Post Syndicated from jake original https://lwn.net/Articles/1022222/

Greg Kroah-Hartman has announced the release of the 6.14.8, 6.12.30, 6.6.92, 6.1.140, and 5.15.184 stable kernels. As usual, each
contains a long list of important fixes throughout the kernel tree.

Post Syndicated from jake original https://lwn.net/Articles/1022189/

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and webkit2gtk3), Fedora (mozilla-ublock-origin and sudo-rs), Oracle (.NET 8.0, compat-openssl10, grafana, osbuild-composer, redis:6, ruby:2.5, and webkit2gtk3), SUSE (dante, firefox-esr, gnuplot, govulncheck-vulndb, grype, postgresql13, postgresql14, postgresql15, postgresql16, postgresql17, python-tornado6, python314, thunderbird, ucode-intel, and xen), and Ubuntu (bind9, libfcgi-perl, linux-ibm-5.4, linux-oracle-5.4, postgresql-17, and Tomcat).

Post Syndicated from jake original https://lwn.net/Articles/1020576/

In late March, version 78.0.1 of Setuptools — an important
Python packaging tool — was released. It was scarcely half an hour before
the first bug
report came in, and it quickly became clear that the change was far
more disruptive than anticipated. Within only about five hours 78.0.2 was
published to roll back the change, and multiple discussions were
started about how to limit the damage caused by future breaking
changes. Nevertheless, many users still felt the response was
inadequate. Some previous Setuptools releases have also caused problems on a smaller but still notable scale, and hopefully the developers will be more cautious going forward. But there are also lessons here for the developers of Python package installers, ordinary Python developers and end users, and even Linux distribution maintainers.

Post Syndicated from jake original https://lwn.net/Articles/1020437/

Leon Romanovsky began his session at the 2025 Linux Storage, Filesystem,
Memory Management, and BPF Summit (LSFMM+BPF) by explaining that the improved DMA-mapping API that he has been
working on is a group effort. He, Chaitanya Kulkarni, Christoph Hellwig,
Jason Gunthorpe, and others are proposing to modernize the API and to
“make it more suitable for current kernels“. He told the assembled
storage and filesystem developers that the progress on the proposal has
stalled, but that it was the basis for further work in various areas, so he
hoped to find a way to move forward with it.

Post Syndicated from jake original https://lwn.net/Articles/1021379/

Security updates have been issued by Debian (open-vm-tools), Fedora (dnsdist), Gentoo (Node.js and Tracker miners), Red Hat (kernel and xdg-utils), SUSE (audiofile, go1.22-openssl, go1.24, grub2, kernel-devel, openssl-1_1, openssl-3, and python311-Django), and Ubuntu (ruby-rack).

Post Syndicated from jake original https://lwn.net/Articles/1020884/

Security updates have been issued by Debian (libbson-xs-perl, postgresql-13, redis, and simplesamlphp), Fedora (chromium, deluge, epiphany, golang-github-nats-io-nkeys, libxmp, nodejs22, perl-Compress-Raw-Lzma, php-adodb, python-h11, and xz), Gentoo (firefox, NVIDIA Drivers, Orc, PAM, and thunderbird), Mageia (libreoffice, python-django, and transfig), Red Hat (emacs, firefox, python39:3.9, and thunderbird), SUSE (bird3, freetype2, ldap-proxy, libmosquitto1, and ruby3.4-rubygem-rack), and Ubuntu (linux, linux-aws, linux-kvm, linux-aws, and linux-fips).

Post Syndicated from jake original https://lwn.net/Articles/1020170/

The famfs
filesystem is meant to provide a shared-memory filesystem for large data
sets that are accessed for computations by multiple systems. It was
developed by John Groves, who led a combined filesystem and
memory-management session at
the 2025 Linux Storage, Filesystem, Memory
Management, and BPF Summit (LSFMM+BPF) to discuss it. The session was a
follow-up to the famfs session at last year’s
summit, but it was also meant to discuss whether the kernel’s direct-access (DAX)
mechanism, which is used by famfs, could be replaced in the filesystem
by using other kernel features.

Post Syndicated from jake original https://lwn.net/Articles/1020545/

Security updates have been issued by Debian (chromium, libapache2-mod-auth-openidc, mariadb-10.5, and openssh), Red Hat (osbuild-composer), Slackware (mariadb), SUSE (apache2-mod_auth_openidc, glib2, ImageMagick, libsoup, libsoup2, libva, openvpn, sqlite3, and weblate), and Ubuntu (libsoup3, php-horde-css-parser, and python-django).

Post Syndicated from jake original https://lwn.net/Articles/1019522/

In a combined filesystem and memory-management session at
the 2025 Linux Storage, Filesystem, Memory
Management, and BPF Summit (LSFMM+BPF), Joanne Koong led a discussion on
improving the writeback performance for the Filesystem in
Userspace (FUSE) layer. Writeback is how data that is written to the
filesystem is actually flushed to the disk; it is the process of writing
dirty pages from the page cache to storage. The current FUSE
implementation allocates unmovable memory, then copies the dirty data to it
before initiating writeback, which is slow; Koong wanted to change that
behavior. Since the session, she has posted a
patch set that has been applied
by FUSE maintainer Miklos Szeredi.

Post Syndicated from jake original https://lwn.net/Articles/1020131/

The 6.12.27 and 6.1.137 stable kernels have been released to
fix build problems in their predecessors. Only those who are having
build troubles with 6.12.26 or 6.1.136 need to upgrade.

Post Syndicated from jake original https://lwn.net/Articles/1020130/

Security updates have been issued by Debian (ansible, containerd, and vips), Fedora (chromium, java-17-openjdk, nodejs-bash-language-server, nodejs-pnpm, ntpd-rs, redis, rust-hickory-proto, thunderbird, and valkey), Mageia (apache-mod_auth_openidc, fcgi, graphicsmagick, kernel-linus, pam, poppler, and tomcat), Red Hat (firefox, libsoup, nodejs:20, redis:6, rsync, webkit2gtk3, xmlrpc-c, and yelp), and SUSE (audiofile, ffmpeg, firefox, libsoup-2_4-1, libsoup-3_0-0, libva, libxml2, and thunderbird).

Post Syndicated from jake original https://lwn.net/Articles/1018642/

At
the 2025 Linux Storage, Filesystem, Memory
Management, and BPF Summit (LSFMM+BPF) Kanchan Joshi and Keith Busch led a
combined storage and filesystem session on data placement, which concerns
how the data on a storage device is actually written. In a discussion
that hearkened back to previous summits, the idea is to give hints to enterprise-class
SSDs to help them make better choices on where the data should go; hinting
was most recently discussed at the summit in 2023. If SSDs can
group data with similar lifetimes together, it can lead to longer life for
the devices, but there is a need to work out the details.

Post Syndicated from jake original https://lwn.net/Articles/1019686/

After a somewhat tumultuous switch to the
Server Side Public License (SSPL) in March 2024, Redis has backtracked
and is now offering Redis under the
Affero GPLv3 (AGPLv3) starting with Redis 8, CEO Rowan Trollope
announced. The change back to an open-source license was led by Redis creator Salvatore
“antirez” Sanfillipo, who also contributed the new Vector Sets feature for
the release. He said:

I’ll be honest: I truly wanted the code I wrote for the new Vector Sets data type to be released under an open source license. Writing open source software is too rooted in me: I rarely wrote anything else in my career. I’m too old to start now. This may be childish, but I wrote Vector Sets with a huge amount of enthusiasm exactly because I knew Redis (and my new work) was going to be open source again.

I understand that the core of our work is to improve Redis, to continue building a good system, useful, simple, able to change with the requirements of the software stack. Yet, returning back to an open source license is the basis for such efforts to be coherent with the Redis project, to be accepted by the user base, and to contribute to a human collective effort that is larger than any single company. So, honestly, while I can’t take credit for the license switch, I hope I contributed a little bit to it, because today I’m happy. I’m happy that Redis is open source software again, under the terms of the AGPLv3 license.

Since last year’s license switch, though, the Valkey project has sprung up as a fork under
the original 3-clause BSD license.

Post Syndicated from jake original https://lwn.net/Articles/1019645/

Security updates have been issued by Debian (expat, fig2dev, firefox-esr, golang-github-gorilla-csrf, jinja2, libxml2, nagvis, qemu, request-tracker4, request-tracker5, u-boot, and vips), Fedora (firefox, giflib, and thunderbird), Mageia (imagemagick), Red Hat (thunderbird), SUSE (amber-cli, libjxl, and redis), and Ubuntu (h2o, poppler, and postgresql-10).

Post Syndicated from jake original https://lwn.net/Articles/1019227/

Version 3.25.0 of the Valgrind
dynamic-analysis tool has been released. It has lots of new features,
including initial support for RISC-V on Linux, handling zstd-compressed
debug sections, integration of the Linux Test
Project test suite, support for lots more Linux system calls, and more.
It also has plenty of bug fixes, of course.

Post Syndicated from jake original https://lwn.net/Articles/1019212/

Security updates have been issued by AlmaLinux (thunderbird), Debian (distro-info-data, imagemagick, kernel, libsoup2.4, and poppler), Fedora (chromium, java-1.8.0-openjdk, java-1.8.0-openjdk-portable, java-17-openjdk, java-17-openjdk-portable, java-latest-openjdk, pgadmin4, thunderbird, and xz), Mageia (haproxy and libxml2), Oracle (bluez, firefox, gnutls, libtasn1, libxslt, mod_auth_openidc:2.3, ruby:3.1, thunderbird, and xmlrpc-c), Red Hat (delve and golang, glibc, mod_auth_openidc, mod_auth_openidc:2.3, and thunderbird), SUSE (augeas, chromedriver, cifs-utils, govulncheck-vulndb, java-11-openjdk, java-21-openjdk, kyverno, libraw, opentofu, runc, subfinder, and valkey), and Ubuntu (jupyter-notebook and libxml2).

Post Syndicated from jake original https://lwn.net/Articles/1018341/

Sometimes worms have a tendency to multiply once their can is opened.
James Bottomley recently encountered that situation; he led a session in
the filesystem track at the 2025 Linux Storage, Filesystem, Memory
Management, and BPF Summit (LSFMM+BPF) to discuss filesystem behavior with
respect to suspending and resuming the system. As he noted in his topic
proposal, he came at the problem because he needed a way to
resynchronize the contents of efivarfs
after a system resume and thought there should be an API available to use.
But, as the resulting thread shows, the filesystem freeze and thaw code had
never been used by the system-wide suspend and resume code. Due to a
scheduling mixup, though, several of us missed Bottomley’s session,
including Luis Chamberlain who has been working on hooking those two pieces
up; what follows is largely from a second session that Chamberlain led,
with some background information from the topic-proposal discussion and an
email exchange with Bottomley.

Post Syndicated from jake original https://lwn.net/Articles/1018717/

Security updates have been issued by Debian (haproxy and openrazer), Fedora (c-ares and mingw-poppler), Red Hat (thunderbird), SUSE (epiphany, ffmpeg-6, gopass, and libsoup-3_0-0), and Ubuntu (erlang, haproxy, libapache2-mod-auth-openidc, libarchive, linux, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-aws-6.8, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure-fips, linux-gcp, linux-gke, linux-gkeop, linux-gcp-6.8, linux-ibm-5.15, linux-intel-iot-realtime, linux-realtime, linux-intel-iotg-5.15, linux-realtime, perl, and yelp, yelp-xsl).

Post Syndicated from jake original https://lwn.net/Articles/1017947/

In the filesystem track at the 2025 Linux Storage, Filesystem, Memory
Management, and BPF Summit (LSFMM+BPF), Amir Goldstein wanted to resume
discussing
a feature that he had briefly introduced at the end of a 2023 summit session: filesystem “write
barriers”. The idea is to have an operation that would wait for any
in-flight write()
system calls, but not block any new write() calls as bigger
hammers, such as freezing the filesystem,
would do. His prototype implementation is used by a hierarchical
storage management (HSM) system to create a crash-consistent
change log, but there may be other use cases to consider. He wanted
to discuss implementation options and the possibility of providing an
API for user-space applications.

Post Syndicated from jake original https://lwn.net/Articles/1018292/

Security updates have been issued by Debian (erlang, fig2dev, shadow, wget, and zabbix), Fedora (chromium, jupyterlab, llama-cpp, prometheus-podman-exporter, python-notebook, python-pydantic-core, rpki-client, rust-adblock, rust-cookie_store, rust-gitui, rust-gstreamer, rust-icu_collections, rust-icu_locid, rust-icu_locid_transform, rust-icu_locid_transform_data, rust-icu_normalizer, rust-icu_normalizer_data, rust-icu_properties, rust-icu_properties_data, rust-icu_provider, rust-icu_provider_macros, rust-idna, rust-idna_adapter, rust-litemap, rust-ron, rust-sequoia-openpgp, rust-sequoia-openpgp1, rust-tinystr, rust-url, rust-utf16_iter, rust-version-ranges, rust-write16, rust-writeable, rust-zerovec, rust-zip, uv, and webkitgtk), Slackware (libxml2 and zsh), SUSE (argocd-cli, chromium, coredns, ffmpeg-6, and firefox), and Ubuntu (imagemagick).