Linux Weekly News

Stable kernels 5.8.15, 5.4.71, 4.19.151, 4.14.201, 4.9.239, and 4.4.239 have been released. They all contain important fixes and users should upgrade.

Security updates have been issued by Debian (jackson-databind and tomcat8), Fedora (dovecot), Oracle (firefox, spice and spice-gtk, and thunderbird), Red Hat (flash-plugin), SUSE (ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client, bind, crmsh, kernel, libproxy, php74, rubygem-activesupport-5_1, and tigervnc), and Ubuntu (dom4j, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux, linux-lts-trusty, and linux-hwe, linux-gke-5.0, linux-gke-5.3, linux-oem-osp1, linux-raspi2-5.3).

Version 4.4.0 of the Krita painting application has been released. "With a whole slew of new fill layer types, including the really versatile SeExpr based scriptable fill layer type, exciting new options for Krita’s brushes like the gradient map mode for brushes, lightness and gradient modes for brush textures, support for dynamic use of colors in gradients, webm export for animations, new scripting features — and of course, hundreds of bug fixes that make this version of Krita better than ever." See the release notes for details.

The 5.9 kernel was released on October 11, at the end of a ten-week development cycle — the first release to take more than nine weeks since 5.4 at the end of 2019. While this cycle was not as busy as 5.8, which broke some records, it was still one of the busier ones we have seen in some time, featuring 14,858 non-merge changesets contributed by 1,914 developers. Read on for our traditional look at what those developers were up to while creating the 5.9 release.

A recent proposal on the python-ideas mailing list would add a new way to represent floating-point infinity in the language. Cade Brown suggested the change; he cited a few different reasons for it, including fixing an inconsistency in the way the string representation of infinity is handled in the language. The discussion that followed branched in a few directions, including adding a constant for "not a number" (NaN) and a more general discussion of the inconsistent way that Python handles expressions that evaluate to infinity.

Security updates have been issued by Mageia (mariadb), openSUSE (qemu and tigervnc), Oracle (kernel), Red Hat (chromium-browser and kernel), and SUSE (php5).

On the 20th anniversary of the open-sourcing of the OpenOffice.org suite, the LibreOffice project has sent an open letter to the Apache OpenOffice project suggesting that it is time for the latter to recognize that the game is over. "If Apache OpenOffice wants to still maintain its old 4.1 branch from 2014, sure, that’s important for legacy users. But the most responsible thing to do in 2020 is: help new users. Make them aware that there’s a much more modern, up-to-date, professionally supported suite, based on OpenOffice, with many extra features that people need."

Plausible, a web-analytics package that was reviewed here in June, has announced a move from the MIT license to the Affero GPL, version 3. "This change makes no difference to any of you who subscribe to Plausible Cloud or who self-host Plausible, but it may upset a few corporations who tried to use our software to directly compete with us without contributing back."

The Open Invention Network, which offers patent protection for a wide range of open-source software, has expanded its Linux System Definition — the set of software covered by the OIN patent non-aggression agreement. In particular, the new definition includes the exFAT filesystem (once the subject of a lot of patent worries), the KDE Frameworks, the Robot Operating System, and version 10 of the Android Open Source Project.

Version 5.20 of the Plasma KDE desktop is out. "A massive release, containing improvements to dozens of components, widgets, and the desktop behavior in general. Everyday utilities and tools, such as the Panels, Task Manager, Notifications and System Settings, have all been overhauled to make them more usable, efficient, and friendlier." There are also significant improvements in Plasma's Wayland support.

Security updates have been issued by Debian (eclipse-wtp, httpcomponents-client, rails, and spice), Fedora (crun, oniguruma, and podman), openSUSE (grafana, kdeconnect-kde, kernel, nextcloud, nodejs10, nodejs8, and permissions), Oracle (kernel), and SUSE (tigervnc).

Version 11.0.0 of the LLVM compiler suite is out. Significant change include the addition of a Fortran frontend and a lot more; see the collection of release-note sets in the announcement for details.

David Miller is the long-time maintainer of the kernel's networking subsystem. On October 10, he wrote this to his Twitter feed: "I had a stroke on Tuesday and have been recovering since please pray for me". We at LWN wish David a fast and complete recovery. (Thanks to Harald Welte for the heads-up).

Linus has released the 5.9 kernel. "Ok, so I'll be honest - I had hoped for quite a bit fewer changes this last week, but at the same time there doesn't really seem to be anything particularly scary in here. It's just more commits and more lines changed than I would have wished for." Some of the significant features in this release are: x86 FSGSBASE support, capacity awareness in the deadline scheduler, the close_range() system call, proactive compaction in the memory-management subsystem, the rationalization of kernel-thread priorities, and more. See the KernelNewbies 5.9 page for more details.

Systems that manage large amounts of network traffic end up dedicating a significant part of their available CPU time to the network stack itself. Much of this work is done in software-interrupt context, which can be problematic in a number of ways. That may be about to change, though, once this patch series posted by Wei Wang is merged into the mainline.

Security updates have been issued by Oracle (bind, kernel, libcroco, nss and nspr, qemu-kvm, spice and spice-gtk, and squid) and SUSE (kernel).

One of the key rules of Linux kernel development is that the ABI between the kernel and user space cannot be broken; any change that breaks previously working programs will, outside of exceptional circumstances, be reverted. The rule seems clear, but there are ambiguities when it comes to determining just what constitutes the kernel ABI; tracepoints are a perennial example of this. A recent discussion has brought another one of those ambiguities to light: the on-disk format of Linux filesystems.

Security updates have been issued by Debian (activemq, golang-go.crypto, packagekit, and sympa), Fedora (php and xen), Red Hat (bind, kernel, and qemu-kvm), SUSE (qemu), and Ubuntu (golang-github-seccomp-libseccomp-golang and spice).

The LWN.net Weekly Edition for October 8, 2020 is available.

In unusually stark terms, Mozilla is trying to rally the troops to take back the internet from the forces of evil—or at least "misinformation, corruption and greed"—that have overtaken it. In a September 30 blog post, the organization behind the Firefox web browser warned that "the internet needs our love". While there is lots to celebrate about the internet, it is increasingly under threat from various types of bad actors, so Mozilla is starting a campaign to try to push back against those threats.