LWN.net

The "Extendable Read-Only File System" (or "EROFS") was first postedby Gao Xiang in May 2018; it was merged into the staging tree forthe 4.19 release. There has been a steady stream of work on EROFS sincethen, and its author now thinks that it is ready to move out of stagingand join the other official filesystems in the kernel. It would seem,though, that there is one final hurdle that it may have to clear:robustness in the face of a corrupted on-disk filesystem image. Thatraises an interesting question: to what extent do new filesystems have toexhibit a level of robustness that is not met by the filesystems that arecurrently in heavy use?

Michael Stapelberg has announcedthe first release of "distri", a distribution focused on simplifying andaccelerating package management. "distri’s package manager is extremely fast. Its main bottleneck is typically the network link, even at high speed links (I tested with a 100 Gbps link).Its speed comes largely from an architecture which allows the package manager to do less work."

Security updates have been issued by CentOS (kernel and openssl), Debian (ffmpeg, golang-1.11, imagemagick, kde4libs, openldap, and python3.4), Fedora (gradle, hostapd, kdelibs3, and mgetty), Gentoo (adobe-flash, hostapd, mariadb, patch, thunderbird, and vlc), Mageia (elfutils, mariadb, mythtv, postgresql, and redis), openSUSE (chromium, kernel, LibreOffice, and zypper, libzypp and libsolv), Oracle (ghostscript), Red Hat (rh-php71-php), SUSE (bzip2, evince, firefox, glib2, glibc, java-1_8_0-openjdk, polkit, postgresql10, python3, and squid), and Ubuntu (firefox).

Richard Brown has announced that he is stepping down as the chair of theopenSUSE board. "I have absolute confidence in the openSUSE Board; Indeed, I don't think Iwould be able to make this decision at this time if I wasn't certain that Iwas leaving openSUSE in good hands.On that note, SUSE has appointed Gerald Pfeifer as my replacement asChair. Gerald is SUSE's EMEA-based CTO, with a long history as a Tumbleweeduser, an active openSUSE Member, and upstream contributor/maintainer inprojects like GCC and Wine."

Linus has released the 5.3-rc5 kernelprepatch, saying: "It's been calm, and nothing here stands out, except perhaps some ofthe VM noise where we un-reverted some changes wrt node-local vshugepage allocations."

Version 2.23.0 of the Git source-code management system is out. There's alot of new features, including a new "git merge --quit" option,new "git switch" and "git restore" commands, and more.

The BPF virtual machine within the kernel has seen a great deal of workover the last few years; as that has happened, its use has expanded to manydifferent kernel subsystems. One of the objectives of that work in thepast has been to make it safe to allow unprivileged users to load at least some types ofBPF programs into the kernel. A recent discussion has made it clear,though, that the goal of opening up BPF to unprivileged users has beenabandoned as unachievable, and that further work in that direction will notbe accepted by the BPF maintainer.

Luis Chamberlain has announcedthe "kdevops" kernel-development framework. "I'm announcing therelease of kdevops which aims at making setting up and testing the Linuxkernel for any project as easy as possible. Note that setting up testingfor a subsystem and testing a subsystem are two separate operations,however we strive for both. This is not a new test framework, it allows youto use existing frameworks, and set those frameworks up as easily canhumanly be possible. It relies on a series of modern hip devops frameworks,it relies on ansible, vagrant and terraform, ansible roles through theAnsible Galaxy, and terraform modules."

Three new stable kernels have been announced by Greg Kroah-Hartman: 5.2.9, 4.19.67, and 4.14.139. There are important fixes in each;users should upgrade.

Security updates have been issued by Debian (freetype, libreoffice, and openjdk-7), Fedora (edk2, mariadb, mariadb-connector-c, mariadb-connector-odbc, python-django, and squirrelmail), Gentoo (chromium, cups, firefox, glibc, kconfig, libarchive, libreoffice, oracle-jdk-bin, polkit, proftpd, sqlite, wget, zeromq, and znc), openSUSE (bzip2, chromium, dosbox, evince, gpg2, icedtea-web, java-11-openjdk, java-1_8_0-openjdk, kconfig, kdelibs4, mariadb, mariadb-connector-c, nodejs8, pdns, polkit, python, subversion, and vlc), Oracle (ghostscript and kernel), Red Hat (mysql:8.0 and subversion:1.10), SUSE (389-ds, libvirt and libvirt-python, and openjpeg2), and Ubuntu (nginx).

KDE.News reports on the release of KDE Applications 19.08. The release has updates for many different applications, as can also be seen in the official announcement. "Take Konsole, our powerful terminal emulator, which has seen major improvements to its tiling abilities. We've made tiling a bit more advanced, so now you can split your tabs as many times as you want, both horizontally and vertically. The layout is completely customizable, so feel free to drag and drop the panes inside Konsole to achieve the perfect workspace for your needs.Dolphin, KDE's file explorer, introduces features that will help you step up your file management game. Let's start with bookmarks, a feature that allows you to create a quick-access link to a folder, or save a group of specific tabs for future reference. We've also made tab management smarter to help you declutter your desktop. Dolphin will now automatically open folders from other apps in new tabs of an existing window, instead of in their own separate windows."

PHP is the Fortran of the world-wide web: it demonstrated the power of codeembedded in web pages, but has since been superseded in many developers'minds by more contemporary technologies. Even so, as with Fortran, thereis far more PHP code out there than one might think, and PHP is stillchosen for new projects. There is a certain amount of tension in the PHPdevelopment community between the need to maintain compatibility for largeamounts of ancient code and the need to evolve the language to keep itrelevant for current developers. That tension has now come into the openwith a proposal to split PHP into two languages.

Security updates have been issued by openSUSE (irssi, ledger, libheimdal, libmediainfo, libqb, and libsass) and Slackware (mozilla).

The LWN.net Weekly Edition for August 15, 2019 is available.

The filecommand would seem to be an ideal candidate for sandboxing; it routinely handlesuntrusted input. But an effort to add seccomp()filtering to file for Debian has run aground. The upstream file project has addedsupport for sandboxing via seccomp() but it does not play wellwith other parts of the Debian world, package building in particular. Thissituation provides further evidence that seccomp() filtering is brittle and difficult to use.

EPEL 8.0 is out. "EPEL stands for Extra Packages for Enterprise Linux and is asubcommunity of the Fedora and CentOS projects aimed at bringing asubset of packages out of Fedora releases ready to be used andinstalled on various Red Hat Enterprise Linux (RHEL)."Beyond the update to RHEL (and CentOS) 8, this release features a newfaster-moving "playground" package stream and support for the s390 architecture.

For those interested in the details of how one kernel developer works: GregKroah-Hartman has documentedhis email workflow in great detail. "The ability to edit asingle message directly within my email client is essential. I end uphaving to fix up changelog text, editing the subject line to be correct,fixing the mail headers to not do foolish things with text formats, and insome cases, editing the patch itself for when it is corrupted or needs tobe fixed (I want a Linkedin skill badge for 'can edit diff files by handand have them still work')"

Security updates have been issued by Debian (kernel, linux-4.9, otrs2, and tomcat8), Fedora (igraph and jhead), openSUSE (ansible, GraphicsMagick, kconfig, kdelibs4, live555, mumble, phpMyAdmin, proftpd, python-Django, and znc), Oracle (kernel and openssl), Red Hat (kernel, openssl, and rh-mysql80-mysql), Scientific Linux (kernel and openssl), Slackware (kernel), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork and mariadb-100), and Ubuntu (linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws, linux-aws-hwe, linux-lts-xenial, linux-aws, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux-snapdragon, php5, php7.0, php7.2, and wpa).

Some unanticipated corner cases with Python's new "walrus"operator—described in our Python 3.8overview—have cropped up recently. The problematic uses of the operatorwill be turned into errors before the final release, but just whatexception should be raised came into question. It seems that the exceptionspecified in the PEP for the operator may not really be the best choice, as arecent discussion hashed out.

Technologies like RDMA benefit from the ability to map file-backed pagesinto memory. This benefit extends to persistent-memory devices, where thebacking store for the file can be mapped directly without the need to gothrough the kernel's page cache. There is a fundamental conflict, though,between mapping a file's backing store directly and letting the filesystemcode modify that file's on-disk layout, especially when the mapping is heldin place for a long time (as RDMA is wont to do). The problem seemsintractable, but there may yet be a solution in the form of thispatch set (marked "V1,000,002") from Ira Weiny.

Security updates have been issued by Arch Linux (chromium, postgresql, and postgresql-libs), Debian (atril, chromium, evince, ghostscript, jackson-databind, kernel, and php5), Fedora (kf5-kconfig, mingw-sqlite, pam-u2f, and poppler), Mageia (kernel), openSUSE (aubio, chromium, kconfig, kdelibs4, nodejs10, osc, and zstd), Red Hat (ghostscript), and Ubuntu (ghostscript and MariaDB).

The Xfce desktop 4.14 is out. "In this 4.14 cycle the main goal was to port all core components to Gtk3 (over Gtk2) and GDBus (over D-Bus GLib). Most components also received GObject Introspection support. Along the way we ended up polishing our user experience, introducing quite a few new features and improvements."

Version 3.16 of the LXDsystem container manager has been released. "This release includes a number of new features, configuration options and improvements to the command line tool.Behind the scenes, a lot of work has gone into reworking the infrastructure used for container devices with the nic, infiniband and proxy devices having switched over to the new logic. This should result in much cleaner code that is easier to debug, better tests and more thorough error handling and configuration validation."

GNU Radio is an extensive frameworkfor software-defined radio development. The 3.8.0.0 release is finallyavailable. "It's the first minor release version since more than six years, not withoutpride this community stands to face the brightest future SDR on general purposehardware ever had."

Stable kernels 4.9.189 and 4.4.189 have been released. They both containimportant fixes and users should upgrade.

Security updates have been issued by Debian (fusiondirectory, gosa, kconfig, kernel, pango1.0, and python-django), Fedora (aubio, icedtea-web, java-1.8.0-openjdk, kernel, kernel-headers, kernel-tools, libslirp, openqa, os-autoinst, and upx), Gentoo (JasPer, libvncserver, and redis), Mageia (cyrus-imapd and php), Oracle (kernel), Red Hat (chromium-browser, cockpit-ovirt, Red Hat Virtualization, and rhvm-appliance), SUSE (ImageMagick, libvirt, python, and wireshark), and Ubuntu (poppler).

The 5.3-rc4 kernel prepatch has beenreleased for testing. "I mentioned last week that rc3 was unusually small.Well, we fixed that."

Greg Kroah-Hartman has announced the release of three new stable kernels:5.2.8, 4.19.66, and 4.14.138. As usual, the kernels containimportant fixes, so users should upgrade.

One of these years, LWN will have a new accounting system based on freesoftware. That transition has not yet happened, though, despite theexpending of a fair amount of energy into researching alternatives. Youreditor recently became aware of a system called Akaunting, so a look seemed worthwhile.This tool may have the features that some users want, but it seems clearthat your editor's quest is not done yet.

The Kubernetes community has posted theextensive results [PDF] of a security assessment performed earlier thisyear. "Overall, Kubernetes is a large system with significantoperational complexity. The assessment team found configuration anddeployment of Kubernetes to be non-trivial, with certain components havingconfusing default settings, missing operational controls, and implicitlydefined security controls. Also, the state of the Kubernetes codebase hassignificant room for improvement. The codebase is large and complex, withlarge sections of code containing minimal documentation and numerousdependencies, including systems external to Kubernetes. There are manycases of logic re-implementation within the codebase which could becentralized into supporting libraries to reduce complexity, facilitateeasier patching, and reduce the burden of documentation across disparateareas of the codebase."

Security updates have been issued by Debian (postgresql-11, postgresql-9.4, and postgresql-9.6), Fedora (exiv2), openSUSE (python-Django and vlc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (evince, nodejs10, python, and squid), and Ubuntu (postgresql-10, postgresql-11, postgresql-9.5).

The Document Foundation has announced the release of LibreOffice 6.3. This new version of the free-software office suite has lots of new features, better performance, and more interoperability with proprietary formats. In particular, documents can now be redacted to hide sensitive information before they are shared or exported, there are user-interface changes to make it more compact and easier to work with, a FOURIER function has been added to Calc, editable PDFs can be designed more easily, multiple improvements have been made in the Microsoft Office format handling, and more. Beyond that: "Writer and Calc performance has been improved by an order of magnitude based on documents provided by end users: text files with different bookmarks, tables and embedded fonts, large ODS/XLSX spreadsheets, and Calc files with VLOOKUP load and render more quickly. Saving Calc spreadsheets as XLS files is also faster."

The Spectre v1 hardware vulnerability isoften characterized as allowing array bounds checks to be bypassed via speculative execution.While that is true, it is not the full extent of the shenanigans allowed bythis particular class of vulnerabilities. For a demonstration of thatfact, one need look no further than the "SWAPGS vulnerability" known asCVE-2019-1125 to the wider world or as "Grand Schemozzle" to the selectgroup of developers who addressed it in the Linux kernel.

Security updates have been issued by Arch Linux (exim, python-django, python2-django, and sdl2), Debian (proftpd-dfsg), Fedora (php and sqlite), openSUSE (proftpd), Red Hat (kernel), Slackware (kdelibs), SUSE (nodejs10, squid, and tcpdump), and Ubuntu (php5 and ruby-rack).

It is with sadness that we report that Linux Journal has ceased publication. The magazine announced its demise at the end of 2017, then was happily reborn in early 2018, but apparently that was not to last. Editor Kyle Rankin posted "An Awkward Goodbye" on August 7. "After dying and being revived, it was finally starting to look like some day soon we would be able to walk on our own.Unfortunately, we didn't get healthy enough fast enough, and when we found out we needed to walk on our own strength, we simply couldn't. So here we are giving our second, much more awkward, goodbye. What happens now? We gave each other a proper hug during the first goodbye, do we hug again this time? Do we do the hand-shake-that-turns-into-a-single-arm-hug thing? Do we just sort of wave and smile?" LJ will be missed.

The LWN.net Weekly Edition for August 8, 2019 is available.

The "Web ofThings" (WoT) is meant as a way to enable Internet ofThings (IoT) devices to appear on the web. Mozilla's entry into theWoT world is the WebThings project,which consists of both a Framework API and a Gateway software distributionto host applications. On July 25, the project announcedthe Gateway 0.9 release with support for the TurrisOmnia wireless home router.

A change for Python 3.8—currently in beta—has produced someuser-visible warnings, but the problem is often in code that a user cannot(or should not) change: third-party modules. The problem that the warningis trying to highlight is real, however. The upshot is that the handling ofescape sequences (or non escape sequences, in truth) inPython string literals is in a rather messy state at this point.

The Free Software Foundation Europe has an announcementabout the release of the REUSE 3.0 specification. "The licensing of asoftware project is critical information. Developers set the terms underwhich others can reuse their software, from individuals to giantcorporations. Authors want to make sure that others adhere to their chosenlicenses; potential re-users have to know the license of third-partysoftware before publication; and companies have to ensure licensecompliance in their products that often build on top of existingprojects. The REUSE project, led bythe Free Software Foundation Europe (FSFE), helps all of theseparties."

Security updates have been issued by Fedora (hostapd), openSUSE (aubio and spamassassin), Oracle (kernel), Red Hat (augeas, kernel-rt, libssh2, perl, procps-ng, redis:5, and systemd), SUSE (bzip2, evince, kernel, linux-azure, nodejs4, nodejs8, osc, python, python-Twisted, and python3), and Ubuntu (BWA and Mercurial).

Lars Knoll describesthe goals for the next major version of the Qt graphics toolkit."Qt has been growing a lot over the last years, to the point wheredelivering a new version of it is a major undertaking. With Qt 6 there isan opportunity to restructure our product offering and have a smaller coreproduct that contains the essential frameworks and tooling. We will use themarket place to deliver our add-on frameworks and tools, not as a tightlycoupled bundle with the core Qt product."

Lisp is one of the oldest programming languages still inuse today—Fortran is older by a year, but the Lisp community (orcommunities) seems to be the more dynamic of the two. In any case, the Lisplandscape has a lot of nooks and crannies to explore; I recently ran into adialect that I had not encountered before: Racket. That may simply reflectignorance on my part, but, while I was introduced to Lisp (too) many moonsago, I had not really paid it much mind until I sat in on a talk about Lisp at linux.conf.au earlier thisyear. Something about Racket caught my eye, so I did some poking around tosee what it is all about.

Version 4.2 of the FFmpegmultimedia framework is out. It features a long list of new filters anddecoders, including a long-awaited AV1 decoder.

Stable kernels 5.2.7, 4.19.65, 4.14.137, 4.9.188, and 4.4.188 have been released. They all containimportant fixes and users should upgrade.

The Compact C Type Format (CTF) is a way of representing information abouta binary program; it can be seen as a simpler alternative to the widelyused DWARF format. While CTF has been around for some years, it has not seen much usein the Linux world. According to Elena Zannoni, who talked about CTF atthe 2019 Open Source Summit Japan, that situation may be about to change;work is underway to bring CTF support to the GNU tools shipped universallywith Linux systems.

Red Hat has announcedthe release of Red Hat Enterprise Linux 7.7. "Beyond new capabilities, Red Hat Enterprise Linux 7.7 also marks the transition of Red Hat Enterprise Linux 7 to Maintenance Phase I within the Red Hat Enterprise Linux 10-year lifecycle. Maintenance Phase I emphasizes maintaining infrastructure stability for production environments and enhancing the reliability of the operating system. Future minor releases of Red Hat Enterprise Linux 7 will now focus solely on retaining and improving this stability rather than net-new features."

Security updates have been issued by Arch Linux (chromium), Debian (glib2.0 and python-django), Fedora (gvfs, kernel, kernel-headers, kernel-tools, and subversion), Oracle (icedtea-web, nss and nspr, and ruby:2.5), Red Hat (advancecomp, bind, binutils, blktrace, compat-libtiff3, curl, dhcp, elfutils, exempi, exiv2, fence-agents, freerdp and vinagre, ghostscript, glibc, gvfs, http-parser, httpd, kde-workspace, keepalived, kernel, kernel-rt, keycloak-httpd-client-install, libarchive, libcgroup, libguestfs-winsupport, libjpeg-turbo, libmspack, libreoffice, libsolv, libssh2, libtiff, libvirt, libwpd, linux-firmware, mariadb, mercurial, mod_auth_openidc, nss, nss-softokn, nss-util, and nspr, ntp, opensc, openssh, openssl, ovmf, patch, perl-Archive-Tar, polkit, poppler, procps-ng, python, python-requests, python-urllib3, qemu-kvm, qemu-kvm-ma, qt5, rsyslog, ruby, samba, sox, spice-gtk, sssd, systemd, tomcat, udisks2, unixODBC, unzip, uriparser, Xorg, zsh, and zziplib), SUSE (ardana packages, ceph, mariadb, postgresql10, python-requests, and python3), and Ubuntu (bash and glib2.0).

Freedombone4.0 is available. Freedombone is a distribution (based onDebian 10) focused on the hosting network services under one's owncontrol on home servers. "There is no freedom without freedom ofassociation. That is, having the ability to define who you are and whatkind of community you want to live in. This release includes CommunityNetworks as an initial step towards networks run by and for the people whouse them." Support for the Wireguard VPN has been added, but the"Fediverse" applications (GNU Social, PostActiv, and Pleroma) have beenremoved as being too hard to manage.

The 5.3-rc3 kernel prepatch is out."Interesting. Last Sunday, rc2 was fairly large to match the biggishmerge window, but this last week has actually been quite calm, and rc3is actually smaller than usual, and smaller than rc2 was"

Stable kernels 5.2.6, 4.19.64, 4.14.136, 4.9.187, and 4.4.187 have been released. They all containimportant fixes and users should upgrade.