Security updates for Friday
([Security] Oct 23, 2020 15:59 UTC (Fri) (coogle))
Security updates have been issued by Gentoo (freetype), openSUSE (mailman), Red Hat (firefox, java-11-openjdk, and rh-maven35-jackson-databind), SUSE (kernel, mercurial, openldap2, python-pip, and xen), and Ubuntu (firefox, netty-3.9, and python-pip).
Ubuntu 20.10 (Groovy Gorilla) released
([Distributions] Oct 22, 2020 18:50 UTC (Thu) (corbet))
The Ubuntu 20.10 release is out. " The Ubuntu kernel has been updated to the 5.8 based Linux kernel, and our default toolchain has moved to gcc 10 with glibc 2.32. Additionally, there is now a desktop variant of the Raspberry Pi image for Raspberry Pi 4 4GB and 8GB. Ubuntu Desktop 20.10 introduces GNOME 3.38, the fastest release yet with significant performance improvements delivering a more responsive Experience ". See [1]the release notes for more details.
[1] https://discourse.ubuntu.com/t/groovy-gorilla-release-notes/15533
[1] https://discourse.ubuntu.com/t/groovy-gorilla-release-notes/15533
Security updates for Thursday
([Security] Oct 22, 2020 16:13 UTC (Thu) (coogle))
Security updates have been issued by Arch Linux (freetype2), Debian (bluez, firefox-esr, and freetype), Fedora (firefox), openSUSE (chromium), Oracle (kernel), Red Hat (java-11-openjdk), Slackware (kernel), SUSE (freetype2, gnutls, kernel, php7, and tomcat), and Ubuntu (flightgear, italc, libapache2-mod-auth-mellon, libetpan, and php-imagick).
LWN.net Weekly Edition for October 29, 2020
Security updates for Wednesday
([Security] Oct 21, 2020 14:50 UTC (Wed) (ris))
Security updates have been issued by Arch Linux (kdeconnect, kernel, kpmcore, lib32-freetype2, linux-hardened, linux-lts, linux-zen, lua, and powerdns-recursor), Debian (mariadb-10.1 and mariadb-10.3), Fedora (thunderbird), Mageia (claw-mail, freetype2, geary, kernel, and tigervnc), Oracle (nodejs:12), Red Hat (python27, rh-postgresql96-postgresql, and rh-python38), Slackware (freetype), SUSE (hunspell, kernel, libvirt, and taglib), and Ubuntu (grunt, quassel, and tomcat9).
[$] Constant-action bitmaps for seccomp()
([Kernel] Oct 22, 2020 16:26 UTC (Thu) (corbet))
The [1]seccomp() system call allows user space to load one or more (classic) BPF programs to be run whenever the calling process invokes a system call. Those programs can examine ( [2]to an extent ) the arguments to each call and inform the kernel whether the call should be allowed to proceed or not. This feature is used in a number of containerization solutions (and beyond) as a way of reducing the kernel's attack surface. In some situations, though, using seccomp() can result in a significant performance reduction. There are currently two patch sets in circulation that are aimed at reducing the overhead of seccomp() for one common use case.
[1] https://man7.org/linux/man-pages/man2/seccomp.2.html
[2] https://lwn.net/Articles/799557/
[1] https://man7.org/linux/man-pages/man2/seccomp.2.html
[2] https://lwn.net/Articles/799557/
Firefox 82.0 and ESR 78.4.0
([Development] Oct 20, 2020 17:33 UTC (Tue) (ris))
Firefox 82.0 has been released, with improvements " that make watching videos more delightful " and improved performance. Firefox ESR 78.4.0 is also available with various stability, functionality, and security fixes. See the release notes ( [1]82.0 , [2]78.4.0 ) for details.
[1] https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
[2] https://www.mozilla.org/en-US/firefox/78.4.0/releasenotes/
[1] https://www.mozilla.org/en-US/firefox/82.0/releasenotes/
[2] https://www.mozilla.org/en-US/firefox/78.4.0/releasenotes/
Security updates for Tuesday
([Security] Oct 20, 2020 14:54 UTC (Tue) (ris))
Security updates have been issued by Debian (python-flask-cors), Fedora (kleopatra, nextcloud, and phpMyAdmin), Gentoo (ark, libjpeg-turbo, libraw, and libxml2), openSUSE (bind, kernel, php7, and transfig), Red Hat (kernel, kernel-alt, kernel-rt, rh-python36, virt:8.1 and virt-devel:8.1, and virt:8.2 and virt-devel:8.2), and Ubuntu (collabtive, freetype, linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon, and linux-oem-osp1, linux-raspi2-5.3).
Combating abuse in Matrix - without backdoors (Matrix blog)
([Security] Oct 20, 2020 14:12 UTC (Tue) (corbet))
[1]This Matrix blog entry describes a planned reputation-management system that, it is claimed, accomplishes some of the same goals as government backdoors without the need to compromise end-to-end encryption. " Just like the Web, Email or the Internet as a whole, there is literally no way to unilaterally censor or block content in Matrix. But what we can do is provide first-class infrastructure to let users (and room/community moderators and server admins) make up their own mind about who to trust, and what content to allow. This would also provide a means for authorities to publish reputation data about illegal content, providing a privacy-respecting mechanism that admins/mods/users can use to keep illegal content away from their servers/clients. "
[1] https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix-without-backdoors
[1] https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix-without-backdoors
[$] Rejuvenating Autoconf
([Development] Oct 23, 2020 16:08 UTC (Fri) (sumanah))
GNU [1]Autoconf , a widely used build tool that shines at compatibility with a variety of Unixes, has accumulated many improvements since its last release in 2012 — and there are patches awaiting review. While many projects have switched to other build systems, interest in Autoconf remains. Now, a small team (disclaimer: including article author Sumana Harihareswara) is rejuvenating it, working through some deferred maintenance and code review. A [2]testable beta is now out , a new stable release is due in early November, and interested parties can build on this momentum to further refresh the rest of the [3]GNU Build System (also known as Autotools).
[1] https://www.gnu.org/software/autoconf/
[2] https://lists.gnu.org/archive/html/autotools-announce/2020-09/msg00000.html
[3] https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/autoconf.html#The-GNU-Build-System
[1] https://www.gnu.org/software/autoconf/
[2] https://lists.gnu.org/archive/html/autotools-announce/2020-09/msg00000.html
[3] https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/autoconf.html#The-GNU-Build-System
Git v2.29.0 released
([Development] Oct 19, 2020 18:52 UTC (Mon) (corbet))
Version 2.29.0 of the Git source-code management system is out. This release includes a long list of smallish improvements; click below for the details. Also present is the code enabling Git to [1]switch to the SHA-256 hash algorithm ; this feature is still deemed experimental, though, and interoperability with SHA-1 repositories is not yet available.
[1] https://lwn.net/Articles/823352/
[1] https://lwn.net/Articles/823352/
What is coming in PHP 8
([Development] Oct 21, 2020 16:22 UTC (Wed) (coogle))
Recently, PHP 8 release candidate 2 was [1]posted by the project. A lot of changes are coming with this release, including a [2]just-in-time compiler , a good number of backward-compatibility breaks, and new features that developers have been requesting for years. Now that the dust has settled, and the community is focusing on squashing bugs for the general-availability release [3]scheduled for November 26, it's a good time to look at what to expect.
[1] https://www.php.net/archive/2020.php#2020-10-16-1
[2] https://wiki.php.net/rfc/jit
[3] https://wiki.php.net/todo/php80
[1] https://www.php.net/archive/2020.php#2020-10-16-1
[2] https://wiki.php.net/rfc/jit
[3] https://wiki.php.net/todo/php80
Security updates for Monday
([Security] Oct 19, 2020 15:03 UTC (Mon) (ris))
Security updates have been issued by Debian (kernel, thunderbird, and yaws), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, kata-agent, libdnf, librepo, and wireshark), Gentoo (chromium and firefox), Mageia (brotli, flash-player-plugin, php, phpmyadmin, and wireshark), openSUSE (crmsh, gcc10, nvptx-tools, icingaweb2, kernel, libproxy, pdns-recursor, phpMyAdmin, and rubygem-activesupport-5_1), Red Hat (nodejs:12 and rh-maven35-apache-commons-collections4), and SUSE (gcc10, nvptx-tools and transfig).
The accelerating adoption of Julia
([Development] Oct 20, 2020 15:52 UTC (Tue) (leephillips))
The [1]Julia programming language has seen a major increase in its use and popularity over the last few years. We last [2]looked at it two years ago, around the time of the [3]Julia 1.0 release . Here, we will look at some of the changes since that release, none of which are major, as well as some newer resources for learning the language, but the main focus of this article is a case study that is meant to help show why the language has been taking off. A follow-up article will introduce a new computational notebook for Julia, called [4]Pluto , that is akin to [5]Jupyter notebooks .
[1] http://julialang.org/
[2] https://lwn.net/Articles/763626/
[3] https://julialang.org/blog/2018/08/one-point-zero/
[4] https://github.com/fonsp/Pluto.jl
[5] https://lwn.net/Articles/746386/
[1] http://julialang.org/
[2] https://lwn.net/Articles/763626/
[3] https://julialang.org/blog/2018/08/one-point-zero/
[4] https://github.com/fonsp/Pluto.jl
[5] https://lwn.net/Articles/746386/
A set of weekend stable kernel updates
([Kernel] Oct 17, 2020 15:27 UTC (Sat) (corbet))
The [1]5.9.1 , [2]5.8.16 , [3]5.4.72 , [4]4.19.152 , [5]4.14.202 , [6]4.9.240 , and [7]4.4.240 stable updates have all been released; each contains another set of important fixes.
[1] https://lwn.net/Articles/834535/
[2] https://lwn.net/Articles/834536/
[3] https://lwn.net/Articles/834537/
[4] https://lwn.net/Articles/834538/
[5] https://lwn.net/Articles/834539/
[6] https://lwn.net/Articles/834540/
[7] https://lwn.net/Articles/834541/
[1] https://lwn.net/Articles/834535/
[2] https://lwn.net/Articles/834536/
[3] https://lwn.net/Articles/834537/
[4] https://lwn.net/Articles/834538/
[5] https://lwn.net/Articles/834539/
[6] https://lwn.net/Articles/834540/
[7] https://lwn.net/Articles/834541/
The rest of the 5.10 merge window
([Kernel] Oct 26, 2020 15:11 UTC (Mon) (corbet))
Linus Torvalds [1]released 5.10-rc1 and closed the 5.10 merge window on October 25; by that time, 13,903 non-merge changesets had been pulled into the mainline repository. Of those, over 6,700 were merged since [2]LWN's summary of the first half of the merge window. A fair number of interesting features found their way into the kernel among those commits; read on to catch up with what's coming in 5.10.
[1] https://lwn.net/ml/linux-kernel/CAHk-=whcRFYSm0jj3Xh3xCyBaxCHA1ZMNO0h_gZso_WZFDUtiQ@mail.gmail.com/
[2] https://lwn.net/Articles/834157/
[1] https://lwn.net/ml/linux-kernel/CAHk-=whcRFYSm0jj3Xh3xCyBaxCHA1ZMNO0h_gZso_WZFDUtiQ@mail.gmail.com/
[2] https://lwn.net/Articles/834157/
Security updates for Friday
([Security] Oct 16, 2020 15:41 UTC (Fri) (coogle))
Security updates have been issued by Fedora (dnf, kernel, libdnf, python27, and python34), SUSE (blktrace, crmsh, php7, and php72), and Ubuntu (containerd, docker.io, firefox, htmlunit, and newsbeuter).
linux.conf.au 2021 call for sessions and miniconfs
([Announcements] Oct 15, 2020 21:39 UTC (Thu) (corbet))
The 2021 edition of [1]linux.conf.au will be held online on January 23-25, 2021; the call for proposals has gone out with a relatively tight deadline of November 6. " Our theme is 'So what's next?'. We all know we're living through unprecedented change and uncertain times. How can open source play a role in creating, helping and adapting to this ongoing change? What new developments in software and coding can we look forward to in 2021 and beyond? " Since there is no travel involved, this is a rare opportunity for those who have not normally been able to participate in LCA.
[1] https://linux.conf.au/
[1] https://linux.conf.au/
Security updates for Thursday
([Security] Oct 15, 2020 15:44 UTC (Thu) (coogle))
Security updates have been issued by Arch Linux (chromium), Debian (httpcomponents-client), Fedora (claws-mail), SUSE (bcm43xx-firmware, crmsh, libqt5-qtimageformats, libqt5-qtsvg, php53, php7, and rubygem-activesupport-4_2), and Ubuntu (php5, php7.0, php7.2, php7.4, python2.7, python3.4, python3.5, python3.6, and vim).
Professional sample - not for sale.