Linux Weekly News

Security updates have been issued by Debian (git, nodejs, and ring), Fedora (apr, bubblewrap, chromium, clamav, flatpak, mingw-expat, python3-docs, python3.12, and thunderbird), Mageia (assimp, botan2, python-tqdm, and radare2), Slackware (libarchive), and SUSE (curl).

Linus has released the 6.11 kernel. "I'm once again on the road and not in my normal timezone, but it's Sunday afternoon here in Vienna, and 6.11 is out." Significant changes in this release include new io_uring operations for bind() and listen(), the nested bottom-half locking patches, the ability to write to busy executable files, support for writing block drivers in Rust, support for atomic write operations in the block layer, the dedicated bucket slab allocator, the vDSO implementation of getrandom(), and more. See the LWN merge-window summaries (part 1, part 2) for more information.

The GNOME Foundation has announced that it is looking for a new Executive Director following the departure of Holly Million in July:

As the cornerstone of our leadership team, the Executive Director will play a critical role in shaping the strategic direction of the Foundation, working closely with staff, community members, and partners to expand our reach and impact. The ideal candidate will have professional experience working with nonprofits, a strong passion for open-source software, a deep commitment to our community values, and the vision to drive the next phase of GNOME's growth and development.

The window of opportunity for the job is closing quickly, applications are due by September 20.

Germany's Sovereign Tech Fund (STF) has agreed to invest €688,800 to improve the security, stability, and functionality of Samba. The investment will take place over three years and will be managed by SerNet, a company that employs several Samba core developers and offers support for Samba. According to its announcement, work has already begun and is expected to complete in 2026:

The project's focus is on areas like transparent failover, SMB3 UNIX extensions, and modern security protocols such as SMB over QUIC. These improvements are designed to ensure that Samba remains a robust and secure solution for organizations that rely on a sovereign IT infrastructure that is as independent as possible of proprietary software regimes, but including optimal interoperability.

Read-copy-update (RCU) is a synchronization mechanism that was added to the Linux kernel in October 2002. RCU is most frequently used as a replacement for reader-writer locking, but is also used in a number of other ways. This article covers recent changes to the RCU API; it was contributed by Paul McKenney, Boqun Feng, Frederic Weisbecker, Joel Fernandes, Neeraj Upadhyay, and Uladzislau Rezki.

Security updates have been issued by Fedora (haproxy, osc, and python3.11), Oracle (389-ds:1.4), Red Hat (kernel), SUSE (clamav, colord, kernel, postgresql16, and qemu), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux-azure, linux-azure-5.15, linux-azure-fde, linux-lowlatency-hwe-6.8, linux-nvidia-6.8, and linux-xilinx-zynqmp).

Version 7.1.0 of the VirtualBox virtualization system has been released. Changes include a major GUI update, a new Network Address Translation (NAT) engine with IPv6 support, shared clipboard support on Wayland, and more.

Debian does not have an official way to configure networking. Instead, it has four recommended ways to configure networking, one of which is the venerable ifupdown, which has been part of Debian since the turn of the century and is showing its age. A conversation about its maintainability and possible replacement with ifupdown‑ng has led to discussions about the default network-management tools for Debian "trixie" (Debian 13, which is expected in 2025) and beyond. No route to consensus has been found, yet.

Greg Kroah-Hartman has announced the release of seven new stable kernels: 6.10.10, 6.6.51, 6.1.110, 5.15.167, 5.10.226 5.4.284, and 4.19.322. As usual, they all contain lots of important fixes throughout the kernel tree.

Security updates have been issued by Debian (chromium and redis), Fedora (nextcloud, python3.10, python3.13, python3.6, vim, and wolfssl), Mageia (expat, libpcap, and microcode), Oracle (dovecot, kernel, and kernel-container), Red Hat (kernel and krb5), SUSE (389-ds, colord, containerd, curl, expat, glib2, go1.22, go1.23, kernel, libpcap, postgresql16, and runc), and Ubuntu (expat, libxmltok, linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-oem-6.8, linux-oracle, linux-aws-5.4, linux-azure-5.4, linux-gcp-5.4, linux-hwe-5.4, linux-ibm-5.4, linux-oracle-5.4, linux-raspi-5.4, linux-azure, linux-iot, linux-nvidia, linux-nvidia-lowlatency, python-setuptools, setuptools, tiff, and unbound).

The LWN.net Weekly Edition for September 12, 2024 is available.

The Python community has been roiled, to a certain extent, by an action taken by the steering council (SC): the three-month suspension of a unnamed—weirdly—Python core developer. Tim Peters is the developer in question, as he has acknowledged, though it could easily be deduced from the SC message. Peters has been involved in the project from its early days and, among many other things, is the author of PEP 20 ("The Zen of Python"). The suspension was due to violations of the project's code of conduct that stem from the discussion around a somewhat controversial set of proposed changes to the bylaws for the Python Software Foundation (PSF) back in mid-June.

Security updates have been issued by AlmaLinux (389-ds:1.4, dovecot, emacs, and glib2), Fedora (bluez, iwd, libell, linux-firmware, seamonkey, vim, and wireshark), Mageia (apr, libtiff, Nginx, openssl, orc, unbound, webmin, and zziplib), Red Hat (389-ds:1.4), and SUSE (containerd, curl, go1.22, go1.23, gstreamer-plugins-bad, kernel, ntpd-rs, python-Django, and python311).

Version 3.4 of the Pandoc document-conversion tool has been released. Notable changes in this release include a new ANSI output format (for console output), a switch to WeasyPrint as the PDF engine for HTML to PDF conversion, the ability to position captions above or below tables and figures, and much more.

CPU scheduling is a challenging job; since it inherently requires making guesses about what the demands on the system will be in the future, it remains reliant on heuristics, despite ongoing efforts to remove them. Some of those heuristics take special note of tasks that are (or appear to be) waiting for fast I/O operations. There is some unhappiness, though, with how this factor is used, leading to a couple of patches taking rather different approaches to improve the situation.

Version 1.0 of the Radicle development platform has been released.

Radicle 1.0 represents the culmination of years of experimentation and hard work from our team and community, where we set out to ensure that free and open source software ecosystems can flourish without having to rely on the whims of Big Tech. We designed Radicle with a first-principles approach, as a natural extension to Git, expanding it to work in a collaborative, local-first, peer-to-peer setting.

LWN looked at Radicle in March.

Security updates have been issued by Debian (cacti), Fedora (aardvark-dns, expat, and firefox), Mageia (ffmpeg, ntfs-3g, and vim), Oracle (emacs, glib2, java-11-openjdk, and qt5-qtbase), Red Hat (emacs, python-setuptools, python3.11, python3.11-setuptools, python3.12-setuptools, python3.9, and python39:3.9), Slackware (netatalk), SUSE (buildah, expat, java-1_8_0-ibm, kanidm, kernel, and postgresql16), and Ubuntu (netty, php7.0, php7.2, tiff, and webkit2gtk).

Version 0.9.0 of Redox OS, an open-source, Unix-like operating system written in Rust, has been released. Notable changes in this release include performance and stability improvements, better management of physical and virtual memory, bootloader improvements, and more. It also brings support for RustPython, Perl 5, Simple HTTP Server, the addition of several applications including GNU Nano, Helix, and the COSMIC Files, Editor, and Terminal applications. See the changelog section of the announcement for a full list of changes in the release.

Many projects struggle with attracting and retaining contributors; Debian is no different in that regard. At DebConf24, Carlos Henrique Lima Melara and Lucas Kanashiro gave a presentation about efforts that the Brazilian Debian community has made to increase participation. Their ideas and the lessons learned can be applied more widely, both for other Debian communities and for other projects.

Jacob Adams wanders into the kernel's hibernation code:

How does Linux move from an awake machine to a hibernating one? How does it then manage to restore all state? These questions led me to read way too much C in trying to figure out how this particular hardware/software boundary is navigated.