Linux Weekly News

The kernel will not consent to execute just any file that happens to be sitting in a filesystem; there are formalities, such as the checking of execute permission and consulting security policies, to get through first. On some systems, security policies have been established to limit execution to specifically approved programs. But there are files that are not executed directly by the kernel; these include scripts fed to language interpreters like Python, Perl, or a shell. An attacker who is able to get an interpreter to execute a file may be able to bypass a system's security policies. Mickaël Salaün has been working on closing this hole for years; the latest attempt takes the form of a new flag to the execveat() system call.

Security updates have been issued by AlmaLinux (firefox, java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, libndp, openssh, qt5-qtbase, ruby, skopeo, and thunderbird), Debian (thunderbird), Fedora (dotnet6.0, httpd, python-django, python-django4.2, qt6-qtbase, rapidjson, and ruby), Red Hat (389-ds-base, firefox, java-1.8.0-openjdk, java-11-openjdk, libndp, qt5-qtbase, and thunderbird), Slackware (httpd), SUSE (apache2, chromium, and kernel), and Ubuntu (apache2, linux-aws, linux-azure-fde, linux-azure-fde-5.15, linux-hwe-5.15, linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5, and linux-raspi, linux-raspi-5.4).

The sad news that Peter de Schrijver has passed away has just reached us. An obituary in Dutch relates that he passed in a Helsinki hospital on July 12. Mind Software Consulting, which he founded, has a message of condolences as well. De Schrijver was a Debian Developer and a Linux kernel contributor; he will be missed.

The Apache Software Foundation (ASF) has announced that it will be changing its logo to remove the feather that has been part of its brand since 1997. ASF members will have input on the rebranding process and be able to vote on the new logo, which will be unveiled at the Community Over Code conference in October. The feather is a well-loved and iconic part of the ASF brand. We know of community members who have ASF feather tattoos. People love taking photos with the feather at our flagship event each year.

So why would we change it? As a non-Indigenous entity, we acknowledge that it is inappropriate for the Foundation to use Indigenous themes or language. We thank Natives in Tech and other members of the broader open source community for bringing this issue to the forefront. Today we are announcing we will be retiring the feather icon and logo and replacing it with a new logo that embodies the Foundation's rich history of providing software for the public good.

Greg Kroah-Hartman has released seven new stable kernels: 6.9.10, 6.6.41, 6.1.100, 5.15.163, 5.10.222, 5.4.280, and 4.19.318. As usual, each contains important fixes throughout the kernel tree.

Leah Rumancik led a filesystem-track session at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit on the testing needed to qualify XFS patches for the stable kernels. At last year's summit, Rumancik, Amir Goldstein, and Chandan Babu Rajendra presented on their efforts to test and backport fixes for the XFS filesystem to three separate stable kernels. There has been some longstanding unhappiness in the XFS-development community with the stable-kernel process, which led to backports ceasing for that filesystem until Goldstein started working on XFS testing for the stable trees a few years ago. In this year's session, Rumancik updated attendees on how things had gone over the last year and wanted to discuss some remaining pain points for the process.

The merge window for the 6.11 kernel release opened on July 14; as of this writing, 4,072 non-merge changesets have been pulled into the mainline repository since then. This merge window, in other words, is just now beginning. Still, there has been enough time for a number of interesting changes to land for the next kernel release; read on for a summary of what has been merged so far.

Security updates have been issued by Debian (chromium), Fedora (freeradius), Red Hat (firefox, java-1.8.0-openjdk, and java-17-openjdk), Slackware (openssl), SUSE (ghostscript, gnutls, podman, and python-Django), and Ubuntu (linux-hwe-6.5, linux-ibm-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15, linux-oracle, linux-xilinx-zynqmp, and stunnel).

The LWN.net Weekly Edition for July 18, 2024 is available.

Version 4.2 LTS of the Blender open-source 3D creation suite has been released. Major improvements include a rewrite of the EEVEE render engine, faster rendering, and much more. See the showcase reel for examples of work created by the Blender community with this release. See the text release notes for even more about 4.2 LTS, which will be maintained until July 2026.

Maintenance of the kernel is a difficult, often thankless, task; how it is being handled, the role of maintainers, burnout, and so on are recurring topics at kernel-related conferences. At the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit, Josef Bacik and Christian Brauner led a session to discuss possible changes to the way filesystems are maintained, though Bacik took the lead role (and the podium). There are a number of interrelated topics, including merging new filesystems, removing old ones, making and testing changes throughout the filesystem tree, and more.

Version 8.4.0 of the digiKam photo editing and management application has been released. This release includes an update of the LibRaw RAW decoder which brings support for many new cameras, a new version of the LensFun toolkit, a feature for automatic translation of image tags, GMIC-Qt 3.4.0, and many bug fixes. See the announcement for full details.

Gustavo A. R. Silva describes the path to safer flexible arrays in the kernel, thanks to the counted_by attribute supported by Clang 18 and GCC 15.

There are a number of requirements to properly use the counted_by attribute. One crucial requirement is that the counter must be initialized before the first reference to the flexible-array member. Another requirement is that the array must always contain at least as many elements as indicated by the counter.

See also: this article from 2023.

Security updates have been issued by Debian (kernel), Fedora (golang and krb5), Red Hat (cups, firefox, git, java-21-openjdk, kernel, linux-firmware, nghttp2, nodejs, and podman), SUSE (libndp, nodejs18, nodejs20, tomcat, and xen), and Ubuntu (gtk+2.0, gtk+3.0 and linux-hwe-5.4, linux-oracle-5.4).

SUSE has, in a somewhat clumsy fashion, asked openSUSE to consider rebranding to clear up confusion over the relationship between SUSE the company and openSUSE as a community project. That, in turn, has opened conversations about revising openSUSE governance and more. So far, there is no concrete proposal to consider, no timeline, or even a process for the community and company to follow to make any decisions.

Amir Goldstein led a filesystem-track session at the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit on his project to build a hierarchical storage management (HSM) system using fanotify. The idea is to monitor file access in order to determine when to retrieve content from non-local storage (e.g. the cloud). The session was a follow-up to last year's introduction to the project, which covered some of the problems he had encountered; this year, he was updating attendees on its status and progress, along with some other problem areas that he wanted to discuss.

Redox has received a grant to work on implementing POSIX-compatible signals. The draft design calls for them to be implemented nearly completely in user space.

So far, the signals project has been going according to plan, and hopefully, POSIX support for signals will be mostly complete by the end of summer, with in-kernel improvements to process management. After that, work on the userspace process manager will begin, possibly including new kernel performance and/or functionality improvements to facilitate this.

Security updates have been issued by Debian (kernel), Fedora (erlang-jose, mingw-python-certifi, and yt-dlp), Mageia (firefox, nss, libreoffice, sendmail, and tomcat), Red Hat (firefox, ghostscript, git-lfs, kernel, kernel-rt, ruby, and skopeo), SUSE (Botan, cockpit, kernel, nodejs18, p7zip, python3, and tomcat), and Ubuntu (ghostscript, linux, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-azure-6.5, linux-gcp-6.5, and linux-gke, linux-nvidia).

On June 25, Matthew Wilcox posted a second version of a patch set introducing a new data structure called rosebush, which "is a resizing, scalable, cache-aware, RCU optimised hash table." The kernel already has generic hash tables, though, including rhashtable. Wilcox believes that the design of rhashtable is not the best choice for performance, and has written rosebush as an alternative for use in the directory-entry cache (dcache) — the filesystem cache used to speed up file-name lookup.

The 6.10 kernel was released on July 14 after a nine-week development cycle. This time around, 13,312 non-merge changesets were pulled into the mainline repository — the lowest changeset count since 5.17 in early 2022. Longstanding tradition says that it is time for LWN to gather some statistics on where the new code for 6.10 came from and how it got to the mainline; read on for the details.