Linux Weekly News

The GTK-based Anaconda installer has long been used to set up Fedora, CentOS, and RHEL systems. This Fedora Community Blog entry describes some significant changes that will appear in a future version of Anaconda:

We will rewrite the new UI as a web browser-based UI using existing Cockpit technology. We are taking this approach because Cockpit is a mature solution with great support for the backend (Anaconda DBus). The Cockpit team is also providing us with great support and they have significant knowledge which we could use. We thank them for helping us a lot with the prototype and creating a foundation for the future development.

The 5.16 kernel was released on January 9, as expected. This development cycle incorporated 14,190 changesets from 1,988 developers; it was thus quite a bit busier than its predecessor, and fairly typical for recent kernel releases in general. A new release means that the time has come to have a look at where those changes came from.

Here is a comprehensive look on the Libre Arts site at the current state of free software for creative artists.

The other reason is that, with a project like GIMP, it’s hard to do just one thing. The team is constantly bombarded with requests that are mostly doable once you have a team of 10 to 20 full-time developers, which is light years away from where GIMP is now. Which results in a lot of running around between under-the-hood work, UX fixes, featurettes, better file formats support etc. So you give everyone a little of what they want but you end up delaying an actual release because the big stuff still needs to happen.

Bleeping Computer reports on the latest NPM mess: the developer of the "faker" module deleted the code and its development history from GitHub (with a force push), replaced it with a malicious alternative, and broke dependencies for numerous applications.

The reason behind this mischief on the developer's part appears to be retaliation—against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

GitHub has evidently called this action a violation of its terms of service and disabled the owner's account; NPM has restored a previous version of the code.

Security updates have been issued by Debian (ghostscript and roundcube), Fedora (gegl04, mbedtls, and mediawiki), openSUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container), SUSE (kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container and libvirt), and Ubuntu (apache2).

Linus Torvalds has released the 5.16 kernel, as expected. Significant changes in 5.16 include the futex_waitv() system call, cluster-aware CPU scheduling, some internal memcpy() hardening, memory folios, the DAMON operating schemes user-space memory-management mechanism, and much more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 5.16 page for details.

Linux Mint has announced its 20.3 ("Una") release for three different desktop environments: the Cinnamon, MATE, and Xfce editions. Mint 20.3 is a long-term support release, with support lasting until 2025. Each edition comes with a long list of new features (Cinnamon, MATE, and Xfce) and detailed release notes (Cinnamon, MATE, and Xfce).

Linux supports processor architectures where CPUs in the same system might have different processing capacities; for example, the Arm big.LITTLE systems combine fast, power-hungry CPUs with slower, more efficient ones. Linux has also run for years on simultaneous multithreading (SMT) architectures, where one CPU executes multiple independent execution threads and is seen as if it were multiple cores. There are architectures that mix both approaches. A recent discussion on a patch set submitted by Ricardo Neri shows that, on these systems, the scheduler might distribute tasks in an inefficient way.

Security updates have been issued by Debian (sphinxsearch), Fedora (chromium and vim), Red Hat (rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and Ubuntu (apache2 and webkit2gtk).

The Unix signal interface is complex and hard to work with; some developers have argued that its design is "unfixable". So when Walt Drummond proposed increasing the number of signals that Linux systems could manage, eyebrows could be observed at increased altitude across the Internet. The proposed increase seems unlikely to happen, but the underlying goal — to support a decades-old feature from other operating systems — may yet become a reality.

Security updates have been issued by Fedora (log4j and quaternion), Mageia (gnome-shell and singularity), SUSE (libsndfile, libvirt, net-snmp, and python-Babel), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oem-5.10, and linux-oem-5.14).

The LWN.net Weekly Edition for January 6, 2022 is available.

The OpenSSH suite of tools for secure remote logins is used widely within our communities; it also underlies things like remote Git repository access. A recent experimental feature for the upcoming OpenSSH 8.9 release will help close a security hole that can be exploited by attacker-controlled SSH servers (e.g. sshd) when the user is forwarding authentication to a local ssh-agent. Instead of allowing the keys held in the agent to be used for authenticating to any host where they might work, SSH agent restriction will allow users to specify where and how those keys can be used.

The 5.15.13, 5.10.90, 5.4.170, 4.19.224, 4.14.261, 4.9.296, and 4.4.298 stable kernel updates have all been released. These medium-size updates all contain another set of important fixes.

Security updates have been issued by CentOS (xorg-x11-server), Debian (apache2), openSUSE (libvirt), Oracle (grafana, qemu, and xorg-x11-server), Red Hat (idm:DL1, samba, and telnet), SUSE (libvirt), and Ubuntu (python-django).

File-integrity management for the Fedora distribution has been the overarching theme of a number of different feature proposals over the last year or so. In general, they have been met with skepticism, particularly with regard to how well the features mesh with Fedora's goals, but also in how they will change the process of building RPM packages. A new proposal that would allow systems to (optionally) perform remote attestation is likewise encountering headwinds; there are several different concerns being raised in the discussion of it.

The Gentoo Linux project looks back at 2021.

The number of commits to the main ::gentoo repository has once more clearly grown in 2021, from 104507 to 126920, i.e., by 21%. While the number of commits by external contributors, 11775, has remained roughly constant, this number now distributes across 435 unique external authors compared to 391 last year.

Version 1.22.0 of the NumPy scientific computing module is out. "NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements". Those improvements include the "essentially complete" annotation of the main namespace, a preliminary version of the proposed Array API, and more.

Security updates have been issued by Debian (salt and thunderbird), Red Hat (xorg-x11-server), and Scientific Linux (xorg-x11-server).

It is 2022 already, and that can only mean one thing: it's time for your editor to make a (bigger) fool of himself by posting a set of predictions for what may come in the new year. One should never pass up an opportunity for a humbling experience, after all. There can be no doubt that interesting things will happen this year; let's see how many random darts thrown in that direction can hit close to the mark.