LWN.net

Security updates have been issued by Debian (blender and thunderbird), SUSE (ImageMagick, qemu, and sysstat), and Ubuntu (php7.0).

There has been a fair amount of concern recently about Microsoft's Copilotsystem, which many see as possibly putting its users in violation of free-softwarelicenses. But, naturally, Copilot is not the only offering of this type;Amazon has put out a preview version of "CodeWhisperer", which isalso a machine-learning-based coding tool that was trained on (unspecified)open-source code. From the FAQ:

The kernel has thousands of configuration options, many of which can changethe kernel's behavior in subtle or surprising ways. Among those options isCONFIG_ANDROID,which one might expect to be relatively straightforward; its descriptionreads, in its entirety: "Enable support for various drivers needed onthe Android platform". It turns out that this option does more thanthat, to the surprise of some users. That has led to a plan to remove thisoption, but that has brought a surprise or two of its own — and somedisagreement — as well.

The Debian Long Term Support (LTS) team has announced that Debian 9 ("stretch") has "reached its end-of-life on July 1, 2022,five years after its initial release on June 17, 2017". There will be further updates for a subset of the packages in the release through the Extended LTS project. Meanwhile, the LTS team is moving on to Debian 10 ("buster"):

Security updates have been issued by Debian (gnupg2 and kernel), Fedora (golang-github-apache-beam-2, golang-github-etcd-io-gofail, golang-github-intel-goresctrl, golang-github-spf13-cobra, golang-k8s-pod-security-admission, and vim), Oracle (.NET 6.0, compat-openssl10, compat-openssl11, cups, curl, expat, firefox, go-toolset:ol8, grub2,, gzip, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, libarchive, libgcrypt, libinput, libxml2, pcre2, postgresql, python, rsync, rsyslog, ruby:2.6, subversion, thunderbird, vim, xz, and zlib), Scientific Linux (firefox and thunderbird), SUSE (python-nltk and salt), and Ubuntu (linux, linux-aws, linux-hwe-5.13, and linux-oem-5.14).

The 5.19-rc5 kernel prepatch is out fortesting. "So everything looks ok - we certainly have some issues stillbeing looked at, but on the whole 5.19 looks normal, and nothingparticularly bad seems to be going on".

Version4.0.0 of the darktable raw photo editor has been released."The UI has been completely revamped again to improve look andconsistency. Padding, margins, color, contrast, alignment, and icons havebeen reworked throughout". Other changes include new exposure andcolor-calibration modules, a reworked "filmic" color-mapping module, guidedlaplacian highlight reconstruction, and more. (LWN looked at darktable in January).

The5.18.9,5.15.52,5.10.128,5.4.203,4.19.250,4.14.286, and4.9.321stable kernel updates have all been released; each contains yet another setof important fixes.

The CPU scheduler's job has never been easy; it must find a way to allocateCPU time to all tasks in the system that is fair, allows all tasks toprogress, and maximizes the throughput of the system as a whole. Morerecently, it has been called upon to satisfy another constraint: minimizingthe system's energy consumption. There is currently apatch set in circulation, posted by Vincent Donnefort with work fromDietmar Eggemann as well, that changes how this constraint is met. Theactual change is small, but it illustrates how hard it can be to get theneeded heuristics right.

Security updates have been issued by Debian (firefox-esr, isync, kernel, and systemd), Fedora (chromium, curl, firefox, golang-github-vultr-govultr-2, and xen), Mageia (openssl, python-bottle, and python-pyjwt), Red Hat (compat-openssl10, curl, expat, firefox, go-toolset-1.17 and go-toolset-1.17-golang, go-toolset:rhel8, kernel, kpatch-patch, libarchive, libgcrypt, libinput, libxml2, pcre2, php:7.4, php:8.0, qemu-kvm, ruby:2.6, thunderbird, and vim), and Ubuntu (curl, libjpeg6b, and vim).

The Software Freedom Conservancy (SFC) has issued a strong call for free software projects to give up GitHub and to move their repositories elsewhere. There are a number of problems that SFC has identified with the GitHub code-hosting service and, in particular, with its Copilot AI-based code-writing tool that was trained on the community's code stored in the company's repositories. Moving away from GitHub will not be easy, SFC said, but it is important to do so lest the free-software community repeat the SourceForge mistake.

Version1.62.0 of the Rust language has been released. Changes include a newcargo add command, default enum variants, an improved Linuxmutex implementation, a number of stabilized APIs, and more.

The kernel does not lack for memory allocators, so one might well questionthe need for yet another one. As thispatch set from Alexei Starovoitov makes clear, though, the BPFsubsystem feels such a need. The proposed new allocator is intended toincrease the reliability of allocations made within BPF programs, which mightbe run in just about any execution context.

Security updates have been issued by Debian (firefox-esr, firejail, and ublock-origin), Fedora (chromium, firefox, thunderbird, and vim), Mageia (kernel and kernel-linus), Oracle (389-ds-base and python-virtualenv), SUSE (chromium), and Ubuntu (cloud-init).

The LWN.net Weekly Edition for June 30, 2022 is available.

On the first day of the 2022 LinuxSecurity Summit North America (LSSNA) in Austin, Texas, Stéphane Graberand Christian Brauner gave a presentation on using system-call interceptionfor container security purposes. The idea is to allow unprivilegedcontainers, those without elevated privileges on the host, to stillaccomplish their tasks, some of which require privileges. A fair amount ofwork has been done to make this viable, but there is still more to do.

CODE22.05 has been released; this is the "developer edition" of theCollabora Online offering formerly known as LibreOffice Online.

Philip Herron has posted an update on the status of the GCC front-endcompiler for the Rust language.

The5.18.8,5.15.51,5.10.127, and5.4.202stable kernel updates have been released; each contains another set ofimportant fixes.

Version102 of the Thunderbird email client has been released.

Security updates have been issued by Debian (blender, libsndfile, and maven-shared-utils), Fedora (openssl), Red Hat (389-ds-base, kernel, kernel-rt, kpatch-patch, and python-virtualenv), Scientific Linux (389-ds-base, kernel, python, and python-virtualenv), and Slackware (curl, mozilla, and openssl).

Version 9.0 of the Vim texteditor has been released. The biggest change would appear to be theaddition of the "Vim9 Script" language for editor customization:

In something of an Open Source Summit tradition, Linus Torvalds and DirkHohndel sit down for a discussion on various topics related to open sourceand, of course, the Linux kernel. OpenSource Summit North America (OSSNA) 2022 in Austin, Texas was noexception, as they reprised their keynote on the first day of theconference. The headline-grabbing part of the chat was Torvalds's declaration that Rust forLinux might get merged as soon as the next merge window, which opens in just a few weeks, but there was plenty more of interest there.

Version102.0 of the Firefox browser is out. Changes include the ability todisable the panel that otherwise materializes on every downloadand the strippingof certain query parameters in extendedtracking protection mode. The stripping will be the default forprivate browsing in the next release.

Security updates have been issued by Debian (nodejs and squid), Fedora (uboot-tools), Red Hat (kernel-rt, kpatch-patch, and python), SUSE (drbd, openssl-1_0_0, oracleasm, and rubygem-rack), and Ubuntu (curl).

Version 2.37.0 of the Gitsource-code management system has been released. Highlights include a newobject-pruning mechanism called "cruft packs", fullintegration of the sparseindex, and more; see this GitHubblog post for more information.

Once upon a time, computers just had one type memory, so memory withina given system was interchangeable. The arrival of non-uniformmemory access (NUMA) systems complicated the situation significantly; nowsome memory was faster to access than the rest, and memory-managementalgorithms had to adapt or performance would suffer. But NUMA was just thestart; today's tiered-memory systems, which may include several tiers ofmemory with different performance characteristics, are adding newchallenges. A couple of relevant patch sets currently under review help toillustrate the types of problems that will have to be solved.

Here's anupdate on recent KDE application development on KDE.news:

Miguel Ojeda has posted anupdate on the Rust-for-Linux project.

Security updates have been issued by Debian (openssl), Fedora (dotnet6.0, mediawiki, and python2.7), Mageia (389-ds-base, chromium-browser-stable, exo, and libtiff), Oracle (httpd:2.4 and microcode_ctl), SUSE (dbus-broker, drbd, kernel, liblouis, mariadb, openssl, openssl-1_1, openSUSE kernel modules, oracleasm, php7, php72, python39, salt, and wdiff), and Ubuntu (linux, linux-hwe, mozjs91, and vim).

The 5.19-rc4 kernel prepatch is out fortesting.

The5.18.7,5.15.50,5.10.125,5.4.201,4.19.249,4.14.285, and4.9.320stable updates have all been released. The 5.x updates are relativelysmall, but the 4.x updates contain a fair number of backportedrandom-number-generator improvements along with the usual fixes.Update: Due to an io_uring problem reported by Greg Thelen in 5.10.125, which was quickly fixed by Jens Axboe, 5.10.126 was released less than 24 hours later.

The network filesystem (NFS) protocol has been with us for nearly 40 years.While defined initially as a stateless protocol, NFS implementations havealways had to manage state, and that need has been increasingly built intothe protocol over successive revisions. The early days of NFS werediscussed, with a focus on state management, in the first part of this series. This articlecompletes the job with a look at the evolution of NFS since, approximately,the beginning of this millennium.

Security updates have been issued by Fedora (ntfs-3g and ntfs-3g-system-compression), SUSE (389-ds, chafa, containerd, mariadb, php74, python3, salt, and xen), and Ubuntu (apache2).

Drew DeVault takesissue with GitHub's "Copilot" offering and the licensing issues that it raises:

Security updates have been issued by Debian (chromium, firejail, and request-tracker4), Fedora (ghex, golang-github-emicklei-restful, and openssl1.1), Oracle (postgresql), Scientific Linux (postgresql), Slackware (openssl), SUSE (salt and tor), and Ubuntu (apache2 and squid, squid3).

The LWN.net Weekly Edition for June 23, 2022 is available.

Mark Wielaard writesabout improvements at Sourceware, the site that holds the repositoryfor many projects in the GNU toolchain and beyond.

In a keynote at PyCon 2022 in SaltLake City, Utah, Peter Wang introduced another entrant in the field ofin-browser Python interpreters. The Python community has long sought a wayto be able to write Python—instead of JavaScript—to run in web browsers, and therehave been various efforts to do so over the years. Wang announced PyScript as a new framework, built atopone of those earlier projects, to allowPython scripting directly within the browser; those programs have access tomuch of the existing Python ecosystem as well as being able to interactwith the browser document object model (DOM) directly. In addition, he gave some rather eye-opening demonstrations as part of the talk.

The5.18.6,5.15.49,5.10.124, and5.4.200stable kernel updates have been released; each contains another set ofimportant fixes.

Security updates have been issued by Debian (exo and ntfs-3g), Fedora (collectd, golang-github-cli-gh, grub2, qemu, and xen), Red Hat (httpd:2.4, kernel, and postgresql), SUSE (drbd, fwupdate, neomutt, and trivy), and Ubuntu (apache2, openssl, openssl1.0, and qemu).

In the final filesystem session at the2022 Linux Storage,Filesystem, Memory-management and BPF Summit (LSFMM), David Howells leda discussion on a filesystem optimization that is causing various kinds ofproblems. Extent-based filesystems have data structures that sometimes donot reflect the holes that exist in files. Reads from holes in sparse files (i.e. files withholes) must return zeroes, but filesystems are not obligated to maintain knowledge ofthe holes beyond that, which leads to the problems.This concludes our coverage of LSFMM 2022.

Security updates have been issued by Debian (tzdata), Oracle (cups), and SUSE (atheme, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, node_exporter, python36, release-notes-susemanager, release-notes-susemanager-proxy, SUSE Manager 4.1.15 Release Notes, SUSE Manager Client Tools, and SUSE Manager Server 4.2).

ThisMeta blog post by Johannes Weiner and Dan Schatzberg describes a set ofmemory-management changes used there that they call "transparent memoryoffloading".

I recently had cause to reflect on the changes to the NFS (Network FileSystem) protocol over the years and found that it was a story worthtelling. It would be easy for such a story to become swamped by thedetails, as there are many of those, but one idea does stand out fromthe rest. The earliest version of NFS has been described as a"stateless" protocol, a term I still hear used occasionally. Much ofthe story of NFS follows the growth in the acknowledgment of, andsupport for, state. This article looks at the evolution of NFS (and itshandling of state) during theearly part of its life; a second installment will bring the story up to thepresent.

Security updates have been issued by Debian (cyrus-imapd, exo, sleuthkit, slurm-wlm, vim, and vlc), Fedora (golang-github-docker-libnetwork, kernel, moby-engine, ntfs-3g-system-compression, python-cookiecutter, python2.7, python3.6, python3.7, python3.8, python3.9, rubygem-mechanize, and webkit2gtk3), Mageia (bluez, dnsmasq, exempi, halibut, and php), Oracle (.NET 6.0, .NET Core 3.1, and xz), SUSE (chafa, firejail, kernel, python-Twisted, and tensorflow2), and Ubuntu (intel-microcode).

The 5.19-rc3 kernel prepatch is out fortesting. "5.19-rc3 is fairly small, and just looking at the diffstat, a lot ofit ends up being in the documentation subdirectory. With another chunkin selftests."

Some kernel features last longer than others. Support for forward-edgecontrol-flow integrity (CFI) for kernels compiled with LLVM was added to the 5.13kernel, but now there is already a replacement knocking on the door.Control-flow integrity will remain, but the new implementation will besignificantly different — and seemingly better in a number of ways.

The Tor Project has released a newannual report.

Security updates have been issued by Fedora (kernel, liblouis, ntfs-3g, php, shim, shim-unsigned-aarch64, shim-unsigned-x64, thunderbird, and vim), Mageia (chromium-browser-stable and golang), Red Hat (grub2, mokutil, and shim and grub2, mokutil, shim, and shim-unsigned-x64), SUSE (389-ds, apache2, kernel, mariadb, openssl, openssl-1_0_0, rubygem-actionpack-5_1, rubygem-activesupport-5_1, and vim), and Ubuntu (exempi, kernel, linux, linux-aws, linux-aws-hwe, linux-aws-5.13, linux-aws-5.4, linux-azure, linux-azure-4.15, linux-azure-5.13, linux-azure-5.4, linux-azure-fde, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gcp-5.13, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.13, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-intel-5.13, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-oracle-5.13, linux-oracle-5.4, and spip).