The LWN.net Weekly Edition for July 11, 2019 is available.
The third edition of the
Operating-System-Directed Power-Management (OSPM) summit was held
May 20-22 at the ReTiS Lab of the Scuola Superiore Sant'Anna in Pisa,
Italy. The summit is organized to collaborate on ways to reduce the energy
consumption of Linux systems, while still meeting performance and other
goals. It is attended by scheduler, power-management, and other kernel
developers, as well as academics, industry representatives, and others
interested in the topics.
As with previous years (2018 and 2017), LWN is happy to be able to bring our
readers some extensive writeups of the talks and discussions that went on
at OSPM. Subscribers can read on for the start of the writeups from the
summit, which were authored by a long list of the participants.
Security updates have been issued by Debian (redis), Fedora (expat), Mageia (dosbox, irssi, microcode, and postgresql11), Red Hat (bind, dbus, openstack-ironic-inspector, openstack-tripleo-common, python-novajoin, and qemu-kvm-rhev), Scientific Linux (kernel), SUSE (kernel-firmware, libdlm, libqb, and libqb), and Ubuntu (apport).
Python does not lack for web frameworks, from all-encompassing frameworks
"nanoframeworks" such as WebCore
. A recent "spare
time" project caused me to look into options in the middle of this range of
choices, which is where the Python "microframeworks" live. In particular,
I tried out the Bottle
microframeworks—and learned a lot
in the process.
Subscribers can read on for the full report by Jake Edge from this week's
GnuPG 2.2.17 has been released to mitigate attacks on keyservers
. In particular, GPG will
now ignore all key-signatures received from keyservers.
Firefox 68.0 has been released, with an Extended Support Release (ESR)
version available, in addition to the usual rapid release version. The
rapid release version features a dark mode in reader view, improved
extension security and discovery, and more. See the release
for details. The ESR
list some additional policies and other improvements.
Software in the Public Interest (SPI) has announced
that nominations are open until July 15 for 3 seats on the SPI
board. "The ideal candidate will have an existing involvement in the
Free and Open Source community, though this need not be with a project
affiliated with SPI.
Security updates have been issued by Arch Linux (irssi, python-django, and python2-django), Debian (libspring-security-2.0-java and zeromq3), Red Hat (python27-python), SUSE (ImageMagick, postgresql10, python-Pillow, and zeromq), and Ubuntu (apport, Docker, glib2.0, gvfs, whoopsie, and zeromq3).
Fedora project leader Matthew Miller reassures the community that IBM's
acquisition of Red Hat,
which just closed, will not affect Fedora. "In Fedora, our mission, governance, and objectives remain the same. Red
Hat associates will continue to contribute to the upstream in the same
ways they have been."
The Android system has shipped a couple of allocators for DMA buffers
over the years; first came PMEM
, then its
. The ION allocator has
been in use since around 2012, but it remains stuck in the kernel's staging
work to add ION to the mainline
started in 2013;
at that time, the allocator had multiple issues that made inclusion
impossible. Recently, John Stultz posted
a patch set
introducing DMA-BUF heaps, an evolution of ION, that is
designed to do exactly that — get the Android DMA-buffer allocator to
the mainline Linux kernel.
Konstantin Ryabitsev has posted a
lengthy blog entry
describing his vision for moving away from email for
kernel development. "I think it's way past due time for us to come
up with a solution that would offer decentralized, self-archiving, fully
attestable, 'cradle-to-grave' development platform that covers all aspects
of project development and not just the code. It must move us away from
mailing lists, but avoid introducing single points of trust, authority, and
Security updates have been issued by Debian (dosbox, python-django, squid3, and unzip), Fedora (filezilla, libfilezilla, and samba), openSUSE (gvfs), Oracle (kernel), Red Hat (firefox and redhat-virtualization-host), SUSE (bash and libpng16), and Ubuntu (libvirt).
Linus Torvalds has released
the 5.2 kernel.
He originally planned for an rc8 this week, rather than 5.2, due to his travel schedule, but was pleasantly surprised at how calm things have been. "So despite a fairly late core revert, I don't see any real reason for
another week of rc, and so we have a v5.2 with the normal release
Some of the more significant changes in 5.2 are
a new CLONE_PID
flag to clone()
to obtain a pidfd for the
a significant BPF verifier performance improvement that allows the maximum
size of a BPF program to be raised to 1 million instructions,
a BPF hook to manage sysctl knobs
a new set of system calls
for the ext4
a process freezer for version-2 control groups,
and, of course, a vast number of fixes.
Debian version 10, code named "Buster", has been released
. It has lots of new features, including: "In this release, GNOME defaults to using the Wayland display server instead of Xorg. Wayland has a simpler and more modern design, which has advantages for security. However, the Xorg display server is still installed by default and the default display manager allows users to choose Xorg as the display server for their next session.
Thanks to the Reproducible Builds project, over 91% of the source packages included in Debian 10 will build bit-for-bit identical binary packages. This is an important verification feature which protects users against malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive.
For those in security-sensitive environments AppArmor, a mandatory access control framework for restricting programs' capabilities, is installed and enabled by default. Furthermore, all methods provided by APT (except cdrom, gpgv, and rsh) can optionally make use of seccomp-BPF sandboxing. The https method for APT is included in the apt package and does not need to be installed separately.
" More information can be found in the release notes
The kernel development community continues to propose new system calls at a
high rate. Three ideas that are currently in circulation on the mailing
lists are clone3(), fchmodat4(), and fsinfo().
In some cases, developers are just trying to make more flag bits available,
but there is also some significant new functionality being discussed.
The Open Build Service
(OBS) project has announced
the release of version 2.10 of OBS, which is a system to build and distribute binary packages built from source code. The new version has revamped the web user interface and upgraded the container delivery mechanisms. Beyond that, it has fixed plenty of bugs (of course), added a bunch of smaller features, and now provides integration with other online tools: "Another trend in the professional software world is to plug various tools together into grand continuous integration/deployment cycles (CI/CD). You, of course, also want to throw the OBS into the mix and we traditionally supported you to do that on GitHub with webhooks. The 2.10 release now brings the same kind of support to other tools like Gitlab and Pagure. You can trigger all kinds of actions on OBS for every git commit or other events that happen on those tools.
Security updates have been issued by SUSE (firefox, mozilla-nss, mozilla-nspr, helm-mirror, libu2f-host, and libu2f-host, pam_u2f) and Ubuntu (bzip2 and irssi).
On NUMA systems with a lot of CPUs, it is common to assign parts of the
workload to different subsets of the available processors. This
partitioning can improve performance while reducing the ability of jobs to
interfere with each other. The partitioning mechanisms available on
current kernels might just do too good a job in some situations, though,
leaving some CPUs idle while others are overutilized. The soft
affinity patch set
from Subhra Mazumdar is an attempt to improve
performance by making that partitioning more porous.
Security updates have been issued by CentOS (libssh2 and qemu-kvm), Debian (lemonldap-ng), Fedora (tomcat), Oracle (kernel), and SUSE (elfutils, kernel, and php5).