LWN.net

The Universal Blueproject, which produces operating system images based on Fedora's Atomic Desktops,has issued an announcementthat manual steps are required to continue receiving updates. JorgeCastro wrote:

In 2016, Oliver Smith reached a point of frustration with the shortlifespan of updates for his Android phone. Taking matters into his ownhands, he began developing postmarketOS, a Linux distribution formobile phones. Eight years later, the core team andtrusted contributors have grown to twenty individuals, while the latestrelease, v24.06,now shows support for over 250devices. Although postmarketOS isn'tusable as a day-to-day phone operating system on all of them, it can also enable repurposing devices into compact servers or kiosk machines.

Version 4.10.0 of GNU findutils has been released. Notable changesinclude allowing find -name / as a validpattern, and accepting larger UIDs/GIDs for find -user andfind -group. It is also once again possible to buildfindutils on systems with musl-libc.

David Rosenthal looksback at 40 years of the X Window System:

Security updates have been issued by AlmaLinux (golang and kernel), Fedora (ghostscript and openssh), Mageia (espeak-ng), Red Hat (389-ds, c-ares, container-tools, cups, fontforge, go-toolset, iperf3, less, libreoffice, libuv, linux-firmware, nghttp2, openldap, pki-core, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, qemu-kvm, and xmlrpc-c), SUSE (ghostscript, git, libndp, libxml2, openssh, pgadmin4, podman, podofo, postgresql14, postgresql15, postgresql16, python39, squid, and wireshark), and Ubuntu (firefox and openvpn).

Like many kernel subsystems, the Linux security module (LSM) subsystemmakes extensive use of indirect function calls. Those calls, however, areincreasingly problematic, and the pressure to remove them has been growing. The good news is that there is a patchseries from KP Singh that accomplishes that goal. Its progress intothe mainline has been slow - this change was first proposedby Brendan Jackman and Paul Renauld in 2020 - and this work has been caughtup in some wider controversies along the way, but it should be close tobeing ready.

Security updates have been issued by AlmaLinux (httpd:2.4/httpd), Arch Linux (openssh), Fedora (cups, emacs, and python-urllib3), Gentoo (OpenSSH), Mageia (ffmpeg, gdb, openssl, python-idna, and python-imageio), Red Hat (golang and kernel), SUSE (booth, libreoffice, openssl-1_1-livepatches, podman, python-arcomplete, python-Fabric, python-PyGithub, python- antlr4-python3-runtime, python-avro, python-chardet, python-distro, python- docker, python-fakeredis, python-fixedint, pyth, python-Js2Py, python310, python39, and squid), and Ubuntu (cups and netplan.io).

While the end of support for CentOS 7, which happened on June30, issignificant, it is also worth taking a moment to reflect on the end ofScientific Linux7, which has also just occurred. Scientific Linuxwas once a popular RHEL rebuild supported by Fermilab, CERN, DESY, and ETHZurich. Development of Scientific Linux stopped with SL7, with the labsswitching to CentOS thereafter, but the SL7 release was supported throughto the bitter end. Thanks are due to all who built and supportedScientific Linux; you provided a useful and stable platform for many years.

On May 7, Kees Cook senta proposal to the linux-kernel mailing list, asking for the kerneldevelopers to startworking on a way to mitigate unintentional arithmetic overflow, which has been asource of many bugs. This is not the first time Cook has made a request alongthese lines; he sent a related patch set inJanuary 2024.Several core developers objected to the plan for differentreasons. After receiving their feedback,Cook modified his approach to tackle the problemin a series of smaller steps.

Security updates have been issued by Debian (dcmtk, edk2, emacs, glibc, gunicorn, libmojolicious-perl, openssh, org-mode, pdns-recursor, tryton-client, and tryton-server), Fedora (freeipa, kitty, libreswan, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-poppler, and mingw-python-urllib3), Gentoo (cpio, cryptography, GNU Emacs, Org Mode, GStreamer, GStreamer Plugins, Liferea, Pixman, SDL_ttf, SSSD, and Zsh), Oracle (pki-core), Red Hat (httpd:2.4, libreswan, and pki-core), SUSE (glib2 and kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t), and Ubuntu (espeak-ng, libcdio, and openssh).

OpenSSH 9.8 has beenreleased, fixing an ugly vulnerability:

Linus has released 6.10-rc6 for testing."This release continues to be fairly calm, and rc6 looks pretty small.It's also entirely just random small fixes spread all over, with no biggerpattern."

FreeDOS is an open-sourceoperating system designed to be compatible with the now-defunct MS-DOS. Three decadeshave now passed since the FreeDOS project was first announced, and itis still alive and well with a small community of developers andusers committed to running legacy DOS software, classic DOS games, anddeveloping modern applications that extend its functionality well beyond theoriginal MS-DOS. It may well be around in another30 years.

The Free Software Foundation Europe hassubmitted a joint position to the European Commission (EC), claiming that Applehas failed to comply with the EU's Digital Markets Act (DMA). This is the lawthat requires Apple to support alternative application stores on the devices itmakes.

With theRust-for-Linux project starting to gain some ground, it is worthlooking at other operating systems that use Rust in their kernels. Thereare many attempts to useRust for operating system development, but Redoxmay be the most complete.Redox is an MIT-licensed microkernel and corresponding user space, designedaround concepts taken fromPlan 9. While nowhere near being usable as areplacement for Linux, it already provides a graphical user interface andthe ability to run many POSIX programs.

Security updates have been issued by AlmaLinux (pki-core), Debian (dlt-daemon and plasma-workspace), Fedora (emacs and kernel), Mageia (erofs-utils, libheif, libopenmpt, and wget), Red Hat (pki-core and python3), SUSE (frr), and Ubuntu (fontforge, sqlite3, and squid3).

The FreeBSD Foundation has publishedaset of reports from the May2024 FreeBSD Developer Summit held in Ottawa, Canada. The topicsinclude FreeBSD Core Team updates, FreeBSD 15 release planning,Integration with Rust, and OCIcontainers on FreeBSD:

The academic and the Linux real-time and scheduling community mourns thepremature death of Daniel Bristot deOliveira. Daniel died at the age of 37 on Monday, June 24, 2024.Juri Lelli, Tommaso Cucinotta, Steve Rostedt, Kate Stewart, and ThomasGleixner have come together to share their thoughts on his life and what hehas left behind

The Free Software Foundation (FSF) has announcedthe addition of three new members to its board: John Gilmore,Christina Haralanova, and Maria Chiara Pievatolo. This is part of FSFgovernance changes announcedin January 2023. The next step is a review of current boardmembers:

It has been nearly one year since thefirst version of the device memory TCP patches was posted by MinaAlmasry. Now on the 14threvision, this series appears to be stabilizing. Device memory TCP isa specialized networking feature requiring a certain amount of setup, butit could provide a significant performance improvement for somedata-intensive applications.

An upgrade from Python 3.11 to 3.12 has led to the rejection ofsome Python apps by Apple's app stores. That led to Eric Froemling submitting a bug reportagainst CPython. That, in turn, led to an interestingdiscussion among Python developers about how far the project waswilling to go to accommodate app store review processes. Developersreached a quick consensus, and a solution that may arrive as soon asPython3.13.

The 6.9.7, 6.6.36, and 6.1.96 stable kernel updates have beenreleased; each contains an important set of fixes.

Security updates have been issued by Debian (ffmpeg, kernel, libvpx, and linux-5.10), Fedora (chromium, firefox, freeipa, moodle, and openvpn), Oracle (git), Red Hat (golang and java-1.8.0-ibm), and Ubuntu (linux-oracle-6.5, netplan.io, openssl, plasma-workspace, ruby2.7, ruby3.0, ruby3.1, sqlite3, and wget).

The LWN.net Weekly Edition for June 27, 2024 is available.

The openSUSE project has announcedLeap Micro version6.0. Leap Micro is an image-based, lightweight Linux distributionthat is designed to run containerized and virtualized applications. Itis based on SUSE LinuxEnterprise (SLE) Micro. Changes in this release include thesupport for full-disk encryption, the addition of Cockpit forweb-based system management, and an optional real-time kernel forx86_64. Boot support for legacy BIOS on x86_64 is deprecated with 6.0, and will be removed in a later release. See the SLEMicro release notes for more information.

Peter Hutterer has writtena summary of "papercut fixes" for GNOME tablet support that areplanned to ship with GNOME 47.

Eric Sandeen led a filesystem-track session at the2024 Linux Storage,Filesystem, Memory Management, and BPF Summit on completing theconversion of the existing kernel filesystems to use the mount API that was added for the 5.2 kernel in 2019. That API isinvariably called the "new" API, which it is when compared to thevenerable mount()system call, but it has been available for five years or so at this pointwithout really pushing its predecessor aside. Sandeen wanted to discussthe status of the conversion process and some other questions surroundingthe new API.

The Rust Blog is carrying anupdate on what the Rust Types Team has been up to and its near-futureplans.

Security updates have been issued by AlmaLinux (git, python3.11, and python3.9), Debian (chromium, emacs, git, linux-5.10, and org-mode), Fedora (libopenmpt, nginx-mod-modsecurity, and thunderbird), Mageia (emacs, python-ansible-core, and python-authlib), Oracle (git, python3.11, and python3.9), Red Hat (kernel, kernel-rt, and samba), and Ubuntu (ansible, cups, google-guest-agent, google-osconfig-agent, libheif, openvpn, roundcube, and salt).

Unison is aMIT-licensed programming language, in development since 2013, thatexplores the ramifications of making code immutable and stored in a database,instead of a set of text files.Unison supports a greatly simplified model for distributedprogramming - one that describes the configuration of and communication betweenprograms in the same language as the programs themselves. Along the way, itintroduces a new approach to interfacing with programming languages, which is tailored toits design.

Version4.8.0 of the darktablephoto editor has been released. Changes include performanceimprovements for large collections, addition of more EXIF fields inthe image information module, and two new modules for imagecomposition: Enlarge Canvas and Overlay. Enlarge Canvas allows addingareas to an image, while Overlay allows adding new content byoverlaying pixels from the current image or another image. LWN lastlooked at darktable in2022. Users are "strongly advised" to make a backup of theirconfiguration and library before upgrading, as they will not becompatible with darktable 4.6.

Dan Walsh, Stef Walter, and Colin Walters all walk into apresentation and Walter asks, "why wouldyou want to boot your containers?" This isn't the setup for some technology joke, this is part of the trio'skeynote atDevConf.cz in Brno, Czech Republic on June14 about bootable containers(bootc). The talk, which was streamed to YouTube for those of us whodidn't attend DevConf.cz in person, provided a solid overview of bootcand the problems it is intended to solve. The idea behind bootc is tomake creating operating-system images just as easy as creatingapplication-container images while using the same tools.

We have just received thesad news of the passing of Daniel Bristot de Oliveira at far too youngan age. He was a strong contributor to the core kernel and associatedrealtime infrastructure, and always a joyful presence in person; he will bedeeply missed.

Nature looksat a recent paper on the openness of "open-source" language models.

Security updates have been issued by AlmaLinux (python3.11), Debian (composer), Fedora (thunderbird), Mageia (chromium-browser-stable, python-aiohttp, python-gunicorn, python-werkzeug, and virtualbox), Oracle (libreswan and python3.11), Red Hat (git, kpatch-patch, python3.11, python3.9, and thunderbird), and SUSE (avahi, ghostscript, grafana and mybatis, hdf5, kernel, openssl-1_1-livepatches, python-docker, and wget).

Changwoo Min has posted anintroduction to writing custom schedulers with sched_ext.

GhostBSD is adesktop-oriented operating system based on FreeBSD and the MATE Desktop Environment. Thegoal of the project is to lower the barrier to entry of using FreeBSDon a desktop or laptop system, and it largely succeeds at this. While it has a few rough edgesthat make it hard to recommend for the average desktop user, it isa fine choice for users who want a desktop with FreeBSD underpinningssuch as the Z File System (ZFS), and the Ports (source) and Packages (binary) software collections.

Security updates have been issued by AlmaLinux (ipa and libreswan), Debian (netty), Fedora (python-PyMySQL, tomcat, and webkitgtk), Gentoo (Flatpak, GLib, JHead, LZ4, and RDoc), Mageia (thunderbird), Oracle (nghttp2 and thunderbird), Red Hat (dnsmasq, libreswan, pki-core, and python3.11), Slackware (emacs), SUSE (gnome-settings-daemon, libarchive, qpdf, vte, and wget), and Ubuntu (libhibernate3-java).

Version29.4 of the Emacs editor has been released. This is "an emergencybugfix release" fixing a vulnerability that can causethe editor to execute arbitrary shell code in Org mode. Anybody who runs Emacs onuntrusted files - including those using Gnus or one of the Emacs mail modes- should be looking to update. For those who cannot update, a pair ofmessages from RussAllbery and Florian Weimerinvestigates how to disable the Org-mode evaluation, a task that isseemingly more complicated than it should be.

The 6.10-rc5 kernel prepatch is out fortesting. "So far, the 6.10 release cycle has been fairly calm, and rc5continues that trend. Let's hope things stay that way."

The linux-wireless mailing list carries the tersenotice that longtime networking developer Larry Finger passed away onJune21. The LWN KernelSource Database shows that Finger contributed to 94releases inthe (Git era) kernel history, starting with 2.6.16 - 1,464 commits intotal. He will be missed.

At the2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, Wedson Almeida Filho andKent Overstreet led a combined storage and filesystem session on using Rustfor Linux filesystems. Back in December 2023, Almeida had postedan RFC patch set withsome Rust abstractions for filesystems, which resulted in some disagreement over the approach. On thesame mid-May day as the session, he posteda second version of the RFC patches, which he wanted to discuss along withother Rust-related topics.

The6.9.6,6.6.35,6.1.95, and5.10.220stable kernels have all been released; as usual, users are advised to updateimmediately.

Security updates have been issued by AlmaLinux (firefox, ghostscript, idm:DL1, and thunderbird), Debian (php8.2 and putty), Mageia (chromium-browser-stable), Oracle (ghostscript and thunderbird), Red Hat (thunderbird), and SUSE (containerd, kernel, php-composer2, podofo, python-cryptography, and rmt-server).

Version13.5 of the privacy-focused Tor browser has been released.

User namespaces in Linux create anenvironment in which all privileges are granted, but their effect iscontained within the namespace; they have become an important tool for theimplementation of containers. They have also become a significant sourceof worries for people who do not like the increased attack surface theycreate for the kernel. Various attempts have been made to restrict thatattack surface over the years; the latest is user namespacecapabilities, posted by Jonathan Calmels.

Arnaldo Carvalho de Melo spoke at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summitabout his work onPoke-a-hole (pahole),a program that has expanded greatly over the years, but which was relevant to theBPF track because it produces BPF Type Format (BTF) information from DWARFdebugging information. He covered some small changes to the program, and thenwent into detail about the new support for data-type profiling. Hisslides includeseveral examples.

Security updates have been issued by AlmaLinux (ghostscript and thunderbird), Debian (chromium, composer, libndp, and sendmail), Fedora (composer), Mageia (flatpak and python-scikit-learn), Red Hat (curl, ghostscript, and thunderbird), SUSE (hdf5 and opencc), and Ubuntu (gdb and php7.4, php8.1, php8.2, php8.3).

The LWN.net Weekly Edition for June 20, 2024 is available.

Philip Hazel was 51 when he began the Exim message transfer agent (MTA)project in 1995, whichled to the Perl-Compatible RegularExpressions (PCRE) project in 1998. At 80,he's maintained PCRE, and its successor PCRE2, for more than 27years. For those doing the math, that's a year longer than LWN hasbeen in publication. Exim maintenance was handed off around the timeof his retirement in 2007. Now, he is ready to hand off PCRE2 as well,if a successor can be found.