The LWN.net Weekly Edition for August 15, 2024 is available.

Version 6.4 of the Incus container manager is out.

This release builds upon the recently added OCI support from Incus 6.3, making it even easier to run application containers. It also adds a number of useful new features for clustered and larger environments with more control on the virtual CPU used when live migrating VMs and finer grained resource constraints within projects.

See this announcement for details.

Security updates have been issued by Debian (kernel and roundcube), Fedora (microcode_ctl, pypy, python2.7, and python3.6), Oracle (389-ds-base, httpd, kernel, kernel-container, and linux-firmware), Red Hat (kernel-rt), SUSE (firefox, kubernetes1.23, libqt5-qtbase, openssl-1_1, python-gunicorn, python-Twisted, python-urllib3, and qt6-base), and Ubuntu (linux-aws-5.15, linux-gkeop-5.15, linux-ibm, linux-ibm-5.15, linux-raspi, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-oem-6.8, linux-oracle-5.15, and qemu).

The Rust project has developed a set of goals for the latter half of 2024.

Rust for Linux. The experimental support for Rust development in the Linux kernel is a watershed moment for Rust, demonstrating to the world that Rust is indeed capable of targeting all manner of low-level systems applications. And yet today that support rests on a number of unstable features, blocking the effort from ever going beyond experimental status. For 2024H2 we will work to close the largest gaps that block support.

Other goals include completing the 2024 Rust Edition and improving the language's async support.

Linus has released 6.11-rc3 right on schedule. "Nothing particularly strange or interesting going on, things look normal".

The 6.10.4, 6.6.45, and 6.1.104 stable kernel updates have been released; each contains another set of important updates as usual.

The Canonical Kernel Team has announced a new policy regarding the version of the kernel that will ship with each Ubuntu release; the result will generally be the shipping of newer releases.

To provide users with the absolute latest in features and hardware support, Ubuntu will now ship the absolute latest available version of the upstream Linux kernel at the specified Ubuntu release freeze date, even if upstream is still in Release Candidate (RC) status.

The post goes on to acknowledge that "there are issues with this approach"; there are a lot of policy details that will apply depending on just how raw the shipped kernel is.

Sometimes, the smallest changes create the longest discussions. As a case in point, a proposal to make a one-line change in an informational text file on systems running the Debian unstable distribution has blown up into an interminable and sometimes unfriendly debate. At its core, though, this discussion comes down to a seemingly simple question: should a program be able to determine whether it is running on a Debian testing or unstable system?

The Oligo Security blog discloses a web-browser vulnerability that has been named "0.0.0.0 day". In short, browsers will allow JavaScript code to open connections to the all-zeroes IPv4 address; the result is that any port that is open on the local host can be accessed by a remote site. "When services use localhost, they assume a constrained environment. This assumption, which can (as in the case of this vulnerability) be faulty, results in insecure server implementations."

The LWN.net Weekly Edition for August 8, 2024 is available.

The desire for the ability to checkpoint a process — to record its state in a form that can be restarted at a future time — on Linux is almost as old as Linux itself. See, for example, this announcement of a checkpoint project that appeared in LWN in 1998. While working solutions exist, they can be somewhat fragile and difficult to use; it is not surprising that some people are interested in finding a better alternative. A current effort goes by the name CRIB, for Checkpoint/Restore in (naturally) BPF. It is far from clear that CRIB will replace the existing solutions, but it is an interesting look at a different way of solving the problem.

Version 129.0 of the Firefox browser has been released. Changes include some improvements to the reader mode, tab previews, and use of HTTPS by default.

Security updates have been issued by Debian (libreoffice), Gentoo (containerd and firefox), Red Hat (httpd), SUSE (ca-certificates-mozilla, ksh, openssl-3-livepatches, podman, python-Twisted, and skopeo), and Ubuntu (imagemagick).

Version 2.43 of the GNU Binutils package is out. Changes include some improvements to the assembler and the linker, better support for hardware event counters in the Gprofng profiler, and more.

Linus has released 6.11-rc2 for testing. "Hopefully we've gotten rid of the bulk of the silly noise here in rc2, and not added too much new noise, so that we can get on with the process of finding more meaningful issues."

Like many projects written in C, the kernel makes extensive use of the C preprocessor; indeed, the kernel's use is rather more extensive than most. The preprocessor famously has a number of sharp edges associated with it. One might not normally think of increased compilation time as one of them, though. It turns out that some changes to a couple of conceptually simple preprocessor macros — min() and max() — led to some truly pathological, but hidden, behavior where those macros were used.

The LWN.net Weekly Edition for August 1, 2024 is available.

Arnd Bergmann has posted a detailed timeline for the deprecation of support for old Arm CPUs in both the kernel and the compiler toolchain. Anybody who is working with that hardware will likely want to review this list and let the relevant developers know if any of that support is still needed.

Security updates have been issued by Fedora (curl), Mageia (virtualbox), Oracle (squid), Red Hat (kernel), SUSE (apache2, bind, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, devscripts, espeak-ng, freerdp, ghostscript, gnome-shell, gtk2, gtk3, java-11-openjdk, java-17-openjdk, kubevirt, libgit2, openssl-3, orc, p7zip, python-dnspython, and shadow), and Ubuntu (kernel, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-oem-6.8, linux-raspi, linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux-aws, linux-aws-5.4, linux-aws-5.15, linux-ibm, linux-ibm-5.15, linux-raspi, linux-gcp-5.15, and linux-lowlatency).