Security updates for Monday
([Security] Jun 22, 2020 14:11 UTC (Mon) (ris))
Security updates have been issued by Debian (lynis, mutt, neomutt, ngircd, and rails), Mageia (gnutls), Oracle (thunderbird), Red Hat (chromium-browser, gnutls, grafana, thunderbird, and unbound), Scientific Linux (thunderbird and unbound), and SUSE (bind, java-1_8_0-openjdk, kernel, libgxps, and osc).
Kernel prepatch 5.8-rc2
([Kernel] Jun 22, 2020 13:16 UTC (Mon) (corbet))
The [1]second 5.8 kernel prepatch is out for testing. " So rc2 isn't particularly big or scary, and falls right in the normal range ".
[1] https://lwn.net/Articles/824072/
[1] https://lwn.net/Articles/824072/
[$] Four years of Zephyr
([Development] Jun 29, 2020 18:33 UTC (Mon) (mbolivar))
The [1]Zephyr project is an effort to provide an open-source realtime operating system (RTOS) that is designed to bridge the gap between full-featured operating systems like Linux and bare-metal development environments. It's been over four years since Zephyr was publicly announced and discussed here (apparently [2]to a bit of puzzlement ). In this article, guest authors Martí Bolívar and Carles Cufí give an update on the project and its community as of its [3]v2.3.0 release in June 2020; they also make some guesses about its near future.
[1] https://www.zephyrproject.org/
[2] https://lwn.net/Articles/682723/
[3] https://www.zephyrproject.org/zephyr-2-3-0-released/
[1] https://www.zephyrproject.org/
[2] https://lwn.net/Articles/682723/
[3] https://www.zephyrproject.org/zephyr-2-3-0-released/
[$] PHP releases and support
([Development] Jun 23, 2020 21:38 UTC (Tue) (coogle))
PHP is used extensively on the web. How new features, security fixes, and bug fixes make their way into a release is important to understand. Likewise, understanding what can be expected in community support for previous releases is even more important. Since PHP-based sites are typically exposed to the Internet, keeping up-to-date is not something a security-minded administrator can afford to ignore.
Linux Plumbers Conference virtual town hall
([Briefs] Jun 19, 2020 18:40 UTC (Fri) (corbet))
Mark your calendars: the [1]Linux Plumbers Conference has [2]scheduled an online town hall for June 25 at 15:00 GMT. " The first purpose is to test our remote conference set up. This is the first time we are holding Linux Plumbers virtually and while we can run simulated tests, it’s much more effective to test our setup with actual participants with differing hardware set ups around the world. The second purpose is to present on our planning and give everyone a little bit of an idea of what to expect when we hold Plumbers at the end of August. We plan to have time for questions. " Testing the scalability of the conference system requires a lot of participants; the LPC organizers would appreciate it if a lot of people can find a moment to connect and help out.
[1] https://linuxplumbersconf.org/
[2] https://www.linuxplumbersconf.org/blog/2020/announcing-a-linux-plumbers-virtual-town-hall/
[1] https://linuxplumbersconf.org/
[2] https://www.linuxplumbersconf.org/blog/2020/announcing-a-linux-plumbers-virtual-town-hall/
Security updates for Friday
([Security] Jun 19, 2020 13:34 UTC (Fri) (jake))
Security updates have been issued by Debian (drupal7), Fedora (dbus, kernel, microcode_ctl, mingw-glib-networking, moby-engine, and roundcubemail), Mageia (libjpeg), openSUSE (chromium and rmt-server), Oracle (kernel and microcode_ctl), Red Hat (rh-nodejs8-nodejs and thunderbird), Slackware (bind), and SUSE (adns, containerd, docker, docker-runc, golang-github-docker-libnetwork, dbus-1, fwupd, gegl, gnuplot, guile, java-1_7_1-ibm, java-1_8_0-ibm, kernel, mozilla-nspr, mozilla-nss, perl, and php7).
[$] Open-source contact tracing, part 1
([Security] Jun 24, 2020 18:12 UTC (Wed) (mrybczyn))
One of the responses to the COVID-19 pandemic consists of identifying contacts of infected people so they can be informed about the risk; that will allow them to search for medical care, if needed. This is laborious work if it is done manually, so a number of applications have been developed to help with contact tracing. But they are causing debates about their effectiveness and privacy impacts. Many of the applications were released under open-source licenses. Here, we look at the principles of these applications and the software frameworks used to build them; part two will look into some applications in more detail, along with the controversies (especially related to privacy) around these tools.
Stable kernel 5.7.4
([Kernel] Jun 18, 2020 16:22 UTC (Thu) (jake))
The [1]5.7.4 stable kernel has been released. It contains a single [2]fix for a problem introduced in the rework of the VDSO clock code that affects paravirtualized guests. Users should upgrade.
[1] https://lwn.net/Articles/823523/
[2] https://lwn.net/ml/linux-kernel/20200606221531.963970768@linutronix.de/
[1] https://lwn.net/Articles/823523/
[2] https://lwn.net/ml/linux-kernel/20200606221531.963970768@linutronix.de/
[$] Rethinking the futex API
([Kernel] Jun 18, 2020 21:35 UTC (Thu) (corbet))
The Linux [1]futex() system call is a bit of a strange beast. It is widely used to provide low-level synchronization support in user space, but there is no wrapper for it in the GNU C Library. Its implementation was meant to be simple, but kernel developers have despaired at the complex beast that it has become, and few dare to venture into that code. Recently, though, a new effort has begun to rework futexes; it is limited to a new system-call interface for now, but the plans go far beyond that.
[1] https://www.man7.org/linux/man-pages/man2/futex.2.html
[1] https://www.man7.org/linux/man-pages/man2/futex.2.html
LWN.net Weekly Edition for June 25, 2020
Krita 4.3.0 released
([Development] Jun 18, 2020 13:42 UTC (Thu) (corbet))
[1]Version 4.3.0 of the Krita painting application is out. " There’s a whole new set of brush presets that evoke watercolor painting. There’s a color mode in the gradient map filter and a brand new palettize filter and a high pass filter. The scripting API has been extended. It’s now possible to adjust the opacity and lightness on colored brush tips separately. You can now create animated brush tips that select brush along multiple dimensions. We’ve made it possible to put the canvas area in a window of its own, so on a multi monitor setup, you can have all the controls on one monitor, and your images on the other. The color selector has had a big update. There’s a new snapshot docker that stores states of your image, and you can switch between those. There’s a brand new magnetic selection tool. Gradients can now be painting as spirals. "
[1] https://krita.org/en/item/krita-4-3-0-released/
[1] https://krita.org/en/item/krita-4-3-0-released/
Security updates for Thursday
([Security] Jun 18, 2020 12:33 UTC (Thu) (jake))
Security updates have been issued by Debian (drupal7 and python-django), Fedora (glib-networking, kernel, kernel-headers, and nghttp2), openSUSE (adns, chromium, file-roller, and libEMF), SUSE (java-1_7_1-ibm), and Ubuntu (bind9 and nss).
[$] Updating the Git protocol for SHA-256
([Development] Jun 19, 2020 16:07 UTC (Fri) (coogle))
The Git source-code management system has for years been [1]moving toward abandoning the [2]Secure Hash Algorithm 1 (SHA-1) in favor of the more secure [3]SHA-256 algorithm. Recently, the project moved a step closer to that goal with contributors implementing new Git protocol capabilities to enable the transition.
[1] https://lwn.net/Articles/715716/
[2] https://en.wikipedia.org/wiki/SHA-1
[3] https://en.wikipedia.org/wiki/SHA-2
[1] https://lwn.net/Articles/715716/
[2] https://en.wikipedia.org/wiki/SHA-1
[3] https://en.wikipedia.org/wiki/SHA-2
Stable kernel updates
([Kernel] Jun 17, 2020 18:23 UTC (Wed) (ris))
Stable kernels [1]5.7.3 , [2]5.6.19 , and [3]5.4.47 have been released with important fixes throughout the tree. This is the last 5.6.y release and users should move to 5.7.y.
[1] https://lwn.net/Articles/823313/
[2] https://lwn.net/Articles/823314/
[3] https://lwn.net/Articles/823315/
[1] https://lwn.net/Articles/823313/
[2] https://lwn.net/Articles/823314/
[3] https://lwn.net/Articles/823315/
The (non-)return of the Python print statement
([Development] Jul 1, 2020 21:52 UTC (Wed) (jake))
In what may have seemed like an [1]April Fool's Day joke to some, Python creator Guido van Rossum recently [2]floated the idea of bringing back the print statement—several months after Python 2, which had such a statement, reached its end of life. In fact, Van Rossum acknowledged that readers of his message to the python-ideas mailing list might be checking the date: " No, it's not April 1st. " He was serious about the idea—at least if others were interested in having the feature—but he withdrew it fairly quickly when it became clear that there were few takers. The main reason he brought it up is interesting, though: the [3]new parser for CPython makes it easy to bring back print from Python 2 (and before).
[1] https://en.wikipedia.org/wiki/April_Fools%27_Day
[2] https://lwn.net/ml/python-ideas/CAP7+vJKsrT-n4rHjaR4PYPRq09JOZcoR54ZjkboOkZcYhB+7oA@mail.gmail.com/
[3] https://lwn.net/Articles/816922/
[1] https://en.wikipedia.org/wiki/April_Fools%27_Day
[2] https://lwn.net/ml/python-ideas/CAP7+vJKsrT-n4rHjaR4PYPRq09JOZcoR54ZjkboOkZcYhB+7oA@mail.gmail.com/
[3] https://lwn.net/Articles/816922/
Security updates for Wednesday
([Security] Jun 17, 2020 14:15 UTC (Wed) (ris))
Security updates have been issued by Arch Linux (dbus and intel-ucode), CentOS (libexif), Debian (vlc), SUSE (xen), and Ubuntu (dbus, libexif, and nss).
Loaded terms in free software
([Kernel] Jun 17, 2020 16:53 UTC (Wed) (corbet))
Arguments about terminology are not rare in our community; words are powerful tools, so we want to be sure that we are using them in the correct way. But, naturally, opinions on what is "correct" may (and do) differ. Discussions on the use of loaded terms like "master" and "slave" have been ongoing in the community for some time, but recent world events have given them a new urgency. Some projects have made changes in the past, but the current wave of changes seems likely to be far larger.
Prokopov: Computers as I used to love them
([Development] Jun 16, 2020 18:45 UTC (Tue) (corbet))
Nikita Prokopov [1]reviews Syncthing (a file-synchronization system) and, seemingly, rediscovers free software: " Syncthing is everything I used to love about computers. It’s amazing how great computer products can be when they don’t need to deal with corporate bullshit, don’t have to promote a brand or to sell its users. Frankly, I almost ceased to believe it’s still possible. But it is. "
[1] https://tonsky.me/blog/syncthing/
[1] https://tonsky.me/blog/syncthing/
Security updates for Tuesday
([Security] Jun 16, 2020 14:47 UTC (Tue) (ris))
Security updates have been issued by Fedora (galera, grafana, libjcat, libvirt, mariadb-connector-c, and perl), Gentoo (asterisk, bubblewrap, cyrus-imapd, faad2, json-c, openconnect, openjdk-bin, pcre2, PEAR-Archive_Tar, thunderbird, and tomcat), Mageia (mbedtls and scapy), openSUSE (libntlm, libupnp, prboom-plus, varnish, and xen), Oracle (libexif), Red Hat (kpatch-patch), Scientific Linux (libexif), SUSE (mariadb, nodejs6, and poppler), and Ubuntu (apport).
[$] Simple IoT Devices using ESPHome
([Development] Jun 18, 2020 15:21 UTC (Thu) (coogle))
ESPHome is a project that brings together two recent subjects at LWN: The [1]open-source smart hub Home Assistant , and the [2]Espressif ESP8266 microcontroller . With this project, smart home devices can be created and integrated quickly — without needing to write a single line of code.
[1] https://lwn.net/Articles/822350/
[2] https://lwn.net/Articles/822516/
[1] https://lwn.net/Articles/822350/
[2] https://lwn.net/Articles/822516/
Accept people for what they are -- completely unacceptable.