ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

LWN: Linux Weekly Newsletter

Security updates for Tuesday

([Security] Jul 14, 2020 14:49 UTC (Tue) (ris))

Security updates have been issued by Fedora (mingw-podofo and python-rsa), openSUSE (LibVNCServer, mozilla-nss, nasm, openldap2, and permissions), Red Hat (dovecot, sane-backends, and thunderbird), Scientific Linux (dbus), and SUSE (firefox and thunderbird).

Security updates for Monday

([Security] Jul 13, 2020 15:08 UTC (Mon) (ris))

Security updates have been issued by Debian (chromium, mailman, openjpeg2, ruby-rack, squid3, tomcat8, and xen), Fedora (botan2, kernel, LibRaw, mingw-OpenEXR, mingw-podofo, podofo, seamonkey, squid, and webkit2gtk3), Mageia (ffmpeg, mbedtls, mediawiki, and xpdf), Oracle (kernel), Red Hat (bind, dbus, jbig2dec, and rh-nodejs12-nodejs), and SUSE (graphviz and xen).

Kernel prepatch 5.8-rc5

([Kernel] Jul 13, 2020 13:10 UTC (Mon) (corbet))

The [1]5.8-rc5 kernel prepatch is out for testing; it's a relatively large set of changes. " Maybe I'm in denial, but I still think we might hit the usual release schedule. A few more weeks to go before I need to make that decision, so it won't be keeping me up at night. "

[1] https://lwn.net/Articles/825976/

[$] Microsoft drops support for PHP

([Development] Jul 11, 2020 0:25 UTC (Sat) (coogle))

For years, Windows PHP users have enjoyed builds provided directly by Microsoft. The company has contributed to the PHP project in many ways, with the binaries made available on [1]windows.php.net being the most visible. Recently Microsoft Project Manager Dale Hirt [2]announced that, beginning with PHP 8.0, Microsoft support for PHP on Windows would end.

[1] http://windows.php.net/

[2] https://lwn.net/ml/php-internals/BYAPR21MB12691FC48E2DA27075609A7DCA640@BYAPR21MB1269.namprd21.prod.outlook.com/

Security updates for Friday

([Security] Jul 10, 2020 13:40 UTC (Fri) (jake))

Security updates have been issued by Fedora (curl, LibRaw, python-pillow, and python36), Mageia (coturn, samba, and vino), openSUSE (opera), and Ubuntu (openssl).

[$] Managing tasks with Org mode and iCalendar

([Development] Jul 14, 2020 0:53 UTC (Tue) (tbm))

In an earlier article, guest author Martin Michlmayr [1]reviewed the todo.txt and Taskwarrior task managers. This article continues the process of examining task managers by looking at tools for Org mode, which is a system originally created for Emacs, as well as at tools that make use of the iCalendar standard. It is time to find out whether he can find a system that meets his needs.

[1] https://lwn.net/Articles/824333/

[$] Creating open data interfaces with ODPi

([Development] Jul 10, 2020 17:53 UTC (Fri) (SMK))

Connecting one source of data to another isn't always easy because of different standards, data formats, and APIs to contend with, among the many challenges. One of the groups that is trying to help with the challenge of data interoperability is the Linux Foundation's [1]Open Data Platform initiative (ODPi). At the [2]2020 Open Source Summit North America virtual event on July 2, ODPi Technical Steering Committee chairperson Mandy Chessell outlined the goals of ODPi and the projects that are part of it. She also described how ODPi is taking an open-source development approach to make data more easily accessible.

[1] https://www.odpi.org/

[2] https://events.linuxfoundation.org/open-source-summit-north-america/

Six new stable kernels

([Kernel] Jul 9, 2020 14:21 UTC (Thu) (jake))

Greg Kroah-Hartman has announced the release of the [1]5.7.8 , [2]5.4.51 , [3]4.19.132 , [4]4.14.188 , [5]4.9.230 , and [6]4.4.230 stable kernels. As usual, these all contain important fixes; users should upgrade.

[1] https://lwn.net/Articles/825732/

[2] https://lwn.net/Articles/825733/

[3] https://lwn.net/Articles/825735/

[4] https://lwn.net/Articles/825736/

[5] https://lwn.net/Articles/825737/

[6] https://lwn.net/Articles/825738/

Security updates for Thursday

([Security] Jul 9, 2020 13:14 UTC (Thu) (jake))

Security updates have been issued by CentOS (firefox), Debian (ffmpeg, fwupd, ruby2.5, and shiro), Fedora (freerdp, gssdp, gupnp, mingw-pcre2, remmina, and xrdp), openSUSE (chocolate-doom), Oracle (firefox and kernel), and Ubuntu (linux, linux-lts-xenial, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon and thunderbird).

[$] LibreOffice: the next five years

([Development] Jul 9, 2020 15:29 UTC (Thu) (corbet))

The [1]LibreOffice project would seem to be on a roll. It produces what is widely seen as the leading free office-productivity suite, and has managed to move out of the shadow of the moribund (but brand-recognized) [2]Apache OpenOffice project. The LibreOffice 7 release is coming within a month, and the tenth anniversary of the [3]founding of the [4]Document Foundation arrives in September. Meanwhile, [5]LibreOffice Online is taking off and, seemingly, seeing some market success. So it is a bit surprising to see the project's core developers in a sort of crisis mode while users worry about a tag that showed up in the project's repository.

[1] https://www.libreoffice.org/

[2] https://lwn.net/Articles/729460/

[3] https://lwn.net/Articles/407339/

[4] https://www.documentfoundation.org/

[5] https://www.libreoffice.org/download/libreoffice-online/

Security updates for Wednesday

([Security] Jul 8, 2020 15:01 UTC (Wed) (ris))

Security updates have been issued by Debian (roundcube), Fedora (chromium, firefox, and ngircd), Oracle (firefox and thunderbird), Scientific Linux (firefox), Slackware (seamonkey), SUSE (djvulibre, ffmpeg, firefox, freetds, gd, gstreamer-plugins-base, icu, java-11-openjdk, libEMF, libexif, librsvg, LibVNCServer, libvpx, Mesa, nasm, nmap, opencv, osc, perl, php7, python-ecdsa, SDL2, texlive-filesystem, and thunderbird), and Ubuntu (cinder, python-os-brick).

The "Open Usage Commons" launches

([Briefs] Jul 8, 2020 14:53 UTC (Wed) (corbet))

Google has [1]announced the creation of the [2]Open Usage Commons , which is intended to help open-source projects manage their trademarks. From [3]the organization's own announcement : " We created the Open Usage Commons because free and fair open source trademark use is critical to the long-term sustainability of open source. However, understanding and managing trademarks takes more legal know-how than most project maintainers can do themselves. The Open Usage Commons is therefore dedicated to creating a model where everyone in the open source chain – from project maintainers to downstream users to ecosystem companies – has peace of mind around trademark usage and management. The projects in the Open Usage Commons will receive support specific to trademark protection and management, usage guidelines, and conformance testing. " Initial members include the Angular, Gerrit, and Istio projects.

[1] https://opensource.googleblog.com/2020/07/announcing-new-kind-of-open-source.html

[2] https://openusage.org/

[3] https://openusage.org/news/introducing-the-open-usage-commons/

Sandboxing in Linux with zero lines of code (Cloudflare blog)

([Security] Jul 8, 2020 14:36 UTC (Wed) (corbet))

The Cloudflare blog is running [1]an overview of sandboxing with seccomp() , culminating in a tool written there to sandbox any existing program. " We really liked the 'zero code seccomp' approach with systemd SystemCallFilter= directive, but were not satisfied with its limitations. We decided to take it one step further and make it possible to prohibit any system call in any process externally without touching its source code, so came up with the Cloudflare sandbox. It’s a simple standalone toolkit consisting of a shared library and an executable. The shared library is supposed to be used with dynamically linked applications and the executable is for statically linked applications. "

[1] https://blog.cloudflare.com/sandboxing-in-linux-with-zero-lines-of-code/

[$] Hugo: a static-site generator

([Development] Jul 7, 2020 23:28 UTC (Tue) (benhoyt))

Static web-site generators take page content written in a markup language and render it into fully baked HTML, making it easy for developers to upload the result and serve a web site simply and securely. This article looks at [1]Hugo , a static-site generator written in Go and optimized for speed. It is a flexible tool that can be configured for a variety of use cases: simple blogs, project documentation, larger news sites, and even government services.

[1] https://gohugo.io/

Security updates for Tuesday

([Security] Jul 7, 2020 14:46 UTC (Tue) (ris))

Security updates have been issued by Debian (php7.3), Fedora (gst), Mageia (libvirt, mariadb, pdns-recursor, and ruby), openSUSE (chocolate-doom, coturn, kernel, live555, ntp, python3, and rust, rust-cbindgen), Oracle (virt:ol), Red Hat (file, firefox, gettext, kdelibs, kernel, kernel-alt, microcode_ctl, nghttp2, nodejs:10, nodejs:12, php, qemu-kvm, ruby, and tomcat), SUSE (libjpeg-turbo, mozilla-nspr, mozilla-nss, mozilla-nss, nasm, openldap2, and permissions), and Ubuntu (coturn, glibc, nss, and openexr).

[$] Sleepable BPF programs

([Kernel] Jul 7, 2020 17:20 UTC (Tue) (corbet))

When support for classic BPF was added to the kernel many years ago, there was no question of whether BPF programs could block in their execution. Their functionality was limited to examining a packet's contents and deciding whether the packet should be forwarded or not; there was nothing such a program could do to block. Since then, BPF has changed a lot, but the assumption that BPF programs cannot sleep has been built deeply into the BPF machinery. More recently, classic BPF has been pushed aside by the [1]extended BPF dialect; the wider applicability of extended BPF is now forcing a rethink of some basic assumptions.

[1] https://lwn.net/Articles/740157/

Security updates for Monday

([Security] Jul 6, 2020 14:37 UTC (Mon) (ris))

Security updates have been issued by Debian (chromium, php7.0, and thunderbird), Fedora (ceph, gssdp, gupnp, libfilezilla, libldb, mediawiki, python-pillow, python36, samba, and xpdf), Mageia (curl, docker, firefox, libexif, libupnp, libvncserver, libxml2, mailman, ntp, perl-YAML, python-httplib2, tcpreplay, tomcat, and vlc), openSUSE (chocolate-doom, python3, and Virtualbox), Slackware (libvorbis), and SUSE (mozilla-nspr, mozilla-nss, systemd, tomcat, and zstd).

Kernel prepatch 5.8-rc4

([Kernel] Jul 6, 2020 3:54 UTC (Mon) (corbet))

The [1]5.8-rc4 kernel prepatch is out for testing. " The end result is that it's been fairly calm, and there's certainly been discussion of upcoming fixes, but I still have the feeling that 5.8 is looking fairly normal and things are developing smoothly despite the size of this release. "

[1] https://lwn.net/Articles/825348/

Book: Perl 7: A Risk-Benefit Analysis

([Development] Jul 3, 2020 18:32 UTC (Fri) (corbet))

Dan Book has done [1]a detailed analysis of the [2]Perl 7 transition . " Large amount of CPAN modules will not work in Perl 7; plans for working around this would either involve every affected CPAN author, which is a virtual impossibility for the stated 1 year time frame; or the toolchain group, a loose group of people who each maintain various modules and systems that are necessary for CPAN to function, who either have not been consulted as of yet or have not revealed their plans related to the tools they maintain. Going into this potential problem sufficiently would be longer than this blog post, but suffice to say that a Perl where highly used CPAN modules don't seamlessly work is not Perl. "

[1] http://blogs.perl.org/users/grinnz/2020/07/perl-7-a-risk-benefit-analysis.html

[2] https://www.perl.com/article/announcing-perl-7/

Security updates for Friday

([Security] Jul 3, 2020 15:15 UTC (Fri) (jake))

Security updates have been issued by Debian (docker.io and imagemagick), Fedora (alpine, firefox, hostapd, and mutt), openSUSE (opera), Red Hat (rh-nginx116-nginx), SUSE (ntp, python3, and systemd), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv, linux, linux-azure, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-gke-5.0, linux-oem-osp1, net-snmp, and samba).

LPC town hall #2: the kernel report

([Briefs] Jul 2, 2020 19:43 UTC (Thu) (corbet))

The Linux Plumbers Conference has [1]announced the second in a brief series of "town hall" events leading up to the full (virtual) conference starting August 24. This one features LWN editor Jonathan Corbet presenting a version of his "Kernel Report" talk covering the current and future state of the kernel-development community. This talk is scheduled for July 16 at 9:00AM US/Mountain time (8:00AM US/Pacific, 3:00PM UTC). Mark your calendars.

[1] https://www.linuxplumbersconf.org/blog/2020/announcing-town-hall-2-the-kernel-weather-report/


Love means never having to say you're sorry.
-- Eric Segal, "Love Story"

That's the most ridiculous thing I've ever heard.
-- Ryan O'Neill, "What's Up Doc?"