Linux Weekly News

The third 5.5 kernel prepatch is out; it was a bit bigger than Linus would have liked. "Anyway, I'm hoping rc3 is a one-off. In fact, with the holiday season coming up, I'd be very surprised indeed if it wasn't. So I suspect things will calm down a lot over the next couple of weeks, but please do use the down-time to do some extra testing instead, ok?"

The 5.4.6, 4.19.91, 4.14.160, 4.9.207, and 4.4.207 stable kernel updates have all been released; each contains another set of important fixes.

The Linux control-group mechanism was designed to make it easy to assign processes to groups or move them around; it is a simple matter of writing a process ID to the appropriate cgroup.procs file in the control-group filesystem hierarchy. That only works for processes that actually exist, though. Adding the ability to place a new process into a control group at birth is the subject of this patch set from Christian Brauner.

Michał Górny describes an effort to create something one might have never expected to see: a binary kernel package for the Gentoo distribution. "I have manually configured the kernels for my private systems long time ago. Today, I wouldn’t really have bothered. In fact, I realized that for some time I’m really hesitant to even upgrade them because of the effort needed to update configuration. The worst part is, whenever a new kernel does not boot, I have to ask myself: is it a real bug, or is it my fault for configuring it wrong?"

Security updates have been issued by Debian (cyrus-imapd and gdk-pixbuf), Fedora (cacti, cacti-spine, and fribidi), Red Hat (fribidi, git, and openstack-keystone), Scientific Linux (fribidi), Slackware (wavpack), and SUSE (firefox, kernel, mariadb, spectre-meltdown-checker, and trousers).

Version 3.11 of the lightweight Alpine Linux distribution is available. Changes include the 5.4 kernel, Raspberry Pi 4 support, GNOME and KDE support, and the deprecation of Python 2.

The Cloud Native Computing Foundation (CNCF) is part of the Linux Foundation that is focused on Kubernetes and other cloud technologies. It has announced that The Update Framework (TUF) has graduated to a full member project. "TUF, an open-source technology that secures software update systems, is the first specification and first security-focused project to graduate. Justin Cappos, associate professor of computer science and engineering at NYU Tandon School of Engineering, initially developed the project in 2009. Cappos is also the first academic researcher to lead a graduated project and TUF is the first project born out of a university to graduate.

Security updates have been issued by Arch Linux (git, libgit2, and shadow), Debian (debian-edu-config and python-django), Fedora (python-django), Mageia (apache-commons-beanutils, fence-agents, flightcrew, freerdp, htmldoc, libssh, pacemaker, rsyslog, samba, and sssd), Oracle (freetype and kernel), Scientific Linux (freetype and kernel), SUSE (firefox, spectre-meltdown-checker, thunderbird, xen, and zziplib), and Ubuntu (python-django).

The LWN.net Weekly Edition for December 19, 2019 is available.

2019 is coming to a close. It has been another busy year with a lot going on in the Linux and free-software communities. Here at LWN, we have a longstanding tradition of looking back at the predictions made in January to see just how badly we did; it's not good to go against tradition no matter how embarrassing the results might be, so we might as well get right into it.

Once upon a time, Linux was installed from a stack of floppy disks—thankfully cassette tape "drives" were long in the past at that point—but floppies were superseded by optical media, first CDs and then DVDs. These days, those options are starting to fade away in most new computer systems; just as it is now rather hard to find a floppy-based Linux installer, not to mention the media and drives themselves, someday optical media installation will disappear as well. For Fedora, that day has not truly arrived, though a somewhat confusingly presented proposal on the Fedora devel mailing list is, to a limited extent, a step in that direction.

Stable kernels 5.4.4, 5.3.17, 4.19.90, and 4.14.159 have been released. They all contain important fixes and users should upgrade.

Update: Stable kernels 5.4.5 and 5.3.18 have also been released. This is the last 5.3.y kernel release and users should move to 5.4.y.

Security updates have been issued by Debian (debian-edu-config, harfbuzz, libvorbis, and python-ecdsa), Fedora (chromium, fribidi, libssh, and openslp), openSUSE (chromium), Oracle (grub2), Red Hat (rh-maven35-apache-commons-beanutils), SUSE (kernel, libssh, mariadb, samba, and xen), and Ubuntu (openjdk-8, openjdk-lts).

Programming languages generally have limits—explicit or implicit—on various aspects of their operation. Things like the maximum length of an identifier or the range of values that a variable can store are fairly obvious examples, but there are others, many of which are unspecified by the language designers and come about from various implementations of the language. That ambiguity has consequences, so nailing down a wide variety of limits in Python is the target of an ongoing discussion on the python-dev mailing list.

SpamAssassin 3.4.3 has been released. It includes a new plugin for finding macros in Office documents, a couple of security fixes, and various other improvements. The project is also letting it be known that, due to the dropping of support for rulesets with SHA-1 signatures, versions of SpamAssassin prior to 3.4.2 will no longer be able to download rule updates as of the beginning of March.

Security updates have been issued by Debian (libssh, ruby2.3, and ruby2.5), Fedora (kernel and libgit2), openSUSE (chromium and libssh), Oracle (openslp), Red Hat (container-tools:1.0, container-tools:rhel8, freetype, kernel, and kpatch-patch), Scientific Linux (openslp), SUSE (git and LibreOffice), and Ubuntu (graphicsmagick).

XFS filesystem maintainer Darrick Wong summarizes the significant XFS developments from the last year. "The year 2038 poses a special problem for Linux -- any signed 32-bit seconds counter will overflow back to 1901. Work is underway in the kernel to extend all of those counters to support 64-bit counters fully. In 2020, we will begin work on extending XFS's metadata (primarily inode timestamps and quota expiration timer) to support timestamps out to the year 2486. It should be possible to upgrade to existing V5 filesystems."

Stable kernels 5.4.3, 5.3.16, and 4.19.89 have been released. They all contain important fixes throughout the tree and users should upgrade.

Security updates have been issued by Debian (davical, intel-microcode, libpgf, php-horde, spamassassin, spip, and thunderbird), Mageia (clementine, dnsmasq, git, jasper, kdelibs4, kernel, libcroco, libgit2, libvirt, ncurses, openafs, proftpd, qbittorrent, signing-party, squid, and wireshark), openSUSE (java-1_8_0-openjdk and postgresql), Oracle (kernel), Red Hat (chromium-browser and openslp), and SUSE (kernel, libssh, and xen).

The second 5.5 kernel prepatch is out. "Things look normal - rc2 is usually fairly calm, and so it was this week too."