LWN.net

Stable kernels 5.1.16, 4.19.57, and 4.14.132 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (pdns), Fedora (kernel and kernel-headers), Mageia (cgit and firefox), Oracle (libssh2 and qemu-kvm), Red Hat (openstack-ironic-inspector, openstack-tripleo-common, and qemu-kvm-rhev), Scientific Linux (libssh2 and qemu-kvm), SUSE (bzip2, cronie, libtasn1, nmap, php7, php72, python-Twisted, and taglib), and Ubuntu (thunderbird and znc).

A problem with the way that OpenPGPpublic-key certificates are handled by key servers and applications iswreaking some havoc, but not just for those who own the certificates (andkeys)—anyone who has those keys on their keyring and does regular updateswill be affected. It is effectively a denial of service attack, but onethat propagates differently than most others. The mechanism of this"certificate flooding" is one that isnormally used to add attestations to the key owner's identity (also known as"signing the key"), but becauseof the way most key servers work, it can be used to fill a certificate with"spam"—with far-reaching effects.

Security updates have been issued by Arch Linux (firefox, firefox-developer-edition, libarchive, and vlc), CentOS (firefox, thunderbird, and vim), Debian (firefox-esr, openssl, and python-django), Fedora (glpi and xen), Mageia (thunderbird), openSUSE (ImageMagick, irssi, libheimdal, and phpMyAdmin), Red Hat (libssh2 and qemu-kvm), Scientific Linux (firefox, thunderbird, and vim), SUSE (389-ds, cf-cli, curl, dbus-1, dnsmasq, evolution, glib2, gnutls, graphviz, java-1_8_0-openjdk, and libxslt), and Ubuntu (python-django).

CPU scheduling is a difficult task in the best of times; it is not trivialto pick the next process to run while maintaining fairness, minimizingenergy use, and using the available CPUs to their fullest potential. Theadvent of increasingly complex system architectures is not making thingseasier; scheduling on asymmetric systems (such as the big.LITTLEarchitecture) is a case in point. The "turbo" mode provided by some recentprocessors is another. The TurboSchedpatch set from Parth Shah is an attempt to improve the scheduler'sability to get the best performance from such processors.

GnuPG contributors Robert J. Hansen (rjh) and Daniel Kahn Gillmor (dkg) werevictims of a certificate spamming attack over the past week.This attack exploited a defect in the OpenPGP protocol itself in order to "poison" rjh and dkg's OpenPGP certificates. Anyone who attempts to import a poisoned certificate into a vulnerable OpenPGP installation will very likely break their installation in hard-to-debug ways. Poisoned certificates are already on the SKS keyserver network. There is no reason to believe the attacker will stop at just poisoning two certificates. Further, given the ease of the attack and the highly publicized success of the attack, it is prudent to believe other certificates will soon be poisoned.This attack cannot be mitigated by the SKS keyserver network in any reasonable time period. It is unlikely to be mitigated by the OpenPGP Working Group in any reasonable time period. Future releases of OpenPGP software will likely have some sort of mitigation, but there is no time frame. The best mitigation that can be applied at present is simple: stop retrieving data from the SKS keyserver network.(Thanks to Kareem Khazem.)

Forbes reportsthat Google has launched a new website, fuchsia.dev, with documentationand source for Fuchsia OS, including the Zirconmicrokernel. "Zircon was previously known as Magenta and it was designed to scale to any application from embedded RTOS (Real-Time Operating Systems) to mobile and desktop devices of all kinds. As a result, there has been much speculation that Fuchsia will be the natural successor to Android and Chrome OS, combining capabilities of both with backwards compatibility to run legacy applications built on either. In short, this thing is designed to run on anything from 32-bit or 64-bit ARM cores to 64-bit X86 processors and it has a potential to be rather disruptive."

Security updates have been issued by Debian (expat, golang-go.crypto, gpac, and rdesktop), Fedora (chromium, GraphicsMagick, kernel, kernel-headers, pdns, and xen), openSUSE (chromium, dbus-1, evince, libvirt, postgresql96, tomcat, and wireshark), Oracle (thunderbird and vim), Scientific Linux (thunderbird), Slackware (irssi), SUSE (gvfs), and Ubuntu (linux-lts-xenial, linux-aws, linux-azure and linux-oem, linux-oracle, linux-raspi2, linux-snapdragon).

The Mageia distribution has releasedversion 7. "Mageia 7 comes with a huge variety of desktops andwindow managers, improved support for Wayland and for hybrid graphicscards. On a more fun note, an effort was made to enhance gaming in Mageia,so there are many new upgrades and additions to the gamecollection." See the releasenotes for details.

The 5.2-rc7 kernel prepatch is out fortesting. "All small and fairly uninteresting. Arch updates,networking, core kernel, filesystems, misc drivers. Nothing stands out -just read the appended shortlog."

Over on Opensource.com, FreeDOS founder Jim Hall writes about the origin of the MS-DOS replacement on the 25th anniversary of FreeDOS. "While I announced the project as PD-DOS (for "public domain," although the abbreviation was meant to mimic IBM's "PC-DOS"), we soon changed the name to Free-DOS and later FreeDOS.I started working on it right away. First, I shared the utilities I had written to expand the DOS command line. Many of them reproduced MS-DOS features, including CLS, DATE, DEL, FIND, HELP, and MORE. Some added new features to DOS that I borrowed from Unix, such as TEE and TRCH (a simple implementation of Unix's tr). I contributed over a dozen FreeDOS utilitiesBy sharing my utilities, I gave other developers a starting point. And by sharing my source code under the GNU General Public License (GNU GPL), I implicitly allowed others to add new features and fix bugs."

On his blog, Kees Cook looks at some graphs of package hardening efforts in Ubuntu and Debian, noting that they have nearly completely flattened out over the last few years. He wonders what might be the next hardening feature on the horizon and speculates some on that: "What new compiler feature adoption could be measured? I think there are still a few good candidates…How about enabling -fstack-clash-protection (only in GCC, Clang still hasn’t implemented it).Or how about getting serious and using forward-edge Control Flow Integrity? (Clang has -fsanitize=cfi for general purpose function prototype based enforcement, and GCC has the more limited -fvtable-verify for C++ objects.)Where is backward-edge CFI? (Is everyone waiting for CET?)"

Part of the kernel's job is to arbitrate access to the available hardwareresources and ensure that every process gets its fair share, with "its fairshare" being defined by policies specified by the administrator. Oneresource that must be managed this way is I/O bandwidth to storage devices;if due care is not taken, an I/O-hungry process can easily saturate adevice, starving out others. The kernel has had a few I/O-bandwidthcontrollers over the years, but the results have never been entirelysatisfactory. But there is a newcontroller on the block that might just get the job done.

Security updates have been issued by Debian (expat and mupdf), Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (thunderbird), Oracle (thunderbird and vim), SUSE (glibc), and Ubuntu (poppler).

The bpf()system call allows user space to load a BPF program into the kernel forexecution, manipulate BPF maps, and carry out a number of other BPF-relatedfunctions. BPF programs are verified and sandboxed, but they are still running in a privileged context and, depending on the type of programloaded, are capable of creating various types of mayhem. As a result, mostBPF operations, including theloading of almost all types of BPF program, are restricted to processes withthe CAP_SYS_ADMIN capability — those running as root, as a generalrule. BPF programs are useful in many contexts, though, so there has long beeninterest in making access to bpf() more widely available. One step in that direction has been postedby Song Liu; it works by adding a novel security-policy mechanism to thekernel.

Greg Kroah-Hartman has released the 4.14.131, 4.9.184, and 4.4.184 stable kernels. Each contains asingle patch that fixes a problem in the TCPSACK panic fixes that was commonly seen by the Steam gamingcommunity.

Security updates have been issued by Fedora (drupal7-uuid, php-brumann-polyfill-unserialize, and php-typo3-phar-stream-wrapper2), openSUSE (ansible, compat-openssl098, exempi, glib2, gstreamer-0_10-plugins-base, gstreamer-plugins-base, libmediainfo, libssh2_org, SDL2, sqlite3, and wireshark), Oracle (firefox), Red Hat (thunderbird and vim), Scientific Linux (firefox), SUSE (java-1_8_0-ibm), and Ubuntu (bzip2 and expat).

The LWN.net Weekly Edition for June 27, 2019 is available.

Over the past couple of months, things have been moving fairly swiftlytoward the establishment of a separate entity to govern the openSUSEproject. The idea is mainly meant to set up an organization that canreceive and disburse funds on behalf of the project, rather than as somekind of move away from its parent company, SUSE. Also, while SUSE seems tobe in a healthy position with a strong interest in supporting and workingon openSUSE, that could change down the road, so a foundation or similarorganization seems like the right way to go. At this point, the firstdraft of the foundation proposal has been posted; it generally has thesupport of SUSE management, so it is time to see what thoughts thecommunity has.

Security updates have been issued by Debian (python3.4), Oracle (firefox), Red Hat (firefox and kernel-alt), SUSE (ImageMagick and SUSE Manager Server 3.2), and Ubuntu (bzip2).

More bugs in free software are being found these days, which is good formany reasons, but there are some possible downsides to that as well. Inaddition, projects like OSS-Fuzz arefinding lots of bugs in an automated fashion—many of which may be securityrelevant. The sheer number of bugs being reported is overwhelming many(most?) free-software projects, which simply do not have enough eyeballs tofix, or even triage, many of the reports they receive. A discussion aboutthat is currently playing out on the oss-security mailing list.

GitLab 12.0 has been released. "GitLabgives users the ability to automatically create review apps for each merge request. This allows anyone to see how the design or UX has been changed.In GitLab 12.0, we are expanding the ability to discuss those changes bybringing the ability to insert visual reviewtools directly into the Review App itself. With a small code snippet,users can enable designers, product managers, and other stakeholders toquickly provide feedback on a merge request without leaving theapp." Other features include the ability to easily access aproject's Dependency List, restrict access by IP address, and much more.

Stable kernels 5.1.15, 4.19.56, and 4.14.130 have been released. The all containimportant fixes and users should upgrade.

Security updates have been issued by CentOS (python), Debian (bzip2, libvirt, python2.7, python3.4, rdesktop, and thunderbird), Fedora (thunderbird and tomcat), openSUSE (aubio, docker, enigmail, GraphicsMagick, and python-Jinja2), SUSE (kernel, libvirt, postgresql96, and tomcat), and Ubuntu (ceph, firefox, imagemagick, libmysofa, linux, linux-hwe, neutron, and policykit-desktop-privileges).

Konstantin Ryabitsev has announceda new public blogging platform for kernel developers. "Ever since the demise of Google+, many developers have expressed a desire to have a service that would provide a way to create and manage content in a format that would be more rich and easier to access than email messages sent to LKML.Today, we would like to introduce people.kernel.org, which is anActivityPub-enabled federated platform powered by WriteFreely and hosted byvery nice and accommodating folks at write.as." (LWN looked at WriteFreely back in March).

Here's astatement from the Apache Software Foundation regarding changes in itsleadership: "It is with a mix of sadness and appreciation that theASF Board accepted the resignations of Board Member Jim Jagielski, ChairmanPhil Steitz, and Executive Vice President Ross Gardler last month."There is no indication of why all these people decided to leave at the sametime.

Technologies like UEFI secure boot are intended to guarantee that alocked-down system is running the software intended by its owner (for adefinition of "owner" as "whoever holds the signing key recognized by thefirmware"). That guarantee is hard to uphold, though, if a program run onthe system in question is able to modify the running kernel somehow. Thus,proponents of secure-boot technologies have been trying for years toprovide the ability to lockdown many types of kernel functionality on secure systems. The latestattempt posted by Matthew Garrett, at an eyebrow-raising version 34,tries to address previous concerns by putting lockdown under the control ofa Linux security module (LSM).

Canonical has letit be known that minds have been changed about removing all 32-bit x86support from the Ubuntu distribution. "Thanks to the huge amount of feedback this weekend from gamers, Ubuntu Studio, and the WINE community, we will change our plan and build selected 32-bit i386 packages for Ubuntu 19.10 and 20.04 LTS.We will put in place a community process to determine which 32-bit packages are needed to support legacy software, and can add to that list post-release if we miss something that is needed."

PostmarketOS is an Alpine Linux based operating system for mobiledevices. The postmarketOS blog takes a lookat the project after two years of development. "Wouldn't it be great if you could take any obsolete smartphone from the past ten years and replace its outdated and insecure software with a maintained, modular free software stack? How about then using it as a Raspberry Pi-like device for your next tinkering project? With some constraints, postmarketOS makes this possible today for 139 booting devices. Every single package in the whole OS can be updated, with the only exceptions being the vendor's Linux kernel and firmware blobs (if you plan on using them). In a few cases, it is even possible to switch out the discontinued vendor kernel forks with the upstream kernel releases straight from Linus Torvalds."

Security updates have been issued by Debian (jackson-databind, libvirt, pdns, and vim), Fedora (evince, firefox, gjs, libxslt, mozjs60, and poppler), openSUSE (dbus-1, firefox, ImageMagick, netpbm, openssh, and thunderbird), Oracle (libssh2, libvirt, and python), Scientific Linux (python), SUSE (compat-openssl098 , dbus-1 , evince , exempi , firefox , glib2 , gstreamer-0_10-plugins-base , gstreamer-plugins-base , java-1_8_0-ibm , libssh2_org , libvirt , netpbm , samba , SDL2 , sqlite3 , thunderbird , and wireshark ), and Ubuntu (web2py).

The 5.2-rc6 kernel prepatch has beenreleased. Linus worries that the volume of changes has increased — but nottoo much. "With all that out of the way, I'm still reasonablyoptimistic that we're on track for a calm final part of the release, and Idon't think there is anything particularly bad on the horizon." Healso notes that, due to travel, he'll be releasing 5.2-rc7 later thanusual.

The 5.1.13,4.19.54,4.14.129,4.9.183, and4.4.183 stable kernels have all beenreleased with another set of important fixes. A few milliseconds later,5.1.14 and4.19.55 came out with one more networkingfix.

The FreeBSD operating system is continuingto make progress, 26 years after it got its name. Among the areas wherework is being done is onimproved support for RISC-V, FUSEfilesystem updates, C runtime changes, and security improvements. FreeBSDDay is celebrated on June 19, in recognition of the date in 1993 whenthe name FreeBSD was coined fora fork of the 386BSD project. The first official release of FreeBSD did not occur until November 1, 1993, however.Ahead of FreeBSDDay, the project released its quarterlyreport for the first quarter of 2019, outlining some of its ongoingefforts. In addition to the quarterly report, the executive director of theFreeBSD Foundation provided LWN with some insights into the state of theproject and the foundation that supports it.

As of this writing, just over 13,600 non-merge changesets have been pulledinto the mainline repository for the 5.2 development cycle. The time hascome, once again, for a look at where that work came from and who supportedit. There are some unique aspects to 5.2 that have thrown off some of theusual numbers.

Bunnie Huang writesabout the escalating trade wars and how they could be harmful to theopen-source community. "Because the administrative action so faragainst Huawei relies only upon export license restrictions, the LinuxFoundation has been able to find shelter under a license exemption for opensource software. However, should Huawei be designated as a 'foreignadversary' under EO13873, it greatly expands the scope of the ban becauseit prohibits transactions with entities under the direction or influence offoreign adversaries. The executive order also broadly includes anyinformation technology including hardware and software with no exemptionfor open source."

Security updates have been issued by CentOS (libvirt and python), Debian (intel-microcode, php-horde-form, and znc), Fedora (firefox), Mageia (firefox, flash-player-plugin, git, graphicsmagick, kernel, kernel-linus, kernel-tmb, phpmyadmin, and thunderbird), Oracle (libssh2, libvirt, and python), Red Hat (libvirt and python), Scientific Linux (libvirt), Slackware (bind and mozilla), SUSE (enigmail), and Ubuntu (bind9, intel-microcode, mosquitto, postgresql-10, postgresql-11, and thunderbird).

The calling interfaces between programming languages are, by their nature,ripe for misunderstandings; different languages can have subtly differentideas of how data should be passed around. Such misunderstandings oftenhave the effect of making things break right away; these are quicklyfixed. Others can persist for years or even decades before jumping out ofthe shadows and making things fail. A problem of the latter varietyrecently turned up in how some C programs are passing strings to Fortransubroutines, with unpleasant effects on widely used packages like LAPACK.

The Kubernetes container orchestrator team has announced the release of Kubernetes 1.15; the main themes of this release are "extensibility and continuous improvement". One of the focus areas was on usability and lifecycle stability for clusters:"Work on making Kubernetes installation, upgrade and configuration even more robust has been a major focus for this cycle for SIG Cluster Lifecycle (see our last Community Update). Bug fixes across bare metal tooling and production-ready user stories, such as the high availability use cases have been given priority for 1.15.kubeadm, the cluster lifecycle building block, continues to receive features and stability work required for bootstrapping production clusters efficiently. kubeadm has promoted high availability (HA) capability to beta, allowing users to use the familiar kubeadm init and kubeadm join commands to configure and deploy an HA control plane. An entire new test suite has been created specifically for ensuring these features will stay stable over time."More information can be found in therelease notes.

Security updates have been issued by Debian (firefox-esr, gvfs, intel-microcode, and python-urllib3), Fedora (advancecomp, firefox, freeradius, kubernetes, pam-u2f, and rubygem-jquery-ui-rails), openSUSE (elfutils and sssd), Red Hat (chromium-browser), SUSE (doxygen and samba), and Ubuntu (evince, firefox, Gunicorn, libvirt, and sqlite3).

The LWN.net Weekly Edition for June 20, 2019 is available.

Selectiveacknowledgment (SACK) is a technique used by TCP to help alleviatecongestion that can arise due to the retransmission of dropped packets. It allowsthe endpoints to describe which pieces of the data they have received,so that only the missing pieces need to be retransmitted. However, a bugwas recently found in the Linux implementation of SACK that allows remoteattackers to panic the system by sending crafted SACK information.

Starting with the upcoming "Eoan Ermine" (a.k.a. 19.10) release, the Ubuntudistribution willnot support 32-bit x86 systems. "The Ubuntu engineering team hasreviewed the facts before us and concluded that we should not continue tocarry i386 forward as an architecture. Consequently, i386 will not beincluded as an architecture for the 19.10 release, and we will shortlybegin the process of disabling it for the eoan series across Ubuntuinfrastructure."

Version3.10.0 of the Alpine Linux distribution is out. It includes a switchto the iwd WiFi management daemon, supportfor the ceph filesystem, the lightdm display manager, and more.

Python has followed an 18-month release cycle for many years now; eachnew 3.x release comes at that frequency. It has worked well, overall,but there is interest in having a shorter cycle, which would mean that newfeatures get into users' hands more quickly. But changing that longstandingcycle has implications in many different places, some of which have come upas part of a discussion on switching to a cycle of a different length.

Stable kernels 5.1.12, 4.19.53, and 4.14.128 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Arch Linux (dbus, firefox, kernel, linux-lts, linux-zen, and python), CentOS (bind and kernel), Debian (firefox-esr, glib2.0, and vim), Fedora (dbus, kernel, kernel-headers, mingw-libxslt, poppler, and python-gnupg), openSUSE (gnome-shell, kernel, libcroco, php7, postgresql10, python, sssd, and thunderbird), Oracle (kernel and libvirt), Red Hat (go-toolset:rhel8, gvfs, java-11-openjdk, pki-deps:10.6, systemd, and WALinuxAgent), SUSE (docker, kernel, libvirt, openssl, openssl1, and python-Jinja2), and Ubuntu (samba).

Maintaining a subsystem, as a general rule, requires a familiarity with theGit source-code management system. Git is a powerful tool with a lot offeatures; as is often the case with such tools, there are right and wrongways to use those features. This document looks in particular at the useof rebasing and merging. Maintainers often get in trouble when they usethose tools incorrectly, but avoiding problems is not actually all thathard.

Security updates have been issued by Arch Linux (linux-hardened), Debian (kdepim, kernel, linux-4.9, and phpmyadmin), Fedora (ansible and glib2), openSUSE (kernel and vim), Oracle (bind and kernel), Red Hat (kernel and kernel-rt), Scientific Linux (bind and kernel), SUSE (dbus-1, ImageMagick, kernel, netpbm, openssh, and sqlite3), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon and linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial).

Stable kernels 5.1.11, 4.19.52, 4.14.127, 4.9.182, and 4.4.182 have been released. They all contain arelatively small set of important fixes; users should upgrade.

At KubeCon +CloudNativeCon Europe 2019 there was a public meeting of the Cloud Native Computing Foundation (CNCF) TechnicalOversight Committee (TOC); its members outlined the currentstate of the CNCF and where things are headed.What emerged was apicture of how the CNCF's governance is evolving as it brings in moreprojects, launches a new special interest group mechanism, andcontemplates what to do with projects that go dormant.