Security updates for Wednesday
([Security] Nov 25, 2020 15:49 UTC (Wed) (ris))
Security updates have been issued by Debian (spip and webkit2gtk), Fedora (kernel and libexif), openSUSE (chromium and rclone), Slackware (mutt), SUSE (kernel, mariadb, and slurm), and Ubuntu (igraph).
A set of stable kernels
([Kernel] Nov 24, 2020 17:20 UTC (Tue) (ris))
Greg Kroah-Hartman has released stable kernels [1]5.9.11 , [2]5.4.80 , [3]4.19.160 , [4]4.14.209 , [5]4.9.246 , and [6]4.4.246 have been released. They all contain important fixes and users should upgrade.
[1] https://lwn.net/Articles/838257/
[2] https://lwn.net/Articles/838259/
[3] https://lwn.net/Articles/838260/
[4] https://lwn.net/Articles/838261/
[5] https://lwn.net/Articles/838262/
[6] https://lwn.net/Articles/838263/
[1] https://lwn.net/Articles/838257/
[2] https://lwn.net/Articles/838259/
[3] https://lwn.net/Articles/838260/
[4] https://lwn.net/Articles/838261/
[5] https://lwn.net/Articles/838262/
[6] https://lwn.net/Articles/838263/
Security updates for Tuesday
([Security] Nov 24, 2020 16:10 UTC (Tue) (ris))
Security updates have been issued by Fedora (chromium, microcode_ctl, and seamonkey), Mageia (f2fs-tools, italc, python-cryptography, python-pillow, tcpreplay, and vino), Oracle (thunderbird), Red Hat (bind, kernel, microcode_ctl, net-snmp, and Red Hat Virtualization), Scientific Linux (net-snmp and thunderbird), SUSE (kernel and mariadb), and Ubuntu (atftp, libextractor, pdfresurrect, and pulseaudio).
GNU Guix 1.2.0 released
([Distributions] Nov 23, 2020 18:22 UTC (Mon) (ris))
GNU Guix, a functional package manager and associated free software distribution, was [1]introduced eight years ago. The [2]1.2.0 release celebrates the anniversary. " A major highlight in this release is the ability to authenticate channels , which probably makes Guix one of the safest ways to deliver complete operating systems today. This was the missing link in our “software supply chain” and we’re glad it’s now fixed. The end result is that guix pull and related commands now cryptographically authenticate channel code that they fetch; you cannot, for instance, retrieve unauthorized commits to the official Guix repository. "
[1] https://lists.gnu.org/archive/html/gnu-system-discuss/2012-11/msg00000.html
[2] https://guix.gnu.org/en/blog/2020/gnu-guix-1.2.0-released/
[1] https://lists.gnu.org/archive/html/gnu-system-discuss/2012-11/msg00000.html
[2] https://guix.gnu.org/en/blog/2020/gnu-guix-1.2.0-released/
Huang: Evaluating Precursor’s Hardware Security
([Security] Nov 23, 2020 18:06 UTC (Mon) (corbet))
For those who are interested in security at the hardware level, [1]this blog post from Andrew 'bunnie' Huang is well worth a read. " Despite any claims you may have heard otherwise, tamper resistance is a largely unsolved problem. Any secrets committed to a non-volatile format are vulnerable to recovery by a sufficiently advanced adversary. The availability of near-atomic level microscopy, along with sophisticated photon and phonon based probing techniques, means that a lab equipped with a few million dollars worth of top-notch gear and well-trained technicians has a good chance of recovering secret key material out of virtually any non-volatile storage media. The hard part is figuring out where the secrets are located on the chip. "
[1] https://www.bunniestudios.com/blog/?p=5979
[1] https://www.bunniestudios.com/blog/?p=5979
Security updates for Monday
([Security] Nov 23, 2020 16:10 UTC (Mon) (ris))
Security updates have been issued by Debian (cimg, golang-1.7, golang-1.8, krb5, mediawiki, mupdf, php-pear, samba, thunderbird, and zabbix), Fedora (chromium, krb5, microcode_ctl, pngcheck, and rpki-client), Mageia (librepo, postgresql, python-twisted, raptor2, tcpdump, and thunderbird), openSUSE (blueman, java-11-openjdk, moinmoin-wiki, python, rmt-server, SDL, and tcpdump), Red Hat (chromium-browser and thunderbird), SUSE (c-ares, ceph, dash, firefox, java-1_8_0-openjdk, postgresql10, postgresql12, postgresql96, u-boot, and ucode-intel), and Ubuntu (openldap).
Kernel prepatch 5.10-rc5
([Kernel] Nov 23, 2020 0:24 UTC (Mon) (corbet))
The [1]5.10-rc5 kernel prepatch is out. " The 5.10 release candidates stubbornly keeps staying fairly big, even though by rc5 we really should be seeing things starting to calm down and shrink. There's nothing in here that makes me particularly nervous, but in pure numbers of commits, this is the largest rc5 we've had in the 5.x series. "
[1] https://lwn.net/Articles/838068/
[1] https://lwn.net/Articles/838068/
Some weekend stable kernel updates
([Kernel] Nov 22, 2020 17:20 UTC (Sun) (corbet))
The [1]5.9.10 , [2]5.4.79 , [3]4.19.159 , [4]4.14.208 , [5]4.9.245 , and [6]4.4.245 stable kernel updates are all available. Each contains another set of important fixes, as usual.
[1] https://lwn.net/Articles/838049/
[2] https://lwn.net/Articles/838050/
[3] https://lwn.net/Articles/838051/
[4] https://lwn.net/Articles/838052/
[5] https://lwn.net/Articles/838053/
[6] https://lwn.net/Articles/838054/
[1] https://lwn.net/Articles/838049/
[2] https://lwn.net/Articles/838050/
[3] https://lwn.net/Articles/838051/
[4] https://lwn.net/Articles/838052/
[5] https://lwn.net/Articles/838053/
[6] https://lwn.net/Articles/838054/
[$] Mutt releases version 2.0
([Development] Nov 25, 2020 14:50 UTC (Wed) (leephillips))
The venerable email client [1]Mutt has just reached [2]version 2.0 . Mutt is different from the type of client that has come to dominate the email landscape—for one thing, it has no graphical interface. It has a long history that is worth a bit of a look, as are its feature set and extensive customizability. Version 2.0 brings several enhancements to Mutt's interface, configurability, and convenience, as well. In this article, readers who are unfamiliar with Mutt will learn about a different way to deal with the daily chore of wrangling their inboxes, while Mutt experts may discover some new sides to an old friend.
[1] http://www.mutt.org/
[2] http://www.mutt.org/relnotes/2.0/
[1] http://www.mutt.org/
[2] http://www.mutt.org/relnotes/2.0/
Security updates for Friday
([Security] Nov 20, 2020 14:06 UTC (Fri) (jake))
Security updates have been issued by CentOS (firefox), Fedora (chromium, microcode_ctl, mingw-libxml2, seamonkey, and xen), openSUSE (slurm_18_08 and tor), Oracle (thunderbird), SUSE (buildah, firefox, go1.14, go1.15, krb5, microcode_ctl, perl-DBI, podman, postgresql12, thunderbird, ucode-intel, wireshark, wpa_supplicant, and xen), and Ubuntu (firefox and phpmyadmin).
Paalanen: Developing Wayland Color Management and High Dynamic Range
([Development] Nov 20, 2020 1:13 UTC (Fri) (jake))
Over on the Collabora blog, Pekka Paalanen [1]writes about adding color management and high dynamic range (HDR) support to the [2]Wayland display server protocol. X11 already has support for color management tools and workflow, but not HDR, and Wayland currently doesn't support either, but Paalanen and others are working to change that. " As color management is all about color spaces and gamuts, and high dynamic range (HDR) is also very much about color spaces and gamuts plus extended luminance range, Sebastian [Wick] and I decided that Wayland color management extension should cater for both from the beginning. Combining traditional color management and HDR is a fairly new thing as far as I know, and I'm not sure we have much prior art to base upon, so this is an interesting research journey as well. There is a lot of prior art on HDR and color management separately, but they tend to have fundamental differences that makes the combination not obvious. "
[1] https://www.collabora.com/news-and-blog/blog/2020/11/19/developing-wayland-color-management-and-high-dynamic-range/
[2] https://wayland.freedesktop.org/
[1] https://www.collabora.com/news-and-blog/blog/2020/11/19/developing-wayland-color-management-and-high-dynamic-range/
[2] https://wayland.freedesktop.org/
GCompris releases version 1.0 to celebrate 20 years
([Development] Nov 20, 2020 0:16 UTC (Fri) (jake))
The [1]GCompris project, which provides a " high quality educational software suite, including a large number of activities for children aged 2 to 10 ", has [2]announced its 1.0 release , which celebrates the 20th anniversary of the project. It includes more than 100 activities, a new Dataset selection in the Activity Settings menu for more than 50 activities, and four new activities, including an Analog Electricity activity to simulate and learn about circuits. KDE.news [3]covered the release : " We have built the activities to follow the principles of 'nothing succeeds like success' and that children, when learning, should be challenged, but not made to feel threatened. Thus, GCompris congratulates, but does not reprimand; all the characters the child interacts with are friendly and supportive; activities are brightly colored, contain encouraging voices and play upbeat, but soothing music. The hardware requirements for running GCompris are extremely low and it will run fine on older computers or low-powered machines, like the Raspberry Pi. This saves you and your school from having to invest in new and expensive equipment and it is also eco-friendly, as it reduces the amount of technological waste that is produced when you have to renew computers to adapt to more and more power-hungry software. GCompris works on Windows, Android and GNU/Linux computers, and on desktop machines, laptops, tablets and phones. "
[1] https://gcompris.net/index-en.html
[2] https://gcompris.net/index-en.html#2020-11-19
[3] https://dot.kde.org/2020/11/19/educational-software-gcompris-20-years-old-today
[1] https://gcompris.net/index-en.html
[2] https://gcompris.net/index-en.html#2020-11-19
[3] https://dot.kde.org/2020/11/19/educational-software-gcompris-20-years-old-today
[$] epoll_pwait2(), close_range(), and encoded I/O
([Kernel] Nov 20, 2020 17:50 UTC (Fri) (corbet))
The various system calls and other APIs that the kernel provides for access to files and filesystems has grown increasingly comprehensive over the years. That does not mean, though, that there is no need or room for improvement. Several relatively small additions to the kernel's filesystem-related API are under consideration in the development community; read on for a survey of some of this work.
LWN.net Weekly Edition for December 3, 2020
Rust 1.48.0 released
([Development] Nov 19, 2020 15:17 UTC (Thu) (corbet))
[1]Version 1.48.0 of the Rust language has been released. The biggest change appears to be improvements to the documentation system, but there's more: " The most significant API change is kind of a mouthful: [T; N]: TryFrom<Vec<T>> is now stable. What does this mean? Well, you can use this to try and turn a vector into an array of a given length ".
[1] https://blog.rust-lang.org/2020/11/19/Rust-1.48.html
[1] https://blog.rust-lang.org/2020/11/19/Rust-1.48.html
Six new stable kernels
([Kernel] Nov 19, 2020 15:47 UTC (Thu) (jake))
Greg Kroah-Hartman has released the [1]5.9.9 , [2]5.4.78 , [3]4.19.158 , [4]4.14.207 , [5]4.9.244 , and [6]4.4.244 stable kernels. They all contain important fixes throughout the kernel tree; users of those series should upgrade.
[1] https://lwn.net/Articles/837777/
[2] https://lwn.net/Articles/837779/
[3] https://lwn.net/Articles/837782/
[4] https://lwn.net/Articles/837784/
[5] https://lwn.net/Articles/837791/
[6] https://lwn.net/Articles/837792/
[1] https://lwn.net/Articles/837777/
[2] https://lwn.net/Articles/837779/
[3] https://lwn.net/Articles/837782/
[4] https://lwn.net/Articles/837784/
[5] https://lwn.net/Articles/837791/
[6] https://lwn.net/Articles/837792/
Security updates for Thursday
([Security] Nov 19, 2020 14:15 UTC (Thu) (jake))
Security updates have been issued by Arch Linux (chromium and firefox), CentOS (bind, curl, fence-agents, kernel, librepo, libvirt, microcode_ctl, python, python3, qt and qt5-qtbase, resource-agents, and tomcat), Debian (drupal7, firefox-esr, jupyter-notebook, packer, python3.5, and rclone), Fedora (firefox), Mageia (firefox, nss), openSUSE (gdm, kernel-firmware, and moinmoin-wiki), Oracle (net-snmp), SUSE (libzypp, zypper), and Ubuntu (c-ares).
Security updates for Wednesday
([Security] Nov 18, 2020 16:05 UTC (Wed) (ris))
Security updates have been issued by openSUSE (opera and raptor), Oracle (bind, bluez, firefox, microcode_ctl, and thunderbird), Red Hat (firefox, net-snmp, and thunderbird), SUSE (java-11-openjdk and tcpdump), and Ubuntu (firefox, krb5, and libvncserver, vino).
No more Flash support in Firefox
([Development] Nov 18, 2020 15:45 UTC (Wed) (corbet))
Mozilla has [1]announced that the Adobe Flash era is coming to an end. " Firefox version 84 will be the final version to support Flash. On January 26, 2021 when we release Firefox version 85, it will ship without Flash support, improving our performance and security. " One suspects that few people will miss this support.
[1] https://blog.mozilla.org/futurereleases/2020/11/17/ending-firefox-support-for-flash/
[1] https://blog.mozilla.org/futurereleases/2020/11/17/ending-firefox-support-for-flash/
[$] ID mapping for mounted filesystems
([Kernel] Nov 19, 2020 18:03 UTC (Thu) (corbet))
Almost every filesystem (excepting relics like VFAT) implements the concept of the owner and group of each file; the higher levels of the operating system then use that information to control access to those files. For decades, it has usually sufficed to track a single owner and group for each file, but there is an increasing number of use cases wanting to make that ownership relative to the environment any given process is running in. Developers have been working for a few years to find solutions to this problem; the latest attempt is the [1]ID-mapped mounts patch set from Christian Brauner.
[1] https://lwn.net/ml/linux-fsdevel/20201115103718.298186-1-christian.brauner@ubuntu.com/
[1] https://lwn.net/ml/linux-fsdevel/20201115103718.298186-1-christian.brauner@ubuntu.com/
The trouble is, there is an endless supply of White Men, but there has
always been a limited number of Human Beings.
-- Little Big Man