Linux Weekly News

The GIMP project has put out a report summarizing a year of development on this image-manipulation application.

With 4 development versions released already, you know that we are working very hard on the future: GIMP 3.0.

Some features took a lot of time, mostly when we changed core logics. I am thinking in particular about the code for multi-selection of layers. It’s not that selecting multiple items in a list is hard to implement, it’s that any feature in the whole application has been forever expecting just one layer or one channel selected. So what happens when there are 2, 3 or any number of items selected? Every feature, every tool, every plug-in and filter has to be rethought for this new use case.

Security updates have been issued by Debian (thunderbird), Fedora (kernel, libopenmpt, and xorg-x11-server), Mageia (gegl, libgda5.0, log4j, ntfs-3g, and wireshark), openSUSE (log4j), and Red Hat (grafana).

Kernel developer Ingo Molnar has been quiet for a while; now we know why. He has just announced a massive set of patches (touching over half of the files in the kernel tree) reworking how header files are handled.

The fast-headers tree offers a +50-80% improvement in absolute kernel build performance on supported architectures, depending on the config. This is a major step forward in terms of Linux kernel build efficiency & performance.

A justified question would be: why on Earth 2,200 commits??

It seems likely that interesting conversations will follow; stay tuned.

The eighth and final 5.16 kernel prepatch is out for testing. "Please, as you emerge from your holiday-induced food coma, do give it a quick test so that we can all be happy about the final release next weekend".

Version 1.0 of the GNOME libadwaita library is out; this will be of interest to GNOME application developers. "Libadwaita is a library implementing the GNOME HIG, complementing GTK. For GTK 3 this role has increasingly been played by Libhandy, and so Libadwaita is a direct Libhandy successor."

Security updates have been issued by Debian (agg, aria2, fort-validator, and lxml), Fedora (libgda, pgbouncer, and xorg-x11-server-Xwayland), Mageia (calibre, e2guardian, eclipse, libtpms/swtpm, nodejs, python-lxml, and toxcore), openSUSE (c-toxcore, gegl, getdata, kernel-firmware, log4j, postrsd, and privoxy), and SUSE (gegl).

When the goal is to push bits over the network as fast as the hardware can go, any overhead hurts. The cost of copying data to be transmitted from user space into the kernel can be especially painful; it adds latency, takes valuable CPU time, and can be hard on cache performance. So it is unsurprising that the developers working with io_uring, which is all about performance, have turned their attention to zero-copy network transmission. This patch set from Pavel Begunkov, now in its second revision, looks to be significantly faster than the MSG_ZEROCOPY option supported by current kernels.

Security updates have been issued by Debian (advancecomp, apache-log4j2, postgis, spip, uw-imap, and xorg-server), Mageia (kernel and kernel-linus), Scientific Linux (log4j), and SUSE (kernel-firmware and mariadb).

The 5.15.12, 5.10.89, 5.4.169, 4.19.223, 4.14.260, 4.9.295, and 4.4.297 stable kernel updates have all been released. These should be the last updates for this year; as usual, they all contain more important fixes and updates.

Security updates have been issued by Debian (firefox-esr, python-gnupg, resiprocate, and ruby-haml), Fedora (mod_auth_mellon), openSUSE (thunderbird), Slackware (wpa_supplicant), and SUSE (gegl).

The kernel's thread model is relatively straightforward and performs reasonably well, but that's not enough for all users. Specifically, there are use cases out there that benefit from a lightweight threading model that gives user space control over scheduling decisions. Back in May 2021, Peter Oskolkov posted a patch set implementing an abstraction known as user-managed concurrency groups, or UMCG. Several revisions later, many observers still lack a clear idea of what this patch is supposed to do, much less whether it is a good idea for the kernel. Things have taken a turn, though, with Peter Zijlstra's reimplementation of UMCG.

Security updates have been issued by Debian (djvulibre, libzip, monit, novnc, okular, paramiko, postgis, rdflib, ruby2.3, and zziplib), openSUSE (chromium, kafka, and permissions), and SUSE (net-snmp and permissions).

The 5.16-rc7 kernel prepatch is out for testing. "Obviously the holidays are a big reason it's all small, so it's not like this is a sign of us having found all bugs, and we'll keep at this for at least two more weeks".

Security updates have been issued by Debian (apache-log4j2, libextractor, libpcap, and wireshark), Fedora (grub2, kernel, libopenmpt, log4j, mingw-binutils, mingw-python-lxml, and seamonkey), Mageia (golang, lapack/openblas, and samba), and openSUSE (go1.16, libaom, log4j12, logback, and runc).

The Jami communication tool has released a major new stable version called "Taranis"; the blog post announcement explains: "Taranis, the Gallic and Celtic god of the sky, lightning and thunder, will be the baptismal name of this new version of Jami." The mailing-list announcement describes the tool this way: Jami is a GNU package for universal communication that respects the freedom and privacy of its users. Jami is an end-to-end encrypted secure and distributed voice, video, and chat communication platform that requires no central server, and leaves the power of privacy and freedom in the hands of users.

Another recent blog post gives an overview of Jami for video conferences. The new release has improvements throughout the system, including the first phase of Swarm support, which are "fully distributed, peer-to-peer chats with conversation histories synchronized across your devices, and the potential to be expanded into group chats in upcoming future releases of Jami".

Security updates have been issued by Debian (webkit2gtk and wpewebkit), Fedora (httpd and singularity), Mageia (ldns, netcdf, php, ruby, thrift/golang-github-apache-thrift, thunderbird, and webkit2), openSUSE (go1.16, go1.17, libaom, and p11-kit), and SUSE (go1.16, go1.17, htmldoc, libaom, libvpx, logstash, openssh-openssl1, python3, and runc).

Version 3.8.0 of the Darktable photo-processing application has been released. Significant changes include a new keyboard shortcut system, a new diffuse-or-sharpen module, a new "scene-referred" blurs module "to synthesize motion and lens blurs in a parametric and physically accurate way", support for the Canon CR3 raw format, and more.

Systemd 250 has been released. To say that the list of new features is long would be a severe understatement; the developers have clearly been busy.

systemd-homed now makes use of UID mapped mounts for the home areas. If the kernel and used file system support it, files are now internally owned by the "nobody" user (i.e. the user typically used for indicating "this ownership is not mapped"), and dynamically mapped to the UID used locally on the system via the UID mapping mount logic of recent kernels. This makes migrating home areas between different systems cheaper because recursively chown()ing file system trees is no longer necessary.

(See this article for a description of ID-mapped mounts).

Version 5.0 of the Krita painting program has been released. "This is a huge release, with a lot of new features and improvements". Changes include a reworked resource system, dithered gradients, faster color management, a reworked animation subsystem, and more; see the release notes for details.

Security updates have been issued by Debian (openjdk-11), Fedora (keepalived and tang), openSUSE (openssh, p11-kit, runc, and thunderbird), Oracle (postgresql:12, postgresql:13, and virt:ol and virt-devel:ol), Red Hat (rh-maven36-log4j12), and SUSE (ansible, chrony, logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh, openssh, p11-kit, python-Babel, and thunderbird).