LWN.net

Frequent updates are a key part of keeping systems secure, but that goalwill not be met if the update mechanism itself is compromised by anattacker. At a talk during the 2019 Open Source Summit Japan, JustinCappos described Uptane, an updatedelivery mechanism for automotive applications that, he said, can preventsuch problems, even when the attacker has the resources of a nation state.It would seem that some automobile manufacturers agree.

Zoned block devices are quite different than the block devices most peopleare used to. The concept came from shingledmagnetic recording (SMR) devices, which allow much higher densitystorage, but that extra capacity comes with a price: less flexibility. Zoneddevices have regions (zones) that can only be written sequentially; thereis no random access for writes to those zones. Linux already supports thesedevices, and filesystems are adding support as well, but some applicationsmay want a simpler, more straightforward interface; that's what a newfilesystem, zonefs, is targeting.

Security updates have been issued by Debian (libsdl2-image and libxslt), Oracle (java-1.8.0-openjdk and java-11-openjdk), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (bzip2, microcode_ctl, and ucode-intel), and Ubuntu (clamav, evince, linux-hwe, linux-gcp, linux-snapdragon, and squid3).

At the end of the 5.3 merge window, 12,608 non-merge changesets had beenpulled into the mainline repository. Nearly 6,000 of those were pulledafter the first-half summary was written.As expected, there was still a lot of material yet to be merged for thisdevelopment cycle.

Security updates have been issued by Debian (bind9, exiv2, kernel, nss, openjdk-11, openjdk-8, patch, and squid3), Fedora (gvfs, libldb, and samba), Mageia (firefox, gvfs, libreswan, rdesktop, and thunderbird), openSUSE (bzip2, clementine, dbus-1, expat, fence-agents, firefox, glib2, kernel, kernel-firmware, ledger, libqb, libu2f-host, pam_u2f, libvirt, neovim, php7, postgresql10, python-requests, python-Twisted, ruby-bundled-gems-rpmhelper, ruby2.5, samba, webkit2gtk3, zeromq, and znc), Red Hat (java-1.8.0-openjdk, java-11-openjdk, rh-maven35-jackson-databind, rh-nodejs8-nodejs, and rh-redis5-redis), Slackware (kernel), and SUSE (ucode-intel).

Linus has released 5.3-rc1 and closed themerge window for this development cycle. "Anyway, despite the rockystart, and the big size, things mostly smoothed out towards the end of themerge window. And there's a lot to like in 5.3".

Greg Kroah-Hartman has announced the release of the 5.2.2, 5.1.19,4.19.60, 4.14.134, 4.9.186, and 4.4.186 stable kernels. As usual, theycontain fixes throughout the kernel tree; users should upgrade.

Documentation, said Riona MacNamara at the beginning of her OpenSourceSummit Japan 2019 talk, is the superpower that we can use to energize usersand developers; it is an important part of the creation of a vibrant andinclusive community. While there are a number of roadblocks that can impedeparticipation in a development community, many of those can be addressedwith better documentation. The talk was a call for all projects to thinkabout what they are trying to accomplish and to ensure that theirdocumentation is helping to get there.

Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3).

Over on his blog, Kees Cook runs through the security changes that came in Linux 5.2. "While the SLUB and SLAB allocator freelists have been randomized for a while now, the overarching page allocator itself wasn’t. This meant that anything doing allocation outside of the kmem_cache/kmalloc() would have deterministic placement in memory. This is bad both for security and for some cache management cases. Dan Williams implemented this randomization under CONFIG_SHUFFLE_PAGE_ALLOCATOR now, which provides additional uncertainty to memory layouts, though at a rather low granularity of 4MB (see SHUFFLE_ORDER). Also note that this feature needs to be enabled at boot time with page_alloc.shuffle=1 unless you have direct-mapped memory-side-cache (you can check the state at /sys/module/page_alloc/parameters/shuffle)."

At the 2019 Linux Storage, Filesystem,and Memory-Management Summit (LSFMM) Brendan Gregg gave a keynote on BPF observability that included a kernel issue he had debugged on Netflixproduction servers using bpftrace. In thisarticle, he provides a crash course on bpftrace for kernel developers—to help them moreeasily analyze their code.Subscribers can read on for a look at kernel analysis usingbpftrace from the upcoming weekly edition.

Security updates have been issued by Arch Linux (chromium, firefox, and squid), CentOS (thunderbird and vim), Debian (libonig), SUSE (firefox, glibc, kernel, libxslt, and tomcat), and Ubuntu (libreoffice and thunderbird).

The LWN.net Weekly Edition for July 18, 2019 is available.

The Python 3.8 beta cycle is already underway, with Python 3.8.0b1released on June 4, followed by the second betaon July 4. That means that Python 3.8 is feature complete atthis point, which makes it a good time to see what will be part of it whenthe final release is made. That is currently scheduledfor October, so users don't have that long to wait to start using those newfeatures.

A question about the future of package distribution is at the heart of adisagreement about the snap plugin for the GNOME Software applicationin Fedora. In a Fedora devel mailing list thread,Richard Hughes raisedmultiple issues about the plugin and the direction that he sees Canonical taking with snaps for Ubuntu.He plans to remove support for the plugin for GNOME Software inFedora 31.

Security updates have been issued by Debian (libreoffice), Red Hat (thunderbird), SUSE (ardana and crowbar, firefox, libgcrypt, and xrdp), and Ubuntu (nss, squid3, and wavpack).

Security updates have been issued by Fedora (expat and radare2), Oracle (thunderbird), Red Hat (389-ds-base, keepalived, libssh2, perl, and vim), Scientific Linux (thunderbird), SUSE (bzip2, kernel, podofo, systemd, webkit2gtk3, and xrdp), and Ubuntu (bash, nss, redis, squid, squid3, and Zipios).

The LXD team has announcedthe release of LXD 3.15. "One big highlight is the transition to the dqlite 1.0 branch which will bring us more performance and reliability, both for our cluster users and for standalone installations. This rework moves a lot of the low-level database/replication logic to dedicated C libraries and significantly reduces the amount of back and forth going on between C and Go."

Our increasingly aggressive moderncompilers produce increasingly surprising code optimizations. Some ofthese optimizations might be especially surprising to developers who assumethat each plain C-language load or store will always result in anassembly-language load or store. Although this article is written forLinux kernel developers, many of these scenarios also apply to otherconcurrent code bases, keeping in mind that "concurrent code bases" alsoincludes single-threaded code bases that use interrupts or signals.

Security updates have been issued by CentOS (firefox), Debian (libspring-java, ruby-mini-magick, and thunderbird), Fedora (fossil, python-django, snapd-glib, and thunderbird), openSUSE (helm and monitoring-plugins), Red Hat (cyrus-imapd, thunderbird, and vim), Scientific Linux (vim), Slackware (bzip2), SUSE (bubblewrap, bzip2, expat, glib2, kernel, php7, python3, and tomcat), and Ubuntu (exiv2, firefox, and flightcrew).

Greg Kroah-Hartman has announced the release of the 5.2.1, 5.1.18,and 4.19.59 stable kernels. As is usual,they contain important fixes throughout the tree; users of those seriesshould upgrade.

As of this writing, exactly 6,666 non-merge changesets have been pulledinto the mainline repository for the 5.3 development cycle. The mergewindow has thus just begun, there is still quite a bit in the way ofinteresting changes to look at. Read on for a list of what has been mergedso far.

Fedora Magazine has posted an introduction tothe Silverblue distribution. "One of the main benefits is security. The base operating system is mounted as read-only, and thus cannot be modified by malicious software. The only way to alter the system is through the rpm-ostree utility.Another benefit is robustness. It’s nearly impossible for a regular user to get the OS to the state when it doesn’t boot or doesn’t work properly after accidentally or unintentionally removing some system library."

Security updates have been issued by CentOS (dbus), Debian (firefox-esr, python3.4, and redis), Mageia (ffmpeg), Oracle (firefox, libvirt, and qemu), Red Hat (firefox and virt:8.0.0), Scientific Linux (firefox), and SUSE (kernel).

When it comes to new filesystems for Linux, patience is certainly avirtue. Btrfs took years to mature and, according to some, still isn'tready yet. Tux3 has kept users waitingsince at least 2008; as of 2018 its developer still saidthat it was progressing. By these measures, bcachefs is a relative youngster, havingbeen first announced a mere four yearsago. Development of this next-generation filesystem continues, and bcachefs developer Kent Overstreet recently proclaimedhis desire to "get this sucker merged", but there are someobstacles to overcome still.

Damian Conway writesabout the power of infinite sequences in Perl 6.The sequence of primes is just the sequence of positive integers,filtered (with a .grep) to keep only the ones that are prime.And, of course, Perl 6 already has a prime number tester: the built-in&is-prime function. The sequence of primes never changes, so we candeclare it as a constant:

Security updates have been issued by Debian (dosbox and openjpeg2), Oracle (dbus and kernel), Scientific Linux (dbus), Slackware (mozilla), and SUSE (fence-agents, libqb, postgresql10, and sqlite3).

The LWN.net Weekly Edition for July 11, 2019 is available.

The third edition of the Operating-System-Directed Power-Management (OSPM) summit was heldMay 20-22 at the ReTiS Lab of the Scuola Superiore Sant'Anna in Pisa,Italy. The summit is organized to collaborate on ways to reduce the energyconsumption of Linux systems, while still meeting performance and othergoals. It is attended by scheduler, power-management, and other kerneldevelopers, as well as academics, industry representatives, and othersinterested in the topics.As with previous years (2018 and 2017), LWN is happy to be able to bring ourreaders some extensive writeups of the talks and discussions that went onat OSPM. Subscribers can read on for the start of the writeups from thesummit, which were authored by a long list of the participants.

Stable kernels 5.1.17, 4.19.58, 4.14.133, 4.9.185, and 4.4.185 have been released. They all containimportant fixes throughout the tree and users should upgrade.

Security updates have been issued by Debian (redis), Fedora (expat), Mageia (dosbox, irssi, microcode, and postgresql11), Red Hat (bind, dbus, openstack-ironic-inspector, openstack-tripleo-common, python-novajoin, and qemu-kvm-rhev), Scientific Linux (kernel), SUSE (kernel-firmware, libdlm, libqb, and libqb), and Ubuntu (apport).

Python does not lack for web frameworks, from all-encompassing frameworkslike Django to"nanoframeworks" such as WebCore. A recent "sparetime" project caused me to look into options in the middle of this range ofchoices, which is where the Python "microframeworks" live. In particular,I tried out the Bottle and Flask microframeworks—and learned a lotin the process.Subscribers can read on for the full report by Jake Edge from this week'sedition.

GnuPG 2.2.17 has been released to mitigate attacks on keyservers. In particular, GPG willnow ignore all key-signatures received from keyservers by default.

Firefox 68.0 has been released, with an Extended Support Release (ESR)version available, in addition to the usual rapid release version. Therapid release version features a dark mode in reader view, improvedextension security and discovery, and more. See the releasenotes for details. The ESRrelease notes list some additional policies and other improvements.

Software in the Public Interest (SPI) has announcedthat nominations are open until July 15 for 3 seats on the SPIboard. "The ideal candidate will have an existing involvement in theFree and Open Source community, though this need not be with a projectaffiliated with SPI."

Security updates have been issued by Arch Linux (irssi, python-django, and python2-django), Debian (libspring-security-2.0-java and zeromq3), Red Hat (python27-python), SUSE (ImageMagick, postgresql10, python-Pillow, and zeromq), and Ubuntu (apport, Docker, glib2.0, gvfs, whoopsie, and zeromq3).

Fedora project leader Matthew Miller reassures the community that IBM'sacquisition of Red Hat, which just closed, will not affect Fedora. "In Fedora, our mission, governance, and objectives remain the same. RedHat associates will continue to contribute to the upstream in the sameways they have been."

The Android system has shipped a couple of allocators for DMA buffersover the years; first came PMEM, then itsreplacement ION. The ION allocator hasbeen in use since around 2012, but it remains stuck in the kernel's stagingtree. The work to add ION to the mainline started in 2013;at that time, the allocator had multiple issues that made inclusionimpossible. Recently, John Stultz posteda patch set introducing DMA-BUF heaps, an evolution of ION, that isdesigned to do exactly that — get the Android DMA-buffer allocator tothe mainline Linux kernel.

Konstantin Ryabitsev has posted alengthy blog entry describing his vision for moving away from email forkernel development. "I think it's way past due time for us to comeup with a solution that would offer decentralized, self-archiving, fullyattestable, 'cradle-to-grave' development platform that covers all aspectsof project development and not just the code. It must move us away frommailing lists, but avoid introducing single points of trust, authority, andfailure."

Security updates have been issued by Debian (dosbox, python-django, squid3, and unzip), Fedora (filezilla, libfilezilla, and samba), openSUSE (gvfs), Oracle (kernel), Red Hat (firefox and redhat-virtualization-host), SUSE (bash and libpng16), and Ubuntu (libvirt).

Linus Torvalds has released the 5.2 kernel.He originally planned for an rc8 this week, rather than 5.2, due to his travel schedule, but was pleasantly surprised at how calm things have been. "So despite a fairly late core revert, I don't see any real reason for another week of rc, and so we have a v5.2 with the normal releasetiming."Some of the more significant changes in 5.2 area new CLONE_PIDFD flag to clone() to obtain a pidfd for thenew process,a significant BPF verifier performance improvement that allows the maximumsize of a BPF program to be raised to 1 million instructions,a BPF hook to manage sysctl knobs,a new set of system calls for filesystemmounting,case-insensitive lookups for the ext4filesystem,a process freezer for version-2 control groups,pressure-stall monitors,and, of course, a vast number of fixes.See the KernelNewbies 5.2page for a lot more details.

Debian version 10, code named "Buster", has been released. It has lots of new features, including: "In this release, GNOME defaults to using the Wayland display server instead of Xorg. Wayland has a simpler and more modern design, which has advantages for security. However, the Xorg display server is still installed by default and the default display manager allows users to choose Xorg as the display server for their next session.Thanks to the Reproducible Builds project, over 91% of the source packages included in Debian 10 will build bit-for-bit identical binary packages. This is an important verification feature which protects users against malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive.For those in security-sensitive environments AppArmor, a mandatory access control framework for restricting programs' capabilities, is installed and enabled by default. Furthermore, all methods provided by APT (except cdrom, gpgv, and rsh) can optionally make use of seccomp-BPF sandboxing. The https method for APT is included in the apt package and does not need to be installed separately." More information can be found in the release notes.

The kernel development community continues to propose new system calls at ahigh rate. Three ideas that are currently in circulation on the mailinglists are clone3(), fchmodat4(), and fsinfo().In some cases, developers are just trying to make more flag bits available,but there is also some significant new functionality being discussed.

The Open Build Service (OBS) project has announced the release of version 2.10 of OBS, which is a system to build and distribute binary packages built from source code. The new version has revamped the web user interface and upgraded the container delivery mechanisms. Beyond that, it has fixed plenty of bugs (of course), added a bunch of smaller features, and now provides integration with other online tools: "Another trend in the professional software world is to plug various tools together into grand continuous integration/deployment cycles (CI/CD). You, of course, also want to throw the OBS into the mix and we traditionally supported you to do that on GitHub with webhooks. The 2.10 release now brings the same kind of support to other tools like Gitlab and Pagure. You can trigger all kinds of actions on OBS for every git commit or other events that happen on those tools."

Security updates have been issued by SUSE (firefox, mozilla-nss, mozilla-nspr, helm-mirror, libu2f-host, and libu2f-host, pam_u2f) and Ubuntu (bzip2 and irssi).

On NUMA systems with a lot of CPUs, it is common to assign parts of theworkload to different subsets of the available processors. Thispartitioning can improve performance while reducing the ability of jobs tointerfere with each other. The partitioning mechanisms available oncurrent kernels might just do too good a job in some situations, though,leaving some CPUs idle while others are overutilized. The softaffinity patch set from Subhra Mazumdar is an attempt to improveperformance by making that partitioning more porous.

Security updates have been issued by CentOS (libssh2 and qemu-kvm), Debian (lemonldap-ng), Fedora (tomcat), Oracle (kernel), and SUSE (elfutils, kernel, and php5).

The LWN.net Weekly Edition for July 4, 2019 is available.

There is no doubt that the transition from Python 2 to Python 3has been a difficult one, but Linux distributions have been particularlyhard hit. For many people, that transition is largely over; Python 2 will beretired at the end of this year, at least by the core development team.But distributions will have to support Python 2 for quite a whileafter that. As part of any transition, the version that gets run fromthepython binary (or symbolic link) is something that needs to beworked out. Fedora is currently discussing what to do about that forFedora 31.

Debian typically uses code names to refer to its releases, startingwith the Toy Story character names used (mostly) instead of numbers.The "Buster" release is due on July 6 and you will rarely hear itreferred to as "Debian 10". There are some other code names used forrepository (or suite) names in the Debian infrastructure; "stable", "testing","unstable", "oldstable", and sometimes even "oldoldstable" are all used aspart of the sources for the APTpackaging tool. But code names of any sort are hard to keep track of; adiscussion on the debian-devel mailing list looks at moving away from, atleast, some of the repository code names.