lwn.net

Security updates have been issued by Debian (bacula, bind9, freerdp, libvncserver, lilypond, mupdf, ndpi, openexr, php-horde, php-horde-core, php-horde-gollem, php-horde-kronolith, ros-actionlib, thunderbird, and xorg-server), Fedora (golang-github-ulikunitz-xz and qt), Gentoo (bind, chrony, ghostscript-gpl, kleopatra, openjdk, and targetcli-fb), Mageia (ark, evolution-data-server, fossil, kernel, kernel-linus, and thunderbird), openSUSE (apache2, graphviz, grub2, inn, librepo, and xorg-x11-server), Oracle (firefox), and Red Hat (git).

The third 5.9 kernel prepatch is out for testing. "On the whole it's been pretty calm for being rc3. This is actually one of the smaller rc3's we've had in recent releases."

Adding code to the kernel to support new hardware is relatively easy. Removing code that is no longer useful can be harder, mostly because it can be difficult to know when something is truly no longer needed. Arnd Bergman, who removed support for eight architectures from the kernel in 2018, knows well just how hard this can be. At the 2020 Linux Plumbers Conference, he led two sessions dedicated to the topic of obsolete software and hardware. With a bit of effort, he said, it should be possible to have a better idea of when something can be removed.

Our previous article explored the fundamentals of Flutter, a cross-platform open-source user-interface (UI) toolkit. We complete our introduction of Flutter by returning to the simple LWN RSS feed headline viewer that was introduced in part one. We will be adding several new features to that application in part two, including interactive elements to demonstrate some of the UI features of Flutter.

Security updates have been issued by Debian (bind9 and squid), Fedora (libX11 and wireshark), Gentoo (libX11 and redis), Mageia (firefox, libx11, qt4 and qt5base, and x11-server), openSUSE (gettext-runtime, inn, and webkit2gtk3), Oracle (firefox), SUSE (libqt5-qtbase, openvpn, openvpn-openssl1, postgresql10, and targetcli-fb), and Ubuntu (chrony, nss, and squid).

On the Collabora blog, Gabriel Krisman Bertazi writes about a feature he developed: case-insensitive ext4. He describes how to enable the feature in the kernel (>= 5.2), how to create an ext4 filesystem that will support case-insensitive lookups, as well as some gotchas; he starts with some justification for the idea: "A file name is a text string used to uniquely identify a file (in this context, 'directory' is the same as a file) at a specific level of the directory hierarchy. While, from the operating system point of view, it doesn't matter what the file name is, as long as it is unique, meaningful file names are essential for the end user, since it is the main key to locate and retrieve data. In other words, a meaningful file name is what people rely upon to find their valuable documents, pictures and spreadsheets. Traditionally, Linux (and Unix) filesystems have always considered file names as an opaque byte sequence without any special meaning, requiring users to submit the exact match of the file to find it in the filesystem. But that is not how humans operate. When people write titles, 'important report.ods' and 'IMPORTANT REPORT.ods' usually mean the same piece of data, and you don't care how it was written when creating it. We care about the content and the semantics of the words IMPORTANT and REPORT."

The Rust team has announced the release of Rust 1.46.0. "This release enables quite a lot of new things to appear in const fn, two new standard library APIs, and one feature useful for library authors. See the detailed release notes to learn about other changes not covered by this post."

Greg Kroah-Hartman has released the 5.8.5 and 5.7.19 stable kernels with a relatively small number of fixes. Note that this is the last release for the 5.7.x kernel series, so users should move to 5.8.5 along with those on 5.8.x.

For as long as we have had desktop systems, there have been concerns about desktop responsiveness and developers have been working to improve things in that area. Over the years, Linux has gained a number of capabilities — control groups in particular — that are applicable to the problem of improving desktop performance, but use of these features has lagged behind their availability. At the 2020 Linux Plumbers Conference, Benjamin Berg outlined some of the work that is being done by the Linux desktop projects to put recent kernel features to work.

Security updates have been issued by Debian (firefox-esr and nginx), Fedora (firefox, firejail, and lua), Gentoo (chromium, docker, firefox and thunderbird, net-snmp, postgresql, and wireshark), openSUSE (chromium, claws-mail, dovecot23, libreoffice, and python3), Oracle (kernel), Scientific Linux (firefox), SUSE (apache2, graphviz, and libxslt), and Ubuntu (firefox, libmysofa, and squid3).

The LWN.net Weekly Edition for August 27, 2020 is available.

The X.Org project has announced the release of xorg-server version 1.20.9. Among other improvements are numerous fixes to XWayland, including a bug that could cause an infinite loop at startup as well as other potential crash fixes. The release also addresses several security issues that can "lead to local privileges elevation on systems where the X server is running privileged." Users of xorg-server are encouraged to upgrade.

The Oracle blog is putting up a series by Vegard Nossum on fuzzing the kernel's entry code; part 1 and part 2 are available now. "While these fuzzers effectively test the system calls themselves (and the code reachable through system calls), one thing they don't test very well is what happens at the actual transition point between userspace and the kernel. There is more to this boundary than meets the eye; it is written in assembly code and there is a lot of architectural state (CPU state) that must be verified or sanitized before the kernel can safely start executing its C code. This blog post explores how one might go about writing a fuzzer targeting the Linux kernel entry code on x86."

OpenSCAD is a GPLv2-licensed 3D computer-aided design (CAD) program best described as a "programmer's CAD"; it is available for Linux, Windows, several flavors of BSD, and macOS. Unlike the majority of 3D-modeling software packages which are point-and-click, the OpenSCAD website describes the project as "something like a 3D compiler", where models are generated using a scripting language. It is a unique way of approaching CAD and has many real-world applications that may be of interest.

Stable kernels 5.8.4, 5.7.18, 5.4.61, 4.19.142, 4.14.195, 4.9.234, and 4.4.234 have been released with important fixes throughout the tree. Users should upgrade.

Security updates have been issued by Debian (firefox-esr, ghostscript, php7.0, and proftpd-dfsg), Fedora (mod_http2 and thunderbird), Red Hat (chromium-browser and firefox), and SUSE (apache2, grub2, samba, and xorg-x11-server).

Fuzzing is a testing technique with randomized inputs that is used to find problematic edge cases or security problems in code that accepts user input. Go package developers can use Dmitry Vyukov's popular go-fuzz tool for fuzz testing their code; it has found hundreds of obscure bugs in the Go standard library as well as in third-party packages. However, this tool is not built in, and is not as simple to use as it could be; to address this, Go team member Katie Hockman recently published a draft design that proposes adding fuzz testing as a first-class feature of the standard go test command.

Security updates have been issued by Debian (icingaweb2 and mongodb), Fedora (nss), Gentoo (chromium and shadow), Mageia (ghostscript, kdepim-runtime, kmail-account-wizard, luajit, mysql-connector-python, and python-ipaddress), openSUSE (python, python3, and webkit2gtk3), Red Hat (kernel and kernel-alt), Slackware (firefox), SUSE (squid3), and Ubuntu (bind9, ghostscript, net-snmp, postgresql-10, postgresql-12, postgresql-9.5, and sane-backends).

CAELinux is a distribution focused on computer-aided engineering (CAE) maintained by Joël Cugnoni. Designed with students and academics in mind, the distribution is loaded with open-source software that can be used to model everything from pig livers to airfoils. Cugnoni's latest release, CAELinux 2020, was made on August 11; readers with engineering interests may want to take a look.

Security updates have been issued by Debian (firejail, icingaweb2, inetutils, libjackson-json-java, proftpd-dfsg, python2.7, software-properties, and sqlite3), Fedora (chrony), Mageia (chrony), openSUSE (dovecot23, postgresql12, and python), Slackware (bind), SUSE (gettext-runtime and SUSE Manager Server 3.2), and Ubuntu (bind9).