LWN.net

The large6.6.3,6.5.13,6.1.64,5.15.140,5.10.202,5.4.262,4.19.300,4.14.331stable kernel updates have all been released; each contains another set ofimportant fixes. Note that 6.5.13 is the final update for 6.5.

Security updates have been issued by Debian (cryptojs, fastdds, mediawiki, and minizip), Fedora (chromium, kubernetes, and thunderbird), Mageia (lilypond, mariadb, and packages), Red Hat (firefox, linux-firmware, and thunderbird), SUSE (compat-openssl098, gstreamer-plugins-bad, squashfs, squid, thunderbird, vim, and xerces-c), and Ubuntu (libtommath, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, perl, and python3.8, python3.10, python3.11).

A regular feature of the Kernel Maintainers Summit is a session where LinusTorvalds discusses the problems that he has been encountering. In recentyears, though, there have been relatively few of those problems, so thisyear he turned things around a bit by askingthe community what problems it was seeing instead. He then addressedthem at the Summit in a session covering aspects of the developmentcommunity, including feedback to maintainers, diversity (or thelack thereof), and more.

Security updates have been issued by Debian (freeimage, gimp, gst-plugins-bad1.0, node-json5, opensc, python-requestbuilder, reportbug, strongswan, symfony, thunderbird, and tiff), Fedora (chromium, galera, golang, kubernetes, mariadb, python-asyncssh, thunderbird, vim, and webkitgtk), Gentoo (AIDE, Apptainer, GLib, GNU Libmicrohttpd, Go, GRUB, LibreOffice, MiniDLNA, multipath-tools, Open vSwitch, phpMyAdmin, QtWebEngine, and RenderDoc), Slackware (vim), SUSE (gstreamer-plugins-bad, java-1_8_0-ibm, openvswitch, poppler, slurm, slurm_22_05, slurm_23_02, sqlite3, vim, webkit2gtk3, and xrdp), and Ubuntu (openvswitch and thunderbird).

PipeWire, the audio/video bus meant toreplace PulseAudio, JACK, and other systems, has reached1.0. In celebration, Fedora Magazine is running aninterview with PipeWire creator Wim Taymans.

Linus has released 6.7-rc3 for testing."The diffstat here is dominated by a couple of reverts of some Realtekphy code (accounting for almost a third of the diff).But ignoring that, it's mostly fairly small, and all over the place."

OpenSSL3.2.0 has been released. New features include client-side QUICsupport, a number of new cryptographic algorithms, support for TCP fastopen, TLS certificate compression, and more.

Overstressed maintainers are a constant topic of conversation throughoutthe open-source community. Kernel maintainers have been complaining moreloudly than usual recently about overwork and stress. The problems thatmaintainers are facing are clear; what to do about them is rather less so.A session at the 2023 Maintainers Summit took up the topic yet again withthe hope of finding some solutions; there may be answers, perhaps evenwithin the kernel community, but a general solution still seems distant.

Security updates have been issued by Debian (firefox-esr, gnutls28, intel-microcode, and tor), Fedora (chromium, microcode_ctl, openvpn, and vim), Gentoo (LinuxCIFS utils, SQLite, and Zeppelin), Oracle (c-ares, container-tools:4.0, dotnet7.0, kernel, kernel-container, nodejs:20, open-vm-tools, squid:4, and tigervnc), Red Hat (samba and squid), Slackware (mozilla), SUSE (fdo-client, firefox, libxml2, maven, maven-resolver, sbt, xmvn, poppler, python-Pillow, squid, strongswan, and xerces-c), and Ubuntu (apache2, firefox, glusterfs, nghttp2, poppler, python2.7, python3.5, python3.6, tiff, and zfs-linux).

November 23 is the US Thanksgiving holiday; as is our tradition, we willnot be publishing an LWN Weekly Edition this week as we will be far toobusy eating. We wish a good holiday to all of our readers (whether theycelebrate it or not); the weekly edition will return on November30.

Rust has been a prominent topic at the Kernel Maintainers Summit for thelast couple of years, and the 2023 meeting continued that tradition. AsRust-for-Linux developer Miguel Ojeda noted at the beginning of the sessiondedicated to the topic, the level of interest in using Rust for kerneldevelopment has increased significantly over the last year. But Rust wasexplicitly added to Linux as an experiment; is the kernel community nowready to say that the experiment has succeeded?

Security updates have been issued by Debian (gimp), Fedora (audiofile and firefox), Mageia (postgresql), Red Hat (binutils, c-ares, fence-agents, glibc, kernel, kernel-rt, kpatch-patch, libcap, libqb, linux-firmware, ncurses, pixman, python-setuptools, samba, and tigervnc), Slackware (kernel and mozilla), SUSE (apache2-mod_jk, avahi, container-suseconnect, java-1_8_0-openjdk, libxml2, openssl-1_0_0, openssl-1_1, openvswitch, python3-setuptools, strongswan, ucode-intel, and util-linux), and Ubuntu (frr, gnutls28, hibagent, linux, linux-aws, linux-aws-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-raspi, linux-starfive, linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-laptop, linux-lowlatency, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive, linux-oem-6.1, mosquitto, rabbitmq-server, squid, and tracker-miners).

The GNU Name System has now been formalized as RFC 9498.

Version 2.43.0 of the Gitsource-code management system has been release. It includes a long list ofimprovements and minor new features.

The Linux kernel supports a wide variety of filesystems, many of which areno longer in heavy use - or, perhaps, any use at all. The kernel codeimplementing the less-popular filesystems tends to be relatively unpopularas well, receiving little in the way of maintenance. Keeping oldfilesystems alive does place a burden on kernel developers, though, so itis not surprising that there is pressure to remove the least popular ones.At the 2023 Kernel Maintainers Summit, the developers talked about thesefilesystems and what can be done about them.

Version120.0 of the Firefox browser is out. Changes include a new "copy linkwithout site tracking" option, the ability to enable the Global Privacy Controlfeature, and some additional privacy features seemingly restricted to usersin Germany. The browser will now also import TLS root certificates fromthe operating system by default on Windows, macOS, and Android.

Faith Ekstrand has announcedthat the NVK Vulkan driver for NVIDIA "Turing" GPUs has been certified asbeing fully compliant with the Vulkan 1.0 API.

Security updates have been issued by Debian (activemq, strongswan, and wordpress), Mageia (u-boot), SUSE (avahi, frr, libreoffice, nghttp2, openssl, openssl1, postgresql, postgresql15, postgresql16, python-Twisted, ucode-intel, and xen), and Ubuntu (avahi, hibagent, nodejs, strongswan, tang, and webkit2gtk).

Greg Kroah-Hartman has announced the release of the 6.6.2, 6.5.12,6.1.63, 5.15.139, 5.10.201, 5.4.261, 4.19.299, and 4.14.330 stable kernels. They contain arather large number of important fixes throughout the kernel tree.

Security updates have been issued by Debian (freerdp2, lwip, netty, and wireshark), Fedora (dotnet6.0, dotnet7.0, golang, gst-devtools, gstreamer1, gstreamer1-doc, gstreamer1-plugin-libav, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, gstreamer1-plugins-ugly-free, gstreamer1-rtsp-server, gstreamer1-vaapi, podman-tui, prometheus-podman-exporter, python-gstreamer1, syncthing, and tigervnc), Mageia (chromium-browser-stable, haproxy, and tigervnc), Oracle (curl, ghostscript, microcode_ctl, nghttp2, open-vm-tools, samba, and squid), SUSE (gcc13, postgresql14, and yt-dlp), and Ubuntu (iniparser).

The second 6.7 kernel prepatch is out fortesting. "The most noticeable thing is probably the turbostat toolupdate, which actually came in during the merge window, but was delayed byjust waiting for getting the pull request properly signed."

One of the core constraints when programming in the kernel is the need toavoid sleeping when running in atomic context. For the most part, theresponsibility for adherence to this rule is placed on the developer'sshoulders; Rust developers, though, want the compiler to ensure that codeis safe whenever possible. At the 2023 LinuxPlumbers Conference, Gary Guo presented (via a remote link) the klinttool, which can find and flag many atomic-context violations before they turn intouser-affecting bugs.

Security updates have been issued by Debian (webkit2gtk), Fedora (microcode_ctl, pack, and tigervnc), Slackware (gimp), SUSE (frr, gcc13, go1.20, go1.20-openssl, go1.21, go1.21-openssl, libnbd, libxml2, python-Pillow, python-urllib3, and xen), and Ubuntu (intel-microcode and openvpn).

Version1.74.0 of the Rust language has been released. New features includebetter configuration for linters, authenticated cargo repositories, andsupport for projections in opaque return types.

The addition of realtime support to Linux is a long story; it first shows up in LWN in 2004. For much of thattime, it has seemed like only a little more work was needed to get acrossthe finish line; thus we ran headlines like therealtime preemption endgame - in 2009. At the 2023 Linux Plumbers Conference, ThomasGleixner informed the group that, now, the end truly is near. There isreally only one big problem left to be solved before all of that work canland in the mainline.

Security updates have been issued by Debian (chromium and openvpn), Oracle (kernel, microcode_ctl, plexus-archiver, and python), Red Hat (.NET 6.0, dotnet6.0, dotnet7.0, dotnet8.0, kernel, linux-firmware, and open-vm-tools), SUSE (apache2, chromium, jhead, postgresql12, postgresql13, and qemu), and Ubuntu (dotnet6, dotnet7, dotnet8, frr, python-pip, quagga, and tidy-html5).

The LWN.net Weekly Edition for November 16, 2023 is available.

Building new kernels and booting into them is an unavoidable-andtime-consuming-part of kernel development. Andrea Righi works forCanonical on the Ubuntu kernel team, so he does a lot of that and wanted tofind a way to speed up the task. To that end, he has been workingon virtme-ng, which is away to boot a new kernel in a virtual machine, and it doesso quickly. He came to the 2023Linux Plumbers Conference (LPC) in Richmond, Virginia to introduce theproject to a wider audience.

Tavis Ormandy has described a bugin some Intel CPUs that can lead to a crash (or worse):

For the COBOL users out there, James K. Lowden has postedan update on the current status of the GNU COBOL compiler.

Security updates have been issued by Debian (libclamunrar and ruby-sanitize), Fedora (frr, roundcubemail, and webkitgtk), Mageia (freerdp and tomcat), Red Hat (avahi, bind, c-ares, cloud-init, container-tools:4.0, container-tools:rhel8, cups, dnsmasq, edk2, emacs, flatpak, fwupd, ghostscript, grafana, java-21-openjdk, kernel, kernel-rt, libfastjson, libmicrohttpd, libpq, librabbitmq, libreoffice, libreswan, libX11, linux-firmware, mod_auth_openidc:2.3, nodejs:20, opensc, perl-HTTP-Tiny, procps-ng, protobuf-c, python-cryptography, python-pip, python27:2.7, python3, python3.11, python3.11-pip, python38:3.8, python38-devel:3.8, python39:3.9, python39-devel:3.9, qt5-qtbase, qt5-qtsvg, rhc, ruby:2.5, shadow-utils, squid:4, sysstat, tang, tomcat, tpm2-tss, virt:rhel, virt-devel:rhel, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (mariadb), SUSE (chromium, connman, exfatprogs, ucode-intel, and w3m), and Ubuntu (cobbler, ffmpeg, linux-oem-6.5, procps, and traceroute).

Lispis one of the oldest programming languages still in use today, but it has evolved in multiple directions over its more than 60-year history. Two ofthe more prominent descendants, Common Lisp and Emacs Lisp (or Elisp),are fairly closely related at some level, but there is still something of adivide between them. Some recent discussion in the emacs-devel mailinglist have shown that some elements from Common Lisp are not completelywelcome in Elisp-at least in the code that is maintained by the Emacs project itself.

Security updates have been issued by Debian (postgresql-11, postgresql-13, and postgresql-15), Fedora (chromium, optipng, and radare2), Scientific Linux (plexus-archiver and python), Slackware (tigervnc), SUSE (apache2, containerized-data-importer, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, postgresql, postgresql15, postgresql16, postgresql12, postgresql13, python-Django1, squashfs, and xterm), and Ubuntu (firefox and memcached).

By the time that the 6.7 merge window closed on November 12, 15,418non-merge changesets had been pulled into the mainline kernel. That makesthis one of the busiest merge windows ever; if one discounts the lengthybcachefs development history (some 2,800 commits), though, then the patchvolume is roughly in line with other recent kernels. Over 5,000 of thosecommits were merged after our first-halfmerge-window summary was written.

Security updates have been issued by Debian (audiofile and ffmpeg), Fedora (keylime, python-pillow, and tigervnc), Mageia (quictls and vorbis-tools), Oracle (grub2), Red Hat (galera, mariadb, plexus-archiver, python, squid, and squid34), and SUSE (clamav, kernel, mupdf, postgresql14, tomcat, tor, and vlc).

Linus Torvalds has released 6.7-rc1, thus closing the merge windowfor this release. It is the largest merge window ever, but some of thatwas due to the bcachefs history that came with merge of that filesystem.

For folks with an interest in how extended BPF came to be and a half-hourto spare, the announcementhas gone out of a new film called "eBPF: Unlocking the kernel", released atthe KubeCon+CloudNativeCon event. The documentary is available onYouTube.

Years ago, the list of mounted filesystems on a Unix or Linux machine wasrelatively short and static. Adding a filesystem, which typically involvedbuying a new drive, happened rarely. In contrast, contemporary systemswith a large number of containers can have a long and dynamic list ofmounted filesystems. As was discussed atthe 2023 LSFMM+BPF Summit, the Linuxkernel's mechanism for providing information about mounted filesystems hasnot kept up with this change, leading to system-management headaches. Now,two new system calls proposedby Miklos Szeredi look set to provide some much-needed pain relief.

The GNOME Foundation has announcedthe receipt of a 1million award from the German Sovereign Tech Fund. Thefunding will support work on accessibility, privacy, hardware support, and more.

Security updates have been issued by Fedora (community-mysql, matrix-synapse, and xorg-x11-server-Xwayland), Mageia (squid and vim), Oracle (dnsmasq, python3, squid, squid:4, and xorg-x11-server), Red Hat (fence-agents, insights-client, kernel, kpatch-patch, mariadb:10.5, python3, squid, squid:4, tigervnc, and xorg-x11-server), Scientific Linux (bind, firefox, java-1.8.0-openjdk, java-11-openjdk, kernel, libssh2, python-reportlab, python3, squid, thunderbird, and xorg-x11-server), SUSE (go1.21), and Ubuntu (linux-gke and linux-iot).

It is (relatively) easy to add code to the kernel; it tends to be muchharder to remove that code later. The most recent example of this dynamiccan be seen in the story of the ia64 ("Itanium") architecture, support forwhich was removed during the 6.7 merge window. That removal has left asmall group of dedicated ia64 users unhappy and clinging to a faint hopethat this support could return in a year's time.

Security updates have been issued by Debian (cacti and chromium), Fedora (CuraEngine, podman, and rubygem-rmagick), Mageia (gnome-shell, openssl, and zlib), SUSE (salt), and Ubuntu (xrdp).

The LWN.net Weekly Edition for November 9, 2023 is available.

The reminderhas gone out: the deadline for nominations for the Linux FoundationTechnical Advisory Board is November13. If you are interested inrepresenting the kernel community on the TAB, now is the time to puttogether a self-nomination and get onto the ballot.

The linux-kernel mailing list famously gets an enormous amount of email on adaily basis; the volume is so high that various email providers try torate-limit it, which can lead to huge backlogs on the sending side and, of course, delayed mail. Part of the reason there is so muchtraffic is that nearly every patch gets copied to the mailing list, evenwhen it may be unnecessary to do so. A proposed changewould start shunting some of that patch email aside and, as might beguessed, has both supporters and detractors, but the discussion doeshighlight some of thedifferent ways the mailing list is used by kernel developers.

The6.6.1,6.5.11,6.1.62,5.4.260,4.19.298, and4.14.329stable kernel updates have all been released, each contains another set ofimportant fixes.Note that 5.15.138and 5.10.200ended up going into a second round of review; they can be expected in thenear future.Update:5.15.138 and5.10.200are now available as well.

The developers of Home Assistant, which has recently been covered here, have announcedthat they will be removing support for Chamberlain and Liftmastergarage-door openers after being locked out by the company.

The Register attendeda talk about Ubuntu's upcoming Core Desktop immutable distribution.

Security updates have been issued by Debian (python-urllib3 and tang), Fedora (chromium, mlpack, open-vm-tools, and salt), Red Hat (avahi, binutils, buildah, c-ares, cloud-init, containernetworking-plugins, cups, curl, dnsmasq, edk2, flatpak, frr, gdb, ghostscript, glib2, gmp, grafana, haproxy, httpd, mod_http2, java-21-openjdk, kernel, krb5, libfastjson, liblouis, libmicrohttpd, libpq, libqb, librabbitmq, LibRaw, libreoffice, libreswan, libssh, libtiff, libvirt, libX11, linux-firmware, mod_auth_openidc, ncurses, nghttp2, opensc, pcs, perl-CPAN, perl-HTTP-Tiny, podman, procps-ng, protobuf-c, python-cryptography, python-pip, python-tornado, python-wheel, python3.11, python3.11-pip, python3.9, qemu-kvm, qt5 stack, runc, samba, samba, evolution-mapi, openchange, shadow-utils, skopeo, squid, sysstat, tang, tomcat, toolbox, tpm2-tss, webkit2gtk3, wireshark, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), Slackware (sudo), SUSE (squid), and Ubuntu (python-urllib3).

There has been a lot of action for the Python C API in the last month orso-much of it organizational in nature. As predicted in our late September article on using the "limited"C API in the standard library, the core developer sprint in October was thescene of some discussions about the API and the plans for it. Out of those discussions have come two PEPs, one of which describes the API,its purposes, strengths, and weaknesses, while the other would establish a CAPI working group to coordinate and oversee the development and maintenanceof it.