lwn.net

Security updates have been issued by Debian (libxstream-java, musl, mutt, pdfresurrect, vips, and zsh), Fedora (libuv, nodejs, thunderbird, and xen), openSUSE (libssh2_org, mutt, neomutt, and thunderbird), Oracle (firefox and thunderbird), Red Hat (firefox, rh-nodejs12-nodejs, rh-php73-php, and thunderbird), Scientific Linux (thunderbird), SUSE (libX11, mariadb, mutt, python-pip, python-setuptools, and python36), and Ubuntu (containerd, php-pear, and sniffit).

The Arm processor architecture has pushed the boundaries in a number of ways, some of which have required significant kernel changes in response. For example, the big.LITTLE architecture placed fast (but power-hungry) and slower (but more power-efficient) CPUs in the same system-on-chip (SoC); significant scheduler changes were needed for Linux to be able to properly distribute tasks on such systems. For all their quirkiness, big.LITTLE systems still feature CPUs that are in some sense identical: they can all run any task in the system. What is the scheduler to do, though, if confronted with a system where that is no longer true?

The Python Packaging Authority has announced the release of pip 20.3. There is some potential for disruption with this release. "The new resolver is now *on by default*. It is significantly stricter and more consistent when it receives incompatible instructions, and reduces support for certain kinds of constraints files, so some workarounds and workflows may break."

Security updates have been issued by Arch Linux (c-ares, libass, raptor, rclone, and swtpm), Debian (libproxy, qemu, tcpflow, and x11vnc), Fedora (asterisk, c-ares, microcode_ctl, moodle, pam, tcpdump, and webkit2gtk3), Mageia (jruby and webkit2), openSUSE (buildah, c-ares, ceph, fontforge, java-1_8_0-openjdk, kernel, LibVNCServer, mariadb, thunderbird, ucode-intel, and wireshark), Red Hat (firefox, rh-mariadb103-mariadb and rh-mariadb103-galera, and thunderbird), SUSE (binutils, libssh2_org, LibVNCServer, libX11, and nodejs12), and Ubuntu (mysql-8.0 and qemu).

Version 8.0.0 of the PHP language has been released. New features include union types, named arguments, match expressions, a just-in-time compiler, and more; see this article for more information.

The 5.10-rc6 kernel prepatch is out. "So I'm feeling pretty good about 5.10, and I hope I won't be proven wrong about that. But please do test."

Security updates have been issued by Arch Linux (go, libxml2, postgresql, and wireshark-cli), Debian (drupal7 and lxml), Fedora (drupal7, java-1.8.0-openjdk-aarch32, libxml2, pacemaker, slurm, and swtpm), openSUSE (c-ares, ceph, chromium, dash, firefox, go1.14, java-1_8_0-openjdk, kernel, krb5, perl-DBI, podman, postgresql10, postgresql12, rclone, slurm, ucode-intel, wireshark, wpa_supplicant, and xen), SUSE (ceph, firefox, kernel, LibVNCServer, and python), and Ubuntu (freerdp, poppler, and xdg-utils).

Security updates have been issued by openSUSE (blueman, chromium, firefox, LibVNCServer, postgresql10, postgresql12, thunderbird, and xen), Slackware (bind), SUSE (bluez, kernel, LibVNCServer, thunderbird, and ucode-intel), and Ubuntu (mutt, poppler, thunderbird, and webkit2gtk).

The process of adopting a new governance model for the Perl project appears to be reaching an end; the new model is designed to look a lot like the one adopted by the Python project. "So, now Perl has two well-defined bodies involved in its governance: a core team of a few dozen and a steering council of three people. The core team sets the rules of Perl governance, votes on membership of the two groups, and delegates substantial decision making power to the steering council. The steering council has broad authority to make decisions about the development of the Perl language, the interpreter, and all other components, systems and processes that result in new releases of the language interpreter." The full description is available for those looking for the details.

Security updates have been issued by Debian (spip and webkit2gtk), Fedora (kernel and libexif), openSUSE (chromium and rclone), Slackware (mutt), SUSE (kernel, mariadb, and slurm), and Ubuntu (igraph).

The venerable email client Mutt has just reached version 2.0. Mutt is different from the type of client that has come to dominate the email landscape—for one thing, it has no graphical interface. It has a long history that is worth a bit of a look, as are its feature set and extensive customizability. Version 2.0 brings several enhancements to Mutt's interface, configurability, and convenience, as well. In this article, readers who are unfamiliar with Mutt will learn about a different way to deal with the daily chore of wrangling their inboxes, while Mutt experts may discover some new sides to an old friend.

Greg Kroah-Hartman has released stable kernels 5.9.11, 5.4.80, 4.19.160, 4.14.209, 4.9.246, and 4.4.246 have been released. They all contain important fixes and users should upgrade.

Security updates have been issued by Fedora (chromium, microcode_ctl, and seamonkey), Mageia (f2fs-tools, italc, python-cryptography, python-pillow, tcpreplay, and vino), Oracle (thunderbird), Red Hat (bind, kernel, microcode_ctl, net-snmp, and Red Hat Virtualization), Scientific Linux (net-snmp and thunderbird), SUSE (kernel and mariadb), and Ubuntu (atftp, libextractor, pdfresurrect, and pulseaudio).

GNU Guix, a functional package manager and associated free software distribution, was introduced eight years ago. The 1.2.0 release celebrates the anniversary. "A major highlight in this release is the ability to authenticate channels, which probably makes Guix one of the safest ways to deliver complete operating systems today. This was the missing link in our “software supply chain” and we’re glad it’s now fixed. The end result is that guix pull and related commands now cryptographically authenticate channel code that they fetch; you cannot, for instance, retrieve unauthorized commits to the official Guix repository."

For those who are interested in security at the hardware level, this blog post from Andrew 'bunnie' Huang is well worth a read. "Despite any claims you may have heard otherwise, tamper resistance is a largely unsolved problem. Any secrets committed to a non-volatile format are vulnerable to recovery by a sufficiently advanced adversary. The availability of near-atomic level microscopy, along with sophisticated photon and phonon based probing techniques, means that a lab equipped with a few million dollars worth of top-notch gear and well-trained technicians has a good chance of recovering secret key material out of virtually any non-volatile storage media. The hard part is figuring out where the secrets are located on the chip."

Security updates have been issued by Debian (cimg, golang-1.7, golang-1.8, krb5, mediawiki, mupdf, php-pear, samba, thunderbird, and zabbix), Fedora (chromium, krb5, microcode_ctl, pngcheck, and rpki-client), Mageia (librepo, postgresql, python-twisted, raptor2, tcpdump, and thunderbird), openSUSE (blueman, java-11-openjdk, moinmoin-wiki, python, rmt-server, SDL, and tcpdump), Red Hat (chromium-browser and thunderbird), SUSE (c-ares, ceph, dash, firefox, java-1_8_0-openjdk, postgresql10, postgresql12, postgresql96, u-boot, and ucode-intel), and Ubuntu (openldap).

The 5.10-rc5 kernel prepatch is out. "The 5.10 release candidates stubbornly keeps staying fairly big, even though by rc5 we really should be seeing things starting to calm down and shrink. There's nothing in here that makes me particularly nervous, but in pure numbers of commits, this is the largest rc5 we've had in the 5.x series."

The 5.9.10, 5.4.79, 4.19.159, 4.14.208, 4.9.245, and 4.4.245 stable kernel updates are all available. Each contains another set of important fixes, as usual.

The various system calls and other APIs that the kernel provides for access to files and filesystems has grown increasingly comprehensive over the years. That does not mean, though, that there is no need or room for improvement. Several relatively small additions to the kernel's filesystem-related API are under consideration in the development community; read on for a survey of some of this work.

Security updates have been issued by CentOS (firefox), Fedora (chromium, microcode_ctl, mingw-libxml2, seamonkey, and xen), openSUSE (slurm_18_08 and tor), Oracle (thunderbird), SUSE (buildah, firefox, go1.14, go1.15, krb5, microcode_ctl, perl-DBI, podman, postgresql12, thunderbird, ucode-intel, wireshark, wpa_supplicant, and xen), and Ubuntu (firefox and phpmyadmin).