Hírolvasó

Python has keyword arguments for functions that is a useful (and popular) feature; it can make reading the code more clear and eliminate the possibility of passing arguments in the wrong order. Python can also index an object in various ways to refer to a subset or an aspect of the object. Bringing the idea of keywords to indexing would provide a way to get the clarity benefit for indexing operations; doing so has been discussed in Python circles for a long time. Some renewed interest, in the form of lengthy discussions on the python-ideas mailing list and a new Python enhancement proposal (PEP), look like they just might take keyword indexing over the finish line.

Security updates have been issued by Debian (blueman), Fedora (nodejs), Gentoo (firefox), openSUSE (kleopatra), Oracle (java-1.8.0-openjdk), SUSE (apache2, binutils, firefox, pacemaker, sane-backends, spice, spice-gtk, tomcat, virt-bootstrap, xen, and zeromq), and Ubuntu (ca-certificates, mariadb-10.1, mariadb-10.3, netty, openjdk-8, openjdk-lts, perl, and tomcat6).

Address-space isolation is the technique of removing a range of memory from one or more address spaces as a way of preventing accidental or malicious access to that memory. Since the disclosure of the Meltdown and Spectre vulnerabilities, the kernel has used one form of address-space isolation to make kernel memory completely inaccessible to user-space processes, for example. There has been a steady level of interest in using similar techniques to protect memory in other contexts; two patches implementing new isolation mechanisms are getting closer to being ready for merging into the mainline kernel.

Security updates have been issued by Debian (thunderbird), Fedora (createrepo_c, dnf-plugins-core, dnf-plugins-extras, librepo, livecd-tools, and pdns-recursor), openSUSE (firefox and mailman), Oracle (firefox), Red Hat (chromium-browser, java-1.8.0-openjdk, and Satellite 6.8), Scientific Linux (java-1.8.0-openjdk), SUSE (libvirt), and Ubuntu (blueman, firefox, mysql-5.7, mysql-8.0, php7.4, and ruby-kramdown).

The Fedora 33 release is now available in a variety of editions, including the newly promoted IoT edition. "No matter what variant of Fedora you use, you’re getting the latest the open source world has to offer. Following our 'First' foundation, we’ve updated key programming language and system library packages, including Python 3.9, Ruby on Rails 6.0, and Perl 5.32. In Fedora KDE, we’ve followed the work in Fedora 32 Workstation and enabled the EarlyOOM service by default to improve the user experience in low-memory situations. To make the default Fedora experience better, we’ve set nano as the default editor." A number of the more significant Fedora 33 changes were covered here in June.

Linus Walleij continues his series of blog posts on the 32-bit Arm kernel with this detailed description about how page tables work. "The Linux kernel will act as if 5 levels of page tables exist. This is of course grossly over-engineered for ARM32 which has 2 or 3 levels of page tables, but we need to cater for the rest of the world. One size fits all. In practice, the code is organized such that these page tables 'fold' and we mostly skip over the intermediate translation steps when possible."

Linus Torvalds released 5.10-rc1 and closed the 5.10 merge window on October 25; by that time, 13,903 non-merge changesets had been pulled into the mainline repository. Of those, over 6,700 were merged since LWN's summary of the first half of the merge window. A fair number of interesting features found their way into the kernel among those commits; read on to catch up with what's coming in 5.10.

Security updates have been issued by Debian (fastd, freetype, openjdk-11, phpmyadmin, and thunderbird), Fedora (ant, firefox, freetype, kde-partitionmanager, kpmcore, mupdf, python-PyMuPDF, singularity, suricata, and zathura-pdf-mupdf), Mageia (claws-mail, nss, firefox, pdns-recursor, and thunderbird), openSUSE (atftp, chromium, firefox, freetype2, gnutls, hunspell, kleopatra, and opera), Oracle (firefox, java-11-openjdk, and kernel), Red Hat (firefox and kpatch-patch), SUSE (bluez, firefox, glibc, libcdio, rmt-server, and SDL), and Ubuntu (freetype, pam-python, and perl).

Linus has released 5.10-rc1 and closed the merge window for this development cycle. "This looks to be a bigger release than I expected, and while the merge window is smaller than the one for 5.8 was, it's not a *lot* smaller. And 5.8 was our biggest release ever."

Version 10.1 of the GDB debugger is out. Changes include support for debugging BPF programs, GDBserver support on the RISC-V architecture, and support for "debuginfod", which is "an HTTP server for distributing ELF/DWARF debugging information as well as source code."

GNU Autoconf, a widely used build tool that shines at compatibility with a variety of Unixes, has accumulated many improvements since its last release in 2012 — and there are patches awaiting review. While many projects have switched to other build systems, interest in Autoconf remains. Now, a small team (disclaimer: including article author Sumana Harihareswara) is rejuvenating it, working through some deferred maintenance and code review. A testable beta is now out, a new stable release is due in early November, and interested parties can build on this momentum to further refresh the rest of the GNU Build System (also known as Autotools).

Security updates have been issued by Gentoo (freetype), openSUSE (mailman), Red Hat (firefox, java-11-openjdk, and rh-maven35-jackson-databind), SUSE (kernel, mercurial, openldap2, python-pip, and xen), and Ubuntu (firefox, netty-3.9, and python-pip).

The Ubuntu 20.10 release is out. "The Ubuntu kernel has been updated to the 5.8 based Linux kernel, and our default toolchain has moved to gcc 10 with glibc 2.32. Additionally, there is now a desktop variant of the Raspberry Pi image for Raspberry Pi 4 4GB and 8GB. Ubuntu Desktop 20.10 introduces GNOME 3.38, the fastest release yet with significant performance improvements delivering a more responsive Experience". See the release notes for more details.

The seccomp() system call allows user space to load one or more (classic) BPF programs to be run whenever the calling process invokes a system call. Those programs can examine (to an extent) the arguments to each call and inform the kernel whether the call should be allowed to proceed or not. This feature is used in a number of containerization solutions (and beyond) as a way of reducing the kernel's attack surface. In some situations, though, using seccomp() can result in a significant performance reduction. There are currently two patch sets in circulation that are aimed at reducing the overhead of seccomp() for one common use case.

Security updates have been issued by Arch Linux (freetype2), Debian (bluez, firefox-esr, and freetype), Fedora (firefox), openSUSE (chromium), Oracle (kernel), Red Hat (java-11-openjdk), Slackware (kernel), SUSE (freetype2, gnutls, kernel, php7, and tomcat), and Ubuntu (flightgear, italc, libapache2-mod-auth-mellon, libetpan, and php-imagick).