Linux Weekly News

Firefox 89 has been released. The changes in this version focus on the look and feel. "We’ve redesigned and modernized the core experience to be cleaner, more inviting, and easier to use. " This release also includes enhancements to the privacy offerings. "We’ve enhanced the privacy of the Firefox Browser’s Private Browsing mode with Total Cookie Protection, which confines cookies to the site where they were created, preventing companies from using cookies to track your browsing across sites. This feature was originally launched in Firefox’s ETP Strict mode."

Security updates have been issued by Fedora (cflow, chromium, eterm, gnutls, and kernel), Mageia (kernel and kernel-linus), Oracle (glib2), Red Hat (glib2, kernel, kernel-rt, and kpatch-patch), SUSE (curl, djvulibre, gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, nginx, python-httplib2, and slurm), and Ubuntu (gupnp, libwebp, postgresql-10, postgresql-12, postgresql-13, and python3.8).

The GCC compiler, like other GNU projects, has long required contributors to complete paperwork assigning the copyrights on their work to the Free Software Foundation. That requirement has just been dropped, and contributors can now attach a Signed-off-by tag indicating use of the Developers Certificate of Origin instead. "This change is consistent with the practices of many other major Free Software projects, such as the Linux kernel." Initial discussion suggests that some developers were surprised by this change and are yet to be convinced that it is a good idea.

The seccomp() mechanism allows a process to load a BPF program to restrict its future use of system calls; it is a simple but flexible sandboxing mechanism that is widely used. Those filter programs, though, run on the "classic" BPF virtual machine, rather than the extended BPF (eBPF) machine used elsewhere in the kernel. Moving seccomp() to eBPF has been an often-requested change, but security concerns have prevented that from happening. The latest attempt to enable eBPF is this patch set from YiFei Zhu; whether it will succeed where others have failed remains to be seen.

Security updates have been issued by Debian (hyperkitty, libxml2, nginx, openjdk-11-jre-dcevm, rxvt-unicode, samba, and webkit2gtk), Fedora (exiv2, java-1.8.0-openjdk-aarch32, mingw-python-pillow, opendmarc, php-symfony3, php-symfony4, python-pillow, runc, rust-cranelift-codegen-shared, rust-cranelift-entity, and rxvt-unicode), openSUSE (curl, hivex, libu2f-host, libX11, libxls, singularity, and upx), Oracle (dotnet3.1 and dotnet5.0), Red Hat (docker, glib2, and runc), and Ubuntu (lz4).

The fourth 5.13 kernel prepatch is out for testing. "So after two small rc releases, the other shoe finally dropped, and rc4 is fairly sizable."

AlmaLinux 8.4, a clone of RHEL filling the role that CentOS used to play, has been released. Changes include full support for secure boot, a developer repository with packages not found in RHEL, and more; see the release notes for details.

Modern computing systems can feature multiple types of memory that differ in their performance characteristics. The most common example is NUMA architectures, where memory attached to the local node is faster to access than memory on other nodes. Recently, persistent memory has started appearing in deployed systems as well; this type of memory is byte-addressable like DRAM, but it is available in larger sizes and is slower to access, especially for writes. This new memory type makes memory allocation even more complicated for the kernel, driving the need for a method to better manage multiple types of memory in one system.

The 5.12.8, 5.10.41, and 5.4.123 stable kernels have been released. These contain only a small handful of changes, including fixes to the BPF verifier to address a privilege escalation vulnerability. Users of those series should upgrade.

Security updates have been issued by Debian (nginx), Fedora (chromium, curl, kernel, php-symfony3, php-symfony4, python-lxml, python-pip, and runc), Mageia (ceph and wireshark), openSUSE (mpv), Oracle (bind, idm:DL1, redis:6, slapi-nis, squid:4, and xorg-x11-server), SUSE (curl, nginx, postgresql10, postgresql12, postgresql13, slurm, slurm_18_08, and slurm_20_11), and Ubuntu (nginx).

Over on the Python Software Foundation blog, the reports from day 1 of the Python Language Summit are available. At the time of this writing, a few from day 2 are ready as well. There are lots of interesting topics discussed at the summit, including a talk on making CPython faster from Python creator Guido van Rossum. "Seven months ago, Guido van Rossum left a brief retirement to work at Microsoft. He was given the freedom to pick a project and decided to work on making CPython faster. Microsoft will be funding a small team consisting of Guido van Rossum, Mark Shannon, Eric Snow, and possibly others. [...] The team is optimistic about doubling CPython's speed for 3.11. They plan to try an adaptive, specializing byte code interpreter, which is a bit like the existing inline cache and a bit like the shadow byte code covered in Dino Viehland's talk." Some of the ideas go back to Shannon's thoughts on speeding up the interpreter that we looked at back in December.

When kernel developers want to communicate something about the state of a running kernel, they tend to use printk(); that results in a log entry that is intended — with varying success — to be human-readable. As it happens, though, the consumers of that information are often not human; the kernel's log output is also read by automated monitoring systems that are looking for problems. The result is an impedance mismatch that often ends with the monitoring system missing important messages. The printk() format indexing patch set is the latest of many attempts to improve this situation.

Security updates have been issued by Debian (djvulibre), Fedora (slapi-nis and upx), Gentoo (ceph and nginx), openSUSE (python-httplib2 and rubygem-actionpack-5_1), Slackware (curl), SUSE (curl, libX11, and python-httplib2), and Ubuntu (isc-dhcp, lz4, and nginx).

The LWN.net Weekly Edition for May 27, 2021 is available.

Internet Relay Chat (IRC) is a longstanding protocol—or series of protocols—for creating online, text-based chat rooms. While many of the "channels" (as chat rooms are usually called) are highly useful to a wide variety of projects and organizations, including much of the free-software world, IRC seems to have a community that suffers from more than its fair share of disagreements, hostile forks, vitriol, and other types of divisiveness. It is perhaps no huge surprise, then, that the IRC world is currently undergoing another of its periodic upheavals. The largest IRC network, freenode, is embroiled in a messy dispute that has led to the mass resignation of many of its volunteer staff, the founding of a competitor network (run by the former staff), and its abandonment by multiple high-profile projects.

Stable kernels 5.12.7, 5.10.40, 5.4.122, 4.19.192, 4.14.234, 4.9.270, and 4.4.270 have been released. As usual, they contain important fixes and users should upgrade.

Security updates have been issued by Arch Linux (djvulibre, dotnet-runtime, dotnet-runtime-3.1, dotnet-sdk, dotnet-sdk-3.1, gupnp, hivex, lz4, matrix-synapse, prometheus, python-pydantic, runc, thunderbird, and websvn), Fedora (composer, moodle, and wordpress), Gentoo (bash, boost, busybox, containerd, curl, dnsmasq, ffmpeg, firejail, gnome-autoar, gptfdisk, icu, lcms, libX11, mariadb, mumble, mupdf, mutt, mysql, nettle, nextcloud-client, opensmtpd, openssh, openvpn, php, postgresql, prosody, rxvt-unicode, samba, screen, smarty, spamassassin, squid, stunnel, tar, tcpreplay, and telegram-desktop), openSUSE (Botan), Red Hat (kernel), Slackware (gnutls), SUSE (hivex, libu2f-host, and rubygem-actionpack-5_1), and Ubuntu (apport, exiv2, and libx11).

Version 3.0 of Magit, a Git interface that runs inside emacs, has been released. "The big change are the completely reworked menus used to select arguments and invoke suffix commands. Magit now uses the Transient package to implement these menus." See the release notes for more details.

On March 24, version 1.6.0 of the Julia programming language was released. This is the first feature release since 1.0 came out in 2018. The new release significantly reduces the "time to first plot", which is a common source of dissatisfaction for newcomers to the language, by parallelizing pre-compilation, downloading packages more efficiently, and reducing the frequency of just-in-time re-compilations at run time.

Security updates have been issued by Fedora (python-eventlet), openSUSE (grub2 and mpv), and Red Hat (kpatch-patch and rh-ruby25-ruby).