Security updates have been issued by Fedora (389-ds-base, dogtag-pki, dpdk, freeipa, isync, openvswitch, pki-core, and screen), Mageia (bind, chromium-browser-stable, gnome-autoar, jasper, openldap, openssl and compat-openssl10, screen, webkit2, and xpdf), Oracle (grub2), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, nodejs:10, and nodejs:12), SUSE (freeradius-server), and Ubuntu (wpa).
Greg Kroah-Hartman has released the 5.11.3,
5.10.20, 5.4.102, 4.19.178, 4.14.223, 4.9.259, and 4.4.259 stable kernels. These are generally
enormous updates, with important changes throughout the kernel tree; users
Security updates have been issued by Fedora (389-ds-base, dogtag-pki, freeipa, isync, pki-core, and screen), Mageia (firefox, kernel, kernel-linus, libtiff, nonfree-firmware, and thunderbird), Red Hat (bind and java-1.8.0-ibm), Scientific Linux (grub2), and SUSE (kernel-firmware, openldap2, postgresql12, and python-cryptography).
The Python lambda
keyword, which can be used to create small, anonymous functions,
comes from the world of functional
programming, but is perhaps not the most beloved of Python features.
In part, that may be because it is somewhat clunky to use, especially in
comparison to the shorthand notation offered by other languages, such as
mailing lists since mid-February.
For more than a decade, PulseAudio
has been serving the Linux desktop as its predominant audio
mixing and routing daemon — and its audio API. Unfortunately,
PulseAudio’s internal architecture does not fit the growing
sandboxed-applications use case, even though there have been attempts to amend that. PipeWire, a new daemon created (in part)
out of these attempts, will replace
PulseAudio in the upcoming Fedora 34 release. It is a coming
transition that deserves a look.
The Mageia distribution has announced
the release of Mageia 8. It comes with the usual array of new
packages, including a 5.10.16 kernel, Plasma 5.20.4,
GNOME 3.38, Firefox 78, Chromium 88, LibreOffice 184.108.40.206, and more.
“ARM support has continued to develop, with both AArch64 and ARMv7
now having all packages built and being close to primary architectures
now. Support for Wi-Fi installation in the classical installer using WPA2
encryption has been added, as well as improved support for newer
filesystems allowing installations on F2FS. Support for NILFS, XFS, exFAT
and Windows 10 NTFS has been improved to allow for better partition
management. The Live installer has also had significant development. Boot
times have been greatly reduced with the use of Zstd compression and
improved hardware detection and the support for installing updates as a
final step of the installation has been added. Zstd compression has also
been applied to the rescue mode, allowing for faster startup, support for
encrypted LVM/LUKS has also been added.”
Security updates have been issued by Debian (python-pysaml2 and redis), Fedora (buildah, containernetworking-plugins, containers-common, libmysofa, libpq, podman, postgresql, skopeo, xen, and xterm), openSUSE (nghttp2), Oracle (firefox and thunderbird), SUSE (glibc, ImageMagick, python-Jinja2, and salt), and Ubuntu (python2.7, python2.7, python3.4, python3.5, python3.6, python3.8, and tiff).
Security updates have been issued by Arch Linux (ansible-base, keycloak, mumble, and postgresql), Debian (firefox-esr and nodejs), Fedora (dotnet3.1, dotnet5.0, keylime, php-horde-Horde-Text-Filter, radare2, scap-security-guide, and wireshark), openSUSE (postgresql, postgresql13 and python-djangorestframework), Red Hat (Ansible, firefox, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (php7, postgresql-jdbc, python-cryptography, rpmlint, and webkit2gtk3), and Ubuntu (dnsmasq, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux-oem-5.10, linux-oem-5.6, screen, and xterm).
Two separate vulnerabilities led to the fast-tracked release
of Python 3.9.2 and 3.8.8 on February 19, though source-only
releases of 3.7.10 and 3.6.13 came a few days earlier. The
vulnerabilities may be problematic for some Python users and
workloads; one could potentially lead to remote code execution. The other
is, arguably, not exactly a flaw in the Python standard library—it simply
also follows an older standard—but it can lead to web cache
NumPy is a Python library that adds
an array data type to the language, along with providing operators
appropriate to working on arrays and matrices. By wrapping fast Fortran and
C numerical routines, NumPy allows Python
programmers to write performant code in what is normally a relatively slow
language. NumPy 1.20.0 was
announced on January 30, in what its developers describe as the largest
release in the history of the project. That makes for a good opportunity to
show a little bit about what NumPy is, how to use it, and to describe what’s new in the
Security updates have been issued by Debian (bind9, libbsd, openssl1.0, php-horde-text-filter, qemu, and unrar-free), Fedora (kiwix-desktop and libntlm), Mageia (coturn, mediawiki, privoxy, and veracrypt), openSUSE (buildah, libcontainers-common, podman), Oracle (kernel, nss, and perl), Red Hat (xterm), SUSE (java-1_7_1-ibm, php74, python-urllib3, and qemu), and Ubuntu (libjackson-json-java and shiro).
The venerable locate
file-finding utility has long been available for Linux systems, though its
origins are in the BSD world. It is a generally useful tool, but does have
a cost beyond just the disk space it occupies in the filesystem; there is a
periodic daemon (updatedb)
that runs to keep the file-name database up to date. As a recent
debian-devel discussion shows, though, people have differing ideas of
just how important the tool is—and whether it should be part of the default installation of Debian.
On February 4, millions of browser tabs were
suddenly terminated. Not everyone was surprised; the dozen people who spent the last
four months waiting for this tragedy to occur watched in relief as the
first in a rapid stream of GitHub
comments began pouring in. The Great Suspender, a Chrome
extension that suspended inactive tabs,
with around two-million users, had been forcibly uninstalled because it contained
malware. This was a serious problem for users, in part due to the difficulty in
recovering the lost tabs, but the extension’s malevolence had been
painfully obvious to anyone who cared to investigate it.
Security updates have been issued by Arch Linux (ansible, chromium, cups, docker, firefox, gitlab, glibc, helm, lib32-glibc, minio, nextcloud, opendoas, opera, php, php7, privoxy, python-django, python-jinja, python2-jinja, thunderbird, vivaldi, and wireshark-cli), Fedora (jasper, linux-firmware, php, python-cryptography, spice-vdagent, subversion, and thunderbird), Mageia (gssproxy and phpldapadmin), openSUSE (chromium, containerd, docker, docker-runc,, librepo, nextcloud, and privoxy), SUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, kernel, openvswitch, and wpa_supplicant), and Ubuntu (wpa).
Security updates have been issued by Debian (firejail and netty), Fedora (java-1.8.0-openjdk, java-11-openjdk, rubygem-mechanize, and xpdf), Mageia (gstreamer1.0-plugins-bad, nethack, and perl-Email-MIME and perl-Email-MIME-ContentType), openSUSE (firejail, java-11-openjdk, python, and rclone), Red Hat (dotnet, dotnet3.1, dotnet5.0, and rh-nodejs12-nodejs), SUSE (firefox, kernel, python, python36, and subversion), and Ubuntu (gnome-autoar, junit4, openvswitch, postsrsd, and sqlite3).
There is always a certain amount of tension between the goals of those
using older, less-popular architectures and the goals of projects targeting
more mainstream users and systems. In many ways, our community has been
spoiled by the number of architectures supported by GCC, but a lot of new
software is not being written in C—and existing software is migrating away
The Rust language is
often the choice these days for both new and existing code bases, but it is
built with LLVM, which supports fewer architectures than GCC
supports—and Linux runs on. So the question that arises is how much these older, non-Rusty
architectures should be able to hold back future development; the answer,
in several places now, has been “not much”.
The world wide web is truly a wondrous invention, but it is not without
flaws. There are massive privacy woes that stem from its standards and
implementation; it is also so fiendishly complex that few can truly grok
all of its expanse. That complexity affords enormous flexibility, for good
Those who are looking for a simpler way to exchange
information—or hearken back to web prehistory—may find the Gemini project worth a look.
Greg Kroah-Hartman has released the 4.9.256
and 4.4.256 in order to try to figure out
if there are any user-space problems caused by the overflow of the minor version number for those
stable-kernel series. “With this release, KERNEL_VERSION(4, 9, 256) is the same as KERNEL_VERSION(4, 10, 0).
Nothing in the kernel build itself breaks with this change, but given that this
is a userspace visible change, and some crazy tools (like glibc and gcc) have
logic that checks the kernel version for different reasons, I wanted to do this
release as an ’empty’ release to ensure that everything still works
properly.” Those who could be affected would be well-advised to
test this change immediately as he plans another 4.9 release in a