LWN.net

Greg Kroah-Hartman has announced the release of the 5.16.1, 5.15.15, 5.10.92, and 5.4.172 stable kernels. They contain arelatively small set of important fixes; users should upgrade.

Security updates have been issued by Debian (chromium, firefox-esr, ghostscript, libreswan, prosody, sphinxsearch, thunderbird, and uriparser), Fedora (cryptsetup, flatpak, kernel, mingw-uriparser, python-celery, python-kombu, and uriparser), Mageia (htmldoc, mbedtls, openexr, perl-CPAN, systemd, thunderbird, and vim), openSUSE (chromium and prosody), Red Hat (httpd, kernel, and samba), Scientific Linux (kernel), Slackware (expat), SUSE (ghostscript), and Ubuntu (pillow).

The ongoing memory folio work has causedripples through much of the kernel and inspired a few side projects, one ofwhich was the removal of slab-specificfields from struct page. That work has been pulled into themainline for the 5.17 kernel release; it is thus a good time to catch upwith the status of struct slab and why this work is important.

Version1.58.0 of the Rust programming language is available.

Libre Arts has posted aninterview with four Inkscape developers.

Security updates have been issued by Debian (firefox-esr), Fedora (cockpit, python-cvxopt, and vim), openSUSE (libmspack), Oracle (webkitgtk4), Scientific Linux (firefox and thunderbird), SUSE (kernel and libmspack), and Ubuntu (firefox and pillow).

As of this writing, just short of 7,000 non-merge commits have been pulledinto the mainline kernel repository for the 5.17 release. The changespulled thus far bring new features across the kernel; read on for a summaryof what has been merged during the first half of the 5.17 merge window.

Security updates have been issued by Debian (epiphany-browser, lxml, and roundcube), Fedora (gegl04, mingw-harfbuzz, and mod_auth_mellon), openSUSE (openexr and python39-pip), Oracle (firefox and thunderbird), Red Hat (firefox and thunderbird), SUSE (apache2, openexr, python36-pip, and python39-pip), and Ubuntu (apache-log4j1.2, ghostscript, linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, and systemd).

The LWN.net Weekly Edition for January 13, 2022 is available.

The deadlinesfor various kinds of Fedora 36 change proposals have mostly passed atthis point, which led to something of a flurry of postings to thedistribution's devel mailing list over the last month. One of those, for a seemingly fairlyinnocuous relocation of the RPM database from /var to/usr, came in right at the buzzer for system-wide changes onDecember 29. There were, of course, other things going on around thattime, holidays, vacations, and so forth, so the discussion was relativelymuted until recently. Proponents have a number of reasons why they would liketo see the move, but there is resistance, as well, that is due, at least in part, to thelongstanding "tradition" of the location for the database.

Version8.0 of the IPython read-eval-print-loop implementation for Python isout.

David Malcolm describessome GCC improvements to defend against bidirectional-text attacks insource code.

Security updates have been issued by Debian (cfrpki, gdal, and lighttpd), Fedora (perl-CPAN and roundcubemail), Mageia (firefox), openSUSE (jawn, kernel, and thunderbird), Oracle (kernel, openssl, and webkitgtk4), Red Hat (cpio, idm:DL1, kernel, kernel-rt, openssl, virt:av and virt-devel:av, webkit2gtk3, and webkitgtk4), Scientific Linux (openssl and webkitgtk4), SUSE (kernel and thunderbird), and Ubuntu (apache-log4j2, ghostscript, and lxml).

Enterprise distributions are famous for maintaining the same versions ofsoftware throughout their, normally five-year-plus, support windows. Butmany of the projects those distributions are based on have far shortersupport periods; part of what the enterprise distributions sell is patchingover those mismatches. But openSUSE Leap is not exactly anenterprise distribution, so some users are chafing under the restrictionsthat come from Leap being based on SUSE Enterprise Linux (SLE). Inparticular, shipping Python 3.6, which reached its end of life at theend of 2021, is seen as problematic for the upcoming Leap 15.4 release.

The5.15.14,5.10.91,5.4.171,4.19.225,4.14.262,4.9.297, and4.4.299 stable kernel updates have all beenreleased; each contains another set of important fixes.

Security updates have been issued by Debian (clamav, vim, and wordpress), Mageia (ghostscript, osgi-core, apache-commons-compress, python-django, squashfs-tools, and suricata), openSUSE (libsndfile, net-snmp, and systemd), Oracle (httpd:2.4, kernel, and kernel-container), SUSE (libsndfile, libvirt, net-snmp, and systemd), and Ubuntu (exiv2, linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oem-5.10, linux-oracle, linux-oracle-5.11, linux-raspi, linux-oem-5.13, and linux-oem-5.14).

The GTK-based Anaconda installer has long been used to set up Fedora,CentOS, and RHEL systems. This Fedora Community Blog entry describessome significant changes that will appear in a future version ofAnaconda:

The 5.16 kernel was releasedon January 9, as expected. This development cycle incorporated 14,190changesets from 1,988 developers; it was thus quite a bit busier than its predecessor, and fairly typical for recent kernel releases in general. Anew release means that the time has come to have a look at where thosechanges came from.

Here is acomprehensive look on the Libre Arts site at the current state of freesoftware for creative artists.

Bleeping Computer reportson the latest NPM mess: the developer of the "faker" module deleted thecode and it's development history from GitHub (with a force push), replacedit with a malicious alternative, and broke dependencies for numerousapplications.

Security updates have been issued by Debian (ghostscript and roundcube), Fedora (gegl04, mbedtls, and mediawiki), openSUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container and libvirt), and Ubuntu (apache2).

Linus Torvalds has released the 5.16kernel, as expected. Significant changes in 5.16 includethe futex_waitv() system call,cluster-aware CPU scheduling,some internal memcpy() hardening,memory folios,the DAMON operating schemesuser-space memory-management mechanism,and much more. See the LWN merge-window summaries(part 1,part 2) and the KernelNewbies 5.16 page fordetails.

Linux Mint has announced its 20.3 ("Una") release for three different desktop environments: the Cinnamon, MATE, and Xfce editions. Mint 20.3 is a long-term support release, with support lasting until 2025. Each edition comes with a long list of new features (Cinnamon, MATE, and Xfce) and detailed release notes (Cinnamon, MATE, and Xfce).

Linux supports processor architectures where CPUs in the same systemmight have different processing capacities; for example, the Arm big.LITTLEsystems combine fast, power-hungry CPUs with slower, more efficientones. Linux has also run for years on simultaneousmultithreading (SMT) architectures, where one CPU executes multipleindependent execution threads and is seen as if it were multiple cores.There are architectures that mix both approaches. A recent discussionon a patchset submitted by Ricardo Neri shows that, on these systems, thescheduler might distribute tasks in an inefficient way.

Security updates have been issued by Debian (sphinxsearch), Fedora (chromium and vim), Red Hat (rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and Ubuntu (apache2 and webkit2gtk).

The Unix signalinterface is complex and hard to work with; some developers have argued that its design is"unfixable". So when Walt Drummond proposedincreasing the number of signals that Linux systems could manage, eyebrowscould be observed at increased altitude across the Internet. The proposedincrease seems unlikely to happen, but the underlying goal — to support adecades-old feature from other operating systems — may yet become areality.

Security updates have been issued by Fedora (log4j and quaternion), Mageia (gnome-shell and singularity), SUSE (libsndfile, libvirt, net-snmp, and python-Babel), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oem-5.10, and linux-oem-5.14).

The LWN.net Weekly Edition for January 6, 2022 is available.

The OpenSSH suite of tools forsecure remote logins is used widely within our communities; it alsounderlies things like remote Git repository access.A recent experimental feature for the upcoming OpenSSH 8.9 releasewill help close a security hole that can be exploited by attacker-controlled SSH servers (e.g. sshd) when the user is forwardingauthentication to a local ssh-agent. Insteadof allowing the keys held in the agent to be used for authenticating to anyhost where they might work, SSH agent restriction will allow users to specify where and how those keys can beused.

The5.15.13,5.10.90,5.4.170,4.19.224,4.14.261,4.9.296, and4.4.298stable kernel updates have all been released. These medium-size updatesall contain another set of important fixes.

Security updates have been issued by CentOS (xorg-x11-server), Debian (apache2), openSUSE (libvirt), Oracle (grafana, qemu, and xorg-x11-server), Red Hat (idm:DL1, samba, and telnet), SUSE (libvirt), and Ubuntu (python-django).

File-integrity management for the Fedora distributionhas been the overarching theme of a number of different feature proposalsover the last year or so. In general, they have been met with skepticism,particularly with regard to how well the features mesh with Fedora'sgoals, but also in how they will change the process of building RPMpackages. A new proposal that would allow systems to (optionally) perform remoteattestation is likewise encountering headwinds; there are severaldifferent concerns being raised in the discussion of it.

The Gentoo Linux project looks back at2021.

Version 1.22.0 of the NumPy scientific computing module is out."NumPy 1.22.0 is a big release featuring the work of 153contributors spread over 609 pull requests. There have been manyimprovements". Those improvements include the "essentiallycomplete" annotation of the main namespace, a preliminary version ofthe proposed Array API, and more.

Security updates have been issued by Debian (salt and thunderbird), Red Hat (xorg-x11-server), and Scientific Linux (xorg-x11-server).

It is 2022 already, and that can only mean one thing: it's time for youreditor to make a (bigger) fool of himself by posting a set ofpredictions for what may come in the new year. One should never pass up anopportunity for a humbling experience, after all. There can be no doubtthat interesting things will happen this year; let's see how many randomdarts thrown in that direction can hit close to the mark.

Longtime GnuPG maintainer Werner Koch has posted an update on the project,mostly focused on the new associated "GnuPG VS-Desktop" business that is,it seems, going quite well:

The GIMP project has put out areport summarizing a year of development on this image-manipulationapplication.

Security updates have been issued by Debian (thunderbird), Fedora (kernel, libopenmpt, and xorg-x11-server), Mageia (gegl, libgda5.0, log4j, ntfs-3g, and wireshark), openSUSE (log4j), and Red Hat (grafana).

Kernel developer Ingo Molnar has been quiet for a while; now we know why.He has just announced a massiveset of patches (touching over half of the files in the kernel tree)reworking how header files are handled.

The eighth and final 5.16 kernel prepatchis out for testing. "Please, as you emerge from your holiday-inducedfood coma, do give it a quick test so that we can all be happy about thefinal release next weekend".

Version1.0 of the GNOME libadwaita library is out; this will be of interest toGNOME application developers. "Libadwaita is a library implementingthe GNOME HIG, complementing GTK. For GTK 3 this role has increasingly beenplayed by Libhandy, and so Libadwaita is a direct Libhandysuccessor."

Security updates have been issued by Debian (agg, aria2, fort-validator, and lxml), Fedora (libgda, pgbouncer, and xorg-x11-server-Xwayland), Mageia (calibre, e2guardian, eclipse, libtpms/swtpm, nodejs, python-lxml, and toxcore), openSUSE (c-toxcore, gegl, getdata, kernel-firmware, log4j, postrsd, and privoxy), and SUSE (gegl).

When the goal is to push bits over the network as fast as the hardware cango, any overhead hurts. The cost of copying data to be transmittedfrom user space into the kernel can be especially painful; it adds latency,takesvaluable CPU time, and can be hard on cache performance. So it isunsurprising that the developers working with io_uring, which is all about performance, haveturned their attention to zero-copy network transmission. Thispatch set from Pavel Begunkov, now in its second revision, looks to besignificantly faster than the MSG_ZEROCOPY option supported by currentkernels.

Security updates have been issued by Debian (advancecomp, apache-log4j2, postgis, spip, uw-imap, and xorg-server), Mageia (kernel and kernel-linus), Scientific Linux (log4j), and SUSE (kernel-firmware and mariadb).

The5.15.12,5.10.89,5.4.169,4.19.223,4.14.260,4.9.295, and4.4.297stable kernel updates have all been released. These should be the lastupdates for this year; as usual, they all contain more important fixes andupdates.

Security updates have been issued by Debian (firefox-esr, python-gnupg, resiprocate, and ruby-haml), Fedora (mod_auth_mellon), openSUSE (thunderbird), Slackware (wpa_supplicant), and SUSE (gegl).

The kernel's thread model is relatively straightforward and performsreasonably well, but that's not enough for all users. Specifically, thereare use cases out there that benefit from a lightweight threading modelthat gives user space control over scheduling decisions. Back in May 2021,Peter Oskolkov posted a patch set implementing an abstraction known as user-managedconcurrency groups, or UMCG. Several revisions later, many observersstill lack a clear idea of what this patch is supposed to do, much lesswhether it is a good idea for the kernel. Things have taken a turn,though, with Peter Zijlstra's reimplementationof UMCG.

Security updates have been issued by Debian (djvulibre, libzip, monit, novnc, okular, paramiko, postgis, rdflib, ruby2.3, and zziplib), openSUSE (chromium, kafka, and permissions), and SUSE (net-snmp and permissions).

The 5.16-rc7 kernel prepatch is out fortesting. "Obviously the holidays are a big reason it's all small, soit's not like this is a sign of us having found all bugs, and we'll keep atthis for at least two more weeks".