Post Syndicated from jake original https://lwn.net/Articles/941745/

The call for topics for the Linux
Kernel
Maintainers Summit went out on August 15; one proposed topic has
generated some interesting discussion about security-bug reporting for the
kernel.
A recent patch
to the kernel’s documentation about how to report security bugs recommends
avoiding posting to the linux-distros
mailing list because its goals and rules do not mesh well with kernel
security practices. That led Jiri Kosina to suggest
a discussion on security reporting, especially with regard to Linux
distributions.

Post Syndicated from jake original https://lwn.net/Articles/941090/

“Subinterpreters”, which are separate Python interpreters running in the
same process that can be
created using
the C API, have been a part of Python since the previous century
(version 1.5 in 1997), but they are largely unknown and unused.
Eric Snow has been on something of a quest, since 2015 or so, to bring
better multicore processing to Python by
way of subinterpreters (or “multiple interpreters”). He has made it part
of the way there, with the
adoption of a separate global interpreter lock (GIL) for each
subinterpreter, which
was added for Python 3.12. Back in April, Snow gave a talk (YouTube video) at
PyCon about multiple interpreters, their status, and his plans for the
feature in
the future.

Post Syndicated from jake original https://lwn.net/Articles/941587/

Security updates have been issued by Debian (gst-plugins-ugly1.0, libreoffice, linux-5.10, netatalk, poppler, and sox), Fedora (chromium, ghostscript, java-1.8.0-openjdk-portable, java-11-openjdk, java-11-openjdk-portable, java-17-openjdk-portable, java-latest-openjdk-portable, kernel, linux-firmware, mingw-python-certifi, ntpsec, and php), Oracle (.NET 6.0, .NET 7.0, 15, 18, bind, bind9.16, buildah, cjose, curl, dbus, emacs, firefox, go-toolset and golang, go-toolset:ol8, grafana, iperf3, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libcap, libeconf, libssh, libtiff, libxml2, linux-firmware, mod_auth_openidc:2.3, nodejs, nodejs:16, nodejs:18, open-vm-tools, openssh, postgresql:12, postgresql:13, python-requests, python27:2.7, python3, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, ruby:2.7, samba, sqlite, systemd, thunderbird, virt:ol and virt-devel:rhel, and webkit2gtk3), SUSE (docker, java-1_8_0-openj9, kernel, kernel-firmware, libyajl, nodejs14, openssl-1_0_0, poppler, and webkit2gtk3), and Ubuntu (golang-yaml.v2, intel-microcode, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop,
linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,
linux-raspi-5.4, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm,
linux-lowlatency, linux-oracle, linux-raspi, linux-oem-6.1, pygments, and pypdf2).

Post Syndicated from jake original https://lwn.net/Articles/941273/

Greg Kroah-Hartman has announced the release of the
6.4.10, 6.1.45,
5.10.190, 5.4.253, 4.19.291, and 4.14.322 stable kernels. Note that 5.15.126
was also in
the review process for this batch, but has not (yet) been
released. Meanwhile, the rest of the batch all have important fixes throughout
the kernel tree, as usual.

Post Syndicated from jake original https://lwn.net/Articles/941271/

Security updates have been issued by Debian (intel-microcode, kernel, and php-dompdf), Fedora (linux-firmware, OpenImageIO, and php), Oracle (aardvark-dns, kernel, linux-firmware, python-flask, and python-werkzeug), SUSE (container-suseconnect, go1.19, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, java-11-openjdk, kernel-firmware, kubernetes1.24, openssl-1_1, poppler, python-scipy, qatengine, ucode-intel, util-linux, and vim), and Ubuntu (dotnet6, dotnet7, php-dompdf, and velocity-tools).

Post Syndicated from jake original https://lwn.net/Articles/941082/

Security updates have been issued by Debian (firefox-esr), Fedora (chromium, kernel, krb5, and rust), and Ubuntu (graphite-web and velocity).

Post Syndicated from jake original https://lwn.net/Articles/940780/

The global interpreter lock (GIL) has been a part of CPython since the
beginning—nearly—but
that seems likely to change over the next five or so
years. As we described last week, the
Python steering council has announced
its intention to start moving toward a no-GIL
CPython, potentially as soon as Python 3.13 in October 2024
for the preliminaries. The no-GIL version of CPython comes from Sam
Gross, who introduced
it as a proof-of-concept nearly two years
ago; now, the idea has been formalized in a Python Enhancement Proposal
(PEP) that describes no-GIL mode and how it interacts with the rest of the
Python ecosystem.

Post Syndicated from jake original https://lwn.net/Articles/940686/

Getting a stack trace of a running program is useful in a variety of
scenarios: tracing, profiling, debugging, performance tuning, and more.
There are existing mechanisms to get stack traces, but there are some
downsides to them; the “Simple Frame” (SFrame) stack-trace format came
about to address the shortcomings in the other techniques. Back in May,
Steve Rostedt and Indu Bhagat gave a talk about
SFrame support in the kernel as part of LSFMM+BPF; a few days later, Bhagat gave
a more general talk about SFrame
(YouTube video)
at Open
Source Summit North America in Vancouver. That second talk helped fill
in some other aspects of SFrame and the overall stack-tracing picture.

Post Syndicated from jake original https://lwn.net/Articles/940684/

The Linux Containers project has
announced the addition of
Incus, which is a fork of LXD
5.16 started by Aleksa Sarai. Incus was created in response to Canonical’s removal of LXD from Linux
Containers.

After some discussion with Aleksa and a fair bit of encouragement from our
community, we have made the decision to take Incus under the umbrella of
Linux Containers and will commit to it the infrastructure which was
previously made available to LXD.

The goal of Incus is to provide a fully community led alternative to
Canonical’s LXD as well as providing an opportunity to correct some
mistakes that were made during LXD’s development which couldn’t be
corrected without breaking backward compatibility.

In addition to Aleksa, the initial set of maintainers for Incus will
include Christian Brauner, Serge Hallyn, Stéphane Graber and Tycho
Andersen, effectively including the entire team that once created LXD.

Post Syndicated from jake original https://lwn.net/Articles/940682/

Security updates have been issued by Debian (burp, chromium, ghostscript, openimageio, pdfcrack, python-werkzeug, thunderbird, and webkit2gtk), Fedora (amanda, libopenmpt, llhttp, samba, seamonkey, and xen), Red Hat (thunderbird), Slackware (mozilla and samba), and SUSE (perl-Net-Netmask, python-Django1, trytond, and virtualbox).

Post Syndicated from jake original https://lwn.net/Articles/940481/

Security updates have been issued by CentOS (bind and kernel), Debian (cjose, firefox-esr, ntpsec, and python-django), Fedora (chromium, firefox, librsvg2, and webkitgtk), Red Hat (firefox), Scientific Linux (firefox and openssh), SUSE (go1.20, ImageMagick, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, kernel, openssl-1_1, pipewire, python-pip, and xtrans), and Ubuntu (cargo, rust-cargo, cpio, poppler, and xmltooling).

Post Syndicated from jake original https://lwn.net/Articles/940336/

The 6.4.8, 6.1.43, and 5.15.124 stable kernels have been released.
As usual, they contain important fixes throughout the kernel tree.

Post Syndicated from jake original https://lwn.net/Articles/940335/

Security updates have been issued by Debian (linux-5.10), Red Hat (.NET 6.0 and iperf3), Slackware (openssl), SUSE (kernel, mariadb, poppler, and python-Django), and Ubuntu (gst-plugins-base1.0, gst-plugins-good1.0, maradns, openjdk-20, and vim).

Post Syndicated from jake original https://lwn.net/Articles/939981/

The Python global interpreter lock (GIL) has long been a barrier to
increasing the performance of programs by using multiple threads—the GIL
serializes access to the interpreter’s virtual machine such that only one thread
can be executing Python code at any given time. There are other mechanisms
to provide
concurrency for the language, but the specter of the GIL—and its reality as
well—have often been cited as a major negative for Python. Back in October
2021, Sam Gross introduced
a proof-of-concept, no-GIL version of the
language. It was met with a lot of excitement at the time, but
seemed to languish to a certain extent for more than a year; now, the Python
Steering
Council has announced its intent to accept the
no-GIL feature. It will still be some time before it lands in a
released Python version—and there is the possibility that it all has to be
rolled back at some point—but there are several companies backing the
effort, which gives it all a good chance to succeed.

Post Syndicated from jake original https://lwn.net/Articles/939538/

Kernel testing is a perennial topic at Linux-related conferences and the KernelCI project is one of the larger testing
players. It does its own testing but also coordinates with various other
testing systems and aggregates their
results. At the
2023 Embedded
Open Source Summit (EOSS), KernelCI developer Nikolai Kondrashov gave a
presentation on the testing framework, its database, and how others can get
involved in the project. He also had some thoughts on where KernelCI is
falling short of its goals and potential, along with some ideas of ways to
improve it.

Post Syndicated from jake original https://lwn.net/Articles/939770/

Security updates have been issued by CentOS (apr-util, bcel, c-ares, emacs, git, java-1.8.0-openjdk, libwebp, open-vm-tools, python, and python3), Debian (amd64-microcode, kernel, and thunderbird), Fedora (iperf3), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, cjose, java-17-openjdk, jtidy, kernel-firmware, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, libqt5-qtbase, librsvg, libvirt, openssl-1_0_0, openssl-3, qemu, samba, thunderbird, and zabbix), and Ubuntu (linux-iot and wireshark).

Post Syndicated from jake original https://lwn.net/Articles/939519/

Security updates have been issued by Debian (kernel and libmail-dkim-perl), Fedora (openssh), and SUSE (kernel).

Post Syndicated from jake original https://lwn.net/Articles/939445/

Security updates have been issued by Debian (curl), Fedora (kitty, mingw-qt5-qtbase, and mingw-qt6-qtbase), Mageia (cri-o, kernel, kernel-linus, mediawiki, and microcode), SUSE (chromium, conmon, go1.20-openssl, iperf, java-11-openjdk, kernel-firmware, and mariadb), and Ubuntu (libvirt, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm,
linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,
linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm,
linux-oracle, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-aws-5.19, linux-gcp-5.19, linux-hwe-5.19, linux-intel-iotg-5.15, linux-iot, llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15, open-iscsi, open-vm-tools, and xorg-server-hwe-16.04).

Post Syndicated from jake original https://lwn.net/Articles/939421/

The 6.4.7, 6.1.42, 5.15.123, 5.10.188, and 5.4.251 stable kernels have been released. As
usual, they all contain lots of important fixes; users of those series
should upgrade.