Linux Weekly News

We left the saga of PEP 622 ("Structural Pattern Matching") at the end of June, but the discussion of a Python "match" statement—superficially similar to a C switch but with extra data-matching features—continued. At this point, the next steps are up to the Python steering council, which will determine the fate of the PEP. But there is lots of discussion to catch up on from the last two months or so.

Security updates have been issued by Debian (apache2 and libx11), Fedora (batik, ecj, eclipse, eclipse-cdt, eclipse-ecf, eclipse-emf, eclipse-gef, eclipse-m2e-core, eclipse-mpc, eclipse-mylyn, eclipse-remote, eclipse-webtools, firefox, httpd, jetty, lucene, selinux-policy, and univocity-parsers), Mageia (hylafax+), openSUSE (ark and chromium), Red Hat (virt:8.2 and virt-devel:8.2), SUSE (freeradius-server, freerdp, php7, php72, php74, and xorg-x11-server), and Ubuntu (freerdp2, keystone, net-snmp, python-django, and python-rsa).

The LXD team has announced the release of LXD 4.5. LXD is a container and VM manager focused on running full Linux distributions. Highlights include virtual networks through OVN, bpf system call interception, a new way to allocate PTS devices, improved cluster remote storage, AppArmor confinement for some side services, and graphical console attach on Windows clients.

The Rust programming language has long aimed to be a suitable replacement for C in operating-system kernel development. As Rust has matured, many developers have expressed growing interest in using it in the Linux kernel. At the 2020 (virtual) Linux Plumbers Conference, the LLVM microconference track hosted a session on open questions about and obstacles to accepting Rust upstream in the Linux kernel. The interest in this topic can be seen in the fact that this was the single most heavily attended session at the 2020 event.

Security updates have been issued by Debian (bacula, bind9, freerdp, libvncserver, lilypond, mupdf, ndpi, openexr, php-horde, php-horde-core, php-horde-gollem, php-horde-kronolith, ros-actionlib, thunderbird, and xorg-server), Fedora (golang-github-ulikunitz-xz and qt), Gentoo (bind, chrony, ghostscript-gpl, kleopatra, openjdk, and targetcli-fb), Mageia (ark, evolution-data-server, fossil, kernel, kernel-linus, and thunderbird), openSUSE (apache2, graphviz, grub2, inn, librepo, and xorg-x11-server), Oracle (firefox), and Red Hat (git).

The third 5.9 kernel prepatch is out for testing. "On the whole it's been pretty calm for being rc3. This is actually one of the smaller rc3's we've had in recent releases."

Adding code to the kernel to support new hardware is relatively easy. Removing code that is no longer useful can be harder, mostly because it can be difficult to know when something is truly no longer needed. Arnd Bergmann, who removed support for eight architectures from the kernel in 2018, knows well just how hard this can be. At the 2020 Linux Plumbers Conference, he led two sessions dedicated to the topic of obsolete software and hardware. With a bit of effort, he said, it should be possible to have a better idea of when something can be removed.

Our previous article explored the fundamentals of Flutter, a cross-platform open-source user-interface (UI) toolkit. We complete our introduction of Flutter by returning to the simple LWN RSS feed headline viewer that was introduced in part one. We will be adding several new features to that application in part two, including interactive elements to demonstrate some of the UI features of Flutter.

Security updates have been issued by Debian (bind9 and squid), Fedora (libX11 and wireshark), Gentoo (libX11 and redis), Mageia (firefox, libx11, qt4 and qt5base, and x11-server), openSUSE (gettext-runtime, inn, and webkit2gtk3), Oracle (firefox), SUSE (libqt5-qtbase, openvpn, openvpn-openssl1, postgresql10, and targetcli-fb), and Ubuntu (chrony, nss, and squid).

On the Collabora blog, Gabriel Krisman Bertazi writes about a feature he developed: case-insensitive ext4. He describes how to enable the feature in the kernel (>= 5.2), how to create an ext4 filesystem that will support case-insensitive lookups, as well as some gotchas; he starts with some justification for the idea:

A file name is a text string used to uniquely identify a file (in this context, 'directory' is the same as a file) at a specific level of the directory hierarchy. While, from the operating system point of view, it doesn't matter what the file name is, as long as it is unique, meaningful file names are essential for the end user, since it is the main key to locate and retrieve data. In other words, a meaningful file name is what people rely upon to find their valuable documents, pictures and spreadsheets.

Traditionally, Linux (and Unix) filesystems have always considered file names as an opaque byte sequence without any special meaning, requiring users to submit the exact match of the file to find it in the filesystem. But that is not how humans operate. When people write titles, 'important report.ods' and 'IMPORTANT REPORT.ods' usually mean the same piece of data, and you don't care how it was written when creating it. We care about the content and the semantics of the words IMPORTANT and REPORT.

The Rust team has announced the release of Rust 1.46.0. "This release enables quite a lot of new things to appear in const fn, two new standard library APIs, and one feature useful for library authors. See the detailed release notes to learn about other changes not covered by this post."

Greg Kroah-Hartman has released the 5.8.5 and 5.7.19 stable kernels with a relatively small number of fixes. Note that this is the last release for the 5.7.x kernel series, so users should move to 5.8.5 along with those on 5.8.x.

For as long as we have had desktop systems, there have been concerns about desktop responsiveness and developers have been working to improve things in that area. Over the years, Linux has gained a number of capabilities — control groups in particular — that are applicable to the problem of improving desktop performance, but use of these features has lagged behind their availability. At the 2020 Linux Plumbers Conference, Benjamin Berg outlined some of the work that is being done by the Linux desktop projects to put recent kernel features to work.

Security updates have been issued by Debian (firefox-esr and nginx), Fedora (firefox, firejail, and lua), Gentoo (chromium, docker, firefox and thunderbird, net-snmp, postgresql, and wireshark), openSUSE (chromium, claws-mail, dovecot23, libreoffice, and python3), Oracle (kernel), Scientific Linux (firefox), SUSE (apache2, graphviz, and libxslt), and Ubuntu (firefox, libmysofa, and squid3).

The LWN.net Weekly Edition for August 27, 2020 is available.

The X.Org project has announced the release of xorg-server version 1.20.9. Among other improvements are numerous fixes to XWayland, including a bug that could cause an infinite loop at startup as well as other potential crash fixes. The release also addresses several security issues that can "lead to local privileges elevation on systems where the X server is running privileged." Users of xorg-server are encouraged to upgrade.

The Oracle blog is putting up a series by Vegard Nossum on fuzzing the kernel's entry code; part 1 and part 2 are available now. "While these fuzzers effectively test the system calls themselves (and the code reachable through system calls), one thing they don't test very well is what happens at the actual transition point between userspace and the kernel. There is more to this boundary than meets the eye; it is written in assembly code and there is a lot of architectural state (CPU state) that must be verified or sanitized before the kernel can safely start executing its C code. This blog post explores how one might go about writing a fuzzer targeting the Linux kernel entry code on x86."

OpenSCAD is a GPLv2-licensed 3D computer-aided design (CAD) program best described as a "programmer's CAD"; it is available for Linux, Windows, several flavors of BSD, and macOS. Unlike the majority of 3D-modeling software packages which are point-and-click, the OpenSCAD website describes the project as "something like a 3D compiler", where models are generated using a scripting language. It is a unique way of approaching CAD and has many real-world applications that may be of interest.

Stable kernels 5.8.4, 5.7.18, 5.4.61, 4.19.142, 4.14.195, 4.9.234, and 4.4.234 have been released with important fixes throughout the tree. Users should upgrade.

Security updates have been issued by Debian (firefox-esr, ghostscript, php7.0, and proftpd-dfsg), Fedora (mod_http2 and thunderbird), Red Hat (chromium-browser and firefox), and SUSE (apache2, grub2, samba, and xorg-x11-server).