LWN.net

Writing applications for devices with a lot of resource constraints,such as a small amount of RAM or no memory-management unit (MMU), poses somechallenges. Running a Linux distribution often isn't an option on these devices,but there are operating systems that try to bridge the gap between runninga Linux distribution and using bare-metal development. One of these is Zephyr, a real-time operating system(RTOS) launched by the Linux Foundation in2016. LWN looked in on Zephyr at its four-yearanniversary as well. Seven years after its announcement, Zephyr has made lots of progress and now has an active ecosystem surrounding it.

Security updates have been issued by Debian (redis), Fedora (cairo, freetype, harfbuzz, and qt6-qtwebengine), Red Hat (kpatch-patch), SUSE (chromium, java-1_8_0-openj9, and nodejs18), and Ubuntu (chromium-browser, libxstream-java, php-twig, twig, protobuf, and python-werkzeug).

Version 2.40.0 of the Git source-code management system is out.Changes include a new --merge-base option for merges,a built-in implementation of bisection,Emacs support for git jump,a fair number of smallish user-interface tweaks, and a lot of bug fixes.See the announcement and this GitHubblog entry for the details.

The kernel's software-interrupt ("softirq") mechanism was added prior tothe 1.0 kernel release, but it implements a design seen in systems that werealready old when Linux was born. For much of that time, softirqs have beenan impediment to the kernel community's scalability and response-timegoals, but they have proved resistant to removal. A recent discussion on aproposed new heuristic to mitigate a softirq-related performance problemmay have reinvigorated interest in doing something about this subsystemas a whole rather than just tweaking the parameters of how it operates.

Greg Kroah-Hartman has announced the release of the 6.2.6, 6.1.19,5.15.102, 5.10.174, 5.4.236, 4.19.277, and 4.14.309 stable kernels. These contain asmall number of fixes, including a partial reversion that fixes WiFiproblems that were introduced recently.

Security updates have been issued by Debian (imagemagick, libapache2-mod-auth-mellon, mpv, rails, and ruby-sidekiq), Fedora (chromium, dcmtk, and strongswan), Mageia (chromium-browser-stable, dcmtk, kernel, kernel-linus, libreswan, microcode, redis, and tmux), SUSE (postgresql14 and python39), and Ubuntu (linux-kvm, linux-raspi-5.4, and thunderbird).

The 6.3-rc2 kernel prepatch is out.

The6.2.4 and6.1.17stable kernels have been released; each contains a pair of reverts forproblematic patches in yesterday's updates. But it doesn't stop there;also released are6.2.5,6.1.18, and5.15.100with another set of important fixes.Update: they keep on coming:the large5.10.173,5.4.235,4.19.276, and4.14.308 kernels have been released, as hasthe single-revert 5.15.101 update

The sustainability of free software continues to be mostly unchartedwaters. No team is the same as any other, so copying, say, the Blender Foundation’sapproach to governance will, most likely, not work for other projects. Butthere is value in understanding how various non-commercial organizationsoperate in order to make informed decisions for the governance of new ones.In late 2021, the FreeCAD teamlaunched the FreeCAD ProjectAssociation (FPA) to handle the various assets that belong to this free3D CAD project. In this interview, Yorik van Havre, a longtime FreeCADdeveloper — and current president of the Association — guides us throughthe process of starting and managing the FPA.

The6.2.3,6.1.16, and5.15.99stable kernel updates have been released. The first updates after theclose of a merge window tend to be huge, and these ones certainly fit thatdescription.

Security updates have been issued by Debian (chromium and wireless-regdb), Fedora (caddy, python-cryptography, and redis), Oracle (gnutls), SUSE (hdf5, opera, python-Django, redis, tomcat, and xen), and Ubuntu (apache2 and snakeyaml).

Version1.68.0 of the Rust language has been released. Changes include thestabilization of the "sparse" Cargo protocol, the ability for (some)applications to recover from memory-allocation failures, and "local Pinconstruction":

Security updates have been issued by CentOS (kernel, pesign, samba, and zlib), Oracle (kernel), Slackware (httpd), SUSE (emacs, libxslt, nodejs12, nodejs14, nodejs16, openssl, poppler, python-py, python-wheel, xen, and xorg-x11-server), and Ubuntu (linux-gcp-5.4, linux-gkeop, opusfile, and samba).

The LWN.net Weekly Edition for March 9, 2023 is available.

Way back in 2009, we looked at the prestoplugin for yum, which added support for DeltaRPMs to Fedora. That packageformat allows just the binary differences (i.e. the delta) between aninstalled RPM and its update to be transmitted, which saves networkbandwidth; the receiving system then creates the new RPM from those two pieces before installing it. Supportfor DeltaRPMs was eventually added to the distribution by default, thoughthe feature has never really lived up to expectations—and hopes. Now, it would seemthat Fedora is ready to, in the words of project leader Matthew Miller,"give DeltaRPMs a sad, fond farewell".

Version 4.18 of the Samba interoperability suite is out. Changes includesome significant performance improvements, better error messages, and more;click below for the details.

Version 4.15 of the "anything to PostScript" filter a2ps has been released— the first release since 2007. "This release contains few user-visible changes. It does howevercontain a lot of changes “under the hood”: code clean-up,etc. Therefore, it’s likely that there are new bugs."

Security updates have been issued by Debian (apr), Fedora (c-ares), Oracle (curl, kernel, pesign, samba, and zlib), Red Hat (curl, gnutls, kernel, kernel-rt, and pesign), Scientific Linux (kernel, pesign, samba, and zlib), SUSE (libX11, python-rsa, python3, python36, qemu, rubygem-rack, xorg-x11-server, and xwayland), and Ubuntu (libtpms, linux-ibm, linux-raspi, linux-raspi, python3.7, python3.8, and sofia-sip).

Many wireless sensors broadcast their data using Bluetooth Low Energy (BLE). Their data is easy to receive, but decoding it can be achallenge. Each manufacturer uses its own format, often tied to its ownmobile apps. Integrating all of these sensors into a home-automation systemrequires a lot of custom decoders, which are generally developed byreverse-engineering the protocols. The goal of the BTHomeproject is to change this: it offers a standardized format for sensors tobroadcast their measurements using BLE. BTHome is supported by the Home Assistant home-automation software and by a few open-firmware and open-hardwareprojects.

Asahi Lina has posted aninitial version of a Rust-based driver for Apple AGX graphicsprocessors; the posting includes a fair amount of Rust infrastructure forgraphics drivers in general.

The Flathub organization (in the form of Robert McQueen) has posted a lengthyupdate on the state of Flathub and its plans for the coming year.

Security updates have been issued by Debian (kopanocore), Fedora (golang-github-projectdiscovery-chaos-client, rust-sequoia-octopus-librnp, rust-sequoia-sop, rust-sequoia-sq, and usd), Oracle (libjpeg-turbo and pesign), Red Hat (kernel, kernel-rt, kpatch-patch, osp-director-downloader-container, pesign, rh-mysql80-mysql, samba, and zlib), SUSE (mariadb), and Ubuntu (fribidi, gmp, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-azure-4.15, linux-kvm, linux-raspi2, linux-snapdragon, linux-raspi, nss, python3.6, rsync, systemd, and tiff).

Linus Torvalds released6.3-rc1 and closed the 6.3 merge window as expected on March 5.By that time, 12,717 non-merge commits (and 848 merges) had found theirway into the mainline kernel; nearly 7,000 of those commits came in after the first-half merge-window summary waswritten. The second half of the 6.3 merge window was thus a busy time,with quite a bit of new functionality landing in the mainline.

Heise interviewsMiguel Ojeda about the Rust-for-Linux project.

Security updates have been issued by Debian (apache2, libde265, libreswan, spip, syslog-ng, and xfig), Fedora (edk2, libtpms, python-django3, stb, sudo, vim, and xen), Red Hat (libjpeg-turbo and pesign), SUSE (kernel, python36, samba, and trivy), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-oracle, linux-aws-hwe, linux-oracle, and linux-bluefield).

The 6.3-rc1 kernel prepatch is out, and themerge window is closed for this development cycle.

On March 7, 2003, a struggling company called The SCO Group filed a lawsuit against IBM, claiming that thesuccess of Linux was the result of a theft of SCO's technology. Twodecades later, it is easy to look back on that incident as a somewhathumorous side-story in the development of Linux. At the time, though, itshook our community to its foundations. It is hard to overestimate howmuch the community we find ourselves in now was shaped by a ridiculouslawsuit 20 years ago.

Thorsten Kukuk demonstratesthat we are not done with year-2038 problems yet.

Greg Kroah-Hartman has announced the release of the 6.2.2, 6.1.15,5.15.97, 5.10.171, 5.4.234, and 4.19.275 stable kernels. All contain arelatively small number of important fixes.Update:5.15.98 and5.10.172have subsequently been released with an io_uring fix.

Security updates have been issued by Debian (linux-5.10 and node-css-what), SUSE (gnutls, google-guest-agent, google-osconfig-agent, nodejs10, nodejs14, nodejs16, opera, pkgconf, python-cryptography, python-cryptography-vectors, rubygem-activesupport-4_2, thunderbird, and tpm2-0-tss), and Ubuntu (git, kernel, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-lowlatency, linux-oracle, linux-azure-fde, linux-oem-5.14, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, php7.0, python-pip, ruby-rack, spip, and sudo).

While the 6.3 kernel has gained more support for the Rust language, itstill remains true that there is little that can be done in Rust beyond thecreation of a "hello world" module. That functionality was alreadyavailable in C, of course, with a level of safety similar to what Rust canprovide. Interest is growing, though, in merging actually useful moduleswritten in Rust; that will require some more capable infrastructure than iscurrently present. A recent discussion on the handling of time values inRust demonstrates the challenges — and opportunities — inherent in thiseffort.

Security updates have been issued by CentOS (git), Debian (spip), Fedora (epiphany), Mageia (binwalk, chromium-browser-stable, crmsh, emacs, libraw, libtiff, nodejs, pkgconf, tar, and vim), Oracle (kernel and systemd), SUSE (emacs, kernel, nrpe, and rubygem-activerecord-4_2), and Ubuntu (c-ares, git, postgresql-12, postgresql-14, and sox).

The LWN.net Weekly Edition for March 2, 2023 is available.

The Python-packaging discussions continued in January and February; theyshow no sign of abating in March either. This time around, we look (again)at tools for packaging, including a brand new Rust-based entrant. There isalso a proposal to have interested parties create Python EnhancementProposals (PEPs) for packaging solutions that would be judged by a panel ofPEP delegates in order to try to choose something that the whole communitycan rally around—without precluding the existence of other options. Asalways, it is all a difficult balancing act.

Konstantin Ryabitsev has arequest for anybody who is using mutt for kernel work:

The waiting is done; version4.0 of the Godot game engine has been released.

Security updates have been issued by Debian (multipath-tools and syslog-ng), Fedora (gnutls and guile-gnutls), Oracle (git, httpd, lua, openssl, php, python-setuptools, python3.9, sudo, tar, and vim), Red Hat (kpatch-patch), Scientific Linux (git), SUSE (compat-openssl098, glibc, openssl, postgresql13, python-Django, webkit2gtk3, and xterm), and Ubuntu (awstats, expat, firefox, gnutls28, lighttpd, php7.2, php7.4, php8.1, python-pip, and tar).

Linux users often work with text files; tools like grep,awk, and sed are standard utilities in their toolbox. However, thesetools fall short when trying to extract or edit data from files in a binary format, analyzecorrupt media files, or for parsing a binary data format. FOSDEM 2023 in Brussels had a whole binary toolsdevroom dedicated to open-source programs that deal with binary data.

Security updates have been issued by Debian (curl, python-werkzeug, and spip), Fedora (curl), Mageia (apache-commons-fileupload, apr, c-ares, clamav, git, gnutls, ipython, jupyter-core, php, postgresql, python-cryptography, python-jupyterlab, python-twisted, sofia-sip, and sox), Red Hat (git, httpd, kernel, kernel-rt, kpatch-patch, lua, openssl, pcs, php, python-setuptools, python3.9, systemd, tar, vim, and zlib), SUSE (libxslt, php8, postgresql15, python3, tpm2-0-tss, and ucode-intel), and Ubuntu (curl, mplayer, openjdk-17, openjdk-19, openjdk-lts, openjdk-8, python3.9, and ruby-rack).

The Asahi Linux project has posted anupdate and reality check on the status of Linux support for Apple's M1hardware.

Most of the kernel's code is written in C and intended to be run directlyon the underlying hardware. That situation is changing in a few ways,though; one of those is the ability to write kernel code for the BPFvirtual machine. The 6.3 kernel release will include a new API making the red-black tree data structure available to BPFprograms. Beyond being an interesting feature in its own right, this newAPI shows how BPF is bringing a different approach to kernel programming —and to the C language in general.

Security updates have been issued by Debian (apr-util, freeradius, mono, nodejs, php7.3, php7.4, and python-cryptography), Fedora (epiphany, haproxy, and podman), SUSE (chromium, libraw, php7, php74, python-pip, and rubygem-activerecord-4_2), and Ubuntu (apr, clamav, curl, intel-microcode, nss, openvswitch, webkit2gtk, and zoneminder).

The6.2.1,6.1.14,5.15.965.10.170,5.4.233,4.19.274, and4.14.307stable kernel updates have all been released; each contains another set ofimportant fixes.

Developers who build distributions often (but not always) put considerableeffort into backward compatibility, ensuring, for example, that a programbuilt for one release will continue to run on later releases. Forwardcompatibility, where it is possible to move a program (or other artifact)from a more recent release to an older one, can be less of a concern, butit still tends to be seen as something that is better to not break ifpossible. So it is not surprising that an issue affecting theforward-compatibility of ext4 filesystems built for the upcomingDebian 12 ("bookworm") release has generated a fair amount ofdiscussion, even if the number of affected users is likely to be small.

Security updates have been issued by Debian (binwalk, chromium, curl, emacs, frr, git, libgit2, and tiff), Fedora (qt5-qtbase), SUSE (c-ares, kernel, openssl-1_1-livepatches, pesign, poppler, rubygem-activerecord-5_1, and webkit2gtk3), and Ubuntu (linux-aws).

As of this writing, 5,776 non-merge changesets have been pulled into themainline kernel for the 6.3 release; that is a bit less than half of thework that was waiting in linux-next before the merge window opened. Thismerge window is thus well underway, but far from complete. Quite a bit ofsignificant work has been pulled so far; read on to see what entered thekernel in the first half of the 6.3 merge window.

The group working on adding keyword generics to the Rust language isforeshadowing what it plans to propose:

Security updates have been issued by CentOS (firefox and thunderbird), Debian (asterisk, git, mariadb-10.3, node-url-parse, python-cryptography, and sofia-sip), Fedora (c-ares, golang-github-need-being-tree, golang-helm-3, golang-oras, golang-oras-1, and golang-oras-2), Oracle (httpd:2.4, kernel, php:8.0, python-setuptools, python3, samba, systemd, tar, and webkit2gtk3), Red Hat (webkit2gtk3), SUSE (phpMyAdmin, poppler, and postgresql12), and Ubuntu (dcmtk and linux-hwe).

The LWN.net Weekly Edition for February 23, 2023 is available.

The Rust community has been working to reform its governance model; thatwork is now being presented as adraft document describing how that model will work.