LWN.net

The Linux extended-attribute mechanism allows the attachment of metadata tofiles within a filesystem. It tends to be little used — at least, in theabsence of a security module like SELinux. There is interest in how theseattributes work, though, as evidenced by the discussions that havefollowed the posting of revisions of thispatch by Vivek Goyal, which seeks to make a seemingly small change tothe rules regarding extended attributes and special files.

The Open Source Initiative has announced theappointment of Stefano Maffulli as its executive director."'Bringing Stefano Maffulli on board as OSI’s first ExecutiveDirector is the culmination of a years-long march towardprofessionalization, so that OSI can be a stronger and more responsiveadvocate for open source,' says Joshua Simmons, Board Chair of OSI."

Security updates have been issued by Fedora (lynx, matrix-synapse, and proftpd), openSUSE (ntfs-3g_ntfsprogs), Oracle (kernel), Red Hat (RHV-H), Scientific Linux (kernel), and Ubuntu (libapache2-mod-auth-mellon, linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, and linux-azure-5.8, linux-oem-5.10).

The LWN.net Weekly Edition for September 9, 2021 is available.

Two recent threads on the python-ideas mailing list have overlapped to acertain extent; both referred to Python's style guide, but the discussionindicates that the advice in it may have been stretched further than intended. PEP 8("Style Guide for Python Code") is the longstanding set ofguidelines and suggestions for code that is going into the standardlibrary, but the "rules" in the PEP have been applied in settings and tools well outside of thatrealm. There may be reasons to update the PEP—some unrelated work of that nature isongoing, in fact—but Pythonistas need to remember that the suggestions init are not carved in stone.

Stable kernels 5.14.2, 5.13.15, and 5.10.63 have been released. As usual, thereare important fixes and users should upgrade.

Security updates have been issued by Debian (haproxy), Fedora (libguestfs, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, vim, and wimlib), Mageia (kernel and kernel-linus), openSUSE (haproxy), Oracle (kernel), Red Hat (kernel, kernel-rt, and kpatch-patch), SUSE (haproxy), and Ubuntu (cpio, haproxy, libapache2-mod-auth-mellon, libgd2, linux, linux-aws, linux-kvm, linux-lts-xenial, openvswitch, python-pysaml2, and sssd).

Firefox 92.0 has been released. Inthis version Firefox can now automatically upgrade to HTTPS using HTTPS RRas Alt-Svc headers, support full-range color levels for video playback onmany systems, and more.Firefox78.14.0 ESR and Firefox91.1.0 have also been released. ESR78 will reach end-of-life inNovember.

Amateur ("ham") radio operators have been experimenting with ways to usecomputers in their hobby since PCs became widely available—perhaps evenbefore then. While manypeople picture hams either talking into a microphone or tapping a telegraphkey, many hams now type on a keyboard or even click buttons on a computer screen to makecontacts. Even hams who still prefer to talk or use Morse code may stilluse computers for some things, such as logging contacts or predictingradio conditions. While most hams use Windows, there is no shortage of hamradio software for Linux.

Security updates have been issued by openSUSE (apache2, java-11-openjdk, libesmtp, nodejs10, ntfs-3g_ntfsprogs, openssl-1_1, xen, and xerces-c), Red Hat (kernel-rt and kpatch-patch), and SUSE (ntfs-3g_ntfsprogs and openssl-1_1).

Version 3.0 of the OpenSSL TLS library has been released; the largeversion-number jump (from 1.1.1) reflects a new versioning scheme.

The linux.conf.au organizers have put out a second, extended call forproposals for the 2022 event, which will be held online startingJanuary 14.

Once upon a time, block storage devices were slow, to the point that theyoften limited the speed of the system as a whole. A great deal of effortwent into carefully ordering requests to get the best performance out ofthe storage device; achieving that goal was well worth expending some CPUtime. But then storage devices got much faster and the equation changed.Fancy I/O-scheduling mechanisms have fallen by the wayside and effort is nowfocused on optimizing code so that the CPU can keep up with its storage. Ablock-layer change that was merged for the 5.15 kernel shows the kinds oftradeoffs that must be made to get the best performance from current hardware.

Security updates have been issued by Debian (btrbk, pywps, and squashfs-tools), Fedora (libguestfs, libss7, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, wimlib, and xen), Mageia (exiv2, golang, libspf2, and ruby-addressable), openSUSE (apache2, dovecot23, gstreamer-plugins-good, java-11-openjdk, libesmtp, mariadb, nodejs10, opera, python39, sssd, and xerces-c), and SUSE (apache2, java-11-openjdk, libesmtp, mariadb, nodejs10, python39, sssd, xen, and xerces-c).

Version 21.02.0 of the OpenWrt router distribution is out. "Itincorporates over 5800 commits since branching the previous OpenWrt 19.07release and has been under development for about one and a halfyear". Significant changes include WPA3 support by default, TLSsupport in opkg and in the LuCi interface, initial DistributedSwitch Architecture support, new hardware support, and more. See the releasenotes for more information.

Computing terminology can be counterintuitive at times, but even alongtime participant in the industry may have to look twice at the notionof named anonymous memory. That, however, is just the concept that thispatch set posted by Suren Baghdasaryan proposes to add. There are, itseems, developers who find the idea useful enough to not only overcome theinitial cognitive dissonance that comes with it, but also to resurrect aneight-year-old patch to get it into the kernel.

Greg Kroah-Hartman has announced the release of the 5.14.1, 5.13.14, 5.10.62, 5.4.144, 4.19.206, 4.14.246, 4.9.282, and 4.4.283 stable kernels. As usual, these updatescontain important fixes; users of those series should upgrade.

Security updates have been issued by Debian (qemu), Fedora (condor, grilo, libopenmpt, opencryptoki, and php), openSUSE (xen), and SUSE (ffmpeg, file, php72, rubygem-addressable, and xen).

As of this writing, 3,440 non-merge changesets have been pulled into themainline repository for the 5.15 development cycle. A mere 3,440 patchesmay seem like a slow start, but those patches are densely populated withsignificant new features. Read on for a look at what the first part of the5.15 merge window has brought.

On the ADA Logics blog, David Korczynski and Adam Korczynski write about their work integrating 115 open-source projects with Google's OSS-Fuzz project for doing continuous fuzz testing. They describe the process of integrating a project into OSS-Fuzz, and discuss their findings, which include more than 2000 bugs (500+ security relevant), of which 1300+ have been fixed at this point:

Security updates have been issued by openSUSE (ffmpeg and gstreamer-plugins-good), SUSE (apache2, apache2-mod_auth_mellon, ffmpeg, gstreamer-plugins-good, libesmtp, openexr, rubygem-puma, xen, and xerces-c), and Ubuntu (openssl).

The LWN.net Weekly Edition for September 2, 2021 is available.

Discussions on ways to "modernize" the Emacs editor have come up in various guises over the past fewyears. Changes of that nature tend to be somewhat contentious in the Emacscommunity, pitting the "old guard" that values the existing features (andkeybindings) against those who argue for changes to make Emacs moreapproachable (and aesthetically pleasing) to newcomers. Those discussionstend toward mega-thread status, so it should be no surprise that a queryabout possibly moving Emacs development to a "forge" (e.g. GitHub or GitLab) gotsimilar treatment. As always in Emacs-land, there are multiple facets tothe discussion, including the desirability of moving away from anemail-based workflow, accommodating younger, forge-centric developerswithout forcing existing developers into that model, and—naturally—licensing.

Security updates have been issued by CentOS (bind, GNOME, hivex, kernel, and sssd), Debian (gpac and squashfs-tools), Fedora (c-ares and openssl), openSUSE (dovecot23), Oracle (bind, hivex, kernel, and sssd), Red Hat (kernel), Scientific Linux (bind, hivex, kernel, libsndfile, libX11, and sssd), Slackware (ntfs), SUSE (dovecot23), and Ubuntu (ntfs-3g).

The Free Software Foundation (FSF) clarifiesthe purpose of its copyright policies and examines the impact ofpotential alternatives.

A longstanding tug-of-war between system package managers and Python's owninstallation mechanisms (primarily pip, but there are others) lookson its way to being resolved—or at least regularized. PEP 668("Graceful cooperation between external and Python packagemanagers") has been created to provide ways for the two types of package installationtowork together, rather than at cross-purposes at times.Since many operating systems depend on Python tools, with package versionsthat may differ from those of users' Python applications, making them play togethernicely should result in more stable systems.

The 5.15 merge window is off to a fast start; stay tuned for our usual fullsummary. It is worth mentioning, though, that the realtime preemptionlocking code has been pulled into themainline with little fanfare. This work began in 2004 and has fundamentallychanged many parts of the core kernel. With this pull, the sleepable locksthat make deterministic realtime response possible have finally joined allof that other work (though the kernel must be built with theREALTIME configuration option to use them).Congratulations are due to all of the realtime developers who pushed thisproject forward for nearly two decades.

Security updates have been issued by CentOS (libsndfile and libX11), Debian (ledgersmb, libssh, and postgresql-9.6), Fedora (squashfs-tools), openSUSE (389-ds, nodejs12, php7, spectre-meltdown-checker, and thunderbird), Oracle (kernel, libsndfile, and libX11), Red Hat (bind, cloud-init, edk2, glibc, hivex, kernel, kernel-rt, kpatch-patch, microcode_ctl, python3, and sssd), SUSE (bind, mysql-connector-java, nodejs12, sssd, and thunderbird), and Ubuntu (apr, squashfs-tools, thunderbird, and uwsgi).

The 5.14 kernel was released on August 29after a nine-week development period. This cycle was not as active as its predecessor, whichset a record for the number of developers involved, but there was still alot going on and a number of long-awaited features were merged. Now thatthe release is out, the time has come for our traditional look at where the code in 5.14 came from and how it got there.

Security updates have been issued by Debian (exiv2, grilo, gthumb, and redis), Fedora (krb5, nbdkit, and rubygem-addressable), Mageia (libass and opencontainers-runc), openSUSE (cacti, cacti-spine, go1.15, opera, qemu, and spectre-meltdown-checker), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, libsndfile, and libX11), SUSE (389-ds, qemu, and spectre-meltdown-checker), and Ubuntu (grilo).

Linus has released the 5.14 kernel.

The Linux kernel is a fast-moving project, but change can still besurprisingly slow to come at times. The nftables project to replace the kernel'spacket-filtering subsystem has its origins in 2008, but is still not beingused by most (or perhaps even many) production firewalls. The transitionmay be getting closer, though, as highlighted by the release of nftables 1.0.0 onAugust 19.

Security updates have been issued by Fedora (haproxy and libopenmpt), openSUSE (aws-cli, python-boto3, python-botocore,, dbus-1, and qemu), Oracle (rh-postgresql10-postgresql), Red Hat (compat-exiv2-023, compat-exiv2-026, exiv2, libsndfile, microcode_ctl, python27, rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon, rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon, and rh-python38), Scientific Linux (compat-exiv2-023 and compat-exiv2-026), SUSE (compat-openssl098), and Ubuntu (libssh, openssl, and openssl1.0).

As a general rule, the kernel community is happy to merge working devicedrivers without much concern for the availability of any associateduser-space code. What happens in user space is beyond the kernel's concernand unaffected by the kernel's license. There is an exception, though, inthe form of drivers for graphical processors (GPUs), which cannot be mergedin the absence of a working, freely-licensed user-space component. Thequestion of which drivers are subject to that rule has come up a few timesin recent years; that discussion has now come to a decision point with aneffort to block someHabana Labs driver updates from entry into the 5.15 kernel.

Sasha Levin has announced the release of the 5.13.13, 5.10.61, 5.4.143, 4.19.205, 4.14.245, 4.9.281, and 4.4.282 stable kernels. As usual, theycontain important fixes throughout the tree. Users of those series should upgrade.

Security updates have been issued by Fedora (community-mysql, containerd, dotnet3.1, dotnet5.0, perl-Encode, and tor), Mageia (gpsd), openSUSE (cacti, cacti-spine, go1.16, jetty-minimal, libmspack, mariadb, openexr, and tor), SUSE (aspell, jetty-minimal, libesmtp, mariadb, and unrar), and Ubuntu (firefox and mongodb).

The LWN.net Weekly Edition for August 26, 2021 is available.

One last reminder that LWN editor Jonathan Corbet will be presenting aversion of The Kernel Report at 9:00 US/Mountain (15:00 UTC) onAugust 26. This live presentation is part of a test of theinfrastructure for the 2021 LinuxPlumbers Conference, but anybody is welcome to attend regardless ofwhether they are registered for LPC or not. The meeting "room" will openone hour ahead of the talk at meet.lpc.events; we hope to see youthere.

A regression that was recently reported for 5.14 in the mediasubsystem is a bit of a strange beast. The kernel's user-space binary interface (ABI) was not changed, which is the usual test for a patch to getreverted, but the report still led to a reversion. The change did lead toproblems building a user-space application because it moved some headerfiles to staging/ as part of a cleanup for a deprecated—thoughapparently still functioning—driver for a DigitalVideo Broadcasting (DVB) device. There are a few different issuestangled together here, but the reversion of a regression in the user-spaceAPI (and not ABI) is a new wrinkle.

Security updates have been issued by Debian (openssl), openSUSE (libspf2, openssl-1_0_0, and openssl-1_1), Oracle (libsndfile), SUSE (nodejs10, nodejs12, openssl, openssl-1_0_0, openssl-1_1, and openssl1), and Ubuntu (openssl).

The callfor nominees for the 2021 Linux Foundation Technical Advisory Boardelection has gone out.

On August 25, 1991, Linus Torvalds posted his famousmessage to thecomp.os.minix USENET group:

Users often store a lot of sensitive information on their computers—fromcredentials to banned texts to family photos—that they might normally expect to be protected by the login password of their account. Under somecircumstances, though, users can be required to log into their system sothat some third party (e.g. government agent) can examine and potentiallycopy said data. A new project, PAM Duress, provides a wayto add other passwords to an account, each with its own behavior, whichmight be a way to avoid granting full access to the system, though thelegality is in question.

Security updates have been issued by Debian (ledgersmb, tnef, and tor), Fedora (nodejs-underscore and tor), openSUSE (aws-cli, python-boto3, python-botocore,, fetchmail, firefox, and isync), SUSE (aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 and python-PyYAML), and Ubuntu (linux-aws-5.8, linux-azure-5.8, linux-gcp-5.8, linux-oracle-5.8).

The first installment in this two-partseries looked at the difficulties that arise when Btrfs filesystemscontaining subvolumes are exported via NFS. Btrfs has a couple of quirksthat complicate life in this situation: the use of separate device numbersfor subvolumes and the lack of unique inode numbers across the filesystemas a whole. Recently, Neil Brown set off on an effort to tryto solve these problems, only to discover that the situation was evenmore difficult than expected and that many attempts would be required.

Security updates have been issued by Debian (ffmpeg, ircii, and scrollz), Fedora (kernel, krb5, libX11, and rust-actix-http), Mageia (kernel and kernel-linus), openSUSE (aspell, chromium, dbus-1, isync, java-1_8_0-openjdk, krb5, libass, libhts, libvirt, prosody, systemd, and tor), SUSE (cpio, dbus-1, libvirt, php7, qemu, and systemd), and Ubuntu (inetutils).

The 5.14-rc7 kernel prepatch has beenreleased. "So things continue to look normal, and unless there isany last-minute panic this upcoming week, this is likely the last rc beforea final 5.14."

OpenSSH 8.7 has been released. Changes includesteps toward deprecating scp andusing the SFTP protocol for file transfers instead, changes toremote-to-remote copies (they go through the local host by default now), astricter configuration-file parser, and more.

Unix-like systems — and their users — tend to expect all filesystems tobehave in the same way. But those users are also often interested in fancynew filesystems offering features that were never envisioned by thedevelopers of the Unix filesystem model; that has led to a number ofinteresting incompatibilities over time. Btrfs is certainly one of thosefilesystems; it provides a long list of features that are found in fewother systems, and some of those features interact poorly with thetraditional view of how filesystems work. Recently, Neil Brown has beentrying to resolve a specific source of confusion relating to how Btrfshandles inode numbers.

Luis Villa writesabout increasing demands on open-source maintainers on opensource.com.