LWN.net News from the source
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
Linus Torvalds released 6.1-rc1 and closed the 6.1 merge window on October 16; at that point, 11,537 non-merge changesets had been pulled into the mainline repository. That is considerably less than the 13,543 changesets pulled during the 6.0 merge window, but quantity is not everything: there were quite a few significant changes brought in this time around. Many of those were part of the nearly 5,800 changesets pulled since our first 6.1 merge window summary; read on for a look at some of the work done in the latter part of this merge window.
Software patents affect our systems in many ways, but perhaps most strongly in the area of codecs — code that creates or plays back audio or video that has been compressed using covered algorithms. For this reason, certain formats have simply been unplayable on many Linux distributions — especially those backed by companies that are big enough to be worth suing — without installing add-on software from third-party repositories. One might think that this problem could be worked around by purchasing hardware that implements the patented algorithms, but recent activity in the Fedora and openSUSE communities shows that life is not so simple.
There have been a lot of significant changes merged into the mainline for the 6.1 release, but one of the changes that has received the most attention will also have the least short-term effect for users of the kernel: the introduction of support for the Rust programming language. No system with a production 6.1 kernel will be running any Rust code, but this change does give kernel developers a chance to play with the language in the kernel context and get a sense for how Rust development feels. Perhaps the most likely conclusion for most developers, though, will be that there isn't yet enough Rust in the kernel to do much of anything interesting.
The LWN.net Weekly Edition for October 13, 2022 is available.
Inside this week's LWN.net Weekly Edition
At the end of September, Victor Stinner reported on a security bug fix he had been working on for a script from the CPython Tools/scripts directory. As part of that work, he realized that there were 74 scripts in that directory that were potentially outdated, unused, unmaintained, trivial, buggy, or some combination of all of those. It is not uncommon for projects to have code that accretes in overlooked corners of the source tree, but it makes sense to periodically take a look to see if changes are needed. Stinner seems to have kicked that off for Python with his message.
The kernel's Bugzilla instance is largely unloved and ignored, at least as a bug-reporting tool for the bulk of the upstream kernel. At the recent Maintainers Summit, Bugzilla was discussed during the regression-handling session led by Thorsten Leemhuis. In a followup to that discussion, Leemhuis posted some ideas for improving the state of bugzilla.kernel.org to the ksummit-discuss mailing list recently; the resulting discussion helped clarify a number of problem areas for it—and for the Bugzilla tool itself.
Philip Herron and Arthur Cohen presented an update on the "gccrs" GCC front end for the Rust language at the 2022 Kangrejos conference. Less than two weeks later — and joined by David Faust — they did it again at the 2022 GNU Tools Cauldron. This time, though, they were talking to GCC developers and refocused their presentation accordingly; the result was an interesting look into the challenges of implementing a compiler for Rust.
The 6.1 merge window is well underway: since it opened, 5,752 non-merge changesets have been pulled into the mainline repository. That is approximately half of the work that had piled up in linux-next and marks a good time to look at what has been merged so far. Some long-awaited core changes have landed for the next kernel release, but there are likely to be more significant changes to come.
Back in May 2022, a mysterious set of patches titled insufficient TCP source port randomness crossed the mailing lists and was subsequently merged (at -rc6) into the 5.18 kernel. Little information was available at the time about why significant changes to the networking stack needed to be made so late in the development cycle. That situation has finally changed with the publication of this paper by Moshe Kol, Amit Klein, and Yossi Gilad. It seems that the way the kernel chose port numbers for outgoing network connections made it possible to uniquely fingerprint users.
The LWN.net Weekly Edition for October 6, 2022 is available.
Inside this week's LWN.net Weekly Edition
Version 5.5 of the Tor-centered Tails distribution is out. The biggest change appears to be a significant update to the Thunderbird email client.
Thunderbird 102 is a major update with many changes to the navigation, folder icons, and address book. Thunderbird 102 also includes important usability improvements to the OpenPGP feature. When composing an email, you can now see whether it will be encrypted or not. If encryption is impossible, a key assistant helps you solve key issues.
The 5.10.149 and 5.4.219 stable kernel updates have been released. These small updates contain only a few more WiFi fixes and one revert.
Version 2.3.8 of the GNU Privacy Guard is out. It contains a few new features but the real purpose is to fix CVE-2022-3515, an integer overflow vulnerability that can be exploited remotely for code execution via a, for example, malicious S/MIME attachment. Note that the actual vulnerability is in the libksba library, which is normally packaged separately on Linux systems.
Security updates have been issued by Arch Linux (kernel, linux-hardened, linux-lts, and linux-zen), Debian (python-django), Fedora (apptainer, kernel, python3.6, and vim), Gentoo (assimp, deluge, libvirt, libxml2, openssl, rust, tcpreplay, virglrenderer, and wireshark), Slackware (zlib), SUSE (chromium, python3, qemu, roundcubemail, and seamonkey), and Ubuntu (linux-aws-5.4 and linux-ibm).
Linus has released 6.1-rc1 and closed the merge window for this development cycle.
This isn't actually shaping up to be a particularly large release: we "only" have 11.5k non-merge commits during this merge window, compared to 13.5k last time around. So not exactly tiny, but smaller than the last few releases. At least in number of commits.That said, we've got a few core things that have been brewing for a long time, most notably the multi-gen LRU VM series, and the initial Rust scaffolding (no actual real Rust code in the kernel yet, but the infrastructure is there).
Google has announced the existence of yet another new operating system, called KataOS, aimed at the creation of secure embedded systems.
As the foundation for this new operating system, we chose seL4 as the microkernel because it puts security front and center; it is mathematically proven secure, with guaranteed confidentiality, integrity, and availability. Through the seL4 CAmkES framework, we're also able to provide statically-defined and analyzable system components. KataOS provides a verifiably-secure platform that protects the user's privacy because it is logically impossible for applications to breach the kernel's hardware security protections and the system components are verifiably secure. KataOS is also implemented almost entirely in Rust, which provides a strong starting point for software security, since it eliminates entire classes of bugs, such as off-by-one errors and buffer overflows.
The 6.0.2, 5.19.16, 5.15.74, 5.10.148, and 5.4.218 stable kernel updates have all been released. Among other things, these updates contain the fixes for the recently disclosed WiFi vulnerabilities.
Security updates have been issued by Debian (chromium), Fedora (dbus, dhcp, expat, kernel, thunderbird, vim, and weechat), Mageia (libofx, lighttpd, mediawiki, and python), Oracle (.NET 6.0 and .NET Core 3.1), Slackware (python3), SUSE (chromium, kernel, libosip2, python-Babel, and python-waitress), and Ubuntu (gThumb, heimdal, linux-aws, linux-gcp-4.15, linux-aws-hwe, linux-gcp, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, postgresql-9.5, and xmlsec1).
It would appear that there is a set of memory-related vulnerabilities in the kernel's WiFi stack that can be exploited over the air via malicious packets; five CVE numbers have been assigned to the set. Fixes are headed toward the mainline and should show up in stable updates before too long; anybody who uses WiFi on untrusted networks should probably keep an eye out for the relevant updates.
Version 15 of the PostgreSQL database management system is out.
PostgreSQL 15 builds on the performance improvements of recent releases with noticeable gains for managing workloads in both local and distributed deployments, including improved sorting. This release improves the developer experience with the addition of the popular MERGE command, and adds more capabilities for observing the state of the database.
There are a lot of changes in this release; click below for the details, and see the release notes for more.
Copyright © 2022, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds