Morten Linderud
And January is over! Time has frankly been moving fast the past days.
Packaging wise, things has been fine. Added tailscale and some other minor
packages, but had a real purge of old packages from resigned maintainers. Also
dropped ntop to the AUR which hasn’t been actively developed for years at this
point. I’m curious when people are going to bug me about that one :)
On the security side of things there has been quite a lot happening just the
past week. sudo had CVE-2021-3156 and libgcrypt had CVE-2021-3345 which are
both are quite severe. My personal take is that the sudo one bad, but not that
bad. While libgcrypt is a bit more terrible considering the data is parsed
before it’s authenticated. However both was patched fairly quickly in Arch.
In other news things are moving fine on different projects. Did some progress on
finishing up debuginfod on the infrastructure side. Not that much happening on
the dbscripts side of things. Slowly been hacking away on some CVE tracking
for the security team, but the CVE dataset is a mess. Among more exciting stuff
I have submitted some WIP UEFI structs for ImHex which is a neat hex editor.
I have 3-4 blog posts about Arch Conf and archlinux-repro rework that I have
in the pipeline. But been a bit lazy in the evenings rewatching Halt and Catch
Fire (which is a terrific TV show).
Other then that I have a talk about sbctl this weekend for FOSDEM.
Improving the Secure Boot landscape: sbctl & go-uefi.
Enjoy this weeks summary and stay safe!
Package Updates to [community]
python-milcupdated to1.0.12-1,1.0.13-1python-reportlabupdated to3.5.59-1,3.5.60-1python-pygameupdated to2.0.1-1python-typed-astupdated to1.4.2-1v2rayupdated to4.34.0-1fzfupdated to0.25.0-1jgmenuupdated to4.3.0-1libmdupdated to1.0.3-1plocateupdated to1.1.3-2toolboxupdated to0.0.98-1,0.0.98.1-1,0.0.99-1goplsupdated to0.6.2-1,0.6.3-1,0.6.4-1python-prompt_toolkitupdated to3.0.9-1,3.0.11-1,3.0.13-1,3.0.14-1minicomupdated to2.8-1lxdupdated to4.10-1python-prompt_toolkitupdated to3.0.10-1python-pandasupdated to1.2.0-1buildahupdated to1.19.0-1,1.19.2-1,1.19.3-1skopeoupdated to1.2.1-1gopassupdated to1.11.0-1qmkupdated to0.0.39-1perl-type-tinyupdated to1.012001-1git-lfsupdated to2.13.2-1font-awesomeupdated to5.15.2-1conmonupdated to1:2.0.23-1,1:2.0.24-1,1:2.0.25-1helmupdated to3.5.0-1,3.5.1-1buildahupdated to1.19.2-1python-google-api-coreupdated to1.25.0-1,1.25.1-1docker-composeupdated to1.28.0-1,1.28.2-1nvme-cliupdated to1.13-2goupdated to2:1.15.7-1staticcheckupdated to2020.2.1-1github-cliupdated to1.5.0-1fuse-overlayfsupdated to1.4.0-1crunupdated to0.17-1udiskieupdated to2.3.0-1,2.3.2-1screenkeyupdated to1.4.1-1yubikey-managerupdated to3.1.2-1hyupdated to0.20.0-1pdfjsupdated to2.7.570-1cni-pluginsupdated to0.9.0-5perl-gnupg-interfaceupdated to1.01-1qutebrowserupdated to2.0.0-1,2.0.1-1tailscaleupdated to1.4.0-1,1.4.1-1python-adblockupdated to0.4.1-1delveupdated to1.6.0-1step-cliupdated to0.15.3-1
Package additions to [community]
tailscalestep-ca
Package removals to [community]
ericeric-i18npycheckercanorusjuliuslibaslpython-pmwlibmatiopdfsamvoxforge-am-juliusg15daemonlibg15libg15renderlibcosqlite-replicationntop
Potential new packages for [community]
oomdvgrepgit-publishb4psi-notifyetcdmicro
Bugfixes
plocate: Should enable the timer, nor the service. Slight typi there!nvme-cli: Fixed FS#69374- Some dracut warning. Backported upstream patch.
cni-plugins: Fixed FS#69276- Had to copy the binaries into
/opt/cni/bin
- Had to copy the binaries into
hy: Fixed FS#69390- Removed
python-clintforpython-colorama
- Removed
Security Team
We have published 45 advisories this month. We have in total published 1000 advisories since the tracker was deployed in 2016!
Other things…
archlinux-repro- Merged a few patches this months!
pacman:infrastructure:- Draft: debuginfod: Implement role
- Continued the work on the
debuginfodrole.
Cheers!