Security updates have been issued by AlmaLinux (containernetworking-plugins, edk2:20240524, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, libsndfile:1.0.31, mpg123:1.32.9, pam, php:8.1, php:8.2, python3.11, python3.11-urllib3, python3.12, python3.9:3.9.21, skopeo, and unbound:1.16.2), Debian (intel-microcode), Fedora (python3-docs and python3.12), Mageia (emacs), Red Hat (podman), and SUSE (gdb, govulncheck-vulndb, libparaview5_12, mozjs115, mozjs78, and vhostmd).
The systemd project has been working for some time onpromotingunified kernelimages (UKIs), a format that bundles a kernel, initial disk image, kernel command line, andother associated data into a single file. The advantage of the format is the ability toauthenticate the entire collection with secure boot, which makes it easier forend users to know that their operating system hasn't been tampered with. Thedownside is the lack of flexibility and increase in disk usage, since all of thethings packaged in a UKI must be updated together. But therecent systemd 257 release (along with other changes to be covered in a future article) includes somemajor changes to the UKI format, and the rest of the boot process, thatpartially mitigate those downsides. The release also includes improvements forhardware-locked disk encryption, which may also help secure some computers.
The Fedora Project has announcedthe results of the Fedora Linux 41 election cycle. Five seats wereopen on the Fedora EngineeringSteering Committee (FESCo), and the winnersare Kevin Fenzi, Zbigniew Jdrzejewski-Szmek, David Cantrell, TomaHrka, and Fabio Alessandro Locati. One seat was open on the MindshareCommittee and that went to Luis Bazan as the only eligiblecandidate nominated in this period.
In the past, suspensions of Python core developers have effectively beenpermanent because the recipients of the punishment chose not to return.Things have played out quite differently after Tim Peters was suspended for three months back in August;Peters has been posting to the Python discussion forum since his suspensionended in early November and, generally, getting back to work as usual.That does not mean that he-or others in the community-have accepted the wayhe was treated, but he has largely made his peace with it. The incident isstill reverberating through the Python world, however.
Linus has released 6.13-rc4 for testing."So this definitely is looking a bit smaller than most rc4s, and Iexpect (and hope) that rc5 will be absolutely tiny because you shouldall already be relaxing over the xmas holidays.But hey, if somebody is out there keeping the lights on, please dokeep testing."
Version5.0.0 of the darktablephotography workflow application has been released. Major changes inthis release include user-interface/user-experience (UI/UX)improvements, speed improvements for bulk operations, and the additionof a inter-script-communication event to allow a runningscript to send messages to another running script. LWN last looked at darktable in2022.
Curl maintainer Daniel Stenberg announcesthat the curl project will be dropping hyper, its experimental HTTP backendwritten in Rust, due to lack of developer interest.
Version 2024.12 of the Debian-based Grml live Linux system for system administrators has been released. Grml 2024.12 uses packages from the upcoming Debian 13 ("trixie") release. It drops support for 32-bit x86 PCs and gains support for 64-bit ARM CPUs. See the release notes for a full list of changes and new features.
Back in 2022, Josh Triplett presented aplan to implement a "spawn new process" functionality in the io_uringsubsystem. There was a fair amount of interest at the time, but developersgot distracted, and the work did not progress. Now, Gabriel KrismanBertazi has returned with a patch seriesupdating and improving Triplett's work. While interest in thisfunctionality remains, it may still take some time before it is ready formerging into the mainline.
The 6.12.6, 6.6.67, 6.1.121, 5.15.175, 5.10.232, and 5.4.288 stable kernels have been released.As usual, they contain important fixes throughout the kernel tree.
Security updates have been issued by AlmaLinux (bluez, edk2:20220126gitbb1bba3d77, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, kernel-rt, mpg123, php:8.2, python3.11-urllib3, and tuned), Fedora (ColPack, glibc, golang-github-chainguard-dev-git-urls, golang-github-task, icecat, python-nbdime, python3.13, and python3.14), Mageia (kernel, kmod-xtables-addons, kmod-virtualbox, dwarves and kernel-linus), Red Hat (gstreamer1-plugins-base and gstreamer1-plugins-good), SUSE (curl, emacs, git-bug, glib2, helm, kernel, and traefik2), and Ubuntu (gst-plugins-base1.0, gst-plugins-good1.0, gstreamer1.0, libvpx, linux-gcp, phpunit, and yara).
The Fedora Engineering Steering Council (FESCo) has made a series ofmissteps in deciding to revoke a longtime Fedora contributor's provenpackagerstatus. FESCo made the decision during a closed session, based on privatecomplaints. It then publicly announced its decision, including thecontributor's name, while only supplying a vague account of thecontributor's actions. This has left the Fedora community with morequestions than answers, and raised a number of complaints about thetransparency of FESCo's process. In addition, the sequence of events hassparked discussions about package ownership, as well as when and how it'sappropriate to push changes to packages that a developer doesn't own.
fish is a shell with a custom language and several affordances not available out of the box in other shells, such as directory-sensitive command completion. Although the project does not normally make beta releases, the newly announced 4.0b1 releasewill have one in order to ensure that no problems were introducedafter a major effort to switch the code base from C++ to Rust.
Emacs has had afew bugs related to accidentallypermitting the execution of untrusted code. Unfortunately, it seems as thoughanother bug of that sort has appeared - and may be harder to patch,because the problem comes from the way Emacs handles expansion of Lisp macros incode being analyzed. Thevulnerability is only practically exploitable in a non-default configuration, sonot every Emacs user has something to worry about. The Emacsdevelopers are reportedly working on a fix, but have not yet shared detailsabout it. In the meantime, every Emacs version since at least26.1 (released in May2018) through the current development version is vulnerable.
Since we last lookedat the WordPressdispute, WP Engine has soughta preliminary injunction against Automattic and its founder Matt Mullenweg torestore its access to WordPress.org, and more. The judgein the case granted a preliminary injunction on December 10. The caseis, of course, of interest to users and developers working withWordPress-but it may also have implications for otheropen-source projects well beyond the WordPress community.
Version2024.4 of the Kali Linux penetration-testing distribution has beenreleased. Changes include a switch to Python3.12, the removal of i386kernel support, GNOME47, and more.
The Sequoia PGP project has announcedversion 1.0 of the sq command-line tool for managing OpenPGPencryption and signatures. It also provides a decentralized publickey infrastructure (PKI), and key management facilities. This isthe first stable release since development began on the project in2017.
Emacs is, famously, aneditor-perhaps far more-that is extensible using its ownvariant of the Lisp programming language, EmacsLisp (or Elisp). This year'sedition of EmacsConf, which is an annual "gathering" that has been heldonline for the past five years, had two separate talks on using a differentvariant of Lisp, Guile,for Emacs. Both projects would preserve Elisp compatibility, which is amust, but they would use Guile differently. The first talk we will coverwas given by Robin Templeton, who described the relaunch of the Guile-Emacs project, which would replacethe Elisp in Emacs with a compiler using Guile. A subsequent article will lookat the other talk, which is about an Emacs clone writtenusing Guile.
Linus has released 6.13-rc3 for testing."Earlier this week it felt to me like things might have already startedto quiet down in prep for the holidays, but doing the statistics on rc3that doesn't actually seem to be the case - this looks very regular both innumber of commits and in diff size".
Version 4.20of the Xfce desktop environment has been released. "The major focusduring this development cycle was the preparation of the codebase to beready for Wayland". See the Xfce 4.20 tour for anoverview of the changes in this release.
Commits in the Git source-code management system are identified by theSHA-1 hash of their contents - though the specific hash may change someday. The full hash is a160-bit quantity, normally written as a 40-character hexadecimal string.While those strings are convenient for computers to work with, humans findthem to be a bit unwieldy, so it is common to abbreviate the hash values toshorter strings. Geert Uytterhoeven recently proposedincreasing the length of those abbreviated hashes as used in the kernelcommunity, but the problem he was working to solve may not be as urgent asit seems.
Handling time in a networked environment is never easy. TheNetwork Time Protocol (NTP) has been used to synchronize clocks across theinternet for almost 40 years - but, as computers and networks get faster, thedegree of synchronization it offers is not sufficient for some use cases. ThePrecision Time Protocol (PTP) attempts to provide more precisetime synchronization, at theexpense of requiring dedicated kernel and hardwaresupport. The Linux kernel hassupported PTP since 2011, but the protocol has recently seenincreasing use in data centers. As PTP becomes more widespread, it may beuseful to have an idea how it compares to NTP.
The CentOS Project has announcedthe general availability of CentOSStream10. See the release notes for informationon new features, changes, and removed software. The Extra Packages forEnterprise Linux (EPEL) 10 repository is also available,and will be adding minor version repositories:
Version1.32 (dubbed "Penelope") of Kubernetes has been released with 13major features graduating to Stable status, 12 entering Beta, and 19entering Alpha.
The release of the 4.19.325 stablekernel update on December5 marked the end of an era of sorts.This kernel had been supported for just over six years since its initialrelease in October 2018; over that time, 325 updates were released,adding 30,109 fixes. Few Linux kernels receive public support for so long;it is worth taking a look at this kernel's history to see how it playedout.
Security updates have been issued by Debian (libsoup2.4, python-aiohttp, and upx-ucl), Fedora (iaito, python3.11, python3.9, and radare2), Red Hat (ruby, ruby:2.5, and ruby:3.1), Slackware (mozilla-thunderbird), SUSE (govulncheck-vulndb, nodejs18, nodejs20, and socat), and Ubuntu (ofono and python-tornado).
The RedHat Enterprise Linux (RHEL) 10 beta was released in mid-Novemberand, if all goes according to plan, CentOSStream10should be released before the end of the year. While nothing is etchedin stone just yet, it is a good time for anyone using or targetingRHEL (and its clones) to start taking a look at how Stream10,and the corresponding EPELrepository, is shaping up. This is not only important to RHEL andStream users, but anyone deploying and supporting software onenterprise Linux (EL) derivatives like AlmaLinux, OracleLinux,and RockyLinux as well.
The Linux kernel has many tunable parameters. While there is much adviceavailable on the internet about how to set them, few people have the time toweed through the (often contradictory) explanations and choose appropriatevalues. One possible way to address this isa project called bpftune, aprogram that uses BPF to track various metrics about a running system andadjust the sysctl knobs appropriately. The program is developed by Oracle, andis available under a GPLv2 license. Bpftune is currently mostlyfocused on optimizing network settings, but the authors hope that the system isflexible enough to be extended to cover other settings.
Security updates have been issued by Debian (proftpd-dfsg and smarty3), Fedora (python3.14), Gentoo (Distrobox, eza, idna, libvirt, and OpenSC), Red Hat (container-tools:rhel8 and edk2), SUSE (avahi, curl, libsoup2, lxd, nodejs20, python-Django, python310-Django4, python312, squid, and webkit2gtk3), and Ubuntu (expat, intel-microcode, linux, linux-aws, linux-kvm, linux-lts-xenial, and shiro).
Systemd 257 has been released. As usual, the list of changes is long; itincludes support for multipath TCP in socket units, the ability to runprocesses as init in their own PID namespace, a new tool for signing EFIbinaries for secure boot,and a superhero emoji in the run0 shell prompt, among many other things. Also, support for version-1 control groups has been disabled and requiresan elaborate dance to re-enable; it will be removed entirely in the nextrelease, along with support for SystemV service scripts.
In a session atOpen Source Summit Europe(OSSEU) back in September, Alex Bucknall gave an overview of a camera "trap"-adevice to capture images in a non-intrusive way-that he helped develop which is being used to monitor seagrass. He works forthe Arribada Initiative, which is anon-profit organizationfocused on creating open-source technology for studying wildlife and ecosystems.The camera system uses the Zephyrrealtime operating system (RTOS) on an open platform that is designed to beinexpensive and usable for multiple applications.
When the Fedora Engineering Steering Council (FESCo) is up for election, the project postsinterviews of the candidates in order to help Fedora contributors make an informed choice. Thisyear, the candidates areZbigniew Jdrzejewski-Szmek,Toma Hrka,Josh Stone,David Cantrell,Fabio Alessandro Locati, andKevin Fenzi.All of them except for Locati are current members of the steering council.Voting is open until December 20.
In 2019, the Python community had alengthy discussion about changing the rules (that some find counterintuitive) onusing break, continue, or return statements infinally blocks. These are all ways of jumping out of a finallyblock, which can interrupt the handling of a raised exception.At the time, the Python developers chose not to changethings, because the consensus was that the existing behavior was not a problem. Now, afterareport put together by Irit Katriel, the project is once again consideringchanging the language.
The OpenWrt project has issued anadvisory regarding a vulnerability found in its Attended SysupgradeServer that could allow compromised packages to be installed on a router byan attacker. No official OpenWrt images were affected, and thevulnerability is not known to be exploited, but users who have installedimages created with an instance of this server are recommended toreinstall.For a detailed description of how the exploit works, see thisblog post.
LWN.net