LWN.net

Version 22.1 of theAndroid-based LineageOS distribution is out.

Security updates have been issued by Debian (debootstrap) and SUSE (assimp-devel, grpc, libQt6Pdf6, and poppler).

Kees Cook describeshis work resulting in a kernel documentation commit whose ID shares thesame first 12 characters as the initial commit in the kernel's repository.

The origins of the TCP and UDP network protocols can be traced back a full50years. Even though networks and their use have changed radicallysince those protocols were designed, they can still be found behind mostnetworking applications. Unsurprisingly, these protocols are not optimalfor all situations, so there is ongoing interest in the development ofalternatives. One such is the Homatransport protocol, developed by John Ousterhout (of Tcl/Tk and Raft fame, among other accomplishments),which is aimed at data-center applications. Ousterhout is currently tryingto get aminimal Homa implementation into the kernel.

Security updates have been issued by Debian (gst-plugins-good1.0 and opensc), Fedora (iwd and libell), and SUSE (chromium, govulncheck-vulndb, and poppler).

The 6.13-rc5 kernel prepatch is out fortesting. Linus says: "It's been another week, but I'm happy to reportthat clearly most people actually seem to have been enjoying the holidays,because rc5 is tiny"

Greg Kroah-Hartman has posted three new stable kernel updates:6.12.7,6.6.68, and6.1.122. As usual, he warns that all users ofstable kernels must upgrade, although for many systems that seems unlikely tohappen until January.

Security updates have been issued by Debian (node-postcss), Fedora (age, dr_libs, incus, libxml2, moodle, and python-sql), and SUSE (poppler and python-grpcio).

Continuing its tradition of yearly major releases on December 25, the Ruby programming-language projecthas releasedRuby 3.4.0 (followed quickly by 3.4.1,which simply updates the version number). Ruby 3.4 includes lots ofchanges, including the addition of it as aless-confusing shorthand for _1 as a block parameter, switching toPrism as the defaultparser, adding the Happy Eyeballsversion2 algorithm to the socket library,just-in-time (JIT) compiler (YJIT) improvements, garbage-collectionmodularization, and more.

Security updates have been issued by Debian (fastnetmon, webkit2gtk, and xen), Fedora (sympa), Oracle (postgresql), and Red Hat (pcp, tigervnc, and xorg-x11-server and xorg-x11-server-Xwayland).

The LWN.net Weekly Edition for December 26, 2024 is available.

It is often said that the definition of insanity is repeating the sameaction and expecting different results. Be that as it may, LWN hasrepeatedly started a new year with a set of predictions, only to have toreview how badly they went at the end. There was no break in that patternthis year, so there is no help for it; the time has come to review our 2024 predictions in the hope that theycame out better this time around.

Security updates have been issued by Fedora (sympa and tomcat), Red Hat (kernel), and SUSE (poppler).

The systemd v257 release brings a number of incrementalenhancements to various components and utilities for working withLinux systems. This includes more support for varlink, automateddownloading of disk images at boot time, and a number of improvementsto the secure-boot process for unified kernel images (UKIs), which wehave covered in a separatearticle.

Security updates have been issued by AlmaLinux (containernetworking-plugins, edk2:20240524, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, libsndfile:1.0.31, mpg123:1.32.9, pam, php:8.1, php:8.2, python3.11, python3.11-urllib3, python3.12, python3.9:3.9.21, skopeo, and unbound:1.16.2), Debian (intel-microcode), Fedora (python3-docs and python3.12), Mageia (emacs), Red Hat (podman), and SUSE (gdb, govulncheck-vulndb, libparaview5_12, mozjs115, mozjs78, and vhostmd).

The systemd project has been working for some time onpromotingunified kernelimages (UKIs), a format that bundles a kernel, initial disk image, kernel command line, andother associated data into a single file. The advantage of the format is the ability toauthenticate the entire collection with secure boot, which makes it easier forend users to know that their operating system hasn't been tampered with. Thedownside is the lack of flexibility and increase in disk usage, since all of thethings packaged in a UKI must be updated together. But therecent systemd 257 release (along with other changes to be covered in a future article) includes somemajor changes to the UKI format, and the rest of the boot process, thatpartially mitigate those downsides. The release also includes improvements forhardware-locked disk encryption, which may also help secure some computers.

The Fedora Project has announcedthe results of the Fedora Linux 41 election cycle. Five seats wereopen on the Fedora EngineeringSteering Committee (FESCo), and the winnersare Kevin Fenzi, Zbigniew Jdrzejewski-Szmek, David Cantrell, TomaHrka, and Fabio Alessandro Locati. One seat was open on the MindshareCommittee and that went to Luis Bazan as the only eligiblecandidate nominated in this period.

In the past, suspensions of Python core developers have effectively beenpermanent because the recipients of the punishment chose not to return.Things have played out quite differently after Tim Peters was suspended for three months back in August;Peters has been posting to the Python discussion forum since his suspensionended in early November and, generally, getting back to work as usual.That does not mean that he-or others in the community-have accepted the wayhe was treated, but he has largely made his peace with it. The incident isstill reverberating through the Python world, however.

Security updates have been issued by Debian (gst-plugins-base1.0, libxstream-java, php-laravel-framework, python-urllib3, and sqlparse), Fedora (chromium, libcomps, libdnf, mingw-directxmath, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-orc, ofono, prometheus-podman-exporter, python3-docs, python3.13, and webkitgtk), Mageia (mozjs78, thunderbird, and tomcat, tomcat packages), SUSE (aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative, chromedriver, govulncheck-vulndb, grpc, kernel, python-aiohttp, python-python-sql, and vim), and Ubuntu (linux, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15 and linux-aws, linux-aws-5.4, linux-bluefield, linux-ibm, linux-ibm-5.4, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp).

Linus has released 6.13-rc4 for testing."So this definitely is looking a bit smaller than most rc4s, and Iexpect (and hope) that rc5 will be absolutely tiny because you shouldall already be relaxing over the xmas holidays.But hey, if somebody is out there keeping the lights on, please dokeep testing."

Version5.0.0 of the darktablephotography workflow application has been released. Major changes inthis release include user-interface/user-experience (UI/UX)improvements, speed improvements for bulk operations, and the additionof a inter-script-communication event to allow a runningscript to send messages to another running script. LWN last looked at darktable in2022.

Curl maintainer Daniel Stenberg announcesthat the curl project will be dropping hyper, its experimental HTTP backendwritten in Rust, due to lack of developer interest.

Version 2024.12 of the Debian-based Grml live Linux system for system administrators has been released. Grml 2024.12 uses packages from the upcoming Debian 13 ("trixie") release. It drops support for 32-bit x86 PCs and gains support for 64-bit ARM CPUs. See the release notes for a full list of changes and new features.

Back in 2022, Josh Triplett presented aplan to implement a "spawn new process" functionality in the io_uringsubsystem. There was a fair amount of interest at the time, but developersgot distracted, and the work did not progress. Now, Gabriel KrismanBertazi has returned with a patch seriesupdating and improving Triplett's work. While interest in thisfunctionality remains, it may still take some time before it is ready formerging into the mainline.

Security updates have been issued by Debian (chromium and gunicorn), Fedora (jupyterlab), Oracle (bluez, containernetworking-plugins, edk2:20220126gitbb1bba3d77, edk2:20240524, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, libsndfile, libsndfile:1.0.31, mpg123, mpg123:1.32.9, pam, python3.11-urllib3, skopeo, tuned, and unbound:1.16.2), SUSE (avahi, docker, emacs, govulncheck-vulndb, haproxy, kernel, libmozjs-128-0, python-grpcio, python310-xhtml2pdf, sudo, and tailscale), and Ubuntu (dpdk, linux-hwe-5.15, and linux-iot).

The 6.12.6, 6.6.67, 6.1.121, 5.15.175, 5.10.232, and 5.4.288 stable kernels have been released.As usual, they contain important fixes throughout the kernel tree.

Security updates have been issued by AlmaLinux (bluez, edk2:20220126gitbb1bba3d77, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, kernel-rt, mpg123, php:8.2, python3.11-urllib3, and tuned), Fedora (ColPack, glibc, golang-github-chainguard-dev-git-urls, golang-github-task, icecat, python-nbdime, python3.13, and python3.14), Mageia (kernel, kmod-xtables-addons, kmod-virtualbox, dwarves and kernel-linus), Red Hat (gstreamer1-plugins-base and gstreamer1-plugins-good), SUSE (curl, emacs, git-bug, glib2, helm, kernel, and traefik2), and Ubuntu (gst-plugins-base1.0, gst-plugins-good1.0, gstreamer1.0, libvpx, linux-gcp, phpunit, and yara).

The Fedora Engineering Steering Council (FESCo) has made a series ofmissteps in deciding to revoke a longtime Fedora contributor's provenpackagerstatus. FESCo made the decision during a closed session, based on privatecomplaints. It then publicly announced its decision, including thecontributor's name, while only supplying a vague account of thecontributor's actions. This has left the Fedora community with morequestions than answers, and raised a number of complaints about thetransparency of FESCo's process. In addition, the sequence of events hassparked discussions about package ownership, as well as when and how it'sappropriate to push changes to packages that a developer doesn't own.

fish is a shell with a custom language and several affordances not available out of the box in other shells, such as directory-sensitive command completion. Although the project does not normally make beta releases, the newly announced 4.0b1 releasewill have one in order to ensure that no problems were introducedafter a major effort to switch the code base from C++ to Rust.

The LWN.net Weekly Edition for December 19, 2024 is available.

Emacs has had afew bugs related to accidentallypermitting the execution of untrusted code. Unfortunately, it seems as thoughanother bug of that sort has appeared - and may be harder to patch,because the problem comes from the way Emacs handles expansion of Lisp macros incode being analyzed. Thevulnerability is only practically exploitable in a non-default configuration, sonot every Emacs user has something to worry about. The Emacsdevelopers are reportedly working on a fix, but have not yet shared detailsabout it. In the meantime, every Emacs version since at least26.1 (released in May2018) through the current development version is vulnerable.

Security updates have been issued by AlmaLinux (libsndfile, php:7.4, python3.11, python3.12, and python36:3.6), Debian (dpdk), Mageia (curl and socat), Oracle (firefox and tuned), Red Hat (bluez, containernetworking-plugins, edk2, edk2:20220126gitbb1bba3d77, edk2:20240524, expat, gstreamer1-plugins-base, gstreamer1-plugins-base and gstreamer1-plugins-good, gstreamer1-plugins-good, kernel, libsndfile, libsndfile:1.0.31, mpg123, mpg123:1.32.9, pam, python3.11-urllib3, skopeo, tuned, unbound, and unbound:1.16.2), SUSE (cloudflared, curl, docker, firefox, gstreamer-plugins-good, kernel, libmozjs-115-0, libmozjs-128-0, libmozjs-78-0, libsoup, ovmf, python-urllib3_1, subversion, thunderbird, and traefik), and Ubuntu (editorconfig-core, libspring-java, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-raspi, linux, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-raspi, linux, linux-lowlatency, linux-oracle, linux-aws, linux-aws-5.15, linux-aws, linux-aws-5.4, linux-bluefield, linux-oracle, linux-oracle-5.4, and linux-oem-6.11).

Fedora Magazine reportsthat the Fedora Asahi Remix 41 for Apple Silicon is now available:

Since we last lookedat the WordPressdispute, WP Engine has soughta preliminary injunction against Automattic and its founder Matt Mullenweg torestore its access to WordPress.org, and more. The judgein the case granted a preliminary injunction on December 10. The caseis, of course, of interest to users and developers working withWordPress-but it may also have implications for otheropen-source projects well beyond the WordPress community.

Version2024.4 of the Kali Linux penetration-testing distribution has beenreleased. Changes include a switch to Python3.12, the removal of i386kernel support, GNOME47, and more.

Security updates have been issued by Debian (gstreamer1.0), Fedora (jupyterlab and python-notebook), Oracle (gimp:2.8.22, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, php:8.2, postgresql, and python3.11), SUSE (aws-iam-authenticator, firefox, installation-images, kernel, libaom, libyuv, libsoup, libsoup2, python-aiohttp, socat, thunderbird, and vim), and Ubuntu (curl, Docker, imagemagick, and kernel).

The Sequoia PGP project has announcedversion 1.0 of the sq command-line tool for managing OpenPGPencryption and signatures. It also provides a decentralized publickey infrastructure (PKI), and key management facilities. This isthe first stable release since development began on the project in2017.

Emacs is, famously, aneditor-perhaps far more-that is extensible using its ownvariant of the Lisp programming language, EmacsLisp (or Elisp). This year'sedition of EmacsConf, which is an annual "gathering" that has been heldonline for the past five years, had two separate talks on using a differentvariant of Lisp, Guile,for Emacs. Both projects would preserve Elisp compatibility, which is amust, but they would use Guile differently. The first talk we will coverwas given by Robin Templeton, who described the relaunch of the Guile-Emacs project, which would replacethe Elisp in Emacs with a compiler using Guile. A subsequent article will lookat the other talk, which is about an Emacs clone writtenusing Guile.

Security updates have been issued by Debian (gst-plugins-base1.0, gstreamer1.0, and libpgjava), Fedora (bpftool, chromium, golang-x-crypto, kernel, kernel-headers, linux-firmware, pytest, python3.10, subversion, and thunderbird), Gentoo (NVIDIA Drivers), Oracle (kernel, perl-App-cpanminus:1.7044, php:7.4, php:8.1, php:8.2, postgresql, python3.11, python3.12, python3.9:3.9.21, python36:3.6, ruby, and ruby:2.5), SUSE (docker-stable, firefox-esr, gstreamer, gstreamer-plugins-base, gstreamer-plugins-good, kernel, python-Django, python312, and socat), and Ubuntu (mpmath).

Linus has released 6.13-rc3 for testing."Earlier this week it felt to me like things might have already startedto quiet down in prep for the holidays, but doing the statistics on rc3that doesn't actually seem to be the case - this looks very regular both innumber of commits and in diff size".

Version 4.20of the Xfce desktop environment has been released. "The major focusduring this development cycle was the preparation of the codebase to beready for Wayland". See the Xfce 4.20 tour for anoverview of the changes in this release.

The6.12.5,6.6.66,6.1.120,5.15.174,5.10.231, and5.4.287stable kernels have all been released; each contains a relatively large setof important fixes.

Commits in the Git source-code management system are identified by theSHA-1 hash of their contents - though the specific hash may change someday. The full hash is a160-bit quantity, normally written as a 40-character hexadecimal string.While those strings are convenient for computers to work with, humans findthem to be a bit unwieldy, so it is common to abbreviate the hash values toshorter strings. Geert Uytterhoeven recently proposedincreasing the length of those abbreviated hashes as used in the kernelcommunity, but the problem he was working to solve may not be as urgent asit seems.

Handling time in a networked environment is never easy. TheNetwork Time Protocol (NTP) has been used to synchronize clocks across theinternet for almost 40 years - but, as computers and networks get faster, thedegree of synchronization it offers is not sufficient for some use cases. ThePrecision Time Protocol (PTP) attempts to provide more precisetime synchronization, at theexpense of requiring dedicated kernel and hardwaresupport. The Linux kernel hassupported PTP since 2011, but the protocol has recently seenincreasing use in data centers. As PTP becomes more widespread, it may beuseful to have an idea how it compares to NTP.

The CentOS Project has announcedthe general availability of CentOSStream10. See the release notes for informationon new features, changes, and removed software. The Extra Packages forEnterprise Linux (EPEL) 10 repository is also available,and will be adding minor version repositories:

Security updates have been issued by Debian (chromium, pgpool2, and smarty4), Fedora (chromium, linux-firmware, matrix-synapse, open62541, and thunderbird), Red Hat (kernel, kernel-rt, python3.11, python3.12, python3.9:3.9.18, python3.9:3.9.21, and ruby:2.5), SUSE (buildah, chromium, govulncheck-vulndb, java-1_8_0-ibm, libsvn_auth_gnome_keyring-1-0, python310-Django, qemu, and radare2), and Ubuntu (linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-raspi, linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, php7.0, php7.2, python-asyncssh, and smarty3).

Version1.32 (dubbed "Penelope") of Kubernetes has been released with 13major features graduating to Stable status, 12 entering Beta, and 19entering Alpha.

The Python Package Index (PyPI) Blog has an analysisof the compromise ofthe ultralyticsproject, and what PyPI has learned from this event:

The release of the 4.19.325 stablekernel update on December5 marked the end of an era of sorts.This kernel had been supported for just over six years since its initialrelease in October 2018; over that time, 325 updates were released,adding 30,109 fixes. Few Linux kernels receive public support for so long;it is worth taking a look at this kernel's history to see how it playedout.

Security updates have been issued by Debian (libsoup2.4, python-aiohttp, and upx-ucl), Fedora (iaito, python3.11, python3.9, and radare2), Red Hat (ruby, ruby:2.5, and ruby:3.1), Slackware (mozilla-thunderbird), SUSE (govulncheck-vulndb, nodejs18, nodejs20, and socat), and Ubuntu (ofono and python-tornado).