Linux Weekly News

It is too early to say what the outcome will be in the ongoing fight between Automattic and WP Engine, but the WordPress community at large is already the loser. Automattic founder and CEO Matt Mullenweg has been using his control of the project, and the WordPress.org infrastructure, to punish WP Engine and remove some dissenting contributors from discussion channels. Most recently, Mullenweg has instituted a hostile fork of a WP Engine plugin and the forked plugin is replacing the original via WordPress updates.

While Debian's "sauce" is not actually all that secret, it is not particularly well-known either, Samuel Henrique said at the start of his DebConf24 talk. There is a lot of software-engineering effort that has been put in place by the distribution in order to create and maintain its releases, but "loads of people are not aware" of it. That may be due to the fact that all of that is not really documented anywhere in a central location that he can just point someone to. Recognizing that is what led him to give the talk; hopefully it will be a "first step toward" helping solve the problem.

Security updates have been issued by Debian (docker.io, libreoffice, node-dompurify, python-reportlab, and thunderbird), Fedora (buildah, chromium, kernel, kernel-headers, libgsf, mosquitto, p7zip, podman, python-cramjam, python-virtualenv, redis, rust-async-compression, rust-brotli, rust-brotli-decompressor, rust-libcramjam, rust-libcramjam0.2, rust-nu-command, rust-nu-protocol, rust-redlib, rust-tower-http, thunderbird, and webkit2gtk4.0), Oracle (.NET 6.0, .NET 8.0, e2fsprogs, firefox, golang, openssl, python3-setuptools, systemd, and thunderbird), SUSE (chromium, firefox, java-jwt, libmozjs-128-0, libwireshark18, ntpd-rs, OpenIPMI, thunderbird, and wireshark), and Ubuntu (firefox, python2.7, python3.5, thunderbird, and ubuntu-advantage-desktop-daemon).

The 6.12-rc3 kernel prepatch is out for testing.

So the diffstat looks a bit odd, because one of the fixes here caused the UTF tables to be regenerated, and an effective one-liner change turned into 6703 lines of diff.

But if you ignore that effect, everything looks normal.

At Kangrejos, Gary Guo wanted to discuss three problems with the way Rust and C code in the kernel interact: mismatched types, too many type casts, and the overhead of helper functions. To fix the first two problems, Guo proposed changing the way the kernel maps C types into Rust types. The last problem was a bit trickier, but he has a clever workaround for that, based on tricking the compiler into inlining the helper functions across language boundaries.

Security updates have been issued by AlmaLinux (.NET 6.0, .NET 8.0, and openssl), Debian (firefox-esr), Fedora (firefox), Mageia (php, quictls, and vim), Red Hat (buildah, container-tools:rhel8, containernetworking-plugins, firefox, podman, skopeo, and tomcat), Slackware (mozilla), SUSE (apache-commons-io, kernel, and xen), and Ubuntu (golang-1.17, libgsf, and linux-aws-6.8, linux-oracle-6.8).

Version 24.10 of the Ubuntu distribution is out. This release includes GNOME 47, Linux 6.11, security enhancements for managing Personal Package Archives (PPAs), experimental security controls for Snap packages, and more.

At the recently concluded Maintainers Summit, it was generally agreed that the Rust experiment would continue, and that the path was clear for more Rust code to enter the kernel. But the high-level view taken at such gatherings cannot always account for the difficult details that will inevitably arise as the Rust work proceeds. A recent discussion on the nouveau mailing list may have escaped the notice of many, but it highlights some of the problems that will have to be worked out as important functionality written in Rust heads toward the mainline.

Mozilla has released Firefox versions 131.0.2, ESR 128.3.1, and ESR 115.16.1. These updates address a severe, remotely exploitable code-execution vulnerability that is evidently already being exploited. Updating to a fixed release seems like a wise thing to do.

Greg Kroah-Hartman has announced the release of the 6.11.3, 6.10.14, 6.6.55, and 6.6.56 stable kernels. The 6.6.56 release fixes a problem with building perf in 6.6.55; "If you do not use the perf tool in the 6.6.y tree, there is no need to upgrade.". Meanwhile, 6.10.14 is the last of the 6.10.y series, so users should now be moving to 6.11.y. Other than 6.6.56, they contain the usual long list of important fixes throughout the kernel tree.

Security updates have been issued by Debian (chromium), Fedora (firefox, koji, unbound, webkit2gtk4.0, and xen), Red Hat (glibc, net-snmp, and tomcat), Slackware (mozilla), SUSE (apache-commons-io, buildah, cups-filters, liboath-devel, libreoffice, libunbound8, podman, and redis), and Ubuntu (cups-browsed, cups-filters, edk2, linux-raspi-5.4, and oath-toolkit).

The LWN.net Weekly Edition for October 10, 2024 is available.

Bindgen is a widely used tool that automatically generates Rust bindings from C headers. The Rust-for-Linux project uses it to create some of the bindings between Rust code and the rest of the kernel. John Baublitz presented at Kangrejos about the improvements that he has made to the tool in order to make the generated bindings easier to use, including improved support for macros, bitfields, and enums.

The Julia project has released version 1.11.0. A separate blog post covers some of the highlights. The release includes a number of helpful features.

In previous Julia versions, there was no "programmatic way" of knowing if an unexported name was considered part of the public API or not. Instead, the guideline was basically that if it was not in the manual then it was not public which was a bit underwhelming. To remedy that, there is now a public keyword in Julia that can be used to indicate that an unexported name is part of the public API.

Security updates have been issued by AlmaLinux (firefox, mod_jk, and thunderbird), Debian (apache2 and firefox-esr), Fedora (crosswords, logiops, p7zip, and perl-App-cpanminus), Red Hat (.NET 6.0, firefox, git, kernel, kernel-rt, openssl, and thunderbird), SUSE (buildah, json-lib, kernel, Mesa, mozjs78, pgadmin4, podman, podofo, qatlib, redis7, roundcubemail, rusty_v8, and seamonkey), and Ubuntu (dotnet6, dotnet8, nginx, and ruby-webrick).

In the early days of open source, it was a struggle to get companies to accept the concept and trust its development model. Now, companies have few qualms about using it, but do tend to take open source and those who maintain it for granted. The struggle now is to find ways to compensate producers of the software, sustain the open‑source commons, and avoid burning out maintainers. The Open Source Pledge project is an effort to persuade companies to pay maintainers by making it a social norm. On October 8, the project is launching a marketing campaign to raise awareness and try to get a larger conversation started around paying maintainers.

Alice Ryhl has been working to enable tracepoints — which are widely used throughout the kernel — to be seamlessly placed in Rust code as well. She spoke about her approach at Kangrejos. Her patch set enables efficient use of static tracepoints, but supporting dynamic tracepoints will take some additional effort.

Security updates have been issued by Debian (kernel), Fedora (webkitgtk), Mageia (cups), Oracle (e2fsprogs, kernel, and kernel-container), Red Hat (buildah, container-tools:rhel8, containernetworking-plugins, git-lfs, go-toolset:rhel8, golang, grafana-pcp, podman, and skopeo), SUSE (Mesa, mozjs115, podofo, and redis7), and Ubuntu (cups and cups-filters).

OpenBSD 7.6 has been released. Notable new features include work to improve suspend/resume on modern hardware, support for the arm64 Qualcomm Snapdragon X Elite laptops, as well as many improvements in hardware support and driver bug fixes.

With this release all files that existed in the first commit in the OpenBSD source repository have been updated, modified or replaced at some point in time, reaching OpenBSD of Theseus.

See the changelog for all changes between OpenBSD 7.5 and 7.6.

The recent WordPress controversy is not the first time there's been tension between the WordPress community, the interests of Automattic as a business, and Matt Mullenweg's leadership as WordPress's benevolent dictator for life (BDFL). In particular, Mullenweg's focus on pushing WordPress to use a new "editing experience" called Gutenberg caused significant friction—and led to the ClassicPress fork. Users who want to preserve the "classic" WordPress experience without straying too far from the WordPress fold may want to look into ClassicPress.