The SUSE Security Team Blog has a detailed review of the Performance Co-Pilot (PCP) 6.2.1 release:

The rather complex PCP software suite was difficult to judge just from a cursory look, so we decided to take a closer look especially at PCP's networking logic at a later time. This report contains two CVEs and some non-CVE related findings we also gathered during the follow-up review.

CVE-2024-45769, a flaw that could allow an attacker to send crafted data to crash pcmd, and CVE-2024-45770, which could allow a full local root exploit from the pcp user to root, have been addressed in the 6.3.1 release of PCP.

The RPM Package Manager (RPM) project is nearing the release of RPM 4.20, the last major planned update for the RPM 4.x series. It has few user-facing changes, but several additions and enhancements for developers—as well as some small incompatibilities that will likely require RPM packagers to revise their spec files. 4.20 will be rolling out to many users soon, in Fedora 41, which is scheduled for October. RPM 6.0 is already in the works, with a new package format and opening the door to enabling C++ use in the RPM codebase.

The 6.10.11, 6.6.52, and 6.1.111 stable kernel updates have all been released. As usual, they contain important fixes throughout the tree. Users of those kernels should upgrade.

Version 6.0 of the Swift programming language has been released. Notable changes include new low-level programming features, expanded Linux support, and a preview release of the Embedded Swift language subset for embedded software development with a toolchain for Arm and RISC-V targets. See the CHANGELOG for full details of changes in 6.0.

Version R1/beta5 for the Haiku project, an open-source "spiritual successor to BeOS", has been released. Notable changes in this release include a TUN/TAP network driver, basic support for USB audio devices, TCP throughput improvements, a rewritten driver for the FAT filesystem, read-only support for Unix File System 2 (UFS2), as well as hundreds of bug fixes and performance improvements since the last release in December 2022. Thanks to Paul Wise for the tip.

Version 19.1.0 of the LLVM compiler suite has been released:

This is the first release in the LLVM 19.x series and represents 6 months of work the LLVM community. During this period 1502 unique authors contributed 18925 commits (3605729 lines added and 1665792 lines removed) to LLVM.

As usual, there is a long list of changes; see the release notes for LLVM, Libc++, lld, Clang, and Extra Clang Tools for changes to each.

Security updates have been issued by AlmaLinux (pcs), Debian (expat, galera-4, libreoffice, mariadb-10.5, and php-twig), Fedora (chromium), Red Hat (ghostscript and git), SUSE (gstreamer-plugins-bad, gstreamer-plugins-bad, libvpl, python-dnspython, python3, and python36), and Ubuntu (expat, frr, libxmltok, linux-xilinx-zynqmp, openssl, and quagga).

Vanilla OS, an immutable desktop Linux distribution designed for developers and advanced users, has recently published its 2.0 "Orchid" release. Previously based on Ubuntu, Vanilla OS has now shifted to Debian unstable ("sid"). The release has made it easier to install software from other distributions' package repositories, and it is now theoretically possible to install and run Android applications as well.

The Linux Foundation has announced the creation of the OpenSearch Software Foundation as a vendor‑neutral home for the OpenSearch search and observability software:

Established in 2021 and previously hosted by Amazon Web Services (AWS), OpenSearch has recorded more than 700 million software downloads and participation from thousands of contributors and more than 200 project maintainers.

AWS created the OpenSearch project as an open-source fork of ElasticSearch and Kibana in 2021 after Elastic moved those projects to non-free licenses. Elastic announced in August that it would relicense the projects under the Affero GPL (AGPL).

The Fedora Engineering Steering Committee (FESCo) has voted to immediately remove the WolfSSL package from all of Fedora's repositories due to its maintainer failing to gain approval to package a new cryptography library for Fedora. Its brief travels through Fedora's package system highlights gaps in documentation, as well as in the package‑review process. The good news is that this may stir Fedora to improve its documentation and revive a formal security team.

Version 8.0.0 of the Valkey open-source in-memory data store is now available. This is the first major release of Valkey since the project forked from Redis in March of this year:

While this is a major version, Valkey takes command set compatibility seriously: Valkey 8.0.0 makes no backwards incompatible changes to the existing command syntax or their responses. Your existing tools and custom software will be able to immediately take advantage of Valkey 8.0.0. Since Valkey 8.0.0 does make some small changes to previously undefined behaviors, it's wise to read the release notes. Additionally, because this version makes changes in how the software uses threading, you may want to re-evaluate your cluster's infrastructure to achieve the highest performance.

The GNOME Foundation has announced that it is looking for a new Executive Director following the departure of Holly Million in July:

As the cornerstone of our leadership team, the Executive Director will play a critical role in shaping the strategic direction of the Foundation, working closely with staff, community members, and partners to expand our reach and impact. The ideal candidate will have professional experience working with nonprofits, a strong passion for open-source software, a deep commitment to our community values, and the vision to drive the next phase of GNOME's growth and development.

The window of opportunity for the job is closing quickly, applications are due by September 20.

Germany's Sovereign Tech Fund (STF) has agreed to invest €688,800 to improve the security, stability, and functionality of Samba. The investment will take place over three years and will be managed by SerNet, a company that employs several Samba core developers and offers support for Samba. According to its announcement, work has already begun and is expected to complete in 2026:

The project's focus is on areas like transparent failover, SMB3 UNIX extensions, and modern security protocols such as SMB over QUIC. These improvements are designed to ensure that Samba remains a robust and secure solution for organizations that rely on a sovereign IT infrastructure that is as independent as possible of proprietary software regimes, but including optimal interoperability.

Security updates have been issued by Fedora (haproxy, osc, and python3.11), Oracle (389-ds:1.4), Red Hat (kernel), SUSE (clamav, colord, kernel, postgresql16, and qemu), and Ubuntu (linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi, linux-azure, linux-azure-5.15, linux-azure-fde, linux-lowlatency-hwe-6.8, linux-nvidia-6.8, and linux-xilinx-zynqmp).

Version 7.1.0 of the VirtualBox virtualization system has been released. Changes include a major GUI update, a new Network Address Translation (NAT) engine with IPv6 support, shared clipboard support on Wayland, and more.

Debian does not have an official way to configure networking. Instead, it has four recommended ways to configure networking, one of which is the venerable ifupdown, which has been part of Debian since the turn of the century and is showing its age. A conversation about its maintainability and possible replacement with ifupdown‑ng has led to discussions about the default network-management tools for Debian "trixie" (Debian 13, which is expected in 2025) and beyond. No route to consensus has been found, yet.

Security updates have been issued by AlmaLinux (389-ds:1.4, dovecot, emacs, and glib2), Fedora (bluez, iwd, libell, linux-firmware, seamonkey, vim, and wireshark), Mageia (apr, libtiff, Nginx, openssl, orc, unbound, webmin, and zziplib), Red Hat (389-ds:1.4), and SUSE (containerd, curl, go1.22, go1.23, gstreamer-plugins-bad, kernel, ntpd-rs, python-Django, and python311).

Version 3.4 of the Pandoc document-conversion tool has been released. Notable changes in this release include a new ANSI output format (for console output), a switch to WeasyPrint as the PDF engine for HTML to PDF conversion, the ability to position captions above or below tables and figures, and much more.

Version 0.9.0 of Redox OS, an open-source, Unix-like operating system written in Rust, has been released. Notable changes in this release include performance and stability improvements, better management of physical and virtual memory, bootloader improvements, and more. It also brings support for RustPython, Perl 5, Simple HTTP Server, the addition of several applications including GNU Nano, Helix, and the COSMIC Files, Editor, and Terminal applications. See the changelog section of the announcement for a full list of changes in the release.

Code review is in high demand, and short supply, for most open-source projects. Reviewer time is precious, so any tool that can lighten the load is worth exploring. That is why Jesse Brandeburg and Kamel Ayari decided to test whether tools like ChatGPT could review patches to provide quick feedback to contributors about common problems. In a talk at the Netdev 0x18 conference this July, Brandeburg provided an overview of an experiment using machine learning to review emails containing patches sent to the netdev mailing list. Large-language models (LLMs) will not be replacing human reviewers anytime soon, but they may be a useful addition to help humans focus on deeper reviews instead of simple rule violations.