Linux Weekly News

The LWN.net Weekly Edition for September 9, 2021 is available.

Two recent threads on the python-ideas mailing list have overlapped to a certain extent; both referred to Python's style guide, but the discussion indicates that the advice in it may have been stretched further than intended. PEP 8 ("Style Guide for Python Code") is the longstanding set of guidelines and suggestions for code that is going into the standard library, but the "rules" in the PEP have been applied in settings and tools well outside of that realm. There may be reasons to update the PEP—some unrelated work of that nature is ongoing, in fact—but Pythonistas need to remember that the suggestions in it are not carved in stone.

Stable kernels 5.14.2, 5.13.15, and 5.10.63 have been released. As usual, there are important fixes and users should upgrade.

Security updates have been issued by Debian (haproxy), Fedora (libguestfs, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, vim, and wimlib), Mageia (kernel and kernel-linus), openSUSE (haproxy), Oracle (kernel), Red Hat (kernel, kernel-rt, and kpatch-patch), SUSE (haproxy), and Ubuntu (cpio, haproxy, libapache2-mod-auth-mellon, libgd2, linux, linux-aws, linux-kvm, linux-lts-xenial, openvswitch, python-pysaml2, and sssd).

Firefox 92.0 has been released. In this version Firefox can now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc headers, support full-range color levels for video playback on many systems, and more.

Firefox 78.14.0 ESR and Firefox 91.1.0 have also been released. ESR78 will reach end-of-life in November.

Amateur ("ham") radio operators have been experimenting with ways to use computers in their hobby since PCs became widely available—perhaps even before then. While many people picture hams either talking into a microphone or tapping a telegraph key, many hams now type on a keyboard or even click buttons on a computer screen to make contacts. Even hams who still prefer to talk or use Morse code may still use computers for some things, such as logging contacts or predicting radio conditions. While most hams use Windows, there is no shortage of ham radio software for Linux.

Security updates have been issued by openSUSE (apache2, java-11-openjdk, libesmtp, nodejs10, ntfs-3g_ntfsprogs, openssl-1_1, xen, and xerces-c), Red Hat (kernel-rt and kpatch-patch), and SUSE (ntfs-3g_ntfsprogs and openssl-1_1).

Version 3.0 of the OpenSSL TLS library has been released; the large version-number jump (from 1.1.1) reflects a new versioning scheme.

Most applications that worked with OpenSSL 1.1.1 will still work unchanged and will simply need to be recompiled (although you may see numerous compilation warnings about using deprecated APIs). Some applications may need to make changes to compile and work correctly, and many applications will need to be changed to avoid the deprecations warnings. We have put together a migration guide to describe the major differences in OpenSSL 3.0 compared to previous releases.

OpenSSL has also been relicensed to Apache 2.0, which should end the era of "special exceptions" needed to use OpenSSL in GPL-licensed applications. See this blog entry and the changelog for more information.

The linux.conf.au organizers have put out a second, extended call for proposals for the 2022 event, which will be held online starting January 14.

Please submit a talk, join us in January. We have the "venue" sorted, sponsors organised, miniconfs chosen, keynotes ready, now all we need is a wonderful program of sessions for our community to listen and watch.

Proposals are due by September 12.

Once upon a time, block storage devices were slow, to the point that they often limited the speed of the system as a whole. A great deal of effort went into carefully ordering requests to get the best performance out of the storage device; achieving that goal was well worth expending some CPU time. But then storage devices got much faster and the equation changed. Fancy I/O-scheduling mechanisms have fallen by the wayside and effort is now focused on optimizing code so that the CPU can keep up with its storage. A block-layer change that was merged for the 5.15 kernel shows the kinds of tradeoffs that must be made to get the best performance from current hardware.

Security updates have been issued by Debian (btrbk, pywps, and squashfs-tools), Fedora (libguestfs, libss7, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, wimlib, and xen), Mageia (exiv2, golang, libspf2, and ruby-addressable), openSUSE (apache2, dovecot23, gstreamer-plugins-good, java-11-openjdk, libesmtp, mariadb, nodejs10, opera, python39, sssd, and xerces-c), and SUSE (apache2, java-11-openjdk, libesmtp, mariadb, nodejs10, python39, sssd, xen, and xerces-c).

Version 21.02.0 of the OpenWrt router distribution is out. "It incorporates over 5800 commits since branching the previous OpenWrt 19.07 release and has been under development for about one and a half year". Significant changes include WPA3 support by default, TLS support in opkg and in the LuCi interface, initial Distributed Switch Architecture support, new hardware support, and more. See the release notes for more information.

Computing terminology can be counterintuitive at times, but even a longtime participant in the industry may have to look twice at the notion of named anonymous memory. That, however, is just the concept that this patch set posted by Suren Baghdasaryan proposes to add. There are, it seems, developers who find the idea useful enough to not only overcome the initial cognitive dissonance that comes with it, but also to resurrect an eight-year-old patch to get it into the kernel.

Greg Kroah-Hartman has announced the release of the 5.14.1, 5.13.14, 5.10.62, 5.4.144, 4.19.206, 4.14.246, 4.9.282, and 4.4.283 stable kernels. As usual, these updates contain important fixes; users of those series should upgrade.

Security updates have been issued by Debian (qemu), Fedora (condor, grilo, libopenmpt, opencryptoki, and php), openSUSE (xen), and SUSE (ffmpeg, file, php72, rubygem-addressable, and xen).

As of this writing, 3,440 non-merge changesets have been pulled into the mainline repository for the 5.15 development cycle. A mere 3,440 patches may seem like a slow start, but those patches are densely populated with significant new features. Read on for a look at what the first part of the 5.15 merge window has brought.

On the ADA Logics blog, David Korczynski and Adam Korczynski write about their work integrating 115 open-source projects with Google's OSS-Fuzz project for doing continuous fuzz testing. They describe the process of integrating a project into OSS-Fuzz, and discuss their findings, which include more than 2000 bugs (500+ security relevant), of which 1300+ have been fixed at this point: Throughout the process we integrated projects written in C, C++, Python, Go and Rust and the types of bugs we found across the projects are a reflection of the language the project was written in. Typically, for managed languages the bugs are within the umbrella term of uncaught exceptions and denial of service bugs, whereas in native languages the bugs are mostly split between assert violations, NULL-dereferences, heap-out-of-bounds, stack-out-of-bounds, stack overflows, integer arithmetic, memory leaks, out-of-memory and timeout bugs.

Security updates have been issued by openSUSE (ffmpeg and gstreamer-plugins-good), SUSE (apache2, apache2-mod_auth_mellon, ffmpeg, gstreamer-plugins-good, libesmtp, openexr, rubygem-puma, xen, and xerces-c), and Ubuntu (openssl).

The LWN.net Weekly Edition for September 2, 2021 is available.

Discussions on ways to "modernize" the Emacs editor have come up in various guises over the past few years. Changes of that nature tend to be somewhat contentious in the Emacs community, pitting the "old guard" that values the existing features (and keybindings) against those who argue for changes to make Emacs more approachable (and aesthetically pleasing) to newcomers. Those discussions tend toward mega-thread status, so it should be no surprise that a query about possibly moving Emacs development to a "forge" (e.g. GitHub or GitLab) got similar treatment. As always in Emacs-land, there are multiple facets to the discussion, including the desirability of moving away from an email-based workflow, accommodating younger, forge-centric developers without forcing existing developers into that model, and—naturally—licensing.