Brief items
Security
OpenSSH 8.4 released
OpenSSH 8.4 is out. The SHA-1 algorithm is deprecated and the "ssh-rsa" public key signature algorithm will be disabled by default "in a near-future release." They note that it is possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K.
Kernel development
Kernel release status
The current development kernel is 5.9-rc7, released on September 27. Linus said: "But while I do not know of any remaining gating issues any more, the fixes came in fairly late. So unless I feel insanely optimistic and/or a burning bush tells me that everything is bug-free, my plan right now is that I'll do another rc next Sunday rather than the final 5.9 release. And btw, please no more burning bushes. We're kind of sensitive about those on the West coast right now."
Stable updates: 5.8.12, 5.4.68, and 4.19.148 were released on September 26. There is a big set of updates (5.8.13, 5.4.69, 4.19.149, 4.14.200, 4.9.238, and 4.4.238) in the review process; they are due on October 1.
The linux-hardening mailing list
Kees Cook has announced the creation of a new vger mailing list called linux-hardening. It is meant as a replacement for the longstanding kernel-hardening@openwall.com list for discussions specific to Linux kernel development; the old list is, for various reasons, seen as not being entirely suitable for upstream kernel work. Developers working on hardening are likely to want to be subscribed to both lists going forward.
Distributions
RPM 4.16.0 released
Version 4.16.0 of the RPM package manager has been released. "This turned out to be a much bigger release than anticipated with several groundbreaking new features, despite finally being back to annual cycle almost to date." Highlights include new database backends, macro and %if expressions including ternary operator and native version comparison, optional MIME type based file classification, new version parsing and comparison API in C and Python, license clarification, and more. The release notes have more details.
Development
Calibre 5.0 released
Version 5.0 of the Calibre electronic-book manager has been released. "There has been a lot of work on the calibre E-book viewer. It now supports Highlighting. The highlights can be colors, underlines, strikethrough, etc. and have added notes. All highlights can be both stored in EPUB files for easy sharing and centrally in the calibre library for easy browsing. Additionally, the E-book viewer now supports both vertical and right-to-left text." Another significant change is a port to Python 3; that was a necessary change but it means that there are a number of plugins that have not yet been ported and thus won't work. The status of many plugins can be found on this page.
PostgreSQL 13 released
Version 13 of the PostgreSQL database management system is out. "PostgreSQL 13 includes significant improvements to its indexing and lookup system that benefit large databases, including space savings and performance gains for indexes, faster response times for queries that use aggregates or partitions, better query planning when using enhanced statistics, and more. Along with highly requested features like parallelized vacuuming and incremental sorting, PostgreSQL 13 provides a better data management experience for workloads big and small, with optimizations for daily administration, more conveniences for application developers, and security enhancements."
Development quote of the week
Still, even with this, it was never going to be a matter of just following
some standard porting advice and
calling it good. Launchpad has almost a million lines of Python code in its
main git tree, and around
250 dependencies of which a number are quite Launchpad-specific. In a
project that size, not only is following standard porting advice an
extremely time-consuming task in its own right, but just about every
strange corner case is going to show up somewhere. (Did you know that
StringIO.StringIO(None) and io.StringIO(None) do different
things even after you account for the native string vs. Unicode text
difference? How about the behaviour of .union() on a
subclass of frozenset?) Launchpad’s test suite is fortunately
extremely thorough, but even just starting up the test suite involves
importing most of the data model code, so before you can start taking
advantage of it you have to make a large fraction of the codebase be at
least syntactically-correct Python 3 code and use only modules that exist
in Python 3 while still working in Python 2; in a project this size that
turns out to be a large effort on its own, and can be quite risky
in places.
— Colin
Watson (Thanks to Paul Wise)
Page editor: Jake Edge
Next page:
Announcements>>