The 5.16 kernel was releasedon January 9, as expected. This development cycle incorporated 14,190changesets from 1,988 developers; it was thus quite a bit busier than its predecessor, and fairly typical for recent kernel releases in general. Anew release means that the time has come to have a look at where thosechanges came from.
Bleeping Computer reportson the latest NPM mess: the developer of the "faker" module deleted thecode and it's development history from GitHub (with a force push), replacedit with a malicious alternative, and broke dependencies for numerousapplications.
Security updates have been issued by Debian (ghostscript and roundcube), Fedora (gegl04, mbedtls, and mediawiki), openSUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container and libvirt), and Ubuntu (apache2).
Linus Torvalds has released the 5.16kernel, as expected. Significant changes in 5.16 includethe futex_waitv() system call,cluster-aware CPU scheduling,some internal memcpy() hardening,memory folios,the DAMON operating schemesuser-space memory-management mechanism,and much more. See the LWN merge-window summaries(part 1,part 2) and the KernelNewbies 5.16 page fordetails.
Linux Mint has announced its 20.3 ("Una") release for three different desktop environments: the Cinnamon, MATE, and Xfce editions. Mint 20.3 is a long-term support release, with support lasting until 2025. Each edition comes with a long list of new features (Cinnamon, MATE, and Xfce) and detailed release notes (Cinnamon, MATE, and Xfce).
Linux supports processor architectures where CPUs in the same systemmight have different processing capacities; for example, the Arm big.LITTLEsystems combine fast, power-hungry CPUs with slower, more efficientones. Linux has also run for years on simultaneousmultithreading (SMT) architectures, where one CPU executes multipleindependent execution threads and is seen as if it were multiple cores.There are architectures that mix both approaches. A recent discussionon a patchset submitted by Ricardo Neri shows that, on these systems, thescheduler might distribute tasks in an inefficient way.
Security updates have been issued by Debian (sphinxsearch), Fedora (chromium and vim), Red Hat (rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and Ubuntu (apache2 and webkit2gtk).
The Unix signalinterface is complex and hard to work with; some developers have argued that its design is"unfixable". So when Walt Drummond proposedincreasing the number of signals that Linux systems could manage, eyebrowscould be observed at increased altitude across the Internet. The proposedincrease seems unlikely to happen, but the underlying goal — to support adecades-old feature from other operating systems — may yet become areality.
The OpenSSH suite of tools forsecure remote logins is used widely within our communities; it alsounderlies things like remote Git repository access.A recent experimental feature for the upcoming OpenSSH 8.9 releasewill help close a security hole that can be exploited by attacker-controlled SSH servers (e.g. sshd) when the user is forwardingauthentication to a local ssh-agent. Insteadof allowing the keys held in the agent to be used for authenticating to anyhost where they might work, SSH agent restriction will allow users to specify where and how those keys can beused.
The5.15.13,5.10.90,5.4.170,4.19.224,4.14.261,4.9.296, and4.4.298stable kernel updates have all been released. These medium-size updatesall contain another set of important fixes.
Security updates have been issued by CentOS (xorg-x11-server), Debian (apache2), openSUSE (libvirt), Oracle (grafana, qemu, and xorg-x11-server), Red Hat (idm:DL1, samba, and telnet), SUSE (libvirt), and Ubuntu (python-django).
File-integrity management for the Fedora distributionhas been the overarching theme of a number of different feature proposalsover the last year or so. In general, they have been met with skepticism,particularly with regard to how well the features mesh with Fedora'sgoals, but also in how they will change the process of building RPMpackages. A new proposal that would allow systems to (optionally) perform remoteattestation is likewise encountering headwinds; there are severaldifferent concerns being raised in the discussion of it.
Version 1.22.0 of the NumPy scientific computing module is out."NumPy 1.22.0 is a big release featuring the work of 153contributors spread over 609 pull requests. There have been manyimprovements". Those improvements include the "essentiallycomplete" annotation of the main namespace, a preliminary version ofthe proposed Array API, and more.
It is 2022 already, and that can only mean one thing: it's time for youreditor to make a (bigger) fool of himself by posting a set ofpredictions for what may come in the new year. One should never pass up anopportunity for a humbling experience, after all. There can be no doubtthat interesting things will happen this year; let's see how many randomdarts thrown in that direction can hit close to the mark.
Longtime GnuPG maintainer Werner Koch has posted an update on the project,mostly focused on the new associated "GnuPG VS-Desktop" business that is,it seems, going quite well:
Security updates have been issued by Debian (thunderbird), Fedora (kernel, libopenmpt, and xorg-x11-server), Mageia (gegl, libgda5.0, log4j, ntfs-3g, and wireshark), openSUSE (log4j), and Red Hat (grafana).
Kernel developer Ingo Molnar has been quiet for a while; now we know why.He has just announced a massiveset of patches (touching over half of the files in the kernel tree)reworking how header files are handled.
The eighth and final 5.16 kernel prepatchis out for testing. "Please, as you emerge from your holiday-inducedfood coma, do give it a quick test so that we can all be happy about thefinal release next weekend".
Version1.0 of the GNOME libadwaita library is out; this will be of interest toGNOME application developers. "Libadwaita is a library implementingthe GNOME HIG, complementing GTK. For GTK 3 this role has increasingly beenplayed by Libhandy, and so Libadwaita is a direct Libhandysuccessor."
Security updates have been issued by Debian (agg, aria2, fort-validator, and lxml), Fedora (libgda, pgbouncer, and xorg-x11-server-Xwayland), Mageia (calibre, e2guardian, eclipse, libtpms/swtpm, nodejs, python-lxml, and toxcore), openSUSE (c-toxcore, gegl, getdata, kernel-firmware, log4j, postrsd, and privoxy), and SUSE (gegl).
When the goal is to push bits over the network as fast as the hardware cango, any overhead hurts. The cost of copying data to be transmittedfrom user space into the kernel can be especially painful; it adds latency,takesvaluable CPU time, and can be hard on cache performance. So it isunsurprising that the developers working with io_uring, which is all about performance, haveturned their attention to zero-copy network transmission. Thispatch set from Pavel Begunkov, now in its second revision, looks to besignificantly faster than the MSG_ZEROCOPY option supported by currentkernels.
Security updates have been issued by Debian (advancecomp, apache-log4j2, postgis, spip, uw-imap, and xorg-server), Mageia (kernel and kernel-linus), Scientific Linux (log4j), and SUSE (kernel-firmware and mariadb).
The5.15.12,5.10.89,5.4.169,4.19.223,4.14.260,4.9.295, and4.4.297stable kernel updates have all been released. These should be the lastupdates for this year; as usual, they all contain more important fixes andupdates.
Security updates have been issued by Debian (firefox-esr, python-gnupg, resiprocate, and ruby-haml), Fedora (mod_auth_mellon), openSUSE (thunderbird), Slackware (wpa_supplicant), and SUSE (gegl).
The kernel's thread model is relatively straightforward and performsreasonably well, but that's not enough for all users. Specifically, thereare use cases out there that benefit from a lightweight threading modelthat gives user space control over scheduling decisions. Back in May 2021,Peter Oskolkov posted a patch set implementing an abstraction known as user-managedconcurrency groups, or UMCG. Several revisions later, many observersstill lack a clear idea of what this patch is supposed to do, much lesswhether it is a good idea for the kernel. Things have taken a turn,though, with Peter Zijlstra's reimplementationof UMCG.
Security updates have been issued by Debian (djvulibre, libzip, monit, novnc, okular, paramiko, postgis, rdflib, ruby2.3, and zziplib), openSUSE (chromium, kafka, and permissions), and SUSE (net-snmp and permissions).
The 5.16-rc7 kernel prepatch is out fortesting. "Obviously the holidays are a big reason it's all small, soit's not like this is a sign of us having found all bugs, and we'll keep atthis for at least two more weeks".
Security updates have been issued by Debian (apache-log4j2, libextractor, libpcap, and wireshark), Fedora (grub2, kernel, libopenmpt, log4j, mingw-binutils, mingw-python-lxml, and seamonkey), Mageia (golang, lapack/openblas, and samba), and openSUSE (go1.16, libaom, log4j12, logback, and runc).
The Jami communication tool has released a major new stable version called "Taranis"; the blog post announcement explains: "Taranis, the Gallic and Celtic god of the sky, lightning and thunder, will be the baptismal name of this new version of Jami." The mailing-list announcement describes the tool this way:
Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (httpd and singularity), Mageia (ldns, netcdf, php, ruby, thrift/golang-github-apache-thrift, thunderbird, and webkit2), openSUSE (go1.16, go1.17, libaom, and p11-kit), and SUSE (go1.16, go1.17, htmldoc, libaom, libvpx, logstash, openssh-openssl1, python3, and runc).
Version3.8.0 of the Darktable photo-processing application has been released.Significant changes include a new keyboard shortcut system, a newdiffuse-or-sharpen module, a new "scene-referred" blurs module "tosynthesize motion and lens blurs in a parametric and physically accurateway", support for the Canon CR3 raw format, and more.
Version 5.0 ofthe Krita painting program has been released."This is a huge release, with a lot of new features andimprovements". Changes include a reworkedresource system, dithered gradients, faster color management, a reworkedanimation subsystem, and more; see the release notesfor details.
Security updates have been issued by Debian (openjdk-11), Fedora (keepalived and tang), openSUSE (openssh, p11-kit, runc, and thunderbird), Oracle (postgresql:12, postgresql:13, and virt:ol and virt-devel:ol), Red Hat (rh-maven36-log4j12), and SUSE (ansible, chrony, logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh, openssh, p11-kit, python-Babel, and thunderbird).
It may have seemed questionable at times, but we have indeed survived yetanother year — LWN's 22nd year of publication. That can only mean onething: it is time to take a look back at ourill-advised attempt to make predictions in January and see how it allworked out. Shockingly, some of those predictions were at least partiallyon the mark. Others were ... not quite so good.
Back at the beginning of 2020, it was predicted that retirements would increaseduring this decade. In 2021, the predictionwas that retirements would increase over the next couple of years. It ishappening and LWN is no exception. I am retiring at the end of this yearafter more than 20 years with LWN.So who am I and how did I get here? To some, I'm a name at the bottom ofsome LWN page. To a few, I'm the one that reminds them when their LWN groupsubscription is about to expire. You might have even met me at aconference. Not that I have been to very many. Mostly I tend to be quietlyin the background watching the LWN mailbox, looking for brief items andquotes of the week (sorry I haven't found much lately), proofreadingarticles, managing subscriptions, and more. But I'm older than most of youand this is my last LWN weekly edition. Getting here is a bit of story.
Security updates have been issued by CentOS (firefox, ipa, log4j, and samba), Debian (sogo, spip, and xorg-server), Fedora (jansi and log4j), Mageia (apache, apache-mod_security, kernel, kernel-linus, and x11-server), openSUSE (log4j and xorg-x11-server), Oracle (kernel, log4j, and openssl), and SUSE (libqt4 and xorg-x11-server).
Fedora is among the group of Linux distributions that, by default, lockout the root account such that it does not have a password and cannot belogged into. But, traditionally, "rescue mode" boots the system intosingle-usermode, which requires a root password—difficult to provide if it does not exist. A Fedora proposal to remove the need for the password inthat case, and just drop into a root shell, does not seem likely to go farin that form,but it would seem to have pointed toward some better solutions for theunderlying problem.
Security updates have been issued by Mageia (log4j), openSUSE (chromium, log4j, netdata, and nextcloud), Oracle (kernel and kernel-container), Red Hat (kernel, kernel-rt, log4j, openssl, postgresql:12, postgresql:13, and virt:rhel and virt-devel:rhel), Slackware (httpd), SUSE (xorg-x11-server), and Ubuntu (firefox).
A clarion call from the Electronic Frontier Foundation (EFF) warning about upcoming changes to the Chromebrowser's extension API was not the first such—from the EFF or fromothers. The time of the switch to ManifestV3, as the new API is known, is growing closer; privacy advocates areconcerned that it will preclude a number of techniques that browserextensions use for features like ad and tracker blocking. Part of theconcern stems from the fact that Google is both the developer of a popularweb browser and the operator of an enormous advertising network so itsincentives seem, at least, plausibly misaligned.
LWN.net