Security updates for Tuesday
Security updates have been issued by Debian (samba), Fedora (kernel), openSUSE (netcdf and tor), SUSE (netcdf and python-Pygments), and Ubuntu (imagemagick).
Hírolvasó
[$] A different approach to BPF loops
One of the key features of the extended BPF virtual machine is the verifier
built into the kernel that ensures that all BPF programs are safe to run.
BPF developers often see the verifier as a bit of a mixed blessing, though;
while it can catch a lot of problems before they happen, it can also be
hard to please. Comparisons with a well-meaning but rule-bound and picky
bureaucracy would not be entirely misplaced. The bpf_loop()
proposal from Joanne Koong is an attempt to make pleasing the BPF
bureaucrats a bit easier for one type of loop construct.
Security updates for Monday
Security updates have been issued by Debian (bluez, icu, libntlm, libvorbis, libvpx, opensc, roundcube, and tar), Fedora (kernel, kernel-headers, kernel-tools, puppet, slurm, stargz-snapshotter, and suricata), openSUSE (netcdf), Oracle (bluez, kernel, kernel-container, krb5, mailman:2.1, openssh, python3, and rpm), Red Hat (samba), and SUSE (xen).
Kernel prepatch 5.16-rc3
The 5.16-rc3 kernel prepatch is out for
testing. "So rc3 is usually a bit larger than rc2 just because people had some
time to start finding things.
So too this time, although it's not like this is a particularly big
rc3."
PHP 8.1.0 and a new foundation
Version
8.1.0 of the PHP language has been released. This release includes a
number of new features, including enumerations,
read-only
properties,
fibers, and more.
Meanwhile, a new foundation has been created to support development of PHP:
The initial purpose of the PHP Foundation is to support the development of PHP by contracting developers to work on php-src either part-time or full-time. If that sounds interesting to you, be sure to apply!
The foundation does not have any decision-making power on language changes: these remain within the sole purview of the internals mailing list and the RFC process. The fact that some work has been funded by the foundation does not imply that it will be accepted into PHP.
More information can be found in this blog entry.
Six more stable kernels
Security updates for Friday
Security updates have been issued by Fedora (freerdp, gnome-boxes, gnome-connections, gnome-remote-desktop, guacamole-server, hydra, java-1.8.0-openjdk-aarch32, medusa, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, php, pidgin-sipe, remmina, vinagre, and weston), openSUSE (kernel and netcdf), and SUSE (kernel and netcdf).
Stable kernel 5.15.5
The 5.15.5 stable kernel has been
released. As usual, it contains lots of important fixes throughout the
kernel tree. Users should upgrade.
Security updates for Thursday
Security updates have been issued by Fedora (busybox, getdata, and php), Mageia (couchdb, freerdp, openexr, postgresql, python-reportlab, and rsh), openSUSE (bind, java-1_8_0-openjdk, and kernel), SUSE (java-1_7_0-openjdk), and Ubuntu (icu).
Security updates for Wednesday
Security updates have been issued by Debian (openjdk-17), Fedora (libxls, roundcubemail, and vim), openSUSE (bind, java-1_8_0-openjdk, and redis), Red Hat (kernel, kernel-rt, kpatch-patch, krb5, mailman:2.1, openssh, and rpm), Scientific Linux (kernel, krb5, openssh, and rpm), SUSE (bind, java-1_8_0-openjdk, redis, and webkit2gtk3), and Ubuntu (bluez).
Dave Airlie (blogspot): video decode: crossing the streams
I was interested in how much work a vaapi on top of vulkan video proof of concept would be.
My main reason for being interested is actually video encoding, there is no good vulkan video encoding demo yet, and I'm not experienced enough in the area to write one, but I can hack stuff. I think it is probably easier to hack a vaapi encode to vulkan video encode than write a demo app myself.
With that in mind I decided to see what decode would look like first. I talked to Mike B (most famous zink author) before he left for holidays, then I ignored everything he told me and wrote a super hack.
This morning I convinced zink vaapi on top anv with iris GL doing the presents in mpv to show me some useful frames of video. However zink vaapi on anv with zink GL is failing miserably (well green jellyfish).
I'm not sure how much more I'll push on the decode side at this stage, I really wanted it to validate the driver side code, and I've found a few bugs in there already.
The WIP hacks are at [1]. I might push on to encode side and see if I can workout what it entails, though the encode spec work is a lot more changeable at the moment.
[1] https://gitlab.freedesktop.org/airlied/mesa/-/commits/zink-video-wip
Security updates for Tuesday
Security updates have been issued by Debian (mbedtls), Red Hat (kernel and rpm), and Ubuntu (freerdp2).
A preview of Amazon's AL2022 distribution
Amazon has announced
a preview release of its upcoming AL2022 distribution. The company plans
to support AL2022 for five years after its release.
AL2022 uses the Fedora project as its upstream to provide customers with a wide variety of the latest software, such as updated language runtimes, as part of quarterly releases. In addition, AL2022 has SELinux enabled and enforced by default.
Kernel prepatch 5.16-rc2
The second 5.16 kernel prepatch is out for
testing. "Nothing especially noteworthy stands out for the last
week, it all felt pretty normal for a rc2 week".
Security updates for Monday
Security updates have been issued by Debian (firebird3.0, libmodbus, and salt), Fedora (js-jquery-ui and wordpress), Mageia (arpwatch, chromium-browser-stable, php, rust, and wireshark), openSUSE (barrier, firefox, hylafax+, opera, postgresql12, postgresql13, postgresql14, and tomcat), SUSE (ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma, ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma, firefox, kernel, postgresql, postgresql13, postgresql14, postgresql10, postgresql12, postgresql13, postgresql14, postgresql96, and samba), and Ubuntu (libreoffice).
More stable kernel updates
The
5.15.4,
5.14.21,
5.10.81, and
5.4.161 stable kernels have been released.
Each contains another set of important updates, but it's worth
noting that 5.4.161
hasn't been through the usual review process due to an amusing bit of
scripting confusion.
[$] In search of an appropriate RLIMIT_MEMLOCK default
One does not normally expect a lot of disagreement over a 13-line patch
that effectively tweaks a single line of code. Occasionally, though, such
a patch can expose a disagreement over how the behavior of the kernel
should be managed. This patch
from Drew DeVault, who is evidently taking a break from stirring up
the npm community, is a case in point. It brings to light the question
of how the kernel community should pick default values for configurable
parameters like resource limits.
Security updates for Friday
Security updates have been issued by Arch Linux (chromium, grafana, kubectl-ingress-nginx, and opera), Debian (netkit-rsh and salt), Fedora (freeipa and samba), Mageia (opensc, python-django-filter, qt4, tinyxml, and transfig), openSUSE (opera and transfig), Red Hat (devtoolset-11-annobin, devtoolset-11-binutils, and llvm-toolset:rhel8), SUSE (php72 and php74), and Ubuntu (mailman and thunderbird).
[$] What to do in response to a kernel warning
The kernel provides a number of macros internally to allow code to generate
warnings when something goes wrong. It does not, however, provide a lot of
guidance regarding what should happen when a warning is issued. Alexander
Popov recently posted a
patch series adding an option for the system's response to warnings;
that series seems unlikely to be applied in anything close to its current
form, but it did succeed in provoking a discussion on how warnings should
be handled.
Two more stable kernels
Greg Kroah-Hartman has released two more stable kernels. 5.14.20 reverts three patches from the
5.14.19 release, while 5.10.80 is one of the
massive updates mentioned yesterday. The
other massive release mentioned, 5.15.3, is still under
review and can be expected in the next day or two. As usual, the
kernels released contain important fixes and users should upgrade.
Update: 5.15.3 was also released.