lwn.net

Sasha Levin has announced the release of the 5.13.13, 5.10.61, 5.4.143, 4.19.205, 4.14.245, 4.9.281, and 4.4.282 stable kernels. As usual, they contain important fixes throughout the tree. Users of those series should upgrade.

Security updates have been issued by Fedora (community-mysql, containerd, dotnet3.1, dotnet5.0, perl-Encode, and tor), Mageia (gpsd), openSUSE (cacti, cacti-spine, go1.16, jetty-minimal, libmspack, mariadb, openexr, and tor), SUSE (aspell, jetty-minimal, libesmtp, mariadb, and unrar), and Ubuntu (firefox and mongodb).

The LWN.net Weekly Edition for August 26, 2021 is available.

One last reminder that LWN editor Jonathan Corbet will be presenting a version of The Kernel Report at 9:00 US/Mountain (15:00 UTC) on August 26. This live presentation is part of a test of the infrastructure for the 2021 Linux Plumbers Conference, but anybody is welcome to attend regardless of whether they are registered for LPC or not. The meeting "room" will open one hour ahead of the talk at meet.lpc.events; we hope to see you there.

A regression that was recently reported for 5.14 in the media subsystem is a bit of a strange beast. The kernel's user-space binary interface (ABI) was not changed, which is the usual test for a patch to get reverted, but the report still led to a reversion. The change did lead to problems building a user-space application because it moved some header files to staging/ as part of a cleanup for a deprecated—though apparently still functioning—driver for a Digital Video Broadcasting (DVB) device. There are a few different issues tangled together here, but the reversion of a regression in the user-space API (and not ABI) is a new wrinkle.

Security updates have been issued by Debian (openssl), openSUSE (libspf2, openssl-1_0_0, and openssl-1_1), Oracle (libsndfile), SUSE (nodejs10, nodejs12, openssl, openssl-1_0_0, openssl-1_1, and openssl1), and Ubuntu (openssl).

The call for nominees for the 2021 Linux Foundation Technical Advisory Board election has gone out.

The TAB serves as the interface between the kernel development community and the Linux Foundation, advising the Foundation on kernel-related matters, helping member companies learn to work with the community, and working to resolve community-related problems (preferably before they get out of hand). We also support the Code of Conduct committee in their mission.

The election itself will be held during the Linux Plumbers Conference, September 20 to 24. Note that the election procedures have changed this year with an eye toward broadening the community that is eligible to vote.

On August 25, 1991, Linus Torvalds posted his famous message to the comp.os.minix USENET group:

I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready.

After all of these years, it still feels like it's "starting to get ready"; what a ride it has been.

Users often store a lot of sensitive information on their computers—from credentials to banned texts to family photos—that they might normally expect to be protected by the login password of their account. Under some circumstances, though, users can be required to log into their system so that some third party (e.g. government agent) can examine and potentially copy said data. A new project, PAM Duress, provides a way to add other passwords to an account, each with its own behavior, which might be a way to avoid granting full access to the system, though the legality is in question.

Security updates have been issued by Debian (ledgersmb, tnef, and tor), Fedora (nodejs-underscore and tor), openSUSE (aws-cli, python-boto3, python-botocore,, fetchmail, firefox, and isync), SUSE (aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 and python-PyYAML), and Ubuntu (linux-aws-5.8, linux-azure-5.8, linux-gcp-5.8, linux-oracle-5.8).

The first installment in this two-part series looked at the difficulties that arise when Btrfs filesystems containing subvolumes are exported via NFS. Btrfs has a couple of quirks that complicate life in this situation: the use of separate device numbers for subvolumes and the lack of unique inode numbers across the filesystem as a whole. Recently, Neil Brown set off on an effort to try to solve these problems, only to discover that the situation was even more difficult than expected and that many attempts would be required.

Security updates have been issued by Debian (ffmpeg, ircii, and scrollz), Fedora (kernel, krb5, libX11, and rust-actix-http), Mageia (kernel and kernel-linus), openSUSE (aspell, chromium, dbus-1, isync, java-1_8_0-openjdk, krb5, libass, libhts, libvirt, prosody, systemd, and tor), SUSE (cpio, dbus-1, libvirt, php7, qemu, and systemd), and Ubuntu (inetutils).

The 5.14-rc7 kernel prepatch has been released. "So things continue to look normal, and unless there is any last-minute panic this upcoming week, this is likely the last rc before a final 5.14."

OpenSSH 8.7 has been released. Changes include steps toward deprecating scp and using the SFTP protocol for file transfers instead, changes to remote-to-remote copies (they go through the local host by default now), a stricter configuration-file parser, and more.

Unix-like systems — and their users — tend to expect all filesystems to behave in the same way. But those users are also often interested in fancy new filesystems offering features that were never envisioned by the developers of the Unix filesystem model; that has led to a number of interesting incompatibilities over time. Btrfs is certainly one of those filesystems; it provides a long list of features that are found in few other systems, and some of those features interact poorly with the traditional view of how filesystems work. Recently, Neil Brown has been trying to resolve a specific source of confusion relating to how Btrfs handles inode numbers.

Luis Villa writes about increasing demands on open-source maintainers on opensource.com.

Second, these new and increasingly specialized requirements primarily benefit a specific class of open source users—large enterprises. That isn't necessarily a bad thing—big enterprises are essential in many ways, and indeed, the risks to them deserve to be taken seriously.

But in a world where hundreds of billions of dollars in enterprise value have been created by open source, and where small educational/hobby projects (and even many small companies) don't really benefit from these new unfunded mandates, developers will likely focus on other things, since few of them got into open source primarily to benefit the Fortune 500.

Security updates have been issued by Fedora (libtpms and mingw-exiv2), openSUSE (389-ds, aspell, c-ares, fetchmail, firefox, go1.15, go1.16, haproxy, java-1_8_0-openjdk, krb5, libass, libmspack, libsndfile, openexr, php7, qemu, and tor), Oracle (compat-exiv2-023 and compat-exiv2-026), and SUSE (389-ds, aspell, djvulibre, fetchmail, firefox, go1.15, go1.16, java-1_8_0-openjdk, krb5, libass, libmspack, nodejs8, openexr, postgresql10, qemu, and spice-vdagent).

Unix-like systems abound with ways to confuse new users, many of which have been present since long before Linux entered the scene. One consistent source of befuddlement is the "text file is busy" (ETXTBSY) error message that is delivered in response to an attempt to overwrite an executable image file. Linux is far less likely to deliver ETXTBSY results than it once was, but they do still happen on occasion. Recent work to simplify the mechanism behind ETXTBSY has raised a more fundamental question: does this error check have any value at all?

The Document Foundation has announced the latest release of LibreOffice: LibreOffice 7.2 Community, the new major release of the volunteer-supported free office suite for desktop productivity, is available from https://www.libreoffice.org/download. Based on the LibreOffice Technology platform for personal productivity on desktop, mobile and cloud, it provides a large number of interoperability improvements with Microsoft’s proprietary file formats. In addition, LibreOffice 7.2 Community offers numerous performance improvements in handling large files, opening certain DOCX and XLSX files, managing font caching, and opening presentations and drawings that contain large images. There are also drawing speed improvements when using the Skia back-end that was introduced with LibreOffice 7.1.

[...] LibreOffice 7.2 Community’s new features have been developed by 171 contributors: 70% of code commits are from 51 developers employed by three companies sitting in TDF’s Advisory Board – Collabora, Red Hat and allotropia – or other organizations (including The Document Foundation), and 30% are from 120 individual volunteers.

See the release notes for more information on the changes and new features in the LibreOffice 7.2.

Security updates have been issued by CentOS (exiv2, firefox, and thunderbird), Fedora (libsndfile, python-docx, and xscreensaver), openSUSE (haproxy), and SUSE (haproxy).