Like many kernel subsystems, the Linux security module (LSM) subsystem makes extensive use of indirect function calls. Those calls, however, are increasingly problematic, and the pressure to remove them has been growing. The good news is that there is a patch series from KP Singh that accomplishes that goal. Its progress into the mainline has been slow — this change was first proposed by Brendan Jackman and Paul Renauld in 2020 — and this work has been caught up in some wider controversies along the way, but it should be close to being ready.

Security updates have been issued by AlmaLinux (httpd:2.4/httpd), Arch Linux (openssh), Fedora (cups, emacs, and python-urllib3), Gentoo (OpenSSH), Mageia (ffmpeg, gdb, openssl, python-idna, and python-imageio), Red Hat (golang and kernel), SUSE (booth, libreoffice, openssl-1_1-livepatches, podman, python-arcomplete, python-Fabric, python-PyGithub, python- antlr4-python3-runtime, python-avro, python-chardet, python-distro, python- docker, python-fakeredis, python-fixedint, pyth, python-Js2Py, python310, python39, and squid), and Ubuntu (cups and netplan.io).

While the end of support for CentOS 7, which happened on June 30, is significant, it is also worth taking a moment to reflect on the end of Scientific Linux 7, which has also just occurred. Scientific Linux was once a popular RHEL rebuild supported by Fermilab, CERN, DESY, and ETH Zurich. Development of Scientific Linux stopped with SL7, with the labs switching to CentOS thereafter, but the SL7 release was supported through to the bitter end. Thanks are due to all who built and supported Scientific Linux; you provided a useful and stable platform for many years.

On May 7, Kees Cook sent a proposal to the linux-kernel mailing list, asking for the kernel developers to start working on a way to mitigate unintentional arithmetic overflow, which has been a source of many bugs. This is not the first time Cook has made a request along these lines; he sent a related patch set in January 2024. Several core developers objected to the plan for different reasons. After receiving their feedback, Cook modified his approach to tackle the problem in a series of smaller steps.

Security updates have been issued by Debian (dcmtk, edk2, emacs, glibc, gunicorn, libmojolicious-perl, openssh, org-mode, pdns-recursor, tryton-client, and tryton-server), Fedora (freeipa, kitty, libreswan, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, mingw-poppler, and mingw-python-urllib3), Gentoo (cpio, cryptography, GNU Emacs, Org Mode, GStreamer, GStreamer Plugins, Liferea, Pixman, SDL_ttf, SSSD, and Zsh), Oracle (pki-core), Red Hat (httpd:2.4, libreswan, and pki-core), SUSE (glib2 and kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t), and Ubuntu (espeak-ng, libcdio, and openssh).

OpenSSH 9.8 has been released, fixing an ugly vulnerability:

Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. It's likely that these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been examined.

There is a configuration workaround for systems that cannot be updated, though it has its own problems. See this Qualys advisory for more details.

Linus has released 6.10-rc6 for testing. "This release continues to be fairly calm, and rc6 looks pretty small. It's also entirely just random small fixes spread all over, with no bigger pattern."

FreeDOS is an open-source operating system designed to be compatible with the now-defunct MS-DOS. Three decades have now passed since the FreeDOS project was first announced, and it is still alive and well with a small community of developers and users committed to running legacy DOS software, classic DOS games, and developing modern applications that extend its functionality well beyond the original MS-DOS. It may well be around in another 30 years.

The Free Software Foundation Europe has submitted a joint position to the European Commission (EC), claiming that Apple has failed to comply with the EU's Digital Markets Act (DMA). This is the law that requires Apple to support alternative application stores on the devices it makes.

Apple's unfair behaviour against Free Software highlights the critical need to monitor the implementation of the DMA. The FSFE collaborated with F-Droid, the AppFair project, and other interoperability experts to scrutinize Apple's DMA compliance, and it's impact on Free Software. Since then, we coordinated several expert workshops with stakeholders, discussed with regulators in FOSDEM, had official meetings with the EC's DMA team, and submitted a comprehensive position to the EC detailing several problematic elements in the Apple compliance that will harm the Free Software.

With the Rust-for-Linux project starting to gain some ground, it is worth looking at other operating systems that use Rust in their kernels. There are many attempts to use Rust for operating system development, but Redox may be the most complete. Redox is an MIT-licensed microkernel and corresponding user space, designed around concepts taken from Plan 9. While nowhere near being usable as a replacement for Linux, it already provides a graphical user interface and the ability to run many POSIX programs.

Security updates have been issued by AlmaLinux (pki-core), Debian (dlt-daemon and plasma-workspace), Fedora (emacs and kernel), Mageia (erofs-utils, libheif, libopenmpt, and wget), Red Hat (pki-core and python3), SUSE (frr), and Ubuntu (fontforge, sqlite3, and squid3).

The FreeBSD Foundation has published a set of reports from the May 2024 FreeBSD Developer Summit held in Ottawa, Canada. The topics include FreeBSD Core Team updates, FreeBSD 15 release planning, Integration with Rust, and OCI containers on FreeBSD:

Doug Rabson began by providing an overview of the current state of FreeBSD support for OCI containers, noting that while FreeBSD has long supported containers through its jail and vnet features, the ecosystem around OCI containers requires further development. "FreeBSD has been able to do containers for a long time, but we need to align better with OCI standards to make our containers more compatible and easier to use," Rabson remarked​​.

The academic and the Linux real-time and scheduling community mourns the premature death of Daniel Bristot de Oliveira. Daniel died at the age of 37 on Monday, June 24, 2024. Juri Lelli, Tommaso Cucinotta, Steve Rostedt, Kate Stewart, and Thomas Gleixner have come together to share their thoughts on his life and what he has left behind

The Free Software Foundation (FSF) has announced the addition of three new members to its board: John Gilmore, Christina Haralanova, and Maria Chiara Pievatolo. This is part of FSF governance changes announced in January 2023. The next step is a review of current board members:

These three new members of the FSF's board of directors are the first to be appointed since 2020, when Odile Bénassy joined. Given the importance of the FSF to the free software movement, and the importance of its board to ensure preservation of the software freedom definition, the board has not taken its task lightly. Next, the FSF will evaluate current board members with the FSF's associate members in August, after which the voting members will review the feedback received and decide if each current board member should remain.

More information on the process, and a short biography of each new board member, is available in the full announcement.

It has been nearly one year since the first version of the device memory TCP patches was posted by Mina Almasry. Now on the 14th revision, this series appears to be stabilizing. Device memory TCP is a specialized networking feature requiring a certain amount of setup, but it could provide a significant performance improvement for some data-intensive applications.

An upgrade from Python 3.11 to 3.12 has led to the rejection of some Python apps by Apple's app stores. That led to Eric Froemling submitting a bug report against CPython. That, in turn, led to an interesting discussion among Python developers about how far the project was willing to go to accommodate app store review processes. Developers reached a quick consensus, and a solution that may arrive as soon as Python 3.13.

The 6.9.7, 6.6.36, and 6.1.96 stable kernel updates have been released; each contains an important set of fixes.

Security updates have been issued by Debian (ffmpeg, kernel, libvpx, and linux-5.10), Fedora (chromium, firefox, freeipa, moodle, and openvpn), Oracle (git), Red Hat (golang and java-1.8.0-ibm), and Ubuntu (linux-oracle-6.5, netplan.io, openssl, plasma-workspace, ruby2.7, ruby3.0, ruby3.1, sqlite3, and wget).

The LWN.net Weekly Edition for June 27, 2024 is available.