Linux Weekly News

Security updates have been issued by CentOS (java-11-openjdk), Debian (aide, apr, ipython, openjdk-11, qt4-x11, and strongswan), Fedora (binaryen and rust), Mageia (expat, htmldoc, libreswan, mysql-connector-c++, phpmyadmin, python-celery, python-numpy, and webkit2), openSUSE (kernel and virtualbox), Red Hat (etcd, libreswan, nodejs:14, OpenJDK 11.0.14, OpenJDK 17.0.2, and rpm), Slackware (expat), SUSE (java-1_7_1-ibm, kernel, and zxing-cpp), and Ubuntu (strongswan).

Linus Torvalds released 5.17-rc1 and closed the 5.17 merge window on January 23 after having pulled just over 11,000 non-merge changesets into the mainline repository. A little over 4,000 of those changesets arrived after our first-half merge-window summary was written. Activity thus slowed down, as expected, in the second half of the merge window, but there still a number of significant changes that made it in for the next kernel release.

The netfilter project, which works on packet-filtering for the Linux kernel, has announced that it has reached a settlement (English translation) with Patrick McHardy that is "legally binding and it governs any legal enforcement activities" on netfilter programs and libraries as well as the kernel itself. McHardy has been employing questionable practices in doing GPL enforcement in Germany over the last six years or more. The practice has been called "copyright trolling" by some and is part of what led to the creation of The Principles of Community-Oriented GPL Enforcement. This settlement establishes that any decision-making around netfilter-related enforcement activities should be based on a majority vote. Thus, each active coreteam member at the time of the enforcement request holds one right to vote. This settlement covers past and new enforcement, as well as the enforcement of contractual penalties related to past declarations to cease-and-desist.

Security updates have been issued by Debian (chromium, golang-1.7, golang-1.8, pillow, qtsvg-opensource-src, util-linux, and wordpress), Fedora (expat, harfbuzz, kernel, qt5-qtsvg, vim, webkit2gtk3, and zabbix), Mageia (glibc, kernel, and kernel-linus), openSUSE (bind, chromium, and zxing-cpp), Oracle (kernel), Red Hat (java-11-openjdk and kpatch-patch), Scientific Linux (java-11-openjdk), SUSE (bind, clamav, zsh, and zxing-cpp), and Ubuntu (aide, dbus, and thunderbird).

Ariadne Conill writes about the FSF's policy toward proprietary firmware and, specifically, the rules for "Respects Your Freedom" certification.

Purism was able to accomplish this by making the Librem 5 have not one, but two processors: when the phone first boots, it uses a secondary CPU as a service processor, which loads all of the relevant blobs (such as those required to initialize the DDR4 memory) before starting the main CPU and shutting itself off. In this way, they could have all the blobs they needed to use, without having to worry about them being user visible from PureOS. Under the policy, that left them free and clear for certification.

This is not a new story; see Papering over a binary blob from 2011, for example.

The first 5.17 kernel prepatch is out for testing, and the merge window is closed for this release.

5.17 doesn't seem to be slated to be a huge release, and everything looks fairly normal. We've got a bit more activity than usual in a couple of corners of the kernel (random number generator and the fscache rewrite stand out), but even with those things, the big picture view looks very much normal: the bulk is various driver updates, with architectures updates, documentation, and tooling being the bulk of the rest.

One of your editor's long-time hobbies is photography; it is an activity that can be rewarding even with the lack of any particular talent — a useful attribute. Photography has changed greatly over the years; as a result, those hard-earned darkroom skills are of little use, and photo processing has become yet another software problem. This is a field that supports a lot of proprietary software, but there is also no shortage of free software available. The time has come to combine work and pleasure and catch up with the state of free software for photography, starting with the darktable raw photo editor.

Anybody who upgraded to the recent Rust 1.58.0 release will probably want to move on to Rust 1.58.1; among other things it contains a fix for a security vulnerability in the standard library. "We recommend all users to update their toolchain immediately and rebuild their programs with the updated compiler".

Security updates have been issued by Debian (aide, flatpak, kernel, libspf2, and usbview), Fedora (kernel, libreswan, nodejs, texlive-base, and wireshark), openSUSE (aide, cryptsetup, grafana, permissions, rust1.56, and stb), SUSE (aide, apache2, cryptsetup, grafana, permissions, rust1.56, and webkit2gtk3), and Ubuntu (aide, thunderbird, and usbview).

The kernel community is a busy place, so it is not even remotely possible to write full-length articles about everything that is going on. Other topics may be of interest, but not require a longer treatment. The answer is a collection of short topics covering developments that are on the radar; the selection this time around includes folios, the multi-generational LRU, and Rust in the kernel.

Four new stable kernels have been announced: 5.16.2, 5.15.16, 5.10.93, and 5.4.173. These contain a relatively small set of important fixes; users should upgrade.

Security updates have been issued by Debian (drupal7), Fedora (kernel, libreswan, nodejs, and wireshark), openSUSE (busybox, firefox, kernel, and python-numpy), Oracle (gegl, gegl04, httpd, java-17-openjdk, kernel, kernel-container, and libreswan), Red Hat (kernel, kernel-rt, and libreswan), Slackware (wpa_supplicant), SUSE (busybox, firefox, htmldoc, kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container, openstack-monasca-agent, spark, spark-kit, zookeeper, and python-numpy), and Ubuntu (curl, linux, linux-aws, linux-aws-5.11, linux-aws-5.4, linux-azure, linux-azure-5.11, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.11, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oem-5.10, linux-oem-5.13, linux-oem-5.14, linux-oracle, linux-oracle-5.11, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, openvswitch, and qtsvg-opensource-src).

The LWN.net Weekly Edition for January 20, 2022 is available.

The Linux framebuffer device (fbdev) subsystem has long languished in something of a purgatory; it was listed as "orphaned" in the MAINTAINERS file and saw fairly minimal maintenance, mostly driven by developers working elsewhere in the kernel graphics stack. That all changed, in an eye-opening way, on January 17, when Linus Torvalds merged a change to make Helge Deller the new maintainer of the subsystem. But it turns out that the problems in fbdev run deep, at least according to much of the rest of the kernel graphics community. By seeming to take on the maintainer role in order to revert the removal of some buggy features from fbdev, Deller has created something of a controversy.

Version 7.0 of the ONLYOFFICE office suite is available.

With the release of Docs v7.0, ONLYOFFICE opens the source code of the professional editing features, such as document comparison, content controls and sheet views for spreadsheets, and makes them available in all solutions. Previously, all these features were exclusively accessible on a paying basis.

There is a long list of new features; see the announcement for details.

Security updates have been issued by CentOS (firefox, gegl, kernel, and thunderbird), Debian (nvidia-graphics-drivers), Fedora (btrbk and thefuck), Mageia (clamav, kernel, kernel-linus, vim, and wpa_supplicant), openSUSE (java-1_8_0-ibm, jawn, nodejs12, nodejs14, SDL2, and virglrenderer), Red Hat (gegl, gegl04, java-17-openjdk, and kernel-rt), Scientific Linux (gegl and httpd), SUSE (apache2, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libvirt, nodejs12, nodejs14, openstack-monasca-agent, spark, spark-kit, zookeeper, python-Django, python-Django1, python-numpy, SDL2, and virglrenderer), and Ubuntu (byobu, clamav, and ruby2.3, ruby2.5, ruby2.7).

A Python "frozenset" is simply a set object that is immutable—the objects it contains are determined at initialization time and cannot be changed thereafter. Like sets, frozensets are built into the language, but unlike most of the other standard Python types, there is no way to create a literal frozenset object. Changing that, by providing a mechanism to do so, was the topic of a recent discussion on the python-ideas mailing list.

January 22, 2022 will be the 24th anniversary of the publication of the first LWN.net Weekly Edition. A lot has happened in the intervening years; the Linux community has grown immeasurably, and LWN has grown with it. Later this year will also be the 20th anniversary of the adoption of our subscription-based model, which has sustained LWN ever since. There is a change coming for our subscribers that will, with luck, help to set up LWN to thrive in the coming years.

Version 7.0 of the WINE Windows API library has been released.

This release represents a year of development effort and over 9,100 individual changes. [...] The areas of major changes are:

• Most modules converted to PE format.
• Better theming support, with a bundled theme for a more modern look.
• Vastly improved HID stack and joystick support.
• New WoW64 architecture.

The Open Invention Network has announced an expansion of its "Linux System Definition", which is the set of software covered by its patent-protection umbrella.

Software packages, or components, being added to the Linux System include .Net, ONNX, tvm, Prometheus, Helm, Notary, Istio, Nix, OpenEmbedded, CoreOS, uClibc-ng, mbed-tls, musl, SPDX, AGL Services, OVN, FuseSoc, Verilator, Flutter, Jasmine, Weex, NodeRED, Eclipse Paho, Californium, Cyclone and Wakaama, among others. The expansion includes 337 new software components, bringing the total number of protected packages to 3,730.