lwn.net

Security updates have been issued by Debian (chromium, libdatetime-timezone-perl, and tzdata), Fedora (flatpak and gmailctl), Mageia (firefox, flatpak, golang, gssntlmssp, libmicrohttpd, libtiff, python-flask-security, python-owslib, ruby-rack, thunderbird, unarj, and vim), Red Hat (firefox, kpatch-patch, nss, openssl, and thunderbird), SUSE (containerd, hdf5, qt6-base, and squirrel), and Ubuntu (amanda, gif2apng, graphviz, and linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi).

Just over 27 years ago, John Perry Barlow's declaration of the independence of Cyberspace claimed that governments "have no sovereignty" over the networked world. In 2023, we have ample reason to know better than that, but we still expect the free-software community to be left alone by the affairs of governments much of the time. A couple of recent episodes related to the war in Ukraine are making it clear that there are limits to our independence.

Security updates have been issued by CentOS (firefox, nss, and openssl), Fedora (firefox, liferea, python-cairosvg, and tar), Oracle (openssl and thunderbird), Scientific Linux (firefox, nss, and openssl), SUSE (container-suseconnect, grub2, libplist, and qemu), and Ubuntu (amanda, apache2, node-object-path, and python-git).

The LWN.net Weekly Edition for March 23, 2023 is available.

The concept of copyleft is compelling in a lot of ways, at least for those who want to promote software freedom in the world. Bradley Kuhn is certainly one of those people and has long been working on various aspects of copyleft licensing and compliance, along with software freedom. He came to Everything Open 2023 to talk about copyleft, some of its history—and flaws—and to look toward the future of copyleft.

The 6.2.8, 6.1.21, 5.15.104, 5.10.176, 5.4.238, 4.19.279, and 4.14.311 stable kernel updates have all been released; each contains another set of important fixes.

Version 44 of the GNOME desktop environment has been released. "This release brings a grid view in the file chooser, improved settings panels for Device Security, Accessibility, etc, and refined quick settings in the shell. The Software and Files apps have seen improvements, and a whole slew of new apps has joined the GNOME Circle". See the release notes for details.

Security updates have been issued by Fedora (firefox), Oracle (kernel, kernel-container, and nss), and SUSE (curl, dpdk, drbd, go1.18, kernel, openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils, oracleasm, python3, slirp4netns, and xen).

Version 20 of the Java SE platform has been released. See the features list for an overview of the big additions, or the release notes for the details.

At the end of 2022, Paulus Schoutsen declared 2023 "the year of voice" for Home Assistant, the popular open-source home-automation project that he founded nine years ago. The project's goal this year is to let users control their home with voice commands in their own language, using offline processing instead of sending data to the cloud. Offline voice control has been the holy grail of open-source home-automation systems for years. Several projects have tried and failed. But with Rhasspy's developer Mike Hansen spearheading Home Assistant's voice efforts, this time things could be different.

Security updates have been issued by Debian (apache2), Oracle (firefox, nss, and openssl), Slackware (curl and vim), SUSE (dpdk, firefox, grafana, oracleasm, python-cffi, python-Django, and qemu), and Ubuntu (ruby2.7, sox, and tigervnc).

Version 9.2 of the GNU coreutils collection — the home of common tools like cp, mv, ls, rm, and more — is out. The changes are mostly minor; numerous bugs have been fixes and a few new command-line options have been added.

The kernel's direct map makes all of a system's physical memory available to the kernel within its address space — on 64-bit systems, at least. This seemingly simple feature has proved to be hard to maintain, in the face of the requirements faced by current systems, while keeping good performance. The latest attempt to address this issue is this patch set from Mike Rapoport adding more direct-map awareness to the kernel's page allocator.

Security updates have been issued by Debian (firefox-esr, imagemagick, sox, thunderbird, and xapian-core), Fedora (chromium, containernetworking-plugins, guile-gnutls, mingw-python-OWSLib, pack, pypy3.7, sudo, thunderbird, tigervnc, and vim), Mageia (apache, epiphany, heimdal, jasper, libde265, libtpms, liferea, mysql-connector-c++, perl-HTML-StripScripts, protobuf, ruby-git, sqlite3, woodstox-core, and xfig), Oracle (kernel), Red Hat (firefox, nss, and openssl), SUSE (apache2, docker, drbd, kernel, and oracleasm), and Ubuntu (curl, python2.7, python3.10, python3.5, python3.6, python3.8, and vim).

Daniel Stenberg observes the 25th anniversary of the curl project.

We really have no idea exactly how many users or installations of libcurl there are now. It is easy to estimate that it runs in way more than ten billion installations purely based on the fact that there are 7 billion smart phones and 1 billion tablets in the world , and we know that each of them run at least one, but likely many more curl installs.

Curl 8.0.0 has also been released (quickly followed by 8.0.1).

The 6.3-rc3 kernel prepatch is out for testing. "So rc3 is fairly big, but that's not hugely usual: it's when a lot of the fixes tick up as it takes a while before people find and start reporting issues."

Version 16.0.0 of the LLVM compiler suite has been released. As usual, the list of changes is long; see the specific release notes for LLVM, Clang, Libc++, and others linked from the announcement.

The Free Software Foundation has announced the recipients of this year's Free Software Awards:

• Eli Zaretskii (advancement of free software)
• Tad (SkewedZeppelin) (outstanding new free software contributor)
• GNU Jami (project of social benefit)

BPF programs destined to be loaded into the kernel are generally written in C but, increasingly, the environment in which those programs run differs significantly from the C environment. The BPF virtual machine and associated verifier make a growing set of checks in an attempt to make BPF code safe to run. The proposed addition of an iterator mechanism to BPF highlights the kind of features that are being added — as well as the constraints placed on programmers by BPF.

The 6.2.7, 6.1.20, 5.15.103, 5.10.175, 5.4.237, 4.19.278, and 4.14.310 stable kernels have been released. As usual, they contain important fixes throughout the kernel tree; users should upgrade.