Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] realloc() and the oversize importance of zero-size objects
Small objects can lead to large email threads. In this case, the GNU C Library (glibc) community has been having an extensive debate over the handling of zero-byte allocations. Specifically, what should happen when a program calls realloc() specifying a size of zero? This is, it seems, a topic about which some people, at least, have strong feelings.
[$] LWN.net Weekly Edition for October 24, 2024
Posted Oct 24, 2024 0:42 UTC (Thu)The LWN.net Weekly Edition for October 24, 2024 is available.
Inside this week's LWN.net Weekly Edition
- Front: Foundation fundraising challenges; Transmutation in rust; Python release signing; Lazy preemption; Image-based Linux; Aerc.
- Briefs: Guix vulnerability; linus-next tree; Maintainers removed; AlmaLinux OS Kitten; Bootc 1.1.0; OpenSSL 3.4.0; Rust 1.82.0; Tor Browser 14.0; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Toward safe transmutation in Rust
Currently in Rust, there is no efficient and safe way to turn an array of bytes into a structure that corresponds to the array. Changing that was the topic of Jack Wrenn's talk this year at RustConf: "Safety Goggles for Alchemists". The goal is to be able to "transmute" — Rust's name for this kind of conversion — values into arbitrary user-defined types in a safer way. Wrenn justified the approach that the project has taken to accomplish this, and spoke about the future work required to stabilize it.
[$] Free-software foundations face fundraising problems
In July, at the GNOME annual general meeting (AGM), held at GUADEC 2024, the message from the GNOME Foundation board was that all was well, financially speaking. Not great, but the foundation was on a break-even budget and expected to go into its next fiscal year with a similar budget and headcount. On October 7, however, the board announced that it had had to make some cuts, including reducing its staff by two people. This is not, however, strictly a GNOME problem: similar organizations, such as the Python Software Foundation (PSF), KDE e.V., and the Free Software Foundation Europe (FSFE) are seeing declines in fundraising while also being affected by inflation.
[$] A report from the 2024 Image-Based Linux Summit
The Image-Based Linux Summit has by now established itself as a yearly event. Following on from last year's edition, the third edition was held in Berlin on September 24, the day before All Systems Go! 2024 (ASG). The purpose of this event is to gather stakeholders from various engineering groups and hold friendly but lively discussions around the topic of image-based Linux — that is, Linux distributions based around immutable images, instead of mutable root filesystems.
[$] Python PGP proposal poses packaging puzzles
Sigstore is a project that is meant to simplify and improve the process of signing, verifying, and protecting software. It is a relatively new project, declared "generally available" in 2022. Python is an early adopter of sigstore; it started providing signatures for CPython artifacts with Python 3.11 in 2022. This is in addition to the OpenPGP signatures it has been providing since at least 2001. Now, Seth Michael Larson—the Python Software Foundation (PSF) security developer-in-residence—would like to deprecate the PGP signature and move to sigstore exclusively by next year. If that happens, it will involve some changes in the way that Linux distributions verify Python releases, since none of the major distributions have processes for working with sigstore.
[$] The long road to lazy preemption
The kernel's CPU scheduler currently offers several preemption modes that implement a range of tradeoffs between system throughput and response time. Back in September 2023, a discussion on scheduling led to the concept of "lazy preemption", which could simplify scheduling in the kernel while providing better results. Things went quiet for a while, but lazy preemption has returned in the form of this patch series from Peter Zijlstra. While the concept appears to work well, there is still a fair amount of work to be done.
[$] A look at the aerc mail client
Email has become somewhat unfashionable as a collaboration tool for open-source projects, but there are still a number of projects—such as PostgreSQL and the Linux kernel—that expect contributors to send and review patches via email. The aerc mail client is aimed at developers looking for a text-based, efficient, and extensible client that is meant to be used for working with Git and email. It uses Vim-style keybindings by default, and has an interface inspired by tmux that lets users manage multiple accounts, mails, and embedded terminals at once.
LWN.net Weekly Edition for October 17, 2024
Posted Oct 17, 2024 1:22 UTC (Thu)The LWN.net Weekly Edition for October 17, 2024 is available.
Inside this week's LWN.net Weekly Edition
- Front: Debian's secret sauce; WordPress retaliation; Rust in enterprise kernels; Pidfd tweaks; the last Kangrejos articles.
- Briefs: Firefox vulnerability; Ubuntu 24.10; Forgejo 9.0; Inkscape 1.4; LibreSSL 4.0.0; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
Using LKMM atomics in Rust
Rust, like C, has its own memory model describing how concurrent access to the same data by multiple threads can behave. The Linux kernel, however, has its own ideas. The Linux kernel memory model (LKMM) is subtly different from both the standard C memory model and Rust's model. At Kangrejos, Boqun Feng gave a presentation about the need to reconcile the memory models used by Rust and the kernel, including a few potential avenues for doing so. While no consensus was reached, it is an area of active discussion.
Security updates for Thursday
Security updates have been issued by AlmaLinux (grafana, NetworkManager-libreswan, python3.11, and python39:3.9 and python39-devel:3.9), Fedora (dotnet6.0, koji, python-fastapi, python-openapi-core, python-platformio, python-starlette, rust-pyo3, rust-pyo3-build-config, rust-pyo3-ffi, rust-pyo3-macros, rust-pyo3-macros-backend, and yarnpkg), Oracle (grafana, kernel, linux-firmware, NetworkManager-libreswan, and python3.11), Slackware (php81), and SUSE (apache2, buildah, cups-filters, go1.21-openssl, podman, postgresql16, python-pyOpenSSL, and webkit2gtk3).
Tor Browser 14.0 released
Version 14.0 of the privacy-focused Tor browser has been released.
This is our first stable release based on Firefox ESR 128, incorporating a year's worth of changes shipped upstream in Firefox. As part of this process we've also completed our annual ESR transition audit, where we reviewed and addressed over 200 Bugzilla issues for changes in Firefox that may negatively affect the privacy and security of Tor Browser users. Our final reports from this audit are now available in the tor-browser-spec repository on our Gitlab instance.
Kadlčík: Copr Modularity, the End of an Era
Jakub Kadlčík announced on his blog that Fedora's Copr build system will be dropping support for building modules (groups of RPM packages that are built, installed, and shipped together) soon:
The Fedora Modularity project never really took off, and building modules in Copr even less so. We've had only 14 builds in the last two years. It's not feasible to maintain the code for so few users. Modularity has also been retired since Fedora 39 and will die with RHEL 9.
Modularity features in Copr are now deprecated, and it will not be possible to submit new module builds after April 2025. LWN covered some of the problems with Fedora's modularity initiative in 2019.
Security updates for Wednesday
Security updates have been issued by Debian (dmitry, libheif, and python-sql), Fedora (suricata and wireshark), SUSE (cargo-c, libeverest, protobuf, and qemu), and Ubuntu (golang-1.22, libheif, unbound, and webkit2gtk).
Several Russian developers lose kernel maintainership status
Perhaps one of the more surprising changes in the 6.12-rc4 development kernel was the removal of several entries from the kernel's MAINTAINERS file. The patch performing the removal was sent (by Greg Kroah-Hartman) only to the patches@lists.linux.dev mailing list; the change was included in a char-misc drivers pull request with no particular mention.
The explanation for the removal is simply "various compliance
requirements
". Given that the developers involved all appear to be of
Russian origin, it is not too hard to imagine what sort of compliance is
involved here. There has, however, been no public posting of the policy
that required the removal of these entries.
Update: Linus Torvalds has since publicly supported this action and said that it will not be reverted.
Introducing AlmaLinux OS Kitten (AlmaLinux Blog)
The AlmaLinux project has introduced a new edition called "Kitten",
which will serve as "the direct upstream for AlmaLinux OS and is
the primary point for the AlmaLinux community to engage and influence
the future of AlmaLinux OS
". Not intended for production use, the
first release is based on CentOS Stream 10 source, which
will eventually be the basis for Red Hat Enterprise Linux (RHEL)
10:
Because we anticipated many changes in 10, we wanted to get a head start on building AlmaLinux OS 10. Earlier this year we started setting up infrastructure and the build pipeline for AlmaLinux OS 10, and started testing using CentOS Stream 10's code. Based on this preparation work, we are excited to share that we have successfully built a preview of AlmaLinux OS 10 that we are calling AlmaLinux OS Kitten 10.
The first Kitten release previews a number of ways that AlmaLinux will diverge from RHEL 10, including re-enabling frame pointers, including Simple Protocol for Independent Computing Environments (SPICE), and adding packages for Firefox and Thunderbird, which have been dropped from CentOS Stream 10 in favor of Flatpak versions. New installation images for Kitten will be built quarterly. See the release notes for download links, installation instructions, and more information.
Another five stable kernels
The 6.11.5, 6.6.58, 6.1.114, 5.15.169, and 5.10.228 stable kernels have all been released; each contains another set of important fixes.
OpenSSL 3.4.0 released
Version 3.4.0 of the OpenSSL SSL/TLS library has been released. It adds a
number of new encryption algorithms, support for "directly fetched
composite signature algorithms such as RSA-SHA2-256
", and more. See the
release notes for details.
Security updates for Tuesday
Security updates have been issued by Debian (ffmpeg, ghostscript, libsepol, openjdk-11, openjdk-17, perl, and python-sql), Oracle (389-ds-base, buildah, containernetworking-plugins, edk2, httpd, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk, kernel, python-setuptools, skopeo, and webkit2gtk3), Red Hat (buildah), Slackware (openssl), SUSE (apache2, firefox, libopenssl-3-devel, podman, and python310-starlette), and Ubuntu (cups-browsed, firefox, libgsf, and linux-gke).
A new kernel testing tree
Sasha Levin has announced a new tree that is intended to perform continuous-integration tests of pull requests aimed at the mainline. The plan is for this tree to hold more finished work than sometimes ends up in linux-next; in a name that seems destined to create typographical confusion, it is called "linus-next".
The linus-next tree aims to provide a more stable and testable integration point compared to linux-next, addressing the runtime issues that make testing linux-next challenging and focusing on code that's about to be pulled by Linus.