Post Syndicated from corbet original https://lwn.net/Articles/979617/

We have just received the
sad news of the passing of Daniel Bristot de Oliveira at far too young
an age. He was a strong contributor to the core kernel and associated
realtime infrastructure, and always a joyful presence in person; he will be
deeply missed.

Post Syndicated from corbet original https://lwn.net/Articles/979609/

Nature looks
at a recent paper on the openness of “open-source” language
models.

It is not yet clear how many of these models will fit the EU’s
definition of open source. Under the act, this would refer to
models that are released under a “free and open” licence that, for
example, allows users to modify a model but says nothing about
access to training data. Refining this definition will probably
form “a single pressure point that will be targeted by corporate
lobbies and big companies”, the paper says.

Post Syndicated from corbet original https://lwn.net/Articles/979606/

Security updates have been issued by AlmaLinux (python3.11), Debian (composer), Fedora (thunderbird), Mageia (chromium-browser-stable, python-aiohttp, python-gunicorn, python-werkzeug, and virtualbox), Oracle (libreswan and python3.11), Red Hat (git, kpatch-patch, python3.11, python3.9, and thunderbird), and SUSE (avahi, ghostscript, grafana and mybatis, hdf5, kernel, openssl-1_1-livepatches, python-docker, and wget).

Post Syndicated from corbet original https://lwn.net/Articles/979532/

Changwoo Min has posted an
introduction to writing custom schedulers with sched_ext.

In a particular situation, when each scheduling policy needs its
specific action, the core kernel scheduler calls an operation
defined in struct sched_class. For example, when the core
kernel scheduler needs to select a task to be scheduled, it calls
the sched_class.pick_next_task(rq) callback of a concrete
scheduling policy. When a task becomes runnable, the core kernel
scheduler calls sched_class.enqueue(rq, p, flags) so the
concrete scheduling policy enqueues task p to run queue
rq. When a task’s runtime state needs to be updated, the
core kernel scheduler calls sched_class.update_curr(rq).

Post Syndicated from corbet original https://lwn.net/Articles/979491/

Version
29.4 of the Emacs editor has been released. This is “an emergency
bugfix release” fixing a vulnerability that can cause
the editor to execute arbitrary shell code in Org mode. Anybody who runs Emacs on
untrusted files — including those using Gnus or one of the Emacs mail modes
— should be looking to update. For those who cannot update, a pair of
messages from Russ
Allbery and Florian Weimer
investigates how to disable the Org-mode evaluation, a task that is
seemingly more complicated than it should be.

Post Syndicated from corbet original https://lwn.net/Articles/979442/

The 6.10-rc5 kernel prepatch is out for
testing. “So far, the 6.10 release cycle has been fairly calm, and rc5
continues that trend. Let’s hope things stay that way.“

Post Syndicated from corbet original https://lwn.net/Articles/979419/

The linux-wireless mailing list carries the terse
notice that longtime networking developer Larry Finger passed away on
June 21. The LWN Kernel
Source Database shows that Finger contributed to 94 releases in
the (Git era) kernel history, starting with 2.6.16 — 1,464 commits in
total. He will be missed.

Post Syndicated from corbet original https://lwn.net/Articles/979177/

Version
13.5 of the privacy-focused Tor browser has been released.

Regular readers of our release posts will know that for the past
two years we’ve been gradually increasing our capacity to not only
maintain, but bring tangible improvements to Tor Browser for
Android. In that respect, Tor Browser 13.5 feels like a milestone:
in addition to the dozens of bug fixes and minor improvements noted
in the changelog below, this release features major changes to
Android’s connection experience in preparation for the future
addition of Connection Assist, including full access to Settings
before connecting and a new, permanent home for Tor logs.

The release also features desktop user-interface improvements and enhanced
fingerprinting protection.

Post Syndicated from corbet original https://lwn.net/Articles/978846/

User namespaces in Linux create an
environment in which all privileges are granted, but their effect is
contained within the namespace; they have become an important tool for the
implementation of containers. They have also become a significant source
of worries for people who do not like the increased attack surface they
create for the kernel. Various attempts have been made to restrict that
attack surface over the years; the latest is user namespace
capabilities, posted by Jonathan Calmels.

Post Syndicated from corbet original https://lwn.net/Articles/978238/

The LWN.net Weekly Edition for June 20, 2024 is available.

Post Syndicated from corbet original https://lwn.net/Articles/978711/

It has been four months since Greg
Kroah-Hartman and MITRE
announced that the Linux kernel project had become its own CVE Numbering
Authority (CNA). Since then, the Linux CNA Team has developed workflows
and mechanisms to help manage the various tasks associated with this
challenge. There does however, appear to be a lack of understanding among
community members of the processes and rules the team have been working
within. The principal aim of this article, written by a member of the
Linux kernel CNA team, is to clarify how the team works and how kernel CVE
numbers are assigned.

Post Syndicated from corbet original https://lwn.net/Articles/978806/

Version 6.1 of
the Plasma desktop environment has been released.

Plasma 6 hits its stride with version 6.1. While Plasma 6.0 was all
about getting the migration to the underlying Qt 6 frameworks
correct (and what a massive job that was), 6.1 is where developers
start implementing the features that will take you desktop to a new
level.

Enhancements include better remote-desktop support, improved customization,
persistent apps, smoother animation under Wayland, and more; see the
changelog for the full list.

Post Syndicated from corbet original https://lwn.net/Articles/978804/

Security updates have been issued by Debian (php7.3), Fedora (galera, ghostscript, and mariadb), Mageia (cups, iperf, and libndp), Oracle (firefox and flatpak), Red Hat (container-tools:rhel8, Firefox, firefox, and flatpak), SUSE (booth, bouncycastle, firefox, ghostscript, less, libaom, openssl-1_1, openssl-3, podman, python-Authlib, python-requests, python-Werkzeug, webkit2gtk3, and xdg-desktop-portal), and Ubuntu (ghostscript, ruby-rack, ruby2.7, ruby3.0, ruby3.1, ruby3.2, and sssd).

Post Syndicated from corbet original https://lwn.net/Articles/978733/

PostmarketOS is an Alpine Linux
derivative distribution aimed at mobile devices; the v24.06
release claims support for over 250 devices, though the level of that
support varies widely. “This release is geared mainly towards Linux
enthusiasts. We are working hard on stability improvements and automated
testing, but if you expect Android or iOS levels of polish, then this is
not for you yet.” Changes include an upgrade to Alpine Linux 3.20,
newer GNOME and KDE versions, and more.

Post Syndicated from corbet original https://lwn.net/Articles/978189/

Software-interrupt handlers (also called “bottom halves”) have a long
history in the Linux kernel; for much of that history, developers have
wished that they could go away. One of their unfortunate characteristics
is that they can add unexpected latency to the execution of unrelated
processes; this problem is felt especially acutely in the
realtime-preemption community. The solution adopted there has created
problems of its own, though; in response Sebastian Andrzej Siewior is proposing
a new locking mechanism for realtime builds of the kernel that may have
benefits for non-realtime users as well.

Post Syndicated from corbet original https://lwn.net/Articles/978629/

Linus has released 6.10-rc4 for testing.
“Apart from a rather unusual spike in the diffstat due to a parisc fix,
things look normal and pretty small.“

Post Syndicated from corbet original https://lwn.net/Articles/978591/

The
6.9.5,
6.6.34,
6.1.94,
5.15.161,
5.10.219,
5.4.278, and
4.19.316
stable kernels have all been released; each contains another set of
important fixes.

Post Syndicated from corbet original https://lwn.net/Articles/978541/

The Python Software Foundation has published a
set of reports from the 2024 Python Language summit. Topics covered
include version numbering, the limited C API, a new default read-eval-print
loop, and Python’s security model in light of the XZ backdoor:

For multiple reasons like being able to fix bugs and
single-maintainer modules, CPython doesn’t require reviewers on the
pull requests of core developers. This can lead to “unilateral
action”, meaning that a change is introduced into CPython without
the review of someone besides the author. Other situations like
release managers backporting fixes to other branches without review
are common.

Post Syndicated from corbet original https://lwn.net/Articles/978441/

This
Project Zero article looks at the exploitation of a few Android driver
bugs in great detail.

As it becomes more difficult to find 0-days in core Android,
third-party Linux kernel drivers continue to become a more and more
attractive target for attackers. While the bulk of present-day
detected ITW [in-the-wild] Android exploitation targets GPU
drivers, it’s equally important that other third-party drivers are
encouraged towards the same security standards.

Post Syndicated from corbet original https://lwn.net/Articles/978323/

Version
1.79.0 of the Rust language has been released. Changes this time
include inline const expressions, the “associated item bounds
syntax”, and more.