lwn.net

Version R1/beta5 for the Haiku project, an open-source "spiritual successor to BeOS", has been released. Notable changes in this release include a TUN/TAP network driver, basic support for USB audio devices, TCP throughput improvements, a rewritten driver for the FAT filesystem, read-only support for Unix File System 2 (UFS2), as well as hundreds of bug fixes and performance improvements since the last release in December 2022. Thanks to Paul Wise for the tip.

A Linux system is made up of a large number of interdependent components, all of which must support each other well. It can thus be surprising that, it seems, the developers working on those components do not often speak with each other. In the hope of improving that situation, efforts have been made in recent years to attract toolchain developers to the kernel-heavy Linux Plumbers Conference. This year, though, the opposite happened as well: the 2024 GNU Tools Cauldron hosted a discussion where kernel developers were invited to discuss their needs.

Version 19.1.0 of the LLVM compiler suite has been released:

This is the first release in the LLVM 19.x series and represents 6 months of work the LLVM community. During this period 1502 unique authors contributed 18925 commits (3605729 lines added and 1665792 lines removed) to LLVM.

As usual, there is a long list of changes; see the release notes for LLVM, Libc++, lld, Clang, and Extra Clang Tools for changes to each.

Security updates have been issued by AlmaLinux (pcs), Debian (expat, galera-4, libreoffice, mariadb-10.5, and php-twig), Fedora (chromium), Red Hat (ghostscript and git), SUSE (gstreamer-plugins-bad, gstreamer-plugins-bad, libvpl, python-dnspython, python3, and python36), and Ubuntu (expat, frr, libxmltok, linux-xilinx-zynqmp, openssl, and quagga).

Kangrejos 2024 started off with a talk from Benno Lossin about his recent work to establish a standard for safety documentation in Rust kernel code. Lossin began his talk by giving a brief review of what safety documentation is, and why it's needed, before moving on to the current status of his work. Safety documentation is easier to read and write when there's a shared vocabulary for discussing common requirements; Lossin wants to establish that shared vocabulary for Rust code in the Linux kernel.

Vanilla OS, an immutable desktop Linux distribution designed for developers and advanced users, has recently published its 2.0 "Orchid" release. Previously based on Ubuntu, Vanilla OS has now shifted to Debian unstable ("sid"). The release has made it easier to install software from other distributions' package repositories, and it is now theoretically possible to install and run Android applications as well.

Four researchers have published a formal proof that Linux's new deterministic random bit generator (DRBG) is secure in a particular sense — specifically, that the number of queries that would need to be made to it to uncover its internal state depends on the quality of the entropy it can collect from different sources. As long as it can gather enough entropy, it produces secure random numbers.

Since the significant structural changes in Linux 4 and Linux 5.17, there has been no research on the provable security of Linux-DRBG. For the first time (to the best of our knowledge), we formally model the Linux-DRBG in Linux 6.4.8 and prove its security in the seedless robustness model

Thanks to Jason Donenfeld for bringing the paper to our attention.

The generation of binary code for the kernel's BPF virtual machine has been limited to the Clang compiler since the beginning; even developers who use GCC to build kernels must use Clang to compile to BPF. Work has been underway for some years on adding a BPF backend to GCC as well; the developers involved ran a session at the 2024 GNU Tools Cauldron to provide an update on that project. It would seem that the BPF backend is close to being ready for production use.

Security updates have been issued by Debian (php-twig and pymongo), Fedora (linux-firmware, microcode_ctl, and python3.13), Mageia (clamav, microcode, postgresql13 and postgresql15, python3-webob, suricata, tcpreplay, tgt, and wireshark), Oracle (httpd, kernel, and linux-kernel), Red Hat (firefox, kernel, kernel-rt, pcs, and thunderbird), SUSE (389-ds, chromium, golang-github-prometheus-prometheus, htmldoc, kernel, SUSE Manager Client Tools, and wireshark), and Ubuntu (clamav, curl, dcmtk, dovecot, nginx, openssh, and python3.10, python3.12, python3.8).

The Linux Foundation has announced the creation of the OpenSearch Software Foundation as a vendor‑neutral home for the OpenSearch search and observability software:

Established in 2021 and previously hosted by Amazon Web Services (AWS), OpenSearch has recorded more than 700 million software downloads and participation from thousands of contributors and more than 200 project maintainers.

AWS created the OpenSearch project as an open-source fork of ElasticSearch and Kibana in 2021 after Elastic moved those projects to non-free licenses. Elastic announced in August that it would relicense the projects under the Affero GPL (AGPL).

The Fedora Engineering Steering Committee (FESCo) has voted to immediately remove the WolfSSL package from all of Fedora's repositories due to its maintainer failing to gain approval to package a new cryptography library for Fedora. Its brief travels through Fedora's package system highlights gaps in documentation, as well as in the package‑review process. The good news is that this may stir Fedora to improve its documentation and revive a formal security team.

Version 8.0.0 of the Valkey open-source in-memory data store is now available. This is the first major release of Valkey since the project forked from Redis in March of this year:

While this is a major version, Valkey takes command set compatibility seriously: Valkey 8.0.0 makes no backwards incompatible changes to the existing command syntax or their responses. Your existing tools and custom software will be able to immediately take advantage of Valkey 8.0.0. Since Valkey 8.0.0 does make some small changes to previously undefined behaviors, it's wise to read the release notes. Additionally, because this version makes changes in how the software uses threading, you may want to re-evaluate your cluster's infrastructure to achieve the highest performance.

The 6.11 kernel was released on September 15 after a typical nine-week development cycle. This release integrates 13,890 non-merge changesets, so it was a moderately busy cycle, slightly more so that 6.10 was. With a new release comes a new round of development statistics; read on for the details.

Security updates have been issued by Debian (git, nodejs, and ring), Fedora (apr, bubblewrap, chromium, clamav, flatpak, mingw-expat, python3-docs, python3.12, and thunderbird), Mageia (assimp, botan2, python-tqdm, and radare2), Slackware (libarchive), and SUSE (curl).

Linus has released the 6.11 kernel. "I'm once again on the road and not in my normal timezone, but it's Sunday afternoon here in Vienna, and 6.11 is out." Significant changes in this release include new io_uring operations for bind() and listen(), the nested bottom-half locking patches, the ability to write to busy executable files, support for writing block drivers in Rust, support for atomic write operations in the block layer, the dedicated bucket slab allocator, the vDSO implementation of getrandom(), and more. See the LWN merge-window summaries (part 1, part 2) for more information.

The GNOME Foundation has announced that it is looking for a new Executive Director following the departure of Holly Million in July:

As the cornerstone of our leadership team, the Executive Director will play a critical role in shaping the strategic direction of the Foundation, working closely with staff, community members, and partners to expand our reach and impact. The ideal candidate will have professional experience working with nonprofits, a strong passion for open-source software, a deep commitment to our community values, and the vision to drive the next phase of GNOME's growth and development.

The window of opportunity for the job is closing quickly, applications are due by September 20.

Germany's Sovereign Tech Fund (STF) has agreed to invest €688,800 to improve the security, stability, and functionality of Samba. The investment will take place over three years and will be managed by SerNet, a company that employs several Samba core developers and offers support for Samba. According to its announcement, work has already begun and is expected to complete in 2026:

The project's focus is on areas like transparent failover, SMB3 UNIX extensions, and modern security protocols such as SMB over QUIC. These improvements are designed to ensure that Samba remains a robust and secure solution for organizations that rely on a sovereign IT infrastructure that is as independent as possible of proprietary software regimes, but including optimal interoperability.

Read-copy-update (RCU) is a synchronization mechanism that was added to the Linux kernel in October 2002. RCU is most frequently used as a replacement for reader-writer locking, but is also used in a number of other ways. This article covers recent changes to the RCU API; it was contributed by Paul McKenney, Boqun Feng, Frederic Weisbecker, Joel Fernandes, Neeraj Upadhyay, and Uladzislau Rezki.

Security updates have been issued by Fedora (haproxy, osc, and python3.11), Oracle (389-ds:1.4), Red Hat (kernel), SUSE (clamav, colord, kernel, postgresql16, and qemu), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux-azure, linux-azure-5.15, linux-azure-fde, linux-lowlatency-hwe-6.8, linux-nvidia-6.8, and linux-xilinx-zynqmp).

Version 7.1.0 of the VirtualBox virtualization system has been released. Changes include a major GUI update, a new Network Address Translation (NAT) engine with IPv6 support, shared clipboard support on Wayland, and more.