Linux Weekly News

Security updates have been issued by Arch Linux (dovecot, poppler, roundcubemail, and rsync), Debian (csync2 and gssproxy), Fedora (grafana, perl-Convert-ASN1, and python-py), openSUSE (privoxy), Oracle (kernel), Red Hat (ImageMagick and kernel), SUSE (ceph, dovecot22, flac, java-1_7_1-ibm, openssh, and python), and Ubuntu (dovecot, horizon, openexr, and python-apt).

The LibreSSL project has been developing a fork of the OpenSSL package since 2014; it is supported as part of OpenBSD. Adoption of LibreSSL on the Linux side has been slow from the start, though, and it would appear that the situation is about to get worse. LibreSSL is starting to look like an idea whose time may never come in the Linux world.

Security updates have been issued by Debian (chromium, dovecot, flac, influxdb, libhibernate3-java, and p11-kit), Fedora (ceph and guacamole-server), Mageia (audacity, gdm, libxml2, rawtherapee, and vlc), openSUSE (jetty-minimal and privoxy), Red Hat (kernel and kernel-rt), SUSE (gimp), and Ubuntu (libproxy).

The second 5.11 kernel prepatch is out for testing. "People have (rightly) mostly been offline since, presumably over-eating and doing all the other traditional holiday things. And just generally not being hugely active. That very much shows in a tiny rc2 release."

James Bottomley has posted a detailed description of what it takes to get an encrypted image running securely with AMD's SEV mechanism. "In this post I’ll discuss how you actually bring up a confidential VM from an encrypted image while preserving secrecy. However, first a warning: This post represents the state of the art and includes patches that are certainly not deployed in distributions and may not even be upstream, so if you want to follow along at home you’ll need to patch things like qemu, grub and OVMF."

Security updates have been issued by Debian (libxstream-java and p11-kit), Mageia (curl and minidlna), and openSUSE (groovy).

On this last day of 2020, the Rust project has announced the release of version 1.49.0 of the programming language. It establishes the arm64 Linux target as a Tier 1 platform, which is the highest level of support; "Tier 1 platforms can be thought of as 'guaranteed to work'". Also, arm64 macOS and Windows have risen to Tier 2 status, which means they are guaranteed to build and are likely to work just fine, but the automated tests are not run. Beyond that, the test framework now captures output from multiple threads and some library changes were made. See the detailed release notes for more information. "Rust 1.49.0 promotes the aarch64-unknown-linux-gnu target to Tier 1 support, bringing our highest guarantees to users of 64-bit ARM systems running Linux! We expect this change to benefit workloads spanning from embedded to desktops and servers. This is an important milestone for the project, since it's the first time a non-x86 target has reached Tier 1 support: we hope this will pave the way for more targets to reach our highest tier in the future. Note that Android is not affected by this change as it uses a different Tier 2 target."

Security updates have been issued by Arch Linux (firefox, openjpeg2, openssl, qemu, tensorflow, and thunderbird) and Debian (highlight.js).

Stable kernels 5.10.4, 5.4.86, and 4.19.164 have been released. They all contain a large set of important fixes and users should upgrade.

Security updates have been issued by Debian (libdatetime-timezone-perl and tzdata), openSUSE (kdeconnect-kde and opera), and SUSE (gimp, squid3, and xen).

Stable kernels 4.14.213, 4.9.249, and 4.4.249 have been released. They contain important fixes and users should upgrade.

Security updates have been issued by Mageia (flac, graphicsmagick, jackit, kdeconnect-kde, libmaxminddb, libvirt, openjpeg2, pngcheck, python3, roundcubemail, and spice-vdagent), openSUSE (gimp), and SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, cyrus-sasl, and gimp).

Linus Torvalds released the 5.11-rc1 prepatch and closed the 5.11 merge window on December 27. By that time, 12,498 non-merge changesets had been pulled into the mainline; nearly 2,500 of those wandered in after the first merge-window summary was written. Activity slowed down in the second week, as expected, but there were still a number of interesting features that found their way into the mainline.

Security updates have been issued by Debian (horizon, kitty, python-apt, and roundcube), Fedora (libmaxminddb, mediawiki, mingw-binutils, and thunderbird), Mageia (erlang-rebar3), openSUSE (blosc, ceph, firefox, flac, kdeconnect-kde, openexr, ovmf, PackageKit, python3, thunderbird, and xen), and SUSE (thunderbird).

Linus has released 5.11-rc1 and closed the merge window for this development cycle. "Two weeks have passed, Christmas is over, and so is the merge window. I want to thank all the maintainers who sent in their pull requests early: we all wanted to get things done before the holidays really hit, and mostly it seemed to work quite well."

The 5.10.3 stable kernel update is out with another set of important fixes.

Ruby 3.0.0 has been released. "From 2015 we developed hard toward Ruby 3, whose goal is performance, concurrency, and Typing. [...] With Optcarrot benchmark, which measures single thread performance based on NES’s game emulation workload, it achieved 3x faster performance than Ruby 2.0!"

Its existence may come as a bit of a surprise to some, but the GnuCOBOL project has released version 3.1.2 as a successor to GnuCOBOL 2.2 after three years of improvements. "GnuCOBOL is a free, modern COBOL compiler. It translates COBOL into intermediate C and compiles the code using a native C compiler (preferably GCC, but not limited to it). [...] some of the highlights: Huge improvements for compatibility to different COBOL dialects, better error handling and adjustable exceptions per COBOL 2002; more modern format for diagnostic messages (especially useful when used in an integrated development environment possible in Emacs, Vim, VSCodium and others) and improved source-level debugging." More information about the new features in the release can be found in the NEWS file, which is attached to the release announcement below.

The Tor project is mourning Karsten Loesing, who died on December 18. "Karsten was part of the Tor community for 13 years and an amazing, smart, thoughtful, and gentle person who has touched us all. Over the course of these years we saw him not only grow as a colleague at Tor but as a father to his family. His positive, attentive, and kind presence helped us grow as people as well. Dr. Karsten Loesing joined Tor in 2007 as a Google Summer of Code student to work on Distributed Tor Directory, and earned his PhD in Computer Science at Germany’s University of Bamberg in 2009 on a Tor-related topic, 'Distributed Storage for Tor Hidden Service Descriptors [PDF]'."

After more than a year's work, Xfce has announced the 4.16 release of the desktop. Highlights include window manager improvements, a new statustray panel plugin, fractional scaling, settings manager improvements, and lots more. "One of the corner-stones of the non-code changes concerns our migration to GitLab, which is a change in development workflow and a huge step forward in terms of becoming more contributor-friendly and welcoming. In parts, the humungous changelog of Xfce 4.16 can be attributed to new contributors proposing merge requests (288 merge requests were merged or closed against our core components alone!)."