LWN.net

The third 5.9 kernel prepatch is out fortesting. "On the whole it's been pretty calm for being rc3. This isactually one of the smaller rc3's we've had in recent releases."

Adding code to the kernel to support new hardware is relatively easy.Removing code that is no longer useful can be harder, mostly because it canbe difficult to know when something is truly no longer needed. ArndBergmann, who removed support for eightarchitectures from the kernel in 2018, knows well just how hard thiscan be. At the 2020 LinuxPlumbers Conference, he led two sessions dedicated to the topic ofobsolete software and hardware. With a bit of effort, he said, it shouldbe possible to have a better idea of when something can be removed.

Our previous article explored the fundamentals of Flutter, a cross-platform open-source user-interface (UI) toolkit. We complete our introduction of Flutter by returning to the simple LWN RSS feed headline viewer that was introduced in part one. We will be adding several new features to that application in part two, including interactive elements to demonstrate some of the UI features of Flutter.

Security updates have been issued by Debian (bind9 and squid), Fedora (libX11 and wireshark), Gentoo (libX11 and redis), Mageia (firefox, libx11, qt4 and qt5base, and x11-server), openSUSE (gettext-runtime, inn, and webkit2gtk3), Oracle (firefox), SUSE (libqt5-qtbase, openvpn, openvpn-openssl1, postgresql10, and targetcli-fb), and Ubuntu (chrony, nss, and squid).

On the Collabora blog, Gabriel Krisman Bertazi writes about a feature he developed: case-insensitive ext4. He describes how to enable the feature in the kernel (>= 5.2), how to create an ext4 filesystem that will support case-insensitive lookups, as well as some gotchas; he starts with some justification for the idea: "A file name is a text string used to uniquely identify a file (in this context, 'directory' is the same as a file) at a specific level of the directory hierarchy. While, from the operating system point of view, it doesn't matter what the file name is, as long as it is unique, meaningful file names are essential for the end user, since it is the main key to locate and retrieve data. In other words, a meaningful file name is what people rely upon to find their valuable documents, pictures and spreadsheets.Traditionally, Linux (and Unix) filesystems have always considered file names as an opaque byte sequence without any special meaning, requiring users to submit the exact match of the file to find it in the filesystem. But that is not how humans operate. When people write titles, 'important report.ods' and 'IMPORTANT REPORT.ods' usually mean the same piece of data, and you don't care how it was written when creating it. We care about the content and the semantics of the words IMPORTANT and REPORT."

The Rust team has announced therelease of Rust 1.46.0. "This release enables quite a lot of newthings to appear in const fn, two new standard library APIs, andone feature useful for library authors. See the detailedrelease notes to learn about other changes not covered by thispost."

Greg Kroah-Hartman has released the 5.8.5and 5.7.19 stable kernels with a relativelysmall number of fixes. Note that this is the last release for the 5.7.xkernel series, so users should move to 5.8.5 along with those on 5.8.x.

For as long as we have had desktop systems, there have been concerns aboutdesktop responsiveness and developers have been working to improve things in thatarea. Over the years, Linux has gained a number of capabilities — controlgroups in particular — that are applicable to the problem of improvingdesktop performance, but use of these features has lagged behind theiravailability. At the 2020Linux Plumbers Conference, Benjamin Berg outlined some of the work thatis being done by the Linux desktop projects to put recent kernel featuresto work.

Security updates have been issued by Debian (firefox-esr and nginx), Fedora (firefox, firejail, and lua), Gentoo (chromium, docker, firefox and thunderbird, net-snmp, postgresql, and wireshark), openSUSE (chromium, claws-mail, dovecot23, libreoffice, and python3), Oracle (kernel), Scientific Linux (firefox), SUSE (apache2, graphviz, and libxslt), and Ubuntu (firefox, libmysofa, and squid3).

The LWN.net Weekly Edition for August 27, 2020 is available.

The X.Org project has announced the release of xorg-server version 1.20.9. Among other improvements are numerous fixes to XWayland, including a bug that could cause an infinite loop at startup as well as other potential crash fixes. The release also addresses several security issues that can "lead to local privileges elevation on systems where the X server is running privileged." Users of xorg-server are encouraged to upgrade.

The Oracle blog is putting up a series by Vegard Nossum on fuzzing thekernel's entry code; part 1and part 2are available now. "While these fuzzers effectively test the system calls themselves (and the code reachable through system calls), one thing they don't test very well is what happens at the actual transition point between userspace and the kernel. There is more to this boundary than meets the eye; it is written in assembly code and there is a lot of architectural state (CPU state) that must be verified or sanitized before the kernel can safely start executing its C code.This blog post explores how one might go about writing a fuzzer targeting the Linux kernel entry code on x86."

OpenSCAD is a GPLv2-licensed 3D computer-aided design (CAD) program best described as a "programmer's CAD"; it is available for Linux, Windows, several flavors of BSD, and macOS. Unlike the majority of 3D-modeling software packages which are point-and-click, the OpenSCAD website describes the project as "something like a 3D compiler", where models are generated using a scripting language. It is a unique way of approaching CAD and has many real-world applications that may be of interest.

Stable kernels 5.8.4, 5.7.18, 5.4.61, 4.19.142, 4.14.195, 4.9.234, and 4.4.234 have been released with importantfixes throughout the tree. Users should upgrade.

Security updates have been issued by Debian (firefox-esr, ghostscript, php7.0, and proftpd-dfsg), Fedora (mod_http2 and thunderbird), Red Hat (chromium-browser and firefox), and SUSE (apache2, grub2, samba, and xorg-x11-server).

Fuzzing is a testingtechnique with randomized inputs that is used to find problematic edgecases or security problems in code that accepts user input. Go package developers can use Dmitry Vyukov's popular go-fuzz tool for fuzz testingtheir code; it has foundhundreds ofobscure bugs in the Go standard library as well as in third-partypackages. However, this tool is not built in, and is not as simple to useas it could be; to address this, Go team member Katie Hockmanrecently published a draftdesign that proposes adding fuzz testing as a first-class feature ofthe standard go test command.

Security updates have been issued by Debian (icingaweb2 and mongodb), Fedora (nss), Gentoo (chromium and shadow), Mageia (ghostscript, kdepim-runtime, kmail-account-wizard, luajit, mysql-connector-python, and python-ipaddress), openSUSE (python, python3, and webkit2gtk3), Red Hat (kernel and kernel-alt), Slackware (firefox), SUSE (squid3), and Ubuntu (bind9, ghostscript, net-snmp, postgresql-10, postgresql-12, postgresql-9.5, and sane-backends).

CAELinux is a distribution focused on computer-aided engineering (CAE) maintained by Joël Cugnoni. Designed with students and academics in mind, the distribution is loaded with open-source software that can be used to model everything from pig livers to airfoils. Cugnoni's latest release, CAELinux 2020, was made on August 11; readers with engineering interests may want to take a look.

Security updates have been issued by Debian (firejail, icingaweb2, inetutils, libjackson-json-java, proftpd-dfsg, python2.7, software-properties, and sqlite3), Fedora (chrony), Mageia (chrony), openSUSE (dovecot23, postgresql12, and python), Slackware (bind), SUSE (gettext-runtime and SUSE Manager Server 3.2), and Ubuntu (bind9).

The 5.9-rc2 kernel prepatch is out fortesting. "Nothing in particular stands out, there's a randomcollection of fixes and updates in here."

The proposed fsinfo() system call, which returns extendedinformation about mounted filesystems, was first covered here just over one year ago. The formof fsinfo() has not changed much in that year, but the debate overmerging it continues. To some, fsinfo() is needed to efficientlyobtain information about filesystems; to others, it is an unnecessary andover-engineered mechanism. Changes will probably be necessary if thisfeature is ever to make it into the mainline kernel.

The 5.8.3, 5.7.17, 5.4.60, 4.19.141, 4.14.194, 4.9.233, and 4.4.233 stable kernels have been released. Asusual, they contain lots of fixes all over the kernel tree. Users of thosekernel series should upgrade.

Security updates have been issued by Debian (ghostscript), Fedora (curl and mod_http2), Mageia (ngircd), openSUSE (kernel), SUSE (libreoffice), and Ubuntu (curl).

The Fedora 33 release is currently scheduled for late October; as part ofthe process of designing this release, the deadline for system-wide changeproposals was set for June 30. This release already has a substantial number of big changes in theworks, so one might be forgiven for being surprised by asystem-wide change proposal that appeared on August 4, whichlooks to be pre-approved. Not only that, but this proposalexpands the small set of official Fedora "editions" by adding therelatively obscure Fedora Internetof Things Edition.

Security updates have been issued by Fedora (ansible, libmetalink, roundcubemail, rubygem-kramdown, sqlite, and swtpm), Slackware (curl), SUSE (python and python3), and Ubuntu (qemu).

The LWN.net Weekly Edition for August 20, 2020 is available.

The Document Foundation (TDF) has announced the release of LibreOffice 7.0. This major release is a significant upgrade from version 6.4.6, focusing on interoperability with Microsoft Office, general performance, and support for OpenDocument Format (ODF) version 1.3. A complete list of new features and bug fixes can be found in the release notes.

Stable kernels 5.8.2, 5.7.16, 5.4.59, and 4.19.140 have been released. There are manyimportant fixes and users should upgrade.

Security updates have been issued by Debian (imagemagick and ruby-websocket-extensions), Fedora (libetpan, LibRaw, and php), Gentoo (nss), Mageia (apache, ark, clamav, claws-mail, dovecot, firefox, firejail, freerdp, golang, jasper, kernel, libssh, libx11, postgresql-jdbc, python-rstlib, radare2, roundcubemail, squid, targetcli, thunderbird, tomcat, and x11-server), Red Hat (rh-mysql80-mysql), SUSE (dovecot22, freerdp, libvirt, and postgresql12), and Ubuntu (curl and linux-hwe, linux-azure-5.3, linux-gke-5.3).

Linus Walleij continueshis exploration of the boot process for the 32-bit Arm kernel."BAM! The MMU is on. The next instruction (which is incidentally aninstruction cache flush) will be executed from virtual memory. We don’tnotice anything at first, but we are executing in virtual memory. When wereturn by jumping to the address passed in r13, we enter__mmap_switched at the virtual memory address of this function,somewhere below PAGE_OFFSET (typically 0xC0nnnnnn). Wecan now facilitate absolute addressing: the kernel is executing asintended."

In this followup to our coverage of therelease of gnuplot 5.4, we look more deeply atone of the new features: voxel plots. We onlybriefly touched on these plots in that article, but they are the most conspicuous addition inthis release ofthe free-software graphing tool.Voxel plotting provides multiple ways to visualize 3D data, so it is worthlooking at this new plot type in more detail.

The Rust blog announcesthe creation of an independent foundation for the language. "Thisfoundation’s first task will be something Rust is already great at: takingownership. This time, the resource is legal, rather than something in aprogram. The various trademarks and domain names associated with Rust,Cargo, and crates.io will move into the foundation, which will also takefinancial responsibility for the costs they incur. We see this firstiteration of the foundation as just the beginning. There’s a lot ofpossibilities for growing the role of the foundation, and we’re excited toexplore those in the future."

Security updates have been issued by Debian (sane-backends), Fedora (kernel, LibRaw, and wob), openSUSE (balsa, hylafax+, postgresql, postgresql96, postgresql10, postgresql12, and postgresql96, postgresql10 and postgresql12), Oracle (.NET Core 3.1), Red Hat (bash and bind), SUSE (dovecot23, firefox, fwupd, postgresql10, postgresql12, python-azure-agent, and zabbix), and Ubuntu (ark, gnome-shell, libonig, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux-gke-5.0, linux-oem-osp1, and software-properties).

Sourcegraph is a tool forsearching and navigating around large code bases.The tool has various searchmethods, including regular-expression search, and "structural search",which isa relatively new technique that is language-aware.The open-source core ofthe tool comeswith code search, go-to-definition and other "codeintelligence" features, which provide ways for developers to makesense of multi-repository code bases. Sourcegraph's code-searching toolscan show documentation for functions and methods on mouse hover and allow developers toquickly jump to definitions or to find all references to a particularidentifier.

By the time Linus Torvalds released 5.9-rc1and closed the merge window for this cycle, 12,866 non-merge changesets hadbeen pulled into the mainline repository. Nearly 9,000 of those came inafter the first 5.9 merge-window summarywas written. Clearly the kernel-development community remains busy. Muchof what was merged takes the form of cleanups and restructuring, as always,but there was also a substantial set of new features.

Security updates have been issued by Debian (dovecot, htmlunit, jruby, libetpan, lucene-solr, net-snmp, and posgresql-9.6), Fedora (firefox, nss, qt, and thunderbird), Mageia (glib-networking, mumble, webkit2, and znc), openSUSE (balsa, chromium, firejail, hylafax+, libreoffice, libX11, perl-XML-Twig, thunderbird, wireshark, and xrdp), Red Hat (libvncserver), SUSE (libvirt and perl-PlRPC), and Ubuntu (dovecot and salt).

Version20.08 of the Kdenlive video editor is available. "Kdenlive 20.08is out with nifty features like Interface Layouts, Multiple Audio Streamsupport, Cached data management and Zoombars in the Clip Monitor andEffects Panel but one may argue that the highlights of this release arestability and interface improvements".

Linux has released the 5.9-rc1 kernelprepatch and closed the merge window for this development cycle."This merge window felt a lot more normal than 5.8, and all the statsconfirm that it seems to be the usual size." In the end, 12,866non-merge changesets were pulled for 5.9-rc1, as compared to 14,206 for5.8-rc1.

While PHP does not come with a full toolkit for debugging and profiling, an open-source project has existed almost as long as PHP to provide both: Xdebug. Created and maintained by PHP core developer Derick Rethans, it offers remote debugging, stack traces, profiling, and more. It is a project that anyone doing PHP development would benefit from using.

Security updates have been issued by Debian (squid3), Fedora (lilypond and python3), openSUSE (xen), SUSE (libreoffice, libvirt, webkit2gtk3, xen, and xerces-c), and Ubuntu (apache2).

Shortly before the release of the 5.8 kernel, a brief patch to apseudo-random-number generator (PRNG) used by the networking stack was quietlyapplied to the kernel. As is the norm for such things, the changelog gaveno indication that a security vulnerability had been fixed, but that turnsout indeed to be the case. The resulting controversy had little to do withthe original vulnerability, though, and everything to do with howcryptographic security is managed in the kernel. Figuring prominently inthe discussion was the question of whether theoretical security can undermine security in thereal world.

On the Jupyter blog, Chris Holdgraf announces a rewrite of the Jupyter Book project. LWN looked at Jupyter and its interactive notebooks for Python and other languages back in 2018; Jupyter Book extends the notebook idea. "Jupyter Book is an open source project for building beautiful, publication-quality books, websites, and documents from source material that contains computational content. With this post, we’re happy to announce that Jupyter Book has been re-written from the ground up, making it easier to install, faster to use, and able to create more complex publishing content in your books. It is now supported by the Executable Book Project, an open community that builds open source tools for interactive and executable documents in the Jupyter ecosystem and beyond."

For those who are into the details: here is astep-by-step guide through the process of decompressing an Arm kerneland getting ready to boot from Linus Walleij. "Next thedecompression code sets up a page table, if it is possible to fit one overthe whole uncompressed+compressed kernel image. The page table is not forvirtual memory, but for enabling cache, which is then turned on. Thedecompression will for natural reasons be much faster if we can usecache."

Version 5.1.0 ofthe QEMU processor emulator is out. "This release contains 2500+commits from 235 authors." Enhancements consist mostly ofadditional hardware emulation, of course, but it doesn't stop there; see the changelog for lots ofdetails.

Security updates have been issued by Debian (linux-4.19, linux-latest-4.19, and openjdk-8) and Fedora (ark and hylafax+).

The LWN.net Weekly Edition for August 13, 2020 is available.

In this two-part series, we will be implementing a simple RSS reader for LWN using the UI toolkit Flutter. The project recently announced version 1.20 of the toolkit on August 5. Flutter is a BSD-licensed UI development platform written in Dart that is backed by Canonical as a new way to develop desktop applications targeting Linux. Part one will cover some of the basics of the project and Flutter, with part two building on that work to focus on building a full interactive UI for the application.

Security updates have been issued by Debian (dovecot and roundcube), Fedora (python36), Gentoo (chromium), openSUSE (ark, firefox, go1.13, java-11-openjdk, libX11, wireshark, and xen), Red Hat (bind and kernel), SUSE (libreoffice and python36), and Ubuntu (dovecot and software-properties).

The Linux kernel has never lacked for synchronization primitives andlocking mechanisms, so one might justifiably wonder why there might be aneed to add another one. The addition of locallocks to 5.8 provides an answer to that question. These locks,which have their origin in the realtime (PREEMPT_RT) tree, werecreated to solve some realtime-specific problems, but they also bring somemuch-needed structure to a common locking pattern used in non-realtimekernels as well.

Mitchell Baker writesabout changes at Mozilla, headlined by the laying-off of 250 people."Recognizing that the old model where everything was free hasconsequences, means we must explore a range of different businessopportunities and alternate value exchanges. How can we lead towardsbusiness models that honor and protect people while creating opportunitiesfor our business to thrive? How can we, or others who want a betterinternet, or those who feel like a different balance should exist betweensocial and public benefit and private profit offer an alternative?"