Hírolvasó

The LWN.net Weekly Edition for October 22, 2020 is available.

Recently, PHP 8 release candidate 2 was posted by the project. A lot of changes are coming with this release, including a just-in-time compiler, a good number of backward-compatibility breaks, and new features that developers have been requesting for years. Now that the dust has settled, and the community is focusing on squashing bugs for the general-availability release scheduled for November 26, it's a good time to look at what to expect.

Security updates have been issued by Arch Linux (kdeconnect, kernel, kpmcore, lib32-freetype2, linux-hardened, linux-lts, linux-zen, lua, and powerdns-recursor), Debian (mariadb-10.1 and mariadb-10.3), Fedora (thunderbird), Mageia (claw-mail, freetype2, geary, kernel, and tigervnc), Oracle (nodejs:12), Red Hat (python27, rh-postgresql96-postgresql, and rh-python38), Slackware (freetype), SUSE (hunspell, kernel, libvirt, and taglib), and Ubuntu (grunt, quassel, and tomcat9).

Firefox 82.0 has been released, with improvements "that make watching videos more delightful" and improved performance. Firefox ESR 78.4.0 is also available with various stability, functionality, and security fixes. See the release notes (82.0, 78.4.0) for details.

The Julia programming language has seen a major increase in its use and popularity over the last few years. We last looked at it two years ago, around the time of the Julia 1.0 release. Here, we will look at some of the changes since that release, none of which are major, as well as some newer resources for learning the language, but the main focus of this article is a case study that is meant to help show why the language has been taking off. A follow-up article will introduce a new computational notebook for Julia, called Pluto, that is akin to Jupyter notebooks.

Security updates have been issued by Debian (python-flask-cors), Fedora (kleopatra, nextcloud, and phpMyAdmin), Gentoo (ark, libjpeg-turbo, libraw, and libxml2), openSUSE (bind, kernel, php7, and transfig), Red Hat (kernel, kernel-alt, kernel-rt, rh-python36, virt:8.1 and virt-devel:8.1, and virt:8.2 and virt-devel:8.2), and Ubuntu (collabtive, freetype, linux, linux-hwe, linux-hwe-5.4, linux-oem, linux-raspi, linux-raspi-5.4, linux-snapdragon, and linux-oem-osp1, linux-raspi2-5.3).

This Matrix blog entry describes a planned reputation-management system that, it is claimed, accomplishes some of the same goals as government backdoors without the need to compromise end-to-end encryption. "Just like the Web, Email or the Internet as a whole, there is literally no way to unilaterally censor or block content in Matrix. But what we can do is provide first-class infrastructure to let users (and room/community moderators and server admins) make up their own mind about who to trust, and what content to allow. This would also provide a means for authorities to publish reputation data about illegal content, providing a privacy-respecting mechanism that admins/mods/users can use to keep illegal content away from their servers/clients."

Version 2.29.0 of the Git source-code management system is out. This release includes a long list of smallish improvements; click below for the details. Also present is the code enabling Git to switch to the SHA-256 hash algorithm; this feature is still deemed experimental, though, and interoperability with SHA-1 repositories is not yet available.

Applications that run on the Linux desktop have changed significantly under the hood in recent years; for example, they use more processes than before. Desktop environments need to adapt to this change. During Akademy 2020, KDE developers David Edmundson and Henri Chain delivered a talk (YouTube video) about how KDE, working with other desktop environments, is starting to use advanced kernel features to give users more control over their systems. This talk complements a presentation by GNOME developers that was recently covered here.

Security updates have been issued by Debian (kernel, thunderbird, and yaws), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, kata-agent, libdnf, librepo, and wireshark), Gentoo (chromium and firefox), Mageia (brotli, flash-player-plugin, php, phpmyadmin, and wireshark), openSUSE (crmsh, gcc10, nvptx-tools, icingaweb2, kernel, libproxy, pdns-recursor, phpMyAdmin, and rubygem-activesupport-5_1), Red Hat (nodejs:12 and rh-maven35-apache-commons-collections4), and SUSE (gcc10, nvptx-tools and transfig).

On its 25th birthday, the OpenBSD project has released OpenBSD 6.8, the 49th release.

The new release comes with a large number of improvements and debuts a new architecture, OpenBSD/powerpc64, running on the POWER9 family of processors. The full list of changes can be found in the announcement and on the release page. Some highlights:

• As already mentioned, this release debuts the OpenBSD/powerpc64 architecture, supporting the POWER9 [and POWER8] family of processors.
• Numerous kernel improvements such as better time measurements across several architectures, (see eg this article), updated graphics support, and of course numerous improvements in hardware support with updated drivers across several platforms.
• Numerous network stack improvements, including those described by kn@ in his k2k20 hackathon report.
• wg(4), an in-kernel driver for WireGuard VPN [reported previously]
• login_ldap added to base [reported previously]
• FFS2 improvements [some of which were reported earlier]
• LibreSSL 3.2.2 with TLSv1.3 enabled for both client and server, and a new-and-improved X509 certificate chain validator (see beck@'s k2k20 hackathon report).

Those upgrading from 6.7 should consult the Upgrade Guide.

Thanks to the developers for all the good work that went into this excellent new release!

While your install sets download or when your packages update, please take the time to look at and use one or more of the recommended ways to support the project, such as making a donation, buying T-shirts. Corporate entities may prefer sending some money in the direction of the OpenBSD Foundation, which is a Canadian non-profit corporation.

The 5.9.1, 5.8.16, 5.4.72, 4.19.152, 4.14.202, 4.9.240, and 4.4.240 stable updates have all been released; each contains another set of important fixes.

As of this writing, 7,153 non-merge changesets have been pulled into the mainline Git repository for the 5.10 release — over a period of four days. This development cycle is clearly off to a strong start. Read on for an overview of the significant changes merged thus far for the 5.10 kernel release.

Security updates have been issued by Fedora (dnf, kernel, libdnf, python27, and python34), SUSE (blktrace, crmsh, php7, and php72), and Ubuntu (containerd, docker.io, firefox, htmlunit, and newsbeuter).

Introduction

Hitherto, releases of the fwobac software (which underlies Undeadly) have been unsigned. This is overdue for change, so for the latest release [version 1.7], we are providing a digital signature. As signing is being performed manually, why not employ an additional [hardware] factor?

signify(1) does not support the use of FIDO authenticators. However, recent versions of OpenSSH do support signing using the [under-appreciated] -Y sign option of ssh-keygen(1), and with the recent addition of FIDO authenticator support to OpenSSH [as reported previously], we have a means (using tools in base OpenBSD) of using a hardware factor when signing files.

Read more…

The 2021 edition of linux.conf.au will be held online on January 23-25, 2021; the call for proposals has gone out with a relatively tight deadline of November 6. "Our theme is 'So what's next?'. We all know we're living through unprecedented change and uncertain times. How can open source play a role in creating, helping and adapting to this ongoing change? What new developments in software and coding can we look forward to in 2021 and beyond?" Since there is no travel involved, this is a rare opportunity for those who have not normally been able to participate in LCA.

One of the first features merged for the 5.10 kernel development cycle was support for the Arm v8.5 memory tagging extension [PDF]. By adding a "key" value to pointers, this mechanism enables the automated detection of a wide range of memory-safety issues. The result should be safer and more secure code — once support for the feature shows up in actual hardware.

Security updates have been issued by Arch Linux (chromium), Debian (httpcomponents-client), Fedora (claws-mail), SUSE (bcm43xx-firmware, crmsh, libqt5-qtimageformats, libqt5-qtsvg, php53, php7, and rubygem-activesupport-4_2), and Ubuntu (php5, php7.0, php7.2, php7.4, python2.7, python3.4, python3.5, python3.6, and vim).