Linux Weekly News

By many accounts, the kernel project uses outdated tooling, far behind the state of the art that Kids Today tend to favor. The kernel's workflow has worked well (enough) for years, but there are signs that it may not be sustainable indefinitely. As a result, there has been an ongoing conversation about improving the kernel's workflow, but little has changed so far. The posting of a simple tool called get-lore-mbox is a sign that the rate of change may be about to increase.

Security updates have been issued by CentOS (kernel-rt, qemu-kvm, spamassassin, and Xorg), Debian (ruby-rack-cors), Fedora (glibc), openSUSE (ImageMagick), Oracle (ipa, kernel, and qemu-kvm), SUSE (systemd), and Ubuntu (exiv2, mbedtls, and systemd).

The LWN.net Weekly Edition for February 6, 2020 is available.

Stable kernels 5.4.18, 4.19.102, and 4.14.170 have been released. They contain important fixes and users should upgrade.

Browser tracking across different sites is certainly a major privacy concern and one that is more acute when the boundaries between sites and browsers blur—or disappear altogether. That seems to be the underlying tension in a "discussion" of an only tangentially related proposal being made by Google to the W3C Technical Architecture Group (TAG). The proposal would change the handling of the User-Agent headers sent by browsers, but the discussion turned to the unrelated X-Client-Data header that Chrome sends to Google-owned sites. The connection is that in both cases some feel that the web-search giant is misusing its position to the detriment of its users and its competitors in the web ecosystem.

Support for the CoreOS Container Linux distribution is coming to an end on May 26; there will be no further updates after that date. Users are recommended to move to Fedora CoreOS or some other distribution.

Stable kernels 5.5.2, 4.9.213, and 4.4.213 have been released with important fixes. Users should upgrade.

Security updates have been issued by Debian (storebackup), openSUSE (e2fsprogs and wicked), Red Hat (containernetworking-plugins, ipa, kernel, kernel-rt, ksh, and qemu-kvm), Scientific Linux (ipa and qemu-kvm), SUSE (libqt5-qtbase, python-reportlab, and terraform), and Ubuntu (graphicsmagick, OpenSMTPD, spamassassin, and sudo).

Python 2 was officially "retired" on the last day of 2019, so no bugs will be fixed or changes made in that version of the language, at least by the core developers—distributions and others will continue for some time to come. But there are lots of Python projects that still support Python 2.7 and may not be ready for an immediate clean break. Some changes that were made for the upcoming Python 3.9 release (which is currently scheduled for October) are causing headaches because support for long-deprecated 2.7-compatibility features is being dropped. That led to a discussion on the python-dev mailing list about postponing those changes to give a bit more time to projects that want to drop Python 2.7 support soon, but not immediately.

Security updates have been issued by Arch Linux (salt), CentOS (git), Debian (qtbase-opensource-src), Fedora (java-11-openjdk), Mageia (kernel and openjpeg2), openSUSE (mailman, python-reportlab, ucl, and upx), Oracle (git), Red Hat (container-tools:rhel8, go-toolset:rhel8, grub2, kernel, kernel-rt, php:7.2, and sudo), SUSE (crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client and python36), and Ubuntu (python-django).

The Git source-code management system is famously built on the SHA‑1 hashing algorithm, which has become an increasingly weak foundation over the years. SHA‑1 is now considered to be broken and, despite the fact that it does not yet seem to be so broken that it could be used to compromise Git repositories, users are increasingly worried about its security. The good news is that work on moving Git past SHA‑1 has been underway for some time, and is slowly coming to fruition; there is a version of the code that can be looked at now.

Security updates have been issued by Arch Linux (opensmtpd), Debian (firefox-esr, libidn2, libjackson-json-java, prosody-modules, qemu, qtbase-opensource-src, spamassassin, and sudo), Fedora (e2fsprogs, java-1.8.0-openjdk, mingw-openjpeg2, openjpeg2, samba, sox, upx, webkit2gtk3, and xar), Red Hat (git), Scientific Linux (git), Slackware (sudo), SUSE (ceph and rmt-server), and Ubuntu (sudo).

The GNU libc 2.31 release is out. Significant changes include some initial C2X standard support, some DNS stub resolver changes, a new pthread_clockjoin_np() POSIX threads extension, a number of changes to time-related functions, and more.

The 5.5.1, 5.4.17, and 4.19.101 stable kernel updates have been released; each contains another set of important fixes.

The longtime tech writer for the Yocto Project, Scott Rifenbark, has died after a battle with cancer. Project architect Richard Purdie announced the sad news on the yocto mailing list; he also reflected on Rifenbark and his impact: "I remember interviewing Scott over 10 years ago when forming a team at Intel to work on what became the Yocto Project, he was with it from the start. He warned me he wasn't an entirely traditional tech writer but I warned we weren't aiming to be a traditional project either. It was a great match. He stayed with the project ever since in one way or another, he enjoyed working on the project and we enjoyed working with him. The concept of having a tech writer as part of the team was a decision I'm proud of and it shows in the material supporting the project today but that success belongs to Scott and his approach to it. Someone else put that best, 'He would first try the procedure or instructions before documenting it, I was really impressed'. He was hands on and wanted things to be understandable and correct, a huge challenge with some of the complexities we deal with."

As network interfaces get faster, the amount of CPU time available to process each packet becomes correspondingly smaller. The good news is that many tasks, including packet filtering, can be offloaded to the hardware itself. The bad news is that the Linux kernel required quite a bit of work to be able to take advantage of that capability. The first article in this series provided an overview of how hardware-based packet filtering can work and the support for this feature that already existed in the kernel. This series now concludes with a detailed look at how offloaded packet filtering works in the netfilter subsystem and how administrators can make use of it.

Security updates have been issued by Debian (libsolv, libxmlrpc3-java, openjpeg2, qemu, and suricata), Fedora (ansible, chromium, java-latest-openjdk, links, mingw-openjpeg2, nss, openjpeg2, python-pillow, thunderbird, webkit2gtk3, and xen), Mageia (gdal, java-1.8.0-openjdk, mariadb, openjpeg2, and sqlite3), Oracle (kernel), Red Hat (rh-java-common-xmlrpc), SUSE (e2fsprogs, ImageMagick, php72, tigervnc, and wicked), and Ubuntu (keystone).

As of this writing, 4,726 non-merge changesets have been pulled into the mainline repository for the 5.6 development cycle. That is a relatively slow start by contemporary kernel standards, but it still is enough to bring a number of new features, some of which have been pending for years, into the mainline. Read on for a summary of the changes pulled in the early part of the 5.6 merge window.

Ian Jackson posted a note to the xen-announce mailing list with the sad news that Xen community manager and project advisory board member Lars Kurth has died. "I'm very sad to inform you that Lars Kurth passed away earlier this week. Many of us regarded Lars as a personal friend, and his loss is a great loss to the Xen Project. We plan to have a tribute to Lars on the XenProject blog in the near future. Those who are attending FOSDEM may wish to attend the short tribute we plan for Sunday morning: https://fosdem.org/2020/schedule/event/vai_memory_of_lars_kurth/"

From Ian Jackson we have the sad news that Lars Kurth, longtime community developer and community manager for the Xen project, has passed away. There is an event planned on February 2 for those who will be at FOSDEM.