Vue normale
GNOME 46 released
GNOME 46 is code-named 'Kathmandu', in recognition of the amazing work done by the organizers of GNOME.Asia 2023." Significant changes include a new global search feature, enhancements to the Files app, improved remote login support, and more.
[$] LWN.net Weekly Edition for March 21, 2024
The "Nova" driver for NVIDIA chipsets
We just started to work on Nova, a Rust-based GSP-only driver for Nvidia GPUs. Nova, in the long term, is intended to serve as the successor of Nouveau for GSP-firmware-based GPUs.With Nova we see the chance to significantly decrease the complexity of the driver compared to Nouveau for mainly two reasons. First, Nouveau's historic architecture, especially around nvif/nvkm, is rather complicated and inflexible and requires major rework to solve certain problems (such as locking hierarchy in VMM / MMU code for VM_BIND currently being solved with a workaround) and second, with a GSP-only driver there is no need to maintain compatibility with pre-GSP code.
Besides that, we also want to take the chance to contribute to the Rust efforts in the kernel and benefit from from more memory safety offered by the Rust programming language.
Given that the effort has just begun, it will be a while before this driver shows up in a distribution release.
Redis is no longer free software
Under the new license, cloud service providers hosting Redis offerings will no longer be permitted to use the source code of Redis free of charge. For example, cloud service providers will be able to deliver Redis 7.4 only after agreeing to licensing terms with Redis, the maintainers of the Redis code.
Distributors like Fedora are already looking at removing Redis as a consequence. (Thanks to Emmanuel Seyman).
Perl 5.39.9 released
Rust 1.77.0 released
[$] Hardening the kernel against heap-spraying attacks
Emacs 29.3 released
Emacs 29.3 is an emergency bugfix release; it includes no new features except a small number of changes intended to resolve security vulnerabilities uncovered in Emacs 29.2.
Those vulnerabilities mostly have to do with executing untrusted Lisp code; see the NEWS file for a bit more information.
[$] The rest of the 6.9 merge window
The PostgreSQL community mourns Simon Riggs
Simon was responsible for many of the enterprise features we find in PostgreSQL today, including point in time recovery, hot standby, and synchronous replication. He was the founder of 2ndQuadrant which employed many of the PostgreSQL developers, later becoming part of EDB where he worked as a Postgres Fellow until his retirement. He was responsible for the UK PostgreSQL conferences for many years until he passed that responsibility to PostgreSQL Europe last year.
Samba 4.20.0 released
Schaller: Fedora Workstation 40 – what are we working on
Another major feature landing in Fedora Workstation 40 that Jonas Ådahl and Ray Strode has spent a lot of effort on is finalizing the remote desktop support for GNOME on Wayland. So there has been support for remote connections for already logged in sessions already, but with these updates you can do the login remotely too and thus the session do not need to be started already on the remote machine. This work will also enable 3rd party solutions to do remote logins on Wayland systems, so while I am not at liberty to mention names, be on the lookout for more 3rd party Wayland remoting software becoming available this year.
[$] Radicle: peer-to-peer collaboration with Git
A backdoor in xz
I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access. Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution.
The affected versions are not yet widely shipped, but checking systems for the bad version would be a good idea.
Update: there are advisories out now from Arch, Debian, Red Hat, and openSUSE.
A further update from openSUSE:
For our openSUSE Tumbleweed users where SSH is exposed to the internet we recommend installing fresh, as it’s unknown if the backdoor has been exploited. Due to the sophisticated nature of the backdoor an on-system detection of a breach is likely not possible. Also rotation of any credentials that could have been fetched from the system is highly recommended.
A few relevant quotes
I'm on a holiday and only happened to look at my emails and it seems to be a major mess.— Lasse Collin
The reality that we are struggling with is that the free software infrastructure on which much of computing runs is massively and painfully underfunded by society as a whole, and is almost entirely dependent on random people maintaining things in their free time because they find it fun, many of whom are close to burnout. This is, in many ways, the true root cause of this entire event.— Russ Allbery
Incredible work from Andres. The attackers made a serious strategic mistake: they made PostgreSQL slightly slower.— Thomas Munro
There is no way to discuss this in public without turning a single malicious entity into 10 000 malicious entities once the information is widely known.— Marc DeslauriersMaking sure the impact and mitigations are known before posting this publicly so that everyone knows what to do before the 10 000 malicious entities start attacking is just common sense.
Again the FOSS world has proven to be vigilant and proactive in finding bugs and backdoors, IMHO. The level of transparency is stellar, especially compared to proprietary software companies. What the FOSS world has accomplished in 24 hours after detection of the backdoor code in #xz deserves a moment of humbleness. Instead we have flamewars and armchair experts shouting that we must change everything NOW. Which would introduce even more risks. Progress is made iteratively. Learn, adapt, repeat.— Jan Wildeboer
Kernel prepatch 6.9-rc2
Neither snow nor rain nor heat nor gloom of night stays kernel rc releases. Nor does Easter."
NetBSD 10.0 released
The netbsd-10 release branch is more than a year old now, so it is high time the 10.0 release makes it to the front stage. This matches the long time it took for the development branch to get ready for branching, a lot of development went into this new release.This also caused the release announcement to be one of the longest we ever did.
As might be imagined, there are a lot of changes; see the above-mentioned release announcement for the details.