LWN.net

Security updates have been issued by Debian (ruby-json-jwt and ruby-rack-cors), Fedora (xen), SUSE (aspell and tar), and Ubuntu (ruby-gon, ruby-kramdown, and ruby-rack).

The LWN.net Weekly Edition for October 1, 2020 is available.

SELinux is asecurity mechanism with a lot of ability to restrict user-space compromisesin various useful ways. It has also generally been considered aheavyweight option that is not suitable for more resource-restrictedsystems like wireless routers. Undeterred by this perception, some OpenWrt developers are adding SELinux asan option for protecting the distribution, which targets embedded devices.

Keeping device firmware up-to-date can be a challenge for end users. Firmware updates are often important for correct behavior, and they can have security implications as well. The Linux Vendor Firmware Service (LVFS) project is playing an increasing role in making firmware updates more straightforward for both end users and vendors; LVFS just announced its 20-millionth firmware download. Since even a wireless mouse dongle can pose a security threat, the importance of simple, reliable, and easily applied firmware updates is hard to overstate.

Version 4.16.0 of the RPM package manager has been released. "Thisturned out to be a much bigger release than anticipated with severalgroundbreaking new features, despite finally being back to annual cyclealmost to date." Highlights include new database backends, macro and%if expressions including ternary operator and native version comparison,optional MIME type based file classification, new version parsing andcomparison API in C and Python, license clarification, and more. The release notes have more details.

Security updates have been issued by Arch Linux (chromium, firefox, libvirt, and podman), Debian (firefox-esr and nss), Gentoo (bitcoind, chromium, cifs-utils, gpsd, libuv, and xen), Mageia (firefox, gnutls, mediawiki, samba, and Thunderbird), openSUSE (brotli and cifs-utils), Red Hat (audiofile, bluez, cloud-init, cpio, cups, curl, dbus, dnsmasq, e2fsprogs, evince and poppler, exiv2, expat, firefox, fontforge, freeradius, freerdp, glib2 and ibus, glibc, httpd, hunspell, ipa, kernel, kernel-rt, libcroco, libexif, libmspack, libpng, librabbitmq, libsndfile, libsrtp, libssh2, libtiff, libvirt, libvpx, libwmf, libxml2, libxslt, mariadb, mod_auth_openidc, NetworkManager, nss and nspr, okular, OpenEXR, openldap, openwsman, pcp, python, python-pillow, python3, qemu-kvm, qemu-kvm-ma, qt5-qtbase, samba, SDL, spamassassin, squid, subversion, systemd, tigervnc, tomcat, unoconv, and webkitgtk4), SUSE (bcm43xx-firmware, nodejs8, pdns, python-pip, and xen), and Ubuntu (libapreq2, netqmail, samba, and tomcat6).

Fish (the "friendly interactiveshell") hasthe explicit goal of being more user-friendly than other shells.It features a modern command-line interface with syntax highlighting, tabcompletion, and auto-suggestions out of the box(all with no configuration required). Unlike many of its competitors, it doesn't careabout being POSIX-compliant but attempts to blaze its own path. Since ourlast look at the project, way back in 2013, ithas seen lots of new releases with features, bug fixes, and refinementsaimed at appealing to a wide range of users. Some of the biggest additions landed in the3.0 release, butwe will also describe some other notable changes from version 2.1 up throughlatest version.

Security updates have been issued by Debian (firefox-esr and mediawiki), openSUSE (firefox, libqt5-qtbase, and rubygem-actionpack-5_1), Red Hat (qemu-kvm, qemu-kvm-ma, and virt:rhel), SUSE (dpdk, firefox, and go1.15), and Ubuntu (dpdk, imagemagick, italc, libpgf, libuv1, pam-python, squid3, ssvnc, and teeworlds).

Recently, the Mercurial project has been discussing its plans to migrate away from the compromised SHA-1 hashing algorithm in favor of a more secure alternative. So far, the discussion is in the planning stages of algorithm selection and migration strategy, with a general transition plan for users. The project, for the moment, is favoring the BLAKE2 hashing algorithm.

OpenSSH 8.4 is out. The SHA-1 algorithm is deprecated and the "ssh-rsa"public key signature algorithm will be disabled by default "in anear-future release." They note that it is possible to performchosen-prefix attacks against the SHA-1 algorithm for less than USD$50K.

Security updates have been issued by Debian (curl, libdbi-perl, linux-4.19, lua5.3, mediawiki, nfdump, openssl1.0, qt4-x11, qtbase-opensource-src, ruby-gon, and yaws), Fedora (grub2, libxml2, perl-DBI, singularity, and xawtv), Mageia (cifs-utils, kio-extras, libproxy, mbedtls, nodejs, novnc, and pdns), openSUSE (bcm43xx-firmware, chromium, conmon, fuse-overlayfs, libcontainers-common, podman, firefox, libqt4, libqt5-qtbase, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and tiff), SUSE (firefox, go1.14, ImageMagick, and libqt5-qtbase), and Ubuntu (firefox, gnuplot, libquicktime, miniupnpd, ruby-sanitize, and sudo).

The 5.9-rc7 kernel prepatch is out fortesting. "But while I do now know of any remaining gating issues any more, thefixes came in fairly late. So unless I feel insanely optimistic and/ora burning bush tells me that everything is bug-free, my plan right nowis that I'll do another rc next Sunday rather than the final 5.9release. And btw, please no more burning bushes. We're kind ofsensitive about those on the West coast right now."

The5.8.12,5.4.68, and4.19.148stable kernels have been released; each contains another set of importantfixes.

It has only been a few months since the Emacs community went through an extended discussion on how to make the Emacs editor "popularagain". As the community gears up for the Emacs 28 development cycle,(after the Emacs27.1 release in August)that discussion has returned with a vengeance. The themes of thisdiscussion differ somewhat from the last; developers are concerned aboutmaking Emacs — an editor with decades of history — seem "modern" to attractnew users.

Version 5.0 of theCalibre electronic-book manager has been released. "There has been alot of work on the calibre E-book viewer. It now supports Highlighting. Thehighlights can be colors, underlines, strikethrough, etc. and have addednotes. All highlights can be both stored in EPUB files for easy sharing andcentrally in the calibre library for easy browsing. Additionally, theE-book viewer now supports both vertical and right-to-left text."Another significant change is a port to Python 3; that was a necessarychange but it means that there are a number of plugins that have not yetbeen ported and thus won't work. The status of many plugins can be foundon thispage.

Security updates have been issued by Debian (rails), openSUSE (chromium, jasper, ovmf, roundcubemail, samba, and singularity), Oracle (firefox), SUSE (bcm43xx-firmware, firefox, libqt5-qtbase, qemu, and tiff), and Ubuntu (aptdaemon, atftp, awl, packagekit, and spip).

The set_fs() function dates back to the earliest days of the Linuxkernel; it is a key part of the machinery that keeps user-space andkernel-space memory separated from each other. It is also easy to misuseand has been the source of various security problems over the years; kerneldevelopers have long wanted to be rid of it. They won't completely get theirwish in the 5.10 kernel but, as the result of work that has been quietlyprogressing for several months, the end of set_fs() will be easilyvisible at that point.

Version 13 of the PostgreSQL database management system is out."PostgreSQL 13 includes significant improvements to its indexing and lookupsystem that benefit large databases, including space savings and performancegains for indexes, faster response times for queries that use aggregates orpartitions, better query planning when using enhanced statistics, and more.Along with highly requested features like parallelized vacuuming andincremental sorting, PostgreSQL 13 provides a better data managementexperience for workloads big and small, with optimizations for dailyadministration, more conveniences for application developers, and securityenhancements."

Security updates have been issued by Fedora (firefox, libproxy, mbedtls, samba, and zeromq), openSUSE (chromium and virtualbox), Red Hat (firefox and kernel), SUSE (cifs-utils, conmon, fuse-overlayfs, libcontainers-common, podman, libcdio, python-pip, samba, and wavpack), and Ubuntu (rdflib).

The LWN.net Weekly Edition for September 24, 2020 is available.

It is a pretty rare event to see a nearly 21-year-old bug be addressed—manyprojects are nowhere near that old for one thing—but that is just what hasoccurred for the Mozilla Thunderbird emailapplication. An enhancementrequest filed at the end of 1999 asked for a plugin to support email encryption, but it has mostlylanguished since. The Enigmail plugin did comealong to fill the gap by providing OpenPGP support using GNU Privacy Guard (GnuPG or GPG), but wasnever part of Thunderbird.As part of Thunderbird 78,though, OpenPGP is now fully supported within the mail user agent(MUA).

Stable kernels 5.8.11, 5.4.67, 4.19.147, 4.14.199, 4.9.237, and 4.4.237 have been released with importantfixes. Users should upgrade.

Disabling SELinuxis, perhaps sadly in some ways, a time-honored tradition for users of Fedora, RHEL, and other distributions that feature thesecurity mechanism. Over the years, SELinux has gotten easier to toleratedue to the hard work of its developers and the distributions, but there arestill third-party packages that recommend or require disabling SELinux inorder to function. Up until fairly recently, the kernel has supporteddisabling SELinux at run time, but that mechanism has been deprecated—inpart due to another kernel security feature. Now Fedora is planningto eliminate the ability to disable SELinux at run time in Fedora 34, which sparkedsome discussion in its devel mailing list.

Security updates have been issued by openSUSE (libetpan, libqt4, lilypond, otrs, and perl-DBI), Red Hat (kernel-rt), Slackware (seamonkey), SUSE (grafana, libmspack, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and samba), and Ubuntu (debian-lan-config, ldm, libdbi-perl, and netty-3.9).

Python 3.9.0rc2 was released on September 17, with the final version scheduled for October 5, roughly a year after the release of Python 3.8. Python 3.9 will come with new operators for dictionary unions, a new parser, two string operations meant to eliminate some longstanding confusion, as well as improved time-zone handling and type hinting. Developers may need to do some porting for code coming from Python 3.8 or earlier, as the new release has removed several previously-deprecated features still lingering from Python 2.7.

The functiontracer (ftrace) subsystem has become an essential part of the kernel'sintrospection tooling. Like many kernel subsystems, ftrace uses a ring buffer toquickly communicate events to user space; those events include a timestamp toindicate when they occurred. Until recently, the design of the ring bufferhas led to the creation of inaccurate timestamps when events are generatedfrom interrupt handlers. That problem has now been solved; read on for anin-depth discussion of how this issue came about and the form of itssolution.

Linux Journal has returnedunder the ownership of Slashdot Media. "As Linux enthusiasts and long-time fans of Linux Journal, we were disappointed to hear about Linux Journal closing its doors last year. It took some time, but fortunately we were able to get a deal done that allows us to keep Linux Journal alive now and indefinitely. It's important that amazing resources like Linux Journal never disappear."

Firefox 81.0 is out. This version allows you to control media from thekeyboard or headset, introduces the Alpenglow theme, adds ArcoForm support tofill in, print, and save supported PDF forms, and more. See the release notesfor details.

Security updates have been issued by Mageia (mysql-connector-java), openSUSE (chromium, curl, libqt4, and singularity), Red Hat (bash and kernel), SUSE (python-pip and python3), and Ubuntu (busybox, ceph, freeimage, libofx, libpam-tacplus, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-azure, linux-gcp, linux-oracle, novnc, and tnef).

Kees Cook catchesup with the security-related changes in the 5.7 kernel."The kernel’s Linux Security Module (LSM) API provide a way to writesecurity modules that have traditionally implemented various MandatoryAccess Control (MAC) systems like SELinux, AppArmor, etc. The LSM hooks arenumerous and no one LSM uses them all, as some hooks are much morespecialized (like those used by IMA, Yama, LoadPin, etc). There was not,however, any way to externally attach to these hooks (not even through aregular loadable kernel module) nor build fully dynamic security policy,until KP Singh landed the API for building LSM policy using BPF. With this,it is possible (for a privileged process) to write kernel LSM hooks in BPF,allowing for totally custom security policy (and reporting)."

Security updates have been issued by Debian (inspircd and modsecurity), Fedora (chromium, cryptsetup, gnutls, mingw-libxml2, and seamonkey), openSUSE (ark, chromium, claws-mail, docker-distribution, fossil, hylafax+, inn, knot, libetpan, libjpeg-turbo, libqt4, librepo, libvirt, libxml2, lilypond, mumble, openldap2, otrs, pdns-recursor, perl-DBI, python-Flask-Cors, singularity, slurm_18_08, and virtualbox), SUSE (jasper, less, ovmf, and rubygem-actionview-4_2), and Ubuntu (sa-exim).

The 5.9-rc6 kernel prepatch is out."The one thing that does show up in the diffstat is the softscrollremoval (both fbcon and vgacon), and there are people who want to savethat, but we'll see if some maintainer steps up. I'm not willing toresurrect it in the broken form it was in, so I doubt that will happenin 5.9, but we'll see what happens."

Andrew "bunnie" Huang has announced a newproject called "Precursor"; it is meant to be a platform for makers tocreate interesting new devices. "Precursor is unique in the opensource electronics space in that it’s designed from the ground-up to becarried around in your pocket. It’s not just a naked circuit board withconnectors hanging off at random locations: it comes fully integrated—witha rechargeable battery, a display, and a keyboard—in a sleek, 7.2 mm(quarter-inch) aluminum case." You can't get one yet, but thecrowdfunding push starts soon.

The discussion started out as a straightforwardpatch set from Thomas Gleixner making a minor change to how preemptioncounting is handled. The resulting discussion quickly spread out to covera number of issues relevant to core-kernel development in surprisingly fewmessages; each of those topics merits a quick look, starting with how thepreemption counter itself works. Sometimes a simple count turns out to notbe as simple as it seems.

James Bottomley has put together adetailed recounting of what it took to get IPv6 fully working on hisnetwork. "One of the things you’d think from the above is that IPv6always auto configures and, while it is true that if you simply plug yourlaptop into the ethernet port of a cable modem it will just automaticallyconfigure, most people have a more complex home setup involving a router,which needs some special coaxing before it will work. That means you needto obtain additional features from your ISP using special DHCPv6requests."

Security updates have been issued by Arch Linux (chromium and netbeans), Oracle (mysql:8.0 and thunderbird), SUSE (rubygem-rack and samba), and Ubuntu (apng2gif, gnupg2, libemail-address-list-perl, libproxy, pulseaudio, pure-ftpd, samba, and xawtv).

Greg Kroah-Hartman has announced the release of the 5.8.10, 5.4.66, and 4.19.146 stable kernels. They containimportant fixes throughout the tree and users should upgrade.

The GNOME Project has announced a change to its version-numbering scheme;the next release will be "GNOME 40"."After nearly 10 years of 3.x releases, the minor version number isgetting unwieldy. It is also exceedingly clear that we're not going to bumpthe major version because of technological changes in the core platform,like we did for GNOME 2 and 3, and then piling on a major UX change on topof that. Radical technological and design changes are too disruptive formaintainers, users, and developers; we have become pretty good at iteratingdesign and technologies, to the point that the current GNOME platform, UI,and UX are fairly different from what was released with GNOME 3.0, whilestill following the same design tenets."

The kernel contains a wide variety of locking primitives; it can be hard tostay on top of all of them. So even veteran kernel developers might beforgiven for being unaware of the "seqcount latch" lock type or its use.While this lock type has existed in the kernel for several years, it isonly being formalized with a proper type declaration in 5.10. So thisseems like a good time to look at what these locks are and howthey work.

Security updates have been issued by Fedora (dotnet3.1, kernel, mbedtls, and python35), Mageia (libraw), openSUSE (mumble), SUSE (libsolv, libzypp, and perl-DBI), and Ubuntu (libdbi-perl, libphp-phpmailer, mcabber, ncmpc, openssl, openssl1.0, qemu, samba, storebackup, and util-linux).

The LWN.net Weekly Edition for September 17, 2020 is available.

As the PHP project nears its 8.0 release, which is currently slated for late November, there are a number of interesting things to report from its development mailing list. For one, the syntax of the attributes feature has finally been settled on after an acrimonious debate largely over the minutiae of the voting process. In addition, some releases were made and a new proposal to add any() and all() as core library functions was discussed.

The pandemic has changed many things in our communities, even though distancehas always played a big role in free software development. Annual in-persongatherings for conferences and the like are generally paused at the moment,but even after travel and congregating become reasonable again,face-to-face meetings may be less frequent. There are both positives andnegatives to that outcome, of course, but some rethinking will be in orderif that comes to pass. The process of key signing is something that may needto change as well; the Debian project, which uses signed keys,has been discussing the subject.

Version 3.38 of the GNOME desktop environment is out. "This release brings a new Welcome tour, improved grouping and reorderingof applications in the overview, better fingerprint enrollment, deepersystemd integration, and more." See the releasenotes for details.

Security updates have been issued by Fedora (libssh, python35, and xen), Oracle (kernel), Red Hat (librepo and mysql:8.0), SUSE (perl-DBI), and Ubuntu (Apache Log4j, Apache XML-RPC, bsdiff, libdbi-perl, luajit, milkytracker, OpenJPEG, ruby-loofah, and ruby-websocket-extensions).

The BPF virtual machine is beingused ever more widely in the kernel, but it has not been a target for GCC until recently. BPF is currently generated using the LLVMcompiler suite.Jose E. Marchesi gave a pair of presentations as part of the GNU Toolstrack at the 2020 LinuxPlumbers Conference (LPC) that provided attendees with a look at theBPF for GCC project, which started around ayear ago. It has made some significant progress, but there is, of course, more to do.

Moment.js, the de facto standard JavaScript library for date and time manipulation, has announced that "we would like to discourage Moment from being used in new projects going forward." The project cited multiple reasons for the recommendation. The first is that moment objects are mutable; another is the unnecessarily large size of the library when compared to other internationalization and time-zone support options available to modern browsers. According to the post, "we now generally consider Moment to be a legacy project in maintenance mode. It is not dead, but it is indeed done." The project offers multiple recommendations of alternative options, including "the evolution of Moment", Luxon, authored by long-time Moment.js contributor Isaac Cambron.

Security updates have been issued by CentOS (dovecot), Debian (gnome-shell and teeworlds), Mageia (libetpan and zeromq), openSUSE (libxml2), Red Hat (chromium-browser and librepo), SUSE (compat-openssl098, firefox, kernel, openssl, and shim), and Ubuntu (gupnp).

Tasklets offer a deferred-execution method in the Linux kernel; theyhave been available since the 2.3 development series. They allow interrupthandlers to schedule further work to be executed as soon as possible afterthe handler itself. The tasklet API has its shortcomings, but it has stayedin place while other deferred-execution methods, including workqueues, havebeen introduced. Recently, Kees Cook posted a security-inspired patchset (also including work from Romain Perier) to improve the taskletAPI. This change is uncontroversial, but it provoked a discussion thatmight lead to the removal of the tasklet API in the (not so distant)future.

Security updates have been issued by CentOS (thunderbird), Debian (libproxy, qemu, and wordpress), Fedora (ansible, chromium, community-mysql, dotnet-build-reference-packages, dotnet3.1, drupal7, grub2, java-1.8.0-openjdk-aarch32, kernel, kernel-headers, kernel-tools, mingw-gnutls, php-symfony4, python-django, and selinux-policy), Gentoo (DBI, file-roller, gnome-shell, gst-rtsp-server, nextcloud-client, php, proftpd, qtgui, and zeromq), openSUSE (gimp, libjpeg-turbo, openldap2, python-Flask-Cors, and slurm), Oracle (.NET Core 3.1, dovecot, go-toolset:ol8, httpd:2.4, and kernel), Red Hat (dovecot, httpd24-httpd, httpd:2.4, and mysql:8.0), and Slackware (thunderbird).