LWN.net

The LWN.net Weekly Edition for March 23, 2023 is available.

The concept of copyleft iscompelling in a lot of ways, at least for those who want to promotesoftware freedom in the world. Bradley Kuhn is certainly one of thosepeople and has long been working on various aspects of copyleft licensingand compliance, along with software freedom. He came to Everything Open 2023 to talkabout copyleft, some of its history—and flaws—and to look toward the futureof copyleft.

The6.2.8,6.1.21,5.15.104,5.10.176,5.4.238,4.19.279, and4.14.311stable kernel updates have all been released; each contains another set ofimportant fixes.

Version44 of the GNOME desktop environment has been released. "Thisrelease brings a grid view in the file chooser, improved settings panelsfor Device Security, Accessibility, etc, and refined quick settings in theshell. The Software and Files apps have seen improvements, and a whole slewof new apps has joined the GNOMECircle". See the releasenotes for details.

Security updates have been issued by Fedora (firefox), Oracle (kernel, kernel-container, and nss), and SUSE (curl, dpdk, drbd, go1.18, kernel, openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils, oracleasm, python3, slirp4netns, and xen).

Version 20 of the Java SE platformhas been released. See the features list for anoverview of the big additions, or the release notes for thedetails.

At the end of 2022, Paulus Schoutsen declared 2023 "theyear of voice" for HomeAssistant, the popular open-source home-automation project that hefounded nine years ago. The project's goal this year is to let userscontrol their home with voice commands in their own language, using offlineprocessing instead of sending data to the cloud. Offline voice control hasbeen the holy grail of open-source home-automation systems foryears. Several projects have tried and failed. But with Rhasspy's developer Mike Hansenspearheading Home Assistant's voice efforts, this time things could bedifferent.

Security updates have been issued by Debian (apache2), Oracle (firefox, nss, and openssl), Slackware (curl and vim), SUSE (dpdk, firefox, grafana, oracleasm, python-cffi, python-Django, and qemu), and Ubuntu (ruby2.7, sox, and tigervnc).

Version 9.2 of the GNU coreutils collection — the home of common tools likecp, mv, ls, rm, and more — is out. Thechanges are mostly minor; numerous bugs have been fixed and a few newcommand-line options have been added.

The kernel's direct map makes all of a system's physical memory availableto the kernel within its address space — on 64-bit systems, at least. Thisseemingly simple feature has proved to be hard to maintain, in the face ofthe requirements faced by current systems, while keeping good performance.The latest attempt to address this issue is this patchset from Mike Rapoport adding more direct-map awareness to the kernel'spage allocator.

Security updates have been issued by Debian (firefox-esr, imagemagick, sox, thunderbird, and xapian-core), Fedora (chromium, containernetworking-plugins, guile-gnutls, mingw-python-OWSLib, pack, pypy3.7, sudo, thunderbird, tigervnc, and vim), Mageia (apache, epiphany, heimdal, jasper, libde265, libtpms, liferea, mysql-connector-c++, perl-HTML-StripScripts, protobuf, ruby-git, sqlite3, woodstox-core, and xfig), Oracle (kernel), Red Hat (firefox, nss, and openssl), SUSE (apache2, docker, drbd, kernel, and oracleasm), and Ubuntu (curl, python2.7, python3.10, python3.5, python3.6, python3.8, and vim).

Daniel Stenberg observesthe 25th anniversary of the curl project.

The 6.3-rc3 kernel prepatch is out fortesting. "So rc3 is fairly big, but that's not hugely usual: it's whena lot of the fixes tick up as it takes a while before people find and startreporting issues."

Version16.0.0 of the LLVM compiler suite has been released. As usual, thelist of changes is long; see the specific release notes forLLVM,Clang,Libc++,and others linked from the announcement.

The Free Software Foundation has announcedthe recipients of this year's Free Software Awards:

BPF programs destined to be loaded into the kernel are generally written inC but, increasingly, the environment in which those programs run differssignificantly from the C environment. The BPF virtual machine andassociated verifier make a growing set of checks in an attempt to make BPFcode safe to run. The proposed addition of an iterator mechanism to BPFhighlights the kind of features that are being added — as well as theconstraints placed on programmers by BPF.

The 6.2.7, 6.1.20, 5.15.103, 5.10.175, 5.4.237, 4.19.278, and 4.14.310 stable kernels have been released.As usual, they contain important fixes throughout the kernel tree; usersshould upgrade.

Security updates have been issued by Debian (sox and thunderbird), Fedora (containerd, libtpms, mingw-binutils, mingw-LibRaw, mingw-python-werkzeug, stargz-snapshotter, and tkimg), Slackware (mozilla and openssh), SUSE (apache2, firefox, hdf5, jakarta-commons-fileupload, kernel, perl-Net-Server, python-PyJWT, qemu, and vim), and Ubuntu (abcm2ps, krb5, and linux-intel-iotg).

Amazon has releaseda new version of its vaguely Fedora-based, cloud-optimizeddistribution.

The Software Freedom Conservancy callsout John Deere for failure to comply with the GPL and preventingfarmers from repairing their own equipment.

OpenSSH 9.3 has been released. It includes a couple of security fixes, aswell as adding an option for hash-algorithm selection tossh-keygen and an option that allows configuration checkingwithout actually loading any private keys.

The ublk subsystem enables the creation ofuser-space block drivers that communicate with the kernel using io_uring. Drivers implemented this way showsome promise with regard to performance, but there is a bottleneck in theway: copying data between the kernel and the user-space driver's addressspace. It is thus not surprising that there is interest in implementingzero-copy I/O for ublk. The mailing lists have recently seen threedifferent proposals for how this could be done.

Security updates have been issued by Debian (firefox-esr and pcre2), Oracle (nss), Red Hat (kpatch-patch and nss), SUSE (java-11-openjdk, kernel, and python310), and Ubuntu (emacs24, ffmpeg, firefox, imagemagick, libphp-phpmailer, librecad, and openjpeg2).

The LWN.net Weekly Edition for March 16, 2023 is available.

Using rulesas code to help bridge the gaps between policy creation, itsimplementation, and its, often unintended, effects on people was thesubject of a talk by Pia Andrews on the first day of the inaugural Everything Open conference in Melbourne, Australia. Shehas long been exploring the space of open government,and her talk was a report on whatshe and others have been working on over the last seven years. Everything Open is the successorto the long-running, well-regarded linux.conf.au (LCA); Andrews (then Pia Waugh) gave the opening keynote at LCA 2017 inHobart, Tasmania, and helped organize the 2007 event in Sydney.

The 2023 election for the Debian project leader looks to be a relativelyunexciting affair: incumbent leader Jonathan Carter is running unopposedfor a fourth term. His platform laysout his hopes and plans for that term.

Security updates have been issued by Debian (node-sqlite3 and qemu), Fedora (libmemcached-awesome, manifest-tool, sudo, and vim), Red Hat (gnutls, kernel, kernel-rt, lua, and openssl), Slackware (mozilla), SUSE (amanda, firefox, go1.19, go1.20, jakarta-commons-fileupload, java-1_8_0-openjdk, nodejs18, peazip, perl-Net-Server, python, python-cryptography, python-Django, python3, rubygem-rack, and xorg-x11-server), and Ubuntu (ipython, linux-ibm, linux-ibm-5.4, and linux-kvm).

It would appear that the ipmitool repository hasbeen locked, and its maintainer suspended, by GitHub. This Hacker Newsconversation delves into the reason; evidently the developer wasemployed by a sanctioned Russian company. Ipmitool remains available andwill, presumably, find a new home eventually. (Thanks to Paul Wise).

Writing applications for devices with a lot of resource constraints,such as a small amount of RAM or no memory-management unit (MMU), poses somechallenges. Running a Linux distribution often isn't an option on these devices,but there are operating systems that try to bridge the gap between runninga Linux distribution and using bare-metal development. One of these is Zephyr, a real-time operating system(RTOS) launched by the Linux Foundation in2016. LWN looked in on Zephyr at its four-yearanniversary as well. Seven years after its announcement, Zephyr has made lots of progress and now has an active ecosystem surrounding it.

Security updates have been issued by Debian (redis), Fedora (cairo, freetype, harfbuzz, and qt6-qtwebengine), Red Hat (kpatch-patch), SUSE (chromium, java-1_8_0-openj9, and nodejs18), and Ubuntu (chromium-browser, libxstream-java, php-twig, twig, protobuf, and python-werkzeug).

Version 2.40.0 of the Git source-code management system is out.Changes include a new --merge-base option for merges,a built-in implementation of bisection,Emacs support for git jump,a fair number of smallish user-interface tweaks, and a lot of bug fixes.See the announcement and this GitHubblog entry for the details.

The kernel's software-interrupt ("softirq") mechanism was added prior tothe 1.0 kernel release, but it implements a design seen in systems that werealready old when Linux was born. For much of that time, softirqs have beenan impediment to the kernel community's scalability and response-timegoals, but they have proved resistant to removal. A recent discussion on aproposed new heuristic to mitigate a softirq-related performance problemmay have reinvigorated interest in doing something about this subsystemas a whole rather than just tweaking the parameters of how it operates.

Greg Kroah-Hartman has announced the release of the 6.2.6, 6.1.19,5.15.102, 5.10.174, 5.4.236, 4.19.277, and 4.14.309 stable kernels. These contain asmall number of fixes, including a partial reversion that fixes WiFiproblems that were introduced recently.

Security updates have been issued by Debian (imagemagick, libapache2-mod-auth-mellon, mpv, rails, and ruby-sidekiq), Fedora (chromium, dcmtk, and strongswan), Mageia (chromium-browser-stable, dcmtk, kernel, kernel-linus, libreswan, microcode, redis, and tmux), SUSE (postgresql14 and python39), and Ubuntu (linux-kvm, linux-raspi-5.4, and thunderbird).

The 6.3-rc2 kernel prepatch is out.

The6.2.4 and6.1.17stable kernels have been released; each contains a pair of reverts forproblematic patches in yesterday's updates. But it doesn't stop there;also released are6.2.5,6.1.18, and5.15.100with another set of important fixes.Update: they keep on coming:the large5.10.173,5.4.235,4.19.276, and4.14.308 kernels have been released, as hasthe single-revert 5.15.101 update

The sustainability of free software continues to be mostly unchartedwaters. No team is the same as any other, so copying, say, the Blender Foundation’sapproach to governance will, most likely, not work for other projects. Butthere is value in understanding how various non-commercial organizationsoperate in order to make informed decisions for the governance of new ones.In late 2021, the FreeCAD teamlaunched the FreeCAD ProjectAssociation (FPA) to handle the various assets that belong to this free3D CAD project. In this interview, Yorik van Havre, a longtime FreeCADdeveloper — and current president of the Association — guides us throughthe process of starting and managing the FPA.

The6.2.3,6.1.16, and5.15.99stable kernel updates have been released. The first updates after theclose of a merge window tend to be huge, and these ones certainly fit thatdescription.

Security updates have been issued by Debian (chromium and wireless-regdb), Fedora (caddy, python-cryptography, and redis), Oracle (gnutls), SUSE (hdf5, opera, python-Django, redis, tomcat, and xen), and Ubuntu (apache2 and snakeyaml).

Version1.68.0 of the Rust language has been released. Changes include thestabilization of the "sparse" Cargo protocol, the ability for (some)applications to recover from memory-allocation failures, and "local Pinconstruction":

Security updates have been issued by CentOS (kernel, pesign, samba, and zlib), Oracle (kernel), Slackware (httpd), SUSE (emacs, libxslt, nodejs12, nodejs14, nodejs16, openssl, poppler, python-py, python-wheel, xen, and xorg-x11-server), and Ubuntu (linux-gcp-5.4, linux-gkeop, opusfile, and samba).

The LWN.net Weekly Edition for March 9, 2023 is available.

Way back in 2009, we looked at the prestoplugin for yum, which added support for DeltaRPMs to Fedora. That packageformat allows just the binary differences (i.e. the delta) between aninstalled RPM and its update to be transmitted, which saves networkbandwidth; the receiving system then creates the new RPM from those two pieces before installing it. Supportfor DeltaRPMs was eventually added to the distribution by default, thoughthe feature has never really lived up to expectations—and hopes. Now, it would seemthat Fedora is ready to, in the words of project leader Matthew Miller,"give DeltaRPMs a sad, fond farewell".

Version 4.18 of the Samba interoperability suite is out. Changes includesome significant performance improvements, better error messages, and more;click below for the details.

Version 4.15 of the "anything to PostScript" filter a2ps has been released— the first release since 2007. "This release contains few user-visible changes. It does howevercontain a lot of changes “under the hood”: code clean-up,etc. Therefore, it’s likely that there are new bugs."

Security updates have been issued by Debian (apr), Fedora (c-ares), Oracle (curl, kernel, pesign, samba, and zlib), Red Hat (curl, gnutls, kernel, kernel-rt, and pesign), Scientific Linux (kernel, pesign, samba, and zlib), SUSE (libX11, python-rsa, python3, python36, qemu, rubygem-rack, xorg-x11-server, and xwayland), and Ubuntu (libtpms, linux-ibm, linux-raspi, linux-raspi, python3.7, python3.8, and sofia-sip).

Many wireless sensors broadcast their data using Bluetooth Low Energy (BLE). Their data is easy to receive, but decoding it can be achallenge. Each manufacturer uses its own format, often tied to its ownmobile apps. Integrating all of these sensors into a home-automation systemrequires a lot of custom decoders, which are generally developed byreverse-engineering the protocols. The goal of the BTHomeproject is to change this: it offers a standardized format for sensors tobroadcast their measurements using BLE. BTHome is supported by the Home Assistant home-automation software and by a few open-firmware and open-hardwareprojects.

Asahi Lina has posted aninitial version of a Rust-based driver for Apple AGX graphicsprocessors; the posting includes a fair amount of Rust infrastructure forgraphics drivers in general.

The Flathub organization (in the form of Robert McQueen) has posted a lengthyupdate on the state of Flathub and its plans for the coming year.

Security updates have been issued by Debian (kopanocore), Fedora (golang-github-projectdiscovery-chaos-client, rust-sequoia-octopus-librnp, rust-sequoia-sop, rust-sequoia-sq, and usd), Oracle (libjpeg-turbo and pesign), Red Hat (kernel, kernel-rt, kpatch-patch, osp-director-downloader-container, pesign, rh-mysql80-mysql, samba, and zlib), SUSE (mariadb), and Ubuntu (fribidi, gmp, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-azure-4.15, linux-kvm, linux-raspi2, linux-snapdragon, linux-raspi, nss, python3.6, rsync, systemd, and tiff).