LWN.net

Paul McKenney has started a blog series on Rust for the Linux kernel. He has posted six of a planned 11 articles, though several are labeled as "under construction".

Much of the free-software development world has adopted Git forges (such asGitHub, GitLab, or sourcehut) with enthusiasm. The kernel community hasnot. Reasons for that reticence vary, but one that is often heard is thatthese forges simply don't work well at the scale needed for the kernelproject. At aKernel-Summit session during the 2021 Linux Plumbers conference, Donald Zickus and Prarit Bhargava sought toshow how Red Hat has put GitLab to good use to support its kernel team.Not only can these forges work for kernel development, they said, butmoving to a forge can bring a number of advantages.

Security updates have been issued by Debian (curl, krb5, openssl1.0, and taglib), Fedora (cifs-utils), SUSE (libqt5-qtbase and rubygem-activerecord-4_2), and Ubuntu (linux-raspi, linux-raspi-5.4 and linux-raspi2).

Adrian Ratiu writeson the Collabora blogabout the challenges that face developers trying to build the GNU CLibrary with the LLVM compiler.

James Bottomley explainshow the integration of Matrix and BigBlueButton was done for thejust-concluded Linux Plumbers Conference.

The term "interrupt" brings to mind a signal that originates in thehardware and which is handled in the kernel; even software interrupts are akernel concept. But there is, it seems, a use case for enabling user-spaceprocesses to send interrupts directly to each other. An upcoming Intelprocessor generation includes support for this capability; at the 2021 Linux Plumbers Conference,Sohil Mehta ran aKernel-Summit session on how Linux might support that feature.

Stable kernels 5.14.9, 5.10.70, and 5.4.150 have been released with the usual setof important fixes. Users of those series should upgrade.

Security updates have been issued by Debian (libxstream-java, uwsgi, and weechat), Fedora (libspf2, libvirt, mingw-python3, mono-tools, python-flask-restx, and sharpziplib), Mageia (gstreamer, libgcrypt, libgd, mosquitto, php, python-pillow, qtwebengine5, and webkit2), openSUSE (postgresql12 and postgresql13), SUSE (haproxy, postgresql12, postgresql13, and rabbitmq-server), and Ubuntu (commons-io and linux-oem-5.13).

Version 14 of the PostgreSQL relational database manager is out.

The LWN.net Weekly Edition for September 30, 2021 is available.

Work toward the signing of BPF programs hasbeen finding its way into recent mainline kernel releases; it is intendedto improve security by limiting the BPF programs that can be successfullyloaded into the kernel. As John Fastabend described in his "Watchingthe super powers" session at the 2021 Linux Plumbers Conference,this new feature has the potential to completely break his tools. Butrather than just complain, he decided to investigate solutions; the resultis an outline for an auditing mechanism that brings greater flexibility tothe problem of controlling which programs can be run.

Security updates have been issued by Fedora (iaito, libssh, radare2, and squashfs-tools), openSUSE (hivex, shibboleth-sp, and transfig), SUSE (python-urllib3 and shibboleth-sp), and Ubuntu (apache2, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, and linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11).

A controversy about the handling of the Time Zone Database (tzdb) hasbeen brewing since May, but has come to a head in recent weeks. Changes that were proposed to simplify the main database file have someconsequences in terms of time-zone history and changes to therepresentation of some zones. Those changes have upset a number of usersof the database—to the point where some have called for a fork. A September 25 release of tzdb with some, but notall, of the changes seems unlikely to resolve the conflict.

The Free Software Foundation Europe (FSFE) is organizing the codingcompetition "Youth Hacking 4 Freedom" (YH4F) for European teenagers(14-18). Six winners will receive a cash prize and a trip to Brussels.There will be an opening event October 10 and registration will remain openuntil October 31.

Security updates have been issued by CentOS (kernel), openSUSE (gd, grilo, nodejs14, and transfig), Oracle (nodejs:14 and squid), Red Hat (kernel and shim and fwupd), SUSE (apache2, atftp, gd, and python-Pillow), and Ubuntu (apache2, linux, linux-aws, linux-aws-5.11, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, and vim).

The Kernel Maintainers Summit is an invitation-only gathering of top-levelkernel subsystem maintainers; it is concerned mostly with process-orientedissues that are not easily worked out on the mailing lists. There was nomaintainers summit in 2020; plans had been made to hold it in an electronicform, but there turned out to be a lack of things to talk about. In 2021,though, a number of interesting topics turned up, so an online gatheringwas held on September 24 as part of the Linux Plumbers Conference.Read on for a summary of the discussions held at this year's Summit.

Security updates have been issued by Debian (kernel, libxml-security-java, and openssl), Fedora (fetchmail and python-rsa), openSUSE (grafana-piechart-panel and opera), and Red Hat (nodejs:14).

The third 5.15 kernel prepatch is out fortesting. "So after a somewhat rocky merge window and second rc,things are now actually looking pretty normal for rc3. Knock wood".

The5.14.8,5.10.69,5.4.149,4.19.208,4.14.248,4.9.284, and4.4.285stable kernels have all been released; each contains another set ofimportant fixes.

The 2021 election for the Linux Foundation's Technical Advisory boardresulted in all five incumbent members (Greg Kroah-Hartman, JonathanCorbet, Steven Rostedt, Ted Ts'o, and Sasha Levin) being re-elected. Of the1,012 developers authorized to vote, 237 actually cast ballots.

It has often been said that the competition between the GCC and LLVMcompilers is good for both of them. One place where that competition shows up is in the area of security features; if one compiler adds a way toharden programs, the other is likely to follow suit. QingZhao's session at the 2021Linux Plumbers Conference told the story of how GCC successfully playedcatch-up for two security-related features that were of special interest tothe kernel community.

The GNU Core Utilities (coreutils) has announced the release of version 9.0 of "the basic file, shell and text manipulation utilities" used by the GNU operating system and various Linux distributions. In the year and a half or so since the last major release (8.32), various new features were added, including:

Security updates have been issued by Debian (mupdf), Fedora (ghostscript, gifsicle, and ntfs-3g), openSUSE (kernel and nodejs14), and SUSE (curl, ffmpeg, gd, hivex, kernel, nodejs14, python-reportlab, sqlite3, and xen).

Here's alengthy missive from Lennart Poettering taking Linux distributors totask for inadequately protecting systems from physical attacks.

For the second year in a row, the GNU Tools Cauldron (the annual gatheringof GNU toolchain developers) has been held as a dedicated track at theonline Linux PlumbersConference. For the 2021 event, that track started with a talk byDavid Malcolm on his work with the GCC -fanalyzer option, whichprovides access to a number of static-analysis features. Quite a bit hasbeen happening with -fanalyzer and more is on the way with theupcoming GCC 12 release, including, possibly, a set of checks thathave already found at least one vulnerability in the kernel.

Security updates have been issued by Debian (ruby-kaminari and tomcat8), Mageia (389-ds-base, ansible, apache, apr, cpio, curl, firefox, ghostscript, gifsicle, gpac, libarchive, libgd, libssh, lynx, nextcloud-client, openssl, postgresql, proftpd, python3, thunderbird, tor, and vim), openSUSE (chromium, ffmpeg, grilo, hivex, linuxptp, and samba), Oracle (go-toolset:ol8, kernel, kernel-container, krb5, mysql:8.0, and nodejs:12), SUSE (ffmpeg, firefox, grilo, hivex, kernel, linuxptp, nodejs14, and samba), and Ubuntu (ca-certificates, edk2, sqlparse, and webkit2gtk).

The LWN.net Weekly Edition for September 23, 2021 is available.

Over at the Guix-HPC blog, Ludovic Courtès writes about trying to package the PyTorch machine-learning library for the Guix distribution. Building from source in a user-verifiable manner is part of the philosophy behind Guix, but there were a number of problems that were encountered:

A few weeks ago, Matthew Wilcox might have guessed that his sessionat the 2021 LinuxPlumbers Conference would be focused rather differently. But, as we reported earlier in September, his folio patch set ran into some, perhapsunexpected, opposition and, ultimately, did not land in the mainline for5.15. Instead of discussing how to use folios as partof the FileSystems microconference, he led a discussion that was, at least in part, on thepath forward for them.

The GNOME project has announced therelease of GNOME 41.

Craig Kerstiens highlightssome of the "little things" featured in the upcoming PostgreSQL 14release.

The Google security blog providesan overview of what is being done to address memory-safety problems inthe Chrome browser.

Stable kernels 5.14.7, 5.10.68, 5.4.148, 4.19.207, 4.14.247, 4.9.283, and 4.4.284 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (grilo), Fedora (curl, firefox, mingw-python-pillow, python-pillow, python2-pillow, and webkit2gtk3), openSUSE (chromium, grafana-piechart-panel, kernel, libcroco, php-composer, and xen), Oracle (curl, kernel, and nss and nspr), Red Hat (nodejs:12), Slackware (alpine), SUSE (ghostscript, grafana-piechart-panel, kernel, and xen), and Ubuntu (linux, linux-hwe, linux-hwe-5.11, linux-hwe-5.4, linux-raspi, linux-raspi-5.4, and linux-raspi2).

Alyssa Rosenzweig reportsthat the open-source Panfrost driver for Mali GPUs has achieved officialconformance on Mali-G52 for OpenGL ES 3.1.

Middleboxes are,unfortunately in many ways, a big part of today's internet. While middleboxesinhabit the same physical niche as routers, they are not aimed at packet forwarding;instead they are meant to monitor and manipulate the packets that theysee. The effects of those devices on users of the networks they reign over may beunfortunate as well, but the rest of the internet is only affected whentrying to communicate with those users—or so it was thought. Based on somerecently reported research, it turns out that middleboxes can be abused to inflict denial-of-service (DoS) attacks elsewhere on the net.

Security updates have been issued by Debian (webkit2gtk, wpewebkit, and xen), Oracle (kernel), Red Hat (curl, go-toolset:rhel8, krb5, mysql:8.0, nodejs:12, and nss and nspr), and Ubuntu (curl and tiff).

Ben Hoyt has published a criticaloverview of the Python 3.10 pattern-matching feature.

The first day of the Kangrejos (Rust for Linux) conferenceintroduced the project and what it was trying to accomplish; day 2 covered a number of core Rustconcepts and their relevance to the kernel. On the third and final day ofthe conference, Wedson Almeida Filho delved deeper into how Rust can bemade to work in the Linux kernel, covered some of the lessons that have beenlearned so far, and discussed next steps with a number of kerneldevelopers.

Security updates have been issued by Debian (gnutls28, nettle, nextcloud-desktop, and openssl1.0), Fedora (dovecot-fts-xapian, drupal7, ghostscript, haproxy, libtpms, lynx, wordpress, and xen), openSUSE (xen), Red Hat (rh-ruby27-ruby), and SUSE (openssl, openssl1, and xen).

The 5.15-rc2 kernel prepatch is out fortesting.

The relatively large5.14.6,5.13.19, and5.10.67stable kernel updates have been released; each contains another set ofimportant fixes. Note that this is the final update for the 5.13.xseries.

Here's apost from Christian Schaller describing a number of thedesktop-oriented improvements that can be expected in the Fedora 35release.

Ariadne Conill looksat the difficulties caused by the OpenSSL 3 transition in thecontext of Alpine Linux.

The first day of the online Kangrejos conference was focused onintroducing the effort to bring the Rust programming language into the Linux kernel. On the second day, conference organizer Miguel Ojeda shiftedto presenting the Rust language itself with an emphasis on what Rust canprovide for kernel development. The result was a useful resource foranybody who is curious about this project, but who has not yet had the timeto become familiar with Rust.

Security updates have been issued by CentOS (firefox and thunderbird), Fedora (haproxy, wordpress, and xen), openSUSE (apache2-mod_auth_openidc, fail2ban, ghostscript, haserl, libcroco, nextcloud, and wireshark), Oracle (kernel and kernel-container), Slackware (httpd), SUSE (crmsh, gtk-vnc, libcroco, Mesa, postgresql12, postgresql13, and transfig), and Ubuntu (libgcrypt20, linux-gcp, linux-gcp-4.15, linux-hwe-5.4, linux-oem-5.13, python3.4, python3.5, and qtbase-opensource-src).

Four new stable kernels, 5.14.5, 5.13.18, 5.10.66, and 5.4.147, have been released.

Thisars technica article describes a problem with the Traviscontinuous-integration service:

The first ever Rust for Linux conference, known as Kangrejos, got underway onSeptember 13. Organizer Miguel Ojeda used the opening session to givean overview of why there is interest in using Rust in the kernel, where thechallenges are, and what the current status is. The talk and followingdiscussion provided a good overview of what is driving this initiative andwhere some of the sticking points might be.

Security updates have been issued by Debian (sssd), Fedora (libtpms and vim), openSUSE (kernel and php7-pear), Oracle (kernel), Slackware (curl), and Ubuntu (libgcrypt20 and squashfs-tools).