LWN.net

Version 5.13 of the LXD virtual-machine manager has been released. Newfeatures include fast live migration, support for AMD's secure enclaves,and more. See thisannouncement for details.

The Fedora 38release is available. Fedora has mostly moved past its old pattern oflate releases, but it's still a bit surprising that this release came outone week ahead of the scheduled date. Some of the changes in thisrelease, includingreduced shutdown timeoutsand frame pointers have been covered herein the past; see the announcement and the Workstation-edition"what'snew" post for details on the rest.

Security updates have been issued by Debian (protobuf), Fedora (libpcap, libxml2, openssh, and tcpdump), Mageia (kernel and kernel-linus), Oracle (firefox, kernel, kernel-container, and thunderbird), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (gradle, kernel, nodejs10, nodejs12, nodejs14, openssl-3, pgadmin4, rubygem-rack, and wayland), and Ubuntu (firefox).

Matthew Garrett pointsout that many Linux systems using encrypted disks were installed with arelatively weak key derivation function that could make it relatively easyfor a well-resourced attacker to break the encryption:

The digiKam photo-management tool has announced its 8.0.0 release, after two years of development, bug fixing, and testing. Major new features include a documentation overhaul (with a new web site), support for more file formats, a new optical character recognition (OCR) tool, improved metadata handling, a neural-net-based image quality classifier, better integration with G'MIC-Qt, a Qt6-compatible code base, and lots more. See the announcement for all the details.

The kernel subsystem maintainers out there probably have a deepunderstanding of the sinking feeling that results from opening one's inboxand seeing a response from Linus Torvalds to a pull request. When all goeswell, pull requests are acted upon silently; a response usually means thatall has not gone well. Several maintainers got to experience thatfeeling during the 6.3 merge window, which seemed to generate more than theusual number of grumpy responses related to merge commits. Avoiding thatsituation is not hard, though, with a bit of attention paid to how mergesare done.

Security updates have been issued by Debian (chromium, rails, and ruby-rack), Fedora (firefox, ghostscript, libldb, samba, and tigervnc), Mageia (ceph, davmail, firefox, golang, jpegoptim, libheif, python-certifi, python-flask-restx, thunderbird, and tomcat), Oracle (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (apache2-mod_auth_openidc, aws-nitro-enclaves-cli, container-suseconnect, firefox, golang-github-prometheus-prometheus, harfbuzz, java-1_8_0-ibm, kernel, liblouis, php7, tftpboot-installation images, tomcat, and wayland), and Ubuntu (chromium-browser, imagemagick, kamailio, and libreoffice).

The 6.3-rc7 kernel prepatch is out fortesting. "Let's hope we have just one more calm week, and we'll havehad a nice uneventful release cycle. Knock wood".

On her blog, Máirín Duffy writesabout using open-source software to run a virtual conference. The Fedora design teamrecently ran the first CreativeFreedom Summit as a virtual conference for FOSS creative tools. The teamcould have used the same non-open-source platform that is used by the Flock Fedora conference, but took adifferent path:

Security updates have been issued by Debian (haproxy and openvswitch), Fedora (bzip3, libyang, mingw-glib2, thunderbird, xorg-x11-server, and xorg-x11-server-Xwayland), and Ubuntu (apport, ghostscript, linux-bluefield, node-thenify, and python-flask-cors).

Greg Kroah-Hartman has announced the release of the 6.2.11, 6.1.24, and 5.15.107 stable kernels. They contain anothercollection of important fixes throughout the kernel tree.

The kernelsamepage merging (KSM) feature can save significant amounts of memorywith some types of workloads, but security concerns have greatly limitedits use. Even when KSM can be safely enabled, though, the control interfaceprovided by the kernel makes it unlikely that KSM actually will be used. Asmall patchseries from Stefan Roesch aims to change this situation by improvingand simplifying how KSM is managed.

Security updates have been issued by Debian (chromium, firefox-esr, lldpd, and zabbix), Fedora (ffmpeg, firefox, pdns-recursor, polkit, and thunderbird), Oracle (kernel and nodejs:14), Red Hat (nodejs:14, openvswitch2.17, openvswitch3.1, and pki-core:10.6), Slackware (mozilla), SUSE (nextcloud-desktop), and Ubuntu (exo, linux, linux-kvm, linux-lts-xenial, linux-aws, smarty3, and thunderbird).

The LWN.net Weekly Edition for April 13, 2023 is available.

Orchids are, of course,flowers, and flowers generally need pollinatorsin order to reproduce. A seemingly offhand comment about the unknown natureof the pollinator(s) for a species of orchid in Western Australiahas led Paul Hamilton to undertake a multi-year citizen-science project totry to fill that hole. He came to Everything Open 2023 togive a report on the progress of the search.

Security updates have been issued by Fedora (chromium, ghostscript, glusterfs, netatalk, php-Smarty, and skopeo), Mageia (ghostscript, imgagmagick, ipmitool, openssl, sudo, thunderbird, tigervnc/x11-server, and vim), Oracle (curl, haproxy, and postgresql), Red Hat (curl, haproxy, httpd:2.4, kernel, kernel-rt, kpatch-patch, and postgresql), Slackware (mozilla), SUSE (firefox), and Ubuntu (dotnet6, dotnet7, firefox, json-smart, linux-gcp, linux-intel-iotg, and sudo).

Python 3.12 approaches. While the full feature set of the finalrelease—slated for October 2023—is still not completely known, by nowwe have a good sense for what it will offer. It picks up where Python 3.11 left off, improving error messages and performance. These changes are accompanied by a smattering of smallerchanges, though Linux users will likely make use of one in particular:support for the perf profiler.

The latest release of FreeBSD, version 13.2, has been released. It contains lots of package upgrades including to OpenSSH 9.2p1, OpenSSL 1.1.1t, and OpenZFS 2.1.9. Other new features include upgrading the bhyve hypervisor to now support more than 16 virtual CPUs in a guest, a WireGuard VPN driver, netlink for network configuration, and lots more. See the release notes for more information.

A draftupdated trademark policy for the Rust language is being circulated forcomments. It is not a short read.

Security updates have been issued by Debian (keepalived and lldpd), Oracle (kernel), and SUSE (kernel, podman, seamonkey, and upx).

OpenBSD 7.3 has been released. As usual, the list of changes and newfeatures is long; click below for the details.

Security updates have been issued by Debian (openimageio and udisks2), Fedora (chromium, curl, kernel, mediawiki, and seamonkey), Oracle (httpd:2.4), Red Hat (httpd and mod_http2 and tigervnc), SUSE (ghostscript and kernel), and Ubuntu (irssi).

The 6.3-rc6 kernel prepatch is out fortesting.

The kernel's handling of concurrency has changed a lot over the years. In2023, a kernel developer's toolkit includes tools like completions, highlyoptimized mutexes, and a variety of locklessalgorithms. But, once upon a time, concurrency control came down tothe use of simple semaphores; a discussion on a small change to thesemaphore API shows just how much the role of semaphores has changed overthe course of the kernel's history.

Security updates have been issued by Mageia (ldb/samba, libapreq2, opencontainers-runc, peazip, python-cairosvg, stellarium, and zstd), Oracle (httpd and mod_http2, kernel, and nss), SUSE (conmon, go1.19, go1.20, libgit2, openssl-1_1, and openvswitch), and Ubuntu (emacs24).

Meta has announcedthe release of a new build system called Buck2.

The 6.2.10 and 6.1.23 stable kernels have been released. Asusual, they contain important fixes throughout the kernel tree.

Operating systems have traditionally used all of the memory that thehardware provides to them. The advent of virtualization and confidentialcomputing is changing this picture somewhat, though; the system can now bemore picky about which memory it will use. Patches to add support forexplicit memory acceptance when running under AMD's Secure EncryptedVirtualization and Secure Nested Paging (SEV-SNP), though, have runinto some turbulence over how to handle a backward-compatibility issue.

Security updates have been issued by Debian (cairosvg, ghostscript, grunt, tomcat9, and trafficserver), Fedora (golang, podman, xen, and zchunk), Red Hat (kpatch-patch), SUSE (systemd), and Ubuntu (apache-log4j1.2, liblouis, linux-aws, and linux-bluefield).

The LWN.net Weekly Edition for April 6, 2023 is available.

There's just something about trains—model trains in particular. At Everything Open 2023, PaulAntoine spoke about his experiences with the DCC-EX project, which has a variety ofmodel-railroad automation hardware designs and software tools, all of whichare freely available. There is a long legacy of sharing within the modelrailroading hobby, which continues today in the form of free and open-sourcesoftware for it.

The Debian project has reportedon a survey of developers on the use of project funds to supportdevelopment work.

The5.15.106,5.10.177,5.4.240,4.19.280, and4.14.312stable kernel updates have been released, each with another set ofimportant fixes.The 6.2.10and 6.1.23updates are also in the works, but have ended up going through additionalrounds of review; they could be released almost any time.

Security updates have been issued by Debian (ghostscript and openimageio), Fedora (kernel, rubygem-actioncable, rubygem-actionmailbox, rubygem-actionmailer, rubygem-actionpack, rubygem-actiontext, rubygem-actionview, rubygem-activejob, rubygem-activemodel, rubygem-activerecord, rubygem-activestorage, rubygem-activesupport, rubygem-rails, and rubygem-railties), Oracle (gnutls, httpd, kernel, nodejs:16, nodejs:18, pesign, postgresql:13, tigervnc, and tigervnc, xorg-x11-server), Red Hat (gnutls, httpd, httpd:2.4, kernel, kpatch-patch, pcs, pesign, postgresql:13, tigervnc, and tigervnc, xorg-x11-server), Scientific Linux (httpd and tigervnc, xorg-x11-server), SUSE (aws-efs-utils.11048, libheif, liblouis, openssl, python-cryptography, python-Werkzeug, skopeo, tomcat, and wireshark), and Ubuntu (imagemagick, ipmitool, and node-trim-newlines).

Mobian is a project that aims to bring the Debian distribution to mobile devices suchas smartphones and tablets. By building on the flexibility, stability, and community-drivendevelopment of Debian, Mobian aspires to create a powerful anduser-friendly alternative to existing mobile operating systems. The projectis actively working on reducing the delta between Mobian and Debian, and itsultimate goal is to be absorbed back into its parent distribution and tomake it easy to run Debian on mobile devices.

The first call forvotes for the 2023 Debian Project Leader election has gone out. Thecampaigning was easy to miss this year, for one simple reason: the currentincumbent, Jonathan Carter, is running unopposed for another term. Thatsuggests that turnout will be low this time but, as several developers havepointed out, there is still value in voting; it clarifies whether Carterstill has the support of the project.

Security updates have been issued by Fedora (openbgpd and seamonkey), Red Hat (httpd:2.4, kernel, kernel-rt, and pesign), SUSE (compat-openssl098, dpdk, drbd, ImageMagick, nextcloud, openssl, openssl-1_1, openssl-3, openssl1, oracleasm, pgadmin4, terraform-provider-helm, and yaml-cpp), and Ubuntu (haproxy, ldb, samba, and vim).

The kernel has a well-developed mechanism for the control of tracing ofevents in kernel space. Developers often want to be able to trace user-spaceactivity as well, using the same interfaces, but that mode is rather lesswell supported. One year ago, an attempt toadd an API for the control of user-space trace events ran into troubleand has never been fully enabled. Now, Beau Belgrave is back with areworked API that may finally result in this mechanism becominggenerally available.

Security updates have been issued by Debian (duktape, firmware-nonfree, intel-microcode, svgpp, and systemd), Fedora (amanda, dino, flatpak, golang, libldb, netconsd, samba, tigervnc, and vim), Red Hat (nodejs:14), Slackware (ruby and seamonkey), SUSE (drbd, flatpak, glibc, grub2, ImageMagick, kernel, runc, thunderbird, and xwayland), and Ubuntu (amanda).

The 6.3-rc5 kernel prepatch is out fortesting. "This release continues to appear very normal and boring,which is just how I like it. The commit count says that we've startedcalming down right on schedule, and the diffstat looks normal too."

The Mozilla project celebrates25 years of existence.

As a general rule, the purpose behind mounting a filesystem is to make thatfilesystem's contents visible to the system, or at least to the mountnamespace where that mount occurs. For similar reasons, it is unusual tomount one filesystem on top of another, since that would cause the contentsof the over-mounted filesystem to be hidden. There are exceptions toeverything, though, and that extends to mounted filesystems; a"tucking" mechanism proposed by Christian Brauner is designed to hidemounted filesystems underneath other mounts — temporarily, at least.

Security updates have been issued by Debian (joblib, json-smart, libmicrohttpd, and xrdp), Fedora (thunderbird and xorg-x11-server-Xwayland), Mageia (dino, perl-Cpanel-JSON-XS, perl-Net-Server, snort, tigervnc/x11-server, and xapian), SUSE (curl, kernel, openssl-1_0_0, and shim), and Ubuntu (glusterfs, linux-gcp-4.15, musl, and xcftools).

The X.Org project has announced a vulnerability in its X server and Xwayland (CVE-2023-1393).

The kernel's hierarchical maintainer model works quite well from thestandpoint of allowing thousands of developers to work together without(often) stepping on each others' toes. But that model can also make lifepainful for developers who are trying to make changes across numeroussubsystems. Other possible source of pain include changes related tolicensing or those where maintainers don't understand the purpose of thework. Nick Alcock has managed to hit all of those hazards together in hiseffort to perform what would seem like a common-sense cleanup of thekernel's annotations for loadable modules.

Greg Kroah-Hartman has announced the release of the 6.2.9, 6.1.22,5.15.105, and 5.4.239 stable kernels. The latter (5.4.239)has single patch to fix the permissions of a selftest file, while the otherthree have a lengthy list of important fixes throughout the kernel tree.

Security updates have been issued by Debian (xorg-server and xrdp), Fedora (mingw-python-certifi, mingw-python3, mingw-zstd, moodle, python-cairosvg, python-markdown-it-py, redis, xorg-x11-server, and yarnpkg), Slackware (mozilla and xorg), SUSE (grub2, ldb, samba, libmicrohttpd, python-Werkzeug, rubygem-rack, samba, sudo, testng, tomcat, webkit2gtk3, xorg-x11-server, xstream, and zstd), and Ubuntu (linux, linux-aws, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2, linux-aws-5.4, linux-azure-5.4, linux-gcp-5.4, linux-hwe-5.4, linux-ibm-5.4, linux-oracle-5.4, linux-raspi-5.4, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, php-nette, and xorg-server, xorg-server-hwe-18.04, xwayland).

The LWN.net Weekly Edition for March 30, 2023 is available.

The fourth and final keynote forEverything Open 2023 was givenby Professor Rebecca Giblin of the Melbourne Law School, University ofMelbourne. It revolved around her recent book, Chokepoint Capitalism,which she wrote with Cory Doctorow; it is "a book about why creativelabor markets are rigged — and how to unrig them". Giblin had plannedto be in Melbourne to give her talk in person, but "the universe had otherplans"; she got delayed in Austin,Texas by an unexpected speaking slot at the South by Southwest (SXSW) conference, so she gave her talk via videoconference from there—atnearly midnight in Austin.

Immutable Linux distributions are on the rise recently, with multiplepopular distributions creating their own immutable versions; itcould be one of the trends of 2023, aspredicted. While many of these immutabledistributions are focused on server use, there are also some that offer adesktop experience. OpenSUSE MicroOSDesktop is one of them, with a minimal openSUSE Tumbleweed as thebase operating system and applications running as Flatpaks or in containers. In its daily use,it feels a lot like a normal openSUSE desktop. Its biggest benefit isavailability of the newest software releases without sacrificing systemstability.