Practically, it means that we can pass the entire Vulkan
> conformance test suite. From the Khronos perspective, it means that
> NVK now meets the bar required to claim to support the Vulkan API
> officially. (There are some legal implications ... ⌘ [Read more](https://lwn.net/Articles/952089/) 2023-11-21T14:52:01Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (activemq, strongswan, and wordpress), **Mageia** (u-boot), **SUSE** (avahi, frr, libreoffice, nghttp2, openssl, openssl1, postgresql, postgresql15, postgresql16, python-Twisted, ucode-intel, and xen), and **Ubuntu** (avahi, hibagent, nodejs, strongswan, tang, and webkit2gtk). ⌘ [Read more](https://lwn.net/Articles/952088/) 2023-11-21T15:03:02Z **Firefox 120.0 released**
[Version\
120.0](https://www.mozilla.org/en-US/firefox/120.0/releasenotes/) of the Firefox browser is out. Changes include a new "copy link
without site tracking" option, the ability to enable the [Global Privacy Control](https://globalprivacycontrol.org/)
feature, and some additional privacy features seemingly restricted to users
in Germany. The browser will now also import TLS root certificates from
the operating system by default on Windows, macOS, and Android. ⌘ [Read more](https://lwn.net/Articles/952090/) 2023-11-21T15:06:55Z **[$] Trust in and maintenance of filesystems**
The Linux kernel supports a wide variety of filesystems, many of which are
no longer in heavy use — or, perhaps, any use at all. The kernel code
implementing the less-popular filesystems tends to be relatively unpopular
as well, receiving little in the way of maintenance. Keeping old
filesystems alive does place a burden on kernel developers, though, so it
is not surprising that there is pressure to remove the least popular ones.
At the 2023 Kernel Maintainers Summit, the developers talked a ... ⌘ [Read more](https://lwn.net/Articles/951846/) 2023-11-21T16:42:58Z **Git 2.43.0 released**
[Version 2.43.0](https://lwn.net/ml/git/xmqqzfz8l5or.fsf@gitster.g/) of the Git
source-code management system has been release. It includes a long list of
improvements and minor new features. ⌘ [Read more](https://lwn.net/Articles/952121/) 2023-11-21T16:47:28Z **RFC 9498: The GNU Name System**
The GNU Name System has now been formalized as [RFC 9498](https://www.rfc-editor.org/rfc/rfc9498.html).

> GNS addresses long-standing security and privacy issues in the
> ubiquitous Domain Name System (DNS). Previous attempts to secure
> DNS (DNSSEC) fail to address critical security issues such as
> end-to-end security, query privacy, censorship, and centralization
> of root zone governance. After 40 years of patching, it is time for
> a new beginning. ⌘ [Read more](https://lwn.net/Articles/952122/) 2023-11-22T15:17:35Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (gimp), **Fedora** (audiofile and firefox), **Mageia** (postgresql), **Red Hat** (binutils, c-ares, fence-agents, glibc, kernel, kernel-rt, kpatch-patch, libcap, libqb, linux-firmware, ncurses, pixman, python-setuptools, samba, and tigervnc), **Slackware** (kernel and mozilla), **SUSE** (apache2-mod\_jk, avahi, container-suseconnect, java-1\_8\_0-openjdk, libxml2, openssl-1\_0\_0, openssl-1\_1, openvswitch, python3-setuptools, strongswan, ucode-intel, and u ... ⌘ [Read more](https://lwn.net/Articles/952312/) 2023-11-22T16:37:04Z **Happy Thanksgiving**
November 23 is the US Thanksgiving holiday; as is our tradition, we will
not be publishing an LWN Weekly Edition this week as we will be far too
busy eating. We wish a good holiday to all of our readers (whether they
celebrate it or not); the weekly edition will return on December 7. ⌘ [Read more](https://lwn.net/Articles/952354/) 2023-11-24T14:26:47Z **Security updates for Friday**
Security updates have been issued by **Debian** (firefox-esr, gnutls28, intel-microcode, and tor), **Fedora** (chromium, microcode\_ctl, openvpn, and vim), **Gentoo** (LinuxCIFS utils, SQLite, and Zeppelin), **Oracle** (c-ares, container-tools:4.0, dotnet7.0, kernel, kernel-container, nodejs:20, open-vm-tools, squid:4, and tigervnc), **Red Hat** (samba and squid), **Slackware** (mozilla), **SUSE** (fdo-client, firefox, libxml2, maven, maven-resolver, sbt, xmvn, poppler, python-Pillow, squid, strongswan, and ... ⌘ [Read more](https://lwn.net/Articles/952602/) 2023-11-24T16:45:21Z **[$] Reducing kernel-maintainer burnout**
Overstressed maintainers are a constant topic of conversation throughout
the open-source community. Kernel maintainers have been complaining more
loudly than usual recently about overwork and stress. The problems that
maintainers are facing are clear; what to do about them is rather less so.
A session at the 2023 Maintainers Summit took up the topic yet again with
the hope of finding some solutions; there may be answers, perhaps even
within the kernel community, but a general solution still seems ... ⌘ [Read more](https://lwn.net/Articles/952034/) 2023-11-26T21:14:57Z **OpenSSL 3.2.0 released**
[OpenSSL\
3.2.0](https://www.openssl.org/news/openssl-3.2-notes.html) has been released. New features include client-side QUIC
support, a number of new cryptographic algorithms, support for TCP fast
open, TLS certificate compression, and more. ⌘ [Read more](https://lwn.net/Articles/952782/) 2023-11-27T14:13:17Z **Kernel prepatch 6.7-rc3**
Linus has released [6.7-rc3](https://lwn.net/Articles/952841/) for testing.
"The diffstat here is dominated by a couple of reverts of some Realtek
phy code (accounting for almost a third of the diff).

But ignoring that, it's mostly fairly small, and all over the place." ⌘ [Read more](https://lwn.net/Articles/952842/) 2023-11-27T14:45:30Z **Pipewire 1.0 released**
[PipeWire](https://pipewire.org), the audio/video bus meant to
replace PulseAudio, JACK, and other systems, has [reached\
1.0](https://gitlab.freedesktop.org/pipewire/pipewire/-/releases/1.0.0). In celebration, Fedora Magazine is running [an\
interview with PipeWire creator Wim Taymans](https://fedoramagazine.org/pipewire-1-0-an-interview-with-pipewire-creator-wim-taymans/).

> PipeWire is an IPC mechanism for multimedia. The most interesting
> stuff will happen in the session manager, the modules, the
> applic ... ⌘ [Read more](https://lwn.net/Articles/952848/) 2023-11-27T15:00:50Z **Security updates for Monday**
Security updates have been issued by **Debian** (freeimage, gimp, gst-plugins-bad1.0, node-json5, opensc, python-requestbuilder, reportbug, strongswan, symfony, thunderbird, and tiff), **Fedora** (chromium, galera, golang, kubernetes, mariadb, python-asyncssh, thunderbird, vim, and webkitgtk), **Gentoo** (AIDE, Apptainer, GLib, GNU Libmicrohttpd, Go, GRUB, LibreOffice, MiniDLNA, multipath-tools, Open vSwitch, phpMyAdmin, QtWebEngine, and RenderDoc), **Slackware** (vim), **SUSE** (gstreamer-plugins-bad, java ... ⌘ [Read more](https://lwn.net/Articles/952923/) 2023-11-27T15:09:39Z **[$] A discussion on kernel-maintainer pain points**
A regular feature of the Kernel Maintainers Summit is a session where Linus
Torvalds discusses the problems that he has been encountering. In recent
years, though, there have been relatively few of those problems, so this
year he turned things around a bit by [asking\
the community](https://lwn.net/ml/ksummit-discuss/CAHk-=whGOUw=YDsPxd9o5M_JqcisE+TjcQQ-=SLYOnHd12D0Fw@mail.gmail.com/) what problems it was seeing instead. He then addressed
them at the Summit in a session covering aspect ... ⌘ [Read more](https://lwn.net/Articles/952146/) 2023-11-28T14:58:02Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (cryptojs, fastdds, mediawiki, and minizip), **Fedora** (chromium, kubernetes, and thunderbird), **Mageia** (lilypond, mariadb, and packages), **Red Hat** (firefox, linux-firmware, and thunderbird), **SUSE** (compat-openssl098, gstreamer-plugins-bad, squashfs, squid, thunderbird, vim, and xerces-c), and **Ubuntu** (libtommath, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, perl, and python3.8, python3.10, python3.11). ⌘ [Read more](https://lwn.net/Articles/953099/) 2023-11-28T19:24:24Z **A pile of stable kernel updates**
The large
[6.6.3](https://lwn.net/Articles/953135/),
[6.5.13](https://lwn.net/Articles/953133/),
[6.1.64](https://lwn.net/Articles/953132/),
[5.15.140](https://lwn.net/Articles/953130/),
[5.10.202](https://lwn.net/Articles/953129/),
[5.4.262](https://lwn.net/Articles/953128/),
[4.19.300](https://lwn.net/Articles/953131/),
[4.14.331](https://lwn.net/Articles/953127/)
stable kernel updates have all been released; each contains another set of
important fixes. Note that 6.5.13 is the final update for 6.5. ⌘ [Read more](https://lwn.net/Articles/953126/) 2023-11-28T21:07:19Z **[$] Using drgn on production kernels**
The [drgn](https://github.com/osandov/drgn) Python-based kernel
debugger was developed by Omar Sandoval for use in his job on the kernel
team at Meta. He now spends most of his time working on drgn, both in
developing new features for the tool and in using
it to debug production problems at Meta, which gives him a view of both
ends of that feedback loop. At the [2023 \
Linux Plumbers \
Conference](https://lpc.events/event/17/page/198-lpc-2023-overview) (LPC), he led a session on drgn in the [kernel ... ⌘ [Read more](https://lwn.net/Articles/952942/) 2023-11-29T14:47:17Z **Security updates for Wednesday**
Security updates have been issued by **Debian** (gst-plugins-bad1.0 and postgresql-multicorn), **Fedora** (golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, libcap, nats-server, openvpn, and python-geopandas), **Mageia** (kernel), **Red Hat** (c-ares, curl, fence-agents, firefox, kernel, kernel-rt, kpatch-patch, libxml2, pixman, postgresql, and tigervnc), **SUSE** (python-azure-storage-queue, python-Twisted, and python3-Twisted), and ... ⌘ [Read more](https://lwn.net/Articles/953226/) 2023-11-29T15:11:37Z **Roundcube becomes part of Nextcloud**
Nextcloud has [announced](https://nextcloud.com/blog/open-source-email-pioneer-roundcube-comes-aboard-nextcloud/)
the "acquisition" of the Roundcube webmail system.

> As a product, Roundcube has an established path to success on its
> own. With opportunities remaining to be explored, a direct merger
> between Roundcube and Nextcloud is not planned. Neither will
> Roundcube replace Nextcloud Mail or the other way around. The
> products both have strengths and weaknesses and as open source
> pro ... ⌘ [Read more](https://lwn.net/Articles/953228/) 2023-11-29T21:45:22Z **[$] An overview of kernel samepage merging (KSM)**
In the [Kernel Summit\
track](https://lpc.events/event/17/sessions/153/) at the [2023 Linux\
Plumbers Conference](https://lpc.events/event/17/page/198-lpc-2023-overview) (LPC), Stefan Roesch led a session on [kernel\
samepage merging](https://www.kernel.org/doc/html/latest/admin-guide/mm/ksm.html) (KSM). He gave an overview of the feature and described
[some recent changes to KSM](https://lwn.net/Articles/928510/). He showed how
an application can enable KSM to deduplicate its memory an ... ⌘ [Read more](https://lwn.net/Articles/953141/) 2023-11-29T22:05:33Z **LibreQoS 1.4 released**
The [LibreQoS project](https://github.com/LibreQoE/LibreQoS)
describes itself as:

> LibreQoS is a Quality of Experience (QoE) Smart Queue Management
> (SQM) system designed for Internet Service Providers to optimize
> the flow of their network traffic and thus reduce bufferbloat, keep
> the network responsive, and improve the end-user experience.

[Version\
1.4](https://github.com/LibreQoE/LibreQoS/releases/tag/v1.4) of LibreQoS was released on November 17. "Version 1.4 is a
huge milestone. A whole new back-e ... ⌘ [Read more](https://lwn.net/Articles/953286/) 2023-11-30T00:18:12Z **[$] LWN.net Weekly Edition for November 30, 2023**
The LWN.net Weekly Edition for November 30, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/951631/) 2023-11-30T13:58:49Z **Security updates for Thursday**
Security updates have been issued by **Fedora** (chromium, gnutls, gst-devtools, gstreamer1, gstreamer1-doc, libcap, mingw-poppler, python-gstreamer1, qbittorrent, webkitgtk, and xen), **Mageia** (docker, kernel-linus, and python-django), **Oracle** (dotnet6.0, dotnet7.0, dotnet8.0, firefox, samba, squid, and thunderbird), **Red Hat** (firefox, postgresql:13, squid, and thunderbird), **SUSE** (cilium, freerdp, java-1\_8\_0-ibm, and java-1\_8\_0-openj9), and **Ubuntu** (ec2-hibinit-agent, freerdp2, gimp, g ... ⌘ [Read more](https://lwn.net/Articles/953379/) 2023-11-30T14:54:30Z **[$] A Rust implementation of Android's Binder**
The Android system was once famous for extensive, out-of-tree kernel
enhancements. Many of those have been eliminated or upstreamed over
the years, bringing Android much closer to the mainline kernel. One
significant component in the "upstreamed" category is Binder, an
interprocess communication mechanism that is used only by Android. There
are a number of factors that make Binder a good candidate for rewriting in
the Rust language; at the [2023 Linux\
Plumbers Conference](https://lpc.even ... ⌘ [Read more](https://lwn.net/Articles/953116/) 2023-12-01T15:15:17Z **Security updates for Friday**
Security updates have been issued by **Debian** (chromium, gimp-dds, horizon, libde265, thunderbird, vlc, and zbar), **Fedora** (java-17-openjdk and xen), **Mageia** (optipng, roundcubemail, and xrdp), **Red Hat** (postgresql), **Slackware** (samba), **SUSE** (chromium, containerd, docker, runc, libqt4, opera, python-django-grappelli, sqlite3, and traceroute), and **Ubuntu** (linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15,
 linu ... ⌘ [Read more](https://lwn.net/Articles/953512/) 2023-12-01T16:13:42Z **[$] A Nouveau graphics driver update**
Support for NVIDIA graphics processors has traditionally been a sore point
for Linux users; NVIDIA has not felt the need to cooperate with the kernel
community or make free drivers available, and the reverse-engineered
Nouveau driver has often struggled to keep up with product releases. There
have, however, been signs of improvement in recent years. At the [2023 Linux\
Plumbers Conference](https://lpc.events/event/17/page/198-lpc-2023-overview), graphics subsystem maintainer Dave Airlie provided
an ... ⌘ [Read more](https://lwn.net/Articles/953144/) 2023-12-04T00:54:18Z **6.7-rc4 and stable kernels too**
Linus has [released 6.7-rc4](https://lwn.net/Articles/953646/) for testing.
"And things look fine for now, with a fairly
small rc4".

Meanwhile, the
[6.6.4](https://lwn.net/Articles/953647/),
[6.1.65](https://lwn.net/Articles/953648/), and
[5.15.141](https://lwn.net/Articles/953649/)
stable kernel updates have been released; each contains another set of
important fixes. ⌘ [Read more](https://lwn.net/Articles/953645/) 2023-12-04T14:22:40Z **Security updates for Monday**
Security updates have been issued by **Debian** (amanda, ncurses, nghttp2, opendkim, rabbitmq-server, and roundcube), **Fedora** (golang-github-openprinting-ipp-usb, kernel, kernel-headers, kernel-tools, and samba), **Mageia** (audiofile, galera, libvpx, and virtualbox), **Oracle** (kernel and postgresql:13), **SUSE** (openssl-3, optipng, and python-Pillow), and **Ubuntu** (firefox). ⌘ [Read more](https://lwn.net/Articles/953702/) 2023-12-04T14:49:16Z **Bueso: LPC 2023: CXL Microconference**
Davidlohr Bueso has posted [a\
summary of the CXL microconference](https://blog.stgolabs.net/2023/12/lpc-2023-cxl-microconference.html) at the recently concluded Linux
Plumbers Conference. "The goals for the track were to openly discuss
current on-going development efforts around the core driver, as well as
experimental memory management topics which lead to accommodating kernel
infrastructure for new technology and use cases." ⌘ [Read more](https://lwn.net/Articles/953706/) 2023-12-04T15:54:20Z **GDB 14.1 released**
Version 14.1 of the GDB debugger is out. Changes include initial support
for the [debugger\
adapter protocol](https://microsoft.github.io/debug-adapter-protocol//), NO\_COLOR support, the ability to work with
integer types larger than 64 bits, a number of enhancements to the
Python API, and more. ⌘ [Read more](https://lwn.net/Articles/953732/) 2023-12-04T16:00:05Z **[$] What remains to be done for proxy execution**
The kernel's [deadline scheduling class](https://lwn.net/Articles/743740/)
offers a solution to a number of realtime (or generally latency-sensitive)
problems, but it is also resistant to the usual solutions for the [priority-inversion](https://en.wikipedia.org/wiki/Priority_inversion)
problem. The development community has been pursuing proxy execution as a
solution to a few scheduling challenges, including this one; the problem is
difficult and progress has been slow. LWN last [looked ... ⌘ [Read more](https://lwn.net/Articles/953438/) 2023-12-04T16:03:23Z **Django 5.0 released**
[Version\
5.0](https://www.djangoproject.com/weblog/2023/dec/04/django-50-released/) of the Django web framework is out. Significant changes include [database-computed\
default values](https://docs.djangoproject.com/en/5.0/releases/5.0/#database-computed-default-values), field groups in the templating system, and more; see [the release\
notes](https://docs.djangoproject.com/en/5.0/releases/5.0/) for details. ⌘ [Read more](https://lwn.net/Articles/953736/) 2023-12-05T14:09:15Z **Security updates for Tuesday**
Security updates have been issued by **Debian** (roundcube), **Fedora** (java-latest-openjdk), **Mageia** (libqb), **SUSE** (python-Django1), and **Ubuntu** (request-tracker4). ⌘ [Read more](https://lwn.net/Articles/953783/) 2023-12-05T20:34:50Z **[$] Supplementing CVEs with !CVEs**
The [Common Vulnerabilities and Exploits](https://www.cve.org/)
(CVE) system is the main mechanism for tracking various security
flaws,
using the omnipresent CVE number—even vulnerabilities with fancy names and
web sites
have CVE numbers. But the CVE system is not without its critics and, in
truth, the incentives between the reporting side and those responsible for
handling the bugs have always been misaligned, which leads to abuse of
various kinds. There have been [efforts to\
combat some of those ab ... ⌘ [Read more](https://lwn.net/Articles/953738/) 2023-12-06T14:33:07Z **Security updates for Wednesday**
Security updates have been issued by **Fedora** (chromium, clevis-pin-tpm2, firefox, keyring-ima-signer, libkrun, perl, perl-PAR-Packer, polymake, poppler, rust-bodhi-cli, rust-coreos-installer, rust-fedora-update-feedback, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sequoia-wot, rust-sevctl, rust-snphost, and rust-tealdeer), **Mageia** (samba), **Red Hat** (postgresql:12), **SUSE** (haproxy and kernel-firmware), and ... ⌘ [Read more](https://lwn.net/Articles/953861/) 2023-12-06T16:03:13Z **SLAM: a new Spectre technique**
Many processor vendors provide a mechanism to allow some bits of a pointer
value to be used to store unrelated data; these include Intel's [linear address masking (LAM)](https://lwn.net/Articles/902094/), AMD's [upper address ignore](https://lwn.net/Articles/888914/), and Arm's [top-byte\
ignore](https://www.linaro.org/blog/top-byte-ignore-for-fun-and-memory-savings/). A set of researchers has now [come up with a way](https://www.vusec.net/projects/slam/) (that
they call "SLAM") to use those features to b ... ⌘ [Read more](https://lwn.net/Articles/953880/) 2023-12-06T22:16:21Z **[$] A schism in the OpenPGP world**
The [OpenPGP](https://www.openpgp.org/) standard for email
encryption has been around since 1997, when it was derived from the
venerable [Pretty Good\
Privacy](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) (PGP) program that was released in 1991. Since it came about,
OpenPGP has been the decentralized, interoperable way to exchange encrypted
email, though
its use never really took off as advocates hoped. Now, though, it
would seem that a split in the OpenPGP community threatens to
fragment the Op ... ⌘ [Read more](https://lwn.net/Articles/953797/) 2023-12-07T00:58:03Z **[$] LWN.net Weekly Edition for December 7, 2023**
The LWN.net Weekly Edition for December 7, 2023 is available. ⌘ [Read more](https://lwn.net/Articles/953381/) 2023-12-07T14:18:27Z **Security updates for Thursday**
Security updates have been issued by **Debian** (tzdata), **Fedora** (gmailctl), **Oracle** (kernel), **Red Hat** (linux-firmware, postgresql:12, postgresql:13, and squid:4), **SUSE** (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, frr, libtorrent-rasterbar, qbittorrent, openssl-3, openvswitch, openvswitch3, and suse-build-key), and **Ubuntu** (bluez, curl, linux, linux- ... ⌘ [Read more](https://lwn.net/Articles/953977/) 2023-12-07T15:10:25Z **Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
(ars technica)**
[This\
ars technica article](https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/) describes how secure-boot firmware on a huge range
of systems can be subverted with a malicious image file:

> As its name suggests, LogoFAIL involves logos, specifically those
> of the hardware seller that are displayed on the device screen
> early in the boot process, while the ... ⌘ [Read more](https://lwn.net/Articles/953985/) 2023-12-07T16:28:53Z **[$] Controlling shadow-stack allocation in clone3()**
User-space shadow stacks are a relatively new feature in Linux; support was
only added for 6.6, and [is limited to the x86\
architecture](https://lwn.net/Articles/926649/). As support for other architectures (including [arm64](https://lwn.net/Articles/940403/) and RISC-V) approaches readiness,
though, more thought is going into the API for this feature. As a recent
discussion on the integration of shadow stacks with the [clone3() system call](https://lwn.net/Articles/792628/) shows, ... ⌘ [Read more](https://lwn.net/Articles/953794/) 2023-12-08T14:53:46Z **Security updates for Friday**
Security updates have been issued by **Fedora** (chromium), **Mageia** (firefox, thunderbird, and vim), **SUSE** (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container), and **Ubuntu** (freerdp2, glibc, and tinyxml). ⌘ [Read more](https://lwn.net/Articles/954092/) 2023-12-08T15:42:32Z **A bunch of new stable kernels**
The [6.6.5](https://lwn.net/Articles/954111/), [6.1.66](https://lwn.net/Articles/954112/), [5.15.142](https://lwn.net/Articles/954114/), [5.10.203](https://lwn.net/Articles/954115/), [5.4.263](https://lwn.net/Articles/954116/), [4.19.301](https://lwn.net/Articles/954117/), and [4.14.332](https://lwn.net/Articles/954120/) stable kernels have been released.
As usual, they contain important fixes throughout the kernel tree. ⌘ [Read more](https://lwn.net/Articles/954107/) 2023-12-08T16:02:11Z **[$] Modern C for Fedora (and the world)**
It can be instructive to pull down the dog-eared copy of the first edition
of _The C Programming Language_ that many of us still have on our
bookshelves; the language has changed considerably since that book was
published. Many "features" of early C have been left behind, usually for
good reasons, but there is still a lot of code in the wild that is still
using those features. A concerted effort is being made in both the Fedora
and GCC communities to fix that old code and enable some new errors ... ⌘ [Read more](https://lwn.net/Articles/954018/)