Post Syndicated from corbet original https://lwn.net/Articles/947941/

It is probably fair to say that most Linux users spend little time thinking
about the troff typesetting program, despite that application’s
groundbreaking role in computing history. Troff (along with nroff) is
still with us, though, even if they are called groff these days, and every
now and then they make their presence known. A recent groff change created
a bit of a tempest within the Debian community, and has effectively been
reverted there. It all comes down to the question of what, exactly, is the
character used to mark command-line options on Unix systems?

Post Syndicated from corbet original https://lwn.net/Articles/948522/

Security updates have been issued by Debian (krb5, redis, roundcube, ruby-rack, ruby-rmagick, zabbix, and zookeeper), Fedora (ansible-core, chromium, libvpx, mingw-xerces-c, python-asgiref, python-django, and vim), Mageia (cadence, kernel, kernel-linus, libxml2, nodejs, and shadow-utils), Oracle (nghttp2), Slackware (LibRaw), and SUSE (chromium, java-11-openjdk, nodejs18, python-Django, python-urllib3, and suse-module-tools).

Post Syndicated from corbet original https://lwn.net/Articles/948469/

Linus has released 6.6-rc7 for testing.

Anyway, while this is all bigger than I’d have liked it to be, if
the upcoming week is quiet and normal, this is the last rc and next
Sunday will see the final release and then we’ll open the merge
window for 6.7. I simply am not aware of any issues that would be
showstoppers.

Post Syndicated from corbet original https://lwn.net/Articles/948129/

Jeff Xu recently proposed
the addition of a new system call, named mseal(), that would allow
applications to prevent modifications to selected memory mappings. It
would enable the hardening of user-space applications against certain types
of attacks; some other operating systems have this type of feature already.
There is support for adding this type of mechanism to the Linux kernel as
well, but it has become clear that mseal() will not land in the
mainline in anything resembling its current form. Instead, it has become
an example of how not to do kernel development at a number of levels.

Post Syndicated from corbet original https://lwn.net/Articles/948368/

Security updates have been issued by Debian (linux-5.10 and webkit2gtk), Fedora (matrix-synapse and trafficserver), Mageia (chromium-browser-stable, ghostscript, libxpm, and ruby-RedCloth), Oracle (.NET 7.0, curl, dotnet7.0, galera, mariadb, go-toolset, golang, java-1.8.0-openjdk, and python-reportlab), Red Hat (php, php:8.0, tomcat, and varnish), Slackware (httpd), SUSE (bluetuith, grub2, kernel, rxvt-unicode, and suse-module-tools), and Ubuntu (dotnet6, dotnet7, dotnet8, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,
linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop,
linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency,
linux-lowlatency-hwe-5.15,linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm,
linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2,
linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm,
linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi,
linux-starfive, linux, linux-aws, linux-azure, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-bluefield, linux-intel-iotg, linux-oem-6.1, linux-raspi, and mutt).

Post Syndicated from corbet original https://lwn.net/Articles/948297/

The
6.5.8,
6.1.59, and
5.15.136
stable kernel updates have been released; each contains another set of
important fixes.

Post Syndicated from corbet original https://lwn.net/Articles/947736/

When considering the interface provided by the GNU C Library (glibc),
thoughts naturally turn to the programming interface as specified by POSIX,
along with numerous extensions added over the years. But glibc also
provides a “tunables” interface to control how the library operates; rather
than being managed by a C API, tunables are set with the
GLIBC_TUNABLES environment
variable. Glibc tunables have been a part of a few security problems
involving setuid binaries, most recently the “Looney
Tunables” bug disclosed at the beginning of October. The glibc
developers are now considering significant changes to tunable handling in
the hope of avoiding such problems in the future.

Post Syndicated from corbet original https://lwn.net/Articles/948246/

Security updates have been issued by Debian (node-babel), Fedora (moodle), Gentoo (mailutils), Oracle (go-toolset:ol8 and java-11-openjdk), Red Hat (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), SUSE (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and Ubuntu (glib2.0, openssl, and vips).

Post Syndicated from corbet original https://lwn.net/Articles/947529/

The LWN.net Weekly Edition for October 19, 2023 is available.

Post Syndicated from corbet original https://lwn.net/Articles/948098/

The GNOME Foundation has announced
the hiring of Holly Million as its new executive director.

Holly is a multi-talented individual with a diverse background in
nonprofit leadership, filmmaking, teaching, public speaking, and
writing. Her commitment to empowering individuals to make a
positive impact aligns perfectly with the values and goals of the
GNOME Foundation.

Post Syndicated from corbet original https://lwn.net/Articles/948097/

Security updates have been issued by Debian (slurm-wlm), Fedora (icecat and python-configobj), Oracle (dotnet6.0, kernel-container, nginx, nginx:1.20, nginx:1.22, and python3.9), Red Hat (bind9.16, curl, dotnet6.0, kernel-rt, kpatch-patch, nghttp2, nodejs, python-reportlab, and virt:rhel), Slackware (util), SUSE (buildah, conmon, erlang, glibc, kernel, nghttp2, opensc, python-urllib3, samba, slurm, and suse-module-tools), and Ubuntu (frr, linux-azure, and pmix).

Post Syndicated from corbet original https://lwn.net/Articles/946870/

The Linux kernel has supported restartable
sequences (sometimes referred to as “RSEQ”) since 2018, but it remains
a bit of a niche feature, mostly useful to performance-oriented developers
who do not mind writing assembly code. According to Mathieu Desnoyers, the
behind the kernel’s implementation of restartable sequences, this feature
can be applicable to a much wider range of performance-sensitive code with
proper library support. He came to the 2023 GNU Tools Cauldron to
present the case for use of restartable sequences within the GNU C Library
(glibc).

Post Syndicated from corbet original https://lwn.net/Articles/948010/

Security updates have been issued by Debian (axis, nghttp2, node-babel7, and tomcat9), Fedora (curl and ghostscript), Oracle (bind, kernel-container, mariadb:10.5, and python3.11), Red Hat (.NET 7.0, go-toolset, golang, and go-toolset:rhel8), SUSE (kernel, libcue, libxml2, python-Django, and python-gevent), and Ubuntu (curl, ghostscript, iperf3, libcue, python2.7, quagga, and samba).

Post Syndicated from corbet original https://lwn.net/Articles/947927/

OpenBSD 7.4 is out. Changes include a new kqueue1() system call
that allows close-on-exec behavior, support for better arm64 control-flow
integrity, support for TCP segmentation offloading, and much more.

Post Syndicated from corbet original https://lwn.net/Articles/946526/

Following up from last year’s first Image-Based
Linux Summit), a second meeting was held in Berlin on September 12th,
2023, the day before All Systems Go!
2023, at the Microsoft office. The goal of these summits is to find
common ground among stakeholders from various engineering groups around the
topic of image-based Linux distributions, communicate progress, and attempt
to build a strategy to tackle shared problems together. The organizers —
Luca Boccassi, Lennart Poettering, and Christian Brauner — welcomed
participants from the UAPI Group,
which draws developers from a long list of companies with an interest in
this area, and spent the full day discussing a variety of topics. Full
minutes have been published on the UAPI Group’s web site.

Post Syndicated from corbet original https://lwn.net/Articles/947891/

Security updates have been issued by Debian (batik, poppler, and tomcat9), Fedora (chromium, composer, curl, emacs, ghostscript, libwebp, libXpm, netatalk, nghttp2, python-asgiref, python-django, and webkitgtk), Mageia (curl and libX11), Oracle (bind, busybox, firefox, and kernel), Red Hat (curl, dotnet6.0, dotnet7.0, and nginx), SUSE (chromium, cni, cni-plugins, grub2, netatalk, opensc, opera, and wireshark), and Ubuntu (iperf3).

Post Syndicated from corbet original https://lwn.net/Articles/947825/

The 6.6-rc6 kernel prepatch is out for
testing. “So the previous week has been pretty calm, and a lot of the
discussion has been about future changes as so often happens late in the
release cycle.”

Post Syndicated from corbet original https://lwn.net/Articles/947819/

The 6.1.58 stable kernel update has been
released; it consists mostly of a handful of reverts in the NFS subsystem.

Post Syndicated from corbet original https://lwn.net/Articles/946733/

The primary job of a compiler is to translate source code into a binary
form that can be run by a computer. Increasingly, though, developers want
more from their tools, compilers included. Since the compiler must
understand the code it is being asked to translate, it is in a good
position to provide information about how that code will execute — and
where things might go wrong. At the 2023 GNU Tools Cauldron,
David Malcolm talked about recent work to improve the diagnostic output
from the GCC compiler.

Post Syndicated from corbet original https://lwn.net/Articles/947733/

Version
23.10 of the Ubuntu distribution is out. Changes include support for
hardware-backed full-disk encryption, tighter control over user namespaces,
a new App Center application, and more.