ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Security updates for Friday

([Security] May 1, 2020 13:31 UTC (Fri) (jake))

Security updates have been issued by CentOS (git, java-1.7.0-openjdk, java-1.8.0-openjdk, java-11-openjdk, python-twisted-web, and thunderbird), Debian (dom4j, miniupnpc, otrs2, pound, ruby2.1, vlc, w3m, and yodl), Fedora (git, java-latest-openjdk, mingw-libxml2, php-horde-horde, pxz, sqliteodbc, and xen), Gentoo (cacti, django, fontforge, and libu2f-host), openSUSE (cacti, cacti-spine, chromium, python-typed-ast, and salt), Red Hat (gnutls and kernel), SUSE (kernel), and Ubuntu (edk2).

LWN.net Weekly Edition for May 7, 2020


Security updates for Thursday

([Security] Apr 30, 2020 13:48 UTC (Thu) (jake))

Security updates have been issued by Arch Linux (chromium, git, and webkit2gtk), Debian (nodejs and tiff), Fedora (libxml2, php-horde-horde, pxz, and sqliteodbc), Oracle (python-twisted-web), Red Hat (chromium-browser, git, and rh-git218-git), Scientific Linux (python-twisted-web), SUSE (ceph, kernel, munge, openldap2, salt, squid, and xen), and Ubuntu (mailman, python3.8, samba, and webkit2gtk).

Videos from the 2020 Copyleft Conference

([Announcements] Apr 29, 2020 22:41 UTC (Wed) (corbet))

The second annual [1]Copyleft Conference was held on February 3 in Brussels; [2]videos from the event have now been posted. " In his talk, Tony [Sebro] wonders whether the community around copyleft, like those around eschatology and Afro-centric hip-hop, has lost it's center and how we might entice new stakeholders to reinvest in our shared values. His keynote is a great place to start with this year's videos. "



[1] https://2020.copyleftconf.org/

[2] https://2020.copyleftconf.org/video

[$] Atomic extent swapping for XFS

([Kernel] May 1, 2020 18:16 UTC (Fri) (corbet))

Normally, files exist in a filesystem to keep data contained within them separated; seeing data exchanged directly between files is often a sign of filesystem corruption. There are, however, use cases where it is desirable to be able to perform a controlled swap of data between a pair of files. Darrick Wong has recently posted [1]a patch set implementing this feature for the XFS filesystem, but also making it available in a general way.



[1] https://lwn.net/ml/linux-fsdevel/158812825316.168506.932540609191384366.stgit@magnolia/

[$] PHP showing its maturity in release 7.4

([Development] May 4, 2020 21:20 UTC (Mon) (coogle))

This year PHP turned 25 and, as with all things, the hope is that with age comes wisdom and maturity. Often derided as a great way to write bad (and insecure) code, PHP is hard to ignore completely when it is used in nearly [1]eight out of ten websites . With PHP 7.4.5 [2]released in April, it's worthwhile to take a look at modern PHP, how it has evolved to address the criticisms of the past, and what lies ahead in its future.



[1] https://w3techs.com/technologies/details/pl-php

[2] https://www.php.net/archive/2020.php#2020-04-16-2

Three stable kernels

([Kernel] Apr 29, 2020 18:38 UTC (Wed) (ris))

Stable kernels [1]5.6.8 , [2]5.4.36 , and [3]4.19.119 have been released with important fixes. Users should upgrade.



[1] https://lwn.net/Articles/818964/

[2] https://lwn.net/Articles/818965/

[3] https://lwn.net/Articles/818966/

TDE celebrating its 10th anniversary with new R14.0.8 release

([Development] Apr 29, 2020 16:37 UTC (Wed) (ris))

The Trinity Desktop Environment (TDE) [1]R14.0.8 release is out. Trinity started out as a fork of KDE 3. " Ten years ago today, the Trinity Desktop Environment (TDE) saw the release of its first version (3.5.11). Lot of things have happened since that day but TDE has continued to grow and flourish throughout the years. Today the project is healthier than ever, with dedicated self-hosted servers, regular releases, modern collaboration tools and a vibrant community of users and enthusiasts. "



[1] http://www.trinitydesktop.org/newsentry.php?entry=2020.04.29

Security updates for Wednesday

([Security] Apr 29, 2020 14:45 UTC (Wed) (ris))

Security updates have been issued by Debian (kernel, openjdk-7, openjdk-8, and openldap), Fedora (openvpn), openSUSE (teeworlds and vlc), Red Hat (bind, binutils, bluez, container-tools:1.0, container-tools:2.0, container-tools:rhel8, cups, curl, dnsmasq, dpdk, e2fsprogs, edk2, evolution, exiv2, fontforge, freeradius:3.0, gcc, gdb, glibc, GNOME, grafana, GStreamer, libmad, and SDL, haproxy, ibus and glib2, irssi, kernel, kernel-rt, liblouis, libmspack, libreoffice, libsndfile, libtiff, libxml2, memcached, mod_auth_mellon, openssl, patch, php:7.2, pki-core:10.6 and pki-deps:10.6, python-pip, python-twisted-web, python27:2.7, python3, qt5, rsyslog, ruby, samba, sqlite, sudo, systemd, targetcli, tcpdump, unbound, unzip, wavpack, and zziplib), SUSE (samba, squid, and webkit2gtk3), and Ubuntu (kernel, linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe,linux-kvm, linux-raspi2, linux-raspi2-5.3, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,linux-snapdragon, linux-gke-5.0, linux-oem-osp11, and samba).

Fedora security response time

([Distributions] Apr 29, 2020 20:45 UTC (Wed) (jake))

A call for faster Fedora updates in response to security vulnerabilities was recently posted to the Fedora devel mailing list; it urgently advocated changes to the process so that updates, in general, and to the kernel and packages based on web browsers, in particular, are handled more expeditiously. While Fedora developers are sympathetic to that, there is only so much the distribution can do as there are logistical and other hurdles between Fedora and its users. It turns out that, to a great extent, Fedora can already move quickly when it needs to.

[$] Authenticated Btrfs

([Kernel] Apr 30, 2020 15:59 UTC (Thu) (corbet))

Developers who are concerned about system integrity often put a fair amount of effort into ensuring that data stored on disk cannot be tampered with without being detected. Technologies like [1]dm-verity and [2]fs-verity are attempts to solve this problem, as is the recently covered [3]integrity policy enforcement security module . More Recently, Johannes Thumshirn has posted [4]a patch series adding filesystem-level authentication to Btrfs; it promises to provide integrity with a surprisingly small amount of code.



[1] https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html

[2] https://lwn.net/Articles/790185/

[3] https://lwn.net/Articles/817472/

[4] https://lwn.net/ml/linux-fsdevel/20200428105859.4719-1-jth@kernel.org/

Schaller: Fedora Workstation : Swamp draining for 6 years

([Distributions] Apr 28, 2020 17:20 UTC (Tue) (corbet))

Christian Schaller [1]writes about the desktop improvements found in Fedora 32 — and beyond. " We spent a lot of time and energy over the last 6 years to get to where we are now, putting in place a lot of the basic building blocks needed to make Linux a great desktop operating system. And it feels great that just as we kick of the new line of Lenovo laptops running Fedora we are also entering a new phase of development where we can move beyond getting our basic infrastructure in place, but we can really start taking advantage of it to rapidly improve the experience we are providing even more. A good example is the Firefox work mentioned above, where we finally could move on from ‘make it work with Wayland and PipeWire, to ‘lets take advantage of these new pieces to make Firefox on Linux better’. "



[1] https://blogs.gnome.org/uraeus/2020/04/28/fedora-workstation-swamp-draining-for-6-years/

Security updates for Tuesday

([Security] Apr 28, 2020 14:52 UTC (Tue) (ris))

Security updates have been issued by CentOS (firefox, java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, qemu-kvm, and thunderbird), Debian (qemu and ruby-json), Fedora (chromium, haproxy, and libssh), openSUSE (cacti, cacti-spine and teeworlds), Oracle (kernel), SUSE (apache2, git, kernel, ovmf, and xen), and Ubuntu (cups, file-roller, and re2c).

Fedora 32 released

([Distributions] Apr 28, 2020 14:15 UTC (Tue) (corbet))

The [1]Fedora 32 distribution release is out, in workstation, server, and CoreOS variants. " Following our 'First' foundation, we’ve updated key programming language and system library packages, including GCC 10, Ruby 2.7, and Python 3.8. Of course, with Python 2 past end-of-life, we’ve removed most Python 2 packages from Fedora. A legacy python27 package is provided for developers and users who still need it. In Fedora Workstation, we’ve enabled the EarlyOOM service by default to improve the user experience in low-memory situations. "



[1] https://fedoramagazine.org/announcing-fedora-32/

Improving Python's SimpleNamespace

([Development] Apr 29, 2020 16:51 UTC (Wed) (jake))

Python's [1]SimpleNamespace class provides an easy way for a programmer to create an object to store values as attributes without creating their own (almost empty) class. While it is useful (and used) in its present form, Raymond Hettinger thinks it could be better. He would like to see the hooks used by mappings (e.g. dictionaries) added to the class, so that attributes can be added and removed using either x.a or x['a'] . It would bring benefits for JSON handling and more in the language.



[1] https://docs.python.org/3/library/types.html#types.SimpleNamespace

Security updates for Monday

([Security] Apr 27, 2020 15:27 UTC (Mon) (ris))

Security updates have been issued by Arch Linux (chromium), Debian (eog, jsch, libgsf, mailman, ncmpc, openjdk-11, php5, python-reportlab, radicale, and rzip), Fedora (ansible, dolphin-emu, git, gnuchess, liblas, openvpn, php, qt5-qtbase, rubygem-rake, snakeyaml, webkit2gtk3, and wireshark), Mageia (chromium-browser-stable, git, java-1.8.0-openjdk, kernel, kernel-linus, mp3gain, and virtualbox), openSUSE (crawl, cups, freeradius-server, kubernetes, and otrs), SUSE (apache2, kernel, pam_radius, resource-agents, and webkit2gtk3), and Ubuntu (openexr).

Dumping kernel data structures with BPF

([Kernel] Apr 27, 2020 23:20 UTC (Mon) (corbet))

For as long as operating systems have had kernels, there has been a need to extract information from data structures stored within those kernels. Over the years, a wide range of approaches have been taken to make that information available. In current times, it has become natural to reach for BPF as the tool of choice for a variety of problems, and getting information from kernel data structures is no exception. There are two patches in circulation that take rather different approaches to using BPF to dump information from kernel data structures to user space.

Kernel prepatch 5.7-rc3

([Kernel] Apr 26, 2020 22:28 UTC (Sun) (corbet))

The [1]5.7-rc3 kernel prepatch is out for testing. " Again, that all looks very normal and very much 'nothing really odd stands out'. In a world gone mad, the kernel looks almost boringly regular. Which is just how I like it. "



[1] https://lwn.net/Articles/818687/

Kdenlive 20.04 is out

([Development] Apr 24, 2020 23:23 UTC (Fri) (jake))

Version 20.04 of the [1]Kdenlive libre video editor has been [2]released . " The highlights include major speed improvements due to the Preview Scaling feature, New rating, tagging sorting and filtering of clips in the Project Bin for a great logging experience, Pitch shifting is now possible when using the speed effect, Multicam editing improvements and OpenTimelineIO support. Besides all the shiny new features, this version comes with fixes for 40 critical stability issues as well as a major revamp of the user experience. Kdenlive is now more reliable than ever before. "



[1] https://kdenlive.org/en/

[2] https://kdenlive.org/en/2020/04/kdenlive-20-04-is-out/

Help wanted at LWN

([Front] Apr 24, 2020 20:43 UTC (Fri) (corbet))

Keeping LWN going is a full-time job — indeed, it is multiple full-time jobs. We are currently hiring another writer to help us get this work done and to help expand our content range. If you have a deep understanding of the Linux and free-software communities and can write high-quality English, this is your chance to write for one of the most engaged and challenging reader communities around; we would like to hear from you.
More

"...I could accept this openness, glasnost, perestroika, or whatever you want
to call it if they did these things: abolish the one party system; open the
Soviet frontier and allow Soviet people to travel freely; allow the Soviet
people to have real free enterprise; allow Western businessmen to do business
there, and permit freedom of speech and of the press. But so far, the whole
country is like a concentration camp. The barbed wire on the fence around
the Soviet Union is to keep people inside, in the dark. This openness that
you are seeing, all these changes, are cosmetic and they have been designed
to impress shortsighted, naive, sometimes stupid Western leaders. These
leaders gush over Gorbachev, hoping to do business with the Soviet Union or
appease it. He will say: "Yes, we can do business!" This while his
military machine in Afghanistan has killed over a million people out of a
population of 17 million. Can you imagine that?
-- Victor Belenko, MiG-25 fighter pilot who defected in 1976
"Defense Electronics", Vol 20, No. 6, pg. 110