lwn.net

Security updates have been issued by Debian (italc and python-ecdsa), Fedora (php and sudo), openSUSE (binutils and docker-runc), Oracle (thunderbird), Red Hat (firefox and sudo), SUSE (ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone, dbus-1, firefox, php7, and samba), and Ubuntu (file, freetds, and whoopsie).

The LWN.net Weekly Edition for October 31, 2019 is available.

Steven Rostedt has been a part of the Linux kernel tracing community for most of its existence, it seems. He was the developer of ftrace, which was one of the early mainline additions for tracing. There are now many tracing facilities in the kernel. At the 2019 Open Source Summit Europe in Lyon, France, Rostedt wanted to present an idea that he has been thinking about for a long time: a unified tracing platform to provide access to all of the kernel tracing facilities from user-space applications.

Security updates have been issued by Debian (imapfilter, libvncserver, and pam-python), Fedora (tcpdump), Mageia (file, graphviz, kernel, and php, pcre2), openSUSE (nfs-utils), Red Hat (heketi and samba), Scientific Linux (thunderbird), SUSE (libtomcrypt, php7, and runc), and Ubuntu (apport, libarchive, libidn2, samba, and whoopsie).

Fedora Magazine announces the release of Fedora 31. This release includes the Fedora Toolbox for launching and managing personal workspace containers. The Fedora Editions include Workstation, Server, with CoreOS and IoT in a preview state. Alternate architectures include ARM AArch64, Power, and S390x. However the 32-bit only i686 system has been dropped. The release notes contain additional information.

Back in March, we looked at a discussion and Python Enhancement Proposal (PEP) for a new dictionary "addition" operator for Python. The discussion back then was lively and voluminous, but the PEP needed some updates and enhancements in order to proceed. That work has now been done and a post about the revised PEP to the python-ideas mailing list has set off another mega-thread.

Stable kernels 5.3.8, 4.19.81, 4.14.151, 4.9.198, and 4.4.198 have been released. They all contain important fixes throughout the tree and users should upgrade.

Security updates have been issued by Debian (php7.0, php7.3, ruby-loofah, and spip), Fedora (proftpd), openSUSE (lz4 and sysstat), Red Hat (chromium-browser, jss, kernel, kernel-alt, kpatch-patch, pango, polkit, sudo, systemd, and thunderbird), SUSE (graphite-web, python3, and samba), and Ubuntu (php5, php7.0, php7.2, php7.3, and samba).

The BPF in-kernel virtual machine has brought a new set of capabilities to a number of functional areas in the kernel, including, significantly, tracing. Since BPF programs run in the kernel, much effort goes into ensuring that they will not cause problems for the running system; to that end, the BPF verifier checks every possible aspect of each BPF program's behavior to ensure that it is safe to run in the kernel — with one notable exception. With a patch set titled "revolutionize bpf tracing", Alexei Starovoitov aims to close that loophole and eliminate a set of potential problems in a widely used class of BPF programs.

Security updates have been issued by Arch Linux (chromium, firefox, php, and thunderbird), Debian (file, golang-1.11, libarchive, libxslt, mosquitto, php5, and proftpd-dfsg), Fedora (apache-commons-compress, chromium, java-1.8.0-openjdk, java-11-openjdk, jss, kernel, kernel-headers, kernel-tools, libpcap, mod_auth_openidc, tcpdump, and xpdf), openSUSE (kernel, openconnect, procps, python, sysstat, and zziplib), and SUSE (binutils, docker-runc, ImageMagick, nfs-utils, and xen).

A long-anticipated move has finally been made official: the KernelCI continuous-integration project has found a new home under the Linux Foundation umbrella. "The primary goal of KernelCI is to use an open testing philosophy to improve the quality, stability and long-term maintenance of the Linux kernel. Expected improvements to the platform under the Linux Foundation include improved LTS kernel testing and validation; consolidation of existing testing initiatives; quality-of-life improvements to the current service; expanded compute resources; and increased pool of hardware to be tested. In the long-term, members expect to modernize the architecture; test software beyond the Linux kernel; and define testing standards and engage in cross-project collaboration."

The 5.4-rc5 kernel prepatch is out for testing. "So we have a bit more fixes than normal during this stage, but nothing looks very strange, and the diffstat looks _mostly_ flat (with the cpufrequency power-QoS and io_uring changes looking a bit bigger) which is my sign for 'small changes all over'". The codename has changed again; now it's "Kleptomanic Octopus", suggesting some interesting encounters in Linus's latest diving outing.

The io_uring mechanism is a relatively new interface for asynchronous I/O; it first appeared in the 5.1 kernel in May. Since then, though, it has quickly grown in capabilities and in users; now it appears that it is outgrowing some of the kernel infrastructure that supports it. Thus, we have a proposal from Jens Axboe (the io_uring maintainer) for a new workqueue subsystem for io_uring that hints at some interesting plans for the future.

Security updates have been issued by Debian (firefox-esr), Gentoo (php), Oracle (firefox), Scientific Linux (sudo), and SUSE (accountsservice, binutils, nfs-utils, and xen).

The GNU Project was created by Richard Stallman in 1983 to further his goal of developing an entirely free operating system — a goal that seemed impossibly ambitious at the time. Stallman has recently resigned from some of his roles, but as of this writing his personal site still leads off with this proclamation: "I continue to be the Chief GNUisance of the GNU Project. I do not intend to stop any time soon". Within the project itself, though, it has become clear that this intention lacks universal support. We appear to be seeing the beginning of a governance transition for this venerable project.

Security updates have been issued by Debian (file), Mageia (bind, chromium-browser-stable, java-1.8.0-openjdk, libsndfile, mediawiki, and virtualbox), Oracle (firefox), Red Hat (firefox and sudo), Scientific Linux (firefox and OpenAFS), SUSE (kernel, lz4, rust, and xen), and Ubuntu (firefox).

The LWN.net Weekly Edition for October 24, 2019 is available.

Back in July, Linus Torvalds merged a patch in the 5.3 merge window that added the PREEMPT_RT option to the kernel build-time configuration. That was meant as a signal that the realtime patch set was moving from its longtime status as out-of-tree code to a fully supported kernel feature. As the code behind the configuration option makes its way into the mainline, some friction can be expected; we are seeing a bit of that now with respect to the BPF subsystem.

There has been discussion about the release cadence of Python for a couple of years now. The 18-month cycle between major releases of the language is seen by some core developers as causing too much delay in getting new features into the hands of users. Now there are two competing proposals for ways to shorten that cycle, either to one year or by creating a rolling-release model. In general, the steering council has seemed inclined toward making some kind of release-cycle change—one of those Python Enhancement Proposals (PEPs) may well form the basis of Python's release cadence moving forward.

Security updates have been issued by Arch Linux (go, go-pie, pacman, and xpdf), CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, and patch), openSUSE (gcc7), Red Hat (firefox, kernel, and qemu-kvm-rhev), Slackware (mozilla), SUSE (kernel, libcaca, openconnect, python, sysstat, and zziplib), and Ubuntu (libxslt, linux-azure, and linux-lts-xenial, linux-aws).