The5.6.9 and5.4.37stable updates have been released with another set of important fixes.Note that the4.19.120,4.14.178,4.9.221, and4.4.221updates went into the review process at the same time as 5.6.9 and 5.4.37; they willprobably show up in the near future.
Normally, files exist in a filesystem to keep data contained within themseparated; seeing data exchanged directly between files is often a sign of filesystemcorruption. There are, however, use cases where it is desirable to be ableto perform a controlled swap of data between a pair of files. Darrick Wonghas recently posted apatch set implementing this feature for the XFS filesystem, but alsomaking it available in a general way.
The 2020 Python Language Summit was held virtually this year, over two days, via videoconference, with discussions via voice and chat. The summit is a yearly gathering for developers of CPython, other Python implementations, and related projects. As with last year, A. Jesse Jiryu Davis covered the summit; his writeups are being posted to the Python Software Foundation (PSF) blog. So far, all of the first day's session writeups are up, as well as two (of six) from the second day. Topics include "All strings become f-strings", "The path forward for typing", "A formal specification for the (C)Python virtual machine", and more.
Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2).
Developers who are concerned about system integrity often put a fair amountof effort into ensuring that data stored on disk cannot be tampered withwithout being detected.Technologies like dm-verityand fs-verity are attempts to solve thisproblem, as is the recently covered integritypolicy enforcement security module. More Recently, Johannes Thumshirnhas posted a patchseries adding filesystem-level authentication to Btrfs; it promises toprovide integrity with a surprisingly small amount of code.
Security updates have been issued by Arch Linux (chromium, git, and webkit2gtk), Debian (nodejs and tiff), Fedora (libxml2, php-horde-horde, pxz, and sqliteodbc), Oracle (python-twisted-web), Red Hat (chromium-browser, git, and rh-git218-git), Scientific Linux (python-twisted-web), SUSE (ceph, kernel, munge, openldap2, salt, squid, and xen), and Ubuntu (mailman, python3.8, samba, and webkit2gtk).
The second annual CopyleftConference was held on February 3 in Brussels; videos from the event have now been posted. "In his talk, Tony [Sebro] wonderswhether the community around copyleft, like those around eschatology and Afro-centric hip-hop, haslost it's center and how we might entice new stakeholders to reinvestin our shared values. His keynote is a great place to start with thisyear's videos."
A call for faster Fedora updates in response to security vulnerabilitieswas recently posted to the Fedora devel mailing list; it urgently advocatedchanges to the process so thatupdates, in general, and to the kernel and packages based on webbrowsers, in particular, are handled more expeditiously. While Fedoradevelopers are sympathetic to that, there is only so much the distribution can do as there are logistical and other hurdlesbetween Fedora and its users. It turns out that, to a great extent, Fedoracan already move quickly when it needs to.
Python's SimpleNamespace classprovides an easy way for a programmer to create an object to store valuesas attributes without creating their own (almost empty) class. While it isuseful (and used) in its present form, Raymond Hettinger thinks it couldbe better. He would like to see the hooks used by mappings(e.g. dictionaries) added to the class, so that attributes can be added andremoved using either x.a or x['a']. It would bringbenefits for JSON handling and more in the language.
The Trinity Desktop Environment (TDE) R14.0.8release is out. Trinity started out as a fork of KDE 3. "Ten years ago today, the Trinity Desktop Environment (TDE) saw the release of its first version (3.5.11). Lot of things have happened since that day but TDE has continued to grow and flourish throughout the years. Today the project is healthier than ever, with dedicated self-hosted servers, regular releases, modern collaboration tools and a vibrant community of users and enthusiasts."
Christian Schaller writesabout the desktop improvements found in Fedora 32 — and beyond."We spent a lot of time and energy over the last 6 years to get towhere we are now, putting in place a lot of the basic building blocksneeded to make Linux a great desktop operating system. And it feels greatthat just as we kick of the new line of Lenovo laptops running Fedora weare also entering a new phase of development where we can move beyondgetting our basic infrastructure in place, but we can really start takingadvantage of it to rapidly improve the experience we are providing evenmore. A good example is the Firefox work mentioned above, where we finallycould move on from ‘make it work with Wayland and PipeWire, to ‘lets takeadvantage of these new pieces to make Firefox on Linux better’."
Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, qemu-kvm, and thunderbird), Debian (qemu and ruby-json), Fedora (chromium, haproxy, and libssh), openSUSE (cacti, cacti-spine and teeworlds), Oracle (kernel), SUSE (apache2, git, kernel, ovmf, and xen), and Ubuntu (cups, file-roller, and re2c).
The Fedora32 distribution release is out, in workstation, server, and CoreOSvariants. "Following our 'First' foundation, we’ve updated keyprogramming language and system library packages, including GCC 10, Ruby2.7, and Python 3.8. Of course, with Python 2 past end-of-life, we’veremoved most Python 2 packages from Fedora. A legacy python27 package isprovided for developers and users who still need it. In Fedora Workstation,we’ve enabled the EarlyOOM service by default to improve the userexperience in low-memory situations."
For as long as operating systems have had kernels, there has been a need toextract information from data structures stored within those kernels. Overthe years, a wide range of approaches have been taken to make thatinformation available. In current times, it has become natural to reachfor BPF as the tool of choice for a variety of problems, and gettinginformation from kernel data structures is no exception. There are twopatches in circulation that take rather different approaches to using BPFto dump information from kernel data structures to user space.
The 5.7-rc3 kernel prepatch is out fortesting. "Again, that all looks very normal and very much 'nothingreally odd stands out'.In a world gone mad, the kernel looks almost boringly regular.Which is just how I like it."
Version 20.04 of the Kdenlive libre video editor has been released."The highlights include major speed improvements due to the Preview Scaling feature, New rating, tagging sorting and filtering of clips in the Project Bin for a great logging experience, Pitch shifting is now possible when using the speed effect, Multicam editing improvements and OpenTimelineIO support. Besides all the shiny new features, this version comes with fixes for 40 critical stability issues as well as a major revamp of the user experience. Kdenlive is now more reliable than ever before."
Keeping LWN going is a full-time job — indeed, it is multiple full-timejobs. We are currently hiring another writer to help us get thiswork done and to help expand our content range. If you have a deepunderstanding of the Linux and free-software communities and can writehigh-quality English, this is your chance to write for one of the mostengaged and challenging reader communities around; we would like to hearfrom you.
OpenSUSE Leap is acommunity distribution built on top of source packages from SUSE LinuxEnterprise (SLE). Recently, Gerald Pfeifer, chair of the openSUSE board, posted an announcement describing a proposalfrom SUSE to unify some packages between SLE andopenSUSE Leap. Here we analyze the proposal and the community'sreaction to it.
Fedora Magazine announcesthat Lenovo will start offering three laptop models with Fedora Workstationpreinstalled. "The Lenovo team has been working with folks at RedHat who work on Fedora desktop technologies to make sure that the upcomingFedora 32 Workstation is ready to go on their laptops. The best part aboutthis is that we’re not bending our rules for them. Lenovo is following ourexisting trademark guidelines and respects our open sourceprinciples. That’s right—these laptops ship with software exclusively fromthe official Fedora repos! When they ship, you’ll see Fedora 32Workstation. (Models which can benefit from the NVIDIA binary driver caninstall it in the normal way after the fact, by opting in to proprietarysoftware sources.)"
Greg Kroah-Hartman has released six new stable kernels: 5.6.7, 5.4.35,4.19.118, 4.14.177, 4.9.220, and 4.4.220. They all contain a rather large setof fixes throughout the tree; users of those series should upgrade.
Security updates have been issued by Arch Linux (lib32-openssl), Debian (git), Gentoo (chromium, firefox, git, and openssl), Oracle (kernel and python-twisted-web), Red Hat (python-twisted-web), Scientific Linux (python-twisted-web), and SUSE (file-roller, kernel, and resource-agents).
The 20.04 long-term support (LTS) release of Ubuntu, code named "FocalFossa", is out. There are desktop and server editions, as well as all ofthe different Ubuntu flavors: Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE,Ubuntu Studio, and Xubuntu. "The Ubuntu kernel has been updated tothe 5.4 based Linux kernel, with additional support for Wireguard VPN, AUFS5, and improved supportfor IBM, Intel, Raspberry Pi and AMD hardware. [...] 20.04 LTS also bringssupport for installing an Ubuntu desktop system on top of ZFS. The latest version brings performance enhancements andoptional encryption support. Zsys, Ubuntu’s ZFS system tool, providesautomated system and user state saving. Tight integration with GRUBallows a user to revert to any system state on boot and go back in timeto pave the way to a bulletproof Ubuntu Desktop." More informationcan be found in the release notes.
The realtime scheduler classes are intended to allow a developer to statewhich tasks have the highest priorities with the assurance that, at anygiven time, the highest-priority task will have unimpeded access to theCPU. The kernel itself carries out a number of tasks that have tight timeconstraints, so it is natural to want to assign realtime priorities tokernel threads carrying out those tasks. But, as Peter Zijlstra arguesin a new patch set, it makes little sense for the kernel to be assigningsuch priorities; to put an end to that practice, he is proposing to takeaway most of the kernel's ability to prioritize its own threads.
Alyssa Rosenzweig has posted adetailed look at progress on the Panfrost driver (a reverse-engineereddriver for Arm Mali GPUs) on the Collabora blog. "Putting it alltogether, we have the beginnings of a Bifrost compiler, sufficient for thescreenshots above. Next will be adding support for more complexinstructions and scheduling to support more complex shaders."
A recent thread on the python-ideas mailing list explores adding a featureto Python, which is the normal fare for that forum.The problem being addressed is real, but may not be the highest-priority problem for the language on many people'slists. Function calls that have multiple keyword arguments passed from avariable of the same name (e.g. keyword=keyword) requiredevelopers to repeat themselves and can be somewhat confusing, especiallyto newcomers.The discussion of ways to fix it highlighted some lesser-known corners of thelanguage, however, regardless of whether the idea will actually result in achange to Python.
The Yocto Project has announcedits 3.1 LTS release of its distribution-building system. Changes include a5.4 kernel, the removal of all Python 2 code, improvements in thebuild equivalence mechanism (described in thisarticle), and more.
Security updates have been issued by Oracle (java-1.7.0-openjdk and java-1.8.0-openjdk), Red Hat (git, java-1.8.0-openjdk, java-11-openjdk, and kernel), Scientific Linux (kernel), Slackware (git), SUSE (openssl-1_1 and puppet), and Ubuntu (binutils and thunderbird).
Matthew Garrett has posted an overview of the kernellockdown capability merged in 5.4. "If you verify your boot chain but allow root to modify that kernel, the benefits of the verified boot chain are significantly reduced. Even if root can't modify the on-disk kernel, root can just hot-patch the kernel and then make this persistent by dropping a binary that repeats the process on system boot.Lockdown is intended as a mechanism to avoid that, by providing an optional policy that closes off interfaces that allow root to modify the kernel."
Many applications benefit significantly from the use of hugepages. However, huge-page allocations often incur a high latency or evenfail under fragmented memory conditions. Proactive compaction may provide aneffective solution to these problems by doing memory compaction in thebackground. With guest author Nitin Gupta's proposed proactive compactionimplementation, typical huge-page allocation latencies are reduced by a factor of 70-80 while incurring minimal CPUoverhead.<p>Subscribers can read on for the full story from the upcoming weeklyedition.
Stable kernels 5.6.6, 5.5.19, 5.4.34, and 4.19.117 have been released. This is the last5.5.y kernel and users should move to 5.6.y at this time. Users of theother series should upgrade to get the latest fixes.
Back in February, the kernel community discussed the removal of a couple of functionsthat could be used by loadable modules to gain access to symbols (functionsand data structures) that were not meant to be available to them. Thatchange was mergedduring the 5.7 merge window. This change will break a number of externalmodules that depended on the removed functions; since many of those modulesare proprietary, this fact does not cause a great deal of anguish in thekernel community. But there are a few out-of-tree modules withGPL-compatible licenses that are also affected by this change; one of thoseis LTTng. Fixing LTTng may not beentirely straightforward.
Python 2.7.18 is out. This is the last release and end of support forPython 2. "Python 2.7 has been under active development since the release of Python 2.6, more than 11 years ago. Over all those years, CPython's core developers and contributors sedulously applied bug fixes to the 2.7 branch, no small task as the Python 2 and 3 branches diverged. There were large changes midway through Python 2.7's life such as PEP 466's feature backports to the ssl module and hash randomization. Traditionally, these features would never have been added to a branch in maintenance mode, but exceptions were made to keep Python 2 users secure. Thank you to CPython's community for such dedication."
Security updates have been issued by Arch Linux (openvpn), Debian (awl, file-roller, jackson-databind, and shiro), Fedora (chromium, git, and libssh), Mageia (php, python-bleach, and webkit2), openSUSE (chromium, gstreamer-rtsp-server, and mp3gain), Oracle (thunderbird and tigervnc), SUSE (thunderbird), and Ubuntu (file-roller and webkit2gtk).
The 5.7-rc2 kernel prepatch is out fortesting. "Everything continues to look fairly normal, with commit counts rightin the middle of what you'd expect for rc2. And most of the changesare tiny and don't look scary at all."
Greg Kroah-Hartman has released the 5.6.5,5.5.18, 5.4.33, and 4.19.116 stable kernels. They contain a seeminglylarger-than-usual collection of fixes throughout the kernel tree; users ofthose series should upgrade.
Much of the free software we run every day was developed over email, andthe developers of that software, who may have been using email for decades,tend to be somewhat attached to it. The newer generation of developersthat came later, though, has proved remarkably resistant to the charms ofemail-based communication. That has led to an ongoing push to replaceemail with other forms of communication; often the "other form" of choiceis a web-based system called Discourse. Moving to Discourse tendsto be controversial; LWN covered relateddiscussions in the Fedora and Python projects in 2018. Now it isDebian's turn to confront this question.
On the FSF blog, Zoe Kooyman describes how the LibrePlanet 2020 conference was converted to a virtual conference in a week's time—using free software, naturally. "In 2016, we gained some livestreaming experience when we interviewed Edward Snowden live from Moscow. To minimize the risk of failed recordings due to overly complex or error-prone software systems, we made it a priority to achieve a pipeline with low latency, good image quality, and low CPU usage. The application we used then was Jitsi Meet, and the tech info and scripts we used for streaming from 2016 are available for your information and inspiration.Naturally, for this year, with no time for researching other applications, we opted to build on our experience with Jitsi Meet. We hosted our own instance for remote speakers to connect to and enter a video call with the conference organizers. A screen capture of this call was then simultaneously recorded by the FSF tech team, and streamed out to the world via Gstreamer and Icecast."
Security updates have been issued by Arch Linux (apache and chromium), Debian (webkit2gtk), Fedora (firefox, nss, and thunderbird), Mageia (chromium-browser-stable and git), openSUSE (gnuhealth), Oracle (thunderbird), Red Hat (kernel-alt, thunderbird, and tigervnc), Scientific Linux (thunderbird), Slackware (openvpn), and SUSE (freeradius-server and libqt4).
There are many ways to try to keep a system secure. One of those, oftenemployed in embedded or other dedicated-purpose systems, is to try toensure that only code that has been approved (by whoever holds that powerover the system in question) can be executed. The secure boot mechanism,which is intended to keep a computer from booting anything but a trustedkernel, is one piece of this puzzle, but its protection only extendsthrough the process of booting the kernel itself. Various mechanisms exist forprotecting a system after it boots; a new option for this stage is the IntegrityPolicy Enforcement (IPE) security module, posted by Deven Bowers.
Security updates have been issued by Arch Linux (git), Fedora (cacti, cacti-spine, chromium, golang-github-buger-jsonparser, kernel, kernel-headers, and kernel-tools), openSUSE (ansible, git, and mp3gain), Oracle (container-tools:ol8, nodejs:10, and virt:ol), Red Hat (chromium-browser, ipmitool, and thunderbird), Slackware (bind), SUSE (quartz), and Ubuntu (php5, php7.0, php7.2, php7.3).
We last looked in on the question of aGit forge for Fedora at the end of January—which seems like nearly alifetime ago, but is, in truth, only around two-and-a-half months back. Atthat time, requirements were being gathered for an open decision-makingprocess that would seemingly play out with lots of communityparticipation. That is not at all what transpired, however, and much ofthe Fedora community feels that its needs have not been taken into consideration. There area number of lessons that can be learned from all of this.
LWN.net