Hírolvasó

Security updates have been issued by Arch Linux (dovecot, firefox, ksh, and webkit2gtk), Debian (firefox-esr and openjdk-8), Mageia (exiv2, flash-player-plugin, python-waitress, and vim and neovim), openSUSE (pcp and rubygem-rack), Oracle (kernel), Red Hat (sudo), and Slackware (libarchive).

The LWN.net Weekly Edition for February 13, 2020 is available.

It seems unlikely that anyone on any "side" of the systemd war that has raged in Debian over the last few years thought that the results of the recent general resolution (GR) vote ended the matter. The vote showed a clear preference for moving ahead with systemd as the preferred init system, though it was far from any kind of landslide—there were definitely plenty of voters who would have preferred a different outcome. It was a complicated GR, with a wide spectrum of options, but at this point, the project as a whole has spoken. Actually implementing some of the changes that the GR enabled may not have the smooth path that some might have hoped for, however.

On the Google Project Zero blog, Jann Horn looks at a number of vulnerabilities in a Samsung Android kernel, some of which are caused by the addition of out-of-tree "security" features. "The Samsung kernel on the A50 contains an extra security subsystem (named 'PROCA', short for 'Process Authenticator', with code in security/proca/) to track process identities. By combining several logic issues in this subsystem (which, on their own, can already cause a mismatch between the tracking state and the actual process state) with a brittle code pattern, it is possible to cause memory unsafety by winning a race condition."

Security updates have been issued by CentOS (spice-gtk), Debian (libemail-address-list-perl), openSUSE (chromium, libqt5-qtbase, nginx, systemd, and wicked), Oracle (spice-gtk), Slackware (firefox and thunderbird), and Ubuntu (libexif and Yubico PIV Tool).

Stable kernels 5.5.3, 5.4.19, and 4.19.103 have been released. They all contain many important fixes throughout the tree and users should upgrade.

From a high-level perspective, Lua and Python are similar languages; both are "scripting" languages that are compiled into bytecode instructions that run on a virtual machine. But the focus of Lua has generally been toward embedding the language into some larger application or system, rather than as an alternative for, say, Python, Perl, or Ruby as a general-purpose language. That is not to say that Lua is not capable of handling any of the tasks those other languages do, but that it has not really been the target, seemingly. Some recent discussions in the Lua community have explored possible changes in that regard, particularly around the idea of providing a larger, richer standard library.

Firefox 73.0 has been released. This version includes two features that help users view and read website content more easily; a new global default zoom level setting and a "readability backplate" solution to make websites in High Contrast Mode more readable without disabling background images. See the release notes for details.

Security updates have been issued by Debian (checkstyle), Fedora (poppler), Oracle (kernel), Red Hat (389-ds:1.4, java-1.7.1-ibm, java-1.8.0-ibm, nss-softokn, and spice-gtk), and Scientific Linux (spice-gtk).

Video recordings from FOSDEM 2020 are now available.

The OpenBSD presentations were:

• Giovanni Bechis (giovanni@) - OpenSMTPD over the clouds, the story of an HA setup
• Florian Obser (florian@) - unwind(8), A privilege-separated, validating DNS recursive nameserver for every laptop

(These are also listed in the usual place.)