Security updates have been issued by Debian (freetype, libreoffice, and openjdk-7), Fedora (edk2, mariadb, mariadb-connector-c, mariadb-connector-odbc, python-django, and squirrelmail), Gentoo (chromium, cups, firefox, glibc, kconfig, libarchive, libreoffice, oracle-jdk-bin, polkit, proftpd, sqlite, wget, zeromq, and znc), openSUSE (bzip2, chromium, dosbox, evince, gpg2, icedtea-web, java-11-openjdk, java-1_8_0-openjdk, kconfig, kdelibs4, mariadb, mariadb-connector-c, nodejs8, pdns, polkit, python, subversion, and vlc), Oracle (ghostscript and kernel), Red Hat (mysql:8.0 and subversion:1.10), SUSE (389-ds, libvirt and libvirt-python, and openjpeg2), and Ubuntu (nginx).
KDE.News reports on the release of KDE Applications 19.08. The release has updates for many different applications, as can also be seen in the official announcement.
“Take Konsole, our powerful terminal emulator, which has seen major improvements to its tiling abilities. We’ve made tiling a bit more advanced, so now you can split your tabs as many times as you want, both horizontally and vertically. The layout is completely customizable, so feel free to drag and drop the panes inside Konsole to achieve the perfect workspace for your needs.
Dolphin, KDE’s file explorer, introduces features that will help you step up your file management game. Let’s start with bookmarks, a feature that allows you to create a quick-access link to a folder, or save a group of specific tabs for future reference. We’ve also made tab management smarter to help you declutter your desktop. Dolphin will now automatically open folders from other apps in new tabs of an existing window, instead of in their own separate windows.”
command would seem to be an ideal candidate for sandboxing; it routinely handles
untrusted input. But an effort to add seccomp()
filtering to file for Debian has run aground. The upstream file project has added
support for sandboxing via seccomp() but it does not play well
with other parts of the Debian world, package building in particular. This
provides further evidence that seccomp() filtering is brittle and difficult to use.
Some unanticipated corner cases with Python’s new “walrus”
operator—described in our Python 3.8
overview—have cropped up recently. The problematic uses of the operator
will be turned into errors before the final release, but just what
exception should be raised came into question. It seems that the exception
specified in the PEP for the operator may not really be the best choice, as a
recent discussion hashed out.
Security updates have been issued by Debian (postgresql-11, postgresql-9.4, and postgresql-9.6), Fedora (exiv2), openSUSE (python-Django and vlc), Oracle (kernel), Red Hat (qemu-kvm-rhev), SUSE (evince, nodejs10, python, and squid), and Ubuntu (postgresql-10, postgresql-11, postgresql-9.5).
The Document Foundation has announced the release of LibreOffice 6.3. This new version of the free-software office suite has lots of new features, better performance, and more interoperability with proprietary formats. In particular, documents can now be redacted to hide sensitive information before they are shared or exported, there are user-interface changes to make it more compact and easier to work with, a FOURIER function has been added to Calc, editable PDFs can be designed more easily, multiple improvements have been made in the Microsoft Office format handling, and more. Beyond that: “Writer and Calc performance has been improved by an order of magnitude based on documents provided by end users: text files with different bookmarks, tables and embedded fonts, large ODS/XLSX spreadsheets, and Calc files with VLOOKUP load and render more quickly. Saving Calc spreadsheets as XLS files is also faster.”
Security updates have been issued by Arch Linux (exim, python-django, python2-django, and sdl2), Debian (proftpd-dfsg), Fedora (php and sqlite), openSUSE (proftpd), Red Hat (kernel), Slackware (kdelibs), SUSE (nodejs10, squid, and tcpdump), and Ubuntu (php5 and ruby-rack).
It is with sadness that we report that Linux Journal has ceased publication. The magazine announced its demise at the end of 2017, then was happily reborn in early 2018, but apparently that was not to last. Editor Kyle Rankin posted “An Awkward Goodbye” on August 7. “After dying and being revived, it was finally starting to look like some day soon we would be able to walk on our own.
Unfortunately, we didn’t get healthy enough fast enough, and when we found out we needed to walk on our own strength, we simply couldn’t. So here we are giving our second, much more awkward, goodbye. What happens now? We gave each other a proper hug during the first goodbye, do we hug again this time? Do we do the hand-shake-that-turns-into-a-single-arm-hug thing? Do we just sort of wave and smile?” LJ will be missed.
The “Web of
Things” (WoT) is meant as a way to enable Internet of
Things (IoT) devices to appear on the web. Mozilla’s entry into the
WoT world is the WebThings project,
which consists of both a Framework API and a Gateway software distribution
to host applications. On July 25, the project announced
the Gateway 0.9 release with support for the Turris
Omnia wireless home router.
A change for Python 3.8—currently in beta—has produced some
user-visible warnings, but the problem is often in code that a user cannot
(or should not) change: third-party modules. The problem that the warning
is trying to highlight is real, however. The upshot is that the handling of
sequences (or non escape sequences, in truth) in
Python string literals is in a rather messy state at this point.
Lisp is one of the oldest programming languages still in
use today—Fortran is older by a year, but the Lisp community (or
communities) seems to be the more dynamic of the two. In any case, the Lisp
landscape has a lot of nooks and crannies to explore; I recently ran into a
dialect that I had not encountered before: Racket. That may simply reflect
ignorance on my part, but, while I was introduced to Lisp (too) many moons
ago, I had not really paid it much mind until I sat in on a talk about Lisp at linux.conf.au earlier this
year. Something about Racket caught my eye, so I did some poking around to
see what it is all about.
Security updates have been issued by Debian (firefox-esr and thunderbird), openSUSE (openexr and rmt-server), Oracle (bind, container-tools:rhel8, cyrus-imapd, dotnet, edk2, firefox, flatpak, freeradius:3.0, ghostscript, gvfs, httpd:2.4, java-1.8.0-openjdk, java-11-openjdk, kernel, mod_auth_mellon, pacemaker, pki-deps:10.6, python-jinja2, python27:2.7, python3, python36:3.6, systemd, thunderbird, vim, virt:rhel, WALinuxAgent, and wget), Slackware (mariadb), SUSE (java-1_8_0-openjdk, polkit, and python-Django1), and Ubuntu (Sigil and sox).
Version 2.30 of the GNU C
Library (glibc) has been released. New features include Unicode 12.1.0
support; wrappers for the getdents64(),
gettide(), and tgkill()
system calls on Linux; addition of a bunch of POSIX-proposed pthreads
calls; protections for memory allocation functions so that they cannot
cause ptrdiff_t overflows; and more, such as fixes for two
size. For x86-64, memcmp on an object size larger than SSIZE_MAX
has undefined behavior. On x32, the size_t argument may be passed
in the lower 32 bits of the 64-bit RDX register with non-zero upper
32 bits. When it happened with the sign bit of RDX register set,
memcmp gave the wrong result since it treated the size argument as
zero. Reported by H.J. Lu.
CVE-2019-9169: Attempted case-insensitive regular-expression match
via proceed_next_node in posix/regexec.c leads to heap-based buffer
over-read. Reported by Hongxu Chen.
The GNOME and KDE projects are teaming up to host the Linux App Summit (LAS) that will be
held in Barcelona, November 12-15. “LAS is the first collaborative event co-hosted by the two organizations since
the Desktop Summit in 2009. Both organizations are eager to bring their
communities together in building an application ecosystem that transcends
individual distros and broadens the market for everyone involved.
KDE and GNOME will no longer be taking a passive role in the free desktop
sector. With the joint influence of the two desktop projects, LAS will shepherd
the growth of the FOSS desktop by encouraging the creation of quality
applications, seeking opportunities for compensation for FOSS developers, and
fostering a vibrant market for the Linux operating system.” The CfP is open until August 31.
Security updates have been issued by CentOS (httpd, libssh2, and qemu-kvm), Debian (glib2.0, squirrelmail, subversion, and wpa), Fedora (proftpd), Oracle (icedtea-web), Red Hat (icedtea-web), Scientific Linux (icedtea-web), SUSE (icedtea-web, java-1_7_0-openjdk, subversion, and zypper, libzypp and libsolv), and Ubuntu (linux-hwe, openjdk-lts, pango1.0, python-django, and subversion).
In theory, the public API of a Python standard library module is fully
specified as part of its documentation, but in practice it may not be
quite so clear cut. There are other ways to specify the names in a module that
are meant to be public, and there are naming conventions for things that
should not be public (e.g. the name starts with an underscore), but
no real consistency in how those are used throughout the standard library.
A mid-July discussion
on the python-dev mailing list considered the problem and some possible
solutions; the main outcome seems to be interest in making the rules more
It has been the better part of a decade since the last KernelShark article appeared here; in the
interim, the kernel-tracing visualization tool has undergone some major changes.
While the high-level appearance is largely similar, the underlying code
has switched from GTK+ 2.0 to Qt 5. On July 26,
maintainer Steven Rostedt announced
the release of KernelShark version 1.0, which makes it a good time to
take another peek.