LWN.net

The openSUSELeap 15.6 release is available; this is intended to be the lastLeap15.x release before Leap16 comes out."Leap 15.6 is projected to receive maintenance and security updatesuntil the end of 2025 to ensure sufficient overlap with the nextrelease". Changes include the addition of the Cockpit server-management tool, a6.4 kernel, GNOME45, and many other upgrades. This release alsoremoves a long list of unmaintained Python packages. See therelease notes for details.

Security updates have been issued by AlmaLinux (booth), Debian (cyrus-imapd and vlc), Fedora (firefox, libarchive, php, and singularity-ce), Oracle (ipa and ruby:3.3), Red Hat (389-ds-base, buildah, c-ares, cockpit, containernetworking-plugins, fence-agents, gdk-pixbuf2, gvisor-tap-vsock, kernel, kernel-rt, kpatch-patch, libreoffice, podman, protobuf-c, python-idna, rpm-ostree, ruby, and tomcat), Slackware (cups and mozilla), SUSE (bind, cups, iperf, kernel, nano, and poppler), and Ubuntu (libapache-mod-jk, linux-aws, linux-aws-5.15, linux-aws, linux-oracle, linux-intel-iotg-5.15, linux-nvidia, and mysql-8.0).

The extensible scheduler class("sched_ext") framework allows the writing of CPU schedulers as a set ofBPF programs. It has been somewhatcontroversial, and its merging into the kernel has been blocked despitea clear level of interest from users.Linus Torvalds has now letit be known that he has made a decision and, overriding the schedulermaintainer, will merge sched_ext for the 6.11 release.

BPF is in a unique position in terms of security. It runs in a privilegedcontext, within the kernel, and can have access to many sensitive details of thekernel's operation. At the same time, unlike kernel modules, BPF programs aren't signed.Additionally, the mechanisms behind BPF present challenges to implementingsigning or other security features. Three nearly back-to-back sessions at the2024Linux Storage,Filesystem, Memory Management, and BPF Summitaddressed some of the potential security problems.

Version127.0 of the Firefox browser is out. Changes include support for DNSprefetching and the ability to close duplicate tabs in a window. Thebrowser will now try to upgrade images and videos with HTTP URLs that arefound in an HTTPS page to HTTPS as well; if that fails, the non-HTTPSresources will simply fail to load.Update: thisMozilla Security Blog post describes the HTTPS-related changes indetail.

VFS maintainer Christian Brauner led a discussion about the possibility ofselectively dropping the contents of the page cache for a filesystem in asession at the2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. As he described in histopicproposal, the use case that started him down this path comes fromGNOME, which wants to be able to safely suspend access to an encrypted homedirectory. While it is known to kerneldevelopers, it is surprising to others that reads from encryptedfilesystems that have been suspended will succeed if the data to be readstill exists in the page cache.

Security updates have been issued by AlmaLinux (ruby:3.3), Fedora (efifs, libvirt, podman-tui, prometheus-podman-exporter, and strongswan), Red Hat (firefox, idm:DL1, ipa, nghttp2, and thunderbird), SUSE (aws-nitro-enclaves-cli, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, frr, glibc, go1.21, go1.22, gstreamer-plugins-base, kernel, kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, libxml2, mariadb, poppler, python-Brotli, python-docker, python-idna, rmt-server, skopeo, sssd, unbound, unrar, util-linux, and webkit2gtk3), and Ubuntu (giflib, libphp-adodb, linux-gkeop, linux-gkeop-5.15, linux-kvm, linux-laptop, linux-oem-6.8, nodejs, and tiff).

P4, short for "ProgrammingProtocol-independent Packet Processors", is a programming language aimed atnetworking devices; it is useful for the configuration of firewalls andcomplicated routing architectures. Since a lot of advanced networking isdone with Linux systems, it stands to reason that there would be value insupporting P4 and, indeed, animplementation of P4 in the kernel's traffic-control subsystem wasfirst posted by Jamal Hadi Salim at the beginning of 2023. After nearly18months, though, this feature has not been merged, and the chancesof that happening would appear to be getting worse.

Version 5.40.0 of the Perl language has been released. "Perl 5.40.0represents approximately 11 months of development since Perl 5.38.0 andcontains approximately 160,000 lines of changes across 1,500 files from 75authors". Significant changes include a new __CLASS__keyword, a :reader: attribute for field variables, a new"^^" logical-XOR operator (because two of those were not enough),moving "try/catch" out of the experimental category, and more; seethispage for lots of details.

Security updates have been issued by Fedora (galera and mariadb10.11), Mageia (0-plugins-base and plasma-workspace), Oracle (ruby:3.1 and ruby:3.3), Red Hat (bind, bind-dyndb-ldap, and dhcp), SUSE (apache2, glib2, libvirt, openssl-1_1, openssl-3, opera, python-Jinja2, python-requests, and squid), and Ubuntu (linux, linux-gcp, linux-gcp-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-xilinx-zynqmp, linux, linux-gcp, linux-gcp-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-raspi, linux, linux-ibm, linux-lowlatency, linux-raspi, linux-aws, linux-gcp, linux-azure, linux-azure-6.5, linux-starfive, linux-starfive-6.5, and linux-gke, linux-ibm, linux-intel-iotg, linux-oracle).

The 6.10-rc3 kernel prepatch is out."So things look good, the water is warm, please jump right in and keeptesting,"

Ladybird is an open-sourceproject aimed at building an independent web browser, rather thanyet another browser based on Chrome. It is written in C++ and licensed under atwo-clause BSD license. The effort began as part of the SerenityOS project, butdeveloper Andreas Kling announcedon June3 that he was "forking" Ladybird as a separate project and stepping away fromSerenityOS to focus his attention on the browser completely. Ladybirdis not ready to replace Firefox or Chrome for regular use, but it is showinggreat promise.

According to CrowdStrike, avulnerability in the Linux kernel's nftables codethat was discovered earlier thisyear is being actively exploited in the wild. The vulnerability allows forlocal privilege escalation. Most distributions have already released a fix.

BPF was firstgeneralized beyond packet filtering more than a decade ago. In that time, ithas changed a lot, becoming much more capable.Alexei Starovoitov kicked off the second day of the BPF track at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit by leading a sessiondiscussing which changes to BPF are going to come in the next ten years as itcontinues evolving. He proposed several ideas, including expanding the number ofregisters available to BPF programs, dynamic deadlock detection, and relaxingsome existing limits of the verifier.

Security updates have been issued by Mageia (libtiff), Oracle (cockpit, glibc, kernel, less, libxml2, linux-kernel, and tomcat), Red Hat (java-1.8.0-ibm, nghttp2, and ruby:3.3), Slackware (php), SUSE (go1.21, go1.22, and python-docker), and Ubuntu (aom and libvpx).

The kernel's user-space ABI does not lack for ring buffers; they have beendefined for subsystems like BPF, io_uring, perf,and tracing, forexample. Naturally, each of those ring buffers is unique, with no commoninterface between them. The natural response to this ABI proliferation is,of course, to add yet another ring buffer as the generic option; that isthe intent of thispatch series from Kent Overstreet adding a new set of system calls forring buffers.

Security updates have been issued by AlmaLinux (cockpit, kernel, kernel-rt, libxml2, ruby:3.1, and tomcat), Debian (libarchive, pillow, and tinyproxy), Fedora (apptainer), Mageia (amavisd-new and libxml2), Oracle (edk2), Red Hat (booth, cockpit, kernel-rt, less, libxml2, nghttp2, ruby:3.1, ruby:3.3, and tomcat), Slackware (kernel), and Ubuntu (atril, bluez, frr, gdk-pixbuf, openjdk-17, openjdk-21, openjdk-8, openjdk-lts, qemu, and unixodbc).

The LWN.net Weekly Edition for June 6, 2024 is available.

There are two types of file I/O on Linux, buffered I/O, which goes throughthe page cache, and direct I/O, which goes directly to the storage device.The performance of buffered I/O was reported to be a lot worse than directI/O, especially for one specific test, in Luis Chamberlain's topicproposal for a session at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit.The proposal resulted in a lengthy mailing-list discussion, which also came up in Paul McKenney's RCU session the nextday; Chamberlain led a combined storage and filesystem session to discuss those results with aneye toward improving buffered I/O performance.

Version 2024.2 of the Kali Linux penetration testing distributionhas been released. Thisrelease includes an update to GNOME46, a high-resolution (HiDPI) mode for Xfce, as well as a numberof new packages such as the AutoRecon networkreconnaissance tool, pspy command-line utility forsnooping on Linux processes, and SploitScan tool forfetching and displaying CVE information. Kali Linux is based on Debiantesting, and 2024.2 incorporates Debian's work to transition to 64-bittime_t to avoid year 2038 problems. Users with existing Kalisystems should be sure to follow the documentationwhen upgrading.

Version 14.1 of FreeBSD hasbeen released. Thisis the second release of the 14.x stable branch. Highlights of thisrelease include upgrades to OpenZFS 2.2.4, Clang/LLVM 18.1.5, andOpenSSH 9.7p1. FreeBSD 14.1 also features cloud-init support,sound subsystem improvements, and more. See thewhat'snew blog post from the FreeBSD Foundation, releasenotes, and errata formore information.

Many years ago, the PostgreSQL project started holding regular CommitFests tohelp tackle the work of reviewing and committing patches in a moreorganized fashion. That has served the project well, but some inthe project are concerned that CommitFests are no longer meetingthe needs of PostgreSQL or its contributors. A lengthy discussion on thepgsql-hackers mailing list turned up a number of complaints, a fewsuggestions for improvement, but little consensus or momentum towarda solution.

The GFP_NOFS flag is meant for kernel memory allocations thatshould not cause a call into the filesystems to reclaim memory because there arealready locks held that can potentially cause a deadlock. The "scopedallocation" API is a better choice for filesystems to indicate that theyare holding a lock, so GFP_NOFS has long been on the chopping block, thoughprogress has been slow. In a filesystem-track session atthe 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, Matthew Wilcox wanted todiscuss how to move kernel filesystems away from the flag with the eventualgoal of removing it completely.

Drew DeVault has publishedan update about the state of the SourceHut software developmentplatform and its plans for the coming months. This is the first updatesince the January post-mortemfollowing a distributed denial-of-service (DDoS) attack that resultedin a prolongedoutage:

Alan Jowett returned for a second remote presentation at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit to compare the performance ofdifferent BPF runtimes. He showed the results of the MIT-licensed BPFmicrobenchmark suite he has been working on.The benchmark suite does not yet provide a good direct comparison between allplatforms, so the results should betaken with a grain of salt. They doseem to indicate that there is some significant variation betweenimplementations, especially for different types of BPF maps.

Security updates have been issued by Fedora (deepin-qt5integration, deepin-qt5platform-plugins, dotnet8.0, dwayland, fcitx-qt5, fcitx5-qt, gammaray, kddockwidgets, keepassxc, kf5-akonadi-server, kf5-frameworkintegration, kf5-kwayland, plasma-integration, python-qt5, qadwaitadecorations, qgnomeplatform, qt5, qt5-qt3d, qt5-qtbase, qt5-qtcharts, qt5-qtconnectivity, qt5-qtdatavis3d, qt5-qtdeclarative, qt5-qtdoc, qt5-qtgamepad, qt5-qtgraphicaleffects, qt5-qtimageformats, qt5-qtlocation, qt5-qtmultimedia, qt5-qtnetworkauth, qt5-qtquickcontrols, qt5-qtquickcontrols2, qt5-qtremoteobjects, qt5-qtscript, qt5-qtscxml, qt5-qtsensors, qt5-qtserialbus, qt5-qtserialport, and qt5-qtspeech), Oracle (389-ds-base and ruby:3.1), Red Hat (389-ds-base, glibc, and kernel), SUSE (python-PyMySQL), and Ubuntu (libarchive).

We have just received thesad news that longtime core BSD developer Mike Karels has died; he willcertainly be missed.

Version 6.2 of the Incus container-management system is out. "Thisrelease contains the second wave of changes contributed by students of theUniversity of Texas at Austin and a few other features andimprovements." The features include a new incustopcommand, a new API for system load information, and more.

In the recent discussion on commenting atLWN, several readers asked for the ability to hide subthreads of a longcomment stream. That feature has just been added; it is also integratedwith the three comment-display modes and with comment filtering, removingthe need for JavaScript for filtering. Hiding is not persistent; no extradata is stored at either end.Give it a try; if you have comments on the new mechanism, this is the placeto put them.

The saga of the i_version field for inodes, which tracks theoccurrence of changesto the data or metadata of a file, continued in a discussion at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. In a session led byJeff Layton, who has been doing a lot the work on changing the semantics and functioning ofi_version over the years, he updated attendees on the status of the effort since a session at last year's summit. His summarywas that things are"pretty much where we started last year", but the discussion this timepointed to some possible ways forward.

There are few topics as arcane as memory models, so it was a pleasant surprisewhen the double-length session on the BPF memory model at theLinux Storage,Filesystem, Memory Management, and BPF Summit turned out to beunderstandable. Paul McKenney led the session, although he was clear that thework he was presenting was also due to Puranjay Mohan, who unfortunately couldnot attend the summit.BPF does not actually have a formalized memory model yet;instead it has relied on a history of talks like this one and a general informal understanding.Unfortunately, ignoring memory models does not make them go away, and this hasalready caused at least one BPF-related bug on weakly-ordered architectures.Figuring out what a formal memory model for BPF should define was the focus ofMcKenney's talk.

Security updates have been issued by Mageia (chromium-browser-stable, git, libreoffice, microcode, python-requests, webkit2, and wireshark), Oracle (container-tools:ol8, glibc, go-toolset:ol8, idm:DL1 and idm:client, less, python39:3.9 and python39-devel:3.9, ruby:3.0, and virt:ol and virt-devel:rhel), Red Hat (nodejs, nodejs:18, python-idna, and ruby:3.1), and SUSE (389-ds, ffmpeg, ffmpeg-4, gnutls, gstreamer-plugins-base, libhtp, mariadb104, poppler, python-python-jose, squid, and unbound).

Version 2.4.0 of the LyXdocument processor has been released. LyX is a "What You See Is What YouMean" (WYSIWYM) application that offers GUI editing of LaTeXdocuments with import and export to PDF, HTML, OpenDocument, Word, andother formats. LyX 2.4.0 is the first major release in six years, andbrings support for EPUB, DocBook 5, improvedtable styles, and now uses Unicode (utf8) as its default encoding. Seethe full list of newfeatures on the LyX wiki, and releasenotes for information on known issues and caveats for thoseupgrading from earlier versions of LyX.

Debian had a major discussionabout mounting /tmp as a RAM-based tmpfs in 2012 but inertiawon out in the end. Debian systems have continued tostore temporary files on disk by default. Until now. A mere 12 years later, the project will be switching to a RAM-based /tmp in the Debian13 ("Trixie") release. Additionally, starting with Trixie, thedefault will be to periodically clean up temporary files automatically in/tmp and /var/tmp. Naturally, it involved a lengthy discussion first.

Security updates have been issued by AlmaLinux (python39:3.9 and python39-devel:3.9 and ruby:3.0), Debian (chromium, gst-plugins-base1.0, and kernel), Fedora (chromium, glances, glycin-loaders, gnome-tour, helix, helvum, kitty, libarchive, libipuz, librsvg2, loupe, maturin, ntpd-rs, plasma-workspace, and a huge list of Rust-based packages due to a "mini-mass-rebuild" that updated the toolchain to Rust 1.78 and picked up fixes for various pieces), Mageia (gifsicle, netatalk, openssl, python-jinja2, and unbound), Red Hat (kernel and kernel-rt), SUSE (bind, glibc, gstreamer-plugins-base, squid, and tiff), and Ubuntu (glibc).

The second 6.10 kernel prepatch is out fortesting. "Nothing feels particularly odd, but rc2 is usually fairly small andpeople are only starting to find regressions.So please go test some more."

The Fedora Project has announcedthe results of the Fedora Linux 40 election cycle. Four seats wereopen on the FedoraEngineering Steering Committee (FESCo), and the winners are StephenGallagher, Neal Gompa, Michel Lind, and Fabio Valentini. The FedoraCouncil had two seats open, and the winnersare Aleksandra Fedorova and Adam Samalik. One seat was open on theFedora MindshareCommittee, and the winneris Sumantro Mukherjee. Four seats were open for the first election to selectmembers of the EPELSteering Committee, which went to TroyDawson, Kevin Fenzi, Carl George, and Jonathan Wright.

KDE Eco, a KDE project focusedon reducing software's environmental impact, has announced its OptGreen campaign to reduce e-waste:

The "pidfdfs" virtual filesystem was added to the 6.9 kernel release as away to export better information about running processes to user space. Itreplaced a previous implementation in a way that was, on its surface, fullycompatible while adding a number of new capabilities. This transition,which was intended to be entirely invisible to existing applications,already ran into trouble in March, when amisunderstanding with SELinux caused systems with pidfdfs to fail to bootproperly. That problem was quickly fixed, but it turns out that there wasone more surprise in store, showing just how hard ABI compatibility can beat times.

The 2024 Kernel Maintainers Summit will happen on September17 inVienna, Austria; it is an invitation-only event for a small group todiscuss important kernel-development problems. The call forproposals for this gathering has now been posted. One of the best waysto be invited to the event is to propose a topic that needs discussion inthat forum. The deadline for proposals is June18.

The developers of the Krita paintingapplication are celebrating25years of development with a detailed history of the project.

Security updates have been issued by AlmaLinux (.NET 7.0, .NET 8.0, 389-ds:1.4, ansible-core bug fix, enhancement, and, bind and dhcp, container-tools:rhel8, edk2, exempi, fence-agents, freeglut, frr, gdk-pixbuf2, ghostscript, git-lfs, glibc, gmp, go-toolset:rhel8, grafana, grub2, gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, harfbuzz, httpd:2.4, Image builder components bug fix, enhancement and, kernel, kernel-rt, krb5, less, LibRaw, libsndfile, libssh, libtiff, libX11, libXpm, linux-firmware, motif, mutt, nghttp2, openssh, pam, pcp, pcs, perl-Convert-ASN1, perl-CPAN, perl:5.32, pki-core:10.6 and pki-deps:10.6, pmix, poppler, python-dns, python-jinja2, python-pillow, python27:2.7, python3, python3.11, python3.11-cryptography, python3.11-urllib3, python39:3.9 and python39-devel:3.9, qt5-qtbase, resource-agents, squashfs-tools, sssd, systemd, tigervnc, traceroute, vorbis-tools, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), Debian (gst-plugins-base1.0), Fedora (cacti, cacti-spine, roundcubemail, and wireshark), Oracle (.NET 7.0, .NET 8.0, bind and dhcp, gdk-pixbuf2, git-lfs, glibc, grafana, krb5, pcp, python-dns, python3, sssd, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (edk2, less, nghttp2, and ruby:3.0), SUSE (gstreamer-plugins-base, Java, kernel, and python-requests), and Ubuntu (ffmpeg, node-browserify-sign, postgresql-14, postgresql-15, postgresql-16, and python-pymysql).

While BPF may be most famous for its use in the Linux kernel, there is actuallya growing effort to standardize BPF for use on other systems. These includeeBPF for Windows, but alsouBPF,rBPF,hBPF,bpftime, andothers. Some hardware manufacturers are evenconsidering integrating BPF directly into networking hardware. Dave Thalerled two sessions about all of the problems that cross-platform use inevitablybrings and the current status of the standardization work at the 2024Linux Storage,Filesystem, Memory Management, and BPF Summit.

A discussion of extensions to the statx()system call comes up frequently at the Linux Storage,Filesystem, Memory Management, and BPF Summit; this year's edition wasno exception. Kent Overstreet led the first filesystem-only session at thesummit on querying information about filesystems that have subvolumes andsnapshots. While it was billed as a discussion on statx()additions, it ranged more widely over new APIs needed for modern filesystems.

Greg Kroah-Hartman has announced the release of the 6.9.3 and 6.8.12 stable kernels. As usual, they containlots of important fixes throughout the tree. Note that 6.8.12 is the endof the line for the 6.8.x stable kernel series.

Security updates have been issued by Debian (python-pymysql), Fedora (chromium, mingw-python-requests, and thunderbird), Mageia (perl-Email-MIME and qtnetworkauth5 & qtnetworkauth6), Red Hat (gdisk and python39:3.9 and python39-devel:3.9 modules), SUSE (freerdp, gdk-pixbuf, gifsicle, glib2, java-1_8_0-ibm, kernel, libfastjson, libredwg, nodejs16, python, python3, python36, rpm, warewulf4, and xdg-desktop-portal), and Ubuntu (gst-plugins-base1.0, python-werkzeug, and tpm2-tss).

The LWN.net Weekly Edition for May 30, 2024 is available.

The Asahi Linux project worksto support Linux on Apple Silicon hardware. Theproject's flagshipdistribution is the FedoraAsahi Remix, which has its own installer (rather than Anaconda) toaccommodate the unique requirements of installing on Apple'shardware. Previously the installer was built by the Asahi project, but it has asked for (and received) an exceptionfrom the FedoraEngineering Steering Committee (FESCo) to include two binariesfrom upstream open-source projects so that the installer can be built on Fedorainfrastructure.

The FreeBSD Foundation has announcedthe 2024FreeBSD Community Survey Report. The report provides a summary of1,446 responses to an anonymous online survey of FreeBSD users. Itprovides insights into user profiles, typical usage, how the FreeBSDproject is viewed, as well as recommendations for expanding theFreeBSD community and contributor base:

When redesigning the LWN site in 2002, we thought long and hard aboutwhether the ability to post comments should be part of it; LWN had notoffered that feature for the first four years of its existence. There werealready plenty of examples of how comments can go bad by then, but wedecided to trust our readers to keep things under control. Much of thetime, that trust has proved justified, but there have been times wherethings have not gone so well. This time is quickly becoming one of thoseothers.