Hírolvasó

Stable kernels 5.7.7, 5.4.50, 4.19.131, 4.14.187, 4.9.229, and 4.4.229 have been released. They all contain important fixes and users should upgrade.

The Go programming language was first released in 2009, with its 1.0 release made in March 2012. Even before the 1.0 release, some developers criticized the language as being too simplistic, partly due to its lack of user-defined generic types and functions parameterized by type. Despite this omission, Go is widely used, with an estimated 1-2 million developers worldwide. Over the years there have been several proposals to add some form of generics to the language, but the recent proposal written by core developers Ian Lance Taylor and Robert Griesemer looks likely to be included in a future version of Go.

Security updates have been issued by Arch Linux (bind, chromium, freerdp, imagemagick, sqlite, and tomcat8), Debian (coturn, imagemagick, jackson-databind, libmatio, mutt, nss, and wordpress), Fedora (libEMF, lynis, and php-PHPMailer), Red Hat (httpd24-nghttp2), and SUSE (ntp, openconnect, squid, and transfig).

Firefox 78.0 has been released. This is an Extended Support Release (ESR). The Protections Dashboard has new features to track the number of breaches that were resolved from the dashboard and to see if any of your saved passwords may have been exposed in a breach. More details about this and other new features can be found in the release notes.

The PHP project has released the first alpha of PHP 8, which is slated for general availability in November 2020. This initial test release includes many new features such as just-in-time (JIT) compilation, new constructs like Attributes, and more. One of twelve planned releases before the general availability release, it represents a feature set that is still subject to change.

Security updates have been issued by Debian (coturn, drupal7, libvncserver, mailman, php5, and qemu), openSUSE (curl, graphviz, mutt, squid, tomcat, and unbound), Red Hat (chromium-browser, file, kernel, microcode_ctl, ruby, and virt:rhel), Slackware (firefox), and SUSE (mariadb-100, mutt, unzip, and xmlgraphics-batik).

Linux Mint 20 "Ulyana" has been released in Cinnamon, MATE, and Xfce editions. Linux Mint 20 is based on Ubuntu 20.04 and will be supported until 2025. Release notes are available for Cinnamon, MATE, and Xfce.

The next release of the Fedora distribution — Fedora 33 — is currently scheduled for the end of October. Fedora's nature as a fast-moving distribution ensures that each release will contain a number of attention-getting changes, but Fedora 33 is starting to look like it may be a bit more volatile than its immediate predecessors. Several relatively controversial changes are currently under discussion on the project's mailing lists; read on for a summary.

OpenSUSE Leap 15.2 is complete and ready for a planned release on July 2. Leap is the version based on SUSE Linux Enterprise, but with many updated packages; see the 15.2 features page for an overview of what's coming. "Leap 15.2 is filled with several containerization technologies like Singularity, which bring containers and reproducibility to scientific computing and the high-performance computing (HPC) world. Singularity first appeared in the Leap distribution in Leap 42.3 and provides functionality to build smallest minimal containers and runs the containers as single application environments. Another official package in Leap 15.2 is libcontainers-common, which allows the configuration of files and manpages shared by tools that are based on the github.com/containers libraries, such as Buildah, CRI-O, Podman and Skopeo. Docker containers and tooling make building and shipping applications easy and fast."

The Zephyr project is an effort to provide an open-source realtime operating system (RTOS) that is designed to bridge the gap between full-featured operating systems like Linux and bare-metal development environments. It's been over four years since Zephyr was publicly announced and discussed here (apparently to a bit of puzzlement). In this article, guest authors Martí Bolívar and Carles Cufí give an update on the project and its community as of its v2.3.0 release in June 2020; they also make some guesses about its near future.

Version 4.0 of the GnuCash finance manager is out. Significant changes include a command-line tool for performing a number of functions outside of the graphical interface, explicit support for accounts payable and accounts receivable, translation improvements, and more.

Security updates have been issued by Debian (libtasn1-6, libtirpc, mcabber, picocom, pngquant, trafficserver, and zziplib), Fedora (curl and xen), openSUSE (bluez, ceph, chromium, curl, grafana, grafana-piechart-panel, grafana-status-panel, graphviz, mariadb, and mercurial), Oracle (nghttp2), Red Hat (microcode_ctl), SUSE (mutt, python3-requests, and tomcat), and Ubuntu (glib-networking and mailman).

The third 5.8 kernel prepatch is out for testing. "Well, we had a big merge window, and we have a fairly big rc3 here too. The calm period for rc2 is clearly over. That said, I don't think there's anything _particularly_ scary in here, and the size of this rc is probably simply a direct result of the fact that 5.8 is a big release."

Ricardo Cañuelo Navarro describes the challenges associated with fuzzing complex device drivers with Syzkaller — and some solutions. "V4L2, however, is only supported in the sense that the involved system calls (including the myriad V4L2 ioctls) and data structures are described. This is already useful and, equipped with those descriptions, Syzkaller has been able to find many V4L2 bugs. But the fuzzing process contains a lot of randomness and, while that's a good thing in many cases when it comes to fuzzing, due to the complexity of the V4L2 API, simply randomizing the system calls and its inputs may not be enough to reach most of the code in some drivers, especially in drivers with complicated interfaces such as those based on the Request API, including stateless drivers."

One quote from Douglas Adams has always stayed with me: "I love deadlines. I like the whooshing sound they make as they fly by". We all lead busy lives and few ever see the bottom of our long to-do lists. One of the oldest items on my list, ironically, is to find a better system to manage all my tasks. Can task-management systems make us more productive while, at the same time, reducing the stress caused by the sheer number of outstanding tasks?

This article, from guest author Martin Michlmayr, looks at todo.txt and Taskwarrior.

Security updates have been issued by Debian (alpine), Fedora (fwupd, microcode_ctl, mingw-libjpeg-turbo, mingw-sane-backends, suricata, and thunderbird), openSUSE (uftpd), Red Hat (nghttp2), SUSE (ceph, curl, mutt, squid, tigervnc, and unbound), and Ubuntu (linux kernel and nvidia-graphics-drivers-390, nvidia-graphics-drivers-440).

Greg Kroah-Hartman has announced the release of the 5.7.6, 5.4.49, 4.19.130, and 4.14.186 stable kernels. These all contain a rather large number of fixes all over the kernel tree; users of those series should upgrade.

The idea of handling system calls differently depending on the origin of each call in the process's address space is not entirely new. OpenBSD, for example, disallows system calls entirely if they are not made from the system's C library as a security-enhancing mechanism. At the end of May, Gabriel Krisman Bertazi proposed a similar mechanism for Linux, but the objective was not security at all; instead, he is working to make Windows games run better under Wine. That involves detecting and emulating Windows system calls; this can be done through origin-based filtering, but that may not be the solution that is merged in the end.

Security updates have been issued by Fedora (libexif, php-horde-horde, and tcpreplay), openSUSE (rubygem-bundler), Oracle (docker-cli docker-engine, kernel, and ntp), Slackware (curl and libjpeg), and Ubuntu (mutt).