lwn.net

The Human Interface Device (HID) standard dates back to the Windows 95 era. It describes how devices like mice and keyboards present themselves to the host computer, and has created a world where a single driver can handle a wide variety of devices from multiple manufacturers. Or it would have, if there weren't actual device manufacturers involved. In the real world, devices stretch and break the standard, each in its own special way. At the 2022 Linux Plumbers Conference, Benjamin Tissoires described how BPF can be used to simplify the task of supporting HID devices.

Security updates have been issued by Debian (expat and poppler), Fedora (dokuwiki), Gentoo (fetchmail, grub, harfbuzz, libaacplus, logcheck, mrxvt, oracle jdk/jre, rizin, smarty, and smokeping), Mageia (tcpreplay, thunderbird, and webkit2), SUSE (dpdk, permissions, postgresql14, puppet, and webkit2gtk3), and Ubuntu (linux-gkeop and sosreport).

The 6.0-rc7 kernel prepatch is out for testing.

So I was thinking rc7 might end up larger than usual due to travel hitting rc6, but it doesn't really seem to have happened.

Yeah, maybe it's marginally bigger than the historical average for this time of the release cycle, but it definitely isn't some outlier, and it looks fairly normal. Which is all good, and makes me think that the final release will happen right on schedule next weekend, unless something unexpected happens. Knock wood.

Arch Linux has announced that Python 2 is being removed from the distribution's repositories. "If you still require the python2 package you can keep it around, but please be aware that there will be no security updates."

For better or worse, C is the lingua franca in the world of kernel engineering. The core logic of the Linux kernel is written entirely in C (with a bit of assembly), as are its drivers and modules. While C is rightfully celebrated for its powerful yet simple semantics, it is an older language that lacks many of the features present in modern languages such as Rust. The BPF subsystem, on the other hand, provides a programming environment that allows engineers to write programs that can run safely in kernel space. At the 2022 Linux Plumbers Conference in Dublin, Ireland, Alexei Starovoitov presented an overview of how BPF has evolved over the years to provide a new model for kernel programming.

The 5.19.11, 5.15.70, and 5.10.145 stable kernels are now available. As usual, they contain important fixes throughout the kernel tree.

Security updates have been issued by Debian (bind9, expat, firefox-esr, mediawiki, and unzip), Fedora (qemu and thunderbird), Oracle (webkit2gtk3), SUSE (ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma, ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma, dpdk, freetype2, rubygem-rack, and virtualbox), and Ubuntu (etcd, libjpeg-turbo, linux-gcp, linux-gke, linux-raspi, linux-oem-5.17, linux-raspi-5.4, python-oauthlib, and python3.5).

At the 2022 Linux Security Summit Europe (LSS EU), Gustavo A. R. Silva reported in on work he has been doing on "flexible" arrays in the kernel. While these arrays provide some ... flexibility ... they are also a source of bugs, which can often result in security vulnerabilities. He has been working on ways to make the use of flexible arrays safer in the kernel.

Version 1.64.0 of the Rust language has been released. Changes include the stabilization of the IntoFuture trait, easier access to C-compatible types, the availability of rust-analyzer via rustup, and more.

Security updates have been issued by Debian (e17, fish, mako, and tinygltf), Fedora (mingw-poppler), Mageia (firefox, google-gson, libxslt, open-vm-tools, redis, and sofia-sip), Oracle (dbus-broker, kernel, kernel-container, mysql, and nodejs and nodejs-nodemon), Slackware (bind), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer, go1.18, go1.19, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, libconfuse0, and oniguruma), and Ubuntu (bind9 and pcre2).

The LWN.net Weekly Edition for September 22, 2022 is available.

Public hosting systems for free software have come and gone over the years but one of them, Sourceware, has been supporting the development of most of the GNU toolchain for nearly 25 years. Recently, an application was made to bring Sourceware under the umbrella of the Software Freedom Conservancy (SFC), at least for fundraising purposes. It turns out that there is a separate initiative, developed in secret until now, with a different vision for the future of Sourceware. The 2022 GNU Tools Cauldron was the site of an intense discussion on how this important community resource should be managed in the coming years.

Version 43 of the GNOME desktop environment has been released; see the release notes for details.

This latest GNOME release comes with improvements across the board, ranging from a new quick settings menu, a redesigned Files app, and hardware security integration. GNOME 43 continues the trend of GNOME apps migrating from GTK 3 to GTK 4, and includes many other smaller enhancements.

Konstantin Ryabitsev has announced the availability of rendered documentation from linux-next on kernel.org. This will be useful for anybody wanting to see what the documentation for the next kernel release will look like.

Security updates have been issued by Fedora (libconfuse, moodle, rizin, and thunderbird), Oracle (ELS kernel, gnupg2, ruby, and webkit2gtk3), Red Hat (booth, dbus-broker, gnupg2, kernel, kernel-rt, kpatch-patch, mysql, nodejs, nodejs-nodemon, ruby, and webkit2gtk3), Slackware (expat and mozilla), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container and vsftpd), and Ubuntu (bind9, ghostscript, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-kvm, linux-lowlatency, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, lnux-hwe, inux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux-hwe-5.15, linux-lowlatency-hwe-5.15, and mako).

The Debian project has begun voting on changes to its approach to firmware needed to install a working distribution. The original ballot option described in this article is still there, but this is Debian so there are several others as well. Some of the additions include changes to the Debian Social Contract that explicitly allow the shipping of firmware needed to use Debian on hardware requiring that firmware.

The traditional mechanism for launching a program in a new process on Unix systems—forking and execing—has been with us for decades, but it is not really the most efficient of operations. Various alternatives have been tried along the way but have not supplanted the traditional approach. A new mechanism created by Josh Triplett adds process creation to the io_uring asynchronous I/O API and shows great promise; he came to the 2022 Linux Plumbers Conference (LPC) to introduce io_uring_spawn.

The 5.19.10, 5.15.69, 5.10.144, 5.4.214, 4.19.259, 4.14.294, and 4.9.329 stable kernel updates have all been released; each contains another set of important fixes.

Security updates have been issued by Fedora (dokuwiki and rizin), SUSE (libcontainers-common, permissions, sqlite3, and wireshark), and Ubuntu (tiff, vim, and xen).

After a two-year hiatus, the 2022 Linux Kernel Maintainers Summit returned to an in-person format in Dublin, Ireland on September 15. Around 30 kernel developers discussed a number of process-related issues relating to the kernel community. LWN had the privilege of being there and is able, once again, to report from the event. This years sessions included discussions of regression handling, the imminent merging of Rust support, BPF, the kernel development process, and more.