The 6.2.13, 6.1.26, 5.15.109, 5.10.179, 5.4.242, 4.19.282, and 4.14.314 stable kernels have all been released; each contains another set of important fixes and updates.

Version 13.1 of the GCC compiler suite has been released.

This release integrates a frontend for the Modula-2 language which was previously available separately and lays foundation for a frontend for the Rust language which will be available in a future release.

Other changes include the removal of support for the STABS debugging-information format, addition of a number of C++23 features, a number of static-analyzer improvements, support for a number of recent CPU features, and more. See this page for details.

Security updates have been issued by Fedora (chromium, lilypond, and lilypond-doc), Oracle (java-1.8.0-openjdk), Red Hat (emacs, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-rt, pesign, and virt:rhel, virt-devel:rhel), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (git), SUSE (fwupd, git, helm, and runc), and Ubuntu (firefox, golang-1.18, linux-hwe-5.15, and openssl, openssl1.0).

Static-site generators are tools that generate HTML pages from source files, often written in Markdown or another markup language. They have built-in templates and themes, which allows developers to create lightweight and secure web sites that can be easily maintained using version control. One of these tools is Nikola, written in Python.

There is a new stable Git release containing fixes for three separate security vulnerabilities. The fixes have also been backported to the older v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8, v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9 releases. Sites using Git in untrusted environments — or with untrusted input — should probably upgrade soon.

Philip Herron and Arthur Cohen have posted an update on the status of gccrs — the GCC frontend for the Rust language — and why it will not be a part of the upcoming GCC 13 release.

While all of this appears like a lot of work, we are confident in our progress and hope to get closer and closer to getting the core crate working in the next few months. There is also a lot of important work remaining in order to produce a valid Rust compiler, which is why we will spend the coming months focusing on the core crate as well as a borrow-checker implementation, and the development of the necessary tooling to allow us to try and pass the Rust 1.49 testsuite.

We aim to distribute the Rust 1.49 version of the standard library with our compiler in the next major GCC release, GCC 14, and hope to backport enough changes to the GCC 13 branch to get the core crate working in time for the GCC 13.2 release. This will enable users to easily start experimenting with the compiler for #![no_std] Rust programs and, hopefully, some embedded targets.

Security updates have been issued by CentOS (firefox, java-11-openjdk, and thunderbird), Debian (apache2), Fedora (kernel), Oracle (emacs), Red Hat (emacs, haproxy, java-1.8.0-openjdk, kernel, kernel-rt, kpatch-patch, pcs, pki-core:10.6, and qatzip), and SUSE (avahi, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, giflib, kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, ovmf, and protobuf-c).

The 6.3 kernel was released on April 24 after a nine-week development cycle. As is the case with all mainline releases, this is a major kernel release with a lot of changes and a big pile of new features. The time has come, yet again, for a look at where that work came from and who supported it.

Security updates have been issued by Debian (389-ds-base, chromium, connman, curl, redis, and thunderbird), Fedora (ceph, doctl, dr_libs, ffmpeg, freeimage, golang-github-digitalocean-godo, insight, libreswan, mingw-binutils, mingw-freeimage, mingw-freetype, openvswitch, rnp, suricata, webkitgtk, and wireshark), Mageia (dnsmasq, emacs, openimageio, php-smarty, redis, squirrel/supertux, and tcpdump), Red Hat (emacs), and SUSE (avahi, chromium, dmidecode, indent, jettison, openssl, openstack-cinder, openstack-nova, python-oslo.utils, and ovmf).

Linus has released the 6.3 kernel as expected.

It's been a calm release this time around, and the last week was really no different. So here we are, right on schedule, with the 6.3 release out and ready for your enjoyment.

That doesn't mean that something nasty couldn't have been lurking all these weeks, of course, but let's just take things at face value and hope it all means that everything is fine, and it really was a nice controlled release cycle. It happens.

Significant changes in this release include the removal of a lot of obsolete Arm board files and drivers, ongoing improvements to the (still minimal) Rust language support, red-black trees for BPF programs, ID-mapped mounts for tmpfs filesystems, BIG TCP support for IPv4, support for non-executable memfds, the hwnoise jitter-measurement tool, and a lot more. See the LWN merge-window summaries (part 1, part 2) and the (in-progress) KernelNewbies 6.3 page for more information.

This ten days old but hopefully better late than never: the Python Software Foundation has put out an article describing how the proposed European "cyber resilience act" threatens the free-software community.

Under the current language, the PSF could potentially be financially liable for any product that includes Python code, while never having received any monetary gain from any of these products. The risk of huge potential costs would make it impossible in practice for us to continue to provide Python and PyPI to the European public.

The Internet Systems Consortium has also recently put out a statement on the proposal.

This ten days old but hopefully better late than never: the Python Software Foundation has put out an article describing how the proposed European "cyber resilience act" threatens the free-software community.

Under the current language, the PSF could potentially be financially liable for any product that includes Python code, while never having received any monetary gain from any of these products. The risk of huge potential costs would make it impossible in practice for us to continue to provide Python and PyPI to the European public.

The Internet Systems Consortium has also recently put out a statement on the proposal.

The concept of movable memory was initially designed for hot-pluggable memory on server-class systems, but it would now appear that this mechanism is finding a new use in consumer-electronics devices as well. The designated movable block patch set was first submitted by Doug Berger in September 2022. By adding more flexibility around the configuration and use of movable memory, this work will, it is hoped, improve how Linux performs on resource-constrained systems.

The Python Package Index (PyPI) has, like many language-specific repositories, had ongoing problems with malicious uploads. PyPI is now launching an authentication mechanism called trusted publishers in an attempt to fight this problem.

Instead, PyPI maintainers can configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP). This allows allows PyPI to verify and delegate trust to that identity, which is then authorized to request short-lived, tightly-scoped API tokens from PyPI. These API tokens never need to be stored or shared, rotate automatically by expiring quickly, and provide a verifiable link between a published package and its source.

Security updates have been issued by Debian (golang-1.11 and libxml2), Fedora (chromium, dr_libs, frr, ruby, and runc), Oracle (java-11-openjdk and java-17-openjdk), Red Hat (emacs, httpd and mod_http2, kpatch-patch, and webkit2gtk3), SUSE (libmicrohttpd, nodejs16, ovmf, and wireshark), and Ubuntu (kauth and patchelf).

GNOME is, of course, a widely-used desktop environment for Linux systems; on March 22, the project released GNOME 44, codenamed "Kuala Lumpur". This version features enhancements to the settings panels, quick settings, the files application, and an updated file chooser with a grid view, among others. The full list of changes can be seen in the release notes available on the GNOME website.

The Ubuntu 23.04 release is out. Headline features include a new installer, GNOME 44, Azure Active Directory authentication, and more.

The newest Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, Ubuntu Unity, and Xubuntu are also being released today.

See the release notes for more information.

Distributors have been enabling the SELinux security module for nearly 20 years now, and many administrators have been disabling it on their systems for almost as long. There are a few ways in which SELinux can be disabled on any given system, including command-line options, a run-time switch, or simply not loading a policy after boot. One of those ways, however, is about to be disabled itself.

The latest crop of stable kernels is out; 6.2.12, 6.1.25, 5.15.108, 5.10.178, 5.4.241, 4.19.281, and 4.14.313 have been released. As is usual, they all contain important fixes throughout the kernel tree.

Security updates have been issued by Debian (golang-1.11), Fedora (chromium, golang-github-cenkalti-backoff, golang-github-cli-crypto, golang-github-cli-gh, golang-github-cli-oauth, golang-github-gabriel-vasile-mimetype, libpcap, lldpd, parcellite, tcpdump, thunderbird, and zchunk), Red Hat (java-11-openjdk, java-17-openjdk, and kernel), SUSE (chromium, dnsmasq, ImageMagick, nodejs16, openssl-1_0_0, openssl1, ovmf, and python-Flask), and Ubuntu (dnsmasq, libxml2, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, and linux-snapdragon).