All i386 users of the 6.6 kernel series must upgrade (as they skipped the last release.) All other arches can skip this one as it should not affect them."
Greg Kroah-Hartman has announced the release of four more stable kernels: 6.13.6, 6.12.18, 6.6.81, and 6.1.130. Unlike a normal release, Kroah-Hartman did not call for all users to update their kernels. Specifically, the 6.6.81 kernel is currently broken on i386 systems, and users should wait for 6.6.82.
On January 20, Thomas Weißschuh shared a new patch set implementing an alternate method for checking the integrity of loadable kernel modules. This mechanism, which checks module integrity based on hashes computed at build time instead of using cryptographic signatures, could enable reproducible kernel builds in more contexts. Several distributions have already expressed interest in the patch set if Weißschuh can get it into the kernel.
Secure hash functions are designed in such a way that there is no secret key, and there is no way to use knowledge of the intermediate state in order to generate a collision. However, CMAC was not designed as a hash function, and therefore it is a weak hash function against an adversary who has the key. Remember that every AMD Zen CPU has to have the same AES-CMAC key in order to successfully calculate the hash of the AMD public key and the microcode patch contents. Therefore, the key only needs to be revealed from a single CPU in order to compromise all other CPUs using the same key. This opens up the potential for hardware attacks (e.g., reading the key from ROM with a scanning electron microscope), side-channel attacks (e.g., using Correlation Power Analysis to leak the key during validation), or other software or hardware attacks that can somehow reveal the key. In summary, it is a safe assumption that such a key will not remain secret forever.
Version 2.0.0 of FerretDB has been released. FerretDB is an open-source alternative to MongoDB, which switched to a non-open license in 2018, built on top of PostgreSQL. This release utilizes the DocumentDB PostgreSQL extension for better performance, adds vector search, and replication.
Functional programming languages have a long association with graphs. In the 1990s, it was even thought that parallel graph-reduction architectures could make functional programming languages much faster than their imperative counterparts. Alas, that prediction mostly failed to materialize. Even though graphs are still used as a theoretical formalism in order to define and optimize functional languages (such as Haskell's spineless tagless graph-machine), they are still mostly compiled down to the same old non-parallel assembly code that every other language uses. Now, two projects — Bend and Vine — have sprung up attempting to change that, and prove that parallel graph reduction can be a useful technique for real programs.
The Xen Project has announced the release of Xen 4.20. This release adds support for AMD Zen 5 CPUs, improved compliance with the MISRA C standard, work on PCI-passthrough on Arm, and more. Xen 4.20 also removes support for Xeon Phi CPUs, which were discontinued in 2018. See the feature list and release notes for more information.
Version 136.0 of the Thunderbird Desktop mail client has been released. The release includes a quick toggle for adapting messages to dark mode, and a new "Appearance" setting to control message threading and sorting order globally, as well as a number of bug fixes. See the security advisory for a full list of security vulnerabilities addressed in Thunderbird 136.0.
Version 12.3 of Linux From Scratch (LFS) has been released, along with Beyond Linux From Scratch (BLFS) 12.3. LFS provides step-by-step instructions on building a customized Linux system entirely from source, and BLFS helps to extend an LFS installation into a more usable system. Notable changes in this release include toolchain updates to GNU Binutils 2.44, GNU C Library (glibc) 2.41, and Linux 6.13.2. The Changelog has a full list of changes since the previous stable release.
Mozilla's actions have been rubbing many Firefox fans the wrong way as of late, and inspiring them to look for alternatives. There are many choices for users who are looking for a browser that isn't part of the Chrome monoculture but is full-featured and suitable for day-to-day use. For those who are willing to stay in the Firefox "family" there are a number of good options that have taken vastly different approaches. This includes GNU IceCat, Floorp, LibreWolf, and Zen.
Mozilla has issued
an update to its terms of use (TOU) that were announced
on February 26. It has removed a reference in the TOU to
Mozilla's Acceptable Use Policy "because it seems to be causing
more confusion than clarity
", and has revised the TOU "to more
clearly reflect the limited scope of how Mozilla interacts with user
data
". The new language says:
You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.
Mozilla has also updated its Privacy FAQ to provide more detail about its reasons for the changes.
Connexion