LWN.net

Linus Torvalds was able to release 6.8-rc1and close the 6.8 merge window on time despite losing power to his home formost of a week. He noted that this merge window is "maybe a bit smallerthan usual", but 12,239 non-merge changesets found their way into themainline, so it's not that small. About 8,000 of those changes weremerged since the first-half summary waswritten; the second half saw a lot of device-driver updates, but therewere other interesting changes as well.

Security updates have been issued by Debian (keystone and subunit), Fedora (dotnet6.0, golang, kernel, sos, and tigervnc), Mageia (erlang), Red Hat (openssl), SUSE (bluez, python-aiohttp, and seamonkey), and Ubuntu (postfix and xorg-server).

The 6.8-rc1 kernel prepatch is out fortesting.

The6.7.1,6.6.13, and6.1.74stable kernel updates have been released; each contains another set ofimportant fixes.

SourceHut has publisheda post-mortem of itsoutage earlier this month.The post-mortem covers the causes of the outage and what steps SourceHuttook to mitigate it, ending by saying:

Jujutsu is a Git-compatibledistributed version control system originally started as a hobby project byMartin von Zweigbergk in 2019. It is intended to be a simpler, more performantGit replacement. Jujutsu boasts a radically simplified user interface and integratesideas from patch-based version control systems for a novel take on resolvingmerge conflicts. It is written in Rust and available under an Apache 2.0 license.

Internet pioneer and Network Time Protocol (NTP) inventor Dave Mills has died, as reported by Vint Cerf:

The proposed mseal() system callstirred up some controversy when it was first posted in October 2023.Since then, it has been evolving in a quieter fashion, and seems to havereached a point where the relevant commenters are willing to accept it.Should mseal() be merged in a future development cycle, it willlook rather different than it did at the outset.

The openSUSE News site has put up abrief article on how Slowroll fits into the spectrum of openSUSEdistributions.

Security updates have been issued by Fedora (chromium, golang-github-facebook-time, podman, and xorg-x11-server-Xwayland), Oracle (.NET 6.0, java-1.8.0-openjdk, java-11-openjdk, and python3.11-cryptography), Red Hat (java-11-openjdk, python-requests, and python-urllib3), SUSE (chromium, kernel, libcryptopp, libuev, perl-Spreadsheet-ParseExcel, suse-module-tools, and xwayland), and Ubuntu (filezilla and xerces-c).

Luis Villa writesabout the recent ruling in the Software Freedom Conservancy'sGPL-violation lawsuit against Vizio, wherein the judge refused to agreethat the SFC lacks standing to sue.

Ken Jin from the Faster CPython project has been working ontaking Python's recently-added just-in-time (JIT) compiler further by adding support for a peephole optimizer that rewrites the JIT's intermediate representation to introduce constant folding, type specialization, and other optimizations.Those techniques should provide significant benefits for theperformance of many different types of code running on CPython.

Security updates have been issued by CentOS (ImageMagick), Debian (chromium), Fedora (golang-x-crypto, golang-x-mod, golang-x-net, golang-x-text, gtkwave, redis, and zbar), Mageia (tinyxml), Oracle (.NET 7.0, .NET 8.0, java-1.8.0-openjdk, java-11-openjdk, python3, and sqlite), Red Hat (gstreamer-plugins-bad-free, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-21-openjdk), SUSE (kernel, libqt5-qtbase, libssh, pam, rear23a, and rear27a), and Ubuntu (pam and zookeeper).

The LWN.net Weekly Edition for January 18, 2024 is available.

Python's static-typing feature has come a long way since it was introduced in 2014. Adding typeinformation to functions has always been-and will remain-optional, but typingstill remains somewhat contentious. There are multiple kinds ofconsumers of the information, each with their own needs andwishes, as well as users of the feature with expectations of their own. That hasled to the formation of a Python typing councilto govern the type system for the language, though, as might be guessed,there are still grumblings from various quarters.

When, at the beginning of November, we posted an open position at LWN, we were only sohopeful; experience has shown that finding writers who are both capable ofand interested in writing our sort of material is a challenging task. Thistime, though, hope was justified: we got a surprising number ofapplications from highly qualified applicants. The hardest part of thetask has, instead, been narrowing down the choice to a hiring decision.We are pleased to announce that Daroc Alden has just joined LWN's staff.Daroc is a programmer from New England, where they live with theirspouse and their cat. They graduated with a Master's degree in ComputerScience from the University of New Hampshire. In their spare time, theyenjoy fiction writing and musicals. They are especially interested in programming language theory and implementation.Daroc will be taking on some of the load of keeping LWN interesting whilehelping us to expand our content mix in the areas that our readers areinterested in. Please give them your support as they come up to speedwithin our operation. We are looking forward to having Daroc as part of areinforced and more energetic LWN going forward.

Networking maintainer Jakub Kicinski (along with several collaborators) hasput up a summary ofwhat happened in the kernel's network stack during 2023.

Security updates have been issued by Fedora (zabbix), Gentoo (OpenJDK), Red Hat (kernel), Slackware (gnutls and xorg), SUSE (cloud-init, kernel, xorg-x11-server, and xwayland), and Ubuntu (freeimage, postgresql-10, and xorg-server, xwayland).

The new year arrived bearing a new version of Julia, a general-purpose, open-sourceprogramming languagewith a focus on high-performancescientific computing.Some of Julia's unusual features are Lisp-inspiredmetaprogramming, the ability to examine compiled representations of code inthe REPL or in a "reactivenotebook", an advanced type and dispatch system, and a sophisticated,built-in package manager.Version1.10 brings big increases inspeed and developer convenience,especially improvements in code precompilation and loading times. It alsofeatures a new parser written in Julia.

Version9.0 of the Wine Windows-compatibility system has been released."This release represents a year of development effort and over 7,000individual changes. It contains a large number of improvements that arelisted below. The main highlights are the new WoW64 architecture and theexperimental Wayland driver."

On January 13, Linus Torvalds letit be known that he had lost power due to the bad weather in the USPacific Northwest. As of this writing, he has not yet resurfaced, so the6.8 merge window has ground to a halt.

Security updates have been issued by Gentoo (KTextEditor, libspf2, libuv, and Nettle), Mageia (hplip), Oracle (container-tools:4.0, gnutls, idm:DL1, squid, squid34, and virt:ol, virt-devel:rhel), Red Hat (.NET 6.0, krb5, python3, rsync, and sqlite), SUSE (chromium, perl-Spreadsheet-ParseXLSX, postgresql, postgresql15, postgresql16, and rubygem-actionpack-5_1), and Ubuntu (binutils, libspf2, libssh2, mysql-5.7, w3m, webkit2gtk, and xerces-c).

The 6.6.12, 6.1.73, 5.15.147, 5.10.208, 5.4.267, and 4.19.305 stable kernels have beenreleased. They contain a relatively small number of important fixes.

The openSUSE project has confirmedthat there will be a successor to openSUSE Leap15, but is not sharinga lot of details at this point.

John Stawinski IV describes,in detail, how he and a partner were able to compromise the security of theheavily used PyTorch project.

As the Rust-for-Linux projectadvances, the kernel is gradually accumulating abstraction layers that enable Rust code to interface with theexisting C code. As the discussion around the set of filesystemabstractions posted by Wedson Almeida Filho in December shows, though,there is some tension between two approaches to the design of thoseabstractions. The approach favored by most of the kernel's C programmerslooks set to win out, but this is a discussion that is likely to return asthe use of Rust in the kernel grows.

Security updates have been issued by CentOS (bind, cups, curl, firefox, ipa, iperf3, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, linux-firmware, open-vm-tools, openssh, postgresql, python, python3, squid, thunderbird, tigervnc, and xorg-x11-server), Fedora (chromium, python-flask-security-too, and tkimg), Gentoo (libgit2, Opera, QPDF, and zlib), Mageia (chromium-browser-stable, gnutls, openssh, packages, and vlc), Oracle (.NET 6.0, fence-agents, frr, ipa, kernel, nss, pixman, and tomcat), and SUSE (gstreamer-plugins-bad).

The 5.10.207 stable kernel update has beenreleased; it consists entirely of a handful of reverts of SCSI patches.

The Linux Mint distribution has announced the release of Linux Mint 21.3, which is codenamed "Virginia". It has the Cinnamon 6.0 desktop, "comes with full support for SecureBoot and compatibility with a wider variety of BIOS and EFI implementation", has added new features to the Hypnotix TV-viewer application, and more. See the release notes for even more information about it.

The 6.8 merge window has gotten off to a relatively slow start; reasons forthat include a significant scheduler performance regression that LinusTorvalds stumbledinto and has spent time tracking down. Even so, 4,282 non-mergechangesets have found their way into the mainline repository for the 6.8release as of this writing. These commits have brought a number ofsignificant changes and new features.

Users of SourceHut will have noticed that the site has been unreachable;Drew DeVault has now posted a report onwhat is happening (it's a distributed denial-of-service attack) andwhat is being done to recover.

Security updates have been issued by Debian (kernel, linux-5.10, php-phpseclib, php-phpseclib3, and phpseclib), Fedora (openssh and tinyxml), Gentoo (FreeRDP and Prometheus SNMP Exporter), Mageia (packages), Red Hat (openssl), SUSE (gstreamer-plugins-rs and python-django-grappelli), and Ubuntu (dotnet6, dotnet7, dotnet8, openssh, and xerces-c).

For those of you still using DSA keys with SSH: the project has announcedits plans to remove support for that algorithm around the beginning of2025.

The data structure known as a "closure" first found its way into themainline kernel with the addition of bcache in the 3.10 developmentcycle. With the advent of bcachefs in6.7, though, it acquired a second user and was moved to the kernel'slib directory, making it available to other kernel users as well.The documentation of closures in the source is better than that of manythings in the kernel, but there is still room for a gentler introduction.

Security updates have been issued by Debian (chromium), Fedora (chromium, python-paramiko, tigervnc, and xorg-x11-server), Oracle (ipa, libxml2, python-urllib3, python3, and squid), Red Hat (.NET 6.0, .NET 7.0, .NET 8.0, container-tools:4.0, fence-agents, frr, gnutls, idm:DL1, ipa, kernel, kernel-rt, libarchive, libxml2, nss, openssl, pixman, python-urllib3, python3, tigervnc, tomcat, and virt:rhel and virt-devel:rhel modules), SUSE (gstreamer-plugins-bad), and Ubuntu (firefox, Go, linux-aws, linux-gcp-5.15, linux-intel-iotg-5.15, linux-iot, linux-oem-6.1, and twisted).

The LWN.net Weekly Edition for January 11, 2024 is available.

As part of my quest to master Emacs, whichis sort of a sub-quest on the way toward learning more about Lisp, I havespent a fair amount of time discovering various corners of the Emacsworld. One of those is the famous "Orgmode" that is used for a wide variety of organizational tasks withinthe editor-and not just Emacs, but for Vim and others too.Org mode can be used for to-do lists, notes with interconnections between them, literateprogramming, web sites, and more. Now my quests are growing quests oftheir own and digging into Org mode is one of those.

The 4.14.336 stable kernel update has beenreleased with a small handful of fixes; this is the end of the line for the4.14 stable series:

Security updates have been issued by Fedora (libssh), Gentoo (FAAD2 and RedCloth), Red Hat (kpatch-patch and nss), SUSE (hawk2, LibreOffice, opera, and tar), and Ubuntu (glibc, golang-1.13, golang-1.16, linux-azure, linux-gkeop, monit, and postgresql-9.5).

A new releasefor any project with a fix for a12-year old CVE is going to standout pretty obviously; a recent release has a fix of that nature, but the trail of CVE-2012-5639 israther elusive. The ApacheOpenOffice project made its 4.1.15release with fixes for four CVEs, including one forCVE-2012-5639 ("Loading internal / external resources withoutwarning"), on December22. But nearly everything about that CVEseems rather murky, and it is difficult to get a clear picture of what,exactly, was done in OpenOffice to address the problem.

The Vcc compiler has beenannounced.

OpenWrt developer John Crispin says:"In 2024 the OpenWrt project turns 20 years! Let's celebrate thisanniversary by launching our own first and fully upstream supportedhardware design." The rest of the message describes the proposedOpenWrt-native network-routing system, based on Banana Pi boards; the project isbeing organized through the Software Freedom Conservancy. (Thanks to DaveTaht).

Thorsten Leemhuis writesabout his plans for improving the kernel's regression handling in thecoming year.

Anthony Shaw describesthe new copy-and-patch JIT that has been proposed for Python 3.13.

Version 4.5("Resilience") of the Solus distribution has been released. "Thisrelease brings updated applications and kernels, refreshed software stacks,a new installer, and a new ISO edition featuring the XFCE desktopenvironment."

Security updates have been issued by Debian (squid), Fedora (podman), Mageia (dropbear), SUSE (eclipse-jgit, jsch, gcc13, helm3, opusfile, qt6-base, thunderbird, and wireshark), and Ubuntu (clamav, libclamunrar, and qemu).

The 6.7 kernel was releasedon January7 after a ten-week development cycle. This was, as itturns out, the busiest cycle ever with regard to the number of changesetsmerged. The time has come for our usual look at where all those changesetscame from, with a side trip into how long kernel developers tend to stickaround.

Greg Kroah-Hartman has announced the release of the 5.4.266, 4.19.304, and 4.14.335 stable kernels. They containimportant fixes throughout the kernel tree.

Security updates have been issued by Debian (exim4), Fedora (chromium, perl-Spreadsheet-ParseExcel, python-aiohttp, python-pysqueezebox, and tinyxml), Gentoo (Apache Batik, Eclipse Mosquitto, firefox, R, Synapse, and util-linux), Mageia (libssh2 and putty), Red Hat (squid), SUSE (libxkbcommon), and Ubuntu (gnutls28).

Linus has released the 6.7 kernel.