LWN.net

Greg Kroah-Hartman has released six new stable kernels: 5.6.7, 5.4.35,4.19.118, 4.14.177, 4.9.220, and 4.4.220. They all contain a rather large setof fixes throughout the tree; users of those series should upgrade.

Security updates have been issued by Arch Linux (lib32-openssl), Debian (git), Gentoo (chromium, firefox, git, and openssl), Oracle (kernel and python-twisted-web), Red Hat (python-twisted-web), Scientific Linux (python-twisted-web), and SUSE (file-roller, kernel, and resource-agents).

The 20.04 long-term support (LTS) release of Ubuntu, code named "FocalFossa", is out. There are desktop and server editions, as well as all ofthe different Ubuntu flavors: Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE,Ubuntu Studio, and Xubuntu. "The Ubuntu kernel has been updated tothe 5.4 based Linux kernel, with additional support for Wireguard VPN, AUFS5, and improved supportfor IBM, Intel, Raspberry Pi and AMD hardware. [...] 20.04 LTS also bringssupport for installing an Ubuntu desktop system on top of ZFS. The latest version brings performance enhancements andoptional encryption support. Zsys, Ubuntu’s ZFS system tool, providesautomated system and user state saving. Tight integration with GRUBallows a user to revert to any system state on boot and go back in timeto pave the way to a bulletproof Ubuntu Desktop." More informationcan be found in the release notes.

The realtime scheduler classes are intended to allow a developer to statewhich tasks have the highest priorities with the assurance that, at anygiven time, the highest-priority task will have unimpeded access to theCPU. The kernel itself carries out a number of tasks that have tight timeconstraints, so it is natural to want to assign realtime priorities tokernel threads carrying out those tasks. But, as Peter Zijlstra arguesin a new patch set, it makes little sense for the kernel to be assigningsuch priorities; to put an end to that practice, he is proposing to takeaway most of the kernel's ability to prioritize its own threads.

Security updates have been issued by Arch Linux (openssl), openSUSE (freeradius-server, kernel, thunderbird, and vlc), Oracle (git, java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), SUSE (ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper, cups, kernel, ovmf, and pacemaker), and Ubuntu (openjdk-8, openjdk-lts and re2c).

Alyssa Rosenzweig has posted adetailed look at progress on the Panfrost driver (a reverse-engineereddriver for Arm Mali GPUs) on the Collabora blog. "Putting it alltogether, we have the beginnings of a Bifrost compiler, sufficient for thescreenshots above. Next will be adding support for more complexinstructions and scheduling to support more complex shaders."

The LWN.net Weekly Edition for April 23, 2020 is available.

A recent thread on the python-ideas mailing list explores adding a featureto Python, which is the normal fare for that forum.The problem being addressed is real, but may not be the highest-priority problem for the language on many people'slists. Function calls that have multiple keyword arguments passed from avariable of the same name (e.g. keyword=keyword) requiredevelopers to repeat themselves and can be somewhat confusing, especiallyto newcomers.The discussion of ways to fix it highlighted some lesser-known corners of thelanguage, however, regardless of whether the idea will actually result in achange to Python.

The Yocto Project has announcedits 3.1 LTS release of its distribution-building system. Changes include a5.4 kernel, the removal of all Python 2 code, improvements in thebuild equivalence mechanism (described in thisarticle), and more.

Security updates have been issued by Oracle (java-1.7.0-openjdk and java-1.8.0-openjdk), Red Hat (git, java-1.8.0-openjdk, java-11-openjdk, and kernel), Scientific Linux (kernel), Slackware (git), SUSE (openssl-1_1 and puppet), and Ubuntu (binutils and thunderbird).

Matthew Garrett has posted an overview of the kernellockdown capability merged in 5.4. "If you verify your boot chain but allow root to modify that kernel, the benefits of the verified boot chain are significantly reduced. Even if root can't modify the on-disk kernel, root can just hot-patch the kernel and then make this persistent by dropping a binary that repeats the process on system boot.Lockdown is intended as a mechanism to avoid that, by providing an optional policy that closes off interfaces that allow root to modify the kernel."

Many applications benefit significantly from the use of hugepages. However, huge-page allocations often incur a high latency or evenfail under fragmented memory conditions. Proactive compaction may provide aneffective solution to these problems by doing memory compaction in thebackground. With guest author Nitin Gupta's proposed proactive compactionimplementation, typical huge-page allocation latencies are reduced by a factor of 70-80 while incurring minimal CPUoverhead.<p>Subscribers can read on for the full story from the upcoming weeklyedition.

Stable kernels 5.6.6, 5.5.19, 5.4.34, and 4.19.117 have been released. This is the last5.5.y kernel and users should move to 5.6.y at this time. Users of theother series should upgrade to get the latest fixes.

Security updates have been issued by Arch Linux (webkit2gtk), Debian (awl, git, and openssl), Red Hat (chromium-browser, git, http-parser, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, qemu-kvm-ma, rh-git218-git, and rh-maven35-jackson-databind), Scientific Linux (advancecomp, avahi, bash, bind, bluez, cups, curl, dovecot, doxygen, evolution, expat, file, firefox, gettext, git, GNOME, httpd, ImageMagick, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, kernel, lftp, libosinfo, libqb, libreoffice, libsndfile, libxml2, mailman, mariadb, mod_auth_mellon, mutt, nbdkit, net-snmp, okular, php, polkit, poppler and evince, python, python-twisted-web, python3, qemu-kvm, qt, rsyslog, samba, squid, taglib, telnet, texlive, thunderbird, unzip, wireshark, and zziplib), SUSE (apache2), and Ubuntu (git and python2.7, python3.4, python3.5, python3.6, python3.7).

Back in February, the kernel community discussed the removal of a couple of functionsthat could be used by loadable modules to gain access to symbols (functionsand data structures) that were not meant to be available to them. Thatchange was mergedduring the 5.7 merge window. This change will break a number of externalmodules that depended on the removed functions; since many of those modulesare proprietary, this fact does not cause a great deal of anguish in thekernel community. But there are a few out-of-tree modules withGPL-compatible licenses that are also affected by this change; one of thoseis LTTng. Fixing LTTng may not beentirely straightforward.

Python 2.7.18 is out. This is the last release and end of support forPython 2. "Python 2.7 has been under active development since the release of Python 2.6, more than 11 years ago. Over all those years, CPython's core developers and contributors sedulously applied bug fixes to the 2.7 branch, no small task as the Python 2 and 3 branches diverged. There were large changes midway through Python 2.7's life such as PEP 466's feature backports to the ssl module and hash randomization. Traditionally, these features would never have been added to a branch in maintenance mode, but exceptions were made to keep Python 2 users secure. Thank you to CPython's community for such dedication."

Security updates have been issued by Arch Linux (openvpn), Debian (awl, file-roller, jackson-databind, and shiro), Fedora (chromium, git, and libssh), Mageia (php, python-bleach, and webkit2), openSUSE (chromium, gstreamer-rtsp-server, and mp3gain), Oracle (thunderbird and tigervnc), SUSE (thunderbird), and Ubuntu (file-roller and webkit2gtk).

The results are in from this year's Debian project leader election; thewinner is Jonathan Carter.

The 5.7-rc2 kernel prepatch is out fortesting. "Everything continues to look fairly normal, with commit counts rightin the middle of what you'd expect for rc2. And most of the changesare tiny and don't look scary at all."

Greg Kroah-Hartman has released the 5.6.5,5.5.18, 5.4.33, and 4.19.116 stable kernels. They contain a seeminglylarger-than-usual collection of fixes throughout the kernel tree; users ofthose series should upgrade.

Much of the free software we run every day was developed over email, andthe developers of that software, who may have been using email for decades,tend to be somewhat attached to it. The newer generation of developersthat came later, though, has proved remarkably resistant to the charms ofemail-based communication. That has led to an ongoing push to replaceemail with other forms of communication; often the "other form" of choiceis a web-based system called Discourse. Moving to Discourse tendsto be controversial; LWN covered relateddiscussions in the Fedora and Python projects in 2018. Now it isDebian's turn to confront this question.

On the FSF blog, Zoe Kooyman describes how the LibrePlanet 2020 conference was converted to a virtual conference in a week's time—using free software, naturally. "In 2016, we gained some livestreaming experience when we interviewed Edward Snowden live from Moscow. To minimize the risk of failed recordings due to overly complex or error-prone software systems, we made it a priority to achieve a pipeline with low latency, good image quality, and low CPU usage. The application we used then was Jitsi Meet, and the tech info and scripts we used for streaming from 2016 are available for your information and inspiration.Naturally, for this year, with no time for researching other applications, we opted to build on our experience with Jitsi Meet. We hosted our own instance for remote speakers to connect to and enter a video call with the conference organizers. A screen capture of this call was then simultaneously recorded by the FSF tech team, and streamed out to the world via Gstreamer and Icecast."

Security updates have been issued by Arch Linux (apache and chromium), Debian (webkit2gtk), Fedora (firefox, nss, and thunderbird), Mageia (chromium-browser-stable and git), openSUSE (gnuhealth), Oracle (thunderbird), Red Hat (kernel-alt, thunderbird, and tigervnc), Scientific Linux (thunderbird), Slackware (openvpn), and SUSE (freeradius-server and libqt4).

There are many ways to try to keep a system secure. One of those, oftenemployed in embedded or other dedicated-purpose systems, is to try toensure that only code that has been approved (by whoever holds that powerover the system in question) can be executed. The secure boot mechanism,which is intended to keep a computer from booting anything but a trustedkernel, is one piece of this puzzle, but its protection only extendsthrough the process of booting the kernel itself. Various mechanisms exist forprotecting a system after it boots; a new option for this stage is the IntegrityPolicy Enforcement (IPE) security module, posted by Deven Bowers.

Security updates have been issued by Arch Linux (git), Fedora (cacti, cacti-spine, chromium, golang-github-buger-jsonparser, kernel, kernel-headers, and kernel-tools), openSUSE (ansible, git, and mp3gain), Oracle (container-tools:ol8, nodejs:10, and virt:ol), Red Hat (chromium-browser, ipmitool, and thunderbird), Slackware (bind), SUSE (quartz), and Ubuntu (php5, php7.0, php7.2, php7.3).

The LWN.net Weekly Edition for April 16, 2020 is available.

We last looked in on the question of aGit forge for Fedora at the end of January—which seems like nearly alifetime ago, but is, in truth, only around two-and-a-half months back. Atthat time, requirements were being gathered for an open decision-makingprocess that would seemingly play out with lots of communityparticipation. That is not at all what transpired, however, and much ofthe Fedora community feels that its needs have not been taken into consideration. There area number of lessons that can be learned from all of this.

Version 1.1.0 of the GNU Guix transactional package manager and systemdistribution has been released. "It’s been 11 months since the previous release, during which 201 people contributed code and packages. This is a long time for a release, which is in part due to the fact that bug fixes and new features are continuously delivered to our users via guix pull. However, a number of improvements, in particular in the installer, will greatly improve the experience of first-time users."

Security updates have been issued by Debian (git, graphicsmagick, php-horde-data, and php-horde-trean), Mageia (apache, gnutls, golang, krb5-appl, libssh, libvncserver, mediawiki, thunderbird, tor, and wireshark), openSUSE (chromium, nagios, and thunderbird), Oracle (kernel and krb5-appl), Red Hat (elfutils, kernel, nss-softokn, ntp, procps-ng, and python), Scientific Linux (firefox), Slackware (git), SUSE (git and ruby2.5), and Ubuntu (git).

In part 1 of this article, we gave an overview of the Kernel ConcurrencySanitizer (KCSAN) and looked how it can detect data races in thekernel. KCSAN uses the definitionof "data race" that is part of theLinux-KernelMemory Consistency Model (LKMM), but there is more that KCSAN can do.This concluding part of the article describes other ways that the tool canbe used to find data races and other kinds of problems in concurrent code.It provides some ideas on strategies and best practices, briefly considerssome alternative approaches, and concludes with some known limitations.

The Zimbra email and collaboration suitewill change its open source policy. This post from theZeta Alliance notes the changes for Zimbra 9. "John E. explainedthat Zimbra 9 introduces a change to Synacor's open source policy forZimbra. Starting with Zimbra 9, a binary version of Zimbra 9 will no longerbe released to the community and will instead only be made available toZimbra Network Edition customers. There are currently no plans to releasethe source code for Zimbra 9 to the community. Zimbra 8.8.15 will remainopen source for the community and continue to be supported for theremainder of its lifecycle through December, 31, 2024 (https://www.zimbra.com/support/support-... lifecycle/). Version 8.8.15 will also continue to receive patchesduring this time frame. John E. described this new model for Zimbra 9 as"open core" where the open source products on which Zimbra is built willcontinue to be freely available, but the Zimbra 9 product itself will notbe open source." (Thanks to Emmanuel Seyman)

Security updates have been issued by Arch Linux (thunderbird), Debian (thunderbird), Fedora (drupal7-ckeditor, nrpe, and php-robrichards-xmlseclibs1), Red Hat (firefox and kernel), SUSE (quartz), and Ubuntu (thunderbird).

By the end of the 5.7 merge window, 11,998 non-merge changesets hadbeen pulled into the mainline repository for this development cycle. Thatis 1,218 more than were seen during the 5.6 merge window; it wouldappear that current world events have not succeeded in slowing down thekernel community — at least, not yet. The latter half of the merge windowtends to see more fixes and fewer new features, but there are still anumber of interesting things that showed up after the first-half summary was written.

Stable kernels 5.6.4, 5.5.17, 5.4.32, 4.19.115, 4.14.176, 4.9.219, and 4.4.219 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Fedora (haproxy), Gentoo (chromium and libssh), openSUSE (ansible, chromium, gmp, gnutls, libnettle, libssh, mgetty, nagios, permissions, and python-PyYAML), and Oracle (firefox, kernel, qemu-kvm, and telnet).

Linus has released the 5.7-rc1 kernelprepatch and closed the merge window for this development cycle."Maybe an hour or two early, because it's Easter Sunday, and I may besocially distancing but we're still doing the usual Finnish Easter dinnerwith lamb, mämma and pasha... I may not be religious, but tradition istradition. Thanks to the social distancing, this year we'll have to forgotrying to force-feed our poor American friends mämma, which never reallyworks out anyway. In fact, I think I can hear the sighs of relief frommiles away."

The NGI POINTER program,funded by the European Commission, is looking for interesting developmentproject to support. Its objective is "to support promisingbottom-up projects that are able to build, on top of state-of-the-artresearch, scalable protocols and tools to assist in the practicaltransition or migration to new or updated technologies, whilst keepingEuropean Values at the core." The application period is open; theremust be no end of interesting projects in the free-software space thatwould fit within this program's parameters. (Thanks to ThorstenLeemhuis).

While social distancing often comes naturally to free-software developers,there are still times when we wish to talk to each other. In the absenceof community conferences, the next-best alternative is often videoconferencing. While video conferences tend to be held using centralized,proprietary systems, there are free alternatives as well. LWN recently looked at Jitsi but this effort did not stopthere; next on the list is BigBlueButton, a system that isoriented toward the needs of online educators but is applicable beyond thatuse case.

The Blender 3D modeling and rendering project mourns the passing of Octavio Mendez. "It is with great sadness that I must report we lost a great community member today. Octavio Mendez, a long-time cornerstone of the Mexican Blender and open source community, has passed away after fighting the Corona virus." Gunnar Wolf also has a tribute: "Long-time free software supporter, very well known for his craft –and for his teaching– with Blender."

Security updates have been issued by Arch Linux (chromium, firefox, haproxy, libssh, and wireshark-cli), Fedora (firefox, glibc, nss, and rubygem-puma), openSUSE (ceph, exim, firefox, and gnuhealth), Oracle (firefox, kernel, and qemu-kvm), and SUSE (djvulibre and firefox).

A new parser for the CPython implementation of the Python language has beenin the works for a while, but the announcement of a Python Enhancement Proposal (PEP) for it indicates thatwe may see it fairly soon. The intent is to add the parser, and make it the default for Python 3.9,which is due in October.If that plan holds, the current parser will not be going away for anotheryear or so after that. The change should go completelyunnoticed within the community; the benefits are mainly for the CPython coredevelopers in the form of easier maintenance.

The openSUSE Leapdistribution is a community effort built on top of a set of stable packagesfrom the SUSE Linux Enterprise offering. SUSE is now floating a proposalto unify the work of building those two distributions; click below for thedetails or see the"closing the Leap gap" FAQ, which summarizes things this way:"Today, SUSE is also offering the pre-built binaries from SLE inaddition to the sources, to increase compatibility and to leveragesynergies." The intended advantages (or "leveraged synergies") seemto be reducing the effort required to create Leap and making it easier to migrate a system betweenthe two distributions.

Here's amessage posted by Olaf Schmidt-Wischhöfer to the kde-community mailinglist detailing the current state of discussions between the KDE community,the Qt development project, and the Qt Company. It seems they are notgoing entirely well. "But last week, thecompany suddenly informed both the KDE e.V. board and the KDE Free QTFoundation that the economic outlook caused by the Corona virus puts morepressure on them to increase short-term revenue. As a result, they arethinking about restricting ALL Qt releases to paid license holders for thefirst 12 months. They are aware that this would mean the end ofcontributions via Open Governance in practice."There is a responsefrom the Qt Company that doesn't add a whole lot.

Security updates have been issued by CentOS (firefox, ipmitool, krb5-appl, and telnet), Debian (ceph and firefox-esr), Mageia (firefox), openSUSE (bluez and exiv2), Red Hat (firefox), SUSE (ceph, libssh, mgetty, permissions, python-PyYAML, rubygem-actionview-4_2, and vino), and Ubuntu (libiberty and libssh).

The LWN.net Weekly Edition for April 9, 2020 is available.

Stable kernels 5.6.3, 5.5.16, and 5.4.31 have been released. As usual, they allcontain important fixes and users should upgrade.

Security updates have been issued by Arch Linux (firefox), Debian (chromium and firefox-esr), Oracle (ipmitool and telnet), Red Hat (firefox and qemu-kvm), Scientific Linux (firefox, krb5-appl, and qemu-kvm), Slackware (firefox), SUSE (gmp, gnutls, libnettle and runc), and Ubuntu (firefox, gnutls28, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0).

The first installment of the"big bad" series described how a compiler can optimize your concurrentprogram into oblivion, while the second installment introduceda tool to analyze small litmus tests for such problems. Those twoarticles can be especially helpful for training, designdiscussions, and checking small samples of code. Although suchautomated training and design tools are welcome, automated codeinspection that could locate even one class of concurrency bugs would beeven better. In this two-part article, we look at a tool to do that kindof analysis.

One of the many features merged for the 5.7 kernel is split-lock detection for the x86 architecture.This feature has encountered a fair amount ofcontroversy over the course of its development, with the result thatthe time between its initial posting and appearance in a released kernelwill end up being over two years. As it happens, there is another hurdlefor split-lock detection even after its merging into the mainline; thisfeature threatens to create problems for a number of virtualizationsolutions, and it's not clear what the solution would be.

Firefox 75.0 has been released. New features include improvementsto the address bar, making search easier, all trusted Web PKI CertificateAuthority certificates known to Mozilla will be cached locally, and Firefoxis available as a Flatpak. See the release notesfor more details.