lwn.net

The kernel's printk() function seems like it should be relatively simple; all it does is format a string and output it to the kernel logs. That simplicity hides a lot of underlying complexity, though, and that complexity is why kernel developers are still unhappy with printk() after 28 years. At the 2019 Linux Plumbers Conference, John Ogness explained where the complexity in printk() comes from and what is being done to improve the situation.

Security updates have been issued by CentOS (kernel), Debian (jackson-databind, libapreq2, and subversion), Fedora (glpi, memcached, and zeromq), openSUSE (rust), Oracle (kernel), Red Hat (patch), and SUSE (dovecot23, git, jasper, libseccomp, and thunderbird).

Version 12 of the PostgreSQL database management system is out. "PostgreSQL 12 enhancements include notable improvements to query performance, particularly over larger data sets, and overall space utilization. This release provides application developers with new capabilities such as SQL/JSON path expression support, optimizations for how common table expression ('WITH') queries are executed, and generated columns. The PostgreSQL community continues to support the extensibility and robustness of PostgreSQL, with further additions to internationalization, authentication, and providing easier ways to administrate PostgreSQL. This release also introduces the pluggable table storage interface, which allows developers to create their own methods for storing data."

The LWN.net Weekly Edition for October 3, 2019 is available.

The Document Foundation (TDF) is the home of the LibreOffice free-software office suite; it provides financial, governance, and other administrative services to LibreOffice. The foundation was established in part to ensure that commercial entities did not have undue influence on the project, which limited the types of activities in which it can engage. In particular, selling branded versions of LibreOffice in the macOS and Windows app stores has not been something that TDF could tackle. The TDF board of directors is looking to change that with the creation of a new entity, The Document Collective (TDC), to engage in commercial activity that is complementary to that of TDF members—hopefully as an income source to help support TDF.

Security updates have been issued by Debian (openssl and openssl1.0), Fedora (expat, kernel, kernel-headers, kernel-tools, and phpMyAdmin), openSUSE (nghttp2 and u-boot), Oracle (kernel), Red Hat (rh-nodejs8-nodejs), Slackware (libpcap), SUSE (bind, jasper, libgcrypt, openssl-1_0_0, and php7), and Ubuntu (clamav).

A discussion on the pgsql-hackers mailing list at the end of August is another reminder that the suitability of seccomp() filters is likely more narrow than was hoped. Applying filters to the PostgreSQL database is difficult for a number of reasons and the benefit for the project and its users is not entirely clear. The discussion highlights the tradeoffs inherent in adding system-call filtering to a complex software suite; it may help crystallize the thinking of other projects that are also looking at supporting seccomp() filters.

Stable kernels 5.3.2, 5.2.18, and 4.19.76 have been released. They all contain important fixes and users should upgrade.

Security updates have been issued by Debian (apache2, linux-4.9, netty, phpbb3, and poppler), openSUSE (chromium, djvulibre, ghostscript, python-numpy, SDL2, and varnish), Oracle (nodejs:10), Red Hat (httpd24-httpd and httpd24-nghttp2, kpatch-patch, and rh-nodejs10-nodejs), and Ubuntu (linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and SDL 2.0).

Version 2.0.0 of the TensorFlow machine-learning system is out. Headline features include the "Keras" high-level API, support for distributed training, and more, including a number of API-breaking changes.

The release of the 5.4-rc1 kernel and the closing of the merge window for this development cycle came one day later than would have normally been expected. By that time, 12,554 non-merge changesets had been pulled into the mainline repository; that's nearly 2,900 since the first-week summary was written. That relatively small number of changes belies the amount of interesting change that arrived late in the merge window, though; read on for the full list.

Linus has tagged the 5.4-rc1 release, thus ending the merge window for this development cycle. An apparent linux-kernel outage means that there is no announcement to post yet; we'll do that as soon as it becomes available. Meanwhile, though, everything can be seen in his repository.

Update: the 5.4-rc1 announcement is now available. "I didn't really extend the merge window by a day here, but I gave myself an extra day to merge my pending queue. Thus the Monday date for the rc1 rather than the usual Sunday afternoon."

Exim 4.92.3 has been released with a fix for CVE-2019-16928, a heap-based buffer overflow in string_vformat that could lead to remote code execution. "The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message. While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist."

Security updates have been issued by CentOS (dovecot, kernel, and qemu-kvm), Debian (cimg, cups, e2fsprogs, exim4, file-roller, golang-1.11, httpie, and wpa), Fedora (curl, ghostscript, ibus, krb5, mod_md, and nbdkit), Mageia (chromium-browser-stable, libheif, and nghttp2), openSUSE (djvulibre, expat, libopenmpt, mosquitto, phpMyAdmin, and webkit2gtk3), Red Hat (nodejs:10), SUSE (gpg2), and Ubuntu (e2fsprogs and exim4).

The addition of extended BPF to the kernel has opened up a whole range of use cases, but few developers actually write BPF code. It is, like any other assembly-level language, a tedious pain to work with; developers would rather use a higher-level language. For BPF, the language of choice is C, which is compiled to BPF with the LLVM compiler. But, as Jose Marchesi described during the Toolchains microconference at the 2019 Linux Plumbers Conference, LLVM will soon have company, as he has just added support for a BPF back-end to the GCC compiler.

After "more than two years in development and half a year in testing", version 4.15.0 of the RPM package manager has been released. It has a wide range of new features, including faster parallel builds; support for %elif, %elifos, and %elifarch statements in RPM spec files; new %patchlist and %sourcelist sections; experimental support for non-privileged operation in a chroot() environment; and, of course, plenty of bug fixes and such. More details can be found in the release notes.

Ars Technica reports on the Librem 5 smartphone from Purism, which has begun shipping. The article provides an initial review of the phone, with pictures of the interface and hardware inside the case. "The Librem 5 is unlike anything else on the market. Not only is it one of the only smartphones on Earth that doesn't ship with Android, a fork of Android, or iOS—Purism's commitment to 100% open software, with no binary blobs, puts severe restrictions on what hardware it can use. Android's core might be open source, but it was always built for wide adoption above all else, with provisions for manufacturers to include as much proprietary code as they want. Purism's demand that everything be open means most of the major component manufacturers were out of the question. Perhaps because of the limited hardware options, the internal construction of the Librem 5 is absolutely wild. While smartphones today are mostly a single mainboard with every component integrated into it, the Librem 5 actually has a pair of M.2 slots that house full-size, off-the-shelf LTE and Wi-Fi cards for connectivity, just like what you would find in an old laptop. The M.2 sockets look massive on top of the tiny phone motherboard, but you could probably replace or upgrade the cards if you wanted."

Over at Fedora Magazine, Ben Cotton has an article on contributing to the Fedora distribution. Obviously, it is pretty Fedora-specific, but the general ideas can be applied to other distributions and/or projects. He lists several areas where contributors are needed—beyond just the obvious candidates: "Cooperative effort is a hallmark of open source communities. One of the best ways to contribute to any project is to help other users. In Fedora, that can mean answering questions on the Ask Fedora forum, the users mailing list, or in the #fedora IRC channel. Many third-party social media and news aggregator sites have discussion related to Fedora where you can help out as well."

A report of a boot hang in the 5.3 series has led to an enormous, somewhat contentious thread on the linux-kernel mailing list. The proximate cause was some changes that made the ext4 filesystem do less I/O early in the boot phase, incidentally causing fewer interrupts, but the underlying issue was the getrandom() system call, which was blocking until the /dev/urandom pool was initialized—as designed. Since the system in question was not gathering enough entropy due to the lack of unpredictable interrupt timings, that would hang more or less forever. That has called into question the design and implementation of getrandom().

Security updates have been issued by Fedora (dcmtk), openSUSE (rust), Red Hat (redhat-virtualization-host), and SUSE (ghostscript, nghttp2, and u-boot).