Despite conference travel (both for me and several maintainers), things seemed to go mostly fairly normally. There's a couple of notable new features in here: For one thing, PREEMPT_RT is now mainlined and enabled as a config option (you do need to enable "EXPERT" to get the question). For another, sched_ext also got merged.
There is a general agreement that the way forward is to change time_t to a 64-bit type. Musl has already switched to that, glibc supports it as an option. A number of other distributions such as Debian have taken the leap and switched. Unfortunately, source-based distributions such as Gentoo don't have it that easy. So we are still debating the issue and experimenting, trying to figure out a maximally safe upgrade path for our users.
Unfortunately, that's nowhere near trivial. Above all, we are talking about a breaking ABI change.
In the wake of the XZ backdoor, the Debian project has revisited some of the patches included in its OpenSSH packages to improve security. The outcome of this is that the project will be splitting out support for Kerberos key exchange into a separate set of packages, though not until after the Debian 13 ("trixie") release expected next year. The impact on Debian users should be minimal, but it is an interesting look into the changes Linux distributions make to upstream software as well as some of the long-term consequences of those choices.
Security researcher Simone Margaritelli has reported a new vulnerability in CUPS, the software that many Linux systems use to manage printers and print jobs. Margaritelli describes the impact of the attack by saying:
A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer).The vulnerability relies on a few related problems in CUPS libraries and utilities; versions before 2.0.1 or 2.1b1 (depending on the component) may be affected.
Red Hat has released a security bulletin as well.
Danilo Krummrich gave a talk at Kangrejos 2024 focusing on the question of how the Rust-for-Linux project could improve at getting device and driver abstractions upstream. As a case study, he used some of his recent work that attempts to make it possible to write a PCI driver entirely in Rust. There wasn't time to go into as much detail as he would have liked, but he did demonstrate that it is possible to interface with the kernel's module loader in a way that is much harder to screw up than the current standard approach in C.
Version 17 of the PostgreSQL database has been released.
This release of PostgreSQL adds significant overall performance gains, including an overhauled memory management implementation for vacuum, optimizations to storage access and improvements for high concurrency workloads, speedups in bulk loading and exports, and query execution improvements for indexes. PostgreSQL 17 has features that benefit brand new workloads and critical systems alike, such as additions to the developer experience with the SQL/JSON JSON_TABLE command, and enhancements to logical replication that simplify management of high availability workloads and major version upgrades.LWN recently covered some of the interesting new features and security enhancements in PostgreSQL 17.
In late 2023, Tails approached the Tor Project with the idea of merging operations. Tails had outgrown its existing structure. Rather than expanding Tails's operational capacity on their own and putting more stress on Tails workers, merging with the Tor Project, with its larger and established operational framework, offered a solution. By joining forces, the Tails team can now focus on their core mission of maintaining and improving Tails OS, exploring more and complementary use cases while benefiting from the larger organizational structure of The Tor Project.