lwn.net

Michael Stapelberg has announced the first release of "distri", a distribution focused on simplifying and accelerating package management. "distri’s package manager is extremely fast. Its main bottleneck is typically the network link, even at high speed links (I tested with a 100 Gbps link). Its speed comes largely from an architecture which allows the package manager to do less work."

Security updates have been issued by CentOS (kernel and openssl), Debian (ffmpeg, golang-1.11, imagemagick, kde4libs, openldap, and python3.4), Fedora (gradle, hostapd, kdelibs3, and mgetty), Gentoo (adobe-flash, hostapd, mariadb, patch, thunderbird, and vlc), Mageia (elfutils, mariadb, mythtv, postgresql, and redis), openSUSE (chromium, kernel, LibreOffice, and zypper, libzypp and libsolv), Oracle (ghostscript), Red Hat (rh-php71-php), SUSE (bzip2, evince, firefox, glib2, glibc, java-1_8_0-openjdk, polkit, postgresql10, python3, and squid), and Ubuntu (firefox).

Richard Brown has announced that he is stepping down as the chair of the openSUSE board. "I have absolute confidence in the openSUSE Board; Indeed, I don't think I would be able to make this decision at this time if I wasn't certain that I was leaving openSUSE in good hands. On that note, SUSE has appointed Gerald Pfeifer as my replacement as Chair. Gerald is SUSE's EMEA-based CTO, with a long history as a Tumbleweed user, an active openSUSE Member, and upstream contributor/maintainer in projects like GCC and Wine."

Linus has released the 5.3-rc5 kernel prepatch, saying: "It's been calm, and nothing here stands out, except perhaps some of the VM noise where we un-reverted some changes wrt node-local vs hugepage allocations."

Version 2.23.0 of the Git source-code management system is out. There's a lot of new features, including a new "git merge --quit" option, new "git switch" and "git restore" commands, and more.

The BPF virtual machine within the kernel has seen a great deal of work over the last few years; as that has happened, its use has expanded to many different kernel subsystems. One of the objectives of that work in the past has been to make it safe to allow unprivileged users to load at least some types of BPF programs into the kernel. A recent discussion has made it clear, though, that the goal of opening up BPF to unprivileged users has been abandoned as unachievable, and that further work in that direction will not be accepted by the BPF maintainer.

Luis Chamberlain has announced the "kdevops" kernel-development framework. "I'm announcing the release of kdevops which aims at making setting up and testing the Linux kernel for any project as easy as possible. Note that setting up testing for a subsystem and testing a subsystem are two separate operations, however we strive for both. This is not a new test framework, it allows you to use existing frameworks, and set those frameworks up as easily can humanly be possible. It relies on a series of modern hip devops frameworks, it relies on ansible, vagrant and terraform, ansible roles through the Ansible Galaxy, and terraform modules."

Three new stable kernels have been announced by Greg Kroah-Hartman: 5.2.9, 4.19.67, and 4.14.139. There are important fixes in each; users should upgrade.

Security updates have been issued by Debian (freetype, libreoffice, and openjdk-7), Fedora (edk2, mariadb, mariadb-connector-c, mariadb-connector-odbc, python-django, and squirrelmail), Gentoo (chromium, cups, firefox, glibc, kconfig, libarchive, libreoffice, oracle-jdk-bin, polkit, proftpd, sqlite, wget, zeromq, and znc), openSUSE (bzip2, chromium, dosbox, evince, gpg2, icedtea-web, java-11-openjdk, java-1_8_0-openjdk, kconfig, kdelibs4, mariadb, mariadb-connector-c, nodejs8, pdns, polkit, python, subversion, and vlc), Oracle (ghostscript and kernel), Red Hat (mysql:8.0 and subversion:1.10), SUSE (389-ds, libvirt and libvirt-python, and openjpeg2), and Ubuntu (nginx).

KDE.News reports on the release of KDE Applications 19.08. The release has updates for many different applications, as can also be seen in the official announcement. "Take Konsole, our powerful terminal emulator, which has seen major improvements to its tiling abilities. We've made tiling a bit more advanced, so now you can split your tabs as many times as you want, both horizontally and vertically. The layout is completely customizable, so feel free to drag and drop the panes inside Konsole to achieve the perfect workspace for your needs. Dolphin, KDE's file explorer, introduces features that will help you step up your file management game. Let's start with bookmarks, a feature that allows you to create a quick-access link to a folder, or save a group of specific tabs for future reference. We've also made tab management smarter to help you declutter your desktop. Dolphin will now automatically open folders from other apps in new tabs of an existing window, instead of in their own separate windows."

PHP is the Fortran of the world-wide web: it demonstrated the power of code embedded in web pages, but has since been superseded in many developers' minds by more contemporary technologies. Even so, as with Fortran, there is far more PHP code out there than one might think, and PHP is still chosen for new projects. There is a certain amount of tension in the PHP development community between the need to maintain compatibility for large amounts of ancient code and the need to evolve the language to keep it relevant for current developers. That tension has now come into the open with a proposal to split PHP into two languages.

Security updates have been issued by openSUSE (irssi, ledger, libheimdal, libmediainfo, libqb, and libsass) and Slackware (mozilla).

The LWN.net Weekly Edition for August 15, 2019 is available.

The file command would seem to be an ideal candidate for sandboxing; it routinely handles untrusted input. But an effort to add seccomp() filtering to file for Debian has run aground. The upstream file project has added support for sandboxing via seccomp() but it does not play well with other parts of the Debian world, package building in particular. This situation provides further evidence that seccomp() filtering is brittle and difficult to use.

EPEL 8.0 is out. "EPEL stands for Extra Packages for Enterprise Linux and is a subcommunity of the Fedora and CentOS projects aimed at bringing a subset of packages out of Fedora releases ready to be used and installed on various Red Hat Enterprise Linux (RHEL)." Beyond the update to RHEL (and CentOS) 8, this release features a new faster-moving "playground" package stream and support for the s390 architecture.

For those interested in the details of how one kernel developer works: Greg Kroah-Hartman has documented his email workflow in great detail. "The ability to edit a single message directly within my email client is essential. I end up having to fix up changelog text, editing the subject line to be correct, fixing the mail headers to not do foolish things with text formats, and in some cases, editing the patch itself for when it is corrupted or needs to be fixed (I want a Linkedin skill badge for 'can edit diff files by hand and have them still work')"

Security updates have been issued by Debian (kernel, linux-4.9, otrs2, and tomcat8), Fedora (igraph and jhead), openSUSE (ansible, GraphicsMagick, kconfig, kdelibs4, live555, mumble, phpMyAdmin, proftpd, python-Django, and znc), Oracle (kernel and openssl), Red Hat (kernel, openssl, and rh-mysql80-mysql), Scientific Linux (kernel and openssl), Slackware (kernel), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork and mariadb-100), and Ubuntu (linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws, linux-aws-hwe, linux-lts-xenial, linux-aws, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux-snapdragon, php5, php7.0, php7.2, and wpa).

Some unanticipated corner cases with Python's new "walrus" operator—described in our Python 3.8 overview—have cropped up recently. The problematic uses of the operator will be turned into errors before the final release, but just what exception should be raised came into question. It seems that the exception specified in the PEP for the operator may not really be the best choice, as a recent discussion hashed out.

Technologies like RDMA benefit from the ability to map file-backed pages into memory. This benefit extends to persistent-memory devices, where the backing store for the file can be mapped directly without the need to go through the kernel's page cache. There is a fundamental conflict, though, between mapping a file's backing store directly and letting the filesystem code modify that file's on-disk layout, especially when the mapping is held in place for a long time (as RDMA is wont to do). The problem seems intractable, but there may yet be a solution in the form of this patch set (marked "V1,000,002") from Ira Weiny.

Security updates have been issued by Arch Linux (chromium, postgresql, and postgresql-libs), Debian (atril, chromium, evince, ghostscript, jackson-databind, kernel, and php5), Fedora (kf5-kconfig, mingw-sqlite, pam-u2f, and poppler), Mageia (kernel), openSUSE (aubio, chromium, kconfig, kdelibs4, nodejs10, osc, and zstd), Red Hat (ghostscript), and Ubuntu (ghostscript and MariaDB).