Linux Weekly News

Fuzzing is a testing technique with randomized inputs that is used to find problematic edge cases or security problems in code that accepts user input. Go package developers can use Dmitry Vyukov's popular go-fuzz tool for fuzz testing their code; it has found hundreds of obscure bugs in the Go standard library as well as in third-party packages. However, this tool is not built in, and is not as simple to use as it could be; to address this, Go team member Katie Hockman recently published a draft design that proposes adding fuzz testing as a first-class feature of the standard go test command.

Security updates have been issued by Debian (icingaweb2 and mongodb), Fedora (nss), Gentoo (chromium and shadow), Mageia (ghostscript, kdepim-runtime, kmail-account-wizard, luajit, mysql-connector-python, and python-ipaddress), openSUSE (python, python3, and webkit2gtk3), Red Hat (kernel and kernel-alt), Slackware (firefox), SUSE (squid3), and Ubuntu (bind9, ghostscript, net-snmp, postgresql-10, postgresql-12, postgresql-9.5, and sane-backends).

CAELinux is a distribution focused on computer-aided engineering (CAE) maintained by Joël Cugnoni. Designed with students and academics in mind, the distribution is loaded with open-source software that can be used to model everything from pig livers to airfoils. Cugnoni's latest release, CAELinux 2020, was made on August 11; readers with engineering interests may want to take a look.

Security updates have been issued by Debian (firejail, icingaweb2, inetutils, libjackson-json-java, proftpd-dfsg, python2.7, software-properties, and sqlite3), Fedora (chrony), Mageia (chrony), openSUSE (dovecot23, postgresql12, and python), Slackware (bind), SUSE (gettext-runtime and SUSE Manager Server 3.2), and Ubuntu (bind9).

The 5.9-rc2 kernel prepatch is out for testing. "Nothing in particular stands out, there's a random collection of fixes and updates in here."

The proposed fsinfo() system call, which returns extended information about mounted filesystems, was first covered here just over one year ago. The form of fsinfo() has not changed much in that year, but the debate over merging it continues. To some, fsinfo() is needed to efficiently obtain information about filesystems; to others, it is an unnecessary and over-engineered mechanism. Changes will probably be necessary if this feature is ever to make it into the mainline kernel.

The 5.8.3, 5.7.17, 5.4.60, 4.19.141, 4.14.194, 4.9.233, and 4.4.233 stable kernels have been released. As usual, they contain lots of fixes all over the kernel tree. Users of those kernel series should upgrade.

Security updates have been issued by Debian (ghostscript), Fedora (curl and mod_http2), Mageia (ngircd), openSUSE (kernel), SUSE (libreoffice), and Ubuntu (curl).

The Fedora 33 release is currently scheduled for late October; as part of the process of designing this release, the deadline for system-wide change proposals was set for June 30. This release already has a substantial number of big changes in the works, so one might be forgiven for being surprised by a system-wide change proposal that appeared on August 4, which looks to be pre-approved. Not only that, but this proposal expands the small set of official Fedora "editions" by adding the relatively obscure Fedora Internet of Things Edition.

Security updates have been issued by Fedora (ansible, libmetalink, roundcubemail, rubygem-kramdown, sqlite, and swtpm), Slackware (curl), SUSE (python and python3), and Ubuntu (qemu).

The LWN.net Weekly Edition for August 20, 2020 is available.

The Document Foundation (TDF) has announced the release of LibreOffice 7.0. This major release is a significant upgrade from version 6.4.6, focusing on interoperability with Microsoft Office, general performance, and support for OpenDocument Format (ODF) version 1.3. A complete list of new features and bug fixes can be found in the release notes.

Stable kernels 5.8.2, 5.7.16, 5.4.59, and 4.19.140 have been released. There are many important fixes and users should upgrade.

Security updates have been issued by Debian (imagemagick and ruby-websocket-extensions), Fedora (libetpan, LibRaw, and php), Gentoo (nss), Mageia (apache, ark, clamav, claws-mail, dovecot, firefox, firejail, freerdp, golang, jasper, kernel, libssh, libx11, postgresql-jdbc, python-rstlib, radare2, roundcubemail, squid, targetcli, thunderbird, tomcat, and x11-server), Red Hat (rh-mysql80-mysql), SUSE (dovecot22, freerdp, libvirt, and postgresql12), and Ubuntu (curl and linux-hwe, linux-azure-5.3, linux-gke-5.3).

Linus Walleij continues his exploration of the boot process for the 32-bit Arm kernel. "BAM! The MMU is on. The next instruction (which is incidentally an instruction cache flush) will be executed from virtual memory. We don’t notice anything at first, but we are executing in virtual memory. When we return by jumping to the address passed in r13, we enter __mmap_switched at the virtual memory address of this function, somewhere below PAGE_OFFSET (typically 0xC0nnnnnn). We can now facilitate absolute addressing: the kernel is executing as intended."

In this followup to our coverage of the release of gnuplot 5.4, we look more deeply at one of the new features: voxel plots. We only briefly touched on these plots in that article, but they are the most conspicuous addition in this release of the free-software graphing tool. Voxel plotting provides multiple ways to visualize 3D data, so it is worth looking at this new plot type in more detail.

The Rust blog announces the creation of an independent foundation for the language. "This foundation’s first task will be something Rust is already great at: taking ownership. This time, the resource is legal, rather than something in a program. The various trademarks and domain names associated with Rust, Cargo, and crates.io will move into the foundation, which will also take financial responsibility for the costs they incur. We see this first iteration of the foundation as just the beginning. There’s a lot of possibilities for growing the role of the foundation, and we’re excited to explore those in the future."

Security updates have been issued by Debian (sane-backends), Fedora (kernel, LibRaw, and wob), openSUSE (balsa, hylafax+, postgresql, postgresql96, postgresql10, postgresql12, and postgresql96, postgresql10 and postgresql12), Oracle (.NET Core 3.1), Red Hat (bash and bind), SUSE (dovecot23, firefox, fwupd, postgresql10, postgresql12, python-azure-agent, and zabbix), and Ubuntu (ark, gnome-shell, libonig, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux-gke-5.0, linux-oem-osp1, and software-properties).

Sourcegraph is a tool for searching and navigating around large code bases. The tool has various search methods, including regular-expression search, and "structural search", which is a relatively new technique that is language-aware. The open-source core of the tool comes with code search, go-to-definition and other "code intelligence" features, which provide ways for developers to make sense of multi-repository code bases. Sourcegraph's code-searching tools can show documentation for functions and methods on mouse hover and allow developers to quickly jump to definitions or to find all references to a particular identifier.

By the time Linus Torvalds released 5.9-rc1 and closed the merge window for this cycle, 12,866 non-merge changesets had been pulled into the mainline repository. Nearly 9,000 of those came in after the first 5.9 merge-window summary was written. Clearly the kernel-development community remains busy. Much of what was merged takes the form of cleanups and restructuring, as always, but there was also a substantial set of new features.