Linux Weekly News

The 6.5 kernel was released on August 27 after a nine-week development cycle. By that time, some 13,561 non-merge changesets had found their way into the mainline repository, the lowest number seen since the 5.15 release (12,377 changesets) in late 2021. Nonetheless, quite a bit of significant work was done in this cycle; read on for a look at where that work came from.

August 26 was the 25th anniversary of the release of the Bugzilla bug tracker as open-source software under the Mozilla Public License (MPL). A blog post for the occasion has some announcements, including several upcoming releases, help wanted, and a new legal entity to house the project: Which now brings us to today, when I’m happy to announce the formation of Zarro Boogs Corporation, which will now be overseeing the Bugzilla Project. This is a taxable non-profit non-charitable corporation - we have filed with the IRS our intent to operate under US Tax Code §501(c)(4) (still pending approval from the IRS) meaning the IRS would require us to spend money raised on project expenses and not make a profit, but money donated to us will not earn you a tax deduction because we aren’t a charity (software development is not considered a charitable cause in the US). Unlike Thunderbird, which is a subsidiary of the Mozilla Foundation, we are an independent entity not owned by or associated with the Mozilla Foundation, although they have licensed the use of the Bugzilla trademark to us.

Security updates have been issued by Debian (chromium, clamav, librsvg, rar, and unrar-nonfree), Fedora (caddy, chromium, and xen), and SUSE (ca-certificates-mozilla, gawk, ghostscript, java-1_8_0-ibm, java-1_8_0-openjdk, php7, qemu, and xen).

Linus has, as expected, released the 6.5 kernel.

I still have this nagging feeling that a lot of people are on vacation and that things have been quiet partly due to that. But this release has been going smoothly, so that's probably just me being paranoid. The biggest patches this last week were literally just to our selftests.

Headline features in 6.5 include faster booting on large x86 systems, Arm Permission Indirection Extension support, Rust 1.68.2 support, unaccepted memory handling, "mount beneath" support for filesystems, the cachestat() system call, the ability to pass a pidfd via a SCM_CREDENTIALS control message, scope-based resource management for internal kernel code, the deprecation of the SLAB allocator, and more. See the LWN merge-window summaries (part 1, part 2) and the (in-progress) KernelNewbies 6.5 page for details.

The 6.1.48, 5.15.128, and 5.10.192 stable kernels have been released; each contains another set of important fixes.

Update: 6.1.49 has also been released. "This upgrade is only for all users of the 6.1 series that use the x86 platform OR the F2FS file system. If that's not you, feel free to ignore this release."

The OpenTF Foundation has announced that it is moving forward with its eponymous fork of HashiCorp Terraform, which was recently changed to a non-FOSS license by the company. The organization has applied to become part of the Linux Foundation, "with the end goal of having OpenTF as part of Cloud Native Computing Foundation". There is a GitHub repository for its manifesto, but the code repository for OpenTF is private for now, with plans to open it up in the next week or two. Work has been going on for the last week and more developers are coming on board: So far, four companies pledged the equivalent of 14 full-time engineers (FTEs) to the OpenTF initiative. We expect this number to at least double in the following few weeks. To give you some perspective, Terraform was effectively maintained by about 5 FTEs from HashiCorp in the last 2 years. If you don’t believe us, look at their repository.

Some of the people behind OpenTF are participating in a Hacker News thread, so more information can be found there as well.

The more one pays attention to the Internet of Things (IoT), the more one learns to appreciate simple, unconnected devices. Your editor long ago acquired an aversion to products that advertise themselves as "smart" or "WiFi-enabled". There can be advantages, though, to devices that contain microprocessors, are Internet connected, and are remotely accessible, if they are implemented well. The OpenSprinkler sprinkler timer would appear to be a case in point.

Security updates have been issued by Debian (tryton-server), Fedora (youtube-dl), SUSE (clamav and krb5), and Ubuntu (cjose and fastdds).

The kernel's software I/O translation lookaside buffer ("swiotlb") is an obscure corner of the DMA-support layer. The swiotlb was initially introduced to enable DMA for devices with special challenges, and one might have expected it to fade away as newer peripherals came along. Instead, though, the swiotlb has turned out to be useful in places outside of its original use cases. This patch set from Petr Tesarik now aims to update the swiotlb with an eye toward its continuing use indefinitely into the future.

Version 1.72.0 of the Rust compiler has been released. Changes include improved diagnostics and the removal of a limit on const evaluation:

To prevent user-provided const evaluation from getting into a compile-time infinite loop or otherwise taking unbounded time at compile time, Rust previously limited the maximum number of statements run as part of any given constant evaluation. However, especially creative Rust code could hit these limits and produce a compiler error. Worse, whether code hit the limit could vary wildly based on libraries invoked by the user; if a library you invoked split a statement into two within one of its functions, your code could then fail to compile.

Now, you can do an unlimited amount of const evaluation at compile time.

Security updates have been issued by Debian (w3m), Fedora (libqb), Mageia (docker-containerd, kernel, kernel-linus, microcode, php, redis, and samba), Oracle (kernel, kernel-container, and openssh), Scientific Linux (subscription-manager), SUSE (ca-certificates-mozilla, erlang, gawk, gstreamer-plugins-base, indent, java-1_8_0-ibm, kernel, kernel-firmware, krb5, libcares2, nodejs14, nodejs16, openssl-1_1, openssl-3, poppler, postfix, redis, webkit2gtk3, and xen), and Ubuntu (php8.1).

The LWN.net Weekly Edition for August 24, 2023 is available.

Greg Kroah-Hartman has announced the release of two new stable kernels: 6.4.12 and 6.1.47. Both contain lots of important fixes throughout the kernel tree.

Over the years, there have been multiple examples of open-source software that, suddenly, was no longer open source; on August 10, some further examples were added to the pile. That happened when HashiCorp announced that it would be switching the license on its products from the Mozilla Public License 2.0 (MPL) to the Business Source License 1.1 (BSL or BUSL). At least one of the products affected by the change, the Terraform infrastructure-automation tool, has attracted an effort to continue it as an open-source tool in the form of a fork that would be maintained by the nascent OpenTF Foundation. That seems like a sensible reaction to the move, but it also helps serve up yet another reminder that code which is controlled by a single entity is normally always at risk of such adverse changes.

Security updates have been issued by Debian (mediawiki and qt4-x11), Fedora (java-17-openjdk, linux-firmware, and python-yfinance), Red Hat (kernel, kpatch-patch, and subscription-manager), SUSE (evolution, janino, kernel, nodejs16, nodejs18, postgresql15, qt6-base, and ucode-intel), and Ubuntu (inetutils).

The PineTime is an inexpensive smartwatch developed by PINE64 that is designed to run open-source operating systems. Despite its low cost, however, it has most of the features expected from more expensive, proprietary smartwatches. Because it runs open-source software, though, interested developers can add any other useful features that they dream up.

Security updates have been issued by Debian (intel-microcode, lxc, and zabbix), Fedora (clamav), SUSE (python-configobj), and Ubuntu (clamav).

Making a filesystem implementation robust in the face of maliciously created filesystem images is a challenging task even when the implementation is actively maintained, which many in the kernel are not. There is a way to make that task even harder, though: modify that filesystem image behind the implementation's back while it is mounted. A recent discussion on the linux-fsdevel list reveals an ongoing disagreement over whether (and how) this threat should be addressed.

The Document Foundation has announced the release of LibreOffice 7.6 Community. It is the last release using the existing numbering scheme as the office suite will move to date-based release numbers starting with LibreOffice 24.2 in February, 2024. Highlights of this release include support for document themes, including import and export of them, a new navigation panel for Impress and Draw, zoom-gesture support, font-handling improvements, and lots more; the release notes have all the details. LibreOffice 7.6 Community's new features have been developed by 148 contributors: 61% of code commits are from the 52 developers employed by three companies sitting in TDF's Advisory Board – Collabora, Red Hat and allotropia – or other organizations, 15% are from 7 developers at The Document Foundation, and the remaining 24% are from 89 individual volunteers.

Other 202 volunteers – representing hundreds of other people providing translations – have committed localizations in 160 languages. LibreOffice 7.6 Community is released in 120 different language versions, more than any other free or proprietary software, and as such can be used in the native language (L1) by over 5.4 billion people worldwide. In addition, over 2.3 billion people speak one of those 120 languages as their second language (L2).

Security updates have been issued by Debian (fastdds, flask, and kernel), Fedora (chromium, dotnet6.0, dotnet7.0, gerbv, java-1.8.0-openjdk, libreswan, procps-ng, and spectre-meltdown-checker), SUSE (chromium, kernel-firmware, krb5, opensuse-welcome, and python-mitmproxy), and Ubuntu (clamav, firefox, and vim).