Bookmarks (1795)

Security updates have been issued by Fedora (adplug, audacious-plugins, cpu-x, kernel, kernel-headers, ocp, php, and python-lxml), openSUSE (crmsh, firefox, and hawk2), Oracle (thunderbird), Red Hat (kernel-rt), SUSE (kernel and rubygem-archive-tar-minitar), and Ubuntu (openvswitch and tar).

It may be kind of an obvious statement, but licensing terms matter in our communities. Even a misplaced word or three can be fatal for a license, which is part of the motivation for the efforts to reduce license proliferation in free-software projects. Over the last few months, various distribution projects have been discussing changes made to the license for the Nmap network scanner;...

Tedium is running a history of the Linksys WRT54G router. "But the reason the WRT54G series has held on for so long, despite using a wireless protocol that was effectively made obsolete 12 years ago, might come down to a feature that was initially undocumented—a feature that got through amid all the complications of a big merger. Intentionally or not, the WRT54G was hiding...

Alyssa Rosenzweig presents a progress report on the Panfrost driver for Arm Mali Midgard and Bifrost GPUs, which now provides non-conformant OpenGL ES 3.0 on Bifrost and desktop OpenGL 3.1 on Midgard. "Architecturally, Bifrost shares most of its fixed-function data structures with Midgard, but features a brand new instruction set. Our work for bringing up OpenGL ES 3.0 on Bifrost reflects this division. Some...

Arnd Bergmann stirred up a bit of a discussion with his January 8 "bring out your dead" posting, wherein he raised the idea of removing support for a long list of seemingly unloved Arm platforms — and a few non-Arm ones as well. Many of these have seen no significant work in at least six years. In a January 13 followup, he notes that several of...

Security updates have been issued by Debian (coturn, imagemagick, and spice-vdagent), Fedora (roundcubemail and sympa), Gentoo (asterisk and virtualbox), Oracle (kernel and kernel-container), Red Hat (dotnet3.1, dotnet5.0, and thunderbird), SUSE (crmsh, firefox, hawk2, ImageMagick, kernel, libzypp, zypper, nodejs10, nodejs14, openstack-dashboard, release-notes-suse-openstack-cloud, and tcmu-runner), and Ubuntu (coturn).

The problems with "vendoring" in packages—bundling dependencies rather than getting them from other packages—seems to crop up frequently these days. We looked at Debian's concerns about packaging Kubernetes and its myriad of Go dependencies back in October. A more recent discussion in that distribution's community looks at another famously dependency-heavy ecosystem: JavaScript libraries from the npm repository. Even C-based ecosystems are not immune to...

Stable kernels 5.10.7, 5.4.89, 4.19.167, 4.14.215, 4.9.251, and 4.4.251 have been released. They all contain important fixes and users should upgrade.

The Google Project Zero blog is carrying a six-part series exploring, in great detail, a set of sophisticated exploits discovered in the wild. "These exploit chains are designed for efficiency & flexibility through their modularity. They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks. We believe...

Security updates have been issued by openSUSE (chromium), Oracle (firefox), Red Hat (kernel), Scientific Linux (firefox), Slackware (sudo), SUSE (firefox, nodejs10, nodejs12, and nodejs14), and Ubuntu (apt, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-hwe-5.8, linux-oem-5.6, linux-oracle, linux-oracle-5.4, nvidia-graphics-drivers-390, nvidia-graphics-drivers-450, nvidia-graphics-drivers-460, python-apt, and xdg-utils).

The kernel project goes out of its way to facilitate building with older toolchains. Building a kernel on a new system can be enough of a challenge as it is; being forced to install a custom toolchain first would not improve the situation. So the kernel developers try to keep it possible to build the kernel with the toolchains shipped by most distributors. There...

Security updates have been issued by Arch Linux (chromium, firefox, and mbedtls), Debian (coturn), Fedora (firefox, flac, and nodejs), Gentoo (ark, chromium, dovecot, firefox, firejail, ipmitool, nodejs, and pillow), Mageia (alpine, c-client, binutils, busybox, cherokee, firefox, golang, guava, imagemagick, libass, openexr, squirrelmail, tomcat, and xrdp), openSUSE (chromium, cobbler, rpmlint, and tomcat), Oracle (kernel), Red Hat (firefox, libpq, and openssl), SUSE (python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml,...

The 5.11-rc3 kernel prepatch is out for testing. "So in the rc2 announcement notes I thought we might have a slow week for rc3 as well due to people just coming back from vacations and it taking some time for bug reports etc to start tricking in. That turned out to be the incoherent ramblings of a crazy old man."

The 5.10.6, 5.4.88, 4.19.166, 4.14.214, 4.9.250, and 4.4.250 stable kernel updates have all been released; each contains a relatively small number of important fixes.

Security updates have been issued by Debian (firefox-esr and libxstream-java), Fedora (awstats and dia), Mageia (c-ares, dash, and dovecot), openSUSE (dovecot23, gimp, kitty, and python-notebook), Oracle (kernel), SUSE (python-paramiko and tomcat), and Ubuntu (edk2, firefox, ghostscript, and openjpeg2).

A key component of system hardening is restricting access to memory; this extends to preventing the kernel itself from accessing or modifying much of the memory in the system most of the time. Memory that cannot be accessed cannot be read or changed by an attacker. On many systems, though, these restrictions do not apply to peripheral devices, which can happily use direct memory...

Security updates have been issued by Debian (golang-websocket, nodejs, and pacemaker), Fedora (mingw-binutils and rubygem-em-http-request), and Ubuntu (linux-oem-5.6 and p11-kit).

The idea of Reproducible Builds—being able to recreate bit-for-bit identical binaries using the same source code—has gained momentum over the last few years. Reproducible builds provide some safeguards against bad actors in the software supply chain. But building software depends on the tools used to construct the binary, including compilers and build-automation tools, many of which depend on pre-existing binaries. Minimizing the reliance on...

Just because something is traditional does not imply that it is necessarily a good idea. As a case in point, consider LWN's tradition of starting the year with some predictions for what is to come; some may be obvious while others are implausible, but none of them are reliable. Nonetheless, we've been doing this since 2002 so we can't stop now. Read on for...

The 5.10.5, 5.4.87, and 4.19.165 stable kernel updates have been released; each contains another set of important fixes.

Security updates have been issued by Debian (cairo, dovecot, and minidlna), Oracle (ImageMagick), Scientific Linux (ImageMagick), SUSE (clamav, dovecot23, java-1_8_0-ibm, and tomcat), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon,...

TuxMake is an open-source project from Linaro that began in May 2020 and is designed to make building Linux kernels easier. It provides a command-line interface and a Python library, along with a full set of curated portable build environments distributed as container images. With TuxMake, a developer can build any supported combination of target architecture, toolchain, kernel configuration, and make targets.

Security updates have been issued by Arch Linux (dovecot, poppler, roundcubemail, and rsync), Debian (csync2 and gssproxy), Fedora (grafana, perl-Convert-ASN1, and python-py), openSUSE (privoxy), Oracle (kernel), Red Hat (ImageMagick and kernel), SUSE (ceph, dovecot22, flac, java-1_7_1-ibm, openssh, and python), and Ubuntu (dovecot, horizon, openexr, and python-apt).

The LibreSSL project has been developing a fork of the OpenSSL package since 2014; it is supported as part of OpenBSD. Adoption of LibreSSL on the Linux side has been slow from the start, though, and it would appear that the situation is about to get worse. LibreSSL is starting to look like an idea whose time may never come in the Linux world.

Security updates have been issued by Debian (chromium, dovecot, flac, influxdb, libhibernate3-java, and p11-kit), Fedora (ceph and guacamole-server), Mageia (audacity, gdm, libxml2, rawtherapee, and vlc), openSUSE (jetty-minimal and privoxy), Red Hat (kernel and kernel-rt), SUSE (gimp), and Ubuntu (libproxy).

The second 5.11 kernel prepatch is out for testing. "People have (rightly) mostly been offline since, presumably over-eating and doing all the other traditional holiday things. And just generally not being hugely active. That very much shows in a tiny rc2 release."

James Bottomley has posted a detailed description of what it takes to get an encrypted image running securely with AMD's SEV mechanism. "In this post I’ll discuss how you actually bring up a confidential VM from an encrypted image while preserving secrecy. However, first a warning: This post represents the state of the art and includes patches that are certainly not deployed in distributions...

Security updates have been issued by Debian (libxstream-java and p11-kit), Mageia (curl and minidlna), and openSUSE (groovy).

On this last day of 2020, the Rust project has announced the release of version 1.49.0 of the programming language. It establishes the arm64 Linux target as a Tier 1 platform, which is the highest level of support; "Tier 1 platforms can be thought of as 'guaranteed to work'". Also, arm64 macOS and Windows have risen to Tier 2 status, which means they are guaranteed to build...

Security updates have been issued by Arch Linux (firefox, openjpeg2, openssl, qemu, tensorflow, and thunderbird) and Debian (highlight.js).

Stable kernels 5.10.4, 5.4.86, and 4.19.164 have been released. They all contain a large set of important fixes and users should upgrade.

Security updates have been issued by Debian (libdatetime-timezone-perl and tzdata), openSUSE (kdeconnect-kde and opera), and SUSE (gimp, squid3, and xen).

Stable kernels 4.14.213, 4.9.249, and 4.4.249 have been released. They contain important fixes and users should upgrade.

Security updates have been issued by Mageia (flac, graphicsmagick, jackit, kdeconnect-kde, libmaxminddb, libvirt, openjpeg2, pngcheck, python3, roundcubemail, and spice-vdagent), openSUSE (gimp), and SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, cyrus-sasl, and gimp).

Linus Torvalds released the 5.11-rc1 prepatch and closed the 5.11 merge window on December 27. By that time, 12,498 non-merge changesets had been pulled into the mainline; nearly 2,500 of those wandered in after the first merge-window summary was written. Activity slowed down in the second week, as expected, but there were still a number of interesting features that found their way into the mainline.

Security updates have been issued by Debian (horizon, kitty, python-apt, and roundcube), Fedora (libmaxminddb, mediawiki, mingw-binutils, and thunderbird), Mageia (erlang-rebar3), openSUSE (blosc, ceph, firefox, flac, kdeconnect-kde, openexr, ovmf, PackageKit, python3, thunderbird, and xen), and SUSE (thunderbird).

Linus has released 5.11-rc1 and closed the merge window for this development cycle. "Two weeks have passed, Christmas is over, and so is the merge window. I want to thank all the maintainers who sent in their pull requests early: we all wanted to get things done before the holidays really hit, and mostly it seemed to work quite well."

Ruby 3.0.0 has been released. "From 2015 we developed hard toward Ruby 3, whose goal is performance, concurrency, and Typing. [...] With Optcarrot benchmark, which measures single thread performance based on NES’s game emulation workload, it achieved 3x faster performance than Ruby 2.0!"

Its existence may come as a bit of a surprise to some, but the GnuCOBOL project has released version 3.1.2 as a successor to GnuCOBOL 2.2 after three years of improvements. "GnuCOBOL is a free, modern COBOL compiler. It translates COBOL into intermediate C and compiles the code using a native C compiler (preferably GCC, but not limited to it). [...] some of the highlights: Huge...

The Tor project is mourning Karsten Loesing, who died on December 18. "Karsten was part of the Tor community for 13 years and an amazing, smart, thoughtful, and gentle person who has touched us all. Over the course of these years we saw him not only grow as a colleague at Tor but as a father to his family. His positive, attentive, and kind presence...

After more than a year's work, Xfce has announced the 4.16 release of the desktop. Highlights include window manager improvements, a new statustray panel plugin, fractional scaling, settings manager improvements, and lots more. "One of the corner-stones of the non-code changes concerns our migration to GitLab, which is a change in development workflow and a huge step forward in terms of becoming more contributor-friendly...

Security updates have been issued by Debian (spip and sympa), Gentoo (c-ares, cherokee, curl, dbus, firefox, gdk-pixbuf, haproxy, libass, nss, openssl, pdns, pdns-recursor, php, samba, tomcat, and webkit-gtk), and SUSE (java-1_8_0-ibm, openexr, and python3).

A recent blog post from Purism—the company that developed PureOS to run on its security-focused hardware—celebrates three years of FSF endorsement of the Linux distribution. While this endorsement is an achievement that is not as highly valued by our communities as one might think, the work done to obtain and maintain that endorsement is useful even to those who disdain the FSF or disagree...

Security updates have been issued by Debian (awstats and mediawiki), Fedora (mbedtls and pngcheck), openSUSE (firefox and thunderbird), Oracle (gnutls, go-toolset:ol8, pacemaker, postgresql:10, postgresql:12, and postgresql:9.6), and SUSE (clamav, groovy, jetty-minimal, and xen).

The Perl project has announced the election of the first steering council to serve under the project's new governance rules. Eight candidates put their names in; the winners were Ricardo Signes, Neil Bowers, and Sawyer X.