lwn.net

Security updates have been issued by Fedora (java-1.8.0-openjdk and seamonkey), Gentoo (firefox, lrzip, qemu, squid, and thunderbird), Oracle (thunderbird), Red Hat (buildah, kernel, kernel-alt, kernel-rt, kpatch-patch, podman, python-pip, python-virtualenv, and qemu-kvm), Scientific Linux (kernel), Slackware (mariadb), SUSE (openconnect), and Ubuntu (file, firefox, iproute2, pulseaudio, and squid, squid3).

Go 1.15, the 15th major version of the Go programming language, is due out on August 1. It will be a release with fewer changes than usual, but many of the major changes are behind-the-scenes or in the tooling: for example, there is a new linker, which will speed up build times and reduce the size of binaries. In addition, there are performance improvements to the language's runtime, changes to the architectures supported, and some updates to the standard library. Overall, it should be a solid upgrade for the language.

Security updates have been issued by Arch Linux (a2ps and qutebrowser), openSUSE (cacti, cacti-spine, ghostscript, and python-markdown2), Oracle (kernel), Red Hat (chromium-browser, libreswan, and qemu-kvm-ma), Scientific Linux (thunderbird), and SUSE (kernel and libvirt).

Shuveb Hussain has posted an extensive introduction to io_uring, complete with examples and a reference guide. "Because of the shared ring buffers between the kernel and user space, io_uring can be a zero-copy system. Copying bytes around becomes necessary when there are system calls that transfer data between kernel and user space are involved. But since the bulk of the communication in io_uring is via buffers shared between the kernel and user space, this huge performance overhead is completely avoided."

Normally, when a kernel developer shows up with a proposed option that doesn't do anything, a skeptical response can be expected. But there are exceptions. Mickaël Salaün is proposing the addition of a new flag (O_MAYEXEC) for the openat2() system call that, by default, will change nothing. But it does open a path toward tighter security in some situations.

Stable kernels 5.6.12, 5.4.40, 4.19.122, 4.14.180, 4.9.223, and 4.4.223 have been released. They all contain important fixes and users should upgrade.

Security updates have been issued by Arch Linux (chromium and firefox), Debian (libntlm, squid, thunderbird, and wordpress), Fedora (chromium, community-mysql, crawl, roundcubemail, and xen), Mageia (chromium-browser-stable), openSUSE (chromium, firefox, LibVNCServer, openldap2, opera, ovmf, php7, python-PyYAML, rpmlint, rubygem-actionview-5_1, slirp4netns, sqliteodbc, squid, thunderbird, and webkit2gtk3), Oracle (firefox, git, gnutls, kernel, libvirt, squid, and targetcli), Red Hat (thunderbird), SUSE (firefox, squid, and thunderbird), and Ubuntu (mailman).

The 5.7-rc5 kernel prepatch is out for testing. "We'll see what the next few weeks bring, but at least for now it all feels normal, and like the 5.7 release is tracking well. So please keep testing, and if you haven't dared a 5.7 pre-release kernel yet, we're well into the 'things look calm and safe to test' time."

The userfaultfd() system call is a bit of a strange beast; it allows user space to take responsibility for the handling of page faults, which is normally a quintessential kernel task. It is thus perhaps not surprising that it has turned out to have some utility for those who would attack the kernel's security as well. A recent patch set from Daniel Colascione is small, but it makes a significant change that can help block at least one sort of attack using userfaultfd().

Security updates have been issued by Debian (firefox-esr, salt, and webkit2gtk), Fedora (firefox, mingw-gnutls, nss, and teeworlds), Mageia (firefox, libvncserver, matio, qt4, roundcubemail, samba, thunderbird, and vlc), Oracle (firefox and squid), SUSE (firefox, ghostscript, openldap2, rmt-server, syslog-ng, and webkit2gtk3), and Ubuntu (firefox).

A loop device is a kernel abstraction that allows a file to be presented as if it were a physical block device. The typical use for a loop device is to mount a filesystem image stored in a file. Loop devices are global and shared between users, which causes a number of problems for container workloads where the instances are expected to be isolated from each other. Christian Brauner has been working on this problem; he has posted a patch set solving it by adding a small virtual filesystem called loopfs.

The GCC project has announced the release of GCC 10.1. "A year has lapsed away since the release of last major GCC release, more than 33 years passed since the first public GCC release and the GCC developers survived repository conversion from SVN to GIT earlier this year. Today, we are glad to announce another major GCC release, 10.1. This release makes great progress in the C++20 language support, both on the compiler and library sides, some C2X enhancements, various optimization enhancements and bug fixes, several new hardware enablement changes and enhancements to the compiler back-ends and many other changes. There is even a new experimental static analysis pass." More information can be found in the release notes.

Security updates have been issued by Debian (firefox-esr, keystone, mailman, and tomcat9), Fedora (ceph, firefox, java-1.8.0-openjdk, libldb, nss, samba, seamonkey, and suricata), Oracle (kernel), Scientific Linux (firefox and squid), SUSE (libvirt, php7, slirp4netns, and webkit2gtk3), and Ubuntu (linux-firmware and openldap).

The LWN.net Weekly Edition for May 7, 2020 is available.

The Emacs editor predates Linux, and was once far more popular, but it has fallen into relative obscurity over the years. In a mega-thread on the emacs-devel mailing list, participants discussed various ideas for making Emacs more "attractive", in both aesthetic and in "appealing to more users" senses of that term. Any improvements to Emacs in that regard have numerous hurdles to overcome, however. There are technical questions and, naturally, licensing considerations, but there is also the philosophical question of what it is, exactly, that stops the venerable text editor from being more popular.

Stable kernels 5.6.11, 5.4.39, 4.19.121, 4.14.179, 4.9.222, and 4.4.222 have been released. They all contain important fixes and users should upgrade.

Security updates have been issued by Arch Linux (libmicrodns and salt), Debian (graphicsmagick, salt, sqlite3, and wordpress), Fedora (java-11-openjdk), openSUSE (chromium and sqliteodbc), Red Hat (firefox, squid, and squid:4), Slackware (firefox and thunderbird), SUSE (ardana-ansible, ardana-barbican, ardana-cluster, ardana-db, ardana-designate, ardana-input-model, ardana-logging, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, memcached, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-ironic, openstack-ironic-image, openstack-manila, openstack-neutron, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, python-cinderclient, python-glanceclient, python-ironic-lib, python-ironicclient, python-keystonemiddleware, python-manila-tempest-plugin, python-novaclient, python-octaviaclient, python-openstackclient, python-os-brick, python-oslo.config, python-oslo.rootwrap, python-oslo.utils, python-swiftclient, python-watcherclient, release-notes-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, zookeeper, openldap2, and python-Pillow), and Ubuntu (php7.4).

Firefox 76.0 has been released. This version features a number of improvements to password management, Picture-in-Picture allows a small video window to follow you around as you work, and support for Audio Worklets has been added, allowing more complex audio processing. The release notes have more details.

Drew DeVault has just released a (mostly complete) book on the Wayland display-server protocol under the Creative Commons CC-SA license. "This book will help you establish a firm understanding of the concepts, design, and implementation of Wayland, and equip you with the tools to build your own Wayland client and server applications. Over the course of your reading, we'll build a mental model of Wayland and establish the rationale that went into its design. Within these pages you should find many 'aha!' moments as the intuitive design choices of Wayland become clear, which should help to keep the pages turning." For those who would rather peruse (or contribute to) the Markdown source, it's available here.

Security updates have been issued by Debian (ansible, ntp, and roundcube), Fedora (libldb and samba), Mageia (chromium-browser-stable, crawl, dolphin-emu, exiv2, fortune-mod, gnuchess, kernel, libsndfile, openexr, openldap, openvpn, qtbase5, ruby-json, squid, teeworlds, and webkit2), Red Hat (sqlite), and SUSE (icu, mailman, nginx, rmt-server, rpmlint, and rubygem-actionview-5_1).