LWN.net

VersionR1/beta5 for the Haikuproject, an open-source "spiritual successor to BeOS", has been released. Notablechanges in this release include a TUN/TAP network driver, basicsupport for USB audio devices, TCP throughput improvements, arewritten driver for the FAT filesystem, read-only support forUnix File System 2 (UFS2), as well as hundreds of bug fixes andperformance improvements since the last release inDecember 2022. Thanks to Paul Wise for the tip.

A Linux system is made up of a large number of interdependent components,all of which must support each other well. It can thus be surprising that,it seems, the developers working on those components do not often speakwith each other. In the hope of improving that situation, efforts havebeen made in recent years to attract toolchain developers to thekernel-heavy Linux Plumbers Conference. This year, though, the oppositehappened as well: the 2024GNU Tools Cauldron hosted a discussion where kernel developers wereinvited to discuss their needs.

Version19.1.0 of the LLVM compiler suite has been released:

Security updates have been issued by AlmaLinux (pcs), Debian (expat, galera-4, libreoffice, mariadb-10.5, and php-twig), Fedora (chromium), Red Hat (ghostscript and git), SUSE (gstreamer-plugins-bad, gstreamer-plugins-bad, libvpl, python-dnspython, python3, and python36), and Ubuntu (expat, frr, libxmltok, linux-xilinx-zynqmp, openssl, and quagga).

Kangrejos 2024 started off with a talk from Benno Lossin about hisrecent workto establish a standard for safety documentation in Rust kernel code. Lossinbegan his talk by giving a brief review of what safety documentation is, andwhy it's needed, before moving on to the current status of his work. Safetydocumentation is easier to read and write when there's a shared vocabulary fordiscussing common requirements; Lossin wants to establish that shared vocabularyfor Rust code in the Linux kernel.

Vanilla OS, an immutable desktopLinux distribution designed for developers and advanced users, hasrecently published its 2.0"Orchid" release. Previously based on Ubuntu, Vanilla OS has nowshifted to Debian unstable ("sid"). The release has made it easier toinstall software from other distributions' package repositories, and itis now theoretically possible to install and run Android applications as well.

Four researchers have published a formal proof that Linux's new deterministic random bit generator (DRBG) is secure in a particular sense - specifically, that the number of queries that would need to be made to it to uncover its internal state depends on the quality of the entropy it can collect from different sources. As long as it can gather enough entropy, it produces secure random numbers.

The generation of binary code for the kernel's BPF virtual machine has beenlimited to the Clang compiler since the beginning; even developers whouse GCC to build kernels must use Clang to compile to BPF. Work hasbeen underway for some years on adding a BPF backend to GCC as well; thedevelopers involved ran a session at the 2024 GNU Tools Cauldron toprovide an update on that project. It would seem that the BPF backend isclose to being ready for production use.

Security updates have been issued by Debian (php-twig and pymongo), Fedora (linux-firmware, microcode_ctl, and python3.13), Mageia (clamav, microcode, postgresql13 and postgresql15, python3-webob, suricata, tcpreplay, tgt, and wireshark), Oracle (httpd, kernel, and linux-kernel), Red Hat (firefox, kernel, kernel-rt, pcs, and thunderbird), SUSE (389-ds, chromium, golang-github-prometheus-prometheus, htmldoc, kernel, SUSE Manager Client Tools, and wireshark), and Ubuntu (clamav, curl, dcmtk, dovecot, nginx, openssh, and python3.10, python3.12, python3.8).

The Linux Foundation has announcedthe creation of the OpenSearch SoftwareFoundation as a vendorneutral home for the OpenSearch search and observabilitysoftware:

The FedoraEngineering Steering Committee (FESCo) has voted toimmediately remove the WolfSSL package from all of Fedora'srepositories due to its maintainer failing to gain approval to packagea new cryptography library for Fedora. Its brief travels throughFedora's package system highlights gaps in documentation, as well asin the packagereview process. The good news is that this may stirFedora to improve its documentation and revive a formal securityteam.

Version 8.0.0 ofthe Valkey open-source in-memory datastore is now available. This is the first major release of Valkeysince the project forked from Redis in March of this year:

The 6.11 kernel was releasedon September15 after a typical nine-week development cycle. Thisrelease integrates 13,890 non-merge changesets, so it was a moderately busycycle, slightly more so that 6.10 was. With a new release comes a new roundof development statistics; read on for the details.

Security updates have been issued by Debian (git, nodejs, and ring), Fedora (apr, bubblewrap, chromium, clamav, flatpak, mingw-expat, python3-docs, python3.12, and thunderbird), Mageia (assimp, botan2, python-tqdm, and radare2), Slackware (libarchive), and SUSE (curl).

Linus has released the 6.11 kernel."I'm once again on the road and not in my normal timezone, but it'sSunday afternoon here in Vienna, and 6.11 is out."Significant changes in this release includenew io_uring operations for bind() and listen(),the nested bottom-half locking patches,the ability to write to busy executablefiles,support for writing block drivers in Rust,support for atomic write operations in theblock layer,the dedicated bucket slab allocator,the vDSO implementation of getrandom(),and more. See the LWN merge-window summaries(part1,part2) for more information.

The GNOME Foundation has announcedthat it is looking for a new Executive Director following the departure of Holly Millionin July:

Germany's SovereignTech Fund (STF) has agreed to invest 688,800to improve the security, stability, and functionality of Samba. The investment will takeplace over three years and will be managed by SerNet, a company thatemploys several Samba core developers and offers support forSamba. According to its announcement,work has already begun and is expected to complete in 2026:

Read-copy-update (RCU) is a synchronization mechanism that was added to theLinux kernel in October 2002. RCU is most frequently used as a replacementfor reader-writer locking, but is also used in anumber of other ways. This article covers recent changes to the RCUAPI; it was contributed by Paul McKenney, Boqun Feng, Frederic Weisbecker,Joel Fernandes, Neeraj Upadhyay, and Uladzislau Rezki.

Security updates have been issued by Fedora (haproxy, osc, and python3.11), Oracle (389-ds:1.4), Red Hat (kernel), SUSE (clamav, colord, kernel, postgresql16, and qemu), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux-azure, linux-azure-5.15, linux-azure-fde, linux-lowlatency-hwe-6.8, linux-nvidia-6.8, and linux-xilinx-zynqmp).

Version7.1.0 of the VirtualBox virtualization system has beenreleased. Changes include a major GUI update, a new Network AddressTranslation (NAT) engine with IPv6 support, shared clipboard support on Wayland, and more.

Debian does not have an official way to configurenetworking. Instead, it has fourrecommended ways to configure networking, one of which is thevenerable ifupdown, whichhas been part of Debian since the turn of the century and is showing itsage. A conversation about its maintainability and possible replacement with ifupdownng hasled to discussions about the default network-management tools forDebian "trixie"(Debian 13, which is expected in 2025) and beyond. No route to consensushas been found, yet.

Greg Kroah-Hartman has announced the release of seven new stable kernels:6.10.10, 6.6.51, 6.1.110, 5.15.167, 5.10.226 5.4.284, and 4.19.322. As usual, they all contain lots ofimportant fixes throughout the kernel tree.

Security updates have been issued by Debian (chromium and redis), Fedora (nextcloud, python3.10, python3.13, python3.6, vim, and wolfssl), Mageia (expat, libpcap, and microcode), Oracle (dovecot, kernel, and kernel-container), Red Hat (kernel and krb5), SUSE (389-ds, colord, containerd, curl, expat, glib2, go1.22, go1.23, kernel, libpcap, postgresql16, and runc), and Ubuntu (expat, libxmltok, linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-oem-6.8, linux-oracle, linux-aws-5.4, linux-azure-5.4, linux-gcp-5.4, linux-hwe-5.4, linux-ibm-5.4, linux-oracle-5.4, linux-raspi-5.4, linux-azure, linux-iot, linux-nvidia, linux-nvidia-lowlatency, python-setuptools, setuptools, tiff, and unbound).

The LWN.net Weekly Edition for September 12, 2024 is available.

The Python community has been roiled, to a certain extent, by an actiontaken bythe steering council (SC): the three-month suspensionof a unnamed-weirdly-Python core developer. Tim Peters is the developerin question, as he has acknowledged,though it could easily be deduced from the SC message. Peters has beeninvolved in theproject from its early days and, among many other things, is the author ofPEP20 ("The Zen ofPython"). The suspension was due to violations of the project's code ofconduct that stem from the discussion around a somewhat controversial setof proposed changes to the bylaws for the Python Software Foundation(PSF) back in mid-June.

Security updates have been issued by AlmaLinux (389-ds:1.4, dovecot, emacs, and glib2), Fedora (bluez, iwd, libell, linux-firmware, seamonkey, vim, and wireshark), Mageia (apr, libtiff, Nginx, openssl, orc, unbound, webmin, and zziplib), Red Hat (389-ds:1.4), and SUSE (containerd, curl, go1.22, go1.23, gstreamer-plugins-bad, kernel, ntpd-rs, python-Django, and python311).

Version3.4 of the Pandocdocument-conversion tool has been released. Notable changes in thisrelease include a new ANSI output format (for console output), a switch to WeasyPrint as the PDF engine forHTML to PDF conversion, the ability to position captionsabove or below tables and figures, and much more.

CPU scheduling is a challenging job; since it inherently requires makingguesses about what the demands on the system will be in the future, itremains reliant on heuristics, despite ongoing efforts to remove them.Some of those heuristics take special note of tasks that are (or appear tobe) waiting for fast I/O operations. There is some unhappiness, though,with how this factor is used, leading to a couple of patches taking ratherdifferent approaches to improve the situation.

Version 1.0of the Radicle development platform has been released.

Security updates have been issued by Debian (cacti), Fedora (aardvark-dns, expat, and firefox), Mageia (ffmpeg, ntfs-3g, and vim), Oracle (emacs, glib2, java-11-openjdk, and qt5-qtbase), Red Hat (emacs, python-setuptools, python3.11, python3.11-setuptools, python3.12-setuptools, python3.9, and python39:3.9), Slackware (netatalk), SUSE (buildah, expat, java-1_8_0-ibm, kanidm, kernel, and postgresql16), and Ubuntu (netty, php7.0, php7.2, tiff, and webkit2gtk).

Version0.9.0 of Redox OS,an open-source, Unix-like operating system written inRust, has been released. Notable changes in this release includeperformance and stability improvements, better management of physicaland virtual memory, bootloader improvements, and more. It also bringssupport for RustPython, Perl 5, Simple HTTP Server, the addition ofseveral applications including GNU Nano, Helix, and the COSMICFiles, Editor, and Terminal applications. See the changelogsection of the announcement for a full list of changes in the release.

Many projects struggle with attracting and retaining contributors; Debianis no different in that regard. At DebConf24, Carlos Henrique LimaMelara and Lucas Kanashiro gave a presentation about efforts that theBrazilian Debian community has made to increase participation. Their ideasand the lessonslearned can be applied more widely, both for other Debian communities andfor other projects.

Jacob Adams wanders intothe kernel's hibernation code:

Security updates have been issued by Debian (amanda, aom, bluez, python-jwcrypto, and thunderbird), Fedora (chromium, firefox, and thunderbird), Red Hat (bubblewrap and flatpak, containernetworking-plugins, flatpak, and runc), Slackware (python3), SUSE (apache2, bubblewrap and flatpak, postgresql16, and wireshark), and Ubuntu (thunderbird).

Linus has released 6.11-rc7 for testing.

The6.10.9,6.6.50, and6.1.109stable kernel updates have been released; each contains another set ofimportant fixes.

Code review is in high demand, and short supply, for most open-source projects.Reviewer time is precious, so any tool that can lighten the load is worth exploring.That is why Jesse Brandeburg and Kamel Ayari decided to test whethertools like ChatGPT could review patches to provide quick feedback tocontributors about common problems. In atalk at the Netdev0x18 conference this July, Brandeburg provided an overview of anexperiment using machine learning to review emails containing patchessent to the netdevmailing list. Large-language models (LLMs) will not be replacing human reviewers anytimesoon, but they may be a useful addition to help humans focus on deeperreviews instead of simple rule violations.

The NGINX team has announcedthat official NGINX open-source development has moved away fromMercurial to GitHub, andthe project will now be taking contributionsin the form of pull requests:

Alejandro Colomar, who has been maintaining the Linux man pages for thelast four years, has announcedthat he will have to stop that work.

Work on realtime preemption for the Linux kernel got its start almost exactly 20years ago(though it had its roots in earlier work, of course). It is fair to saythat finishing that job has taken a bit longer than anybody involved wouldhave expected. Now, though, Sebastian Andrzej Siewior has posted a briefpatch series making it possible to enable realtime preemption in themainline kernel on three architectures.

Security updates have been issued by AlmaLinux (bubblewrap, flatpak), Debian (libxml2), Fedora (lua-mpack, mingw-python3, python-django, python-django4.2, python3.11, python3.13, and python3.9), Oracle (bubblewrap, flatpak), Red Hat (fence-agents, python-urllib3, resource-agents, and wget), Slackware (expat and mozilla), SUSE (buildah, chromium, firefox, gradle, java-1_8_0-ibm, kubernetes1.26, postgresql16, python-Django, python312-pip, and systemd), and Ubuntu (python-aiohttp).

Version1.81.0 of the Rust language has been released. Changes include thestabilization of the Error trait in core, some new sortalgorithms, some linting improvements, and more.

OpenSnitch is an"interactive application firewall". Like other firewalls, it uses aseries of rules to decide what network traffic should be permitted. Unlikemany other firewalls, though, OpenSnitch does not ask the user to create a list of rulesahead of time. Instead, the list of rules can be built upincrementally as applications make connections - and the user can peruse boththe rules that have built up over time, and statistics on the connections thathave been attempted.

Version 4.21.0 of the Samba Windows interoperability suite has beenreleased. Changes include some authentication hardening, a number of LDAPimprovements, per-user and per-group veto and hide files, group-managedservice accounts, and quite a bit more.

Security updates have been issued by AlmaLinux (bubblewrap and flatpak, containernetworking-plugins, fence-agents, ghostscript, krb5, orc, podman, python3.11, python3.9, resource-agents, runc, and wget), Debian (chromium, cinder, glance, gnutls28, nova, nsis, python-oslo.utils, ruby-sinatra, and setuptools), Fedora (kernel), Oracle (bubblewrap and flatpak, buildah, containernetworking-plugins, fence-agents, ghostscript, gvisor-tap-vsock, kernel, krb5, libndp, nodejs:18, orc, podman, postgresql, python-urllib3, python3.11, python3.12, python3.9, runc, skopeo, and wget), SUSE (hdf5, netcdf, trilinos), and Ubuntu (firefox, imagemagick, ironic, openssl, python-django, vim, and znc).

The LWN.net Weekly Edition for September 5, 2024 is available.

The call for candidateshas gone out for the 2024 election of members of the Linux FoundationTechnical Advisory Board:

Version 4.0 of the Tellico collection-managementsoftware has been released. This is the first release to use theKDEFrameworks6 and Qt6 libraries, with a fallbackavailable for Frameworks5 and Qt5. Other notable changes in 4.0include importing video collections from file metadata and correctlyimporting multi-disc album data from Discogs, MusicBrainz, and iTunes. Usersof prior versions are advised to make a backup of their data before upgrading.

Much of the early Rust code for the kernel has taken the form ofreimplementations of existing drivers as a proof of concept. One project,though, is entirely new: the driver for Apple GPUs written by Asahi Lina.This driver has shipped with AsahiLinux for some time and, by many accounts, is stable, usable, and ashining example of how Rust can be used in a complex kernel subsystem.That driver remains outside of the mainline kernel, though, and mergingcurrently looks like a distant prospect. The reasons for that state ofaffairs highlight some of the difficulties inherent in integrating a newlanguage (and its associated development style) into the Linux kernel.

The 6.10.8, 6.6.49, 6.1.108, 5.15.166, 5.10.225, 5.4.283, and 4.19.321 stable kernel updates have allbeen released. As usual, they contain important fixes throughout thetree. Users of those kernels should upgrade.