Version 5.0 LTS of the LXD container-management system has been released.This is a long-term-support release, which will be supported into 2027.New features include disk and USB hotplug support, the ability to startwith degraded networking, and more; see thisforum post for more information.
Security updates have been issued by Arch Linux (polkit, postgresql, and zlib), openSUSE (389-ds and opera), Red Hat (kpatch-patch), SUSE (389-ds and util-linux), and Ubuntu (waitress).
On his blog, Stefan Behnel writes about the 20th anniversary of Cython, which is a compiler for Python extensions written in C, for wrapping C libraries in order to provide Python bindings for them, and for embedding Python into other applications. It is used by NumPy, scikit-learn (and other scikit-* extensions), pandas, and more.
Version 4.1.0 of the Claws Mail email client is out. New features includetext zooming in the message view, improvements to a number of preferences,a "keyword warner" plugin to give a warning before sending a messagecontaining any (user-defined) keywords, and more.
Linus Torvalds released the 5.18-rc1 kernel prepatch onApril 3, after having pulled 13,207 non-merge changesets into themainline repository. This merge window has thus not only been turbulent, with a significant number of regressions and refused pullrequests, it has also been relatively busy. Just over 9,000 of thosechangesets were pulled after the first 5.18merge window summary was written; the time has come to catch up withthe remainder of changes merged for this development cycle.
Security updates have been issued by Debian (asterisk, qemu, and zlib), Fedora (389-ds-base, ghc-cmark-gfm, ghc-hakyll, gitit, libkiwix, openssl, pandoc, pandoc-citeproc, patat, phoronix-test-suite, seamonkey, and skopeo), Mageia (libtiff, openjpeg2, and php-smarty), openSUSE (python), Oracle (httpd), Red Hat (httpd), and SUSE (libreoffice, python, and python36).
Linus has released 5.18-rc1 and closed themerge window for the 5.18 release. "In fact, at least in purecommits, this has been a bigger merge window than we've had in sometime. But let's hope it's all smooth sailing this release." In theend, 13,207 non-merge changesets were merged during this merge window.
On his blog, Antoni Boucher updates the status of rustc_codegen_gcc, which "is a GCC codegen for rustc, meaning that it can be loaded by the existing rustc frontend, but benefits from GCC by having more architectures supported and having access to GCC’s optimizations". A significant milestone has been reached: "the GCC codegen has made enough progress to be able to compile rustc itself". For the Rust programming language, rustc is the standard compiler, so this work will eventually allow programs to be built for a number of architectures that are not supported by rustc. He also made progress beyond just building the compiler as he "was able to compile rustc using the GCC codegen and use the resulting rustc to compile a Hello World".
In theory, direct memory access (DMA) operations are simple to understand;a device transfers data directly to or from a memory buffer managed by theCPU. Almost all contemporary devices perform DMA, since it would not bepossible to obtain the needed performance without it. Like so many things,DMA turns out to be a bit more complicated in practice. That complexityled to an erroneous patch, intended to improve security, breaking DMA forsome devices in 5.17 and some stable kernels.
"Control-flow integrity" (CFI) is a set of technologies intended to preventan attacker from redirecting a program's control flow and taking it over.One of theapproaches taken by CFI is called "indirect branch tracking" (IBT); itspurpose is to prevent an attacker from causing an indirect branch (afunction call via a pointer variable, for example) to go to an unintendedplace. IBT for Intel processors has been under development for some time;after an abrupt turn, support for protecting the kernel with IBT has beenmerged for the upcoming 5.18 release.
A query regarding the possibility of dropping support for older kernels in systemd ledto some discussion on the systemd-devel mailing list recently. As might beguessed, exactly which kernel would be the minimumsupported, what kernel features systemd is using, and when those kernelfeatures became available, were all part of that conversation.A component like systemd that is closely tied to the kernel, and the interfacesdifferent versionsprovide, has a number of different factors to consider when making adecision of this sort.
The openSUSE project has announcedthe adoption of a newcode of conduct:"We hope that by having a clear and concise Code of Conduct for theproject, the openSUSE Community can continue to grow and prosper inthe years to come".
Security updates have been issued by CentOS (expat, firefox, httpd, openssl, and thunderbird), Debian (cacti), Fedora (kernel, rsh, unrealircd, and xen), Mageia (kernel and kernel-linus), openSUSE (apache2, java-1_8_0-ibm, kernel, openvpn, and protobuf), Oracle (openssl), Red Hat (httpd:2.4, kernel, kpatch-patch, and openssl), SUSE (apache2, java-1_7_1-ibm, java-1_8_0-ibm, kernel, openvpn, protobuf, and zlib), and Ubuntu (chromium-browser and paramiko).
In mid-February, we reported on the plan tounite the two kernel devices that provide random numbers;/dev/urandom was to effectively just be another way to access therandom numbers provided by /dev/random. That change made it asfar as the mainline during the Linux 5.18 merge window, but it wasquickly reverted when problems were found. It may be possible todo that unification someday, but, for now, there are environments that needtheir random numbers early on—without entropy or the "Linus jitter dance"being available on the platform.
Security updates have been issued by Debian (libdatetime-timezone-perl, pjproject, and tzdata), Mageia (chromium-browser-stable, docker, graphicsmagick, and libtiff), Oracle (expat), Red Hat (expat, httpd:2.4, openssl, and screen), Scientific Linux (expat and openssl), and Ubuntu (libtasn1-6, linux-oem-5.14, openjdk-lts, and paramiko).
Anew set of vulnerabilities has been disclosed in the nftablessubsystem; these lead fairly easily to a local system compromise, on someconfigurations at least. Fixes for these vulnerabilities were present inthe March 28 stable updates; upgradingseems like a good idea.
Pointers are a fact of life for developers working in numerous languages.It is often convenient to be able to associate a small amount — a few bits at most — of ancillary information with a pointer.This can often be done within the pointer value itself with some carefulmasking and shifting. CPU manufacturers have been adding ways to supportthe addition of this sort of "tag" to pointers; the most recent may beAMD's "upper address ignore" (UAI) feature, support for which wasrecently postedby Bharata B Rao. This feature has an uncertain future in Linux, though,as the result of a fundamental design decision.
The Debian project has been voting on a generalresolution that would allow secret voting on future issues. The results havebeen posted in unofficial form, and the winner was "proposal B": "Hide identities ofDevelopers casting a particular vote and allow verification". One mightthink that closes the discussion, but Debian project leader candidate FelixLechner is questioningthe election and calling for it to be redone — something that theDebian constitution lacks provisions for.
Greg Kroah-Hartman has announced the release of new stable kernels: 5.17.1, 5.16.18, 5.15.32, 5.10.109, 5.4.188, 4.19.237, 4.14.274, and 4.9.309. They contain a relatively small setof important fixes throughout the three; users of those series should upgrade.
Security updates have been issued by Debian (chromium and faad2), Fedora (dotnet3.1, libass, linux-firmware, python-paramiko, seamonkey, and xen), openSUSE (perl-DBD-SQLite and wavpack), Slackware (seamonkey), SUSE (perl-DBD-SQLite and wavpack), and Ubuntu (binutils, python2.7, python3.4, python3.5, python3.6, python3.8, and smarty3).
As of this writing, 4,127 non-merge changesets have found their way intothe mainline repository for the 5.18 development cycle. That may seem likea relatively slow start to the merge window, but there are a lot of changespacked into those commits. Read on for a summary of the mostsignificant changes to land in the first half of the 5.18 merge window.
Security updates have been issued by Debian (tiff), Fedora (nicotine+ and openvpn), openSUSE (bind, libarchive, python3, and slirp4netns), Oracle (cyrus-sasl, httpd, httpd:2.4, and openssl), Red Hat (httpd and httpd:2.4), Scientific Linux (httpd), SUSE (bind, libarchive, python3, and slirp4netns), and Ubuntu (firefox).
Over on the Collabora blog, Jason Ekstrand has a detailed look at writing a Vulkan graphics driver in today's world. "Not only has Vulkan grown, but Mesa has as well, and we've built up quite a suite of utilities and helpers for making writing Vulkan drivers easier." The blog post takes the form of a tutorial of sorts, though the end result is not a functioning Vulkan driver, the framework of one is shown.
The a.out executableformat dates back to the earliest days of Linux — and before. It hasnot been used in any serious way for decades, but support still exists inthe Linux kernel and has resisted all attempts at its removal. Back inJanuary, Borislav Petkov tried yetagain to delete support for this format, leading to another extendeddiscussion. There is one difference this time around, though: the effortto get rid of a.out support might just succeed.
Security updates have been issued by Debian (php-twig), Mageia (abcm2ps, libpano13, and pesign), openSUSE (nextcloud and xen), Oracle (kernel, kernel-container, and openssl), SUSE (java-1_7_1-ibm and xen), and Ubuntu (linux-oem-5.14, openvpn, and thunderbird).
A recent discussion on the python-ideas mailing list gives some insightinto how to—or how not to—propose a feature to be added to the language. At firstblush, adding a method to Python's immutable tupletype for replacing one of its elements is not a particularly strange idea,nor one that would cause much in the way of backward-compatibilityconcerns. Even though there was some evidence offered that such a method might beuseful, it seems pretty unlikely that the idea will go anywhere, at leastin part because of the repetitive, bordering on aggressive, manner in which itsbenefits were argued.
Security updates have been issued by Mageia (cyrus-sasl, openssl, sphinx, and swtpm), openSUSE (qemu), Red Hat (expat, rh-mariadb103-mariadb, and rh-mariadb105-mariadb), SUSE (apache2, binutils, java-1_7_0-ibm, kernel-firmware, nodejs12, qemu, and xen), and Ubuntu (ckeditor and linux, linux-aws, linux-kvm, linux-lts-xenial).
Three candidates have thrown their hat into the ring as candidates for the2022 Debian projectleader (DPL) election. One is Jonathan Carter, who is now in hissecond term as DPL, while the other two are Felix Lechner and HidekiYamane. As is the norm, the candidates self-nominated during thenomination period and are now in the campaigning phase until April 1.The vote commences April 2 and runs for two weeks; the results will beannounced shortly thereafter and the new DPL term will start onApril 21. The candidates have put out platforms and are fieldingquestions from the voters, Debian developers, thus it seems like a goodtime to look in on the election.
As part of the response to last year's UMNfiasco, Kees Cook and a group of collaborators have put together a setof guidelines for researchers who are studying how the kernel-developmentcommunity (or any development community, really) works. That document hasjust been merged intothe mainline as part of the 5.18 merge window.
MIT Technology Review has takena brief look at open-source projects that have added changes protestingthe war in Ukraine and drawn some questionable conclusions:
At the conclusion of the 5.17 development cycle, 13038 non-mergechangesets had found their way into the mainline repository. That is alower level of activity than was seen for 5.16 (14,190 changesets) but wellabove 5.15 (12,337). In other words, this was a fairly typical kernelrelease. That is true in terms of where the work that made up the releasecame from as well.
Security updates have been issued by Debian (bind9, chromium, libgit2, libpano13, paramiko, usbredir, and wordpress), Fedora (expat, kernel, openexr, thunderbird, and wordpress), openSUSE (chromium, frr, and weechat), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), SUSE (frr), and Ubuntu (imagemagick).
Over on the Software FreedomConservancy blog, Bradley M. Kuhn considersthe question of the interaction between copyleft and the "ethical source" effort that seeks touse copyleft-like licensing to bring about additional changes, beyond justsoftware freedom; the HippocraticLicense is an example of such a license. In his view, copyleft andethical software are not really compatible, even though many infree-software world (including Kuhn) are highly sympathetic to the goals,especially in light of the recent invasion of Ukraine by Russia.
Jason Donenfeld has published a lengthy look at the changes to the Linux random-number generator (RNG) for Linux 5.17 and the upcoming 5.18 kernel. It covers his efforts "to modernize both the code and the cryptography used" and also peers into the future for changes that may be coming.
LWN.net