Brief items
Security
A long list of GRUB2 secure-boot holes
Several vulnerabilities have been disclosed in the GRUB2 bootloader; they enable the circumvention of the UEFI secure boot mechanism and the persistent installation of hostile software. Fixing the problem is not just a matter of getting a new GRUB2 installation, unfortunately. "It is important to note that updating the exploitable binaries does not in fact mitigate the CVE, since an attacker could bring an old, exploitable, signed copy of a grub binary onto a system with whatever kernel they wished to load. In order to mitigate, the UEFI Revocation List (dbx) must be updated on a system. Once the UEFI Revocation List is updated on a system, it will no longer boot binaries that pre-date these fixes. This includes old install media."
Kernel development
Kernel release status
The current development kernel is 5.8-rc7, released on July 26. Linus is unsure about whether things are slowing down enough or not. "But it *might* mean that an rc8 is called for. It's not like rc7 is *big* big. We've had bigger rc7's. Both 5.3 and 5.5 had bigger rc7's, but only 5.3 ended up with an rc8. Put another way: it could still go either way. We'll see how this upcoming week goes."
Stable updates: 5.7.11, 5.4.54, 4.19.135, and 4.14.190 were released on July 29.
Brauner: The Seccomp Notifier – New Frontiers in Unprivileged Container Development
Christian Brauner has posted a novella-length description of the seccomp notifier mechanism and the problems it is meant to solve. "So from the section above it should be clear that seccomp provides a few desirable properties that make it a natural candidate to look at to help solve our mknod(2) and mount(2) problem. Since seccomp intercepts syscalls early in the syscall path it already gives us a hook into the syscall path of a given task. What is missing though is a way to bring another task such as the LXD container manager into the picture. Somehow we need to modify seccomp in a way that makes it possible for a container manager to not just be informed when a task inside the container performs a syscall it wants to be informed about but also how can to make it possible to block the task until the container manager instructs the kernel to allow it to proceed."
Development
Bison 3.7 released
Version 3.7 of the Bison parser generator is out. The biggest new feature would appear to be the generation of "counterexamples" for conflicts — examples of strings that could be parsed in multiple ways. There is also better support for reproducible builds, documentation links in warnings, and more.digiKam 7.0.0 released
Version 7.0.0 of the digiKam photo editing and management application is out. This release adds support for a number of new raw formats, support for Apple's HEIF format, and a new mosaic plugin. The headline feature, though, appears to be completely reworked face detection: "The new code, based on recent Deep Neural Network features from the OpenCV library, uses neuronal networks with pre-learned data models dedicated for the Face Management. No learning stage is required to perform face detection and recognition. We have saved coding time, run-time speed, and a improved the success rate which reaches 97% of true positives. Another advantage is that it is able to detect non-human faces, such as those of dogs."
Firefox 79.0
Firefox 79.0 has been released. This version has improved accessibility for people using screen readers. See the release notes for more details.Git v2.28.0
Version 2.28.0 of the git version control system has been released. "It is smaller than the releases in our recent past, mostly due to the development cycle was near the shorter end of the spectrum (our cycles last 8-12 weeks and this was a rare 8-week cycle)."
See this GitHub Blog post for details on the new features in this release.
GNU nano 5.0 released
Version 5.0 of the GNU nano text editor is out; it contains a number of improvements to the editing experience. "With --indicator (or -q or 'set indicator') nano will show a kind of scrollbar on the righthand side of the screen to indicate where in the buffer the viewport is located and how much it covers."
PHP 8 alpha 3 released
The PHP project has released PHP 8 Alpha 3, the final alpha release according to the 8.0 release schedule. Feature freeze for the 8.0 release is scheduled for August 4, making this release the last one before features for the latest version of PHP are finalized. PHP 8.0 is scheduled to be released for general availability on November 26.Development quote of the week
The point of open source is not to ritualistically compile our stuff from source. It’s the awareness that technology is not magic: that there is a trail of breadcrumbs any of us could follow to liberate our digital lives in case of a potential hostage situation. Should we so desire, open source empowers us to create and run our own essential tools and services.
— Andrew "bunnie"
Huang (Thanks to Paul Wise)
Miscellaneous
Historical programming-language groups disappearing from Google
As Alex McDonald notes in this support request, Google has recently banned the old Usenet groups comp.lang.forth and comp.lang.lisp from the Google Groups system. "Of specific concern is the archive. These are some of the oldest groups on Usenet, and the depth & breadth of the historical material that has just disappeared from the internet, on two seminal programming languages, is huge and highly damaging. These are the history and collective memories of two communities that are being expunged, and it's not great, since there is no other comprehensive archive after Google's purchase of Dejanews around 20 years ago." Perhaps Google can be convinced to restore the content, but it also seems that some of this material could benefit from a more stable archive.
Page editor: Jake Edge
Next page:
Announcements>>