ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Security updates for Friday

([Security] May 8, 2020 14:55 UTC (Fri) (jake))

Security updates have been issued by Debian (firefox-esr, salt, and webkit2gtk), Fedora (firefox, mingw-gnutls, nss, and teeworlds), Mageia (firefox, libvncserver, matio, qt4, roundcubemail, samba, thunderbird, and vlc), Oracle (firefox and squid), SUSE (firefox, ghostscript, openldap2, rmt-server, syslog-ng, and webkit2gtk3), and Ubuntu (firefox).

[$] The PEPs of Python 3.9

([Development] May 20, 2020 21:40 UTC (Wed) (jake))

With the [1]release of Python 3.9.0b1, the first of four planned betas for the development cycle, Python 3.9 is now feature-complete. There is still plenty to do in terms of testing and stabilization before the October final release. The release announcement lists a half-dozen Python Enhancement Proposals (PEPs) that were accepted for 3.9. We have looked at some of those PEPs along the way; there are some updates on those. It seems like a good time to fill in some of the gaps on what will be coming in Python 3.9



[1] https://www.python.org/downloads/release/python-390b1/

[$] Blocking userfaultfd() kernel-fault handling

([Kernel] May 8, 2020 15:21 UTC (Fri) (corbet))

The [1]userfaultfd() system call is a bit of a strange beast; it allows user space to take responsibility for the handling of page faults, which is normally a quintessential kernel task. It is thus perhaps not surprising that it has turned out to have some utility for those who would attack the kernel's security as well. A recent [2]patch set from Daniel Colascione is small, but it makes a significant change that can help block at least one sort of attack using userfaultfd() .



[1] http://www.man7.org/linux/man-pages/man2/userfaultfd.2.html

[2] https://lwn.net/ml/linux-kernel/20200423002632.224776-1-dancol@google.com/

[$] LWN.net Weekly Edition for May 14, 2020


GCC 10.1 Released

([Development] May 7, 2020 14:50 UTC (Thu) (jake))

The [1]GCC project has announced the release of GCC 10.1. " A year has lapsed away since the release of last major GCC release, more than 33 years passed since the first public GCC release and the GCC developers survived repository conversion from SVN to GIT earlier this year. Today, we are glad to announce another major GCC release, 10.1. This release makes great progress in the C++20 language support, both on the [2]compiler and [3]library sides, some C2X enhancements, various optimization enhancements and bug fixes, several new hardware enablement changes and enhancements to the compiler back-ends and many other changes. There is even a new [4]experimental static analysis pass . " More information can be found in the [5]release notes .



[1] https://gcc.gnu.org/

[2] https://gcc.gnu.org/projects/cxx-status.html

[3] https://gcc.gnu.org/onlinedocs/libstdc++/manual/status.html#status.iso.2020

[4] https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10

[5] https://gcc.gnu.org/gcc-10/changes.html

Security updates for Thursday

([Security] May 7, 2020 13:18 UTC (Thu) (jake))

Security updates have been issued by Debian (firefox-esr, keystone, mailman, and tomcat9), Fedora (ceph, firefox, java-1.8.0-openjdk, libldb, nss, samba, seamonkey, and suricata), Oracle (kernel), Scientific Linux (firefox and squid), SUSE (libvirt, php7, slirp4netns, and webkit2gtk3), and Ubuntu (linux-firmware and openldap).

[$] Private loop devices with loopfs

([Kernel] May 7, 2020 17:49 UTC (Thu) (mrybczyn))

A loop device is a kernel abstraction that allows a file to be presented as if it were a physical block device. The typical use for a loop device is to mount a filesystem image stored in a file. Loop devices are global and shared between users, which causes a number of problems for container workloads where the instances are expected to be isolated from each other. Christian Brauner has been working on this problem; he has posted a [1]patch set solving it by adding a small virtual filesystem called loopfs.



[1] https://lwn.net/ml/linux-kernel/20200424162052.441452-1-christian.brauner@ubuntu.com/

Stable kernel updates

([Kernel] May 6, 2020 15:02 UTC (Wed) (ris))

Stable kernels [1]5.6.11 , [2]5.4.39 , [3]4.19.121 , [4]4.14.179 , [5]4.9.222 , and [6]4.4.222 have been released. They all contain important fixes and users should upgrade.



[1] https://lwn.net/Articles/819602/

[2] https://lwn.net/Articles/819603/

[3] https://lwn.net/Articles/819604/

[4] https://lwn.net/Articles/819605/

[5] https://lwn.net/Articles/819606/

[6] https://lwn.net/Articles/819607/

Security updates for Wednesday

([Security] May 6, 2020 14:54 UTC (Wed) (ris))

Security updates have been issued by Arch Linux (libmicrodns and salt), Debian (graphicsmagick, salt, sqlite3, and wordpress), Fedora (java-11-openjdk), openSUSE (chromium and sqliteodbc), Red Hat (firefox, squid, and squid:4), Slackware (firefox and thunderbird), SUSE (ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper, openldap2, and python-Pillow), and Ubuntu (php7.4).

Firefox 76.0

([Development] May 5, 2020 18:47 UTC (Tue) (ris))

Firefox 76.0 has been released. This version features a number of improvements to password management, Picture-in-Picture allows a small video window to follow you around as you work, and support for Audio Worklets has been added, allowing more complex audio processing. The [1]release notes have more details.



[1] https://www.mozilla.org/en-US/firefox/76.0/releasenotes/

Security updates for Tuesday

([Security] May 5, 2020 14:58 UTC (Tue) (ris))

Security updates have been issued by Debian (ansible, ntp, and roundcube), Fedora (libldb and samba), Mageia (chromium-browser-stable, crawl, dolphin-emu, exiv2, fortune-mod, gnuchess, kernel, libsndfile, openexr, openldap, openvpn, qtbase5, ruby-json, squid, teeworlds, and webkit2), Red Hat (sqlite), and SUSE (icu, mailman, nginx, rmt-server, rpmlint, and rubygem-actionview-5_1).

The Wayland Protocol

([Development] May 5, 2020 15:00 UTC (Tue) (corbet))

Drew DeVault has just released a (mostly complete) [1]book on the Wayland display-server protocol under the Creative Commons CC-SA license. " This book will help you establish a firm understanding of the concepts, design, and implementation of Wayland, and equip you with the tools to build your own Wayland client and server applications. Over the course of your reading, we'll build a mental model of Wayland and establish the rationale that went into its design. Within these pages you should find many 'aha!' moments as the intuitive design choices of Wayland become clear, which should help to keep the pages turning. " For those who would rather peruse (or contribute to) the Markdown source, it's [2]available here .



[1] https://wayland-book.com/

[2] https://git.sr.ht/%7Esircmpwn/wayland-book

Making Emacs popular again

([Development] May 6, 2020 21:22 UTC (Wed) (jake))

The [1]Emacs editor predates Linux, and was once far more popular, but it has fallen into relative obscurity over the years. In a mega-thread on the emacs-devel mailing list, participants discussed various ideas for making Emacs more "attractive", in both aesthetic and in "appealing to more users" senses of that term. Any improvements to Emacs in that regard have numerous hurdles to overcome, however. There are technical questions and, naturally, licensing considerations, but there is also the philosophical question of what it is, exactly, that stops the venerable text editor from being more popular.



[1] https://www.gnu.org/software/emacs/

Inkscape 1.0 released

([Development] May 4, 2020 18:27 UTC (Mon) (corbet))

[1]Version 1.0 of the Inkscape drawing editor has been released. " One of the first things users will notice is a reorganized tool box, with a more logical order. There are many new and improved Live Path Effect (LPE) features. The new searchable LPE selection dialog now features a very polished interface, descriptions and even the possibility of marking favorite LPEs. Performance improvements are most noticeable when editing node-heavy objects, using the Objects dialog, and when grouping/ungrouping. "



[1] https://inkscape.org/news/2020/05/04/introducing-inkscape-10/

A set of stable kernels

([Kernel] May 4, 2020 14:38 UTC (Mon) (ris))

Stable kernels [1]5.6.10 , [2]5.4.38 , [3]4.19.120 , [4]4.14.178 , [5]4.9.221 , and [6]4.4.221 have been released. They all contain important fixes and users should upgrade.



[1] https://lwn.net/Articles/819396/

[2] https://lwn.net/Articles/819397/

[3] https://lwn.net/Articles/819398/

[4] https://lwn.net/Articles/819399/

[5] https://lwn.net/Articles/819400/

[6] https://lwn.net/Articles/819401/

Security updates for Monday

([Security] May 4, 2020 14:22 UTC (Mon) (ris))

Security updates have been issued by Debian (mailman, openldap, pound, tomcat8, and trafficserver), Fedora (chromium, java-11-openjdk, kernel, openvpn, pxz, and rubygem-json), openSUSE (apache2, bouncycastle, chromium, git, python-typed-ast, resource-agents, ruby2.5, samba, squid, webkit2gtk3, and xen), Slackware (seamonkey), SUSE (LibVNCServer and permissions), and Ubuntu (mysql-5.7, mysql-8.0).

Kernel prepatch 5.7-rc4

([Kernel] May 3, 2020 22:21 UTC (Sun) (corbet))

The [1]fourth 5.7 kernel prepatch is out for testing. " Anyway, it doesn't feel like there's anything worrisome going on, so come on in and test the waters. "



[1] https://lwn.net/Articles/819326/

A pair of stable kernels

([Kernel] May 2, 2020 22:38 UTC (Sat) (corbet))

The [1]5.6.9 and [2]5.4.37 stable updates have been released with another set of important fixes. Note that the [3]4.19.120 , [4]4.14.178 , [5]4.9.221 , and [6]4.4.221 updates went into the review process at the same time as 5.6.9 and 5.4.37; they will probably show up in the near future.



[1] https://lwn.net/Articles/819282/

[2] https://lwn.net/Articles/819283/

[3] https://lwn.net/ml/linux-kernel/20200501131457.023036302@linuxfoundation.org/

[4] https://lwn.net/ml/linux-kernel/20200501131544.291247695@linuxfoundation.org/

[5] https://lwn.net/ml/linux-kernel/20200501131513.810761598@linuxfoundation.org/

[6] https://lwn.net/ml/linux-kernel/20200501131513.302599262@linuxfoundation.org/

Popcorn Linux pops up on linux-kernel

([Kernel] May 5, 2020 12:39 UTC (Tue) (corbet))

The end of April saw the posting of [1]a complex patch set called "Popcorn Linux distributed thread execution". It is the first appearance on the kernel mailing lists of an academic project (naturally called [2]Popcorn Linux ) that has been underway since 2013 or so. This project has, among other goals, the objective of turning a tightly networked set of computers into something that looks like a single system — a sort of NUMA machine with even larger than usual inter-node costs. The posted code, which is a portion of the larger project, is focused on process migration and memory sharing across machines. It is an interesting proof of concept, but one should not expect to see it merged in anything close to its current form.



[1] https://lwn.net/ml/linux-kernel/cover.1588127445.git.javier.malave@narfindustries.com/

[2] http://popcornlinux.org/

The 2020 Python Language Summit

([Development] May 1, 2020 16:54 UTC (Fri) (jake))

The 2020 Python Language Summit was held virtually this year, over two days, via videoconference, with discussions via voice and chat. The summit is a yearly gathering for developers of CPython, other Python implementations, and related projects. As with last year, A. Jesse Jiryu Davis covered the summit; his writeups are being [1]posted to the Python Software Foundation (PSF) blog. So far, all of the first day's session writeups are up, as well as two (of six) from the second day. Topics include " [2]All strings become f-strings ", " [3]The path forward for typing ", " [4]A formal specification for the (C)Python virtual machine ", and more.



[1] http://pyfound.blogspot.com/2020/04/the-2020-python-language-summit.html

[2] https://pyfound.blogspot.com/2020/04/all-strings-become-f-strings-python.html

[3] https://pyfound.blogspot.com/2020/04/the-path-forward-for-typing-python.html

[4] https://pyfound.blogspot.com/2020/04/a-formal-specification-for-cpython.html
More

Evolution is as much a fact as the earth turning on its axis and going around
the sun. At one time this was called the Copernican theory; but, when
evidence for a theory becomes so overwhelming that no informed person can
doubt it, it is customary for scientists to call it a fact. That all present
life descended from earlier forms, over vast stretches of geologic time, is
as firmly established as Copernican cosmology. Biologists differ only with
respect to theories about how the process operates.
-- Martin Gardner, "Irving Kristol and the Facts of Life".