As of this writing, just over 3,900 non-merge changesets have been pulled into the mainline repository for the 5.9 kernel development cycle. While this merge window has just begun, there is already a significant set of new features to point out.

The Free Software Foundation (FSF) has announced that Geoffrey Knauth has been elected president, and free software activist and developer Odile Bénassy has been appointed to the board of directors. Knauth is replacing Richard Stallman who resigned last year. In Knauth's statement, he said: "The FSF board chose me at this moment as a servant leader to help the community focus on our shared dedication to protect and grow software that respects our freedoms. It is also important to protect and grow the diverse membership of the community."

Security updates have been issued by CentOS (firefox, java-1.8.0-openjdk, java-11-openjdk, libvncserver, postgresql-jdbc, and thunderbird), Debian (firejail and gupnp), Fedora (cutter-re, postgresql-jdbc, radare2, and webkit2gtk3), openSUSE (chromium, firefox, kernel, and python-rtslib-fb), Oracle (container-tools:ol8, kernel, and nss and nspr), Scientific Linux (thunderbird), and SUSE (firefox, kernel, postgresql10 and postgresql12, python-ipaddress, and xen).

Greg Kroah-Hartman has released the 5.7.14, 5.4.57, 4.19.138, and 4.14.193 stable kernels. As usual, these contain lots of important fixes throughout the tree; users should upgrade.

PHP 8.0 is on the horizon, and the project has imposed a feature-freeze for the release. There's one exception to the feature-freeze, though: the new attributes syntax. An attribute is syntactical metadata for PHP code, identical to what is called an "annotation" in other languages. Even though attributes have been voted on multiple times by the community, major contributor and creator of XDebug Derick Rethans threw a wrench into the works days before the feature-freeze by challenging the current syntax. The ensuing discussion lead to the fourth attributes proposal for the year, with a special feature-freeze exception being made by release manager Sara Golemon. This exception gives Rethans one more opportunity to convince the community to change how attributes work up to the Beta 3 release, scheduled for September 3.

Version 2.32 of the GNU C Library (glibc) has been released. It contains support for Unicode 13.0.0, a new Kurdish/Sorani locale (ckb_IQ), support for audit modules listed in ELF sections of the executable, support for Synopsys ARC HS cores, new signal abbreviation and descriptive text functions (sigabbrev_np() and sigdescr_np()), similar functions for errno values (strerrorname_np() and strerrordesc_np()), branch protection security hardening for arm64, and more. There are also lots of bug fixes, deprecations, and removals, as well as four security fixes. More information can be found in the release notes.

Security updates have been issued by Debian (clamav and json-c), Fedora (python2, python36, and python37), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (java-11-openjdk, kernel, rubygem-actionview-4_2, wireshark, xen, and xrdp), and Ubuntu (openjdk-8 and ppp).

The LWN.net Weekly Edition for August 6, 2020 is available.

Our look at running a CNC milling machine using open-source software led me to another tool worth looking at: FreeCAD. I wasn't previously familiar with the program, so I decided to check it out. In this article I will walk through my experiences with using FreeCAD for the first time to do a variety of CNC-related tasks I normally would have used a commercial product for. I had varying degrees of success in my endeavors, but in the end came away with a positive opinion.

This Mozilla Security Blog entry describes the new redirect-tracking protections soon to be provided by the Firefox browser. "ETP 2.0 clears cookies and site data from tracking sites every 24 hours, except for those you regularly interact with. We’ll be rolling ETP 2.0 out to all Firefox users over the course of the next few weeks."

We last looked at the idea of a Python "match" or "switch" statement back in 2016, but it is something that has been circulating in the Python community both before and since that coverage. In June it was raised again, with a Python Enhancement Proposal (PEP) supporting it: PEP 622 ("Structural Pattern Matching"). As that title would imply, the match statement proposed in the PEP is actually a pattern-matching construct with many uses. While it may superficially resemble the C switch statement, a Python match would do far more than simply choose a chunk of code to execute based on the value of an expression.

Security updates have been issued by Debian (net-snmp), Fedora (mingw-curl), openSUSE (firefox, ghostscript, and opera), Oracle (libvncserver and postgresql-jdbc), Scientific Linux (postgresql-jdbc), SUSE (firefox, kernel, libX11, xen, and xorg-x11-libX11), and Ubuntu (apport, grub2, grub2-signed, libssh, libvirt, mysql-8.0, ppp, tomcat8, and whoopsie).

The 5.7.13, 5.4.56, 4.19.137, and 4.14.192 stable kernel updates have been released; each contains another set of important fixes.

Version 7.0 of the LibreOffice office suite is out. It brings a long list of new features, including: "support for OpenDocument Format (ODF) 1.3; Skia graphics engine and Vulkan GPU-based acceleration for better performance; and carefully improved compatibility with DOCX, XLSX and PPTX files". The plan to create a differentiated "enterprise edition" that was discussed in July has been deferred and is not part of this release.

Security updates have been issued by Debian (libx11, webkit2gtk, and zabbix), Fedora (webkit2gtk3), openSUSE (claws-mail, ghostscript, and targetcli-fb), Red Hat (dbus, kpatch-patch, postgresql-jdbc, and python-pillow), Scientific Linux (libvncserver and postgresql-jdbc), SUSE (kernel and python-rtslib-fb), and Ubuntu (ghostscript, sqlite3, squid3, and webkit2gtk).

The Linux Foundation has announced the formation of the Open Source Security Foundation (OpenSSF). The foundation aims to improve the security of open source software. "The OpenSSF brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab, are just a couple of the projects that will be brought together under the new OpenSSF. The Foundation’s governance, technical community and its decisions will be transparent, and any specifications and projects developed will be vendor agnostic. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all."

Linus Torvalds released the 5.8 kernel on August 2, concluding another nine-week development cycle. By the time the work was done, 16,306 non-merge changesets had been pulled into the mainline repository for this release. That happens to be a record, beating the previous record holder (4.9, released in December 2016) by 92 changesets. It was, in other words, a busy development cycle. It's time for our traditional look into where that work came from to see what might be learned.

Version 1.5 of the Julia programming language has been released. On the Julia blog, Jeff Bezanson and Stefan Karpinski describe the highlights of the release, which includes struct layout improvements for decreasing heap allocations, stabilization of the multithreading API, faster random numbers, changes to the scoping rules in the read-eval-print loop (REPL), and more. "Julia excels at simulations, so random numbers are important to a lot of users of the language. For this release Rafael Fourquet, one of the primary architects of the Random standard library and a prolific contributor in general, implemented some impressive algorithmic improvements for some popular cases. The first is a major improvement when generating normally-distributed double-precision floats. Calling randn(1000) is nearly twice as fast in Julia 1.5 compared with Julia 1.4. Generating random booleans also got much faster: rand(Bool, 1000) is nearly 6x faster. Finally, sampling from discrete collections has also gotten faster: rand(1:100, 1000) got 25% faster." LWN looked at Julia (part 1, part 2) back in 2018, shortly after the release of Julia 1.0.

Debian 10 "buster" received a fifth update. In addition to the usual security and bug fixes, this point release addresses Debian Security Advisory: DSA-4735-1 grub2. This security update covers multiple CVE issues regarding the GRUB2 UEFI SecureBoot 'BootHole' vulnerability.

Security updates have been issued by Arch Linux (ffmpeg, libjcat, mbedtls, tcpreplay, and wireshark-cli), Debian (ark, evolution-data-server, libjpeg-turbo, libopenmpt, libpam-radius-auth, libphp-phpmailer, libssh, ruby-zip, thunderbird, and transmission), Fedora (chromium, clamav, claws-mail, evolution-data-server, freerdp, glibc, java-latest-openjdk, nspr, and nss), Gentoo (libsndfile, pycrypto, python, snmptt, thunderbird, and webkit-gtk), Mageia (botan2, chocolate-doom, cloud-init, dnsmasq, freerdp/remmina, gssdp/gupnp, java-1.8.0-openjdk, matio, microcode, nasm, openjpeg2, pcre2, php-phpmailer, redis, roundcubemail, ruby-rack, thunderbird, virtualbox, and xerces-c), openSUSE (claws-mail, ldb, and libraw), Oracle (firefox), Red Hat (bind, grub2, kernel-rt, libvncserver, nss and nspr, and qemu-kvm-rhev), Scientific Linux (firefox), Slackware (thunderbird), and SUSE (firefox, kernel, and targetcli-fb).