LWN.net

The Next Generation Internet(NGI) project, an initiative of the EU's European Commission (EC),provides funding in the form of grants for a wide variety ofopen-source software,includingRedox,Briar,SourceHut, and many more.But the NGI project is not among those that would be funded under the current draft budget for 2025,as The Register reports. More than 60 organizations have signed on to an open letter asking theEC to reconsider:

The NumPy project released version 2.0.0 onJune 16, the first major release of the widelyused Python-based numeric-computing library since 2006. The release has been planned for sometime, as an opportunity to clean up NumPy's API. As with most NumPy updates,there are performance improvements to several individual functions. There are only a few newfeatures, but several backward-incompatible changes, including a change toNumPy's numeric-promotion rules. Changes to the Python API require relatively minor changes toPython code using the library, but the changes to the C API may be moredifficult to adapt to. Inboth cases, the officialmigration guide describes what needs to be adapted to the new version.

The kernel will not consent to execute just any file that happens to besitting in a filesystem; there are formalities, such as the checking ofexecute permission and consulting security policies, to get through first.On some systems, security policies have been established to limit executionto specifically approved programs. But there are files that are notexecuted directly by the kernel; these include scripts fed to languageinterpreters like Python, Perl, or a shell. An attacker who is able to getan interpreter to execute a file may be able to bypass a system's securitypolicies. Mickael Salaun has been working on closing this hole for years;the latestattempt takes the form of a new flag to the execveat()system call.

Security updates have been issued by AlmaLinux (firefox, java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, libndp, openssh, qt5-qtbase, ruby, skopeo, and thunderbird), Debian (thunderbird), Fedora (dotnet6.0, httpd, python-django, python-django4.2, qt6-qtbase, rapidjson, and ruby), Red Hat (389-ds-base, firefox, java-1.8.0-openjdk, java-11-openjdk, libndp, qt5-qtbase, and thunderbird), Slackware (httpd), SUSE (apache2, chromium, and kernel), and Ubuntu (apache2, linux-aws, linux-azure-fde, linux-azure-fde-5.15, linux-hwe-5.15, linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5, and linux-raspi, linux-raspi-5.4).

The sad news that Peter de Schrijver has passed away has just reached us. An obituary in Dutch relates that he passed in a Helsinki hospital on July 12. Mind Software Consulting, which he founded, has a message of condolences as well.De Schrijver was a Debian Developer and a Linux kernel contributor; he will be missed.

The Apache Software Foundation (ASF)has announcedthat it will be changing its logo to remove the feather that has been partof its brand since 1997. ASF members will have input on the rebranding process and beable to vote on the new logo, which will be unveiled at the Community Over Code conference in October.

Greg Kroah-Hartman has released seven new stable kernels: 6.9.10, 6.6.41, 6.1.100, 5.15.163, 5.10.222, 5.4.280, and 4.19.318. As usual, each contains importantfixes throughout the kernel tree.

Leah Rumancik led a filesystem-track session atthe 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit on the testing needed toqualify XFS patches for the stable kernels. At last year's summit,Rumancik, Amir Goldstein, and Chandan Babu Rajendra presented on their efforts to test andbackport fixes for the XFS filesystem to three separate stable kernels.There has been some longstanding unhappiness inthe XFS-development communitywith the stable-kernel process, which led tobackports ceasing for that filesystem until Goldstein started working on XFS testing for the stabletrees a few years ago. In this year's session, Rumancik updatedattendees on how things had gone over the last year and wanted to discuss someremaining pain points for the process.

The merge window for the 6.11 kernel release opened on July14; as ofthis writing, 4,072 non-merge changesets have been pulled into the mainlinerepository since then. This merge window, in other words, is just nowbeginning. Still, there has been enough time for a number of interestingchanges to land for the next kernel release; read on for a summary of whathas been merged so far.

Security updates have been issued by Debian (chromium), Fedora (freeradius), Red Hat (firefox, java-1.8.0-openjdk, and java-17-openjdk), Slackware (openssl), SUSE (ghostscript, gnutls, podman, and python-Django), and Ubuntu (linux-hwe-6.5, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15, linux-oracle, linux-xilinx-zynqmp, and stunnel).

The LWN.net Weekly Edition for July 18, 2024 is available.

Version4.2 LTS of the Blenderopen-source 3D creation suite has been released. Major improvementsinclude a rewrite of the EEVEErender engine, faster rendering, and much more. See the showcasereel for examples of work created by the Blender community withthis release.See the text releasenotes for even more about 4.2 LTS, which will be maintained untilJuly 2026.

Maintenance of the kernel is a difficult, often thankless, task; how it isbeing handled, the role of maintainers, burnout, and so on are recurringtopics at kernel-related conferences. Atthe 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit, Josef Bacik andChristian Brauner led a session to discuss possible changes to the wayfilesystems are maintained, though Bacik took the lead role (and the podium). There are a number of interrelated topics,including merging new filesystems, removing old ones, making and testing changesthroughout the filesystem tree, and more.

Version 8.4.0 of the digiKam photo editing and managementapplication has been released. Thisrelease includes an update of the LibRaw RAW decoder whichbrings support for many new cameras, a new version of the LensFuntoolkit, a feature for automatic translation of image tags, GMIC-Qt 3.4.0, and manybug fixes. See the announcement for full details.

Gustavo A. R. Silva describesthe path to safer flexible arrays in the kernel, thanks to thecounted_by attribute supported by Clang18 and GCC15.

Security updates have been issued by Debian (kernel), Fedora (golang and krb5), Red Hat (cups, firefox, git, java-21-openjdk, kernel, linux-firmware, nghttp2, nodejs, and podman), SUSE (libndp, nodejs18, nodejs20, tomcat, and xen), and Ubuntu (gtk+2.0, gtk+3.0 and linux-hwe-5.4, linux-oracle-5.4).

SUSE has, in a somewhat clumsyfashion, asked openSUSEto consider rebranding to clear up confusion over therelationship between SUSE the company and openSUSE as a communityproject. That, in turn, has opened conversations about revisingopenSUSE governance and more. So far, there is no concrete proposal toconsider, no timeline, or even a process for the community and companyto follow to make any decisions.

Amir Goldstein led a filesystem-track session at the 2024 Linux Storage,Filesystem, Memory Management, and BPF Summit on his project to build ahierarchicalstorage management (HSM) system using fanotify.The idea is to monitor file access in order to determine when to retrievecontent from non-local storage (e.g. the cloud). The session was afollow-up to last year's introduction to theproject, which covered some of the problems he had encountered; thisyear, hewas updating attendees on its status and progress, along with some otherproblem areas that he wanted to discuss.

Redox has received agrant to work on implementing POSIX-compatible signals. Thedraft design calls for them to be implemented nearly completely in user space.

Security updates have been issued by Debian (kernel), Fedora (erlang-jose, mingw-python-certifi, and yt-dlp), Mageia (firefox, nss, libreoffice, sendmail, and tomcat), Red Hat (firefox, ghostscript, git-lfs, kernel, kernel-rt, ruby, and skopeo), SUSE (Botan, cockpit, kernel, nodejs18, p7zip, python3, and tomcat), and Ubuntu (ghostscript, linux, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-azure-6.5, linux-gcp-6.5, and linux-gke, linux-nvidia).

On June 25, Matthew Wilcox posteda second version of a patch setintroducing a newdata structure called rosebush, which"is a resizing, scalable, cache-aware, RCU optimised hashtable." The kernel already has generic hash tables, though, includingrhashtable. Wilcox believes that the design ofrhashtable is not the best choice for performance, and has written rosebush asan alternative for use in thedirectory-entry cache (dcache) - the filesystem cache used to speed upfile-name lookup.

The 6.10 kernel was releasedon July14 after a nine-week development cycle. This time around,13,312 non-merge changesets were pulled into the mainline repository - thelowest changeset count since 5.17 in early 2022. Longstanding traditionsays that it is time for LWN to gather some statistics on where the newcode for 6.10 came from and how it got to the mainline; read on for thedetails.

Greg Kroah-Hartman has released the 6.6.40and 6.1.99 stable kernels. Both contain afix for the USB subsystem; anyone who uses those kernel series and "the XHCIUSB host controller driver (i.e. USB 3) must upgrade".

Security updates have been issued by Fedora (cups, krb5, pgadmin4, python3.6, and yarnpkg), Mageia (freeradius, kernel, kmod-xtables-addons, kmod-virtualbox, and dwarves, kernel-linus, and squid), Red Hat (ghostscript, kernel, and less), SUSE (avahi, c-ares, cairo, cups, fdo-client, gdk-pixbuf, git, libarchive, openvswitch3, podman, polkit, python-black, python-Jinja2, python-urllib3, skopeo, squashfs, tiff, traceroute, and wget), and Ubuntu (linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-ibm, linux-ibm-5.4, linux-kvm).

Linus hasreleasedthe 6.10 kernel.

The GNOME Foundation has announcedthat executive director Holly Million is stepping down at the end ofJuly, and will be replaced by Richard Littauer as interim executivedirector:

Linux Mint has released a beta of itsnext long-term-support (LTS) release, LinuxMint22 (code-named "Wilma"), based on Ubuntu24.04. Aside from the standardsoftware updates that come with any major upgrade, some of Wilma'slargest selling points are what it doesn't have; namely snappackages or GNOME applications that have broken theming on non-GNOMEdesktops like Mint's Cinnamon desktop.

Security updates have been issued by Debian (apache2), Fedora (mingw-python3 and python-urllib3), Oracle (dotnet6.0, dotnet8.0, fence-agents, openssh, pki-core, and virt:ol and virt-devel:rhel), SUSE (apache2, firefox, libvpx, oniguruma, python-zipp, python310, thunderbird, and tomcat10), and Ubuntu (apache2, apport, linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi, linux, linux-gcp, linux-nvidia-6.5, linux-raspi, linux-gke, and python-django).

Since thedisagreements that led to Eelco Dolstrastepping down from the NixOSFoundation board, there have been a number of projects forked from or inspiredbyNix that have stepped up to compete with it. Two months on, some of theseprojects are now well-established enough to look at what they have to offer andhow they compare to each other. Overall, users have a number of good options tochoose from, whether they're seeking a compatible replacement for Nix (theconfiguration language and package manager) or NixOS (the Linux distribution),or something that takes the same ideas in a different direction.

The sixth edition of the Power Management and Schedulingin the Linux Kernel (OSPM) Summit took place on May 30-31 2024, and wasgraciously hosted by the Institut deRecherche en Informatique de Toulouse (IRIT) in Toulouse, France. Thisis the first of a series of articles describing the discussions held atOSPM 2024; topics covered include latency hints, energy-aware scheduling,ChromeOS, and user-space schedulers.

The 6.9.9, 6.6.39, and 6.1.98 stable kernels have been released. Asusual, they contain lots of important fixes throughout the tree.

Security updates have been issued by AlmaLinux (dotnet6.0, dotnet8.0, fence-agents, and virt:rhel and virt-devel:rhel), Debian (exim4 and firefox-esr), Fedora (dotnet8.0, firefox, onnx, qt6-qtbase, squid, and wordpress), Mageia (golang, netatalk, php, and poppler), Red Hat (ghostscript, httpd, openssh, python3, and ruby), Slackware (mozilla), SUSE (kernel and openssh), and Ubuntu (linux-aws-5.4, linux-azure, linux-ibm-5.15, and python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12).

The research value of thisUSENIX paper by Hongyu Li et al. is not entirely clear, but it doesshow that the Rust-for-Linux project is gaining wider attention.

The LWN.net Weekly Edition for July 11, 2024 is available.

Doug Brown documentsthe long journey to fixing a bug in the GDebi utility forinstalling Debian packages. He first encountered the bug inUbuntuMATE18.04: "at the time I just ignored thisissue. I didn't want to deal with it. I went off to the trusty Linuxterminal and installed Chrome that way instead".

Fedora Atomic Desktopand Fedora IoT systems installedbefore Fedora40 may fail to boot after an update if secure bootis enabled. Fedora Magazine has apost by Timothee Ravier about the problem, how users can workaround it, and what the project is doing to avoid the similar problemsin the future:

The eventfs filesystem provides an interface to the tracepoints that are availableto be used by various Linux tracing tools (e.g. ftrace, perf, uprobes,etc.); it is meant to be a version of the tracefs filesystem thatdynamically allocates its entries as needed. The goal is to reduce the memoryrequired for multiple instances of tracefs, as Steven Rostedt described ina session at the 2022Linux Storage,Filesystem, Memory Management, and BPF Summit. He returned to the 2024edition of the summit to talk further about how to make pseudo (or virtual)filesystems, such as tracefs/eventfs, more like regular Linux filesystems,where the directory entries (dentries) and inodes are only created (andcached) as needed.

Sxmo, short for "Simple X Mobile", is described on its web site as "aminimalist environment for Linux mobile devices"; it offers a menu-driveninterface that is controlled with the phone's hardware buttons. Sxmo enables the userto send SMS messages from a text editor and is entirely customizable withshell scripts. This peculiar mobile user interface significantly differsfrom the prevailing approach-but it works.

Security updates have been issued by AlmaLinux (buildah, gvisor-tap-vsock, kernel-rt, libreswan, linux-firmware, pki-core, and podman), Fedora (firefox and jpegxl), Gentoo (Buildah, HarfBuzz, and LIVE555 Media Server), Oracle (buildah, gvisor-tap-vsock, kernel, libreswan, and podman), Red Hat (containernetworking-plugins, dotnet6.0, dotnet8.0, fence-agents, kernel, libreswan, libvirt, perl-HTTP-Tiny, python39:3.9, toolbox, and virt:rhel and virt-devel:rhel modules), SUSE (firefox, freeradius-server, haproxy, jbigkit, kernel, kernel-firmware, pam, ppp, python3-cryptography, skopeo, and tar), and Ubuntu (dotnet6, dotnet8, exim4, firefox, golang-1.21, golang-1.22, openssh, and python-django).

There are a number of kernel filesystems that store their directory entriesdirectly in the directory-entry cache (dcache) without having any permanentstorage for those objects. It started out as a "neat hack" for ramfs,Al Viro said, at the start of his filesystem-track session atthe2024 Linux Storage,Filesystem, Memory Management, and BPF Summit. Unfortunately, as the useof this technique has grown into other filesystems, there has been a lot ofscope creep that has gotten out of control. He wanted to discuss some newinfrastructure that he is working on to try to clean some of that up.

Version128.0 of the Firefox browser has been released. Changes this timeinclude the ability to translate highlighted phrases from the context menu,display of recent searches on opening the address bar (US/Canada only), astreamlined dialog for clearing user data, and more.

ThePSP security protocol (PSP) is a way to transparently encrypt packets byefficiently offloading encryption and decryption to the networkinterface cards (NICs) that Google uses for connections inside its data centers. Theprotocol is similar toIPsec, in that it allows for wrapping arbitrary trafficin a layer of encryption. The difference is that PSP is encapsulated in UDP, anddesigned from the beginning to reduce the amount of state that NICshave to track in order to send and receive encrypted traffic, allowing for moresimultaneous connections. Jakub Kicinskiwants to add support for the protocol to the Linux kernel.

Alexander "Solar Designer" Peslyak has disclosed another OpenSSHvulnerability that can be exploited for remote code execution, but onlyon distributions that have applied a patch to add auditing support.Specifically, RHEL9 and derivatives are affected, as areFedora36 and37 (but not later releases).

Security updates have been issued by AlmaLinux (virt:rhel and virt-devel:rhel), Fedora (ghostscript, golang, httpd, libnbd, netatalk, rust-sequoia-chameleon-gnupg, rust-sequoia-gpg-agent, rust-sequoia-keystore, rust-sequoia-openpgp, and rust-sequoia-sq), Mageia (apache), Red Hat (booth, buildah, edk2, fence-agents, git, gvisor-tap-vsock, kernel, kernel-rt, less, libreswan, linux-firmware, openssh, pki-core, podman, postgresql-jdbc, python3, tpm2-tss, virt:rhel, and virt:rhel and virt-devel:rhel modules), SUSE (krb5, poppler, and python-docker), and Ubuntu (apache2, cinder, glance, nova, and Tomcat).

The 6.6.38 stable kernel update has beenreleased, without the benefit of the usual review process. It reverts someBPF changes with patches that do not appear in the mainline (in this form,at least). "All powerpc and arm64 users of the 6.6 kernel series mustupgrade. Everyone else probably should as well to be safe."

On his blog, Behdad Esfahbod has published a lengthy and detailed look at the state of open-source text rendering. It looks at the libraries available, application support, future directions, and gives a summary analysis of the ecosystem.

At DevConf.cz 2024,Marta Lewandowska gave a talk to discuss anew approach for booting Linux systems, "No more bootloader: Please use the kernel instead". The talk, available onYouTube, introduced a new project called nmbl (for "no more bootloader",pronounced "nimble"). The idea is to get rid of bootloaders (e.g., GNU GRUB) with aUnifiedKernel Image (UKI) that removes the need for a separate bootloaderaltogether. It is early days for nmbl, currently the project is onlybeing tested for use with virtual machines, but the idea iscompelling. If successful, nmbl could offer security, performance, andmaintenance benefits compared to GRUB and other separate bootloaders.

Version 15.1 of the GNU debugger has been released. Changes include anumber of enhancements to GDB's Python support, some Debugger AdapterProtocol additions, some new GDBserver options, and more.

Security updates have been issued by AlmaLinux (openssh), Debian (krb5), Fedora (yt-dlp), Gentoo (firefox, KDE Plasma Workspaces, Stellarium, thunderbird, and X.Org X11 library), Mageia (python-js2py and znc), Oracle (389-ds, c-ares, container-tools, cups, go-toolset, httpd:2.4/httpd, iperf3, kernel, less, libreoffice, libuv, nghttp2, openldap, openssh, python-idna, python-jinja2, python-pillow, python3, python3.11-PyMySQL, and xmlrpc-c), Red Hat (kernel, kernel-rt, openssh, and virt:rhel and virt-devel:rhel modules), and SUSE (go1.21, go1.22, krb5, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, netty3, opera, and python-urllib3).

The 6.10-rc7 kernel prepatch is out fortesting.