LWN.net

The Perl project has announcedthe election of the first steering council to serve under the project's newgovernance rules. Eight candidates put their names in; the winners wereRicardo Signes, Neil Bowers, and Sawyer X.

On November 29, version 1.7 of SymPy, a Python library forsymbolic mathematics, was released. The new version brings a large numberof enhancements and bug fixes, and some minor backwardincompatibilities. While these are enumerated in detail in the releasenotes, we will take advantage of this opportunity to look at some ofthe things that can be done with SymPy and explore its interface optionsthrough several detailed examples.

Security updates have been issued by CentOS (kernel and thunderbird), Debian (openjdk-8 and webkit2gtk), Fedora (gdm, mingw-openjpeg2, and openjpeg2), Mageia (compat-openssl10, golang-googlecode-net, mbedtls, openssl, and virtualbox), openSUSE (ovmf and xen), Red Hat (kernel, mariadb-connector-c, mariadb:10.3, postgresql:10, and postgresql:9.6), and SUSE (ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark, ceph, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-heat-templates, openstack-nova, python-Jinja2, firefox, java-1_7_0-ibm, java-1_7_1-ibm, PackageKit, and thunderbird).

Predictions are hard, as they say, especially when they are about thefuture. So perhaps your editor can be forgiven for not anticipating that2020 would be the sort of year that makes one think nostalgically abouttrips to the dentist, waiting in a crowded motor-vehicle office, orcrossing the Pacific in a row-47 middle seat. If only we had known howgood we had it. Be that as it may, this year is finally coming to an end.Read on for a look back at the year, starting with the ill-advised predictions made in January.

Stable kernels 5.10.2, 5.9.16, and 5.4.85 have been released with importantfixes. This is the last 5.9.y kernel, users should move to 5.10.y at thistime.

Security updates have been issued by Debian (curl, influxdb, lxml, node-ini, php-pear, and postsrsd), Fedora (chromium, curl, firefox, matrix-synapse, mingw-jasper, phpldapadmin, and thunderbird), Mageia (openjpeg2), openSUSE (gcc7, openssh, PackageKit, python-urllib3, slurm_18_08, and webkit2gtk3), Oracle (fapolicydbug, firefox, nginx:1.16, nodejs:12, and thunderbird), Red Hat (libpq, openssl, and thunderbird), and SUSE (curl, firefox, openssh, ovmf, slurm_17_11, slurm_18_08, slurm_20_02, and xen).

Karsten Wade, who has served on the CentOS board among other things, hasposted ablog entry on the CentOS change and its effects on users."Providing our community with a solid, reliable distro that is good-enough for your workloads is a strong part of the CentOS brand. We’re confident that CentOS Stream can do this.And while I’m certain now that CentOS Linux cannot do what CentOS Streamcan to solve the openness gap, I am confident that CentOS Stream can cover95% (or so) of current user workloads stuck on the various sides of theavailability gap. I believe that Red Hat will make solutions available aswell that can cover other sides of the gap without too much user heartburnin the end." He is asking for input on what those solutions shouldlook like.

When Linus Torvalds releasedthe 5.10 kernel, he noted that the 5.11 merge window would run upagainst the holidays. He indicated strongly that maintainers should sendhim pull requests early as a result. Maintainers appear to have listened;over 10,000 non-merge changesets were pulled into the mainline in the firstthree days of the 5.11 merge window. Read on for a summary of the mostsignificant changes in that flood of patches.

Security updates have been issued by Arch Linux (blueman, chromium, gdk-pixbuf2, hostapd, lib32-gdk-pixbuf2, minidlna, nsd, pam, and unbound), CentOS (gd, openssl, pacemaker, python-rtslib, samba, and targetcli), Debian (kernel, lxml, and mediawiki), Fedora (mbedtls), openSUSE (clamav and openssl-1_0_0), Oracle (firefox and openssl), Red Hat (openssl, postgresql:12, postgresql:9.6, and thunderbird), Scientific Linux (openssl and thunderbird), and SUSE (cyrus-sasl, openssh, slurm_18_08, and webkit2gtk3).

Device drivers usually live within a single kernel subsystem. Sometimes,however, developers need to handle functionalities outside of this model.Consider, for example, a network interface card (NIC) exposing both Ethernet andRDMA functionalities. There is one hardware block, but two drivers for thetwo functions. Those drivers need to work within their respectivesubsystems, but they must also share access to the same hardware. There isno standard way in current kernels to connect those drivers together, sodevelopers invent ad-hoc methods to handle the interaction betweenthem. Recently, Dave Ertman posteda patch set introducing a new type of a bus, called the "auxiliary bus", toaddress this problem.

Security updates have been issued by Debian (firefox-esr, sympa, thunderbird, tomcat8, and xerces-c), Fedora (fprintd, kernel, libfprint, and synergy), Mageia (bitcoin, dpic, firefox, jasper, jupyter-notebook, sam2p, thunderbird, and x11-server), Oracle (firefox, gd, kernel, net-snmp, openssl, python-rtslib, samba, and targetcli), Red Hat (fapolicyd, openshift, Red Hat Virtualization, and web-admin-build), SUSE (xen), and Ubuntu (unzip).

The LWN.net Weekly Edition for December 17, 2020 is available.

Python, at least in the CPython reference implementation, is not aparticularly speedy language. That is not at all surprising to anyone who has used it—the language is optimized forunderstandability and development speed, instead. There have been lots ofefforts over the years to speed up various parts of the interpreter,compiler, and virtual-machine bytecode execution, though no comprehensiveoverhaul has been merged into CPython. An interesting new proposal couldperhaps change that, though it is unclear at this point if it will take off.

Version 4.0 of the GTK toolkit has been released. "It isimpossible to summarize 4 years of development in a single post. We’vewritten detailed articles about many of the new things in this release overthe past year: Datatransfers, Eventcontrollers, Layoutmanagers, Rendernodes, Mediaplayback, Scalablelists, Shaders, Accessibility." GTK 2 has reached the end of its life.

Stable kernels 5.9.15 and 5.4.84 have been released. They both containimportant fixes and users should upgrade.

Security updates have been issued by Debian (firefox-esr), Fedora (mingw-openjpeg2, openjpeg2, and synergy), openSUSE (audacity and gdm), Oracle (libexif, libpq, and thunderbird), Red Hat (firefox, gnutls, go-toolset:rhel8, java-1.7.1-ibm, java-1.8.0-ibm, kernel, kernel-rt, linux-firmware, mariadb-connector-c, mariadb:10.3, memcached, net-snmp, nginx:1.16, nodejs:12, openssl, pacemaker, postgresql:10, python-django-horizon, python-XStatic-Bootstrap-SCSS, python-XStatic-jQuery, and python-XStatic-jQuery224), Scientific Linux (gd, kernel, pacemaker, python-rtslib, samba, and targetcli), SUSE (openssh, PackageKit, spice, and spice-gtk), and Ubuntu (firefox and imagemagick).

Hans Petter Jansson has done ananalysis of contributions to the GNOME project, raising some concernsabout how well the project is doing at bringing in new developers for thelong haul. "According to this, GNOME peaked at slightly above 1,400contributors in 2010 and went into decline with the GNOME 3.0 release thefollowing year. However, 2020 saw the most contributors in a long time,even with preliminary data — there’s still two weeks to go. Who knows ifit’s an anomaly or not. It’s been an atypical year across theboard."

On November 26, version 6.1 of GNU Octave, a language andenvironment for numerical computing, was released. There are several newfeatures and enhancements in this release, including improvements tographics output, better communication with web services, and over 40 newfunctions. We will take a look at where Octave fits into the landscape ofnumerical tools for scientists and engineers, and recount some of its longhistory.

Firefox 84.0 has been released. This version includes an acceleratedrendering pipeline for Linux/GNOME/X11 users and improved performance andcompatibility with Docker. This is the final release to support AdobeFlash. The release noteshave additional details.Firefox 78.6.0 ESR has also been released, with various stability,functionality, and security fixes. See the releasenotes for more information.

CloudLinux has put out a press release stating that it will commit over$1 million per year toward the creation and maintenance of a CentOSreplacement distribution. "CloudLinux is sponsoring Project Lenix, which will create a free, open-source, community-driven,1:1 binary compatible fork of RHEL 8 (and future releases). It will provide an uninterrupted way toconvert existing CentOS servers with absolutely zero downtime. Entire server fleets will be able tobe converted with a single command with no reinstallation and no reboots required."

Security updates have been issued by Debian (libxstream-java and xen), Fedora (curl), openSUSE (curl, kernel, mariadb, and openssl-1_1), Oracle (kernel, libexif, thunderbird, and xorg-x11-server), Red Hat (curl, gd, kernel, kernel-rt, linux-firmware, net-snmp, openssl, pacemaker, python-rtslib, samba, targetcli, and xorg-x11-server), Scientific Linux (libexif, thunderbird, and xorg-x11-server), and SUSE (clamav, gdm, and kernel).

Linus Torvalds releasedthe 5.10 kernel on December 13 at the end of a typical nine-week development cycle.At that point, 16,174 non-merge changesets had been pulled into themainline; that makes 5.10 a larger cycle than 5.9, but it falls just shortof the record set by 5.8, which ended with 16,308 changesets. For the mostpart 5.10 is just another routine kernel release, but there are a couple of interestingthings to be seen in the overall statistics.

The 5.10.1 stable kernel update has beenreleased on an expedited schedule; it contains reverts for a couple oflate-arriving 5.10 patches that turned out not to be as good an idea as itfirst seemed.

Security updates have been issued by Debian (lxml, openexr, openssl, and openssl1.0), Fedora (libpri, libxls, mediawiki, nodejs, opensc, php-wikimedia-assert, php-zordius-lightncandy, squeezelite, and wireshark), openSUSE (curl, openssh, openssl-1_0_0, python-urllib3, and rpmlint), Red Hat (libexif, libpq, and thunderbird), Slackware (p11), SUSE (kernel, Kubernetes, etcd, helm, openssl, openssl-1_0_0, and python), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, and linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi).

Linus has released the 5.10 kernel."I pretty much always wish that the last week was even calmer than itwas, and that's true here too. There's a fair amount of fixes in here,including a few last-minute reverts for things that didn't get fixed,but nothing makes me go 'we need another week'. Things look fairlynormal."Significant changes in this release includesupport for the Arm memory taggingextension,restricted rings for io_uring,sleepable BPF programs,the process_madvise()system call,ext4 "fast commits",and more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 5.10 pagefor more details.

The 5.9.14, 5.4.83, 4.19.163, 4.14.212, 4.9.248, and 4.4.248 stable kernelshave been released by Greg Kroah-Hartman. As usual, they contain importantfixes throughout the tree; users should upgrade.

Kernel development is a constant exercise in reducing overhead; anyresources taken by the kernel are not available for the workload that usersactually want to run. As part of this, the pagestructure used to manage memory has been kept as small as possible.Even so, page structures typically take up just over 1.5% of theavailable memory, which is too much for some users. LWN recently looked at DMEMFS as one approach to reducethis overhead, but that is not the only work happening in this area. Twodevelopers are currently working independently on patches to reduce theoverhead associated with huge pages in particular.

Security updates have been issued by Debian (minidlna and x11vnc), Fedora (pam), openSUSE (chromium, minidlna, nsd, openssl-1_1, and pngcheck), SUSE (gcc7 and kernel), and Ubuntu (lxml and squirrelmail).

For years, the CentOS distribution hasbeen a reliable resource for anybody wanting to deploy systems with astable, maintained Linux base that "just works". At one point, it was reportedto be the platform on which 30% of all web servers were run. CentOS hashad its ups and downs over the years; for many, the December 8 announcementthat CentOS will be "shifting focus" will qualify as the final"down". Regardless of whether this change turns out to be a good thing, itcertainly marks the end of an era that began in 2004.

The OpenWrt project has released two updates:18.06.9 and19.07.5.Both contain a number of important fixes, including a few with CVE numbersattached. Also notable is that 18.06.9 is the last update for 18.06; userswill need up upgrade to 19.07 for continued support.

Security updates have been issued by Arch Linux (ant, cimg, containerd, libproxy, libproxy-mozjs, libproxy-webkit, libslirp, python-lxml, tomcat8, tomcat9, and xorg-server), CentOS (firefox and thunderbird), Debian (apt, linux-4.19, python-apt, and sqlite3), Fedora (ceph, chromium, containerd, matrix-synapse, mingw-openjpeg2, openjpeg2, python-authlib, python-canonicaljson, and spice-gtk), Mageia (chromium-browser-stable), openSUSE (chromium and pngcheck), Slackware (curl), SUSE (clamav, curl, openssh, openssl-1_0_0, openssl-1_1, openssl1, python-pip, python-scripttest, python-urllib3, and xen), and Ubuntu (apt, curl, and python-apt).

The LWN.net Weekly Edition for December 10, 2020 is available.

There can be no doubt that general-purpose computing has been a boon to theworld. The ability to run different kinds of programs, from varioussources, including bought from companies, written from scratch, and, well,built from source, is something that we take for granted on many—most—ofthe computing devices that we own.But that model seems to be increasingly disappearing in many kinds of devices,including personal computers, as a recent kerfluffle in the Apple worldhelps to demonstrate.

Security updates have been issued by Debian (golang-golang-x-net-dev, python-certbot, and xorg-server), Fedora (resteasy, scap-security-guide, and vips), openSUSE (chromium, python, and rpmlint), SUSE (kernel), and Ubuntu (aptdaemon, curl, gdk-pixbuf, lxml, and openssl, openssl1.0).

GNU Autoconf 2.70 is out. "Noteworthy changes include support for the2011 revisions of the C and C++ standards, support for reproduciblebuilds, improved support for cross-compilation, improved compatibilitywith current compilers and shell utilities, more efficient generatedshell code, and many bug fixes." See this article for more information on what hasbeen happening with Autoconf.

Fedora has long had Workstation and Server editions and, back inAugust, added an edition for Internet of Things (IoT) devices. Those editions target different use cases forthe distribution, as does the CoreOS "spin" (or "emergingedition"), which targets cloud and Kubernetes deployments. A proposal toelevate Fedora CoreOS to a full edition as part of Fedora 34 wasrecently discussed on the Fedora devel mailing list. As part of that, whatit means for a distribution to be part of Fedora was discussed as well.

Stable kernels 5.9.13, 5.4.82, 4.19.162, and 4.14.211 have been released. They containimportant fixes and users should upgrade.

Security updates have been issued by Debian (minidlna, openssl, and trafficserver), Mageia (oniguruma, php-pear, python, python3, and x11vnc), openSUSE (minidlna), Oracle (kernel and net-snmp), Red Hat (kernel, mariadb-galera, microcode_ctl, and net-snmp), Slackware (seamonkey), SUSE (thunderbird and xen), and Ubuntu (xorg-server).

Red Hat has announcedan end to the CentOS distribution as we know it. CentOS will be replacedby "CentOS Stream", which looks like a sort of beta test for changes goinginto Red Hat Enterprise Linux. Support for CentOS 7 will continue asscheduled, but support for CentOS 8 will go away at the end of 2021."When CentOS Linux 8 (the rebuild of RHEL8) ends, your best optionwill be to migrate to CentOS Stream 8, which is a small delta from CentOSLinux 8, and has regular updates like traditional CentOS Linux releases. Ifyou are using CentOS Linux 8 in a production environment, and are concernedthat CentOS Stream will not meet your needs, we encourage you to contactRed Hat about options."More information can be found in this FAQ. "CentOS Streamwill be getting fixes and features ahead of RHEL. Generally speaking, weexpect CentOS Stream to have fewer bugs and more runtime features than RHELuntil those packages make it into the RHEL release."Update: see also thisblog post from Chris Wright.

Version 6.0 of the Qtinterface framework is available. "Qt 6.0 is a starting point forthe next generation of Qt. It is not yet as feature-complete as 5.15, butwe will fill the gaps within the months to come. We've done a lot ofimportant work in laying out the foundations of the next version ofQt. Many of those changes might not be immediately visible, but I firmlybelieve they will help keep Qt competitive in the years to come."Changes include moving to C++17, the completion of the Unicode transition,a move away from OpenGL to a new internal rendering interface, additional3D capabilities, and more.

One of the kernel's primary jobs is to manage the memory installed in thesystem. Over the years, though, there have been various reasons forremoving a portion of the system's memory from the kernel's view. One ofthe latest can be seen in a mechanism called DMEMFS,which is being proposed as a way to get around some inefficiency in how thekernel keeps track of RAM.

Mozilla has released its annual report: "Every year in the spirit of openness upon which Mozilla was founded, we share publicly the ways we have protected, fought for and helped advance the internet in service of the people who rely on it every day. We outline how our organization is meeting the challenges of online life through an annual report: the State of Mozilla.This year we’ve changed the format of our report to focus on how we are using our organization’s strength and resources on two fronts: Fighting for People and Building for the Future. This report highlights the impact of our work in 2020 and is accompanied by our most recently filed financials which cover 2019.As the State of Mozilla outlines, Mozilla works to make the promise of a better internet a reality. We can’t and we don’t do it alone. There are myriad ways anyone can join this effort through actions big and small, starting with getting better educated on what’s at stake; pushing companies to operate more transparently and in the interest of communities and people, not just profits; testing new products; and choosing technology made by companies who share your vision for a healthier internet."

Bash 5.1 is out. "This release fixes several outstanding bugs in bash-5.0 and introducesseveral new features. The most significant change is a return to thebash-4.4 behavior of not performing pathname expansion on a word thatcontains backslashes but does not contain any unquoted globbing specialcharacters. This comes after a long POSIX discussion that resulted in achange to the standard. There are several changes regarding trap handlingwhile reading from the terminal (e.g, for `read' and `select'.) There are anumber of bug fixes, including several bugs that caused the shell tocrash."The readline library used in bash 5.1 has also been updated to version 8.1. "There are moreimprovements in the programming interface and new user-visible variablesand bindable commands. There are a several new public API functions, butthere should be no incompatible changes to existing APIs."

Security updates have been issued by Arch Linux (ceph, gitea, matrix-synapse, musl, mutt, neomutt, opensc, and webkit2gtk), Debian (debian-security-support, openldap, salt, xen, and xorg-server), Fedora (fossil, pdfresurrect, tcpdump, thunderbird, and xorg-x11-server), Gentoo (chromium, firefox, mariadb, pam, postgresql, seamonkey, thunderbird, and xorg-server), Mageia (mutt, pdfresurrect, privoxy, and thunderbird), openSUSE (chromium, java-1_8_0-openjdk, kernel, minidlna, neomutt, opera, pngcheck, python, python-cryptography, python-pip, python-setuptools, python3, rclone, thunderbird, xen, and xorg-x11-server), Red Hat (ksh and net-snmp), and SUSE (crowbar-openstack, grafana, influxdb, python-urllib3, fontforge, mariadb, mutt, postgresql12, python-cryptography, and xen).

Linus has released 5.10-rc7 for testing; heseems happy with how it is coming together."So unless something odd and bad happens next week, we'll have a final5.10 release next weekend, and then we'll get the bulk of the mergewindow for 5.11 over and done with before the holiday season starts."

The 20.10 release of the t2 Linux distribution is available. "Aftera decade of development we are proud to announce the availability of thenew T2 Linux Source and Embedded Linux distribution build kit stablerelease 20.10." More information about this distribution can befound at t2sde.org: "T2 SDE is notjust a regular Linux distribution - it is a flexible Open Source SystemDevelopment Environment or Distribution Build Kit (others might even nameit Meta Distribution). T2 allows the creation of custom distributions withstate of the art technology, up-to-date packages and integrated support forcross compilation. Currently the Linux kernel is normally used - but the T2SDE is being expanded to Minix, Hurd, OpenDarwin, Haiku and OpenBSD - moreto come."

The news for processors and system-on-chip (SoC) products thesedays is all about 64-bit cores powering the latest computers andsmartphones, so it's easy to be misled into thinking that all 32-bittechnology is obsolete. That quickly leads to the idea of removing supportfor 32-bit hardware, which would clearly make life easier for kerneldevelopers in a number of ways.At the same time, a majority of embedded systems shipped today do use 32-bitprocessors, so a valid question is if this will ever change, or if 32-bitwill continue to be the best choice for devices that do not requiresignificant resources.

GitHub has released its "2020 Stateof the Octoverse" report; one piece of that is areport on security [PDF]. There are a number of interestingconclusions there, including that a surprising number of securityvulnerabilities are planted deliberately. "Analysis on a randomsample of 521 advisories from across our six ecosystems finds that 17% ofthe advisories are related to explicitly malicious behavior such asbackdoor attempts. Of those 17%, the vast majority come from the npmecosystem. While 17% of malicious attacks will steal the spotlight insecurity circles, vulnerabilities introduced by mistake can be just asdisruptive and are much more likely to impact popular projects. Out of allthe alerts GitHub sent developers notifying them of vulnerabilities intheir dependencies, only 0.2% were related to explicitly maliciousactivity. That is, most vulnerabilities were simply those caused bymistakes."

Security updates have been issued by Debian (thunderbird), Fedora (c-ares, pdfresurrect, webkit2gtk3, and xen), openSUSE (python3), SUSE (gdm, python-pip, rpmlint, and xen), and Ubuntu (snapcraft).

Ever since the stable-update process was created, there have been questionsabout which patches are suitable for inclusion in those updates; usually,these discussions are driven by people who think that the criteria shouldbe more restrictive. A regression in the XFS filesystem that found its wayinto the 5.9.9stable update briefly rekindled this discussion. In one sense, there waslittle new ground covered in this iteration, but there was an interestingpoint raised about the relationship between stable updates and the mainlinekernel -rc releases.