Vue lecture
[$] "Real" anonymous functions for Python
Security updates for Wednesday
Python announces first security releases since becoming a CNA
The Python project has announced three security releases, 3.10.14,
3.9.19,
and 3.8.19.
In addition to the security fixes, these releases are notable for two reasons;
they are the first to make use of GitHub Actions to perform
public builds instead of building artifacts "on a local computer of one
of the release managers
", and the first since Python became a
CVE Numbering Authority (CNA).
Python release team member Łukasz Langa said
that being a CNA means Python is able to "ensure the quality of the vulnerability
reports is high, and that the severity estimates are accurate.
" It also
allows Python to coordinate CVE announcements with the patched versions of
Python, as it has with two CVEs addressed in these releases. CVE-2023-6597 CVE-2024-0450
describes a flaw in CPython's zipfile module that made it vulnerable to a zip-bomb exploit. CVE-2024-0450 CVE-2023-6597 is an
issue with Python's tempfile.TemporaryDirectory class which could be
exploited to modify permissions of files referenced by symbolic links.
Users of affected versions should upgrade soon.
[$] Managing Linux servers with Cockpit
Cockpit is an interesting project for web-based Linux administration that has received relatively little attention over the years. Part of that may be due to the project's strategy of minor releases roughly every two weeks, rather than larger releases with many new features. While the strategy has done little to garner headlines, it has delivered a useful and extensible tool to observe, manage, and troubleshoot Linux servers.
GNOME 46 released
GNOME 46 is code-named 'Kathmandu', in recognition of the amazing work done by the organizers of GNOME.Asia 2023." Significant changes include a new global search feature, enhancements to the Files app, improved remote login support, and more.
[$] LWN.net Weekly Edition for March 21, 2024
The "Nova" driver for NVIDIA chipsets
We just started to work on Nova, a Rust-based GSP-only driver for Nvidia GPUs. Nova, in the long term, is intended to serve as the successor of Nouveau for GSP-firmware-based GPUs.With Nova we see the chance to significantly decrease the complexity of the driver compared to Nouveau for mainly two reasons. First, Nouveau's historic architecture, especially around nvif/nvkm, is rather complicated and inflexible and requires major rework to solve certain problems (such as locking hierarchy in VMM / MMU code for VM_BIND currently being solved with a workaround) and second, with a GSP-only driver there is no need to maintain compatibility with pre-GSP code.
Besides that, we also want to take the chance to contribute to the Rust efforts in the kernel and benefit from from more memory safety offered by the Rust programming language.
Given that the effort has just begun, it will be a while before this driver shows up in a distribution release.
Redis is no longer free software
Under the new license, cloud service providers hosting Redis offerings will no longer be permitted to use the source code of Redis free of charge. For example, cloud service providers will be able to deliver Redis 7.4 only after agreeing to licensing terms with Redis, the maintainers of the Redis code.
Distributors like Fedora are already looking at removing Redis as a consequence. (Thanks to Emmanuel Seyman).
Perl 5.39.9 released
Rust 1.77.0 released
Security updates for Thursday
[$] Hardening the kernel against heap-spraying attacks
Security updates for Friday
Kernel prepatch 6.9-rc1
The timer subsystem had a fairly big rewrite, to have per-cpu timer wheels to improve performance of timers, which can be a big deal particularly for networking. The other fairly notable core update is to the workqueue subsystem, where one notable addition is for BH workqueue support. That's notable mainly because it means we finally have a way away from tasklets. The tasklet interface has basically been deprecated for a long while, but we've never really had any good alternatives (with threaded interrupt handlers being one suggested use-case, but not realistic in many cases).
Emacs 29.3 released
Emacs 29.3 is an emergency bugfix release; it includes no new features except a small number of changes intended to resolve security vulnerabilities uncovered in Emacs 29.2.
Those vulnerabilities mostly have to do with executing untrusted Lisp code; see the NEWS file for a bit more information.
Security updates for Monday
[$] The rest of the 6.9 merge window
[$] Nix at SCALE
The first-ever NixCon in North America was co-located with SCALE this year. The event drew a mix of experienced Nix users and people new to the project. I attended talks that covered using Nix to build Docker images, upcoming changes to how NixOS performs early booting, and ideas for making the set of services provided in nixpkgs more useful for self hosting. (LWN covered the relationship between Nix, NixOS, and nixpkgs in a recent article.) Near the end of the conference, a collection of Nix contributors gave a "State of the Union" about the growth of the project and highlighting areas of concern.