LWN.net

Changwoo Min providesan introduction to the sched_ext scheduling class:

In response to the expressed unhappiness over the recent logo-selectionprocess in the openSUSE project (covered in this article), the project has announcedthat there will be a new vote:

The gccrs project is an ambitiouseffort started in 2014 to implement a Rust compiler within The GNU CompilerCollection (GCC). Even though the task is far from complete, progress hasbeen made since LWN's previous coverage,according to reports from the project. Meanwhile, another hybrid and moremature approach to GCC Rust code generation is available in rustc_codegen_gcc.

Security updates have been issued by Debian (bluez and haproxy), Fedora (curl, dotnet6.0, dotnet7.0, tigervnc, and xorg-x11-server), Red Hat (avahi and gstreamer1-plugins-bad-free), Slackware (bluez), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cosign, curl, gstreamer-plugins-bad, haproxy, ImageMagick, kernel, kernel-firmware, libreoffice, tiff, traceroute, tracker-miners, webkit2gtk3, and xrdp), and Ubuntu (audiofile, budgie-extras, libreoffice, strongswan, vim, and yajl).

Wietse Venema posted a note to the postfix-users mailing list about the 25th anniversary of the Postfix mail server. As can be seen, it had a pivotal role in bringing more awareness of open-source software to IBM. Beyond that, of course, it is an excellent piece of software in its own right.

The kernel's stable-update process is intended to produce kernels that are,well, stable; when that promise is lived up to, users can update to newerstable updates without fear. By any account, a bug that corrupts data onext4 filesystems constitutes a failure to hold to that promise. As is sooften the case, this problem is the result of a chain of failures in asystem that works well most of the time.

Security updates have been issued by Debian (chromium and rabbitmq-server), Fedora (chromium, kernel, perl-CryptX, and python-jupyter-server), Mageia (curl), Oracle (curl and postgresql), Red Hat (gstreamer1-plugins-bad-free, linux-firmware, postgresql, postgresql:10, and postgresql:15), Slackware (xorg), SUSE (catatonit, containerd, runc, container-suseconnect, gimp, kernel, openvswitch, poppler, python-cryptography, python-Twisted, python3-cryptography, qemu, squid, tiff, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (xorg-server and xorg-server, xwayland).

The LWN.net Weekly Edition for December 14, 2023 is available.

A contest for new logosfor the openSUSE project and forfour separate distributions of it, Tumbleweed, Leap, Slowroll, and Kalpa, has turned into abit of an uproar in that community. A votehas been held on the candidates and winners have been announced, butsome are questioning why there is a need to change the existing logo (the"Geeko" chameleon) at all. In addition, there are questions about whether thenew logo will be trademarked (as previous ones have been)-and how manyyears that will take.

The6.6.7,6.1.68,5.15.143,5.10.204,5.4.264,4.19.302, and4.14.333stable kernel updates have all been released; each contains another set ofimportant fixes.

The Rust for Linux (RFL) project may not have (yet) resulted in user-visiblechanges to the Linux kernel, but it seems the wider world has taken notice.Hongyu Li has announcedthat the Rust for Linux code is now part of a satellite just launchedout of China. The satellite is running a system called RROS, which follows the oldRTLinux pattern of running a realtime kernel alongside Linux. The realtimecore is written in Rust, using the RFL groundwork.

A new book called OpenPGP for applicationdevelopers has been released under the Creative Commons BY-SA license.

Security updates have been issued by Debian (debian-security-support and xorg-server), Fedora (java-17-openjdk, libcmis, and libreoffice), Mageia (fish), Red Hat (buildah, containernetworking-plugins, curl, fence-agents, kernel, kpatch-patch, libxml2, pixman, podman, runc, skopeo, and tracker-miners), SUSE (kernel, SUSE Manager 4.3.10 Release Notes, and SUSE Manager Client Tools), and Ubuntu (gnome-control-center, linux-gcp, linux-kvm, linux-gkeop, linux-gkeop-5.15, linux-hwe-6.2, linux-lowlatency-hwe-6.2, linux-nvidia-6.2, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, netatalk, and pydantic).

Konstantin Ryabitsev has announcedthat the movement of kernel mailing lists away from the venerablevger.kernel.org system is nearly complete:

The story of Canonical's takeover of the LXD container manager, and thesubsequent creation of the Incus fork, has beensimmering for a while. Now Incus developer Stephane Graber reportsthat Canonical has changed the license and contribution terms for LXD:

So-called "immutable" Linux distributions have been in development forsome time, but (unless you count Chrome OS) haven't gained much traction. Project Bluefin, is a heavilycustomized set of FedoraSilverblue images coming from the Universal Blue community; they aredesigned to deliver a reliable Linux desktop that's as easy to use as aChromebook but more customizable. Bluefin's mission is to change upthe desktop experience and attract a new generation of open-sourcecontributors with a "cloud-native"take on developing and delivering the operating system.

Security updates have been issued by Debian (libreoffice and webkit2gtk), Fedora (java-1.8.0-openjdk and seamonkey), Oracle (apr, edk2, kernel, and squid:4), Red Hat (postgresql:12, tracker-miners, and webkit2gtk3), SUSE (curl, go1.20, go1.21, hplip, openvswitch, opera, squid, and xerces-c), and Ubuntu (binutils, ghostscript, libreoffice, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-xilinx-zynqmp, postfixadmin, python3.11, and webkit2gtk).

James Bottomley writesthat open-source developers are increasingly likely to be held liable forflaws in their code and suggests a solution:

The Rust project makes incremental releases every sixweeks, a fact that makes it easy to overlook some of theinteresting changes coming to the language, such as newABIs, better debugger support, asynchronous traits, andsupport for C strings.The end of the year provides an opportunity to look backover the past several months of updates, and to lookforward to what to expect in 2024.

The 6.7-rc5 kernel prepatch is out fortesting.

Greg Kroah-Hartman has announced the release of the 6.6.6 and 6.1.67 stable kernels. Both contain a singlereversion of the "wifi: cfg80211: fix CQM for non-range use" patch.

Security updates have been issued by Debian (chromium), Fedora (bluez, chromium, and curl), Red Hat (apr), Slackware (libxml2), and Ubuntu (squid3 and tar).

There is a problem in multiple stable kernel releases that is causing data corruption in ext4 filesystems. It is caused by a problematic commit that is in multiple stable kernels:

It can be instructive to pull down the dog-eared copy of the first editionof The C Programming Language that many of us still have on ourbookshelves; the language has changed considerably since that book waspublished. Many "features" of early C have been left behind, usually forgood reasons, but there is still a lot of code in the wild that is stillusing those features. A concerted effort is being made in both the Fedoraand GCC communities to fix that old code and enable some new errors in theGCC14 release (which is instage 3 of its development cycle and likely to be released bymid-2024), but a fair amount of work remains to be done.

The 6.6.5, 6.1.66, 5.15.142, 5.10.203, 5.4.263, 4.19.301, and 4.14.332 stable kernels have been released.As usual, they contain important fixes throughout the kernel tree.

Security updates have been issued by Fedora (chromium), Mageia (firefox, thunderbird, and vim), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container), and Ubuntu (freerdp2, glibc, and tinyxml).

User-space shadow stacks are a relatively new feature in Linux; support wasonly added for 6.6, and is limited to the x86architecture. As support for other architectures (including arm64 and RISC-V) approaches readiness,though, more thought is going into the API for this feature. As a recentdiscussion on the integration of shadow stacks with the clone3() system call shows, there arestill some details to be worked out.

Thisars technica article describes how secure-boot firmware on a huge rangeof systems can be subverted with a malicious image file:

Security updates have been issued by Debian (tzdata), Fedora (gmailctl), Oracle (kernel), Red Hat (linux-firmware, postgresql:12, postgresql:13, and squid:4), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, frr, libtorrent-rasterbar, qbittorrent, openssl-3, openvswitch, openvswitch3, and suse-build-key), and Ubuntu (bluez, curl, linux, linux-aws, linux-azure, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive, linux-gcp, open-vm-tools, postgresql-12, postgresql-14, postgresql-15, and python-cryptography).

The LWN.net Weekly Edition for December 7, 2023 is available.

The OpenPGP standard for emailencryption has been around since1997, when it was derived from thevenerable Pretty GoodPrivacy (PGP) program that was released in1991. Since it came about,OpenPGP has been the decentralized, interoperable way to exchange encryptedemail, though its use never really took off as advocates hoped. Now, though, itwould seem that a split in the OpenPGP community threatens tofragment the OpenPGP-encrypted-email landscape, potentially leading tointeroperability woes.

Many processor vendors provide a mechanism to allow some bits of a pointervalue to be used to store unrelated data; these include Intel's linear address masking (LAM), AMD's upper address ignore, and Arm's top-byteignore. A set of researchers has now come up with a way (thatthey call "SLAM") to use those features to bypass many checks on pointervalidity, opening up a new set of Spectre attacks.

Security updates have been issued by Fedora (chromium, clevis-pin-tpm2, firefox, keyring-ima-signer, libkrun, perl, perl-PAR-Packer, polymake, poppler, rust-bodhi-cli, rust-coreos-installer, rust-fedora-update-feedback, rust-gst-plugin-reqwest, rust-pore, rust-rpm-sequoia, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sq, rust-sequoia-wot, rust-sevctl, rust-snphost, and rust-tealdeer), Mageia (samba), Red Hat (postgresql:12), SUSE (haproxy and kernel-firmware), and Ubuntu (haproxy, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-lowlatency, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oem-6.1, and redis).

The Common Vulnerabilities and Exploits(CVE) system is the main mechanism for tracking various securityflaws, using the omnipresent CVE number-even vulnerabilities with fancy names andweb siteshave CVE numbers. But the CVE system is not without its critics and, intruth, the incentives between the reporting side and those responsible forhandling the bugs have always been misaligned, which leads to abuse ofvarious kinds. There have been efforts tocombat some of those abuses along the way; a newly announced"!CVE" project is meant to track vulnerabilities "that are notacknowledged by vendors but still are serious security issues".

Security updates have been issued by Debian (roundcube), Fedora (java-latest-openjdk), Mageia (libqb), SUSE (python-Django1), and Ubuntu (request-tracker4).

Version5.0 of the Django web framework is out. Significant changes include database-computeddefault values, field groups in the templating system, and more; see the releasenotes for details.

The kernel's deadline scheduling classoffers a solution to a number of realtime (or generally latency-sensitive)problems, but it is also resistant to the usual solutions for the priority-inversionproblem. The development community has been pursuing proxy execution as asolution to a few scheduling challenges, including this one; the problem isdifficult and progress has been slow. LWN last looked at proxy execution in June; at the 2023 LinuxPlumbers Conference, John Stultz gave an overview of proxy execution,the current status of the work, and the remaining problems to solve.

Version 14.1 of the GDB debugger is out. Changes include initial supportfor the debuggeradapter protocol, NO_COLOR support, the ability to work withinteger types larger than 64bits, a number of enhancements to thePython API, and more.

Davidlohr Bueso has posted asummary of the CXL microconference at the recently concluded LinuxPlumbers Conference. "The goals for the track were to openly discusscurrent on-going development efforts around the core driver, as well asexperimental memory management topics which lead to accommodating kernelinfrastructure for new technology and use cases."

Security updates have been issued by Debian (amanda, ncurses, nghttp2, opendkim, rabbitmq-server, and roundcube), Fedora (golang-github-openprinting-ipp-usb, kernel, kernel-headers, kernel-tools, and samba), Mageia (audiofile, galera, libvpx, and virtualbox), Oracle (kernel and postgresql:13), SUSE (openssl-3, optipng, and python-Pillow), and Ubuntu (firefox).

Linus has released 6.7-rc4 for testing."And things look fine for now, with a fairlysmall rc4".Meanwhile, the6.6.4,6.1.65, and5.15.141stable kernel updates have been released; each contains another set ofimportant fixes.

Support for NVIDIA graphics processors has traditionally been a sore pointfor Linux users; NVIDIA has not felt the need to cooperate with the kernelcommunity or make free drivers available, and the reverse-engineeredNouveau driver has often struggled to keep up with product releases. Therehave, however, been signs of improvement in recent years. At the 2023 LinuxPlumbers Conference, graphics subsystem maintainer Dave Airlie providedan update on the state of support for NVIDIA GPUs and what remains to bedone.

Security updates have been issued by Debian (chromium, gimp-dds, horizon, libde265, thunderbird, vlc, and zbar), Fedora (java-17-openjdk and xen), Mageia (optipng, roundcubemail, and xrdp), Red Hat (postgresql), Slackware (samba), SUSE (chromium, containerd, docker, runc, libqt4, opera, python-django-grappelli, sqlite3, and traceroute), and Ubuntu (linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, and linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2).

The Android system was once famous for extensive, out-of-tree kernelenhancements. Many of those have been eliminated or upstreamed overthe years, bringing Android much closer to the mainline kernel. Onesignificant component in the "upstreamed" category is Binder, aninterprocess communication mechanism that is used only by Android. Thereare a number of factors that make Binder a good candidate for rewriting inthe Rust language; at the 2023 LinuxPlumbers Conference, Carlos Llamas and Alice Ryhl described themotivation behind and implementation of a rewrite of Binder in Rust.

Security updates have been issued by Fedora (chromium, gnutls, gst-devtools, gstreamer1, gstreamer1-doc, libcap, mingw-poppler, python-gstreamer1, qbittorrent, webkitgtk, and xen), Mageia (docker, kernel-linus, and python-django), Oracle (dotnet6.0, dotnet7.0, dotnet8.0, firefox, samba, squid, and thunderbird), Red Hat (firefox, postgresql:13, squid, and thunderbird), SUSE (cilium, freerdp, java-1_8_0-ibm, and java-1_8_0-openj9), and Ubuntu (ec2-hibinit-agent, freerdp2, gimp, gst-plugins-bad1.0, openjdk-17, openjdk-21, openjdk-lts, openjdk-8, pypy3, pysha3, and u-boot-nezha).

The LWN.net Weekly Edition for November 30, 2023 is available.

The LibreQoS projectdescribes itself as:

In the Kernel Summittrack at the 2023 LinuxPlumbers Conference (LPC), Stefan Roesch led a session on kernelsamepage merging (KSM). He gave an overview of the feature and describedsome recent changes to KSM. He showed howan application can enable KSM to deduplicate its memory and how the featurecan be evaluated to determine whether it is a good fit for new workloads.In addition, he provided some real-world data of the benefits from hisworkplace at Meta.

Nextcloud has announcedthe "acquisition" of the Roundcube webmail system.

Security updates have been issued by Debian (gst-plugins-bad1.0 and postgresql-multicorn), Fedora (golang-github-nats-io, golang-github-nats-io-jwt-2, golang-github-nats-io-nkeys, golang-github-nats-io-streaming-server, libcap, nats-server, openvpn, and python-geopandas), Mageia (kernel), Red Hat (c-ares, curl, fence-agents, firefox, kernel, kernel-rt, kpatch-patch, libxml2, pixman, postgresql, and tigervnc), SUSE (python-azure-storage-queue, python-Twisted, and python3-Twisted), and Ubuntu (afflib, ec2-hibinit-agent, linux-nvidia-6.2, linux-starfive-6.2, and poppler).