Vue lecture
pcp: pmcd network daemon review (SUSE Security Team Blog)
The SUSE Security Team Blog has a detailed review of the Performance Co-Pilot (PCP) 6.2.1 release:
The rather complex PCP software suite was difficult to judge just from a cursory look, so we decided to take a closer look especially at PCP's networking logic at a later time. This report contains two CVEs and some non-CVE related findings we also gathered during the follow-up review.
CVE-2024-45769, a flaw that could allow an attacker to send crafted data to crash pcmd, and CVE-2024-45770, which could allow a full local root exploit from the pcp user to root, have been addressed in the 6.3.1 release of PCP.
[$] The 6.12 merge window begins
OpenSSH 9.9 released
The OpenSSH project has released version 9.9. This version includes support for the new post-quantum cryptography standard from NIST. The release also includes the next step in the deprecation of DSA keys — they are now disabled by default at compile time, and are expected to be removed entirely in early 2025. The release also contains the normal mixture of bug fixes and small usability improvements.
[$] Considering kernel pass-through interfaces
Security updates for Friday
The realtime preemption pull request
Torvalds acted on
the pull request the following morning.
[$] Best practices for error handling in kernel Rust
Dirk Behme led a session discussing the use of Rust's question-mark operator in the kernel at Kangrejos 2024. He was particularly concerned with the concept of "silent" errors that don't print any messages to the console. Other attendees were less convinced that this was a problem, but his presentation sparked a lot of discussion about whether the Rust-for-Linux project could improve error handling in kernel Rust code.
[$] RPM 4.20 is coming
The RPM Package Manager (RPM) project is nearing the release of RPM 4.20, the last major planned update for the RPM 4.x series. It has few user-facing changes, but several additions and enhancements for developers—as well as some small incompatibilities that will likely require RPM packagers to revise their spec files. 4.20 will be rolling out to many users soon, in Fedora 41, which is scheduled for October. RPM 6.0 is already in the works, with a new package format and opening the door to enabling C++ use in the RPM codebase.
Security updates for Thursday
[$] The uncertain future of kernel regression tracking
GNOME 47 released
[$] LWN.net Weekly Edition for September 19, 2024
Swift 6 released
Version 6.0 of the Swift programming language has been released. Notable changes include new low-level programming features, expanded Linux support, and a preview release of the Embedded Swift language subset for embedded software development with a toolchain for Arm and RISC-V targets. See the CHANGELOG for full details of changes in 6.0.
Haiku R1/beta5 has been released
Version
R1/beta5 for the Haiku
project, an open-source "spiritual successor to BeOS
", has been released. Notable
changes in this release include a TUN/TAP network driver, basic
support for USB audio devices, TCP throughput improvements, a
rewritten driver for the FAT filesystem, read-only support for
Unix File System 2 (UFS2), as well as hundreds of bug fixes and
performance improvements since the last release in
December 2022. Thanks to Paul Wise for the tip.
[$] Kernel developers at Cauldron
LLVM 19.1.0 released
Version 19.1.0 of the LLVM compiler suite has been released:
This is the first release in the LLVM 19.x series and represents 6 months of work the LLVM community. During this period 1502 unique authors contributed 18925 commits (3605729 lines added and 1665792 lines removed) to LLVM.
As usual, there is a long list of changes; see the release notes for LLVM, Libc++, lld, Clang, and Extra Clang Tools for changes to each.
Security updates for Wednesday
[$] A discussion of Rust safety documentation
Kangrejos 2024 started off with a talk from Benno Lossin about his recent work to establish a standard for safety documentation in Rust kernel code. Lossin began his talk by giving a brief review of what safety documentation is, and why it's needed, before moving on to the current status of his work. Safety documentation is easier to read and write when there's a shared vocabulary for discussing common requirements; Lossin wants to establish that shared vocabulary for Rust code in the Linux kernel.