Hírolvasó

Libre Arts looks forward to progress in a long list of creative-art projects this year.

2022 was a really busy year for the [GIMP]: late binding for CMYK, text outlines, Align/Distribute revamp, floating selections gone, linked layers replaced with layer sets, all the file format support updates… Phew!

There is very little left to do before version 3.0 can be released. The last major change is rewriting the menus code because the old way was obsoleted in GTK3. The team also started saying no to major new features. Most recently, they moved vector layers from 3.0 to 3.0.2. That would be one hell of a minor update!

On the tech@ mailing list, Theo de Raadt (deraadt@) has issued a request for testing of patch(es) for execute-only (xonly) binaries on amd64. The message is quite long, but well worth reading in its entirety for those interested. Selected highlights include:

Some of you have probably noticed activity about "xonly" happening to a bunch of architectures. First arm64, then riscv64, then hppa, and ongoing efforts with octeon, sparc64 (sun4u only), and more of this is going to come in the future. Like past work decades ago (and I suppose continually also) on W^X, and increasing use of c, the idea here is to have code (text segments) not be readable. Or in a more generic sense, if you mprotect a region with only PROT_EXEC, it is not readable. […] But most of us have amd64 machines. Thrilling news:

Read more…

The 6.1.6, 5.15.88, and 5.10.163 stable kernel updates have been released; each contains another set of important fixes.

Speculative-execution vulnerabilities come about when the CPU, while executing speculatively, is able to access memory that would otherwise be denied to it. Most of these vulnerabilities would go away if the CPU were always constrained by the established memory protections. An obvious way to fix these problems would be to make CPUs behave that way, but doing that without destroying performance is not an easy task. So, instead, Intel has developed a feature called "linear address-space separation" (LASS) to paper over parts of the problem; Yian Chen has posted a patch set adding support for this feature.

Security updates have been issued by Fedora (cacti, cacti-spine, mbedtls, postgresql-jdbc, and rust), Oracle (.NET 6.0, dbus, expat, grub2, kernel, kernel-container, libtasn1, libtiff, sqlite, and usbguard), Red Hat (rh-postgresql10-postgresql), SUSE (php7), and Ubuntu (heimdal, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi,, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-5.4, linux-hwe, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4,, linux, linux-aws, linux-kvm, linux-lts-xenial, and vim).

The Chromium browser project has announced that it will be integrating support for third-party libraries written in Rust.

Our goal in bringing Rust into Chromium is to provide a simpler (no IPC) and safer (less complex C++ overall, no memory safety bugs in a sandbox either) way to satisfy the rule of two, in order to speed up development (less code to write, less design docs, less security review) and improve the security (increasing the number of lines of code without memory safety bugs, decreasing the bug density of code) of Chrome. And we believe that we can use third-party Rust libraries to work toward this goal.

Rust was developed by Mozilla specifically for use in writing a browser, so it’s very fitting that Chromium would finally begin to rely on this technology too. Thank you Mozilla for your huge contribution to the systems software industry. Rust has been an incredible proof that we should be able to expect a language to provide safety while also being performant.

The release of the 4.9.337 stable kernel update on January 7 marked the end of an era: after just over six years of maintenance, the 4.9.x series will receive no more updates. This kernel saw a lot of change after Linus Torvalds made the "final" release and left the building; it's time for a look at the "stable" portion of this kernel's life to see what can be learned.

Greg Kroah-Hartman has announced the release of the 6.1.5, 6.0.19, and 5.15.87 stable kernels. As usual, they contain lots of important fixes all over the kernel tree; users should upgrade. This is also the last release in the 6.0.y kernel series: "All users must move to the 6.1.y branch at this point in time, as this branch is now end-of-life."

Security updates have been issued by Debian (emacs, libxstream-java, and netty), Fedora (mingw-binutils, pgadmin4, phoronix-test-suite, vim, and yarnpkg), Red Hat (.NET 6.0, dbus, expat, java-1.8.0-ibm, kernel, kernel-rt, kpatch-patch, libreoffice, libtasn1, libtiff, postgresql:10, sqlite, systemd, usbguard, and virt:rhel and virt-devel:rhel), and SUSE (net-snmp, openstack-barbican, openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp, php7, php74, php8, python-future, python3, samba, SDL2, and w3m).

2022 októberétől ugrásszerűen nőtt az androidos kártevő új verziójával történő fertőzések száma, ami részben annak köszönhető, hogy a kártevő fejlesztője nyilvánosságra hozta a malware forráskódját, derült ki a ThreatFabric jelentéséből. Ezzel más rosszindulatú szereplők is szabadon terjeszthették és fejleszthették a kémprogramot, célba véve olyan bankokat mint például a  Deutsche Bank, a HSBC U.K., a Kotak […]

The post Ismét lecsap a SpyNote androidos kémprogram, ezúttal pénzintézeteket vett célba first appeared on Nemzeti Kibervédelmi Intézet.

WordPress alapú weboldalakat vett célba egy eddig ismeretlen Linux malware, amely több mint két tucatnyi bővítmény és téma biztonsági réseit használja ki a weboldalak támadásához. A Dr. Web által múlt héten közzétett jelentés szerint a támadások során egy lista alapján azonosítják azokat az oldalakat, amelyeket telepítve van a 19 sebezhető plugin vagy téma valamelyike. Amennyiben […]

The post Elavult bővítményeket használó WordPress oldalakat vett célba egy új malware first appeared on Nemzeti Kibervédelmi Intézet.

The LWN.net Weekly Edition for January 12, 2023 is available.

The PyTorch compromise that happened right at the end of 2022 was rather ugly, but its impact was not widespread—seemingly, at least. The incident does highlight some of the perils of relying on an external "supply chain" for the components that are used to build one's software. It also would appear to be another case of "security researchers" run amok, though perhaps that part of the story is only meant to cover the tracks—or ass—of the perpetrator.

Version 3.0 of the Discourse forum platform is out.

We are bringing our customers and users some major new capabilities to enable communities to have thoughtful, purposeful discussions online. This new release includes real-time chat and user status to enable more informal communication, a customizable sidebar for easier access to the things each user cares about most, and a new notifications interface that makes it easier to decide what is important to follow up on, along with many other improvements.

Security updates have been issued by Debian (exiv2, hsqldb, libjettison-java, ruby-sinatra, and viewvc), Fedora (golang-github-docker, mbedtls, and vim), Gentoo (alpine, commons-text, jupyter_core, liblouis, mbedtls, ntfs3g, protobuf-java, scikit-learn, and twisted), Red Hat (kernel and kpatch-patch), SUSE (rubygem-activerecord-5.2, tiff, and webkit2gtk3), and Ubuntu (dotnet6, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-oracle, linux-ibm, and linux-oem-5.17, linux-oem-6.0).

Todd Mortimer (mortimer@) has committed (to -current) retguard for amd64 system calls:

CVSROOT: /cvs Module name: src Changes by: mortimer@cvs.openbsd.org 2023/01/10 18:55:18 Modified files: lib/libc/arch/amd64: SYS.h lib/libc/arch/amd64/sys: Ovfork.S brk.S sbrk.S sigpending.S sigprocmask.S sigsuspend.S tfork_thread.S libexec/ld.so/amd64: SYS.h Log message: Add retguard to amd64 syscalls. Since we got rid of padded syscalls we have enough registers to do this. ok deraadt@ ok kettenis@

Read more…

Python's formatted strings, or "f-strings", came relatively late to the language, but have become a popular feature. F-strings allow a compact representation for the common task of interpolating program data into strings, often in order to output them in some fashion. Some restrictions were placed on f-strings to simplify the implementation of them, but those restrictions are not really needed anymore and, in fact, are complicating the CPython parser. That has led to a Python Enhancement Proposal (PEP) to formalize the syntax of f-strings for the benefit of Python users while simplifying the maintenance of the interpreter itself.

In late 2021, LWN covered a plan to eliminate the Python global interpreter lock (GIL), thus improving the language's thread-level concurrency. This plan has now been codified as PEP 703, which includes an extensive discussion of the changes that would be made.

The global interpreter lock will remain the default for CPython builds and python.org downloads. A new build configuration flag, --without-gil will be added to the configure script that will build CPython without the global interpreter lock.

The posting of a PEP is only one step in a long path toward integrating this change into the CPython interpreter; expect some extended discussions over the coming months.

Security updates have been issued by Debian (libtasn1-6), Fedora (nautilus), Oracle (kernel, kernel-container, nodejs:14, tigervnc, and xorg-x11-server), Red Hat (grub2, nodejs:14, tigervnc, and xorg-x11-server), Scientific Linux (tigervnc and xorg-x11-server), SUSE (systemd), and Ubuntu (firefox, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure, w3m, and webkit2gtk).

A kódellenőrzéshez az újonnan bevezetett alapértelmezett beállítás opcióval a GitHub lehetővé teszi a fejlesztők számára, hogy csupán néhány kattintással konfigurálhassák azt. Bár ez az új lehetőség még csak Python, JavaScript és Ruby nyelvű repositoryk esetén érhető el, a GitHub a következő hat hónapban több nyelvre is igyekszik majd kiterjeszteni a támogatást. Az új kódolvasási beállítás […]

The post A GitHub megkönnyíti a kódokban található sérülékenységek felfedezését first appeared on Nemzeti Kibervédelmi Intézet.