Security updates have been issued by Debian (chromium, dovecot, flac, influxdb, libhibernate3-java, and p11-kit), Fedora (ceph and guacamole-server), Mageia (audacity, gdm, libxml2, rawtherapee, and vlc), openSUSE (jetty-minimal and privoxy), Red Hat (kernel and kernel-rt), SUSE (gimp), and Ubuntu (libproxy).
The second 5.11 kernel prepatch is out fortesting. "People have (rightly) mostly been offline since, presumablyover-eating and doing all the other traditional holiday things. Andjust generally not being hugely active. That very much shows in a tinyrc2 release."
James Bottomley has posted adetailed description of what it takes to get an encrypted image runningsecurely with AMD's SEV mechanism. "In this post I’ll discuss howyou actually bring up a confidential VM from an encrypted image whilepreserving secrecy. However, first a warning: This post represents thestate of the art and includes patches that are certainly not deployed indistributions and may not even be upstream, so if you want to follow alongat home you’ll need to patch things like qemu, grub and OVMF."
On this last day of 2020, the Rust project has announced the release of version 1.49.0 of the programming language. It establishes the arm64 Linux target as a Tier 1 platform, which is the highest level of support; "Tier 1 platforms can be thought of as 'guaranteed to work'". Also, arm64 macOS and Windows have risen to Tier 2 status, which means they are guaranteed to build and are likely to work just fine, but the automated tests are not run. Beyond that, the test framework now captures output from multiple threads and some library changes were made. See the detailed release notes for more information. "Rust 1.49.0 promotes the aarch64-unknown-linux-gnu target to Tier 1 support, bringing our highest guarantees to users of 64-bit ARM systems running Linux! We expect this change to benefit workloads spanning from embedded to desktops and servers.This is an important milestone for the project, since it's the first time a non-x86 target has reached Tier 1 support: we hope this will pave the way for more targets to reach our highest tier in the future.Note that Android is not affected by this change as it uses a different Tier 2 target."
Security updates have been issued by Debian (libdatetime-timezone-perl and tzdata), openSUSE (kdeconnect-kde and opera), and SUSE (gimp, squid3, and xen).
Security updates have been issued by Mageia (flac, graphicsmagick, jackit, kdeconnect-kde, libmaxminddb, libvirt, openjpeg2, pngcheck, python3, roundcubemail, and spice-vdagent), openSUSE (gimp), and SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, cyrus-sasl, and gimp).
Linus Torvalds releasedthe 5.11-rc1 prepatch and closed the 5.11 merge window onDecember 27. By that time, 12,498 non-merge changesets had beenpulled into the mainline; nearly 2,500 of those wandered in after the first merge-window summary was written.Activity slowed down in the second week, as expected, but there were stilla number of interesting features that found their way into the mainline.
Linus hasreleased 5.11-rc1and closed the merge window for this development cycle."Two weeks have passed, Christmas is over, and so is the merge window.I want to thank all the maintainers who sent in their pull requestsearly: we all wanted to get things done before the holidays reallyhit, and mostly it seemed to work quite well."
Ruby 3.0.0 has been released. "From2015 we developed hard toward Ruby 3, whose goal is performance,concurrency, and Typing. [...] With Optcarrot benchmark, which measures single thread performance based on NES’s game emulation workload, it achieved 3x faster performance than Ruby 2.0!"
Its existence may come as a bit of a surprise to some, but the GnuCOBOL project has released version 3.1.2 as a successor to GnuCOBOL 2.2 after three years of improvements. "GnuCOBOL is a free, modern COBOL compiler.It translates COBOL into intermediate C and compiles the code using a native C compiler (preferably GCC, but not limited to it). [...] some of the highlights: Huge improvements for compatibility to different COBOL dialects, better error handling and adjustable exceptions per COBOL 2002; more modern format for diagnostic messages (especially useful when used in an integrated development environment possible in Emacs, Vim, VSCodium and others) and improved source-level debugging." More information about the new features in the release can be found in the NEWS file, which is attached to the release announcement below.
The Tor project is mourning Karsten Loesing, who died on December 18. "Karsten was part of the Tor community for 13 years and an amazing, smart, thoughtful, and gentle person who has touched us all. Over the course of these years we saw him not only grow as a colleague at Tor but as a father to his family. His positive, attentive, and kind presence helped us grow as people as well.Dr. Karsten Loesing joined Tor in 2007 as a Google Summer of Code student to work on Distributed Tor Directory, and earned his PhD in Computer Science at Germany’s University of Bamberg in 2009 on a Tor-related topic, 'Distributed Storage for Tor Hidden Service Descriptors [PDF]'."
After more than a year's work, Xfce has announced the 4.16 release of the desktop. Highlights include window manager improvements, a new statustray panel plugin, fractional scaling, settings manager improvements, and lots more. "One of the corner-stones of the non-code changes concerns our migration to GitLab, which is a change in development workflow and a huge step forward in terms of becoming more contributor-friendly and welcoming. In parts, the humungous changelog of Xfce 4.16 can be attributed to new contributors proposing merge requests (288 merge requests were merged or closed against our core components alone!)."
Security updates have been issued by Debian (spip and sympa), Gentoo (c-ares, cherokee, curl, dbus, firefox, gdk-pixbuf, haproxy, libass, nss, openssl, pdns, pdns-recursor, php, samba, tomcat, and webkit-gtk), and SUSE (java-1_8_0-ibm, openexr, and python3).
A recent blogpost from Purism—the company that developed PureOS to run on its security-focusedhardware—celebrates three years of FSF endorsementof the Linux distribution. While this endorsement is an achievement that is not ashighly valued by our communities as one might think, the work done toobtain and maintain that endorsement is useful even to those who disdainthe FSF or disagree with its definition of what makes a distribution "free". WhilePurism and PureOS have been on our radarfor a few years now, it seems worth a look at where things have gone withthe distribution—and the company behind it.
Security updates have been issued by Debian (awstats and mediawiki), Fedora (mbedtls and pngcheck), openSUSE (firefox and thunderbird), Oracle (gnutls, go-toolset:ol8, pacemaker, postgresql:10, postgresql:12, and postgresql:9.6), and SUSE (clamav, groovy, jetty-minimal, and xen).
The Perl project has announcedthe election of the first steering council to serve under the project's newgovernance rules. Eight candidates put their names in; the winners wereRicardo Signes, Neil Bowers, and Sawyer X.
On November 29, version 1.7 of SymPy, a Python library forsymbolic mathematics, was released. The new version brings a large numberof enhancements and bug fixes, and some minor backwardincompatibilities. While these are enumerated in detail in the releasenotes, we will take advantage of this opportunity to look at some ofthe things that can be done with SymPy and explore its interface optionsthrough several detailed examples.
Predictions are hard, as they say, especially when they are about thefuture. So perhaps your editor can be forgiven for not anticipating that2020 would be the sort of year that makes one think nostalgically abouttrips to the dentist, waiting in a crowded motor-vehicle office, orcrossing the Pacific in a row-47 middle seat. If only we had known howgood we had it. Be that as it may, this year is finally coming to an end.Read on for a look back at the year, starting with the ill-advised predictions made in January.
Stable kernels 5.10.2, 5.9.16, and 5.4.85 have been released with importantfixes. This is the last 5.9.y kernel, users should move to 5.10.y at thistime.
Security updates have been issued by Debian (curl, influxdb, lxml, node-ini, php-pear, and postsrsd), Fedora (chromium, curl, firefox, matrix-synapse, mingw-jasper, phpldapadmin, and thunderbird), Mageia (openjpeg2), openSUSE (gcc7, openssh, PackageKit, python-urllib3, slurm_18_08, and webkit2gtk3), Oracle (fapolicydbug, firefox, nginx:1.16, nodejs:12, and thunderbird), Red Hat (libpq, openssl, and thunderbird), and SUSE (curl, firefox, openssh, ovmf, slurm_17_11, slurm_18_08, slurm_20_02, and xen).
Karsten Wade, who has served on the CentOS board among other things, hasposted ablog entry on the CentOS change and its effects on users."Providing our community with a solid, reliable distro that is good-enough for your workloads is a strong part of the CentOS brand. We’re confident that CentOS Stream can do this.And while I’m certain now that CentOS Linux cannot do what CentOS Streamcan to solve the openness gap, I am confident that CentOS Stream can cover95% (or so) of current user workloads stuck on the various sides of theavailability gap. I believe that Red Hat will make solutions available aswell that can cover other sides of the gap without too much user heartburnin the end." He is asking for input on what those solutions shouldlook like.
When Linus Torvalds releasedthe 5.10 kernel, he noted that the 5.11 merge window would run upagainst the holidays. He indicated strongly that maintainers should sendhim pull requests early as a result. Maintainers appear to have listened;over 10,000 non-merge changesets were pulled into the mainline in the firstthree days of the 5.11 merge window. Read on for a summary of the mostsignificant changes in that flood of patches.
Security updates have been issued by Arch Linux (blueman, chromium, gdk-pixbuf2, hostapd, lib32-gdk-pixbuf2, minidlna, nsd, pam, and unbound), CentOS (gd, openssl, pacemaker, python-rtslib, samba, and targetcli), Debian (kernel, lxml, and mediawiki), Fedora (mbedtls), openSUSE (clamav and openssl-1_0_0), Oracle (firefox and openssl), Red Hat (openssl, postgresql:12, postgresql:9.6, and thunderbird), Scientific Linux (openssl and thunderbird), and SUSE (cyrus-sasl, openssh, slurm_18_08, and webkit2gtk3).
Device drivers usually live within a single kernel subsystem. Sometimes,however, developers need to handle functionalities outside of this model.Consider, for example, a network interface card (NIC) exposing both Ethernet andRDMA functionalities. There is one hardware block, but two drivers for thetwo functions. Those drivers need to work within their respectivesubsystems, but they must also share access to the same hardware. There isno standard way in current kernels to connect those drivers together, sodevelopers invent ad-hoc methods to handle the interaction betweenthem. Recently, Dave Ertman posteda patch set introducing a new type of a bus, called the "auxiliary bus", toaddress this problem.
Security updates have been issued by Debian (firefox-esr, sympa, thunderbird, tomcat8, and xerces-c), Fedora (fprintd, kernel, libfprint, and synergy), Mageia (bitcoin, dpic, firefox, jasper, jupyter-notebook, sam2p, thunderbird, and x11-server), Oracle (firefox, gd, kernel, net-snmp, openssl, python-rtslib, samba, and targetcli), Red Hat (fapolicyd, openshift, Red Hat Virtualization, and web-admin-build), SUSE (xen), and Ubuntu (unzip).
Python, at least in the CPython reference implementation, is not aparticularly speedy language. That is not at all surprising to anyone who has used it—the language is optimized forunderstandability and development speed, instead. There have been lots ofefforts over the years to speed up various parts of the interpreter,compiler, and virtual-machine bytecode execution, though no comprehensiveoverhaul has been merged into CPython. An interesting new proposal couldperhaps change that, though it is unclear at this point if it will take off.
Version 4.0 of the GTK toolkit has been released. "It isimpossible to summarize 4 years of development in a single post. We’vewritten detailed articles about many of the new things in this release overthe past year: Datatransfers, Eventcontrollers, Layoutmanagers, Rendernodes, Mediaplayback, Scalablelists, Shaders, Accessibility." GTK 2 has reached the end of its life.
Security updates have been issued by Debian (firefox-esr), Fedora (mingw-openjpeg2, openjpeg2, and synergy), openSUSE (audacity and gdm), Oracle (libexif, libpq, and thunderbird), Red Hat (firefox, gnutls, go-toolset:rhel8, java-1.7.1-ibm, java-1.8.0-ibm, kernel, kernel-rt, linux-firmware, mariadb-connector-c, mariadb:10.3, memcached, net-snmp, nginx:1.16, nodejs:12, openssl, pacemaker, postgresql:10, python-django-horizon, python-XStatic-Bootstrap-SCSS, python-XStatic-jQuery, and python-XStatic-jQuery224), Scientific Linux (gd, kernel, pacemaker, python-rtslib, samba, and targetcli), SUSE (openssh, PackageKit, spice, and spice-gtk), and Ubuntu (firefox and imagemagick).
Hans Petter Jansson has done ananalysis of contributions to the GNOME project, raising some concernsabout how well the project is doing at bringing in new developers for thelong haul. "According to this, GNOME peaked at slightly above 1,400contributors in 2010 and went into decline with the GNOME 3.0 release thefollowing year. However, 2020 saw the most contributors in a long time,even with preliminary data — there’s still two weeks to go. Who knows ifit’s an anomaly or not. It’s been an atypical year across theboard."
On November 26, version 6.1 of GNU Octave, a language andenvironment for numerical computing, was released. There are several newfeatures and enhancements in this release, including improvements tographics output, better communication with web services, and over 40 newfunctions. We will take a look at where Octave fits into the landscape ofnumerical tools for scientists and engineers, and recount some of its longhistory.
Firefox 84.0 has been released. This version includes an acceleratedrendering pipeline for Linux/GNOME/X11 users and improved performance andcompatibility with Docker. This is the final release to support AdobeFlash. The release noteshave additional details.Firefox 78.6.0 ESR has also been released, with various stability,functionality, and security fixes. See the releasenotes for more information.
CloudLinux has put out a press release stating that it will commit over$1 million per year toward the creation and maintenance of a CentOSreplacement distribution. "CloudLinux is sponsoring Project Lenix, which will create a free, open-source, community-driven,1:1 binary compatible fork of RHEL 8 (and future releases). It will provide an uninterrupted way toconvert existing CentOS servers with absolutely zero downtime. Entire server fleets will be able tobe converted with a single command with no reinstallation and no reboots required."
Security updates have been issued by Debian (libxstream-java and xen), Fedora (curl), openSUSE (curl, kernel, mariadb, and openssl-1_1), Oracle (kernel, libexif, thunderbird, and xorg-x11-server), Red Hat (curl, gd, kernel, kernel-rt, linux-firmware, net-snmp, openssl, pacemaker, python-rtslib, samba, targetcli, and xorg-x11-server), Scientific Linux (libexif, thunderbird, and xorg-x11-server), and SUSE (clamav, gdm, and kernel).
Linus Torvalds releasedthe 5.10 kernel on December 13 at the end of a typical nine-week development cycle.At that point, 16,174 non-merge changesets had been pulled into themainline; that makes 5.10 a larger cycle than 5.9, but it falls just shortof the record set by 5.8, which ended with 16,308 changesets. For the mostpart 5.10 is just another routine kernel release, but there are a couple of interestingthings to be seen in the overall statistics.
The 5.10.1 stable kernel update has beenreleased on an expedited schedule; it contains reverts for a couple oflate-arriving 5.10 patches that turned out not to be as good an idea as itfirst seemed.
Linus has released the 5.10 kernel."I pretty much always wish that the last week was even calmer than itwas, and that's true here too. There's a fair amount of fixes in here,including a few last-minute reverts for things that didn't get fixed,but nothing makes me go 'we need another week'. Things look fairlynormal."Significant changes in this release includesupport for the Arm memory taggingextension,restricted rings for io_uring,sleepable BPF programs,the process_madvise()system call,ext4 "fast commits",and more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 5.10 pagefor more details.
The 5.9.14, 5.4.83, 4.19.163, 4.14.212, 4.9.248, and 4.4.248 stable kernelshave been released by Greg Kroah-Hartman. As usual, they contain importantfixes throughout the tree; users should upgrade.
Kernel development is a constant exercise in reducing overhead; anyresources taken by the kernel are not available for the workload that usersactually want to run. As part of this, the pagestructure used to manage memory has been kept as small as possible.Even so, page structures typically take up just over 1.5% of theavailable memory, which is too much for some users. LWN recently looked at DMEMFS as one approach to reducethis overhead, but that is not the only work happening in this area. Twodevelopers are currently working independently on patches to reduce theoverhead associated with huge pages in particular.
LWN.net