Security updates have been issued by Debian (php7.4), Fedora (gerbv, kernel, openssl, and podman-tui), Oracle (squid:4), Slackware (wavpack), and SUSE (apache2, chafa, containerd, docker and runc, fwupd, fwupdate, libqt5-qtwebengine, oracleasm, and python).
Linux distributions have changed quite a bit over the last 30 years, butthe way that they package software has been relatively static. While the.deb and RPM formats (and others) have evolved with time, their currentform would not be unrecognizable to their creators. Distributors arepushing for change, though. Both the Fedora and openSUSE projects aremoving to reduce the role of the venerable RPM format and switch to Flatpak for much of their softwaredistribution; some users are proving hard to convince that this is a goodidea, though.
Security updates have been issued by Fedora (direnv, golang-github-mattn-colorable, matrix-synapse, pypy3.7, pypy3.8, and pypy3.9), Oracle (squid), SUSE (curl, openssl-1_1, pcre, python-ipython, resource-agents, and rsyslog), and Ubuntu (nss, php7.2, and vim).
The 5.18.10, 5.15.53, 5.10.129, 5.4.204, 4.19.251, 4.14.287, and 4.9.322 stable kernels have been released. Asusual, they contain important fixes throughout the tree.
A regular feature of the EmbeddedLinux Conference (ELC) has been an update on the state of embedded Linux fromconference organizer Tim Bird. It has been quite a few years since I hadthe opportunity to sit in on one, so I took one at the2022 OpenSource Summit North America (OSSNA) in Austin, Texas. OSSNA is anumbrella conference that contains ELC and a whole lot more these days.Bird gave a look at recent kernel features from an embedded perspective,talked a bit about some different technology areas and their impact onembedded Linux, andalso tried to answer a question that Andrew Morton posed in a keynote at ELC in 2008.
Security updates have been issued by Debian (ldap-account-manager), Fedora (openssl1.1, thunderbird, and yubihsm-connector), Mageia (curl, cyrus-imapd, firefox, ruby-git, ruby-rack, squid, and thunderbird), Oracle (firefox, kernel, and thunderbird), Slackware (openssl), SUSE (dpdk, haproxy, and php7), and Ubuntu (gnupg2 and openssl).
Some system administrators running Ubuntu 20.04 had a rough time onJune 8, when Ubuntu published kernel packages containing a particularlynasty bug that was caused by an Ubuntu-specificpatch to the kernel. The bug led to a kernel panic whenever a Docker containerwas started. Fixed packages were made available on June 10, but thereare questions about what went wrongwith handling the patch; in particular, it is surprising that kernel 5.13,which has been beyond its end-of-lifefor months, made it onto machines running Ubuntu 20.04, which is supposedto be a long-term support release.
There has been a fair amount of concern recently about Microsoft's Copilotsystem, which many see as possibly putting its users in violation of free-softwarelicenses. But, naturally, Copilot is not the only offering of this type;Amazon has put out a preview version of "CodeWhisperer", which isalso a machine-learning-based coding tool that was trained on (unspecified)open-source code. From the FAQ:
The kernel has thousands of configuration options, many of which can changethe kernel's behavior in subtle or surprising ways. Among those options isCONFIG_ANDROID,which one might expect to be relatively straightforward; its descriptionreads, in its entirety: "Enable support for various drivers needed onthe Android platform". It turns out that this option does more thanthat, to the surprise of some users. That has led to a plan to remove thisoption, but that has brought a surprise or two of its own — and somedisagreement — as well.
The Debian Long Term Support (LTS) team has announced that Debian 9 ("stretch") has "reached its end-of-life on July 1, 2022,five years after its initial release on June 17, 2017". There will be further updates for a subset of the packages in the release through the Extended LTS project. Meanwhile, the LTS team is moving on to Debian 10 ("buster"):
The 5.19-rc5 kernel prepatch is out fortesting. "So everything looks ok - we certainly have some issues stillbeing looked at, but on the whole 5.19 looks normal, and nothingparticularly bad seems to be going on".
Version4.0.0 of the darktable raw photo editor has been released."The UI has been completely revamped again to improve look andconsistency. Padding, margins, color, contrast, alignment, and icons havebeen reworked throughout". Other changes include new exposure andcolor-calibration modules, a reworked "filmic" color-mapping module, guidedlaplacian highlight reconstruction, and more. (LWN looked at darktable in January).
The5.18.9,5.15.52,5.10.128,5.4.203,4.19.250,4.14.286, and4.9.321stable kernel updates have all been released; each contains yet another setof important fixes.
The CPU scheduler's job has never been easy; it must find a way to allocateCPU time to all tasks in the system that is fair, allows all tasks toprogress, and maximizes the throughput of the system as a whole. Morerecently, it has been called upon to satisfy another constraint: minimizingthe system's energy consumption. There is currently apatch set in circulation, posted by Vincent Donnefort with work fromDietmar Eggemann as well, that changes how this constraint is met. Theactual change is small, but it illustrates how hard it can be to get theneeded heuristics right.
Security updates have been issued by Debian (firefox-esr, isync, kernel, and systemd), Fedora (chromium, curl, firefox, golang-github-vultr-govultr-2, and xen), Mageia (openssl, python-bottle, and python-pyjwt), Red Hat (compat-openssl10, curl, expat, firefox, go-toolset-1.17 and go-toolset-1.17-golang, go-toolset:rhel8, kernel, kpatch-patch, libarchive, libgcrypt, libinput, libxml2, pcre2, php:7.4, php:8.0, qemu-kvm, ruby:2.6, thunderbird, and vim), and Ubuntu (curl, libjpeg6b, and vim).
The Software Freedom Conservancy (SFC) has issued a strong call for free software projects to give up GitHub and to move their repositories elsewhere. There are a number of problems that SFC has identified with the GitHub code-hosting service and, in particular, with its Copilot AI-based code-writing tool that was trained on the community's code stored in the company's repositories. Moving away from GitHub will not be easy, SFC said, but it is important to do so lest the free-software community repeat the SourceForge mistake.
Version1.62.0 of the Rust language has been released. Changes include a newcargo add command, default enum variants, an improved Linuxmutex implementation, a number of stabilized APIs, and more.
The kernel does not lack for memory allocators, so one might well questionthe need for yet another one. As thispatch set from Alexei Starovoitov makes clear, though, the BPFsubsystem feels such a need. The proposed new allocator is intended toincrease the reliability of allocations made within BPF programs, which mightbe run in just about any execution context.
Security updates have been issued by Debian (firefox-esr, firejail, and ublock-origin), Fedora (chromium, firefox, thunderbird, and vim), Mageia (kernel and kernel-linus), Oracle (389-ds-base and python-virtualenv), SUSE (chromium), and Ubuntu (cloud-init).
On the first day of the 2022 LinuxSecurity Summit North America (LSSNA) in Austin, Texas, Stéphane Graberand Christian Brauner gave a presentation on using system-call interceptionfor container security purposes. The idea is to allow unprivilegedcontainers, those without elevated privileges on the host, to stillaccomplish their tasks, some of which require privileges. A fair amount ofwork has been done to make this viable, but there is still more to do.
Security updates have been issued by Debian (blender, libsndfile, and maven-shared-utils), Fedora (openssl), Red Hat (389-ds-base, kernel, kernel-rt, kpatch-patch, and python-virtualenv), Scientific Linux (389-ds-base, kernel, python, and python-virtualenv), and Slackware (curl, mozilla, and openssl).
Version 9.0 of the Vim texteditor has been released. The biggest change would appear to be theaddition of the "Vim9 Script" language for editor customization:
In something of an Open Source Summit tradition, Linus Torvalds and DirkHohndel sit down for a discussion on various topics related to open sourceand, of course, the Linux kernel. OpenSource Summit North America (OSSNA) 2022 in Austin, Texas was noexception, as they reprised their keynote on the first day of theconference. The headline-grabbing part of the chat was Torvalds's declaration that Rust forLinux might get merged as soon as the next merge window, which opens in just a few weeks, but there was plenty more of interest there.
Version102.0 of the Firefox browser is out. Changes include the ability todisable the panel that otherwise materializes on every downloadand the strippingof certain query parameters in extendedtracking protection mode. The stripping will be the default forprivate browsing in the next release.
Security updates have been issued by Debian (nodejs and squid), Fedora (uboot-tools), Red Hat (kernel-rt, kpatch-patch, and python), SUSE (drbd, openssl-1_0_0, oracleasm, and rubygem-rack), and Ubuntu (curl).
Version 2.37.0 of the Gitsource-code management system has been released. Highlights include a newobject-pruning mechanism called "cruft packs", fullintegration of the sparseindex, and more; see this GitHubblog post for more information.
Once upon a time, computers just had one type memory, so memory withina given system was interchangeable. The arrival of non-uniformmemory access (NUMA) systems complicated the situation significantly; nowsome memory was faster to access than the rest, and memory-managementalgorithms had to adapt or performance would suffer. But NUMA was just thestart; today's tiered-memory systems, which may include several tiers ofmemory with different performance characteristics, are adding newchallenges. A couple of relevant patch sets currently under review help toillustrate the types of problems that will have to be solved.
The5.18.7,5.15.50,5.10.125,5.4.201,4.19.249,4.14.285, and4.9.320stable updates have all been released. The 5.x updates are relativelysmall, but the 4.x updates contain a fair number of backportedrandom-number-generator improvements along with the usual fixes.Update: Due to an io_uring problem reported by Greg Thelen in 5.10.125, which was quickly fixed by Jens Axboe, 5.10.126 was released less than 24 hours later.
The network filesystem (NFS) protocol has been with us for nearly 40 years.While defined initially as a stateless protocol, NFS implementations havealways had to manage state, and that need has been increasingly built intothe protocol over successive revisions. The early days of NFS werediscussed, with a focus on state management, in the first part of this series. This articlecompletes the job with a look at the evolution of NFS since, approximately,the beginning of this millennium.
Security updates have been issued by Fedora (ntfs-3g and ntfs-3g-system-compression), SUSE (389-ds, chafa, containerd, mariadb, php74, python3, salt, and xen), and Ubuntu (apache2).
Security updates have been issued by Debian (chromium, firejail, and request-tracker4), Fedora (ghex, golang-github-emicklei-restful, and openssl1.1), Oracle (postgresql), Scientific Linux (postgresql), Slackware (openssl), SUSE (salt and tor), and Ubuntu (apache2 and squid, squid3).
In a keynote at PyCon 2022 in SaltLake City, Utah, Peter Wang introduced another entrant in the field ofin-browser Python interpreters. The Python community has long sought a wayto be able to write Python—instead of JavaScript—to run in web browsers, and therehave been various efforts to do so over the years. Wang announced PyScript as a new framework, built atopone of those earlier projects, to allowPython scripting directly within the browser; those programs have access tomuch of the existing Python ecosystem as well as being able to interactwith the browser document object model (DOM) directly. In addition, he gave some rather eye-opening demonstrations as part of the talk.
LWN.net