Hírolvasó

Security updates have been issued by CentOS (thunderbird), Debian (libproxy, qemu, and wordpress), Fedora (ansible, chromium, community-mysql, dotnet-build-reference-packages, dotnet3.1, drupal7, grub2, java-1.8.0-openjdk-aarch32, kernel, kernel-headers, kernel-tools, mingw-gnutls, php-symfony4, python-django, and selinux-policy), Gentoo (DBI, file-roller, gnome-shell, gst-rtsp-server, nextcloud-client, php, proftpd, qtgui, and zeromq), openSUSE (gimp, libjpeg-turbo, openldap2, python-Flask-Cors, and slurm), Oracle (.NET Core 3.1, dovecot, go-toolset:ol8, httpd:2.4, and kernel), Red Hat (dovecot, httpd24-httpd, httpd:2.4, and mysql:8.0), and Slackware (thunderbird).

The 5.9-rc5 kernel prepatch is out for testing. "So aside from the smoke from the fires, and a performance regression I'm still looking at, things look normal."

With this commit, Martijn van Duren (martijn@) added login_ldap(8) to -current:

CVSROOT: /cvs Module name: src Changes by: martijn@cvs.openbsd.org 2020/09/12 09:06:12 Modified files: libexec : Makefile Added files: libexec/login_ldap: Makefile aldap.c aldap.h bind.c login_ldap.8 login_ldap.c login_ldap.h search.c util.c Log message: Import login_ldap. The code is based login_ldap port, but uses our own aldap implementation instead of openldap. It also uses a stand alone configuration file instead of login.conf, since setting this up might contain information not destined for everyone to see. OK bluhm@ "Go for it" deraadt@

An example configuration file was also committed.

Today's crop of stable kernel updates includes 5.8.9, 5.4.65, 4.19.145, 4.14.198, 4.9.236, and 4.4.236. Each contains another set of important fixes.

In 2018, three former GnuPG developers began work on Sequoia, a new implementation of OpenPGP in Rust. OpenPGP is an open standard for data encryption, often used for secure email; GnuPG is an implementation of that standard. The GPLv2-licensed Sequoia is heading toward version 1.0, with a handful of issues remaining to be addressed. The project's founders believe that there is much to be desired in GnuPG, which is the de facto standard implementation of OpenPGP today. They hope to fix this with a reimplementation of the specification using a language with features that will help protect users from common types of memory bugs.

Security updates have been issued by Debian (python-pip), Fedora (kernel, libX11, and xen), openSUSE (go1.14), Oracle (libcroco, php:7.3, and postgresql:10), Red Hat (chromium-browser and httpd:2.4), and SUSE (gimp, golang-github-prometheus-prometheus, kernel, libxml2, pdsh, slurm_20_02, slurm, slurm_18_08, and tomcat).

In its early days, the Android project experienced a high-profile disconnect with the kernel community. That situation has since improved considerably, but there are still differences between Android kernels and the mainline. As a result, it is not possible to run Android on a vanilla kernel. That situation continues to improve, though; much evidence to that effect was on display during the Android microconference at the 2020 Linux Plumbers Conference. Several sessions there showed the progress that is being made toward unifying the Android and mainline kernels — and the places where there is still some work to be done.

Security updates have been issued by Arch Linux (ark, gnupg, go, opendmarc, and python-django), Debian (libxml2), Gentoo (chromium), Oracle (librepo and thunderbird), Red Hat (dovecot and httpd:2.4), SUSE (avahi, kernel, and openldap2), and Ubuntu (xorg-server).

The LWN.net Weekly Edition for September 10, 2020 is available.

Unlike many of the previous gatherings of the Linux realtime developers, their microconference at the virtual 2020 Linux Plumbers Conference had a different feel about it. Instead of being about when and how to get the feature into the mainline, the microconference had two sessions that looked at what happens after the realtime patches are upstream. That has not quite happened yet, but is likely for the 5.10 kernel, so the developers were looking to the future of the stable realtime trees and, relatedly, plans for continuous-integration (CI) testing for realtime kernels.

Stable kernels 5.8.8, 5.4.64, 4.19.144, and 4.14.197 have been released. They contain important fixes throughout the tree and users should upgrade.

BPF is, of course, the language used for network (and other) customization in the Linux kernel, but some people have been using the Lua language for the networking side of that equation. Two developers from Ring-0 Networks, Lourival Vieira Neto and Victor Nogueira, came to the virtual Netdev 0x14 to present that work. It consists of a framework to allow the injection of Lua scripts into the running kernel as well as two projects aimed at routers, one of which is deployed on 20 million devices.

Security updates have been issued by Debian (grunt), Fedora (ansible and geary), openSUSE (firefox, gettext-runtime, python-Flask-Cors, and thunderbird), Oracle (firefox and thunderbird), Red Hat (.NET Core 3.1), SUSE (kernel and libjpeg-turbo), and Ubuntu (gnutls28 and libx11).

Android 11 has been released with the source pushed to the Android Open Source Project (AOSP). "For developers, Android 11 has a ton of new capabilities. You’ll want to check out conversation notifications, device and media controls, one-time permissions, enhanced 5G support, IME transitions, and so much more. To help you work and develop faster, we also added new tools like compatibility toggles, ADB incremental installs, app exit reasons API, data access auditing API, Kotlin nullability annotations, and many others."

Alyssa Rosenzweig looks at getting the Exposure Notifications System protocol, developed by Apple and Google for facilitating COVID-19 contact tracing on Android and iOS phones, running on GNU/Linux. "All in all, we end up with a Linux implementation of Exposure Notifications functional in Ontario, Canada. What’s next? Perhaps supporting contact tracing systems elsewhere in the world – patches welcome." The source code for liben is available "for any one who dares go near".

The GStreamer team has announced a major feature release of GStreamer. "The 1.18 release series adds new features on top of the previous 1.16 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework." There is a lengthy list of highlights in the announcement and more details in the release notes.

The kernel does not have just one system call to rename a file; instead, there are three of them: rename(), renameat(), and renameat2(). Each was added when the previous one proved unable to support a new feature. A similar story has played out with a number of system calls: a feature is needed that doesn't fit into the existing interfaces, so a new one is created — again. At the 2020 Linux Plumbers Conference, Christian Brauner and Aleksa Sarai ran a pair of sessions focused on the creation of future-proof system calls that can be extended when the need for new features arises.

Security updates have been issued by Debian (imagemagick, lemonldap-ng, and zeromq3), Fedora (ark, cryptsetup, gnutls, kernel, kernel-headers, and kernel-tools), openSUSE (firefox, kernel, and thunderbird), Red Hat (cloud-init, go-toolset:rhel8, libcroco, librepo, php:7.3, postgresql:10, and thunderbird), SUSE (firefox and go1.14), and Ubuntu (linux, linux-aws, linux-aws-5.3, linux-aws-5.4, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke-4.15, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-hwe-5.4, linux-kvm, linux-oem, linux-oem-osp1, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-raspi2, linux-raspi2-5.3, linux-snapdragon and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).

Back in 2014, a Raspberry Pi enthusiast by the name of Michael Teeuw shared his build of a "magic mirror" with the world in a six-part series. The system consisted of a Raspberry Pi and monitor running a web browser in kiosk mode, with a web server that provided a dashboard interface — all stored in a custom-built case with a one-way mirror. Since his post, others around the world have built these devices for their home (including myself), forming both a community and an interesting open-source project. The recent release of MagicMirror2 (MM2) version 2.12.0 gives us an opportunity to learn more about where the project started and where it is today.