The Linux Foundation TechnicalAdvisory Board (TAB) has decided to "restrict Kent Overstreet'sparticipation in the kernel development process during the Linux 6.13kernel development cycle" based on a recommendation from the Code of Conductcommittee. In particular, the scope of the restriction will be to "decline all pullrequests from Kent Overstreet" during the development cycle.Overstreet is the creator and maintainer of the bcachefs filesystem.Thisaction stems from a messageOverstreet posted back in early September that was abusive toward anotherkernel developer; there is a fair amount of back-and-forth about theincident and the committee's attempts to extract a public apology fromOverstreet in that thread. Overstreet has published a lengthy blog postdescribing his side of the story.
The Linux kernel community's discussions about including Rust havegotten a lot of attention, but the kernel is not the only project wrestlingwith the question of whether to allow Rust. The Git projectdiscussed the prospect in January, and thenagain at the Git Contributor's Summit in September. Complicating thediscussion is the Git project's lack of a policy on platformsupport, and the fact that it does already have tools written in otherlanguages.While the project has not committed to usingor avoiding Rust, it seems like only a matter of time until maintainers willhave to make a decision.
Version8.4.1 of the PHP language has been released. See this page for details onthe new features in this release. "PHP 8.4 is a major update of the PHPlanguage. It contains many new features, such as property hooks,asymmetric visibility, an updated DOM API, performance improvements, bugfixes, and general cleanup."
As of this writing, just over 1,800 non-merge changesets have been pulledinto the mainline kernel for the 6.13 release. That number may seem small,given that a typical merge window brings in at least 12,000 commits, butthe early pulls this time around have focused on significant core changes,and there are quite a few of them. The time has come to summarize thechanges pulled so far, including lazy preemption, multi-grained timestamps,new extended-attribute system calls, and more.
Security updates have been issued by AlmaLinux (kernel, NetworkManager-libreswan, and openssl), Fedora (chromium and llvm-test-suite), Mageia (thunderbird), and Ubuntu (linux-aws-6.8, linux-azure, linux-azure-6.8, linux-oracle-6.8,, linux-azure, and ruby2.7).
At the 2024 X.Org DevelopersConference (XDC), Lyude Paul gave a talk on the work she has been doingas part of the Novaproject, which is an effort build an NVIDIAGPU driver in Rust. She wanted to provide an introduction to RVKMS, whichis being used to develop Rust kernel mode setting (KMS)bindings; RVKMS is a port of the virtual KMS (VKMS)driver to Rust. In addition, she wanted to give her opinion on Rust, and why shethinks it isa "game-changer for the kernel", noting that the reasons are notrelated to the oft-mentioned, "headline" feature of the language: memorysafety.
Version 4.3 ofthe Blender animation system has been released. "Brush assets, fastersculpting, a revolutionized Grease Pencil, and more. Blender 4.3 got youcovered."
CHICKEN Scheme, a portable Scheme compiler, is gearing up for its next major release. Maintainer Felix Winkelmann hassharedan article about what changes to expect in version 6 of the language, including better Unicode support and support for theR7RS (small) Scheme standard.
Version9.5 of the Rocky Linux distribution is out. As with the AlmaLinux 9.5release, Rocky Linux 9.5 tracks the changes in upstream RHEL 9.5. See the release notesfor details.
The most common piece of advice given to users who ask aboutrunning their own mail server is don't. Setting upand securing a mail server in2024 is not for the faint of heart, norfor anyone without copious spare time. Spammers want to flood inboxeswith ads for questionable supplements, attackers want to abuse serversto send spam (or worse), and getting the big providers to accept mailfrom small servers is a constant uphill battle. Michael W. Lucas,however, encourages users to thumb their nose at the "EmailEmpire", and declare email independence. His self-published book,Run Your Own MailServer, provides a manual (and manifesto) for users who areinterested in the challenge.
Version 6.7 of the Incus container-management system (forked from LXD) hasbeen released. "This is another one of those pretty well roundedreleases with new features and improvements for everyone". Newfeatures include automatic cluster rebalancing, DHCP improvements, and more.
The FreeBSD Foundation has announcedthe release of a securityaudit report conducted by security firm Synacktiv. The audit uncovereda number of vulnerabilities:
Linus Torvalds releasedthe 6.12 kernel on November17, as expected. This developmentcycle, the last for 2024, brought 13,344 non-merge changesets into themainline kernel; that made it a relatively slow cycle from thisperspective, but 6.12 includes a long list of significant new features.The time has come to look at where those changes came from, and to look atthe year-long LTS cycle as well.
Linus has released the 6.12 kernel."No strange surprises this last week, so we're sticking to the regularrelease schedule, and that obviously means that the merge window openstomorrow.".Headline features in this release include:support for the Armpermission overlay extension,better compile-time control over which Spectre mitigations to employ,the last pieces of realtime preemption support,the realtime deadline server mechanism,more EEVDF scheduler development,the extensible scheduler class,the device memory TCP work,use of static calls in the security-modulesubsystem,the integritypolicy enforcement security module,the ability to handle devices with a block size larger than the system pagesize in the XFS filesystem,and more.See the LWN merge-window summaries (part1, part2) and the KernelNewbies 6.12 page formore details.
The OpenWrt router-oriented distribution has long used its own opkgpackage manager. The project has just announced,though, that future releases will use the apkpackage manager from Alpine Linux instead. "This new packagemanager offers a number of advantages over the older opkg system and is asignificant milestone in the development of the OpenWrt platform. The olderopkg package manager has been deprecated and is no longer part ofOpenWrt." There is some more information on thispage.
The kernel's loadable-module facility allows code to be loaded into (andsometimes removed from) a running kernel. Among other things, loadablemodules make it possible to run a kernel with only the subsystems neededfor the system's hardware and workload. Loadable modules can also make iteasy for out-of-tree code to access parts of the kernel that developerswould prefer to keep private; this has led to many discussions in thepast. The topic has returned to the kernel's mailing lists with twodifferent patch sets aimed at further tightening the restrictions appliedto loadable modules.
The Fedora Project is set to welcome a second desktop edition to itslineup after months (or years, depending when one starts the clock)of discussions. The project recently decided to allow a new working group tomove forward with a KDEPlasmaDesktop edition that will sitalongside the existing GNOME-based FedoraWorkstationedition. This puts KDE on a more equal footing within the project,which, it is hoped, will bring more contributors and users interestedin KDE to adopt Fedora as their Linux distribution of choice.
Security updates have been issued by Debian (curl and unbound), Fedora (krb5 and microcode_ctl), Red Hat (kernel and kernel-rt), SUSE (glib2, python3-wxPython, and ucode-intel), and Ubuntu (golang-1.17, golang-1.18, libgd2, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-gke, linux-raspi, linux-raspi, linux-raspi-5.4, and php7.0, php7.2).
The Python Package Index (PyPI) has announcedthat it has finalized support for PEP 740 ("Index supportfor digital attestations"). Trail of Bits, which performedmuch of the development work for the implementation, has an in-depthblog post about the work and its adoption, as well as what is leftundone:
Direct memory access (DMA) I/O is simple in concept: a peripheral devicemoves data directly to or from memory while the CPU is busy doing otherthings. As is so often the case, DMA is rather more complicated inpractice, and the kernel has developed a complicated internal API tosupport it. It turns out that the DMA API, as it exists now, can affectthe performance of some high-bandwidth devices. In an effort to addressthat problem, Leon Romanovsky is making the API even more complex with this patch seriesadding a new two-step mapping API.
A new batch of stable kernels has just been released: 6.11.8, 6.6.61, 6.1.117, and 5.15.172. As usual, they contain importantfixes throughout the kernel tree.
Security updates have been issued by Fedora (llama-cpp, mingw-expat, python3.6, webkit2gtk4.0, and xorg-x11-server-Xwayland), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk & java-latest-openjdk and libarchive), Oracle (expat, gstreamer1-plugins-base, kernel, libsoup, podman, and tigervnc), SUSE (buildah, java-1_8_0-openjdk, and switchboard-plug-bluetooth), and Ubuntu (zlib).
Programming language polyglots are files that are validprograms in multiple languages, and do different things in each. While polyglots are normallynothing more than a curiosity, theCosmopolitan Libc project has been tryingto put them to a novel use: producing native, multi-platform binaries thatrun directly on several operating systems and architectures. There are stillsome rough edges with the project's approach, but it is generally possible tobuild C programs into a polyglot format with with minimaltweaking.
Security updates have been issued by AlmaLinux (expat), Fedora (chromium and golang-github-nvidia-container-toolkit), Mageia (curl, expat, mpg123, networkmanager-libreswan, openssl, php-tcpdf, qbittorrent, and x11-server, x11-server-xwayland, and tigervnc), Red Hat (kernel and libsoup), Slackware (mozilla), SUSE (firefox, kernel, python-PyPDF2, and xen), and Ubuntu (dotnet9, ghostscript, linux-aws, linux-oem-6.8, and pydantic).
Over the years, there has been steady progress in adding security features tocompilers and other tools to assist with hardening the Linux kernel (and, of course, otherprograms). In something of a tradition in the toolchainstrack at the LinuxPlumbers Conference, Kees Cook and Qing Zhao have led a session on that progress andfurther plans; this year, they were joined by Justin Stitt (YouTube video).
Garrett LeSage has written an in-depth articlefor Fedora Magazine about a new web-based user interface (UI) for Fedora's Anacondainstaller, planned to ship with Fedora42. The article looks atthe rationale for moving from GTK3 to a web-based UI, provides anumber of screenshots and demo screencasts, as well as instructions ontrying out the new installer with Fedora Rawhide.
What have been the most significant security-related incidents for theopen-source community in 2024 (so far)? Marta Rybczyska recently ran apoll and got some interesting results. At the 2024 OpenSource Summit Japan, she presented those results along with somecommentary of her own. The events in question are unlikely to be asurprise to LWN readers, but the overall picture that was presented wasworth a look.
Longtime Debian and Tor developer, Jeremy Bobbio-perhaps better known as"Lunar"-diedon November 8. Lunar was one of the founders of the reproduciblebuilds movement and more recently had been working with Software Heritage. Moreinformation and tributes in French can be found at this site. They will be missed.
Back In Time is a GPL-2.0-licensed backup tool based onrsync and written in Python. It has both graphical and command-line interfaces, andsupports backups to local disks or over SSH.Back In Time was originally written byOprea Dan and released in 2009. The tool has beenthrough some rough patches over the years, and is currently on its third set ofmaintainers. Christian Buhtz, one of the current maintainers, explained to mehow he and his co-maintainers had revived the project, as well as why he thoughtBack In Time stood out from all of the existing backup solutions.
Fedora Linux, as a rule, handles version upgrades reasonablywell. However, there are times when users may want to do a freshinstallation rather than an upgrade but preserve existingusers and data under /home. This is a scenario that theFedora installer, currently, does not address. Users can maintain aseparate /home partition, of course, but the installer doesnot incorporate existing users into the new install-that is anexercise left to the user to handle. One solution might be to use systemd-homed, a systemdservice for managing users and home directories. However, a discussionproposing the use systemd-homed as part of Fedora installationuncovered some hurdles, such as trying to blend its approach tomanaging users with tools that centralize user management.
Arthur Cohen has posted adetailed introduction to the gccrs project on the Rust Blog, seeminglywith the goal of convincing the Rust community about the value of theproject.
Flexible arrays - arrays that are declared as the final member of astructure and which have a size determined at run time - have long drawnthe attention of developers seeking to harden the kernel againstbuffer-overflow vulnerabilities. These arrays have reliably been a sourceof bugs, so anything that can be done to ensure that operations on themstay within bounds is a welcome improvement. While many improvements,including the recent counted-by work, havebeen made, one of the most difficult cases remains. Now, however,developers who are interested in using recent compiler bounds-checkingfeatures are trying to get a handle on struct sockaddr.
LWN.net