Post Syndicated from corbet original https://lwn.net/Articles/958597/

The LWN.net Weekly Edition for January 25, 2024 is available.

Post Syndicated from corbet original https://lwn.net/Articles/959325/

Security updates have been issued by Debian (jinja2, openjdk-11, ruby-httparty, and xorg-server), Fedora (ansible-core and mingw-jasper), Gentoo (GOCR, Ruby, and sudo), Oracle (gstreamer-plugins-bad-free, java-17-openjdk, java-21-openjdk, python-cryptography, and xorg-x11-server), Red Hat (kernel, kernel-rt, kpatch-patch, LibRaw, python-pillow, and python-pip), Slackware (mozilla), SUSE (python-Pillow, rear118a, and redis7), and Ubuntu (libapache-session-ldap-perl and pycryptodome).

Post Syndicated from corbet original https://lwn.net/Articles/959163/

Version
122.0 of the Firefox browser it out. Changes include improved search
suggestions, improvements to the in-browser
translation feature, better line-breaking compatibility, and a shiny
new .deb package.

Post Syndicated from corbet original https://lwn.net/Articles/959127/

Security updates have been issued by Debian (kodi and squid), Fedora (ansible-core, java-latest-openjdk, mingw-python-jinja2, openssh, and pgadmin4), Gentoo (Apache XML-RPC), Red Hat (gnutls and xorg-x11-server), Slackware (postfix), SUSE (bluez and openssl-3), and Ubuntu (gnutls28, libssh, and squid).

Post Syndicated from corbet original https://lwn.net/Articles/958178/

Linus Torvalds was able to release 6.8-rc1
and close the 6.8 merge window on time despite losing power to his home for
most of a week. He noted that this merge window is “maybe a bit smaller
than usual“, but 12,239 non-merge changesets found their way into the
mainline, so it’s not that small. About 8,000 of those changes were
merged since the first-half summary was
written; the second half saw a lot of device-driver updates, but there
were other interesting changes as well.

Post Syndicated from corbet original https://lwn.net/Articles/958945/

The 6.8-rc1 kernel prepatch is out for
testing.

So this wasn’t the most pleasant merge window, but most of the
unpleasantness was entirely unrelated to the code base and almost
entirely related to nasty weather. Just a few technical
hiccups. And after a very big 6.7 release, 6.8 looks to actually be
smaller than average, although not really all that significantly
so.

Post Syndicated from corbet original https://lwn.net/Articles/958860/

The
6.7.1,
6.6.13, and
6.1.74
stable kernel updates have been released; each contains another set of
important fixes.

Post Syndicated from corbet original https://lwn.net/Articles/958438/

The proposed mseal() system call
stirred up some controversy when it was first posted in October 2023.
Since then, it has been evolving in a quieter fashion, and seems to have
reached a point where the relevant commenters are willing to accept it.
Should mseal() be merged in a future development cycle, it will
look rather different than it did at the outset.

Post Syndicated from corbet original https://lwn.net/Articles/958759/

The openSUSE News site has put up a
brief article on how Slowroll fits into the spectrum of openSUSE
distributions.

The idea behind Slowroll is to offer a distribution that improves
stability without losing access to new features in the base
packages such as the kernel, desktop environments and
packaging. These slower update cycles allow for more extensive
testing and validation of packages before their inclusion. Think of
Slowroll as more of a skip than a Leap.

Post Syndicated from corbet original https://lwn.net/Articles/958682/

Luis Villa writes
about the recent ruling in the Software Freedom Conservancy’s
GPL-violation lawsuit against Vizio, wherein the judge refused to agree
that the SFC lacks standing to sue.

In some sense, not much has changed: if you were obligated to
comply with the GPL two weeks ago, you have the same obligations
today. If you didn’t have obligations then, you don’t have them
now.

What has changed is who can enforce those obligations. Two weeks
ago, we mostly believed that enforcement could only come from the
authors of the code. Those folks rarely had time, money, or
interest for litigation, and they might also face a lot of pressure
from their peers and employers to avoid litigation.

If this ruling holds up at the end of the case, the number of
potential enforcers just went way up.

Post Syndicated from corbet original https://lwn.net/Articles/958030/

The LWN.net Weekly Edition for January 18, 2024 is available.

Post Syndicated from corbet original https://lwn.net/Articles/958444/

When, at the beginning of November, we posted an open position at LWN, we were only so
hopeful; experience has shown that finding writers who are both capable of
and interested in writing our sort of material is a challenging task. This
time, though, hope was justified: we got a surprising number of
applications from highly qualified applicants. The hardest part of the
task has, instead, been narrowing down the choice to a hiring decision.

We are pleased to announce that Daroc Alden has just joined LWN’s staff.

Daroc is a programmer from New England, where they live with their
spouse and their cat. They graduated with a Master’s degree in Computer
Science from the University of New Hampshire. In their spare time, they
enjoy fiction writing and musicals. They are especially interested in
programming language theory and implementation.

Daroc will be taking on some of the load of keeping LWN interesting while
helping us to expand our content mix in the areas that our readers are
interested in. Please give them your support as they come up to speed
within our operation. We are looking forward to having Daroc as part of a
reinforced and more energetic LWN going forward.

Post Syndicated from corbet original https://lwn.net/Articles/958518/

Networking maintainer Jakub Kicinski (along with several collaborators) has
put up a summary of
what happened in the kernel’s network stack during 2023.

Throughout those releases netdev patch handlers (DaveM, Jakub,
Paolo) applied 7243 patches, and the resulting pull requests to
Linus described the changes in 6398 words. Given the volume of work
we cannot go over every improvement, or even cover networking
sub-trees in much detail (BPF enhancements… wireless work on WiFi
7…). We instead try to focus on major themes, and developments we
subjectively find interesting.

Post Syndicated from corbet original https://lwn.net/Articles/958497/

Security updates have been issued by Fedora (zabbix), Gentoo (OpenJDK), Red Hat (kernel), Slackware (gnutls and xorg), SUSE (cloud-init, kernel, xorg-x11-server, and xwayland), and Ubuntu (freeimage, postgresql-10, and xorg-server, xwayland).

Post Syndicated from corbet original https://lwn.net/Articles/958443/

Version
9.0 of the Wine Windows-compatibility system has been released.
“This release represents a year of development effort and over 7,000
individual changes. It contains a large number of improvements that are
listed below. The main highlights are the new WoW64 architecture and the
experimental Wayland driver.”

Post Syndicated from corbet original https://lwn.net/Articles/958424/

On January 13, Linus Torvalds let
it be known that he had lost power due to the bad weather in the US
Pacific Northwest. As of this writing, he has not yet resurfaced, so the
6.8 merge window has ground to a halt.

There’s apparently about 100k people without power, and I doubt our
neighborhood is the priority, so I expect to be without power for
some time still. I hope I’m wrong, but a few years ago it took more
than a week to restore power due to all the downed trees. It’s
hopefully nowhere near that, but..

Post Syndicated from corbet original https://lwn.net/Articles/958416/

Security updates have been issued by Gentoo (KTextEditor, libspf2, libuv, and Nettle), Mageia (hplip), Oracle (container-tools:4.0, gnutls, idm:DL1, squid, squid34, and virt:ol, virt-devel:rhel), Red Hat (.NET 6.0, krb5, python3, rsync, and sqlite), SUSE (chromium, perl-Spreadsheet-ParseXLSX, postgresql, postgresql15, postgresql16, and rubygem-actionpack-5_1), and Ubuntu (binutils, libspf2, libssh2, mysql-5.7, w3m, webkit2gtk, and xerces-c).

Post Syndicated from corbet original https://lwn.net/Articles/958319/

The openSUSE project has confirmed
that there will be a successor to openSUSE Leap 15, but is not sharing
a lot of details at this point.

The transition to Leap 16 is not just a numerical step-up but
symbolizes a significant path forward in technology and user
experiences. The future of openSUSE Leap is based on the innovative
concept of SUSE’s Adaptable Linux Platform.

The Adaptable Linux Platform powers the next-generation openSUSE
Leap, Leap Micro, and SUSE solutions. It makes distributions more
adaptable and suitable for cloud-native workloads while also being
capable of handling a rapid pace of innovation.

Post Syndicated from corbet original https://lwn.net/Articles/958318/

John Stawinski IV describes,
in detail, how he and a partner were able to compromise the security of the
heavily used PyTorch project.

Our exploit path resulted in the ability to upload malicious
PyTorch releases to GitHub, upload releases to AWS, potentially add
code to the main repository branch, backdoor PyTorch dependencies –
the list goes on. In short, it was bad. Quite bad.

As we’ve seen before with SolarWinds, Ledger, and others, supply
chain attacks like this are killer from an attacker’s
perspective. With this level of access, any respectable
nation-state would have several paths to a PyTorch supply chain
compromise.

Post Syndicated from corbet original https://lwn.net/Articles/958072/

As the Rust-for-Linux project
advances, the kernel is gradually
accumulating abstraction layers that enable Rust code to interface with the
existing C code. As the discussion around the set of filesystem
abstractions posted by Wedson Almeida Filho in December shows, though,
there is some tension between two approaches to the design of those
abstractions. The approach favored by most of the kernel’s C programmers
looks set to win out, but this is a discussion that is likely to return as
the use of Rust in the kernel grows.