Vue lecture
Security updates for Wednesday
[$] KDE sets its goals through 2026
Almost a decade ago KDE e.V., the non-profit organization that supports KDE, started a process for selecting goals to help the community unite behind a common vision for where the project should go in the near future. KDE recently wrapped up its 2022-2024 cycle and announced the goals for 2024-2026 at Akademy on September 7, in Würzburg, Germany. This time around, KDE will be looking to streamline its application-development experience, improve support for input devices, and bring in new contributors.
HarfBuzz 10.0.0 released
Version 10.0.0 of the HarfBuzz text-shaping engine has been released. Notable changes in this release include Unicode 16.0.0 support, adding Cairo script as an output format for hb-view, and a number of bug fixes.
[$] Committing to Rust in the kernel
Security updates for Tuesday
Hy 1.0.0 released
Version 1.0.0 of Hy, a Lisp dialect that is embedded in Python, has been released after nearly 12 years in development. This is the first stable release of the project:
Henceforth, breaking changes to documented parts of the language (other than dropping support for versions of Python that are themselves no longer supported by the CPython developers) will increase the major version number, and my intention is for that not to happen often, if at all.
The 1.0.0 release supports Python 3.8 through 3.13. See the documentation and the "Why Hy?" page for why one might want to use it. For the historically minded, LWN covered a PyCon talk on Hy in 2014.
[$] Resources for learning Rust for kernel development
Dirk Behme led a second session, back-to-back with his session on error handling at Kangrejos 2024, discussing providing better guidance for users of the kernel's Rust abstractions. Just after that, Carlos Bilbao and Miguel Ojeda had their own time slot dedicated to collecting resources that could be of use to someone trying to come up to speed on kernel development in Rust. The attendees provided a lot of guidance in both sessions, and discussed what they could do to make things easier for people coming from non-Rust backgrounds.
Security updates for Monday
[$] Tools for kernel developers
pcp: pmcd network daemon review (SUSE Security Team Blog)
The SUSE Security Team Blog has a detailed review of the Performance Co-Pilot (PCP) 6.2.1 release:
The rather complex PCP software suite was difficult to judge just from a cursory look, so we decided to take a closer look especially at PCP's networking logic at a later time. This report contains two CVEs and some non-CVE related findings we also gathered during the follow-up review.
CVE-2024-45769, a flaw that could allow an attacker to send crafted data to crash pcmd, and CVE-2024-45770, which could allow a full local root exploit from the pcp user to root, have been addressed in the 6.3.1 release of PCP.
[$] The 6.12 merge window begins
OpenSSH 9.9 released
The OpenSSH project has released version 9.9. This version includes support for the new post-quantum cryptography standard from NIST. The release also includes the next step in the deprecation of DSA keys — they are now disabled by default at compile time, and are expected to be removed entirely in early 2025. The release also contains the normal mixture of bug fixes and small usability improvements.
[$] Considering kernel pass-through interfaces
Security updates for Friday
The realtime preemption pull request
Torvalds acted on
the pull request the following morning.
[$] Best practices for error handling in kernel Rust
Dirk Behme led a session discussing the use of Rust's question-mark operator in the kernel at Kangrejos 2024. He was particularly concerned with the concept of "silent" errors that don't print any messages to the console. Other attendees were less convinced that this was a problem, but his presentation sparked a lot of discussion about whether the Rust-for-Linux project could improve error handling in kernel Rust code.
[$] RPM 4.20 is coming
The RPM Package Manager (RPM) project is nearing the release of RPM 4.20, the last major planned update for the RPM 4.x series. It has few user-facing changes, but several additions and enhancements for developers—as well as some small incompatibilities that will likely require RPM packagers to revise their spec files. 4.20 will be rolling out to many users soon, in Fedora 41, which is scheduled for October. RPM 6.0 is already in the works, with a new package format and opening the door to enabling C++ use in the RPM codebase.