Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] 6.4 Merge window, part 1
As of this writing, nearly 7,500 non-merge changesets have been pulled into the mainline repository for the 6.4 kernel release. The 6.4 merge window is thus clearly off and running, with a number of significant changes merged already. Read on for a summary of the most significant pulled so far.
[$] Unprivileged BPF and authoritative security hooks
When the developers of the Linux security module (LSM) subsystem find themselves disagreeing with other kernel developers, it tends to be because those other developers don't think to — or don't want to — add security hooks to their shiny new subsystems. Sometimes, though, the addition of new hooks by non-LSM developers can also create some friction. Andrii Nakryiko's posting of a pair of BPF-related security hooks raised a couple of interesting questions, one of which spurred a fair amount of discussion, and one that did not.
[$] LWN.net Weekly Edition for April 27, 2023
Posted Apr 27, 2023 0:35 UTC (Thu)The LWN.net Weekly Edition for April 27, 2023 is available.
Inside this week's LWN.net Weekly Edition
- Front: People API; SELinux runtime disable; Designated movable blocks; 6.3 Statistics; Nikola; GNOME 44.
- Briefs: Git security updates; PyPI trusted publishers; Linux 6.3; Ubuntu 23.04; GCC 13.1; gccrs; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] A user's guide for the people API
Longtime Pythonista Ned Batchelder gave the first of four keynotes at PyCon's 20th-anniversary edition, PyCon 2023, which was held April 19-27 in Salt Lake City, Utah. In fact, it is still being held at the time of this writing; the sprints continue for four days after the three days of main-conference talks. Batchelder presented his thoughts on communication, how it can often go awry for technical people, and how to make it work better.
[$] Nikola: static-site generation in Python
Static-site generators are tools that generate HTML pages from source files, often written in Markdown or another markup language. They have built-in templates and themes, which allows developers to create lightweight and secure web sites that can be easily maintained using version control. One of these tools is Nikola, written in Python.
[$] Development statistics for 6.3
The 6.3 kernel was released on April 24 after a nine-week development cycle. As is the case with all mainline releases, this is a major kernel release with a lot of changes and a big pile of new features. The time has come, yet again, for a look at where that work came from and who supported it.
[$] Designated movable (memory) blocks
The concept of movable memory was initially designed for hot-pluggable memory on server-class systems, but it would now appear that this mechanism is finding a new use in consumer-electronics devices as well. The designated movable block patch set was first submitted by Doug Berger in September 2022. By adding more flexibility around the configuration and use of movable memory, this work will, it is hoped, improve how Linux performs on resource-constrained systems.
[$] GNOME releases version 44
GNOME is, of course, a widely-used desktop environment for Linux systems; on March 22, the project released GNOME 44, codenamed "Kuala Lumpur". This version features enhancements to the settings panels, quick settings, the files application, and an updated file chooser with a grid view, among others. The full list of changes can be seen in the release notes available on the GNOME website.
[$] Disabling SELinux's runtime disable
Distributors have been enabling the SELinux security module for nearly 20 years now, and many administrators have been disabling it on their systems for almost as long. There are a few ways in which SELinux can be disabled on any given system, including command-line options, a run-time switch, or simply not loading a policy after boot. One of those ways, however, is about to be disabled itself.
LWN.net Weekly Edition for April 20, 2023
Posted Apr 20, 2023 1:10 UTC (Thu)The LWN.net Weekly Edition for April 20, 2023 is available.
Inside this week's LWN.net Weekly Edition
- Front: TOTP authentication; Kernel samepage merging; Merge trap; Textual; Vanilla OS.
- Briefs: LUKS key derivation; Fedora 38; openSUSE ALP; Solus reboot; digiKam 8; LXD 5.13; FOSS virtual conferences; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
Debian "bookworm" release on June 10
For those who are waiting for the upcoming Debian "bookworm" release, the date has now been set: it's coming out on June 10. The full-freeze date for the distribution will be May 24.
Security updates for Friday
Security updates have been issued by Fedora (git, libpcap, php-laminas-diactoros2, php-nyholm-psr7, tcpdump, and xen), Oracle (cloud-init), Scientific Linux (kernel), SUSE (conmon, docker, glib2, glibc, libmicrohttpd, libX11, liferea, python3, qemu, rubygem-actionview-5_1, s390-tools, stellarium, vim, and xen), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4 and openssl-ibmca).
Security updates for Thursday
Security updates have been issued by Fedora (chromium, perl-Alien-ProtoBuf, and redis), Oracle (kernel), SUSE (dmidecode, fwupd, libtpms, libxml2, openssl-ibmca, and webkit2gtk3), and Ubuntu (cloud-init, ghostscript, linux, linux-aws, linux-aws-5.15, linux-azure, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, and linux, linux-aws, linux-kvm, linux-lts-xenial).
Seven stable kernels
The 6.2.13, 6.1.26, 5.15.109, 5.10.179, 5.4.242, 4.19.282, and 4.14.314 stable kernels have all been released; each contains another set of important fixes and updates.
GCC 13.1 released
Version 13.1 of the GCC compiler suite has been released.
This release integrates a frontend for the Modula-2 language which was previously available separately and lays foundation for a frontend for the Rust language which will be available in a future release.
Other changes include the removal of support for the STABS debugging-information format, addition of a number of C++23 features, a number of static-analyzer improvements, support for a number of recent CPU features, and more. See this page for details.
Security updates for Wednesday
Security updates have been issued by Fedora (chromium, lilypond, and lilypond-doc), Oracle (java-1.8.0-openjdk), Red Hat (emacs, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-rt, pesign, and virt:rhel, virt-devel:rhel), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (git), SUSE (fwupd, git, helm, and runc), and Ubuntu (firefox, golang-1.18, linux-hwe-5.15, and openssl, openssl1.0).
Git 2.40.1 (and several others) released
There is a new stable Git release containing fixes for three separate security vulnerabilities. The fixes have also been backported to the older v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8, v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9 releases. Sites using Git in untrusted environments — or with untrusted input — should probably upgrade soon.
An update on the GCC frontend for Rust
Philip Herron and Arthur Cohen have posted an update on the status of gccrs — the GCC frontend for the Rust language — and why it will not be a part of the upcoming GCC 13 release.
While all of this appears like a lot of work, we are confident in our progress and hope to get closer and closer to getting the core crate working in the next few months. There is also a lot of important work remaining in order to produce a valid Rust compiler, which is why we will spend the coming months focusing on the core crate as well as a borrow-checker implementation, and the development of the necessary tooling to allow us to try and pass the Rust 1.49 testsuite.We aim to distribute the Rust 1.49 version of the standard library with our compiler in the next major GCC release, GCC 14, and hope to backport enough changes to the GCC 13 branch to get the core crate working in time for the GCC 13.2 release. This will enable users to easily start experimenting with the compiler for #![no_std] Rust programs and, hopefully, some embedded targets.
Security updates for Tuesday
Security updates have been issued by CentOS (firefox, java-11-openjdk, and thunderbird), Debian (apache2), Fedora (kernel), Oracle (emacs), Red Hat (emacs, haproxy, java-1.8.0-openjdk, kernel, kernel-rt, kpatch-patch, pcs, pki-core:10.6, and qatzip), and SUSE (avahi, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, giflib, kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, ovmf, and protobuf-c).
Security updates for Monday
Security updates have been issued by Debian (389-ds-base, chromium, connman, curl, redis, and thunderbird), Fedora (ceph, doctl, dr_libs, ffmpeg, freeimage, golang-github-digitalocean-godo, insight, libreswan, mingw-binutils, mingw-freeimage, mingw-freetype, openvswitch, rnp, suricata, webkitgtk, and wireshark), Mageia (dnsmasq, emacs, openimageio, php-smarty, redis, squirrel/supertux, and tcpdump), Red Hat (emacs), and SUSE (avahi, chromium, dmidecode, indent, jettison, openssl, openstack-cinder, openstack-nova, python-oslo.utils, and ovmf).