Linux Weekly News

Back in February, the kernel community discussed the removal of a couple of functions that could be used by loadable modules to gain access to symbols (functions and data structures) that were not meant to be available to them. That change was merged during the 5.7 merge window. This change will break a number of external modules that depended on the removed functions; since many of those modules are proprietary, this fact does not cause a great deal of anguish in the kernel community. But there are a few out-of-tree modules with GPL-compatible licenses that are also affected by this change; one of those is LTTng. Fixing LTTng may not be entirely straightforward.

Python 2.7.18 is out. This is the last release and end of support for Python 2. "Python 2.7 has been under active development since the release of Python 2.6, more than 11 years ago. Over all those years, CPython's core developers and contributors sedulously applied bug fixes to the 2.7 branch, no small task as the Python 2 and 3 branches diverged. There were large changes midway through Python 2.7's life such as PEP 466's feature backports to the ssl module and hash randomization. Traditionally, these features would never have been added to a branch in maintenance mode, but exceptions were made to keep Python 2 users secure. Thank you to CPython's community for such dedication."

Security updates have been issued by Arch Linux (openvpn), Debian (awl, file-roller, jackson-databind, and shiro), Fedora (chromium, git, and libssh), Mageia (php, python-bleach, and webkit2), openSUSE (chromium, gstreamer-rtsp-server, and mp3gain), Oracle (thunderbird and tigervnc), SUSE (thunderbird), and Ubuntu (file-roller and webkit2gtk).

The results are in from this year's Debian project leader election; the winner is Jonathan Carter.

The 5.7-rc2 kernel prepatch is out for testing. "Everything continues to look fairly normal, with commit counts right in the middle of what you'd expect for rc2. And most of the changes are tiny and don't look scary at all."

Greg Kroah-Hartman has released the 5.6.5, 5.5.18, 5.4.33, and 4.19.116 stable kernels. They contain a seemingly larger-than-usual collection of fixes throughout the kernel tree; users of those series should upgrade.

Much of the free software we run every day was developed over email, and the developers of that software, who may have been using email for decades, tend to be somewhat attached to it. The newer generation of developers that came later, though, has proved remarkably resistant to the charms of email-based communication. That has led to an ongoing push to replace email with other forms of communication; often the "other form" of choice is a web-based system called Discourse. Moving to Discourse tends to be controversial; LWN covered related discussions in the Fedora and Python projects in 2018. Now it is Debian's turn to confront this question.

On the FSF blog, Zoe Kooyman describes how the LibrePlanet 2020 conference was converted to a virtual conference in a week's time—using free software, naturally. "In 2016, we gained some livestreaming experience when we interviewed Edward Snowden live from Moscow. To minimize the risk of failed recordings due to overly complex or error-prone software systems, we made it a priority to achieve a pipeline with low latency, good image quality, and low CPU usage. The application we used then was Jitsi Meet, and the tech info and scripts we used for streaming from 2016 are available for your information and inspiration. Naturally, for this year, with no time for researching other applications, we opted to build on our experience with Jitsi Meet. We hosted our own instance for remote speakers to connect to and enter a video call with the conference organizers. A screen capture of this call was then simultaneously recorded by the FSF tech team, and streamed out to the world via Gstreamer and Icecast."

Security updates have been issued by Arch Linux (apache and chromium), Debian (webkit2gtk), Fedora (firefox, nss, and thunderbird), Mageia (chromium-browser-stable and git), openSUSE (gnuhealth), Oracle (thunderbird), Red Hat (kernel-alt, thunderbird, and tigervnc), Scientific Linux (thunderbird), Slackware (openvpn), and SUSE (freeradius-server and libqt4).

There are many ways to try to keep a system secure. One of those, often employed in embedded or other dedicated-purpose systems, is to try to ensure that only code that has been approved (by whoever holds that power over the system in question) can be executed. The secure boot mechanism, which is intended to keep a computer from booting anything but a trusted kernel, is one piece of this puzzle, but its protection only extends through the process of booting the kernel itself. Various mechanisms exist for protecting a system after it boots; a new option for this stage is the Integrity Policy Enforcement (IPE) security module, posted by Deven Bowers.

Security updates have been issued by Arch Linux (git), Fedora (cacti, cacti-spine, chromium, golang-github-buger-jsonparser, kernel, kernel-headers, and kernel-tools), openSUSE (ansible, git, and mp3gain), Oracle (container-tools:ol8, nodejs:10, and virt:ol), Red Hat (chromium-browser, ipmitool, and thunderbird), Slackware (bind), SUSE (quartz), and Ubuntu (php5, php7.0, php7.2, php7.3).

The LWN.net Weekly Edition for April 16, 2020 is available.

We last looked in on the question of a Git forge for Fedora at the end of January—which seems like nearly a lifetime ago, but is, in truth, only around two-and-a-half months back. At that time, requirements were being gathered for an open decision-making process that would seemingly play out with lots of community participation. That is not at all what transpired, however, and much of the Fedora community feels that its needs have not been taken into consideration. There are a number of lessons that can be learned from all of this.

Version 1.1.0 of the GNU Guix transactional package manager and system distribution has been released. "It’s been 11 months since the previous release, during which 201 people contributed code and packages. This is a long time for a release, which is in part due to the fact that bug fixes and new features are continuously delivered to our users via guix pull. However, a number of improvements, in particular in the installer, will greatly improve the experience of first-time users."

Security updates have been issued by Debian (git, graphicsmagick, php-horde-data, and php-horde-trean), Mageia (apache, gnutls, golang, krb5-appl, libssh, libvncserver, mediawiki, thunderbird, tor, and wireshark), openSUSE (chromium, nagios, and thunderbird), Oracle (kernel and krb5-appl), Red Hat (elfutils, kernel, nss-softokn, ntp, procps-ng, and python), Scientific Linux (firefox), Slackware (git), SUSE (git and ruby2.5), and Ubuntu (git).

In part 1 of this article, we gave an overview of the Kernel Concurrency Sanitizer (KCSAN) and looked how it can detect data races in the kernel. KCSAN uses the definition of "data race" that is part of the Linux-Kernel Memory Consistency Model (LKMM), but there is more that KCSAN can do. This concluding part of the article describes other ways that the tool can be used to find data races and other kinds of problems in concurrent code. It provides some ideas on strategies and best practices, briefly considers some alternative approaches, and concludes with some known limitations.

The Zimbra email and collaboration suite will change its open source policy. This post from the Zeta Alliance notes the changes for Zimbra 9. "John E. explained that Zimbra 9 introduces a change to Synacor's open source policy for Zimbra. Starting with Zimbra 9, a binary version of Zimbra 9 will no longer be released to the community and will instead only be made available to Zimbra Network Edition customers. There are currently no plans to release the source code for Zimbra 9 to the community. Zimbra 8.8.15 will remain open source for the community and continue to be supported for the remainder of its lifecycle through December, 31, 2024 (https://www.zimbra.com/support/support- ... lifecycle/). Version 8.8.15 will also continue to receive patches during this time frame. John E. described this new model for Zimbra 9 as "open core" where the open source products on which Zimbra is built will continue to be freely available, but the Zimbra 9 product itself will not be open source." (Thanks to Emmanuel Seyman)

Security updates have been issued by Arch Linux (thunderbird), Debian (thunderbird), Fedora (drupal7-ckeditor, nrpe, and php-robrichards-xmlseclibs1), Red Hat (firefox and kernel), SUSE (quartz), and Ubuntu (thunderbird).

By the end of the 5.7 merge window, 11,998 non-merge changesets had been pulled into the mainline repository for this development cycle. That is 1,218 more than were seen during the 5.6 merge window; it would appear that current world events have not succeeded in slowing down the kernel community — at least, not yet. The latter half of the merge window tends to see more fixes and fewer new features, but there are still a number of interesting things that showed up after the first-half summary was written.

Stable kernels 5.6.4, 5.5.17, 5.4.32, 4.19.115, 4.14.176, 4.9.219, and 4.4.219 have been released. They all contain important fixes and users should upgrade.