Six stable kernels

([Kernel] Sep 23, 2020 19:24 UTC (Wed) (ris))

Stable kernels [1]5.8.11 , [2]5.4.67 , [3]4.19.147 , [4]4.14.199 , [5]4.9.237 , and [6]4.4.237 have been released with important fixes. Users should upgrade.

[1] https://lwn.net/Articles/832305/

[2] https://lwn.net/Articles/832306/

[3] https://lwn.net/Articles/832307/

[4] https://lwn.net/Articles/832308/

[5] https://lwn.net/Articles/832309/

[6] https://lwn.net/Articles/832310/

Security updates for Wednesday

([Security] Sep 23, 2020 14:44 UTC (Wed) (ris))

Security updates have been issued by openSUSE (libetpan, libqt4, lilypond, otrs, and perl-DBI), Red Hat (kernel-rt), Slackware (seamonkey), SUSE (grafana, libmspack, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and samba), and Ubuntu (debian-lan-config, ldm, libdbi-perl, and netty-3.9).

Linux Journal is Back

([Briefs] Sep 22, 2020 20:38 UTC (Tue) (ris))

Linux Journal has [1]returned under the ownership of Slashdot Media. " As Linux enthusiasts and long-time fans of Linux Journal, we were disappointed to hear about Linux Journal closing its doors last year. It took some time, but fortunately we were able to get a deal done that allows us to keep Linux Journal alive now and indefinitely. It's important that amazing resources like Linux Journal never disappear. "

[1] https://www.linuxjournal.com/content/linux-journal-back

OpenPGP in Thunderbird

([Security] Sep 23, 2020 22:17 UTC (Wed) (jake))

It is a pretty rare event to see a nearly 21-year-old bug be addressed—many projects are nowhere near that old for one thing—but that is just what has occurred for the Mozilla [1]Thunderbird email application. An [2]enhancement request filed at the end of 1999 asked for a plugin to support email encryption, but it has mostly languished since. The [3]Enigmail plugin did come along to fill the gap by providing [4]OpenPGP support using [5]GNU Privacy Guard (GnuPG or GPG), but was never part of Thunderbird. As part of [6]Thunderbird 78 , though, OpenPGP is now fully supported within the mail user agent (MUA).

[1] https://www.thunderbird.net/en-US/

[2] https://bugzilla.mozilla.org/show_bug.cgi?id=22687

[3] https://www.enigmail.net/index.php/en/

[4] https://www.openpgp.org/

[5] https://gnupg.org/

[6] https://blog.thunderbird.net/2020/07/whats-new-in-thunderbird-78/

Firefox 81.0

([Development] Sep 22, 2020 15:46 UTC (Tue) (ris))

Firefox 81.0 is out. This version allows you to control media from the keyboard or headset, introduces the Alpenglow theme, adds ArcoForm support to fill in, print, and save supported PDF forms, and more. See the [1]release notes for details.

[1] https://www.mozilla.org/firefox/81.0/releasenotes/

Security updates for Tuesday

([Security] Sep 22, 2020 14:43 UTC (Tue) (ris))

Security updates have been issued by Mageia (mysql-connector-java), openSUSE (chromium, curl, libqt4, and singularity), Red Hat (bash and kernel), SUSE (python-pip and python3), and Ubuntu (busybox, ceph, freeimage, libofx, libpam-tacplus, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-azure, linux-gcp, linux-oracle, novnc, and tnef).

Cook: Security things in Linux v5.7

([Kernel] Sep 22, 2020 13:35 UTC (Tue) (corbet))

Kees Cook [1]catches up with the security-related changes in the 5.7 kernel. " The kernel’s Linux Security Module (LSM) API provide a way to write security modules that have traditionally implemented various Mandatory Access Control (MAC) systems like SELinux, AppArmor, etc. The LSM hooks are numerous and no one LSM uses them all, as some hooks are much more specialized (like those used by IMA, Yama, LoadPin, etc). There was not, however, any way to externally attach to these hooks (not even through a regular loadable kernel module) nor build fully dynamic security policy, until KP Singh landed the API for building LSM policy using BPF. With this, it is possible (for a privileged process) to write kernel LSM hooks in BPF, allowing for totally custom security policy (and reporting). "

[1] https://outflux.net/blog/archives/2020/09/21/security-things-in-linux-v5-7/

[$] Saying goodbye to set_fs()

([Kernel] Sep 24, 2020 15:48 UTC (Thu) (corbet))

The set_fs() function dates back to the earliest days of the Linux kernel; it is a key part of the machinery that keeps user-space and kernel-space memory separated from each other. It is also easy to misuse and has been the source of various security problems over the years; kernel developers have long wanted to be rid of it. They won't completely get their wish in the 5.10 kernel but, as the result of work that has been quietly progressing for several months, the end of set_fs() will be easily visible at that point.

[$] Mercurial planning to transition away from SHA-1

([Development] Sep 28, 2020 16:04 UTC (Mon) (coogle))

Recently, the [1]Mercurial project has been discussing its plans to migrate away from the [2]compromised [3]SHA-1 hashing algorithm in favor of a more secure alternative. So far, the discussion is in the planning stages of algorithm selection and migration strategy, with a general transition plan for users. The project, for the moment, is favoring the [4]BLAKE2 hashing algorithm.

[1] http://mercurial-scm.org

[2] https://en.wikipedia.org/wiki/SHA-1#Attacks

[3] https://en.wikipedia.org/wiki/SHA-1

[4] https://tools.ietf.org/html/rfc7693

Security updates for Monday

([Security] Sep 21, 2020 14:51 UTC (Mon) (ris))

Security updates have been issued by Debian (inspircd and modsecurity), Fedora (chromium, cryptsetup, gnutls, mingw-libxml2, and seamonkey), openSUSE (ark, chromium, claws-mail, docker-distribution, fossil, hylafax+, inn, knot, libetpan, libjpeg-turbo, libqt4, librepo, libvirt, libxml2, lilypond, mumble, openldap2, otrs, pdns-recursor, perl-DBI, python-Flask-Cors, singularity, slurm_18_08, and virtualbox), SUSE (jasper, less, ovmf, and rubygem-actionview-4_2), and Ubuntu (sa-exim).

Kernel prepatch 5.9-rc6

([Kernel] Sep 21, 2020 0:22 UTC (Mon) (corbet))

The [1]5.9-rc6 kernel prepatch is out. " The one thing that does show up in the diffstat is the softscroll removal (both fbcon and vgacon), and there are people who want to save that, but we'll see if some maintainer steps up. I'm not willing to resurrect it in the broken form it was in, so I doubt that will happen in 5.9, but we'll see what happens. "

[1] https://lwn.net/Articles/831987/

Precursor: an open-source mobile hardware platform

([Briefs] Sep 20, 2020 23:30 UTC (Sun) (corbet))

Andrew "bunnie" Huang has [1]announced a new project called "Precursor"; it is meant to be a platform for makers to create interesting new devices. " Precursor is unique in the open source electronics space in that it’s designed from the ground-up to be carried around in your pocket. It’s not just a naked circuit board with connectors hanging off at random locations: it comes fully integrated—with a rechargeable battery, a display, and a keyboard—in a sleek, 7.2 mm (quarter-inch) aluminum case. " You can't get one yet, but the crowdfunding push starts soon.

[1] https://www.bunniestudios.com/blog/?p=5921

Bottomley: Creating a home IPv6 network

([Kernel] Sep 18, 2020 14:48 UTC (Fri) (corbet))

James Bottomley has put together [1]a detailed recounting of what it took to get IPv6 fully working on his network. " One of the things you’d think from the above is that IPv6 always auto configures and, while it is true that if you simply plug your laptop into the ethernet port of a cable modem it will just automatically configure, most people have a more complex home setup involving a router, which needs some special coaxing before it will work. That means you need to obtain additional features from your ISP using special DHCPv6 requests. "

[1] https://blog.hansenpartnership.com/creating-a-home-ipv6-network/

Security updates for Friday

([Security] Sep 18, 2020 14:22 UTC (Fri) (jake))

Security updates have been issued by Arch Linux (chromium and netbeans), Oracle (mysql:8.0 and thunderbird), SUSE (rubygem-rack and samba), and Ubuntu (apng2gif, gnupg2, libemail-address-list-perl, libproxy, pulseaudio, pure-ftpd, samba, and xawtv).

Python 3.9 is around the corner

([Development] Sep 22, 2020 22:17 UTC (Tue) (coogle))

[1]Python 3.9.0rc2 was released on September 17, with the final version scheduled for October 5, roughly a year after [2]the release of Python 3.8 . Python 3.9 will come with new operators for dictionary unions, a new parser, two string operations meant to eliminate some longstanding confusion, as well as improved time-zone handling and type hinting. Developers may need to do some porting for code coming from Python 3.8 or earlier, as the new release has removed several previously-deprecated features still lingering from Python 2.7.

[1] https://www.python.org/downloads/release/python-390rc2/

[2] https://lwn.net/Articles/793818/

Stable kernels 5.8.10, 5.4.66, and 4.19.146

([Kernel] Sep 17, 2020 16:05 UTC (Thu) (jake))

Greg Kroah-Hartman has announced the release of the [1]5.8.10 , [2]5.4.66 , and [3]4.19.146 stable kernels. They contain important fixes throughout the tree and users should upgrade.

[1] https://lwn.net/Articles/831751/

[2] https://lwn.net/Articles/831752/

[3] https://lwn.net/Articles/831753/

Removing run-time disabling for SELinux in Fedora

([Distributions] Sep 23, 2020 15:53 UTC (Wed) (jake))

Disabling [1]SELinux is, perhaps sadly in some ways, a time-honored tradition for users of Fedora, RHEL, and other distributions that feature the security mechanism. Over the years, SELinux has gotten easier to tolerate due to the hard work of its developers and the distributions, but there are still third-party packages that recommend or require disabling SELinux in order to function. Up until fairly recently, the kernel has supported disabling SELinux at run time, but that mechanism has been deprecated—in part due to another kernel security feature. Now Fedora is planning to eliminate the ability to disable SELinux at run time in Fedora 34, which sparked some discussion in its devel mailing list.

[1] https://selinuxproject.org/page/Main_Page

GNOME's new versioning scheme

([Development] Sep 17, 2020 15:22 UTC (Thu) (corbet))

The GNOME Project has announced a change to its version-numbering scheme; the next release will be "GNOME 40". " After nearly 10 years of 3.x releases, the minor version number is getting unwieldy. It is also exceedingly clear that we're not going to bump the major version because of technological changes in the core platform, like we did for GNOME 2 and 3, and then piling on a major UX change on top of that. Radical technological and design changes are too disruptive for maintainers, users, and developers; we have become pretty good at iterating design and technologies, to the point that the current GNOME platform, UI, and UX are fairly different from what was released with GNOME 3.0, while still following the same design tenets. "

LWN.net Weekly Edition for September 24, 2020

Security updates for Thursday

([Security] Sep 17, 2020 12:33 UTC (Thu) (jake))

Security updates have been issued by Fedora (dotnet3.1, kernel, mbedtls, and python35), Mageia (libraw), openSUSE (mumble), SUSE (libsolv, libzypp, and perl-DBI), and Ubuntu (libdbi-perl, libphp-phpmailer, mcabber, ncmpc, openssl, openssl1.0, qemu, samba, storebackup, and util-linux).

Keep in mind always the four constant Laws of Frisbee:
(1) The most powerful force in the world is that of a disc
straining to land under a car, just out of reach (this
force is technically termed "car suck").
(2) Never precede any maneuver by a comment more predictive
than "Watch this!"
(3) The probability of a Frisbee hitting something is directly
proportional to the cost of hitting it. For instance, a
Frisbee will always head directly towards a policeman or
a little old lady rather than the beat up Chevy.
(4) Your best throw happens when no one is watching; when the
cute girl you've been trying to impress is watching, the
Frisbee will invariably bounce out of your hand or hit you
in the head and knock you silly.