Hírolvasó

The realtime developers have been working for many years to create a kernel where the highest-priority task is always able to run without delay. That has meant a long process of finding and fixing situations where high-priority tasks might be blocked from running; one of the persistent problems in this regard has been kernel code that disables preemption. One tool that the realtime developers have reached for is disabling migration (moving a process from one CPU to another) rather than preemption; this approach has not been entirely popular among scheduler developers, though. Even so, the solution would appear to be this migration-disable patch set from scheduler developer Peter Zijlstra.

Security updates have been issued by CentOS (bind, firefox, java-1.8.0-openjdk, kernel, libX11, qemu-kvm, thunderbird, and xorg-x11-server), Debian (guacamole-server, krb5, libexif, poppler, raptor2, and sympa), Fedora (blueman, chromium, freetype, galera, krb5, libtpms, mariadb, mariadb-connector-c, pngcheck, and salt), Mageia (blueman, docker, fontforge, junit, libproxy, libuv, mariadb, suricata, and webmin), openSUSE (apache-commons-httpclient, bluez, gnome-settings-daemon, gnome-shell, python, salt, sddm, u-boot, virt-bootstrap, and wireshark), Red Hat (chromium-browser), SUSE (ceph, deepsea, kernel, Salt, salt, SUSE Manager 3.2, u-boot, and yast2-multipath), and Ubuntu (openldap and pacemaker).

Undeadly.org co-editor Peter Hansteen writes in, saying,

On Saturday November 7th I remote participated in OpenFest 2020 with an updated version of the OpenBSD and you talk.

Recordings will be released after the conference, but I was happy enough with my dry run or backup recording that I'm making that available too, along with the slides to follow along. I hope this will be useful in your advocacy or education on OpenBSD and why the project matters.

In case you were wondering, this is an update on a talk we covered previously, with updates to cover the more recent OpenBSD 6.8.

The 5.10-rc3 kernel prepatch is out for testing. "Things look normal. rc3 is neither particularly small or particularly large - it's pretty much average for an rc3 release for the last couple of years."

Version 2.0 of the Mutt email client is out. "This release was bumped to 2.0, not because of the magnitude of features (which is actually smaller than past releases), but because of a few changes that are backward incompatible". New features include a cd command to change directories, automatic IMAP reconnection, and "MuttLisp", a Lisp-like language for the configuration file. See the release notes for details.

The 2020 editions of Open Source Summit Europe (OSS EU) and Embedded Linux Conference Europe (ELC EU) were held virtually October 26-30, along with some other events (KVM Forum, Linux Security Summit, and more). The videos, Q&A, and presentations from those conferences are now available to all at the event site through the month of November. The videos will also be posted to YouTube during the month so that they will be available for the future. The schedule is available as well.

As described in this Let's Encrypt blog entry, certificates issued by Let's Encrypt will soon be signed solely by that organization's own root certificate, which is accepted by all modern browsers. There is one little catch, though: versions of Android prior to 7.1.1 (released in late 2016) do not recognize that certificate and will start throwing errors. "Currently, 66.2% of Android devices are running version 7.1 or above. The remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let’s Encrypt certificate. In our communications with large integrators, we have found that this represents around 1-5% of traffic to their sites." There appears to be little to be done about this problem other than to encourage owners of older Android devices to install Firefox.

The kmap() interface in the kernel is a bit of a strange beast. It only exists to overcome the virtual addressing limitations of 32-bit CPUs, but it affects code across the kernel and has side effects on 64-bit machines as well. A recent discussion on the handling of preemption within the kernel identified a number of problems in need of attention, one of which was the kmap() API. Now, an extension to this API called kmap_local() is being proposed to address some of the problems; it signals another step in the kernel community's slow move away from supporting 32-bit machines as first-class citizens.

Security updates have been issued by Debian (sddm and wordpress), Fedora (blueman, chromium, pngcheck, and salt), openSUSE (chromium, salt, tiff, tigervnc, tmux, tomcat, transfig, and xen), Oracle (freetype, kernel, libX11, thunderbird, and xorg-x11-server), SUSE (bluez, ImageMagick, java-1_8_0-openjdk, rmt-server, salt, and u-boot), and Ubuntu (dom4j, firefox, netqmail, phpldapadmin, and tmux).

The scp command, which uses the SSH protocol to copy files between machines, is deeply wired into the fingers of many Linux users and developers — doubly so for those of us who still think of it as a more secure replacement for rcp. Many users may be surprised to learn, though, that the resemblance to rcp goes beyond the name; much of the underlying protocol is the same as well. That protocol is showing its age, and the OpenSSH community has considered it deprecated for a while. Replacing scp in a way that keeps users happy may not be an easy task, though.

Four new stable kernels have been released: 5.9.5, 5.4.75, 4.19.155, and 4.14.204. They are fairly large updates with lots of important fixes throughout the kernel tree; users should upgrade.

Update: 5.9.6 has been released to fix a build problem with 5.9.5: "if 5.9.5 built properly for you, wonderful, no need to upgrade".

Security updates have been issued by Debian (bouncycastle, gdm3, and libonig), Fedora (arpwatch, thunderbird, and trousers), openSUSE (chromium, gn), Red Hat (freetype, libX11, thunderbird, and xorg-x11-server), and SUSE (ImageMagick, java-11-openjdk, salt, and wireshark).

The LWN.net Weekly Edition for November 5, 2020 is available.

At this year's (virtual) Open Source Summit Europe, Oleg Fiksel gave an overview talk on the Matrix decentralized, secure communication network project. Matrix has been seeing increasing adoption recently, he said, including by governments (beyond France, which we already reported on in an article on a FOSDEM 2019 talk) and other organizations. It also aims to bridge all of the different chat mechanisms that people are using in order to provide a unified interface for all of them.

Greg Kroah-Hartman has released stable kernel 5.9.4. "This is only a bugfix for the 5.9.3 kernel release which had some problems with some symlinks for the powerpc selftests." If you did not have any issues with 5.9.3 there is no need to upgrade.

Security updates have been issued by Arch Linux (chromium and firefox), Fedora (nss), openSUSE (pacemaker), Red Hat (bind, binutils, bluez, cloud-init, container-tools:rhel8, cryptsetup, cups, curl, cyrus-imapd, cyrus-sasl, dovecot, dpdk, edk2, evolution, expat, file-roller, fontforge, freeradius:3.0, freerdp and vinagre, freetype, frr, gd, glibc, GNOME, gnome-software and fwupd, gnupg2, grafana, httpd:2.4, idm:DL1 and idm:client, kernel, kernel-rt, libarchive, libexif, libgcrypt, libldb, libpcap, librabbitmq, libreoffice, librsvg2, libsolv, libssh, libtiff, libvpx, libX11, libxml2, libxslt, mailman:2.1, mingw-expat, nodejs:12, oddjob, oniguruma, opensc, openssl, openwsman, pcre2, pki-core:10.6 and pki-deps:10.6, poppler, prometheus-jmx-exporter, python-pip, python27:2.7, python3, python38:3.8, qt5-qtbase and qt5-qtwebsockets, resource-agents, SDL, spamassassin, sqlite, squid:4, subversion:1.10, sysstat, systemd, targetcli, tcpdump, thunderbird, varnish:6, vim, and virt:rhel and virt-devel:rhel), SUSE (apache-commons-httpclient, gnome-settings-daemon, gnome-shell, kernel, libvirt, opensc, ovmf, python, rmt-server, and sane-backends), and Ubuntu (accountsservice, gdm3, libytnef, python-cryptography, and spice-vdagent).

Pluto is a new computational notebook for the Julia programming language. Computational notebooks are a way to program inside of a web browser, storing code, annotations, and output, including graphics, in a single place. They became popular with the advent of the Jupyter notebook, which originally targeted Julia, Python, and R—the names got mashed together to make the word "Jupyter".

Kernel.org manager Konstantin Ryabitsev describes the Git signed-push functionality, which is now supported by the kernel.org system. "To help hedge against this problem, git provides developers a way to sign their actual pushes, as a means to attest 'yes, I actually did intend to push these commits into this ref in this repository on this server, and here's my PGP signature to prove it.'" Among other things, these signatures can be preserved in a commit transparency log, which is also now provided by kernel.org.

Alyssa Rosenzweig reports on the progress of the Panfrost driver. "Since our previous update on Panfrost, the open source stack for Arm's Mali Midgard and Bifrost GPUs, we've focused on taking our driver from its reverse-engineered origins on Midgard to a mature stack. We've overhauled both the Gallium driver and the backend compiler, and as a result, Mesa 20.3 -- scheduled for release at the end-of-the-month -- will feature some Bifrost support out-of-the-box."