Security updates have been issued by CentOS (389-ds-base, bind, expat, java-1.8.0-openjdk, java-11-openjdk, libksba, and squid), Debian (chromium, libdatetime-timezone-perl, tzdata, and wordpress), Fedora (dbus, dhcp, dotnet3.1, jhead, samba, and strongswan), Mageia (virtualbox), Oracle (device-mapper-multipath), Scientific Linux (device-mapper-multipath and thunderbird), Slackware (curl), SUSE (container-suseconnect, curl, kernel, libmad, libtasn1, libtirpc, qemu, rubygem-puppet, SUSE Manager Client Tools, and telnet), and Ubuntu (curl, linux-intel-iotg, and mysql-5.7).

The LWN.net Weekly Edition for October 27, 2022 is available.

Python has lots of different options for mutable data structures, both directly in the language and in the standard library. Lists, dictionaries (or "dicts"), and sets are the foundation, but two of those maintain an order based on how the elements are added, while sets do not. A recent discussion on the Python Discourse forum raised the idea of adding an ordered variant of sets; while it does not look like there is a big push to add the feature, the discussion did show some of what is generally needed to get new things into the language—and could well lead to its inclusion.

Arturo Borrero González has posted a detailed summary of the Netfilter workshop that was recently held in Seville. "This year, the number of participants was just eight people, and this allowed the setup to be a bit more informal. We had kind of an un-conference style meeting, in which whoever had something prepared just went ahead and opened a topic for debate."

(Thanks to Paul Wise).

The 6.0.4, 5.15.75, 5.10.150, 5.4.220, 4.19.262, 4.14.296, and 4.9.331 stable kernel updates have all been released; each contains a relatively large set of important fixes. The 6.0.5 update followed about 90 seconds later with a couple of additional small fixes.

Security updates have been issued by Debian (tomcat9), Oracle (389-ds-base, device-mapper-multipath, firefox, git-lfs, gnutls, kernel, kernel-container, libksba, pki-core, samba, sqlite, and zlib), Red Hat (device-mapper-multipath, kernel, kpatch-patch, libksba, and thunderbird), Slackware (expat and samba), SUSE (bind, buildah, curl, firefox, golang-github-prometheus-node_exporter, grafana, icinga2, python-paramiko, python-waitress, SUSE Manager Client Tools, telnet, and xen), and Ubuntu (glibc, jinja2, libksba, linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, and openvswitch).

Lennart Poettering has posted a detailed specification for a new approach to "trusted computing" systems.

Central to the proposed design is the concept of a Unified Kernel Image (UKI). These UKIs are the combination of a Linux kernel image, and initrd, a UEFI boot stub program (and further resources, see below) into one single UEFI PE file that can either be directly invoked by the UEFI firmware (which is useful in particular in some cloud/Confidential Computing environments) or through a boot loader (which is generally useful to implement support for multiple kernel versions, with interactive or automatic selection of image to boot into, potentially with automatic fallback management to increase robustness).

This work is evidently the first in a series that will come out of the newly formed Linux Userspace API Group.

The QEMU emulator has a sizable set of storage features, including disk-image file formats like qcow2, snapshots, incremental backup, and storage migration, which are available to virtual machines. This software-defined storage functionality that is available inside QEMU has not been easily accessible outside of it, however. Kevin Wolf and Stefano Garzarella presented at KVM Forum 2022 on the new qemu-storage-daemon program and the libblkio library that make QEMU's storage functionality available even when the goal is not to run a virtual machine (VM).

Security updates have been issued by Debian (libbluray and wkhtmltopdf), Fedora (firefox, libksba, libmodsecurity, libxml2, qemu, and xmlsec1), Red Hat (389-ds-base, 389-ds:1.4, git-lfs, gnutls, java-1.8.0-ibm, kernel, kernel-rt, kpatch-patch, libksba, mysql:8.0, pki-core, postgresql:12, samba, sqlite, and zlib), Scientific Linux (389-ds-base, libksba, and pki-core), SUSE (bluez, firefox, jdom, kernel, libosip2, libxml2, multipath-tools, and python-Mako), and Ubuntu (barbican, mysql-5.7, mysql-8.0, openvswitch, and pillow).

Version 3.11.0 of the Python language has been released. "In the CPython release team, we have put a lot of effort into making 3.11 the best version of Python possible. Better tracebacks, faster Python, exception groups and except*, typing improvements and much more." Among other things, this release claims a 1.22x speedup on the standard benchmark suite thanks to the Faster CPython work.

Among the many quirks that make the C language so charming is the set of behaviors that it does not define; these include whether a char variable is a signed quantity or not. The distinction often does not make a difference, but there are exceptions. Kernel code, which runs on many different architectures, is where exceptions can certainly be found. A recent attempt to eliminate the uncertain signedness of char variables did not get far — at least not in the direction it originally attempted to go.

Greg Kroah-Hartman has announced the release of the 5.19.17 stable kernel. "Note this is the LAST 5.19.y kernel to be released. This branch is now end-of-life. You should move to the 6.0.y branch at this point in time."

Alex Gaynor examines the awkwardness that comes when trying to interface Python and Rust code.

The challenge is that if you want to pass some bytes to a Rust library to parse them (or do any other processing for that matter), the library almost certainly expects a &[u8], and there’s no way to turn a &[ReadOnlyCell<u8>] into a &[u8] safely, without allocating and copying. And of course, the whole point of the Python buffer protocol is to avoid these sorts of inefficiencies.

Therefore, the regrettable solution is that, right now, there is no way to have all three of: efficiency, interoperability, and soundness.

Security updates have been issued by Debian (bluez, kernel, and lava), Fedora (ckeditor, drupal7, moby-engine, php-Smarty, and wavpack), Mageia (bind, e2fsprogs, epiphany, freerdp, kernel, kernel-linus, libconfuse, libosip2, ntfs-3g, perl-Image-ExifTool, and poppler), Oracle (firefox, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-container, and thunderbird), Scientific Linux (firefox, java-1.8.0-openjdk, and java-11-openjdk), SUSE (bluez, firefox, kernel, libxml2, and tiff), and Ubuntu (linux-gcp).

The second 6.1 kernel prepatch is out for testing. "Usually rc2 is a pretty quiet week, and it mostly started out that way too, but then things took a turn for the strange. End result: 6.1-rc2 ended up being unusually large."

The U-Boot list carries the sad news that Wolfgang Denk, the founder of the U-Boot project, has passed away.

Wolfgang was a pioneer and strong supporter of Open Source, in the time when Linux for Embedded System started its first steps. In many occasions he had strong discussions with customers to explain the advantages of Open Source, and he rejected business contracts if customer was going against his principles. We will miss him.

All memory accesses in a BPF program are statically checked for safety using the verifier, which analyzes the program in its entirety before allowing it to run. While this allows BPF programs to safely run in kernel space, it restricts how that program is able to use pointers. Until recently, one such constraint was that the size of a memory region referenced by a pointer in a BPF program must be statically known when a BPF program is loaded. A recent patch set by Joanne Koong enhances BPF to support loading programs with pointers to dynamically sized memory regions.

The 6.0.3 stable kernel update has been released; it contains over 800 important fixes.

Security updates have been issued by Fedora (poppler), Oracle (firefox and thunderbird), Red Hat (firefox, java-1.8.0-openjdk, java-11-openjdk, and java-17-openjdk), SUSE (bind, clone-master-clean-up, grafana, libksba, python3, tiff, and v4l2loopback), and Ubuntu (libreoffice).

Part of the early appeal of the World Wide Web was the promise that anybody could create a site and publish interesting content to the world. A few decades later, that promise seems to have been transformed into the ability to provide content for a small number of proprietary platforms run by huge corporations. But, arguably, the dream of widespread independent publishing is enjoying a resurgence. The Ghost publishing platform is built around the goal of making publishing technology — and the ability to make money from it — available with free software.