Linux Weekly News

Both Firefox and Chrome are racing toward releasing version 100 in the near future, and developers for both browsers are worried that web sites with naive code to parse the version number out of the user-agent string will break.

Every strategy that adds complexity to the User-Agent string has a strong impact on the ecosystem. Let’s work together to avoid yet another quirky behavior. In Chrome and Firefox Nightly, you can configure the browser to report the version as 100 right now and report any issues you come across.

The 5.16.10, 5.15.24, 5.10.101, 5.4.180, 4.19.230, 4.14.267, and 4.9.302 stable kernel updates are available. As usual, each contains another set of important fixes.

Security updates have been issued by CentOS (firefox and thunderbird), Debian (librecad, libxstream-java, and zsh), Fedora (expat, util-linux, varnish-modules, xterm, and zsh), Mageia (Intel-nonfree, kernel, kernel-linus, and microcode), openSUSE (zabbix), Red Hat (kernel, kpatch-patch, Red Hat Virtualization Host, and thunderbird), Scientific Linux (thunderbird), and Ubuntu (cryptsetup).

Over on the Bootlin blog, Michael Opdenacker has an introduction to using device tree overlays to support changes to the standard device tree definition for a particular system-on-chip (SoC). This allows users to add new hardware or modify the hardware configuration for their system relatively easily—and without recompiling the kernel or the full device tree source files. For a given CPU architecture (ARM, PowerPC, etc), such a description allows to have a unique kernel supporting many different systems with distinct Systems on a Chip. The compiled Device Tree (DTB: Device Tree Binary), passed to the kernel by the bootloader at boot time, lets the kernel know which SoC and devices to initialize. Therefore, when you create a new board, and want to use a standard GNU/Linux distribution on it, all you have to do is create a new Device Tree describing your new hardware, compile it, and boot the distribution’s kernel with it. You don’t need to recompile that kernel, at least when it supports your SoC and the devices on your board.

[...] However, this is still an inconvenient solution. Any time you plug in a new device or an expansion board, or want to tweak other settings, you have to rebuild and update the full Device Tree for your board. What if you could prepare Device Tree fragments for each change to make, compile them once for all, and then, when you boot your device, load the main Device Tree and only the fragments you need, without having anything else to recompile?

Neil McGovern announces his departure from the helm of the GNOME Foundation.

GNOME has changed a lot in the last 5 years, and a lot has happened in that time. As a Foundation, we’ve gone from a small team of 3, to employing people to work on marketing, investment in technical frameworks, conference organisation and much more beyond. We’ve become the default desktop on all major Linux distributions. We’ve launched Flathub to help connect application developers directly to their users. We’ve dealt with patent suits, trademarks, and bylaw changes. We’ve moved our entire development platform to GitLab. We released 10 new GNOME releases, GTK 4 and GNOME 40.

Sometimes, a kernel-patch series comes with an exciting, sexy title. Other times, the mailing lists are full of patches with titles like "remote per-cpu lists drain support". For many, the patches associated with that title will be just as dry as the title itself. But, for those who are interested in such things — a group that includes many LWN readers — this short patch series from Nicolas Saenz Julienne gives some insight into just what is required to make the kernel's page allocator as fast — and as robust — as developers can make it.

Security updates have been issued by Debian (h2database), Fedora (dotnet-build-reference-packages, dotnet3.1, and firefox), Oracle (.NET 5.0, firefox, kernel, and kernel-container), Red Hat (firefox), Scientific Linux (firefox), SUSE (unbound), and Ubuntu (firefox).

Like most components in the computing landscape, networking hardware has grown steadily faster over time. Indeed, today's high-end network interfaces can often move data more quickly than the systems they are attached to can handle. The networking developers have been working for years to increase the scalability of their subsystem; one of the current projects is the BIG TCP patch set from Eric Dumazet and Coco Li. BIG TCP isn't for everybody, but it has the potential to significantly improve networking performance in some settings.

Security updates have been issued by Debian (debian-edu-config, expat, minetest, pgbouncer, python2.7, samba, thunderbird, and varnish), Fedora (dotnet-build-reference-packages, dotnet3.1, dotnet6.0, hostapd, libdxfrw, librecad, mingw-expat, mingw-gdk-pixbuf, php-twig2, php-twig3, rust-afterburn, webkit2gtk3, and xstream), Mageia (bluez, firefox, libarchive, php-adodb, thunderbird, and webkit2), openSUSE (ghostscript, openexr, permissions, SDL2, and wireshark), Red Hat (firefox), Slackware (mariadb), and SUSE (busybox, ghostscript, openexr, permissions, SDL2, and wireshark).

The 5.17-rc4 kernel prepatch is out for testing. "Things continue to look pretty normal for 5.17. Both the diffstat and the number of commits looks pretty much average for an rc4 release." The code name for the release has been changed to "Superb Owl".

The Debian project is known for its commitment to free software, the effort that it puts into ensuring that its distribution is compliant with the licenses of the software it ships, and the energy it puts into discussions around that work. A recent (and ongoing) discussion started with a query about a relatively obscure aspect of the process by which new packages enter the distribution, but ended up questioning the project's approach toward licensing and copyright issues. While no real conclusions were reached, it seems likely that the themes heard in this discussion, which relate to Debian's role in the free-software community in general, will play a prominent part in future debates.

The Debian project is known for its commitment to free software, the effort that it puts into ensuring that its distribution is compliant with the licenses of the software it ships, and the energy it puts into discussions around that work. A recent (and ongoing) discussion started with a query about a relatively obscure aspect of the process by which new packages enter the distribution, but ended up questioning the project's approach toward licensing and copyright issues. While no real conclusions were reached, it seems likely that the themes heard in this discussion, which relate to Debian's role in the free-software community in general, will play a prominent part in future debates.

The 5.16.9, 5.15.23, 5.10.100, 5.4.179, 4.19.229, 4.14.266, and 4.9.301 stable kernel updates have been released; each contains a small number of important fixes.

The 5.16.9, 5.15.23, 5.10.100, 5.4.179, 4.19.229, 4.14.266, and 4.9.301 stable kernel updates have been released; each contains a small number of important fixes.

Security updates have been issued by Debian (cryptsetup), Fedora (firefox, java-1.8.0-openjdk, microcode_ctl, python-django, rlwrap, and vim), openSUSE (kernel), and SUSE (kernel and ldb, samba).

Security updates have been issued by Debian (cryptsetup), Fedora (firefox, java-1.8.0-openjdk, microcode_ctl, python-django, rlwrap, and vim), openSUSE (kernel), and SUSE (kernel and ldb, samba).

Well-maintained free-software projects usually make a point of quickly fixing known security problems, and the Samba project, which provides interoperability between Windows and Unix systems, is no exception. So it is natural to wonder why the fix for CVE-2021-20316, a symbolic-link vulnerability, was well over two years in coming. Sometimes, a security bug can be fixed with a simple tweak to the code. Other times, the fix requires a massive rewrite of much of a projects's internal code. This particular vulnerability fell firmly into the latter category, necessitating a public rewrite of Samba's virtual filesystem (VFS) layer to address a non-disclosed vulnerability.

Well-maintained free-software projects usually make a point of quickly fixing known security problems, and the Samba project, which provides interoperability between Windows and Unix systems, is no exception. So it is natural to wonder why the fix for CVE-2021-20316, a symbolic-link vulnerability, was well over two years in coming. Sometimes, a security bug can be fixed with a simple tweak to the code. Other times, the fix requires a massive rewrite of much of a projects's internal code. This particular vulnerability fell firmly into the latter category, necessitating a public rewrite of Samba's virtual filesystem (VFS) layer to address a non-disclosed vulnerability.

Security updates have been issued by Debian (firefox-esr and openjdk-8), Fedora (phoronix-test-suite and php-laminas-form), Mageia (epiphany, firejail, and samba), Oracle (aide, kernel, kernel-container, and qemu), Red Hat (.NET 5.0 on RHEL 7 and .NET 6.0 on RHEL 7), Scientific Linux (aide), Slackware (mozilla), SUSE (clamav, expat, and xen), and Ubuntu (speex).

Security updates have been issued by Debian (firefox-esr and openjdk-8), Fedora (phoronix-test-suite and php-laminas-form), Mageia (epiphany, firejail, and samba), Oracle (aide, kernel, kernel-container, and qemu), Red Hat (.NET 5.0 on RHEL 7 and .NET 6.0 on RHEL 7), Scientific Linux (aide), Slackware (mozilla), SUSE (clamav, expat, and xen), and Ubuntu (speex).