Linus Torvalds released5.17-rc1 and closed the 5.17 merge window on January 23 afterhaving pulled just over 11,000 non-merge changesets into the mainlinerepository. A little over 4,000 of those changesets arrived after our first-half merge-window summary waswritten. Activity thus slowed down, as expected, in the second half of themerge window, but there still a number of significant changes that made itin for the next kernel release.
The netfilter project,which works on packet-filtering for the Linux kernel, has announced that ithas reached a settlement(Englishtranslation) with Patrick McHardy that is "legallybinding and it governs any legal enforcement activities" on netfilter programs and libraries as well as thekernel itself. McHardy has been employingquestionable practices in doing GPL enforcement in Germany over thelast six years or more. The practice has been called "copyright trolling" by some and ispart of what led to the creation of The Principles of Community-Oriented GPL Enforcement.
Security updates have been issued by Debian (chromium, golang-1.7, golang-1.8, pillow, qtsvg-opensource-src, util-linux, and wordpress), Fedora (expat, harfbuzz, kernel, qt5-qtsvg, vim, webkit2gtk3, and zabbix), Mageia (glibc, kernel, and kernel-linus), openSUSE (bind, chromium, and zxing-cpp), Oracle (kernel), Red Hat (java-11-openjdk and kpatch-patch), Scientific Linux (java-11-openjdk), SUSE (bind, clamav, zsh, and zxing-cpp), and Ubuntu (aide, dbus, and thunderbird).
One of your editor's long-time hobbies is photography; it is an activitythat can be rewarding even with the lack of any particular talent — a usefulattribute. Photography has changed greatly over the years; as a result,those hard-earned darkroom skills are of little use, and photo processinghas become yet another software problem. This is a field that supports alot of proprietary software, but there is also no shortage of free softwareavailable. The time has come to combine work and pleasure and catch upwith the state of free software for photography, starting with the darktable raw photo editor.
Anybody who upgraded to the recent Rust 1.58.0 release will probably wantto move on to Rust1.58.1; among other things it contains a fix for a securityvulnerability in the standard library. "We recommend all usersto update their toolchain immediately and rebuild their programs with theupdated compiler".
Security updates have been issued by Debian (aide, flatpak, kernel, libspf2, and usbview), Fedora (kernel, libreswan, nodejs, texlive-base, and wireshark), openSUSE (aide, cryptsetup, grafana, permissions, rust1.56, and stb), SUSE (aide, apache2, cryptsetup, grafana, permissions, rust1.56, and webkit2gtk3), and Ubuntu (aide, thunderbird, and usbview).
The kernel community is a busy place, so it is not even remotely possibleto write full-length articles about everything that is going on. Othertopics may be of interest, but not require a longer treatment. Theanswer is a collection of short topics covering developments that are onthe radar; the selection this time around includes folios, themulti-generational LRU, and Rust in the kernel.
Four new stable kernels have been announced: 5.16.2, 5.15.16, 5.10.93, and 5.4.173. These contain a relatively small setof important fixes; users should upgrade.
The Linux framebuffer device (fbdev) subsystem has long languished insomething of a purgatory; it was listed as "orphaned" in theMAINTAINERS file and saw fairly minimal maintenance, mostly drivenby developers working elsewhere in the kernel graphics stack. That allchanged, in an eye-opening way, on January 17, when Linus Torvaldsmerged a changeto make Helge Deller the new maintainer of the subsystem. But it turns outthat the problems in fbdev run deep, at least according to much of the restof the kernel graphics community. By seeming to take on the maintainer role in order torevert the removal of some buggy features from fbdev, Deller has createdsomething of a controversy.
Security updates have been issued by CentOS (firefox, gegl, kernel, and thunderbird), Debian (nvidia-graphics-drivers), Fedora (btrbk and thefuck), Mageia (clamav, kernel, kernel-linus, vim, and wpa_supplicant), openSUSE (java-1_8_0-ibm, jawn, nodejs12, nodejs14, SDL2, and virglrenderer), Red Hat (gegl, gegl04, java-17-openjdk, and kernel-rt), Scientific Linux (gegl and httpd), SUSE (apache2, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libvirt, nodejs12, nodejs14, openstack-monasca-agent, spark, spark-kit, zookeeper, python-Django, python-Django1, python-numpy, SDL2, and virglrenderer), and Ubuntu (byobu, clamav, and ruby2.3, ruby2.5, ruby2.7).
A Python "frozenset" is simply a setobject that is immutable—the objects it contains are determined atinitialization time and cannot be changed thereafter. Like sets, frozensets arebuilt into the language, but unlike most of the other standard Pythontypes, there is no way to create a literal frozenset object. Changing that,by providing a mechanism to do so, was the topic of a recent discussion on the python-ideas mailing list.
January 22, 2022 will be the 24th anniversary of the publication of the first LWN.net Weekly Edition. A lot hashappened in the intervening years; the Linux community has grownimmeasurably, and LWN has grown with it. Later this year will also be the20th anniversary of the adoption of our subscription-based model, which hassustained LWN ever since. There is a change coming for our subscribersthat will, with luck, help to set up LWN to thrive in the coming years.
The Open Invention Network has announcedan expansion of its "Linux System Definition", which is the set of softwarecovered by its patent-protection umbrella.
Security updates have been issued by Debian (slurm-llnl), openSUSE (apache2, ghostscript, and watchman), Red Hat (kernel and telnet), SUSE (apache2, ghostscript, and kernel), and Ubuntu (clamav).
Once again, the COVID pandemic has forced linux.conf.au to go virtual, thusdepriving your editor of a couple of 24-hour, economy-class, middle-seatexperiences. This naturally leads to a set of mixed feelings. LCA hasalways put a priority on interesting keynote talks, and that has carriedover into the online event; the opening keynote for LCA 2022 was given byBrian Kernighan. Despite being seen as a founder of our community,Kernighan is rarely seen at Linux events; he used his LCA keynote toreminisce for a while on where Unix came from and what its legacy is.
Greg Kroah-Hartman has announced the release of the 5.16.1, 5.15.15, 5.10.92, and 5.4.172 stable kernels. They contain arelatively small set of important fixes; users should upgrade.
Security updates have been issued by Debian (chromium, firefox-esr, ghostscript, libreswan, prosody, sphinxsearch, thunderbird, and uriparser), Fedora (cryptsetup, flatpak, kernel, mingw-uriparser, python-celery, python-kombu, and uriparser), Mageia (htmldoc, mbedtls, openexr, perl-CPAN, systemd, thunderbird, and vim), openSUSE (chromium and prosody), Red Hat (httpd, kernel, and samba), Scientific Linux (kernel), Slackware (expat), SUSE (ghostscript), and Ubuntu (pillow).
The ongoing memory folio work has causedripples through much of the kernel and inspired a few side projects, one ofwhich was the removal of slab-specificfields from struct page. That work has been pulled into themainline for the 5.17 kernel release; it is thus a good time to catch upwith the status of struct slab and why this work is important.
Security updates have been issued by Debian (firefox-esr), Fedora (cockpit, python-cvxopt, and vim), openSUSE (libmspack), Oracle (webkitgtk4), Scientific Linux (firefox and thunderbird), SUSE (kernel and libmspack), and Ubuntu (firefox and pillow).
As of this writing, just short of 7,000 non-merge commits have been pulledinto the mainline kernel repository for the 5.17 release. The changespulled thus far bring new features across the kernel; read on for a summaryof what has been merged during the first half of the 5.17 merge window.
Security updates have been issued by Debian (epiphany-browser, lxml, and roundcube), Fedora (gegl04, mingw-harfbuzz, and mod_auth_mellon), openSUSE (openexr and python39-pip), Oracle (firefox and thunderbird), Red Hat (firefox and thunderbird), SUSE (apache2, openexr, python36-pip, and python39-pip), and Ubuntu (apache-log4j1.2, ghostscript, linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, and systemd).
The deadlinesfor various kinds of Fedora 36 change proposals have mostly passed atthis point, which led to something of a flurry of postings to thedistribution's devel mailing list over the last month. One of those, for a seemingly fairlyinnocuous relocation of the RPM database from /var to/usr, came in right at the buzzer for system-wide changes onDecember 29. There were, of course, other things going on around thattime, holidays, vacations, and so forth, so the discussion was relativelymuted until recently. Proponents have a number of reasons why they would liketo see the move, but there is resistance, as well, that is due, at least in part, to thelongstanding "tradition" of the location for the database.
Security updates have been issued by Debian (cfrpki, gdal, and lighttpd), Fedora (perl-CPAN and roundcubemail), Mageia (firefox), openSUSE (jawn, kernel, and thunderbird), Oracle (kernel, openssl, and webkitgtk4), Red Hat (cpio, idm:DL1, kernel, kernel-rt, openssl, virt:av and virt-devel:av, webkit2gtk3, and webkitgtk4), Scientific Linux (openssl and webkitgtk4), SUSE (kernel and thunderbird), and Ubuntu (apache-log4j2, ghostscript, and lxml).
Enterprise distributions are famous for maintaining the same versions ofsoftware throughout their, normally five-year-plus, support windows. Butmany of the projects those distributions are based on have far shortersupport periods; part of what the enterprise distributions sell is patchingover those mismatches. But openSUSE Leap is not exactly anenterprise distribution, so some users are chafing under the restrictionsthat come from Leap being based on SUSE Enterprise Linux (SLE). Inparticular, shipping Python 3.6, which reached its end of life at theend of 2021, is seen as problematic for the upcoming Leap 15.4 release.
The5.15.14,5.10.91,5.4.171,4.19.225,4.14.262,4.9.297, and4.4.299 stable kernel updates have all beenreleased; each contains another set of important fixes.
The GTK-based Anaconda installer has long been used to set up Fedora,CentOS, and RHEL systems. This Fedora Community Blog entry describessome significant changes that will appear in a future version ofAnaconda:
The 5.16 kernel was releasedon January 9, as expected. This development cycle incorporated 14,190changesets from 1,988 developers; it was thus quite a bit busier than its predecessor, and fairly typical for recent kernel releases in general. Anew release means that the time has come to have a look at where thosechanges came from.
Bleeping Computer reportson the latest NPM mess: the developer of the "faker" module deleted thecode and it's development history from GitHub (with a force push), replacedit with a malicious alternative, and broke dependencies for numerousapplications.
Security updates have been issued by Debian (ghostscript and roundcube), Fedora (gegl04, mbedtls, and mediawiki), openSUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container and libvirt), and Ubuntu (apache2).
Linus Torvalds has released the 5.16kernel, as expected. Significant changes in 5.16 includethe futex_waitv() system call,cluster-aware CPU scheduling,some internal memcpy() hardening,memory folios,the DAMON operating schemesuser-space memory-management mechanism,and much more. See the LWN merge-window summaries(part 1,part 2) and the KernelNewbies 5.16 page fordetails.
Linux Mint has announced its 20.3 ("Una") release for three different desktop environments: the Cinnamon, MATE, and Xfce editions. Mint 20.3 is a long-term support release, with support lasting until 2025. Each edition comes with a long list of new features (Cinnamon, MATE, and Xfce) and detailed release notes (Cinnamon, MATE, and Xfce).
Linux supports processor architectures where CPUs in the same systemmight have different processing capacities; for example, the Arm big.LITTLEsystems combine fast, power-hungry CPUs with slower, more efficientones. Linux has also run for years on simultaneousmultithreading (SMT) architectures, where one CPU executes multipleindependent execution threads and is seen as if it were multiple cores.There are architectures that mix both approaches. A recent discussionon a patchset submitted by Ricardo Neri shows that, on these systems, thescheduler might distribute tasks in an inefficient way.
Security updates have been issued by Debian (sphinxsearch), Fedora (chromium and vim), Red Hat (rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and Ubuntu (apache2 and webkit2gtk).
The Unix signalinterface is complex and hard to work with; some developers have argued that its design is"unfixable". So when Walt Drummond proposedincreasing the number of signals that Linux systems could manage, eyebrowscould be observed at increased altitude across the Internet. The proposedincrease seems unlikely to happen, but the underlying goal — to support adecades-old feature from other operating systems — may yet become areality.
LWN.net