LWN.net

Linus has released 6.13-rc1 and closed themerge window for this release. "And for once - possibly the first timeever - it looks like the release cycle doesn't clash horribly up withthe holiday season, and we'll have time both to stabilize this release,_and_ the work for 6.14 won't be starting until well into January."

Version1.83.0 of the Rust language has been released.

The OpenWrt One router, which was reviewedhere recently, isnow generally available.

Security updates have been issued by Debian (firefox-esr, redis, twisted, and tzdata), Fedora (firefox, nss, pam, rust-rustls, rust-zlib-rs, thunderbird, tuned, and xen), and SUSE (cobbler, kernel, libjxl-devel, libuv, postgresql12, postgresql14, postgresql15, python-waitress, seamonkey, tomcat, and tomcat10).

Earlier today, one of our subscribers, anselm, posted the one millionth item in our database during a discussion in the comments about the GPL. One million articles and comments is a big milestone - one representing twenty two years of work by both the editors of LWN and the community. I think reaching this milestone on Thanksgiving is a lovely coincidental reminder of how far LWN has come, and how that wouldn't have been possible without your support. So thank you for reading.

The long-awaited release of the GNU ImageManipulation Program (GIMP)3.0 is on the way, marking the firstmajor update since version2.10 wasreleased in April2018. It now features a GTK3 user interface and GIMP3.0introduces significant changes to the core platform and plugins. Thisrelease also brings performance and usability improvements, as well as morecompatibility with Wayland and complex input sources.

Security updates have been issued by Debian (firefox-esr, netatalk, and thunderbird), Fedora (firefox, libsoup3, mingw-glib2, mingw-libsoup, mingw-python-waitress, mingw-python3, nss, perl-Module-ScanDeps, php, and python-aiohttp), Mageia (dcmtk, golang, iptraf-ng, libsndfile, microcode, php, postgresql15 & postgresql13, rapidjson, tomcat, wget, and zbar), Red Hat (openssl and openssl-fips-provider, toolbox, and webkit2gtk3), SUSE (firefox, frr, glib2, hplip, kernel, neomutt-20241114, ovmf, python-aiohttp, python-virtualenv, python310-tornado6, qemu, webkit2gtk3, and xen), and Ubuntu (mpg123 and vim).

Version8 of the Ubuntu-based elementary OS has been released. Thisrelease includes a rewritten Dock, new window-management features,improvements in the installation and initial setup procedures forvisually impaired users, as well as a new Secure Session mode:

For the most part, the 6.13 merge window has gone smoothly, with relativelyfew problems or disagreements - other than thisone, of course. There is one other exception, though, relating to thekernel's presentation of a process's command line to interested user-spaceobservers when a relatively new system call is used. A pull request with asimple change to make that information more user-friendly ran afoul ofLinus Torvalds, who has his own view of how it should be managed.

Security updates have been issued by Debian (mpg123 and php8.2), Fedora (libsndfile, mingw-glib2, mingw-libsoup, mingw-python3, and qbittorrent), Oracle (pam:1.5.1 and perl-App-cpanminus), Red Hat (firefox, thunderbird, and webkit2gtk3), Slackware (mozilla), SUSE (firefox, rclone, tomcat, tomcat10, and xen), and Ubuntu (gh, libsoup2.4, libsoup3, pygments, TinyGLTF, and twisted).

Arch Linux is popular as a basefor other Linux distributions; examples of Arch-derivatives include EndeavourOS, Manjaro, Parabola, and SteamOS.There's one small problem: the control files used to describe how to buildpackages for Arch Linux have no stated license. That creates a bit ofuncertainty about the rights and responsibilities for the downstreamderivatives. So far, that doesn't seem to have been a problem, nor hasit stopped other projects from assuming that reuse isallowed. However, the Arch project is looking to add some clarity byexplicitly assigning a liberal license to its packagesources. Currently the project is in the process of reaching out tocontributors to see if they have any objections.

Mozilla has announcedthe release of Firefox133.0. Notable in this release is the additionof a new anti-tracking feature, Bounce Tracking Protection, whichdetects trackers based on redirectbehavior and automatically purges their cookies and site data tothwart tracking. The release also includes varioussecurity fixes and more.

Security updates have been issued by Debian (pypy3), Fedora (chromium, cobbler, and libsoup3), Oracle (kernel), SUSE (glib2, govulncheck-vulndb, javapackages-tools, xmlgraphics-batik, xmlgraphics- commons, xmlgraphics-fop, libblkid-devel, opentofu, php8, postgresql, postgresql16, postgresql17, thunderbird, traefik, and ucode-intel), and Ubuntu (needrestart and rapidjson).

Security updates have been issued by Debian (ansible, chromium, ghostscript, glib2.0, intel-microcode, and kernel), Fedora (dotnet9.0, needrestart, php, and python3.6), Oracle (cups, kernel, osbuild-composer, podman, python3.12-urllib3, squid, and xerces-c), Red Hat (buildah, edk2, gnome-shell, haproxy, kernel, kernel-rt, libvpx, pam, python3.11-urllib3, python3.12-urllib3, qemu-kvm, rhc-worker-script, squid:4, and tigervnc), Slackware (php), SUSE (chromedriver, chromium, dcmtk, govulncheck-vulndb, iptraf-ng, and traefik2), and Ubuntu (linux-oracle and openjdk-23).

The Linux Foundation TechnicalAdvisory Board (TAB) has decided to "restrict Kent Overstreet'sparticipation in the kernel development process during the Linux 6.13kernel development cycle" based on a recommendation from the Code of Conductcommittee. In particular, the scope of the restriction will be to "decline all pullrequests from Kent Overstreet" during the development cycle.Overstreet is the creator and maintainer of the bcachefs filesystem.Thisaction stems from a messageOverstreet posted back in early September that was abusive toward anotherkernel developer; there is a fair amount of back-and-forth about theincident and the committee's attempts to extract a public apology fromOverstreet in that thread. Overstreet has published a lengthy blog postdescribing his side of the story.

The Linux kernel community's discussions about including Rust havegotten a lot of attention, but the kernel is not the only project wrestlingwith the question of whether to allow Rust. The Git projectdiscussed the prospect in January, and thenagain at the Git Contributor's Summit in September. Complicating thediscussion is the Git project's lack of a policy on platformsupport, and the fact that it does already have tools written in otherlanguages.While the project has not committed to usingor avoiding Rust, it seems like only a matter of time until maintainers willhave to make a decision.

The6.12.1,6.11.10,6.6.63, and6.1.119 stable kernel updates have been released.As always, they contain important fixes.

Security updates have been issued by Debian (postgresql-13, postgresql-15, and webkit2gtk), Fedora (libsndfile, microcode_ctl, and trafficserver), Mageia (kanboard, kernel, kmod-xtables-addons, kmod-virtualbox, and bluez, kernel-linus, opendmarc, and radare2), Oracle (.NET 9.0, bubblewrap and flatpak, buildah, expat, firefox, grafana, grafana-pcp, kernel, krb5, libsoup, libvpx, NetworkManager-libreswan, openexr, pcp, python3.11, python3.11-urllib3, python3.12, python3.9, squid, thunderbird, tigervnc, and webkit2gtk3), Red Hat (.NET 9.0, binutils, expat, grafana-pcp, kernel, libsoup, NetworkManager-libreswan, openexr, python3.11, python3.12, python39:3.9, squid, tigervnc, and webkit2gtk3), SUSE (chromedriver, cobbler, govulncheck-vulndb, and icinga2), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8, python2.7, and zbar).

Version8.4.1 of the PHP language has been released. See this page for details onthe new features in this release. "PHP 8.4 is a major update of the PHPlanguage. It contains many new features, such as property hooks,asymmetric visibility, an updated DOM API, performance improvements, bugfixes, and general cleanup."

As of this writing, just over 1,800 non-merge changesets have been pulledinto the mainline kernel for the 6.13 release. That number may seem small,given that a typical merge window brings in at least 12,000 commits, butthe early pulls this time around have focused on significant core changes,and there are quite a few of them. The time has come to summarize thechanges pulled so far, including lazy preemption, multi-grained timestamps,new extended-attribute system calls, and more.

Security updates have been issued by AlmaLinux (kernel, NetworkManager-libreswan, and openssl), Fedora (chromium and llvm-test-suite), Mageia (thunderbird), and Ubuntu (linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,, linux-azure, and ruby2.7).

The LWN.net Weekly Edition for November 21, 2024 is available.

At the 2024 X.Org DevelopersConference (XDC), Lyude Paul gave a talk on the work she has been doingas part of the Novaproject, which is an effort build an NVIDIAGPU driver in Rust. She wanted to provide an introduction to RVKMS, whichis being used to develop Rust kernel mode setting (KMS)bindings; RVKMS is a port of the virtual KMS (VKMS)driver to Rust. In addition, she wanted to give her opinion on Rust, and why shethinks it isa "game-changer for the kernel", noting that the reasons are notrelated to the oft-mentioned, "headline" feature of the language: memorysafety.

Version 4.3 ofthe Blender animation system has been released. "Brush assets, fastersculpting, a revolutionized Grease Pencil, and more. Blender 4.3 got youcovered."

CHICKEN Scheme, a portable Scheme compiler, is gearing up for its next major release. Maintainer Felix Winkelmann hassharedan article about what changes to expect in version 6 of the language, including better Unicode support and support for theR7RS (small) Scheme standard.

Security updates have been issued by Debian (guix, libmodule-scandeps-perl, needrestart, and thunderbird), SUSE (gh), and Ubuntu (kernel, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-hwe-6.8, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-raspi, linux-iot, linux-lowlatency, linux-lowlatency-hwe-6.8, needrestart, python2.7, python3.10, python3.12, python3.8, and Waitress).

Version9.5 of the Rocky Linux distribution is out. As with the AlmaLinux 9.5release, Rocky Linux 9.5 tracks the changes in upstream RHEL 9.5. See the release notesfor details.

It took more than 20 years, but the FreeCAD computer-aided design projecthas just madeits 1.0 release.

The most common piece of advice given to users who ask aboutrunning their own mail server is don't. Setting upand securing a mail server in2024 is not for the faint of heart, norfor anyone without copious spare time. Spammers want to flood inboxeswith ads for questionable supplements, attackers want to abuse serversto send spam (or worse), and getting the big providers to accept mailfrom small servers is a constant uphill battle. Michael W. Lucas,however, encourages users to thumb their nose at the "EmailEmpire", and declare email independence. His self-published book,Run Your Own MailServer, provides a manual (and manifesto) for users who areinterested in the challenge.

Version 6.7 of the Incus container-management system (forked from LXD) hasbeen released. "This is another one of those pretty well roundedreleases with new features and improvements for everyone". Newfeatures include automatic cluster rebalancing, DHCP improvements, and more.

Security updates have been issued by AlmaLinux (.NET 9.0, bcc, bluez, bpftrace, bubblewrap, flatpak, buildah, cockpit, containernetworking-plugins, cups, cyrus-imapd, edk2, expat, firefox, fontforge, gnome-shell, gnome-shell-extensions, grafana, grafana-pcp, gtk3, httpd, iperf3, jose, krb5, libgcrypt, libsoup, libvirt, libvpx, lldpd, microcode_ctl, mingw-glib2, mod_auth_openidc, nano, NetworkManager, oci-seccomp-bpf-hook, openexr, osbuild-composer, pcp, podman, poppler, postfix, python-dns, python-jinja2, python-jwcrypto, python3.11, python3.11-PyMySQL, python3.11-urllib3, python3.12, python3.12-PyMySQL, python3.12-urllib3, python3.9, qemu-kvm, runc, skopeo, squid, thunderbird, toolbox, tpm2-tools, vim, webkit2gtk3, xorg-x11-server, and xorg-x11-server-Xwayland), Fedora (lemonldap-ng and mingw-expat), SUSE (bea-stax, xstream, expat, httpcomponents-client, httpcomponents-core, kernel, SUSE Manager Client Tools, SUSE Manager Proxy, Retail Branch Server 4.3, SUSE Manager Salt Bundle, SUSE Manager Server 4.3, and SUSE Manager Server 5.0), and Ubuntu (curl, glib2.0, and webkit2gtk).

Version 9.5 of the AlmaLinux enterprise-oriented distribution has beenreleased.

The FreeBSD Foundation has announcedthe release of a securityaudit report conducted by security firm Synacktiv. The audit uncovereda number of vulnerabilities:

Linus Torvalds releasedthe 6.12 kernel on November17, as expected. This developmentcycle, the last for 2024, brought 13,344 non-merge changesets into themainline kernel; that made it a relatively slow cycle from thisperspective, but 6.12 includes a long list of significant new features.The time has come to look at where those changes came from, and to look atthe year-long LTS cycle as well.

Security updates have been issued by AlmaLinux (binutils, libsoup, squid:4, tigervnc, and webkit2gtk3), Debian (icinga2, postgresql-13, postgresql-15, smarty3, symfony, thunderbird, and waitress), Fedora (dotnet9.0, ghostscript, microcode_ctl, php-bartlett-PHP-CompatInfo, python-waitress, and webkitgtk), Gentoo (Perl, Pillow, and X.Org X server, XWayland), Oracle (binutils, cups-filters, giflib, squid, and webkit2gtk3), Red Hat (webkit2gtk3), SUSE (ansible-core, apache2, gio-branding-upstream, icinga2, kernel-devel, libnghttp2-14, libsoup-2_4-1, libsoup-3_0-0, libvirt, nodejs-electron, postgresql13, postgresql16, python39, rclone, thunderbird, ucode-intel-20241112, and wget), and Ubuntu (python-asyncssh and tomcat9).

Linus has released the 6.12 kernel."No strange surprises this last week, so we're sticking to the regularrelease schedule, and that obviously means that the merge window openstomorrow.".Headline features in this release include:support for the Armpermission overlay extension,better compile-time control over which Spectre mitigations to employ,the last pieces of realtime preemption support,the realtime deadline server mechanism,more EEVDF scheduler development,the extensible scheduler class,the device memory TCP work,use of static calls in the security-modulesubsystem,the integritypolicy enforcement security module,the ability to handle devices with a block size larger than the system pagesize in the XFS filesystem,and more.See the LWN merge-window summaries (part1, part2) and the KernelNewbies 6.12 page formore details.

The6.11.9,6.6.62,6.1.118,5.15.173,5.10.230,5.4.286, and4.19.324stable kernels have all been released; each contains another set ofimportant fixes.

The OpenWrt router-oriented distribution has long used its own opkgpackage manager. The project has just announced,though, that future releases will use the apkpackage manager from Alpine Linux instead. "This new packagemanager offers a number of advantages over the older opkg system and is asignificant milestone in the development of the OpenWrt platform. The olderopkg package manager has been deprecated and is no longer part ofOpenWrt." There is some more information on thispage.

The kernel's loadable-module facility allows code to be loaded into (andsometimes removed from) a running kernel. Among other things, loadablemodules make it possible to run a kernel with only the subsystems neededfor the system's hardware and workload. Loadable modules can also make iteasy for out-of-tree code to access parts of the kernel that developerswould prefer to keep private; this has led to many discussions in thepast. The topic has returned to the kernel's mailing lists with twodifferent patch sets aimed at further tightening the restrictions appliedto loadable modules.

The Fedora Project is set to welcome a second desktop edition to itslineup after months (or years, depending when one starts the clock)of discussions. The project recently decided to allow a new working group tomove forward with a KDEPlasmaDesktop edition that will sitalongside the existing GNOME-based FedoraWorkstationedition. This puts KDE on a more equal footing within the project,which, it is hoped, will bring more contributors and users interestedin KDE to adopt Fedora as their Linux distribution of choice.

Security updates have been issued by Debian (curl and unbound), Fedora (krb5 and microcode_ctl), Red Hat (kernel and kernel-rt), SUSE (glib2, python3-wxPython, and ucode-intel), and Ubuntu (golang-1.17, golang-1.18, libgd2, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-gke, linux-raspi, linux-raspi, linux-raspi-5.4, and php7.0, php7.2).

The Python Package Index (PyPI) has announcedthat it has finalized support for PEP 740 ("Index supportfor digital attestations"). Trail of Bits, which performedmuch of the development work for the implementation, has an in-depthblog post about the work and its adoption, as well as what is leftundone:

Direct memory access (DMA) I/O is simple in concept: a peripheral devicemoves data directly to or from memory while the CPU is busy doing otherthings. As is so often the case, DMA is rather more complicated inpractice, and the kernel has developed a complicated internal API tosupport it. It turns out that the DMA API, as it exists now, can affectthe performance of some high-bandwidth devices. In an effort to addressthat problem, Leon Romanovsky is making the API even more complex with this patch seriesadding a new two-step mapping API.

A new batch of stable kernels has just been released: 6.11.8, 6.6.61, 6.1.117, and 5.15.172. As usual, they contain importantfixes throughout the kernel tree.

Security updates have been issued by Fedora (llama-cpp, mingw-expat, python3.6, webkit2gtk4.0, and xorg-x11-server-Xwayland), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk & java-latest-openjdk and libarchive), Oracle (expat, gstreamer1-plugins-base, kernel, libsoup, podman, and tigervnc), SUSE (buildah, java-1_8_0-openjdk, and switchboard-plug-bluetooth), and Ubuntu (zlib).

The LWN.net Weekly Edition for November 14, 2024 is available.

Programming language polyglots are files that are validprograms in multiple languages, and do different things in each. While polyglots are normallynothing more than a curiosity, theCosmopolitan Libc project has been tryingto put them to a novel use: producing native, multi-platform binaries thatrun directly on several operating systems and architectures. There are stillsome rough edges with the project's approach, but it is generally possible tobuild C programs into a polyglot format with with minimaltweaking.

Security updates have been issued by AlmaLinux (expat), Fedora (chromium and golang-github-nvidia-container-toolkit), Mageia (curl, expat, mpg123, networkmanager-libreswan, openssl, php-tcpdf, qbittorrent, and x11-server, x11-server-xwayland, and tigervnc), Red Hat (kernel and libsoup), Slackware (mozilla), SUSE (firefox, kernel, python-PyPDF2, and xen), and Ubuntu (dotnet9, ghostscript, linux-aws, linux-oem-6.8, and pydantic).

Over the years, there has been steady progress in adding security features tocompilers and other tools to assist with hardening the Linux kernel (and, of course, otherprograms). In something of a tradition in the toolchainstrack at the LinuxPlumbers Conference, Kees Cook and Qing Zhao have led a session on that progress andfurther plans; this year, they were joined by Justin Stitt (YouTube video).

Garrett LeSage has written an in-depth articlefor Fedora Magazine about a new web-based user interface (UI) for Fedora's Anacondainstaller, planned to ship with Fedora42. The article looks atthe rationale for moving from GTK3 to a web-based UI, provides anumber of screenshots and demo screencasts, as well as instructions ontrying out the new installer with Fedora Rawhide.