Linux Weekly News

Perhaps February was "compiler modernization" month. The Linux kernel recently decided to move to the C11 standard for its code; Python has just undergone a similar process for determining which flavor of C to use for building its CPython reference implementation. A calculation in the CPython interpreter went awry when built with a pre-release version of the upcoming GCC 12; that regression led down a path that ended up with the adoption of C11 for CPython as well.

The 5.16.12, 5.15.26, 5.10.103, 5.4.182, 4.19.232, 4.14.269, and 4.9.304 stable kernel updates have all been released; each contains another set of important fixes.

Security updates have been issued by Fedora (mingw-expat and seamonkey), openSUSE (mc, mysql-connector-java, nodejs12, and sphinx), Red Hat (kernel and kpatch-patch), SUSE (cyrus-sasl, kernel, nodejs12, and php74), and Ubuntu (glibc).

Debian has been working on some "constitutional maintenance" of late; a general resolution (GR) on tweaks to the project's decision-making processes passed at the end of January. As part of the discussion surrounding those changes, the question of secret voting came up; currently, Debian publicly lists every voter for a GR and their ranking of the options. Another GR has been proposed to change that, but the discussion has shown that the definition of "secret" is not exactly the same for everyone. In addition, secret voting is not the only change being proposed.

The Free Software Foundation has announced that Zoë Kooyman will be the organization's new executive director.

Kooyman was appointed by the FSF board following a careful selection process that included a review by a FSF staff committee and evaluation criteria such as management, fundraising, business and finance, legal, and technical skills. She succeeds John Sullivan, who served as executive director for twelve years.

Versions 21.02.2 and 19.07.9 of the OpenWrt router distribution are available. Both releases include a number of security fixes. Additionally, 21.02.2 adds support for a set of new devices, adds a new rpcapd package, and includes various other enhancements.

Security updates have been issued by Debian (thunderbird), Oracle (kernel, kernel-container, and ruby:2.5), Red Hat (rh-ruby26-ruby), Slackware (libxml2 and libxslt), SUSE (htmldoc and SUSE Manager Server 4.2), and Ubuntu (mariadb-10.3, mariadb-10.5, policykit-1, qemu, virglrenderer, and webkit2gtk).

The Armbian project, which is a Debian-based distribution for Arm-based single-board computers (SBCs) and development boards, has a lengthy release announcement for Armbian 22.02. Beyond lots of updates and bug fixes (of course), Armbian has added support for Debian unstable ("sid"), Raspberry Pi images, a new Extensions build framework, build automation (continuous integration and continuous deployment) improvements, and more. There is also upcoming support for Ubuntu 22.04 images. Historically, in many cases board manufacturers have been ‘maintaining’ (in parallel) some heavily patched Linux kernel which have diverged so far from mainline as to be considered an entirely different operating system. That mess, is what some refer to as a Board Support Package (BSP), ‘legacy’ kernel, or ‘vendor’ bootloader.

Those sources get ‘thrown over the wall’ upon release, very often never to be touched again. They are full of proprietary code (binary blobs), dirty hacks, ancient kernels, and all manner of other garbage that will never see the light of day in mainline Linux. All of which is very similar to the situation on Android, if you know anything about that.

In fact, if not for projects like Armbian, our SBCs would likewise become throwaway devices, too — just like your Android — in pretty short order. That is, if you ever even got them to work in the first place.

Restartable sequences, a Linux kernel feature that facilitates the writing of lockless, per-CPU code in user space, has been around for some years, but it only just received support in the GNU C Library this month. Now that this barrier has been crossed, it would seem that the time has come to start adding features. Mathieu Desnoyers has responded to this challenge with a patch set adding an extension mechanism and a new "virtual CPU ID" feature.

The 5.17-rc6 kernel prepatch has been released.

While things look reasonably normal, we _are_ getting pretty late in the release, and we still have a number of known regressions. They don't seem all that big and scary, but some of them were reported right after the rc1 release, so they are getting a bit long in the tooth. I'd hate to have to delay 5.17 just because of them, and I'm starting to be a bit worried here. I think all the affected maintainers know who they are.

Security updates have been issued by CentOS (389-ds-base, cyrus-sasl, kernel, openldap, and python-pillow), Debian (cyrus-sasl2, htmldoc, and ujson), Fedora (flac, gnutls, java-11-openjdk, kernel, qemu, and vim), openSUSE (ucode-intel), SUSE (php72 and ucode-intel), and Ubuntu (php7.4, php8.0).

Dropped packets are a fact of life in networking; there can be any number of reasons why a packet may not survive the journey to its destination. Indeed, there are so many ways that a packet can meet its demise that it can be hard for an administrator to tell why packets are being dropped. That, in turn, can make life difficult in times when users are complaining about high packet-loss rates. Starting with 5.17, the kernel is getting some improved instrumentation that should shed some light on why the kernel decides to route packets into the bit bucket.

Back in July, the Free Software Foundation (FSF) put out a call for white papers to explore the issues around GitHub's Copilot AI-assisted programming tool, especially with regard to copyleft licensing; each selected white paper was awarded $500. The FSF has now published five of the submissions that the organization thought "advanced discussion of important questions, and did so clearly". In our call for papers, we set forth several areas of interest. Most of these areas centered around copyright law, questions of ownership for AI-generated code, and legal impacts for GitHub authors who use a GNU or other copyleft license(s) for their works. We are pleased to announce the community-provided research into these areas, and much more.

First, we want to thank everyone who participated by sending in their papers. We received a healthy response of twenty-two papers from members of the community. The papers weighed-in on the multiple areas of interest we had indicated in our announcement. Using an anonymous review process, we concluded there were five papers that would be best suited to inform the community and foster critical conversations to help guide our actions in the search for solutions.

One of the submissions published was from Policy Fellow at Software Freedom Conservancy, Bradley M. Kuhn; that organization has announced the formation of a committee to "develop recommendations and plans for a Free and Open Source Software (FOSS) community response to the use of machine learning tools for code generation and authorship". A public ai-assist mailing list has been set up for discussions. "The inaugural members of the Committee are: Matthew Garrett, Benjamin Mako Hill, Bradley M. Kuhn, Heiki Lõhmus, Allison Randal, Karen M. Sandler, Slavina Stefanova, John Sullivan, David ‘Novalis’ Turner, and Stefano ‘Zack’ Zacchiroli."

Security updates have been issued by Fedora (dotnet6.0, kernel, libarchive, libxml2, and wireshark), openSUSE (opera), Oracle (cyrus-sasl), Red Hat (cyrus-sasl, python-pillow, and ruby:2.5), Scientific Linux (cyrus-sasl), and Ubuntu (snapd).

Version 1.59.0 of the Rust language has been released. There are a number of new features, including support for inline assembly (in unsafe blocks, naturally), the ability to use tuples and slices on the left-hand side of an assignment, const generic defaults, and more. Incremental compilation is also disabled by default in this release to work around a known bug.

Despite its generally fast-moving nature, the kernel project relies on a number of old tools. While critics like to focus on the community's extensive use of email, a possibly more significant anachronism is the use of the 1989 version of the C language standard for kernel code — a standard that was codified before the kernel project even began over 30 years ago. It is looking like that longstanding practice could be coming to an end as soon as the 5.18 kernel, which can be expected in May of this year.

The Inside Rust Blog has posted the Rust compiler team's goals for this year in the hope of encouraging others to help.

In theory, any unsoundness issue potentially undermines Rust's promise of reliability. We want, by the end of this year, to have a clear understanding of how each of those I-unsound issues came to be. We are looking into systematically detecting such issues and whether we can deploy mitigations or fixes for entire classes of issues, instead of addressing them on a case by case basis.

Security updates have been issued by Debian (thunderbird), Fedora (php), openSUSE (jasper and thunderbird), Oracle (389-ds-base, kernel, openldap, and python-pillow), Red Hat (cyrus-sasl and samba), and SUSE (cyrus-sasl, firefox, jasper, kernel-rt, nodejs10, nodejs14, nodejs8, and thunderbird).

The LWN.net Weekly Edition for February 24, 2022 is available.

Over the past seven years or so, Python has slowly been moving its development infrastructure to GitHub; we covered some of the early discussions at the end of 2014. One piece of that infrastructure, bug tracking, has not been moved from bugs.python.org, but plans are underway to make that happen soon. It is not a simple or straightforward process to do so, however, so the transition will take up to a week to complete; there are a number of interesting facets to the switch, as it entails clearing some technical, and even legal, hurdles.