Linux Mint 20

([Distributions] Jun 29, 2020 21:45 UTC (Mon) (ris))

Linux Mint 20 "Ulyana" has been released in [1]Cinnamon , [2]MATE , and [3]Xfce editions. Linux Mint 20 is based on Ubuntu 20.04 and will be supported until 2025. Release notes are available for [4]Cinnamon , [5]MATE , and [6]Xfce .

[1] https://blog.linuxmint.com/?p=3928

[2] https://blog.linuxmint.com/?p=3929

[3] https://blog.linuxmint.com/?p=3930

[4] https://www.linuxmint.com/rel_ulyana_cinnamon.php

[5] https://www.linuxmint.com/rel_ulyana_mate.php

[6] https://www.linuxmint.com/rel_ulyana_xfce.php

OpenSUSE Leap 15.2 set for release

([Distributions] Jun 29, 2020 19:08 UTC (Mon) (corbet))

OpenSUSE Leap 15.2 [1]is complete and ready for a planned release on July 2. Leap is the version based on SUSE Linux Enterprise, but with many updated packages; see [2]the 15.2 features page for an overview of what's coming. " Leap 15.2 is filled with several containerization technologies like Singularity, which bring containers and reproducibility to scientific computing and the high-performance computing (HPC) world. Singularity first appeared in the Leap distribution in Leap 42.3 and provides functionality to build smallest minimal containers and runs the containers as single application environments. Another official package in Leap 15.2 is libcontainers-common, which allows the configuration of files and manpages shared by tools that are based on the github.com/containers libraries, such as Buildah, CRI-O, Podman and Skopeo. Docker containers and tooling make building and shipping applications easy and fast. "

[1] https://lwn.net/ml/opensuse-factory/a50bd8ce0a1ea57ecdbcfb1d2ed484aac4a05361.camel@suse.com/

[2] https://en.opensuse.org/Portal:15.2/Features

GnuCash 4.0 Released

([Development] Jun 29, 2020 15:53 UTC (Mon) (corbet))

Version 4.0 of the GnuCash finance manager is out. Significant changes include a command-line tool for performing a number of functions outside of the graphical interface, explicit support for accounts payable and accounts receivable, translation improvements, and more.

Security updates for Monday

([Security] Jun 29, 2020 15:10 UTC (Mon) (ris))

Security updates have been issued by Debian (libtasn1-6, libtirpc, mcabber, picocom, pngquant, trafficserver, and zziplib), Fedora (curl and xen), openSUSE (bluez, ceph, chromium, curl, grafana, grafana-piechart-panel, grafana-status-panel, graphviz, mariadb, and mercurial), Oracle (nghttp2), Red Hat (microcode_ctl), SUSE (mutt, python3-requests, and tomcat), and Ubuntu (glib-networking and mailman).

Generics for Go

([Development] Jul 1, 2020 15:28 UTC (Wed) (benhoyt))

The [1]Go programming language was first released in 2009, with its 1.0 release made in March 2012. Even before the 1.0 release, some developers criticized the language as being too simplistic, partly due to its lack of user-defined [2]generic types and functions parameterized by type. Despite this omission, Go is widely used, with an [3]estimated 1-2 million developers worldwide. Over the years there have been several proposals to add some form of generics to the language, but the [4]recent proposal written by core developers Ian Lance Taylor and Robert Griesemer looks likely to be included in a future version of Go.

[1] https://golang.org/

[2] https://en.wikipedia.org/wiki/Generic_programming

[3] https://research.swtch.com/gophercount

[4] https://go.googlesource.com/proposal/+/refs/heads/master/design/go2draft-type-parameters.md

Kernel prepatch 5.8-rc3

([Kernel] Jun 28, 2020 22:44 UTC (Sun) (corbet))

The [1]third 5.8 kernel prepatch is out for testing. " Well, we had a big merge window, and we have a fairly big rc3 here too. The calm period for rc2 is clearly over. That said, I don't think there's anything _particularly_ scary in here, and the size of this rc is probably simply a direct result of the fact that 5.8 is a big release. "

[1] https://lwn.net/Articles/824660/

[$] Stirring things up for Fedora 33

([Distributions] Jun 29, 2020 19:45 UTC (Mon) (corbet))

The next release of the Fedora distribution — Fedora 33 — is currently [1]scheduled for the end of October. Fedora's nature as a fast-moving distribution ensures that each release will contain a number of attention-getting changes, but Fedora 33 is starting to look like it may be a bit more volatile than its immediate predecessors. Several relatively controversial changes are currently under discussion on the project's mailing lists; read on for a summary.

[1] https://fedorapeople.org/groups/schedule/f-33/f-33-key-tasks.html

Using syzkaller, part 4: Driver fuzzing

([Kernel] Jun 26, 2020 15:10 UTC (Fri) (corbet))

Ricardo Cañuelo Navarro [1]describes the challenges associated with fuzzing complex device drivers with Syzkaller — and some solutions. " V4L2, however, is only supported in the sense that the involved system calls (including the myriad V4L2 ioctls) and data structures are described. This is already useful and, equipped with those descriptions, Syzkaller has been able to find many V4L2 bugs. But the fuzzing process contains a lot of randomness and, while that's a good thing in many cases when it comes to fuzzing, due to the complexity of the V4L2 API, simply randomizing the system calls and its inputs may not be enough to reach most of the code in some drivers, especially in drivers with complicated interfaces such as those based on the Request API, including stateless drivers. "

[1] https://www.collabora.com/news-and-blog/blog/2020/06/26/using-syzkaller-part-4-driver-fuzzing/

Security updates for Friday

([Security] Jun 26, 2020 13:14 UTC (Fri) (jake))

Security updates have been issued by Debian (alpine), Fedora (fwupd, microcode_ctl, mingw-libjpeg-turbo, mingw-sane-backends, suricata, and thunderbird), openSUSE (uftpd), Red Hat (nghttp2), SUSE (ceph, curl, mutt, squid, tigervnc, and unbound), and Ubuntu (linux kernel and nvidia-graphics-drivers-390, nvidia-graphics-drivers-440).

LWN.net Weekly Edition for July 2, 2020

Four new stable kernels

([Kernel] Jun 25, 2020 18:06 UTC (Thu) (jake))

Greg Kroah-Hartman has announced the release of the [1]5.7.6 , [2]5.4.49 , [3]4.19.130 , and [4]4.14.186 stable kernels. These all contain a rather large number of fixes all over the kernel tree; users of those series should upgrade.

[1] https://lwn.net/Articles/824499/

[2] https://lwn.net/Articles/824500/

[3] https://lwn.net/Articles/824501/

[4] https://lwn.net/Articles/824502/

Security updates for Thursday

([Security] Jun 25, 2020 13:25 UTC (Thu) (jake))

Security updates have been issued by Fedora (libexif, php-horde-horde, and tcpreplay), openSUSE (rubygem-bundler), Oracle (docker-cli docker-engine, kernel, and ntp), Slackware (curl and libjpeg), and Ubuntu (mutt).

Perl 7 launches

([Development] Jun 24, 2020 17:14 UTC (Wed) (corbet))

The Perl project has [1]announced the upcoming release of Perl 7. Unlike Perl 6, though, this is not a radical departure, yet at least: " Perl 7.0 is going to be v5.32 but with different, saner, more modern defaults. You won’t have to enable most of the things you are already doing because they are enabled for you. The major version jump sets the boundary between how we have been doing things and what we can do in the future. " The plan is to have a Perl 7 release " within the next year ".

[1] https://www.perl.com/article/announcing-perl-7/

[$] Emulating Windows system calls in Linux

([Kernel] Jun 25, 2020 16:36 UTC (Thu) (corbet))

The idea of handling system calls differently depending on the origin of each call in the process's address space is not entirely new. OpenBSD, for example, [1]disallows system calls entirely if they are not made from the system's C library as a security-enhancing mechanism. At the end of May, Gabriel Krisman Bertazi [2]proposed a similar mechanism for Linux , but the objective was not security at all; instead, he is working to make Windows games run better under [3]Wine . That involves detecting and emulating Windows system calls; this can be done through origin-based filtering, but that may not be the solution that is merged in the end.

[1] https://lwn.net/Articles/806776/

[2] https://lwn.net/ml/linux-kernel/20200530055953.817666-1-krisman@collabora.com/

[3] https://www.winehq.org/

Security updates for Wednesday

([Security] Jun 24, 2020 15:06 UTC (Wed) (ris))

Security updates have been issued by CentOS (kernel, ntp, and unbound), Fedora (php-horde-horde and tcpreplay), openSUSE (chromium, java-1_8_0-openj9, mozilla-nspr, mozilla-nss, and opera), Oracle (gnutls, grafana, thunderbird, and unbound), Red Hat (candlepin and satellite, docker, microcode_ctl, openstack-keystone, openstack-manila and openstack-manila, and qemu-kvm-rhev), Scientific Linux (kernel and ntp), Slackware (ntp), SUSE (curl, libreoffice, libssh2_org, and php5), and Ubuntu (curl).

[$] Managing tasks with todo.txt and Taskwarrior

([Development] Jun 26, 2020 14:40 UTC (Fri) (tbm))

One quote from Douglas Adams has always stayed with me: " I love deadlines. I like the whooshing sound they make as they fly by ". We all lead busy lives and few ever see the bottom of our long to-do lists. One of the oldest items on my list, ironically, is to find a better system to manage all my tasks. Can task-management systems make us more productive while, at the same time, reducing the stress caused by the sheer number of outstanding tasks? This article, from guest author Martin Michlmayr, looks at todo.txt and Taskwarrior.

More alternatives to Google Analytics

([Development] Jun 24, 2020 20:17 UTC (Wed) (benhoyt))

Last week, we [1]introduced the privacy concerns with using Google Analytics (GA) and presented two lightweight open-source options: GoatCounter and Plausible. Those tools are useful for site owners who need relatively basic metrics. In this second article, we present several heavier-weight GA replacements for those who need more detailed analytics. We also look at some tools that produce analytics data based on web-server-access logs, GoAccess, in particular.

[1] https://lwn.net/Articles/822568/

FOSS Contributor Survey

([Briefs] Jun 23, 2020 15:23 UTC (Tue) (ris))

The Linux Foundation's [1]Core Infrastructure Initiative (CII) and the [2]Laboratory for Innovation Science at Harvard (LISH) have developed a [3]survey for contributors to free and open-source software (FOSS) projects. The aim is " to identify how to improve security, including the sustainability of the FOSS ecosystem, especially the FOSS systems heavily relied upon by organizations worldwide. "

[1] https://www.coreinfrastructure.org/

[2] https://lish.harvard.edu/

[3] https://www.linuxfoundation.org/blog/2020/06/linux-foundation-harvard-announce-free-libre-and-open-source-software-foss-contributor-survey/

Security updates for Tuesday

([Security] Jun 23, 2020 14:59 UTC (Tue) (ris))

Security updates have been issued by CentOS (thunderbird), Debian (wordpress), Fedora (ca-certificates, kernel, libexif, and tomcat), openSUSE (chromium, containerd, docker, docker-runc, golang-github-docker-libnetwork, fwupd, osc, perl, php7, and xmlgraphics-batik), Oracle (unbound), Red Hat (containernetworking-plugins, dpdk, grafana, kernel, kernel-rt, kpatch-patch, libexif, microcode_ctl, ntp, pcs, and skopeo), Scientific Linux (unbound), SUSE (kernel, mariadb, mercurial, and xawtv), and Ubuntu (mutt and nfs-utils).

Stable kernel updates

([Kernel] Jun 22, 2020 14:31 UTC (Mon) (ris))

Stable kernels [1]5.7.5 , [2]5.4.48 , [3]4.19.129 , [4]4.14.185 , [5]4.9.228 , and [6]4.4.228 have been released. They all contain important fixes and users should upgrade.

[1] https://lwn.net/Articles/824117/

[2] https://lwn.net/Articles/824118/

[3] https://lwn.net/Articles/824119/

[4] https://lwn.net/Articles/824120/

[5] https://lwn.net/Articles/824121/

[6] https://lwn.net/Articles/824122/

APL is a write-only language. I can write programs in APL, but I can't
read any of them.
-- Roy Keir