Linux Weekly News

Version 5.0.0 of GNU Screen has been released. Notable changes in this release include new commands for authentication, input into multiple windows at the same time, and to turn on/off truecolor support.

Greg Kroah-Hartman has announced the release of the 6.10.7, 6.6.48, and 6.1.107 stable kernels. They all contain important fixes throughout the kernel tree, as is the norm.

Plasma Mobile is an open-source user interface for mobile devices, developed by the KDE community. It's built on the same foundations as Plasma Desktop, including KDE Frameworks and the KWin window manager. Much like its desktop counterpart, Plasma Mobile caters to advanced users by offering extensive customizability. It is offered as an option on phones with various mobile Linux distributions.

Security updates have been issued by AlmaLinux (bind and bind-dyndb-ldap and postgresql:16), Fedora (less and python3.6), Mageia (nodejs & yarnpkg), Oracle (libvpx and postgresql:16), Red Hat (edk2, git, kernel, openldap, postgresql:15, postgresql:16, python3, and python39:3.9 and python39-devel:3.9), SUSE (apache2, python-setuptools, and python3-setuptools), and Ubuntu (linux-oracle).

Wedson Almeida Filho, one of the key developers driving the Rust-for-Linux project, has retired from the project.

After almost 4 years, I find myself lacking the energy and enthusiasm I once had to respond to some of the nontechnical nonsense, so it's best to leave it up to those who still have it in them.

As an example of the sort of "nonsense" he referred to, he provided a link to the video from the Rust for filesystems discussion at the 2024 Linux Storage, Filesystem, Memory-Management, and BPF Summit. His work was fundamental to getting the project as far as it has come; he will be missed.

The LWN.net Weekly Edition for August 29, 2024 is available.

Immutable data makes concurrent access easier, since it eliminates the data-race conditions that can plague multithreaded programs. At PyCon 2024, Yury Selivanov introduced an early-stage project called MemHive, which uses Python subinterpreters and immutable data to overcome the problems of thread serialization that are caused by the language's Global Interpreter Lock (GIL). Recent developments in the Python world have opened up different strategies for avoiding the longstanding problems with the GIL.

Achieving consensus among Debian Developers on technical topics and procedures can be, to put it mildly, challenging. Nevertheless, that is exactly what Otto Kekäläinen has tried to do with a proposal that would set up "principles all Debian packages should follow to be open for collaboration in package maintenance". In the near term, it seems unlikely that the proposal will be accepted, but the discussion may be effective at improving collaboration nonetheless.

Security updates have been issued by Fedora (calibre, dotnet8.0, dovecot, webkit2gtk4.0, and webkitgtk), Oracle (nodejs:20), Red Hat (bind, bind and bind-dyndb-ldap, postgresql:16, and squid), Slackware (kcron and plasma), SUSE (keepalived and webkit2gtk3), and Ubuntu (drupal7).

The Mono project was started in 2001 to develop a .NET environment for Linux systems. Microsoft has owned that project since 2016, but has not made a major release since 2019. The company has now announced that Mono is being handed over to the WineHQ organization, which will maintain the repository going forward. Microsoft, meanwhile, is steering users toward its "modern fork" that it continues to maintain.

KDE developer Carl Schwan has announced the release of Calligra Office version 4.0. The most significant changes in this release include a "major overhaul" of the office suite's user interface, and a transition to Qt 6 and KDE Frameworks 6.

Nominations are now open for people interested in joining the Ubuntu Community Council, "the highest governance body of the Ubuntu project". Any Ubuntu Member can apply from now until Sunday, September 22 at 23:59 UTC.

The Ubuntu project turned 20 this year, but is still in constant flux. The advent of new communication platforms, new projects under our umbrella, and the ever-growing popularity of the project requires our community to evolve. We need to make sure Ubuntu is set to tackle the challenges of the next 20 years. It needs a strong and active community council to guide the project forwards.

See Merlijn Sebrechts's blog post, "A year in the Ubuntu community council", for an overview of what it's like to serve on the council.

On August 13, the US National Institute of Standards and Technology (NIST) published the final form of its new post-quantum cryptographic standards. One key-exchange mechanism and two digital-signature schemes are now officially sanctioned by the institute. Adopting the new standards should be fairly painless for most developers, but the overhead added by the schemes could pose challenges for some applications.

Security updates have been issued by AlmaLinux (nodejs:20), Debian (python3.11), Fedora (dotnet8.0), Red Hat (bind, krb5, libreoffice, linux-firmware, orc, orc:0.4.28, and orc:0.4.31), SUSE (mariadb and openssl-3), and Ubuntu (linux-aws-5.4).

The developers of the Pidgin chat program have announced that a malicious plugin had been listed on its third-party plugins list for over one month. This plugin included a key logger and could capture screenshots.

It went unnoticed at the time that the plugin was not providing any source code and was only providing binaries for download. Going forward, we will be requiring that all plugins that we link to have an OSI Approved Open Source License and that some level of due diligence has been done to verify that the plugin is safe for users.

The FreeBSD Foundation has announced that Germany's Sovereign Tech Fund (STF) has agreed to invest €686,400 toward improvements in the FreeBSD project's infrastructure, security, regulatory compliance, and developer experience:

The work commissioned by STF also aligns closely with the recent August 9, 2024 summary report released by the U.S. Office of the National Cyber Director (ONCD), consolidating feedback from the 2023 request for information on key priorities for securing the open source software ecosystem. By enhancing security controls and SBOM tooling, the FreeBSD Foundation is helping to keep FreeBSD at the forefront of improved vulnerability disclosure mechanisms and secure software foundations.

The genksyms tool has long been buried deeply within the kernel's build system; it is one of the two C-code parsers shipped with the kernel (the other being the horrifying kernel-doc script). It is a key part of how the kernel's module-loading infrastructure works. While genksyms has quietly done its job for decades, that period may soon be coming to an end. It would seem that genksyms is not up to the task of handling Rust code, so Sami Tolvanen is proposing a new tool to handle this task going forward.

Security updates have been issued by Debian (chromium, python-html-sanitizer, and trafficserver), Fedora (nginx, nginx-mod-fancyindex, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, python-webob, python3-docs, python3.11, python3.12, python3.9, and zabbix), Red Hat (bind, bind and bind-dyndb-ldap, bind9.16, httpd, kernel, kernel-rt, and nodejs:20), SUSE (caddy, chromium, chromium, gn, rust-bindgen, cockpit, fetchmail, gdcm, gh, keybase-client, libhtp, libofx, nano, plasma5-workspace, python-nltk, python-notebook, xen, and znc), and Ubuntu (linux-azure, linux-azure-4.15, linux-azure-5.4, and linux-oracle-5.15).

The 6.11-rc5 kernel prepatch is out for testing. "Other than the timing, there's not a whole lot unusual here. The diffstat looks fairly flat, which means 'mostly pretty small changes'." Linus Torvalds added a note that today marks the 33rd anniversary of the first Linux announcement; "A third of a century. And it *still* isn't ready".

On the second day of DebConf24 in Busan, South Korea, Holger Levsen provided a history lesson on the "first 11 years" of the Reproducible Builds project. He has been involved in the project for most of that time and has been a Debian user since the mid-1990s, contributor since 2001, and a Debian member since 2007; "I love Debian". Meanwhile, his aim is to make all free software be reproducible, so that anyone can check that a binary program comes from the source code it purports to.