Linux Weekly News

Security updates have been issued by Debian (firefox-esr), Fedora (mingw-openjpeg2, openjpeg2, and synergy), openSUSE (audacity and gdm), Oracle (libexif, libpq, and thunderbird), Red Hat (firefox, gnutls, go-toolset:rhel8, java-1.7.1-ibm, java-1.8.0-ibm, kernel, kernel-rt, linux-firmware, mariadb-connector-c, mariadb:10.3, memcached, net-snmp, nginx:1.16, nodejs:12, openssl, pacemaker, postgresql:10, python-django-horizon, python-XStatic-Bootstrap-SCSS, python-XStatic-jQuery, and python-XStatic-jQuery224), Scientific Linux (gd, kernel, pacemaker, python-rtslib, samba, and targetcli), SUSE (openssh, PackageKit, spice, and spice-gtk), and Ubuntu (firefox and imagemagick).

Hans Petter Jansson has done an analysis of contributions to the GNOME project, raising some concerns about how well the project is doing at bringing in new developers for the long haul. "According to this, GNOME peaked at slightly above 1,400 contributors in 2010 and went into decline with the GNOME 3.0 release the following year. However, 2020 saw the most contributors in a long time, even with preliminary data — there’s still two weeks to go. Who knows if it’s an anomaly or not. It’s been an atypical year across the board."

On November 26, version 6.1 of GNU Octave, a language and environment for numerical computing, was released. There are several new features and enhancements in this release, including improvements to graphics output, better communication with web services, and over 40 new functions. We will take a look at where Octave fits into the landscape of numerical tools for scientists and engineers, and recount some of its long history.

Firefox 84.0 has been released. This version includes an accelerated rendering pipeline for Linux/GNOME/X11 users and improved performance and compatibility with Docker. This is the final release to support Adobe Flash. The release notes have additional details.

Firefox 78.6.0 ESR has also been released, with various stability, functionality, and security fixes. See the release notes for more information.

CloudLinux has put out a press release stating that it will commit over $1 million per year toward the creation and maintenance of a CentOS replacement distribution. "CloudLinux is sponsoring Project Lenix, which will create a free, open-source, community-driven, 1:1 binary compatible fork of RHEL 8 (and future releases). It will provide an uninterrupted way to convert existing CentOS servers with absolutely zero downtime. Entire server fleets will be able to be converted with a single command with no reinstallation and no reboots required."

Security updates have been issued by Debian (libxstream-java and xen), Fedora (curl), openSUSE (curl, kernel, mariadb, and openssl-1_1), Oracle (kernel, libexif, thunderbird, and xorg-x11-server), Red Hat (curl, gd, kernel, kernel-rt, linux-firmware, net-snmp, openssl, pacemaker, python-rtslib, samba, targetcli, and xorg-x11-server), Scientific Linux (libexif, thunderbird, and xorg-x11-server), and SUSE (clamav, gdm, and kernel).

Linus Torvalds released the 5.10 kernel on December 13 at the end of a typical nine-week development cycle. At that point, 16,174 non-merge changesets had been pulled into the mainline; that makes 5.10 a larger cycle than 5.9, but it falls just short of the record set by 5.8, which ended with 16,308 changesets. For the most part 5.10 is just another routine kernel release, but there are a couple of interesting things to be seen in the overall statistics.

The 5.10.1 stable kernel update has been released on an expedited schedule; it contains reverts for a couple of late-arriving 5.10 patches that turned out not to be as good an idea as it first seemed.

Security updates have been issued by Debian (lxml, openexr, openssl, and openssl1.0), Fedora (libpri, libxls, mediawiki, nodejs, opensc, php-wikimedia-assert, php-zordius-lightncandy, squeezelite, and wireshark), openSUSE (curl, openssh, openssl-1_0_0, python-urllib3, and rpmlint), Red Hat (libexif, libpq, and thunderbird), Slackware (p11), SUSE (kernel, Kubernetes, etcd, helm, openssl, openssl-1_0_0, and python), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon, and linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi).

Linus has released the 5.10 kernel. "I pretty much always wish that the last week was even calmer than it was, and that's true here too. There's a fair amount of fixes in here, including a few last-minute reverts for things that didn't get fixed, but nothing makes me go 'we need another week'. Things look fairly normal."

Significant changes in this release include support for the Arm memory tagging extension, restricted rings for io_uring, sleepable BPF programs, the process_madvise() system call, ext4 "fast commits", and more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 5.10 page for more details.

The 5.9.14, 5.4.83, 4.19.163, 4.14.212, 4.9.248, and 4.4.248 stable kernels have been released by Greg Kroah-Hartman. As usual, they contain important fixes throughout the tree; users should upgrade.

Kernel development is a constant exercise in reducing overhead; any resources taken by the kernel are not available for the workload that users actually want to run. As part of this, the page structure used to manage memory has been kept as small as possible. Even so, page structures typically take up just over 1.5% of the available memory, which is too much for some users. LWN recently looked at DMEMFS as one approach to reduce this overhead, but that is not the only work happening in this area. Two developers are currently working independently on patches to reduce the overhead associated with huge pages in particular.

Security updates have been issued by Debian (minidlna and x11vnc), Fedora (pam), openSUSE (chromium, minidlna, nsd, openssl-1_1, and pngcheck), SUSE (gcc7 and kernel), and Ubuntu (lxml and squirrelmail).

For years, the CentOS distribution has been a reliable resource for anybody wanting to deploy systems with a stable, maintained Linux base that "just works". At one point, it was reported to be the platform on which 30% of all web servers were run. CentOS has had its ups and downs over the years; for many, the December 8 announcement that CentOS will be "shifting focus" will qualify as the final "down". Regardless of whether this change turns out to be a good thing, it certainly marks the end of an era that began in 2004.

The OpenWrt project has released two updates: 18.06.9 and 19.07.5. Both contain a number of important fixes, including a few with CVE numbers attached. Also notable is that 18.06.9 is the last update for 18.06; users will need up upgrade to 19.07 for continued support.

Security updates have been issued by Arch Linux (ant, cimg, containerd, libproxy, libproxy-mozjs, libproxy-webkit, libslirp, python-lxml, tomcat8, tomcat9, and xorg-server), CentOS (firefox and thunderbird), Debian (apt, linux-4.19, python-apt, and sqlite3), Fedora (ceph, chromium, containerd, matrix-synapse, mingw-openjpeg2, openjpeg2, python-authlib, python-canonicaljson, and spice-gtk), Mageia (chromium-browser-stable), openSUSE (chromium and pngcheck), Slackware (curl), SUSE (clamav, curl, openssh, openssl-1_0_0, openssl-1_1, openssl1, python-pip, python-scripttest, python-urllib3, and xen), and Ubuntu (apt, curl, and python-apt).

The LWN.net Weekly Edition for December 10, 2020 is available.

There can be no doubt that general-purpose computing has been a boon to the world. The ability to run different kinds of programs, from various sources, including bought from companies, written from scratch, and, well, built from source, is something that we take for granted on many—most—of the computing devices that we own. But that model seems to be increasingly disappearing in many kinds of devices, including personal computers, as a recent kerfluffle in the Apple world helps to demonstrate.

Security updates have been issued by Debian (golang-golang-x-net-dev, python-certbot, and xorg-server), Fedora (resteasy, scap-security-guide, and vips), openSUSE (chromium, python, and rpmlint), SUSE (kernel), and Ubuntu (aptdaemon, curl, gdk-pixbuf, lxml, and openssl, openssl1.0).

GNU Autoconf 2.70 is out. "Noteworthy changes include support for the 2011 revisions of the C and C++ standards, support for reproducible builds, improved support for cross-compilation, improved compatibility with current compilers and shell utilities, more efficient generated shell code, and many bug fixes." See this article for more information on what has been happening with Autoconf.