Linux Weekly News

Security updates have been issued by Debian (ksh), openSUSE (ant, chromium, ldb, samba, and LibVNCServer), Red Hat (dbus, kernel, kernel-rt, and NetworkManager), and SUSE (cni-plugins, firefox, openexr, Salt, salt, SUSE Manager Client Tools, and tomcat).

Contact tracing is a way to help prevent the spread of a disease, such as COVID-19, by identifying an infected person's contacts so that they can be informed of the infection risk. In the first part of this series, we introduced open-source contact-tracing applications developed in response to the current pandemic, and described how they work. In this part, we look into the details of some of them, of both centralized and decentralized design. These application projects have all released their source code, but they differ in the implementation details, licenses used, and whether they accept user requests or patches. We conclude with the controversies around the tracing applications and the responses to them.

Security updates have been issued by Debian (libopenmpt, nginx, nss, qemu, rails, redis, ruby-sanitize, and tomcat9), Fedora (glibc, libldb, nspr, nss, samba, and webkit2gtk3), openSUSE (cairo, firefox, google-compute-engine, LibVNCServer, mumble, ntp, openconnect, openexr, openldap2, pdns-recursor, python-ipaddress, rubygem-puma, samba, singularity, slirp4netns, thunderbird, xen, and xrdp), and Oracle (.NET Core, .NET Core 3.1, java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird).

The 5.8-rc6 kernel prepatch is out for testing. "Things continue to look very normal, even if this is a big release. rc6 is pretty much par for the course, and nothing in here stands out size-wise or otherwise."

Back in June, LWN covered a patch set adding a mechanism intended to help systems like Wine emulate Windows system calls on a Linux system. That patch set got a lot of attention and comments, with the result that its form has changed considerably. Gabriel Krisman Bertazi has now posted a new patch set that takes a different approach to solving the same problem.

Security updates have been issued by Fedora (bashtop and python39), openSUSE (openexr), Red Hat (java-1.8.0-openjdk), and Scientific Linux (thunderbird).

Flutter is Google's open-source toolkit to build cross-device (and cross-platform) applications. Based on the Dart programming language released by the company in 2013, Flutter promises developers the ability to write and maintain a single application that runs on all of a user's devices. Flutter applications support deployment on Android, iOS, Web browsers via JavaScript, macOS, and now Canonical and Google have teamed up to support Flutter applications in Linux. Promises of native speed, rapid development, and a growing community make it an interesting technology to take a look at.

Greg Kroah-Hartman has released the 5.7.9, 5.4.52, and 4.19.133 stable kernels. As usual, these contain lots of important fixes throughout the tree; users should upgrade.

Security updates have been issued by Debian (evolution-data-server and webkit2gtk), Fedora (kernel, snapd, and xen), openSUSE (thunderbird and xen), Oracle (dbus and thunderbird), Red Hat (java-1.8.0-openjdk, java-11-openjdk, jbig2dec, sane-backends, and thunderbird), Scientific Linux (kernel), SUSE (cairo, containerd, docker, docker-runc, golang-github-docker-libnetwork, google-compute-engine, mailman, mercurial, openconnect, openexr, and xrdp), and Ubuntu (libvpx and snapd).

The LWN.net Weekly Edition for July 16, 2020 is available.

LWN recently covered the effort within the LibreOffice project to find ways to support the companies doing the bulk of the development work. The project has now posted a revised marketing plan [PDF] with a number of changes, including the removal of the "personal edition" name. Regarding LibreOffice Online: "Following our normal development process, the Ecosystem will release their own versions in their own timing, allowing some features to reach their Enterprise versions before they are subsequently shipped in TDF builds (this allows the Ecosystem to positively differentiate by contributing new features & functionality)".

The OMG! Ubuntu! site reports that the Debian "popularity contest" application is being removed from Ubuntu. "But with Snaps, Flatpaks, PPAs and other avenues giving developers more direct ways to market to users (not to mention more accurate numbers on how many people use their software) the relative merits of 'what's popular in the repos' is …Well, a touch moot."

Lua version 5.4 was released at the end of June; it is the fifteenth major version of the lightweight scripting language since its creation in 1993. New in 5.4 is a generational mode for the garbage collector, which performs better for programs with lots of short-lived allocations. The language now supports "attributes" on local variables, allowing developers to mark variables as constant (const) or resources as closeable (close). There were also significant performance improvements over 5.3 along with a host of minor changes.

The openSUSE board troubles that LWN reported on in March have continued to simmer, and the promised election for an empty seat has not yet been held. During this time, instead, the project has voted on a petition to declare a lack of confidence in the board as a whole, a result that would have forced the election of an entirely new board. In the end, the number of votes fell far short of the number required, and the existing board will move forward with the election plan.

Security updates have been issued by CentOS (dbus), Debian (python3.5), Fedora (podofo and roundcubemail), Oracle (dbus, dovecot, jbig2dec, kernel, nodejs:10, nodejs:12, sane-backends, and thunderbird), Red Hat (.NET Core and kernel), SUSE (ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm, bind, jasper, java-1_8_0-openjdk, LibVNCServer, libxml2, python-ipaddress, rubygem-bundler, rubygem-puma, samba, slirp4netns, xen, and xrdp), and Ubuntu (firefox and webkit2gtk).

The io_uring subsystem is not much over one year old, having been merged for the 5.1 kernel in May 2019. It was initially added as a better way to perform asynchronous I/O from user space; over time it has gained numerous features and support for functionality beyond just moving bits around. What it has not yet gained is any sort of security mechanism beyond what the kernel already provides for the underlying system calls. That may be about to change, though, as the result of this patch set from Stefano Garzarella adding a set of user-configurable restrictions to io_uring.

Security updates have been issued by Fedora (mingw-podofo and python-rsa), openSUSE (LibVNCServer, mozilla-nss, nasm, openldap2, and permissions), Red Hat (dovecot, sane-backends, and thunderbird), Scientific Linux (dbus), and SUSE (firefox and thunderbird).

In an earlier article, guest author Martin Michlmayr reviewed the todo.txt and Taskwarrior task managers. This article continues the process of examining task managers by looking at tools for Org mode, which is a system originally created for Emacs, as well as at tools that make use of the iCalendar standard. It is time to find out whether he can find a system that meets his needs.

Security updates have been issued by Debian (chromium, mailman, openjpeg2, ruby-rack, squid3, tomcat8, and xen), Fedora (botan2, kernel, LibRaw, mingw-OpenEXR, mingw-podofo, podofo, seamonkey, squid, and webkit2gtk3), Mageia (ffmpeg, mbedtls, mediawiki, and xpdf), Oracle (kernel), Red Hat (bind, dbus, jbig2dec, and rh-nodejs12-nodejs), and SUSE (graphviz and xen).

The 5.8-rc5 kernel prepatch is out for testing; it's a relatively large set of changes. "Maybe I'm in denial, but I still think we might hit the usual release schedule. A few more weeks to go before I need to make that decision, so it won't be keeping me up at night."