Heya folks! We have a bit of a smaller sync this week, on account of the last sync happening on Monday (or Tuesday, depending on where you live). There are still a couple of interesting developments, though!
Starting off, we have an update for Curl which fixes a couple of CVEs. Curl version 8.5.0 addresses CVE-2023-46219 and CVE-2023-46218, as well as including a bunch of regular bug fixes. Similarly, bluez saw a patch for CVE-2023-45866 and python-cryptography was updated for CVE-2023-49083. While these are not high severity vulnerabilities, it is still important to keep up-to-date.
We've changed the default PAM settings for account lockouts when putting in the wrong password. The PAM defaults will lock you out for 10 minutes if you try the wrong password 3 times in 15 minutes. Our updated defaults changes this to a 10-minute lockout after 10 attempts in 15 minutes. Our goal is to be more tolerant of mistakes while still being reasonably secure. We took inspiration from the NIST Digital Identity Guidelines, specifically sections 10.1 and 10.3.
Speaking of usability, you may notice a difference in virtual console text and the GRUB boot menu. The default font is too small on modern high-definition displays, so we've switched to using the Terminus font in a larger 16x32 pixel font size.
This week, Nushell was included in the repository! It is different from more traditional shells in that everything is data, enabling you to filter and sort output. Check it out!
If you've been keeping an eye on the 4.5 ISO task, you'll notice that a lot of checkboxes have been ticked. Over the next couple of weeks, we'll be focusing on testing and fixing bugs ahead of a new ISO release. This may mean that some package updates are delayed. Thank you for your patience.
Other updates this week include:
- Our rust package was updated to the recently released v1.74.1, bringing a number of new fixes and improvements!
- AOM (one of the many AV1 encoders in the repos) was updated to v3.8.0, bringing increased encoding speed and compression ratio
- RSS Guard was updated to v4.6.2. You can now use it for podcasts or as a media player!
- SMPlayer was updated to v23.6
- VS Code was updated to the November 2023 release! This brings many improvements
- A driver for certain Realtek USB Wifi 6 chipsets has been added to the repositories. While we do not recommend purchasing this hardware (you should always try to stick to hardware that has in-kernel drivers) if you already have such hardware it should now work once you install the rtl8852bu package.
- Tailscale was updated to v1.54.1
- minetest was updated to v5.8.0, bringing many improvements to this open source voxel game!
- A longstanding issue with usysconf (which is used to run triggers in response to package installation and updates) was resolved that would cause it to sometimes not run the right commands to register newly installed kernel drivers with the system. If you ever installed a new kernel driver and it didn't work right away then this is most likely fixed now!
That’s all for this week, folks! Check back next time for more update goodies!