LWN.net

Security updates have been issued by CentOS (firefox, java-11-openjdk, and thunderbird), Debian (apache2), Fedora (kernel), Oracle (emacs), Red Hat (emacs, haproxy, java-1.8.0-openjdk, kernel, kernel-rt, kpatch-patch, pcs, pki-core:10.6, and qatzip), and SUSE (avahi, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, giflib, kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, ovmf, and protobuf-c).

The 6.3 kernel was releasedon April 24 after a nine-week development cycle. As is the case withall mainline releases, this is amajor kernel release with a lot of changes and a big pile of new features.The time has come, yet again, for a look at where that work came from andwho supported it.

Security updates have been issued by Debian (389-ds-base, chromium, connman, curl, redis, and thunderbird), Fedora (ceph, doctl, dr_libs, ffmpeg, freeimage, golang-github-digitalocean-godo, insight, libreswan, mingw-binutils, mingw-freeimage, mingw-freetype, openvswitch, rnp, suricata, webkitgtk, and wireshark), Mageia (dnsmasq, emacs, openimageio, php-smarty, redis, squirrel/supertux, and tcpdump), Red Hat (emacs), and SUSE (avahi, chromium, dmidecode, indent, jettison, openssl, openstack-cinder, openstack-nova, python-oslo.utils, and ovmf).

Linus has released the 6.3 kernel asexpected.

This ten days old but hopefully better late than never: the Python SoftwareFoundation has put out anarticle describing how the proposed European "cyber resilience act"threatens the free-software community.

The concept of movable memory was initially designed for hot-pluggablememory on server-class systems, but it would now appear that this mechanismis finding a new use in consumer-electronics devices as well. Thedesignated movable block patch set was first submittedby Doug Berger in September 2022. By adding more flexibility around theconfiguration and use of movable memory, this work will, it is hoped, improve howLinux performs on resource-constrained systems.

The Python Package Index (PyPI) has, likemany language-specific repositories, had ongoing problems with malicious uploads. PyPIis now launching an authentication mechanism called trustedpublishers in an attempt to fight this problem.

Security updates have been issued by Debian (golang-1.11 and libxml2), Fedora (chromium, dr_libs, frr, ruby, and runc), Oracle (java-11-openjdk and java-17-openjdk), Red Hat (emacs, httpd and mod_http2, kpatch-patch, and webkit2gtk3), SUSE (libmicrohttpd, nodejs16, ovmf, and wireshark), and Ubuntu (kauth and patchelf).

GNOME is, of course, a widely-useddesktop environment for Linuxsystems; on March 22, the project released GNOME 44,codenamed "Kuala Lumpur". This version features enhancements to the settings panels, quick settings, the files application, and an updated filechooser with a grid view, among others. The full list of changes canbe seen in the releasenotes available on the GNOME website.

The Ubuntu 23.04 release is out. Headline features include a newinstaller, GNOME 44, Azure Active Directory authentication, and more.

Distributors have been enabling the SELinux security module for nearly20 years now, and many administrators have been disabling it on theirsystems for almost as long. There are a few ways in which SELinux can bedisabled on any given system, including command-line options, a run-timeswitch, or simply not loading a policy after boot. One of those ways,however, is about to be disabled itself.

The latest crop of stable kernels is out; 6.2.12, 6.1.25, 5.15.108, 5.10.178, 5.4.241, 4.19.281, and 4.14.313 have been released. As is usual,they all contain important fixes throughout the kernel tree.

Security updates have been issued by Debian (golang-1.11), Fedora (chromium, golang-github-cenkalti-backoff, golang-github-cli-crypto, golang-github-cli-gh, golang-github-cli-oauth, golang-github-gabriel-vasile-mimetype, libpcap, lldpd, parcellite, tcpdump, thunderbird, and zchunk), Red Hat (java-11-openjdk, java-17-openjdk, and kernel), SUSE (chromium, dnsmasq, ImageMagick, nodejs16, openssl-1_0_0, openssl1, ovmf, and python-Flask), and Ubuntu (dnsmasq, libxml2, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, and linux-snapdragon).

The LWN.net Weekly Edition for April 20, 2023 is available.

Vanilla OS, a lightweight,immutable operating system designed for developers and advanced users, has been using Ubuntu as its base. However, arecent announcementhas revealed that, in the upcoming Vanilla OS 2.0 Orchid release, theproject will be shifting to Debian unstable (Sid) asits new base operating system. Vanilla OS is making the switch due to Ubuntu's changes toits version of the GNOME desktop environment along with the distribution'sreliance on the Snap packaging format.The decision has generated a fair amount of interest anddiscussion within the open-source community.

The desktop-oriented Solus distributionhas been through a difficult period; this post describesthe extensive changes that have been made in response.

Security updates have been issued by Debian (asterisk), Fedora (lldpd and openssh), Red Hat (curl, kernel, and openvswitch2.13), SUSE (compat-openssl098, glib2, grafana, helm, libgit2, openssl, and openssl-1_1), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, and vim).

The 2023 Linux Plumbers Conference (November 13-15, Richmond VA, USA) hasput out its calls for proposals for therefereed track (due August 6) and themicroconference track (June 1). Proposals are also being acceptedfor the kernel-summit track.

For developers seeking to create applications with terminal userinterfaces (TUIs), options have been relatively limited compared to thevast number of graphical user interface (GUI) frameworks available. As aresult, many command-line applications reinvent the same user interfaceelements. Textual aims toremedy this: it's a rapid-application-development framework forPython TUI applications. Offering cross-platform support, Textualincorporates layouts, CSS-like styles, and an expanding collection ofwidgets.

Richard Brown has posted anupdate on the status of the SUSE Adaptable Linux Platform (ALP) projectand what it means for the openSUSE distribution.

Version 5.13 of the LXD virtual-machine manager has been released. Newfeatures include fast live migration, support for AMD's secure enclaves,and more. See thisannouncement for details.

The Fedora 38release is available. Fedora has mostly moved past its old pattern oflate releases, but it's still a bit surprising that this release came outone week ahead of the scheduled date. Some of the changes in thisrelease, includingreduced shutdown timeoutsand frame pointers have been covered herein the past; see the announcement and the Workstation-edition"what'snew" post for details on the rest.

Security updates have been issued by Debian (protobuf), Fedora (libpcap, libxml2, openssh, and tcpdump), Mageia (kernel and kernel-linus), Oracle (firefox, kernel, kernel-container, and thunderbird), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (gradle, kernel, nodejs10, nodejs12, nodejs14, openssl-3, pgadmin4, rubygem-rack, and wayland), and Ubuntu (firefox).

Matthew Garrett pointsout that many Linux systems using encrypted disks were installed with arelatively weak key derivation function that could make it relatively easyfor a well-resourced attacker to break the encryption:

The digiKam photo-management tool has announced its 8.0.0 release, after two years of development, bug fixing, and testing. Major new features include a documentation overhaul (with a new web site), support for more file formats, a new optical character recognition (OCR) tool, improved metadata handling, a neural-net-based image quality classifier, better integration with G'MIC-Qt, a Qt6-compatible code base, and lots more. See the announcement for all the details.

The kernel subsystem maintainers out there probably have a deepunderstanding of the sinking feeling that results from opening one's inboxand seeing a response from Linus Torvalds to a pull request. When all goeswell, pull requests are acted upon silently; a response usually means thatall has not gone well. Several maintainers got to experience thatfeeling during the 6.3 merge window, which seemed to generate more than theusual number of grumpy responses related to merge commits. Avoiding thatsituation is not hard, though, with a bit of attention paid to how mergesare done.

Security updates have been issued by Debian (chromium, rails, and ruby-rack), Fedora (firefox, ghostscript, libldb, samba, and tigervnc), Mageia (ceph, davmail, firefox, golang, jpegoptim, libheif, python-certifi, python-flask-restx, thunderbird, and tomcat), Oracle (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (apache2-mod_auth_openidc, aws-nitro-enclaves-cli, container-suseconnect, firefox, golang-github-prometheus-prometheus, harfbuzz, java-1_8_0-ibm, kernel, liblouis, php7, tftpboot-installation images, tomcat, and wayland), and Ubuntu (chromium-browser, imagemagick, kamailio, and libreoffice).

The 6.3-rc7 kernel prepatch is out fortesting. "Let's hope we have just one more calm week, and we'll havehad a nice uneventful release cycle. Knock wood".

On her blog, Máirín Duffy writesabout using open-source software to run a virtual conference. The Fedora design teamrecently ran the first CreativeFreedom Summit as a virtual conference for FOSS creative tools. The teamcould have used the same non-open-source platform that is used by the Flock Fedora conference, but took adifferent path:

Security updates have been issued by Debian (haproxy and openvswitch), Fedora (bzip3, libyang, mingw-glib2, thunderbird, xorg-x11-server, and xorg-x11-server-Xwayland), and Ubuntu (apport, ghostscript, linux-bluefield, node-thenify, and python-flask-cors).

Greg Kroah-Hartman has announced the release of the 6.2.11, 6.1.24, and 5.15.107 stable kernels. They contain anothercollection of important fixes throughout the kernel tree.

The kernelsamepage merging (KSM) feature can save significant amounts of memorywith some types of workloads, but security concerns have greatly limitedits use. Even when KSM can be safely enabled, though, the control interfaceprovided by the kernel makes it unlikely that KSM actually will be used. Asmall patchseries from Stefan Roesch aims to change this situation by improvingand simplifying how KSM is managed.

Security updates have been issued by Debian (chromium, firefox-esr, lldpd, and zabbix), Fedora (ffmpeg, firefox, pdns-recursor, polkit, and thunderbird), Oracle (kernel and nodejs:14), Red Hat (nodejs:14, openvswitch2.17, openvswitch3.1, and pki-core:10.6), Slackware (mozilla), SUSE (nextcloud-desktop), and Ubuntu (exo, linux, linux-kvm, linux-lts-xenial, linux-aws, smarty3, and thunderbird).

The LWN.net Weekly Edition for April 13, 2023 is available.

Orchids are, of course,flowers, and flowers generally need pollinatorsin order to reproduce. A seemingly offhand comment about the unknown natureof the pollinator(s) for a species of orchid in Western Australiahas led Paul Hamilton to undertake a multi-year citizen-science project totry to fill that hole. He came to Everything Open 2023 togive a report on the progress of the search.

Security updates have been issued by Fedora (chromium, ghostscript, glusterfs, netatalk, php-Smarty, and skopeo), Mageia (ghostscript, imgagmagick, ipmitool, openssl, sudo, thunderbird, tigervnc/x11-server, and vim), Oracle (curl, haproxy, and postgresql), Red Hat (curl, haproxy, httpd:2.4, kernel, kernel-rt, kpatch-patch, and postgresql), Slackware (mozilla), SUSE (firefox), and Ubuntu (dotnet6, dotnet7, firefox, json-smart, linux-gcp, linux-intel-iotg, and sudo).

Python 3.12 approaches. While the full feature set of the finalrelease—slated for October 2023—is still not completely known, by nowwe have a good sense for what it will offer. It picks up where Python 3.11 left off, improving error messages and performance. These changes are accompanied by a smattering of smallerchanges, though Linux users will likely make use of one in particular:support for the perf profiler.

The latest release of FreeBSD, version 13.2, has been released. It contains lots of package upgrades including to OpenSSH 9.2p1, OpenSSL 1.1.1t, and OpenZFS 2.1.9. Other new features include upgrading the bhyve hypervisor to now support more than 16 virtual CPUs in a guest, a WireGuard VPN driver, netlink for network configuration, and lots more. See the release notes for more information.

A draftupdated trademark policy for the Rust language is being circulated forcomments. It is not a short read.

Security updates have been issued by Debian (keepalived and lldpd), Oracle (kernel), and SUSE (kernel, podman, seamonkey, and upx).

OpenBSD 7.3 has been released. As usual, the list of changes and newfeatures is long; click below for the details.

Security updates have been issued by Debian (openimageio and udisks2), Fedora (chromium, curl, kernel, mediawiki, and seamonkey), Oracle (httpd:2.4), Red Hat (httpd and mod_http2 and tigervnc), SUSE (ghostscript and kernel), and Ubuntu (irssi).

The 6.3-rc6 kernel prepatch is out fortesting.

The kernel's handling of concurrency has changed a lot over the years. In2023, a kernel developer's toolkit includes tools like completions, highlyoptimized mutexes, and a variety of locklessalgorithms. But, once upon a time, concurrency control came down tothe use of simple semaphores; a discussion on a small change to thesemaphore API shows just how much the role of semaphores has changed overthe course of the kernel's history.

Security updates have been issued by Mageia (ldb/samba, libapreq2, opencontainers-runc, peazip, python-cairosvg, stellarium, and zstd), Oracle (httpd and mod_http2, kernel, and nss), SUSE (conmon, go1.19, go1.20, libgit2, openssl-1_1, and openvswitch), and Ubuntu (emacs24).

Meta has announcedthe release of a new build system called Buck2.

The 6.2.10 and 6.1.23 stable kernels have been released. Asusual, they contain important fixes throughout the kernel tree.

Operating systems have traditionally used all of the memory that thehardware provides to them. The advent of virtualization and confidentialcomputing is changing this picture somewhat, though; the system can now bemore picky about which memory it will use. Patches to add support forexplicit memory acceptance when running under AMD's Secure EncryptedVirtualization and Secure Nested Paging (SEV-SNP), though, have runinto some turbulence over how to handle a backward-compatibility issue.

Security updates have been issued by Debian (cairosvg, ghostscript, grunt, tomcat9, and trafficserver), Fedora (golang, podman, xen, and zchunk), Red Hat (kpatch-patch), SUSE (systemd), and Ubuntu (apache-log4j1.2, liblouis, linux-aws, and linux-bluefield).

The LWN.net Weekly Edition for April 6, 2023 is available.