LWN.net

Let's Encrypt hasannouncedthat it intends to end support "as soon as possible" for the Online Certificate Status Protocol (OCSP) over privacy concerns. OCSP was developed as alighter-weight alternative toCertificate Revocation Lists (CRLs) that did not involve downloadingthe entire CRL in order to check whether a certificate was valid. Let's Encrypt will continuesupporting OCSP as long as it is a requirement for Microsoft'sTrusted Root Program, but hopes to discontinue it soon:

Security updates have been issued by Fedora (ghostscript and xmedcon), Gentoo (Dmidecode, ExifTool, and Freenet), Red Hat (containernetworking-plugins, cups, edk2, httpd, httpd:2.4, kernel, kernel-rt, krb5, libreoffice, libuv, libvirt, linux-firmware, nghttp2, nodejs, openssh, python3, runc, thunderbird, and tpm2-tss), Slackware (aaa_glibc, bind, and mozilla), SUSE (postgresql14, python-sentry-sdk, and shadow), and Ubuntu (activemq, bind9, haproxy, nova, provd, python-zipp, squid, squid3, and tomcat).

Simon Willison, co-creator of the popular Django web framework for Python,gave a keynote presentation at PyCon2024 on a topic that isunrelated to that work: large language models (LLMs).The topic grew out of some other work that he is doing on Datasette, which is a Python-based"tool for exploring and publishing data". The talk was a lookbeyond the hype to try to discover what useful things you can actually dotoday using these models. Unsurprisingly, there were somecautionary notes from Willison, as well.

The Python Software Foundation (PSF) board has announcedimprovements to its grants program that have been enacted as aresponse to "concerns and frustrations" with the program:

Mark Zuckerberg has postedan article announcing some new releases of the Llama large languagemodel and going on at length about why open-source models are important:

LWN has covered BPFsince its initial introduction to Linux, usually through the lens of the newestdevelopments; this can make it hard to view the whole picture. BPF providesa way to extend a running kernel, without having to recompile and reboot.It does this in a safe way, so that malicious BPFprograms cannot crash a running kernel, thanks to the BPF verifier. So how doesthe verifier actually work, what are its limits, and how has it changed sincethe early days of BPF?

Version 2.40 of the GNU CLibrary has been released. Changes include partial support for the ISO C23standard, a new tunable for the testing of setuid programs, improved 64-bitArm vector support, and a handful of security fixes. See the release notesfor details.

Security updates have been issued by Fedora (gtk3 and jpegxl), Red Hat (kpatch-patch and thunderbird), SUSE (apache2, git, gnome-shell, java-11-openjdk, java-21-openjdk, kernel, kernel-firmware, kernel-firmware-nvidia-gspx-G06, libgit2, mozilla-nss, nodejs20, python-Django, and python312), and Ubuntu (linux-aws, linux-aws, linux-aws-5.4, linux-iot, linux-aws-5.15, pymongo, and ruby-rack).

Red Hat, through members of the FedoraWorkstation Working Group, has taken anotherswing at persuading the Fedora Project to allow metrics related tothe real-world use of the Workstation edition to be collected. The firstproposal, aimed for Fedora40, was withdrawn to be reworkedbased on feedback. This time around, the proponents have shifted fromasking for opt-out telemetry to opt-in metrics, with more detail aboutwhat would be collected and the policies that would govern data collection. Thechange seems to be on its way to approval by the Fedora EngineeringSteering Council (FESCo) and is set to take effect forFedora42.

Security updates have been issued by Fedora (botan2, chromium, ffmpeg, fluent-bit, gtk3, httpd, suricata, tcpreplay, and thunderbird), Mageia (apache, chromium-browser-stable, libfm & libfm-qt, and thunderbird), Oracle (firefox, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, libndp, qt5-qtbase, ruby, skopeo, thunderbird, and virt:ol and virt-devel:rhel), Red Hat (containernetworking-plugins, firefox, libndp, qt5-qtbase, and thunderbird), SUSE (caddy, chromium, emacs, global, mockito, snakeyaml, testng, and opera), and Ubuntu (thunderbird).

The Next Generation Internet(NGI) project, an initiative of the EU's European Commission (EC),provides funding in the form of grants for a wide variety ofopen-source software,includingRedox,Briar,SourceHut, and many more.But the NGI project is not among those that would be funded under the current draft budget for 2025,as The Register reports. More than 60 organizations have signed on to an open letter asking theEC to reconsider:

The NumPy project released version 2.0.0 onJune 16, the first major release of the widelyused Python-based numeric-computing library since 2006. The release has been planned for sometime, as an opportunity to clean up NumPy's API. As with most NumPy updates,there are performance improvements to several individual functions. There are only a few newfeatures, but several backward-incompatible changes, including a change toNumPy's numeric-promotion rules. Changes to the Python API require relatively minor changes toPython code using the library, but the changes to the C API may be moredifficult to adapt to. Inboth cases, the officialmigration guide describes what needs to be adapted to the new version.

The kernel will not consent to execute just any file that happens to besitting in a filesystem; there are formalities, such as the checking ofexecute permission and consulting security policies, to get through first.On some systems, security policies have been established to limit executionto specifically approved programs. But there are files that are notexecuted directly by the kernel; these include scripts fed to languageinterpreters like Python, Perl, or a shell. An attacker who is able to getan interpreter to execute a file may be able to bypass a system's securitypolicies. Mickael Salaun has been working on closing this hole for years;the latestattempt takes the form of a new flag to the execveat()system call.

Security updates have been issued by AlmaLinux (firefox, java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, libndp, openssh, qt5-qtbase, ruby, skopeo, and thunderbird), Debian (thunderbird), Fedora (dotnet6.0, httpd, python-django, python-django4.2, qt6-qtbase, rapidjson, and ruby), Red Hat (389-ds-base, firefox, java-1.8.0-openjdk, java-11-openjdk, libndp, qt5-qtbase, and thunderbird), Slackware (httpd), SUSE (apache2, chromium, and kernel), and Ubuntu (apache2, linux-aws, linux-azure-fde, linux-azure-fde-5.15, linux-hwe-5.15, linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5, and linux-raspi, linux-raspi-5.4).

The sad news that Peter de Schrijver has passed away has just reached us. An obituary in Dutch relates that he passed in a Helsinki hospital on July 12. Mind Software Consulting, which he founded, has a message of condolences as well.De Schrijver was a Debian Developer and a Linux kernel contributor; he will be missed.

The Apache Software Foundation (ASF)has announcedthat it will be changing its logo to remove the feather that has been partof its brand since 1997. ASF members will have input on the rebranding process and beable to vote on the new logo, which will be unveiled at the Community Over Code conference in October.

Greg Kroah-Hartman has released seven new stable kernels: 6.9.10, 6.6.41, 6.1.100, 5.15.163, 5.10.222, 5.4.280, and 4.19.318. As usual, each contains importantfixes throughout the kernel tree.

Leah Rumancik led a filesystem-track session atthe 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit on the testing needed toqualify XFS patches for the stable kernels. At last year's summit,Rumancik, Amir Goldstein, and Chandan Babu Rajendra presented on their efforts to test andbackport fixes for the XFS filesystem to three separate stable kernels.There has been some longstanding unhappiness inthe XFS-development communitywith the stable-kernel process, which led tobackports ceasing for that filesystem until Goldstein started working on XFS testing for the stabletrees a few years ago. In this year's session, Rumancik updatedattendees on how things had gone over the last year and wanted to discuss someremaining pain points for the process.

The merge window for the 6.11 kernel release opened on July14; as ofthis writing, 4,072 non-merge changesets have been pulled into the mainlinerepository since then. This merge window, in other words, is just nowbeginning. Still, there has been enough time for a number of interestingchanges to land for the next kernel release; read on for a summary of whathas been merged so far.

Security updates have been issued by Debian (chromium), Fedora (freeradius), Red Hat (firefox, java-1.8.0-openjdk, and java-17-openjdk), Slackware (openssl), SUSE (ghostscript, gnutls, podman, and python-Django), and Ubuntu (linux-hwe-6.5, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15, linux-oracle, linux-xilinx-zynqmp, and stunnel).

The LWN.net Weekly Edition for July 18, 2024 is available.

Version4.2 LTS of the Blenderopen-source 3D creation suite has been released. Major improvementsinclude a rewrite of the EEVEErender engine, faster rendering, and much more. See the showcasereel for examples of work created by the Blender community withthis release.See the text releasenotes for even more about 4.2 LTS, which will be maintained untilJuly 2026.

Maintenance of the kernel is a difficult, often thankless, task; how it isbeing handled, the role of maintainers, burnout, and so on are recurringtopics at kernel-related conferences. Atthe 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, Josef Bacik andChristian Brauner led a session to discuss possible changes to the wayfilesystems are maintained, though Bacik took the lead role (and the podium). There are a number of interrelated topics,including merging new filesystems, removing old ones, making and testing changesthroughout the filesystem tree, and more.

Version 8.4.0 of the digiKam photo editing and managementapplication has been released. Thisrelease includes an update of the LibRaw RAW decoder whichbrings support for many new cameras, a new version of the LensFuntoolkit, a feature for automatic translation of image tags, GMIC-Qt 3.4.0, and manybug fixes. See the announcement for full details.

Gustavo A. R. Silva describesthe path to safer flexible arrays in the kernel, thanks to thecounted_by attribute supported by Clang18 and GCC15.

Security updates have been issued by Debian (kernel), Fedora (golang and krb5), Red Hat (cups, firefox, git, java-21-openjdk, kernel, linux-firmware, nghttp2, nodejs, and podman), SUSE (libndp, nodejs18, nodejs20, tomcat, and xen), and Ubuntu (gtk+2.0, gtk+3.0 and linux-hwe-5.4, linux-oracle-5.4).

SUSE has, in a somewhat clumsyfashion, asked openSUSEto consider rebranding to clear up confusion over therelationship between SUSE the company and openSUSE as a communityproject. That, in turn, has opened conversations about revisingopenSUSE governance and more. So far, there is no concrete proposal toconsider, no timeline, or even a process for the community and companyto follow to make any decisions.

Amir Goldstein led a filesystem-track session at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit on his project to build ahierarchicalstorage management (HSM) system using fanotify.The idea is to monitor file access in order to determine when to retrievecontent from non-local storage (e.g. the cloud). The session was afollow-up to last year's introduction to theproject, which covered some of the problems he had encountered; thisyear, hewas updating attendees on its status and progress, along with some otherproblem areas that he wanted to discuss.

Redox has received agrant to work on implementing POSIX-compatible signals. Thedraft design calls for them to be implemented nearly completely in user space.

Security updates have been issued by Debian (kernel), Fedora (erlang-jose, mingw-python-certifi, and yt-dlp), Mageia (firefox, nss, libreoffice, sendmail, and tomcat), Red Hat (firefox, ghostscript, git-lfs, kernel, kernel-rt, ruby, and skopeo), SUSE (Botan, cockpit, kernel, nodejs18, p7zip, python3, and tomcat), and Ubuntu (ghostscript, linux, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-azure-6.5, linux-gcp-6.5, and linux-gke, linux-nvidia).

On June 25, Matthew Wilcox posteda second version of a patch setintroducing a newdata structure called rosebush, which"is a resizing, scalable, cache-aware, RCU optimised hashtable." The kernel already has generic hash tables, though, includingrhashtable. Wilcox believes that the design ofrhashtable is not the best choice for performance, and has written rosebush asan alternative for use in thedirectory-entry cache (dcache) - the filesystem cache used to speed upfile-name lookup.

The 6.10 kernel was releasedon July14 after a nine-week development cycle. This time around,13,312 non-merge changesets were pulled into the mainline repository - thelowest changeset count since 5.17 in early 2022. Longstanding traditionsays that it is time for LWN to gather some statistics on where the newcode for 6.10 came from and how it got to the mainline; read on for thedetails.

Greg Kroah-Hartman has released the 6.6.40and 6.1.99 stable kernels. Both contain afix for the USB subsystem; anyone who uses those kernel series and "the XHCIUSB host controller driver (i.e. USB 3) must upgrade".

Security updates have been issued by Fedora (cups, krb5, pgadmin4, python3.6, and yarnpkg), Mageia (freeradius, kernel, kmod-xtables-addons, kmod-virtualbox, and dwarves, kernel-linus, and squid), Red Hat (ghostscript, kernel, and less), SUSE (avahi, c-ares, cairo, cups, fdo-client, gdk-pixbuf, git, libarchive, openvswitch3, podman, polkit, python-black, python-Jinja2, python-urllib3, skopeo, squashfs, tiff, traceroute, and wget), and Ubuntu (linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-kvm).

Linus hasreleasedthe 6.10 kernel.

The GNOME Foundation has announcedthat executive director Holly Million is stepping down at the end ofJuly, and will be replaced by Richard Littauer as interim executivedirector:

Linux Mint has released a beta of itsnext long-term-support (LTS) release, LinuxMint22 (code-named "Wilma"), based on Ubuntu24.04. Aside from the standardsoftware updates that come with any major upgrade, some of Wilma'slargest selling points are what it doesn't have; namely snappackages or GNOME applications that have broken theming on non-GNOMEdesktops like Mint's Cinnamon desktop.

Security updates have been issued by Debian (apache2), Fedora (mingw-python3 and python-urllib3), Oracle (dotnet6.0, dotnet8.0, fence-agents, openssh, pki-core, and virt:ol and virt-devel:rhel), SUSE (apache2, firefox, libvpx, oniguruma, python-zipp, python310, thunderbird, and tomcat10), and Ubuntu (apache2, apport, linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi, linux, linux-gcp, linux-nvidia-6.5, linux-raspi, linux-gke, and python-django).

Since thedisagreements that led to Eelco Dolstrastepping down from the NixOSFoundation board, there have been a number of projects forked from or inspiredbyNix that have stepped up to compete with it. Two months on, some of theseprojects are now well-established enough to look at what they have to offer andhow they compare to each other. Overall, users have a number of good options tochoose from, whether they're seeking a compatible replacement for Nix (theconfiguration language and package manager) or NixOS (the Linux distribution),or something that takes the same ideas in a different direction.

The sixth edition of the Power Management and Schedulingin the Linux Kernel (OSPM) Summit took place on May 30-31 2024, and wasgraciously hosted by the Institut deRecherche en Informatique de Toulouse (IRIT) in Toulouse, France. Thisis the first of a series of articles describing the discussions held atOSPM 2024; topics covered include latency hints, energy-aware scheduling,ChromeOS, and user-space schedulers.

The 6.9.9, 6.6.39, and 6.1.98 stable kernels have been released. Asusual, they contain lots of important fixes throughout the tree.

Security updates have been issued by AlmaLinux (dotnet6.0, dotnet8.0, fence-agents, and virt:rhel and virt-devel:rhel), Debian (exim4 and firefox-esr), Fedora (dotnet8.0, firefox, onnx, qt6-qtbase, squid, and wordpress), Mageia (golang, netatalk, php, and poppler), Red Hat (ghostscript, httpd, openssh, python3, and ruby), Slackware (mozilla), SUSE (kernel and openssh), and Ubuntu (linux-aws-5.4, linux-azure, linux-ibm-5.15, and python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12).

The research value of thisUSENIX paper by Hongyu Li et al. is not entirely clear, but it doesshow that the Rust-for-Linux project is gaining wider attention.

The LWN.net Weekly Edition for July 11, 2024 is available.

Doug Brown documentsthe long journey to fixing a bug in the GDebi utility forinstalling Debian packages. He first encountered the bug inUbuntuMATE18.04: "at the time I just ignored thisissue. I didn't want to deal with it. I went off to the trusty Linuxterminal and installed Chrome that way instead".

Fedora Atomic Desktopand Fedora IoT systems installedbefore Fedora40 may fail to boot after an update if secure bootis enabled. Fedora Magazine has apost by Timothee Ravier about the problem, how users can workaround it, and what the project is doing to avoid the similar problemsin the future:

The eventfs filesystem provides an interface to the tracepoints that are availableto be used by various Linux tracing tools (e.g. ftrace, perf, uprobes,etc.); it is meant to be a version of the tracefs filesystem thatdynamically allocates its entries as needed. The goal is to reduce the memoryrequired for multiple instances of tracefs, as Steven Rostedt described ina session at the 2022Linux Storage,Filesystem, Memory Management, and BPF Summit. He returned to the 2024edition of the summit to talk further about how to make pseudo (or virtual)filesystems, such as tracefs/eventfs, more like regular Linux filesystems,where the directory entries (dentries) and inodes are only created (andcached) as needed.

Sxmo, short for "Simple X Mobile", is described on its web site as "aminimalist environment for Linux mobile devices"; it offers a menu-driveninterface that is controlled with the phone's hardware buttons. Sxmo enables the userto send SMS messages from a text editor and is entirely customizable withshell scripts. This peculiar mobile user interface significantly differsfrom the prevailing approach-but it works.

Security updates have been issued by AlmaLinux (buildah, gvisor-tap-vsock, kernel-rt, libreswan, linux-firmware, pki-core, and podman), Fedora (firefox and jpegxl), Gentoo (Buildah, HarfBuzz, and LIVE555 Media Server), Oracle (buildah, gvisor-tap-vsock, kernel, libreswan, and podman), Red Hat (containernetworking-plugins, dotnet6.0, dotnet8.0, fence-agents, kernel, libreswan, libvirt, perl-HTTP-Tiny, python39:3.9, toolbox, and virt:rhel and virt-devel:rhel modules), SUSE (firefox, freeradius-server, haproxy, jbigkit, kernel, kernel-firmware, pam, ppp, python3-cryptography, skopeo, and tar), and Ubuntu (dotnet6, dotnet8, exim4, firefox, golang-1.21, golang-1.22, openssh, and python-django).

There are a number of kernel filesystems that store their directory entriesdirectly in the directory-entry cache (dcache) without having any permanentstorage for those objects. It started out as a "neat hack" for ramfs,Al Viro said, at the start of his filesystem-track session atthe2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. Unfortunately, as the useof this technique has grown into other filesystems, there has been a lot ofscope creep that has gotten out of control. He wanted to discuss some newinfrastructure that he is working on to try to clean some of that up.