lwn.net

Rust has a plethora of smart-pointer types, including reference-counted pointers, which have special support in the compiler to make them easier to use. The Rust-for-Linux project would like to reap those same benefits for its smart pointers, which need to be written by hand to conform to the Linux kernel memory model. Xiangfei Ding presented at Kangrejos about the work to enable custom smart pointers to function the same as built-in smart pointers.

The 6.11.2, 6.10.13, and 6.6.54 stable kernels have been released. They contain important fixes, and upgrading is, as always, recommended.

The SUSE Security Team Blog has a detailed report on its discovery of a privilege escalation in the oath-toolkit, which provides libraries and utilities for managing one-time password (OTP) authentication.

Fellow SUSE engineer Fabian Vogt approached our Security Team about the project's PAM module. A couple of years ago, the module gained a feature which allows to place the OTP state file (called usersfile) in the home directory of the to-be-authenticated user. Fabian noticed that the PAM module performs unsafe file operations in users' home directories. Since PAM stacks typically run as root, this can easily cause security issues.

Security updates have been issued by AlmaLinux (firefox, golang, linux-firmware, and thunderbird), Debian (kernel and zabbix), Fedora (firefox, pgadmin4, and php), Mageia (chromium-browser-stable, cjson, hostapd and wpa_supplicant, and openjpeg2), Oracle (firefox, flatpak, and go-toolset:ol8), Red Hat (cups-filters, firefox, grafana, linux-firmware, python3, python3.11, and python3.9), SUSE (expat, firefox, libpcap, and opensc), and Ubuntu (freeradius, imagemagick, and unzip).

Cameras were never the simplest of devices for Linux to support; they have a wide range of operating parameters and can generate high rates of data. In recent years, though, they have become increasingly complex, stressing the ability of the kernel's media subsystem to manage them. At the 2024 Linux Plumbers Conference, developers from that subsystem and beyond gathered to discuss the state of affairs and how complex camera devices should be supported in the future.

Security updates have been issued by AlmaLinux (cups-filters), Debian (chromium and php8.2), Fedora (firefox), Oracle (cups-filters, flatpak, kernel, krb5, oVirt 4.5 ovirt-engine, and python-urllib3), Red Hat (cups-filters, firefox, go-toolset:rhel8, golang, and thunderbird), SUSE (postgresql16), and Ubuntu (gnome-shell and linux-azure-fde-5.15).

The LWN.net Weekly Edition for October 3, 2024 is available.

The open-source vector-graphics editor, Inkscape, is expected to release version 1.4 in October. The release represents an evolutionary step for the program, which brings new features, user-interface improvements, new and improved file-format support, and important changes to the code base. The changes in this release should improve the user experience for both casual and professional designers, and make Inkscape more compatible with proprietary vector-graphics software, including Adobe Illustrator and Affinity Designer.

BPF Type Format (BTF), BPF's debugging information format, has undergone rapid evolution to match the evolving needs of BPF programs. José Marchesi spoke at Kangrejos about some of that work — and how it could impact Rust, specifically. He discussed debug information, kernel-specific relocations, and the planned changes to kernel stack unwinding. Each of these will require some amount of work to fully support in Rust, but preliminary signs look promising.

Version 24.1 of the Arch-based Manjaro distribution is now available with the 6.10 Linux kernel, GNOME 46.5, KDE Plasma 6.1 and KDE Gear 24.08:

Plasma 6.1 on Wayland now has a feature that "remembers" what you were doing in your last session like it did under X11. Although this is still work in progress, If you log off and shut down your computer with a dozen open windows, Plasma will now open them for you the next time you power up your desktop, making it faster and easier to get back to what you were doing. At Manjaro we are still defaulting to X11, however switching to Wayland can be done easily by selecting the wanted session in your display manager.

The project also offers minimal install images with the 6.6 LTS and 6.1 LTS kernels to support older hardware as needed.

Security updates have been issued by AlmaLinux (grafana), Fedora (cjson and php), Oracle (389-ds-base, freeradius, grafana, kernel, and krb5), Slackware (cryfs, cups, and mozilla), SUSE (OpenIPMI, openssl-3, openvpn, thunderbird, and tomcat), and Ubuntu (cups, cups-filters, knot-resolver, linux-raspi, linux-raspi-5.4, orc, php7.4, php8.1, php8.3, python-asyncssh, ruby-devise-two-factor, and vim).

Version 7.1 of the FFmpeg audio/video toolkit has been released. Important changes in this release include the VVC decoder reaching stable status, and inclusion of support for MV-HEVC decoding (which is generated by recent phones and VR headsets), as well as support for Vulkan encoding with H264 and HEVC. See the announcement and changelog for full details.

Version 131.0 of the Firefox browser has been released. Changes include the ability to temporarily grant permissions to sites and a preview that pops up when hovering over tabs.

One concern that has often been expressed about the Rust language is that there is only one compiler for it. That makes it hard to say what the standard version of the language is and restricts the architectures that can be targeted by Rust code to those that the available compiler supports. Adding a Rust frontend to GCC would do much to address those concerns; at the 2024 GNU Tools Cauldron, Pierre-Emmanuel Patry gave an update on the state of that work and what its objectives are.

Security updates have been issued by Debian (debian-security-support, nghttp2, and sqlite3), Oracle (cups-filters, kernel, and osbuild-composer), SUSE (openssl-3), and Ubuntu (bubblewrap, flatpak and python2.7, python3.5).

Tathagata Roy has been working to make the Coccinelle tool that is used (among other things) to automate the refactoring of C code work on Rust code as well. Roy gave a presentation at Kangrejos about that work, including the creative approaches necessary to work with Rust's more complicated control flow and syntax.

Linus Torvalds released 6.12-rc1 and closed the 6.12 merge window on September 29; at that point, 11,260 non-merge change sets had been pulled into the mainline for the 6.12 release. That is the lowest number of merge-window changes since 5.17-rc1 in January 2022, which brought in 11,068 changesets. Nonetheless, 6.12 brings a number of interesting changes, many of which were included in the roughly 4,500 changes merged since the summary of the first half of the 6.12 merge window was written.

WordPress is the world's most popular open‑source blogging and content‑management platform. In its 20‑plus years of existence, WordPress has been something of a poster child for open source, similar to Linux and Firefox. It introduced the concept of open source to millions of bloggers, small‑business owners, and others who have deployed WordPress to support their web‑publishing needs. Unfortunately, it is now in the spotlight due to an increasingly ugly dispute between two companies, Automattic and WP Engine, that has spilled over into the WordPress community.

The 6.11.1, 6.10.12, 6.6.53, and 6.1.112 stable kernels have been released. Each contains important fixes and users of those series should upgrade.

The most recent major release of the Tcl/Tk language and graphical-user-interface toolkit, Tcl/Tk 9.0, has been released, a mere 27 years after the 8,0 major release in 1997. There have been plenty of releases in the interim, though, as can be seen in the Tcl chronology. The 9.0 release brings 64-bit data values, better Unicode support, the ability to use zip files as filesystems, a switch to use epoll() or kqueue() where they are available, SVG support in Tk, access to notifications and other desktop-platform services in Tk, and lots more. For more information, see the release notes for Tcl and Tk that can be downloaded as Markdown files from the announcement page. (Thanks to Matt Bradley.)