Brief items
Security
Glibc becomes a CVE Numbering Authority
The GNU C Library project has been accepted as a CVE Numbering Authority (CNA), meaning that the project is now in control of the CVE numbers assigned to its code.
As a CNA the glibc security team will be working to improve the quality and response time of security advisories and mitigations.Over the coming months, the glibc security team will define the process for the CNA and establish best practices that can also be used by the rest of the GNU Toolchain.
See this article for some background on this change.
The kernel becomes its own CNA
Greg Kroah-Hartman has announced that the kernel project has been accepted as a CVE numbering authority (CNA). The way that CVE numbers will be handled by the kernel is described in this documentation patch:
As part of the normal stable release process, kernel changes that are potentially security issues are identified by the developers responsible for CVE number assignments and have CVE numbers automatically assigned to them. These assignments are published on the linux-cve mailing list as announcements on a frequent basis.Note, due to the layer at which the Linux kernel is in a system, almost any bug might be exploitable to compromise the security of the kernel, but the possibility of exploitation is often not evident when the bug is fixed. Because of this, the CVE assignment team are overly cautious and assign CVE numbers to any bugfix that they identify. This explains the seemingly large number of CVEs that are issued by the Linux kernel team.
Kernel development
Kernel release status
The current development kernel is 6.8-rc4, released on February 11. "Commit counts and contents look normal for this phase of the release, nothing here really stands out."
Stable updates: none have been released in the last week. The 6.7.5, 6.6.17, and 6.1.78 updates are in the review process; they are due on February 15.
DRM-CI: A GitLab-CI pipeline for Linux kernel testing (Collabora Blog)
Over on the Collabora blog, Helen Koike writes about the DRM-CI project for running automated continuous integration (CI) tests on multiple graphics devices in several different labs. It uses the IGT GPU tools for testing, though there are plans to expand:The roadmap for DRM-CI includes enabling other devices, incorporating additional tests like kselftests, adding support for vgem driver, and implementing further automations. DRM-CI builds upon the groundwork laid by Mesa3D CI, including its GitLab YAML files and most of its setup, fostering collaboration and mutual strengthening.[...] Adapting the DRM-CI pipeline to other subsystems is feasible with a few modifications. The primary consideration is setting up dedicated GitLab-CI runners since Freedesktop's infrastructure is meant only for graphics.
In light of this, our team is developing a versatile and user-friendly GitLab-CI pipeline. This new pipeline is envisioned to function as a flexible interface for kernel maintainers and developers that can be evolved to connect with different test environments that can also be hooked with CI systems such as KernelCI. This approach aims to simplify the integration process, making GitLab-CI more accessible and beneficial to a broader range of developers.
Brennan: What's Inside a Linux Kernel Core Dump
Stephen Brennan describes kernel core dumps in excruciating detail.
Kernel core dumps are complex. They are not simply copies of system memory; they contain plenty of extra metadata which is critical to understanding their contents. And like any other type of data, the design of the file formats can enable lots of flexibility and power. However, due to the broad variety of tools out there, the diversity of dump formats is overwhelming, and the lack of documentation or specifications compounds the problem.
Quotes of the week
We need to start designing our code in a way that doesn't require extensive testing to validate it as correct. If the only way to validate new code is correct is via stochastic coverage via error injection, then that is a clear sign we've made poor design choices along the way.— Dave Chinner
May all kernel developer's CVs be filled with CVEs, think of it as an early holiday present :)— Greg Kroah-Hartman (some scrolling required)
Distributions
Introducing Fedora Atomic Desktops (Fedora Magazine)
Fedora Magazine has announced the creation of Fedora Atomic Desktops: a way of branding Fedora's growing set of rpm-ostree spins. Joseph Gayso wrote "we’ve seen more of our mainline Fedora Linux spins make the jump to offer a version that implements rpm-ostree. It’s reached the point where it can be hard to talk about all of them at the same time. Therefore we’ve introduced a new brand that will serve to simplify how we discuss rpm-ostree and how we name future atomic spins." LWN covered Project Bluefin, which is based on Fedora's rpm-ostree work, in December 2023.
FreeBSD phasing out 32-bit platforms
The FreeBSD Project has announced that it intends to deprecate 32-bit platforms "over the next couple of major releases
".
We anticipate FreeBSD 15.0 will not include the armv6, i386, and powerpc platforms, and FreeBSD 16.0 will not include armv7. Support for executing 32-bit binaries on 64-bit kernels will be retained through at least the lifetime of the stable/16 branch if not longer.
The announcement notes that support for some 32-bit platforms "may be extended if there is both demand and commitment to increased developer resources
". More details about the current plans for 32-bit platforms are available in the FreeBSD 14.0-RELEASE Release Notes.
LineageOS 21 released
Version 21 of LineageOS, an Android-based distribution, has been released.
With all that said, we have been working extremely hard since Android 14’s release last October to port our features to this new version of Android. Thanks to our hard work adapting to Google’s largely UI-based changes in Android 12/13, and Android 14’s dead-simple device bring-up requirements, we were able to rebase our changes onto Android 14 much more efficiently.This lets us spend some much overdue time on our apps suite! Applications such as Aperture had their features and UX improved significantly, while many of our aging apps such as Jelly, Dialer, Contacts, Messaging, LatinIME (Keyboard), and Calculator got near full redesigns that bring them into the Material You era!
Development
Rowley: What’s new in the Postgres 16 query planner / optimizer
David Rowley looks deeply into the improvements coming to the query planner in PostgreSQL 16.
For a long time now, PostgreSQL has been able to remove a LEFT JOIN where no column from the left joined table was required in the query and the join could not possibly duplicate any rows.However, in versions prior to PostgreSQL 16, there was no support for left join removals on partitioned tables. Why? Because the proofs that the planner uses to determine if there’s any possibility any inner-side row could duplicate any outer-side row were not present for partitioned tables.
The PostgreSQL 16 query planner now allows the LEFT JOIN removal optimization with partitioned tables.
Google announces 2024 season of docs
On February 2, Google announced this year's "Season of Docs", a program complementing its Summer of Code program by providing funding to open source projects to hire technical writers to improve their documentation. Interested projects have until April 2 to apply.
Google Season of Docs provides direct grants to open source projects to improve their documentation and gives professional technical writers an opportunity to gain experience in open source. Together we raise awareness of open source, of docs, and of technical writing.
Development quote of the week
Let's think critically about bitrot for a moment because, as a reminder, bits don't actually rot - that's kinda the point of bits. In the best case scenario, bitrot happens due to progress - perhaps a dependency has made improvements but requires breaking API compatibility, or better hardware comes out and the software needs to be recompiled for that hardware. In this case, it's kind of a happy outcome. Some labor is needed to enhance the software in response, but then, once again, it's done; ripples disappearing from the surface of a lake hours after a stone is thrown into it.— Andrew KelleyThe darker side of bitrot is due to businesses trying to make more profit than last year, and launching marketing initiatives. For example, Microsoft shipped a Windows Update that puts advertisements into the start menu, advertisements into the task bar, and changed the control panel's user interface to unify it with their business incentives - namely a superficial makeover to justify customers paying additional money for what is effectively worse software - it has new bugs and is now ridden with advertisements. This caused a bunch of churn in their own codebase, as well as other software trying to use native user interfaces on Windows.
It's all so incredibly wasteful. And that's the point, isn't it?
Miscellaneous
The Ubuntu community mourns the loss of Gunnar Hjalmarsson
The Ubuntu Weekly Newsletter carries the sad news that long-time contributor Gunnar Hjalmarsson has passed away.
Gunnar has been a steadfast contributor to Ubuntu and Debian for well over a decade. His work around translation and localization efforts has helped enable people from around the world to use and enjoy the software that we all love. It goes without saying that people like Gunnar are the foundation of our community, and his passing is a tremendous loss.
A new CEO for Mozilla
Mitchell Baker has announced that she is stepping down from the role of Mozilla CEO, effective immediately. Laura Chambers will be the new CEO "for the remainder of the year".
We’re at a critical juncture where public trust in institutions, governments, and the fabric of the internet has reached unprecedented lows. There’s a tectonic shift underway as everyone battles to own the future of AI. It is Mozilla’s opportunity and imperative to forge a better future. I’m excited about Laura’s day-to-day involvement and the chance for Mozilla to achieve more. Our power lies in the collective effort of people contributing to something better and I’m eager for Mozilla to meet the needs of this era more fully.
Page editor: Jake Edge
Next page:
Announcements>>