LWN.net

The 4.16 development cycle is shaping up to be arelatively straightforward affair with little in the way of known problemsand a probable release after nine weeks of work. In comparison to the wildride that was 4.15, 4.16 looks positively calm. Even so, there is a lotthat has happened this time around; read on for a look at who contributedto this release, with a brief digression into stable kernel updates.

The Free Software Foundation (FSF) announcedthe winners of the 2017 Free Software Awards during LibrePlanet."Public Lab is a community and non-profit organization with the goalof democratizing science to address environmental issues. Theircommunity-created tools and techniques utilize free software and low-costdevices to enable people at any level of technical skill to investigateenvironmental concerns." The organization received the Award forProjects of Social Benefit. Karen Sandler, the Executive Director of theSoftware Freedom Conservancy, received the Award for the Advancement ofFree Software.

Security updates have been issued by Arch Linux (bchunk, thunderbird, and xerces-c), Debian (freeplane, icu, libvirt, and net-snmp), Fedora (monitorix, php-simplesamlphp-saml2, php-simplesamlphp-saml2_1, php-simplesamlphp-saml2_3, puppet, and qt5-qtwebengine), openSUSE (curl, libmodplug, libvorbis, mailman, nginx, opera, python-paramiko, and samba, talloc, tevent), Red Hat (python-paramiko, rh-maven35-slf4j, rh-mysql56-mysql, rh-mysql57-mysql, rh-ruby22-ruby, rh-ruby23-ruby, and rh-ruby24-ruby), Slackware (thunderbird), SUSE (clamav, kernel, memcached, and php53), and Ubuntu (samba and tiff).

The 4.16-rc7 prepatch is out; it'sprobably the last one. "I'm still not *planning*on an rc8 this release, because while rc7 is bigger than usual,nothing in here makes me go 'Hmm, maybe we should delay the release'.But let's see what happens this upcoming week - if next Sunday comesaround, and there's lots of new stuff, I'll reconsider then."

The4.15.13,4.14.30,4.9.90,4.4.124,and 3.18.102have all been released; each contains a relatively large set of importantfixes and updates.

Here's thesecond part of Daniel Stone's series on recent improvements inlow-level graphics support. "The end result of all this work is thatwe have been able to eliminate the magic side channels which used toproliferate, and lay the groundwork for properly communicating thisinformation across multiple devices as well. Devices supporting ARM's AFBCcompression format are just beginning to hit the market, which share asingle compression format between video decoder, GPU, and displaycontroller. We are also beginning to see GPUs from different vendors sharetiling formats, in order to squeeze the most performance possible fromhybrid GPU systems."

Security updates have been issued by Debian (adminer, isc-dhcp, kamailio, libvorbisidec, plexus-utils2, and simplesamlphp), Fedora (exim and glibc-arm-linux-gnu), Mageia (sqlite3), openSUSE (Chromium, kernel, and qemu), SUSE (memcached), and Ubuntu (sharutils).

Energy-aware scheduling — running a system's workload in a way thatminimizes the amount of energy consumed — has been a topic of activediscussion and development for some time; LWN first covered the issue at the beginning of 2012.Many approaches have been tried during the intervening years, but little inthe way of generalized energy-aware scheduling work has made it into themainline. Recently, a new patch set wasposted by Dietmar Eggemann that only tries to address one aspect of the problem; perhaps the problem domainhas now been simplified enough that this support can finally be merged.

Yet another new crop of stable kernels has been released: 4.9.89, 4.4.123, and 3.18.101. Each contains a rather large set ofchanges all over the kernel tree; users of those series should upgrade.

Version 4.0of the Krita drawing tool has been released; see thisarticle for a summary of the new features in this release."Krita 4.0 will use SVG on vector layers by default, instead of theprior reliance on ODG. SVG is the most widely used open format for vectorgraphics out there. Used by 'pure' vector design applications, SVG on Kritacurrently supports gradients and transparencies, with more effects comingsoon."

Security updates have been issued by Arch Linux (lib32-libvorbis), Debian (exempi and polarssl), Gentoo (collectd and webkit-gtk), openSUSE (postgresql96), SUSE (qemu), and Ubuntu (libvorbis).

The LWN.net Weekly Edition for March 22, 2018 is available.

"Syzbot" is an automated system that runs the syzkaller fuzzer on thekernel and reports the resulting crashes. Dmitry Vyukov has announced theavailability of a web sitedisplaying the outstanding reports. "The dashboard shows info about active bugs reported by syzbot. Thereare ~130 active bugs and I think ~2/3 of them are actionable (stillhappen and have a reproducer or are simple enough to debug)."

While updating kernels frequently is generally considered a security bestpractice, there are many installations that are unable to do so for avariety of reasons. That means running with some number of knownvulnerabilities (along with an unknown number of unknown vulnerabilities, ofcourse), so some way to detect and stop exploits for those flaws may bedesired. That is exactly what the Linux Kernel Runtime Guard (LKRG)is meant to do.

It is an increasingly poorly kept secret that, underneath the hood ofthe components that most of us view as "hardware", there is a great deal ofproprietary software. This code, written by anonymous developers, rarelysees the light of day; as a result, it tends to have all of the pathologiesassociated with software that nobody can either review or fix. The 2018Embedded Linux Conference saw an announcement for a new project that, with luck, will change thatsituation, at least for one variety of hardware: audio devices.

Version5.4 of the RawTherapee image-processing tool is out. New featuresinclude a new histogram-matching tool, a new HDR tone-mapping tool, anumber of user-interface and performance improvements, and quite a bitmore.

Greg Kroah-Hartman has released stable kernels 4.15.12 and 4.14.29. As usual, they contain importantfixes and users of those series should upgrade.

Security updates have been issued by CentOS (firefox), Debian (plexus-utils), Fedora (calibre, cryptopp, curl, dolphin-emu, firefox, golang, jhead, kernel, libcdio, libgit2, libvorbis, ming, net-snmp, patch, samba, xen, and zsh), Red Hat (collectd and rh-mariadb101-mariadb and rh-mariadb101-galera), and Ubuntu (paramiko and tiff).

Daniel Stone beginsa series on how the Linux graphic stack has improved in recent times."This has made mainline Linux much more attractive: the exact samegeneric codebases of GNOME and Weston that I'm using to write this blogpost on an Intel laptop run equally well on AMD workstations, low-power NXPboards destined for in-flight entertainment, and high-end Renesas SoCswhich might well be in your car. Now that the drivers are easy to write,and applications are portable, we've seen over ten new DRM drivers mergedto the upstream kernel since atomic modesetting was merged."

Developers and maintainers of free-software projects are drawn fromthe same pool of people, and maintainers in one project are often developersin another, but there is still a certain amount of friction between thetwo groups. Maintainers depend on developers to contribute changes, butthe two groups have a different set of incentives when it comes to reviewing andaccepting those changes. Two talks at the 2018 Embedded Linux Conferenceshed some light on this relationship and how it can be made to work moresmoothly.

The GStreamer team has announceda major feature release of the GStreamer cross-platform multimediaframework. Highlights include WebRTC support, experimental support for thenext-gen royalty-free AV1 video codec, support for the Secure ReliableTransport (SRT) video streaming protocol, and much more. The release notescontain more details.

Red Hat has announcedthat six more companies (CA Technologies, Cisco, HPE, Microsoft, SAP, andSUSE) have agreed to apply the GPLv3 termination conditions (wherein aviolator's license is automatically restored if the problem is fixed in atimely manner) to GPLv2-licensed code. "GPL version 3 (GPLv3)introduced an approach to termination that offers distributors of the codean opportunity to correct errors and mistakes in license compliance. Thisapproach allows for enforcement of license compliance consistent with acommunity in which heavy-handed approaches to enforcement, including forfinancial gain, are out of place."

Security updates have been issued by Arch Linux (clamav, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), openSUSE (various KMPs), Oracle (firefox), Scientific Linux (firefox), SUSE (java-1_7_1-ibm), and Ubuntu (memcached).

In my previous article, I gave an introductionto the open architecture of RISC-V. This articlelooks at howI and a small team of Fedorausers ported a large part of the Fedora package set to RISC-V. It was adaunting task, especially when there is no real hardware or existinginfrastructure, but we were able to get there in a part-time effort over ayear and a half or so.Subscribers can read on for a look at getting Fedora onto RISC-V by guestauthor Richard W.M. Jones.

Some years ago, prominent community leaders doubted that even short-term stable maintenance of kernel releases was feasible. Morerecently, selecting an occasional kernel for a two-year maintenance cyclehas become routine, and some kernels, such as 3.2 under the care of BenHutchings, have received constant maintenance for as much as six years. Buteven that sort of extended maintenance is not enough for some use cases, asYoshitake Kobayashi explained in his Embedded Linux Conference talk. Tomeet those needs, the CivilInfrastructure Platform (CIP) project is setting out to maintain releases for a minimum of 20 years.

Stable kernels 4.15.11 and 4.14.28 have been released. They both containmany fixes throughout the tree and users should upgrade.

Security updates have been issued by Arch Linux (firefox, libvorbis, and ntp), Debian (curl, firefox-esr, gitlab, libvorbis, libvorbisidec, openjdk-8, and uwsgi), Fedora (firefox, ImageMagick, kernel, and mailman), Gentoo (adobe-flash, jabberd2, oracle-jdk-bin, and plasma-workspace), Mageia (bugzilla, kernel, leptonica, libtiff, libvorbis, microcode, python-pycrypto, SDL_image, shadow-utils, sharutils, and xerces-c), openSUSE (exempi, firefox, GraphicsMagick, libid3tag, libraw, mariadb, php5, postgresql95, SDL2, SDL2_image, ucode-intel, and xmltooling), Red Hat (firefox), Slackware (firefox and libvorbis), SUSE (microcode_ctl and ucode-intel), and Ubuntu (firefox and php5, php7.0, php7.1).

The 4.16-rc6 kernel prepatch is out."Go test, things are stable and there's no reason to worry, but allthe usual reasons to just do a quick build and verification that everythingworks for everybody. Ok?"

Greg Kroah-Hartman has released the 4.9.88,4.4.122, and 3.18.100 stable kernels. As usual, theycontain fixes throughout the tree and users of those series should upgrade.

Security updates have been issued by CentOS (firefox), Debian (clamav and firefox-esr), openSUSE (Chromium and kernel-firmware), Oracle (firefox), Red Hat (ceph), Scientific Linux (firefox), Slackware (curl), and SUSE (java-1_7_1-ibm and mariadb).

Over on the Red Hat Developer Program blog, David Malcolm describes a number of usability improvements that he has made for the upcoming GCC 8 release. Malcolm has made a number of the C/C++ compiler error messages much more helpful, including adding hints for integrated development environments (IDEs) and other tools to suggest fixes for syntax and other kinds of errors. "[...] the code is fine, but, as is common with fragments of code seen on random websites, it’s missing #include directives. If you simply copy this into a new file and try to compile it as-is, it fails.This can be frustrating when copying and pasting examples – off the top of your head, which header files are needed by the above? – so for gcc 8 I’ve added hints telling you which header files are missing (for the most common cases)." He has various examples showing what the new error messages and hints look like in the blog post.

Alex Shi's posting of a patch seriesbackporting a set of Meltdown fixes for the arm64 architecture to the4.9 kernel might seem like a normal exercise in making important securityfixes available on older kernels. But this case raised a couple ofinteresting questions about why this backport should be accepted into thelong-term-support kernels — and a couple of equally interesting answers,one of which was rather better received than the other.

Greg Kroah-Hartman has announced the release of the 4.15.10 and 4.14.27 stable kernels. Each contains a largenumber of patches throughout the kernel tree; users should upgrade.

Security updates have been issued by Arch Linux (samba), CentOS (389-ds-base, kernel, libreoffice, mailman, and qemu-kvm), Debian (curl, libvirt, and mbedtls), Fedora (advancecomp, ceph, firefox, libldb, postgresql, python-django, and samba), Mageia (clamav, memcached, php, python-django, and zsh), openSUSE (adminer, firefox, java-1_7_0-openjdk, java-1_8_0-openjdk, and postgresql94), Oracle (kernel and libreoffice), Red Hat (erlang, firefox, flash-plugin, and java-1.7.1-ibm), Scientific Linux (389-ds-base, kernel, libreoffice, and qemu-kvm), SUSE (xen), and Ubuntu (curl, firefox, linux, linux-raspi2, and linux-hwe).

The LWN.net Weekly Edition for March 15, 2018 is available.

<p>As is often the case, the python-ideas mailing list hosted a discussionabout a Python Enhancement Proposal (PEP) recently. In some sense, thisparticular PEPwas created to try to gather together the pros and cons of afeature idea that regularly crops up: statement-local bindings for variablenames. But the discussion of the PEP went in enough different directionsthat it led to calls for an entirely different type of medium in which tohave those kinds of discussions.

Let's Encrypt has announcedthat ACMEv2 (Automated Certificate Management Environment) and wildcardcertificate support is live. ACMEv2 is an updatedversion of the ACME protocol that has gone through the IETF standardsprocess. Wildcardcertificates allow you to secure all subdomains of a domain with asingle certificate. (Thanks to Alphonse Ogulla)

GNOME 3.28 has been released. "This release brings a more beautifulfont, an improved on-screen keyboard and a new 'Usage' application.Improvements to core GNOME applications include support for favorites inFiles and the file chooser, a better month view in the Calendar, supportfor importing pictures from devices in Photos, and many more." Seethe releasenotes for details.

Security updates have been issued by Arch Linux (calibre, dovecot, and postgresql), CentOS (dhcp and mailman), Fedora (freetype, kernel, leptonica, mariadb, mingw-leptonica, net-snmp, nx-libs, util-linux, wavpack, x2goserver, and zsh), Gentoo (chromium), Oracle (389-ds-base, mailman, and qemu-kvm), Red Hat (389-ds-base, kernel, kernel-alt, libreoffice, mailman, and qemu-kvm), Scientific Linux (mailman), Slackware (firefox and samba), and Ubuntu (samba).

LWN has covered the open RISC-V ("risk five") processor architecture before, most recently inthis article. As the ecosystem and tools around RISC-V have started comingtogether, a more detailed look is in order. In a seriesof two articles, guest author Richard W.M. Jones will look atwhat RISC-V is and follow up with an article on how we can nowport Linux distributions to run on it.

The bpfilter proposal posted in Februaryincluded a new type of kernel module that would run as a user-spaceprogram; its purpose is to parse and translate iptables rules under thekernel's control but in a contained, non-kernel setting. These "ELFmodules" were reposted for review as a standalonepatch set in early March. That review has happened; it is agood example of how community involvement can improve a special-purposepatch and turn it into a more generally useful feature.

Anybody running Samba 4 servers probably wants to take a look at thisalert and upgrade their systems. "CVE-2018-1057: On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users."

A company called CTS has disclosed a longseries of vulnerabilities in AMD processors. "The chipset is acentral component on Ryzen and Ryzen Pro workstations: it links theprocessor with hardware devices such as WiFi and network cards, making itan ideal target for malicious actors. The Ryzen chipset is currently beingshipped with exploitable backdoors that could let attackers injectmalicious code into the chip, providing them with a safe haven to operatefrom." See the associatedwhite paper for more details.Update: there are a lot of questions circulating about the actualseverity of these vulnerabilities and the motivations of the peoplereporting them. It may not be time to panic quite yet.

Mozilla has released Firefox 59, the next iteration of Firefox Quantum.From the releasenotes: "On Firefox for desktop, we’ve improved page load times, added tools to annotate and crop your Firefox Screenshots, and made it easier to arrange your Top Sites on the Firefox Home page. On Firefox for Android, we’ve added support for sites that stream video using the HLS protocol."

In the recentarticle about Jupyter and itsnotebooks, we mentioned that a new interface, called JupyterLab, existed in what its developersdescribed as an "early preview" stage. About two weeks after thatarticle appeared, Project Jupyter made a significant announcement: JupyterLab is "ready for users". Users will find a moreintegrated environment for scientific computation that is also more easilyextended. JupyterLab takes the Jupyter Notebook to a level of functionalitythat will propel it well into the next decade—and beyond.

Security updates have been issued by Debian (samba), Fedora (tor), openSUSE (glibc, mysql-connector-java, and shadow), Oracle (dhcp), Red Hat (bind, chromium-browser, and dhcp), Scientific Linux (dhcp), and SUSE (java-1_7_0-openjdk, java-1_8_0-ibm, and java-1_8_0-openjdk).

Variable-length arrays (VLAs) have a non-constant size that is determined (andwhich can vary) at run time; they are supported by the ISO C99standard. Use of VLAs in thekernel has long been discouraged but not prohibited, so there are naturallynumerous VLA instances to be found. A recent push to remove VLAs from thekernel entirely has gained momentum, but it ran into an interesting snag onthe way.

Here is theRust community's plan for the rest of this year. "This year, wewill deliver Rust 2018, marking the first major new edition of Rust since1.0 (aka Rust 2015). We will continue to publish releases every six weeksas usual. But we will designate a release in the latter third of the year(Rust 1.29 - 1.31) as Rust 2018. This new 'edition' of Rust will be theculmination of feature stabilization throughout the year, and will shipwith polished documentation, tooling, and libraries that tie in to thosefeatures."

The Debian Project has released the fourth update to Debian 9 "stretch".As usual, this update mainly adds corrections for security issues, alongwith a few adjustments for serious problems. "Those who frequentlyinstall updates from security.debian.org won't have to update manypackages, and most such updates are included in the point release."

Security updates have been issued by CentOS (389-ds-base, dhcp, kernel, libreoffice, php, quagga, and ruby), Debian (ming, util-linux, vips, and zsh), Fedora (community-mysql, php, ruby, and transmission), Gentoo (newsbeuter), Mageia (libraw and mbedtls), openSUSE (php7 and python-Django), Red Hat (MRG Realtime 2.5), and SUSE (kernel).