LWN.net

The 5.1-rc5 kernel prepatch is out fortesting. "Nothing in here makes me feel uncomfortable about thisrelease cycle so far. Knock wood."

Running out of memory puts a Linux system into a difficult situation; inthe worst cases, there is often no way out other than killing one or moreprocesses to reclaim their memory. This killing may be done by the kernelitself or, on systems like Android, by a user-space out-of-memory (OOM)killer process. Killing a process is almost certain to make somebody unhappy;the kernel should at least try to use that process's memory expeditiouslyso that, with luck, no other processes must die. That does not alwayshappen, though, in current kernels. Thispatch set from Suren Baghdasaryan aims to improve the situation, butthe solution that results in the end may take a different form.

Version 26.2 of the Emacs editor is out. The headline features include theability to build modules outside of the source tree, Unicode 11 compliance,and the long-awaited ability to compress an entire directory full of fileswith a single keystroke.

Security updates have been issued by CentOS (freerdp, kernel, openssh, and python), Fedora (checkstyle), openSUSE (bluez, file, kernel, and libarchive), SUSE (apache2, curl, ghostscript, libvirt, openssh, and systemd), and Ubuntu (rssh).

Some things simply take time. When your editor restarted the search for a free accountingsystem, he had truly hoped to be done by now. But life gets busy, andaccounting systems are remarkably prone to falling off the list of thingsone wants to deal with in any given day. On the other hand, accounting canreturn to that list quickly whenever LWN's proprietary accounting softwaredoes something particularly obnoxious. This turns out to be one of thosetimes, so your editor set out to determine whether beancount could do the job.

Security updates have been issued by Arch Linux (apache, evolution, gnutls, and thunderbird), Debian (wpa), Gentoo (git), Mageia (dovecot, flash-player-plugin, gpac, gpsd, imagemagick, koji, libssh2, libvirt, mariadb, ming, mumble, ntp, python, python3, squirrelmail, and wget), openSUSE (apache2), Red Hat (httpd24-httpd and httpd24-mod_auth_mellon), SUSE (libqt5-qtbase, openldap2, tar, and xmltooling), and Ubuntu (ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 and wpa).

The LWN.net Weekly Edition for April 11, 2019 is available.

Finding ways to put backdoors into various programming-language packagerepositories (e.g. npm, PyPI, and now RubyGems) seems like it is becoming a new Olympicsport or something. Every time you turn around, there is areport of a new backdoor. It is now apparently Ruby's turn, with anew report of aremote-execution backdoor being inserted, briefly, into a popular gem thatis installed by some sites using the Ruby onRails web-application framework.

Security updates have been issued by Debian (samba and spip), openSUSE (samba), Red Hat (flash-plugin), Scientific Linux (kernel and openssh), SUSE (clamav and xen), and Ubuntu (apache2).

Here's aresearch paper from Andrew Baumann, Jonathan Appavoo, Orran Krieger, andTimothy Roscoe, published on the Microsoft Research site, arguing that thefork() system call is a fundamental design mistake. "As the designers andimplementers of operating systems, we should acknowledge that fork’scontinued existence as a first-class OS primitive holds back systemsresearch, and deprecate it. As educators, we should teach fork as ahistorical artifact, and not the first process creation mechanism studentsencounter." The discussion of better alternatives is limited,though.

Arguments can be passed to Python functions by position or bykeyword—generally both. There are times when API designers may wish torestrict some function parameters to only be passed by position, which isharder than some think it should be in pure Python. That has led to a PEPthat is meant to make the situation better, but opponents say it doesn't really do that;it simply replaces one obscure mechanism with another. The PEP wasassigned a fairly well-known "BDFL delegate" (former BDFL Guido van Rossum), who hasaccepted it, presumably for Python 3.8.

"Sysctl" is the kernel's mechanism for exposing tunable parameters to userspace. Every sysctl knob is presented as a virtual file in a hierarchyunder /proc/sys; current values can be queried by reading thosefiles, and a suitably privileged user can change a value by writing to itsassociated file. What happens, though, when a system administrator wouldlike to limit access to sysctl, even for privileged users? Currently thereis no solution to this problem other than blocking access to /procentirely. That may change, though, if this patchset from Andrey Ignatov makes its way into the mainline.

Security updates have been issued by Debian (poppler, proftpd-dfsg, suricata, and systemd), Fedora (kernel, kernel-headers, kernel-tools, and wget), Gentoo (clamav, emerge-delta-webrsync, and mailman), openSUSE (bash), Red Hat (kernel and openssh), Scientific Linux (python), SUSE (gnuplot, libtcnative-1-0, and sqlite3), and Ubuntu (clamav, lua5.3, openjdk-7, samba, systemd, and wget).

Memory fragmentation is a constant problem for memory-managementsubsystems. Over the years, considerable effort has been put intoreducing fragmentation in the Linux kernel, but almost all of that work hasbeen focused on memory management at the page level. The slab allocators,which (mostly) manage memory in chunks of less than the page size, haveseen less attention, but fragmentation at this level can create problems throughout the system. The slabmovable objects patch set posted by Tobin Harding is an attempt toimprove this situation by making it possible for the kernel to activelydefragment slab pages by moving objects around.

Security updates have been issued by Debian (roundup, samba, tryton-server, and wget), Fedora (evolution-data-server, evolution-ews, glpi, ntp, poppler, pspp, and wget), Mageia (advancecomp, cfitsio, firefox, ghostscript, gnutls, libjpeg, libpng, ocaml, python-yaml, ruby-ox, SDL12, and thunderbird), openSUSE (adcli, sssd, go1.11, liblouis, nodejs6, openssl, ovmf, sqlite3, sysstat, thunderbird, tiff, and znc), Red Hat (chromium-browser and python), Slackware (httpd, openjpeg, and wget), SUSE (bash, clamav, dovecot22, kernel, php53, SDL, and xen), and Ubuntu (clamav and samba).

BleepingComputer reportsthat browser developers are removing the ability to disable "ping="click tracking. "Google Chrome also enables this tracking feature bydefault, but in the current Chrome 73 version it includes a 'Hyperlinkauditing' flag that can be used to disable it from the chrome://flags URL.In the Chrome 74 Beta and Chrome 75 Canary builds, though, this flag hasbeen removed and there is no way to disable hyperlink auditing."Firefox still allows this "feature" to be disabled (and disables it bydefault).

The fourth 5.1 kernel prepatch is out fortesting. "Smaller than rc3, I'm happy to say. Nothingparticularly big in here, just a number of small things all over."

Security updates have been issued by Debian (pdns), Fedora (firefox, freerdp, ghostscript, gnome-boxes, gnutls, libarchive, libssh2, pidgin-sipe, poppler, and remmina), openSUSE (gd, ImageMagick, ldb, libcaca, ntp, openssl-1_1, ovmf, thunderbird, w3m, and wavpack), SUSE (apache2, firefox, and libvirt), and Ubuntu (advancecomp and apache2).

One of the new features in the 5.1 kernel is thepidfd_send_signal() system call. Combined with the (also new)ability to create a file descriptor referringto a process (a "pidfd") byopening its directory in /proc, this system call allows forthe sending of signals to processes in a race-free manner. An extension tothis feature proposed for 5.2 has, however, sparked a discussion that hasbrought the whole concept into question. It may yet be that the pidfdfeature will be put on hold before the final 5.1 release while the API aroundit is rethought.

Christian Schaller describesa long list of desktop improvements coming in the Fedora 30release. "Screen sharing support for Chrome and Firefox underWayland. The Wayland security model doesn’t allow any applicationto freely grab images or streams of the whole desktop like you could underX. This is of course a huge improvement in security, but it did cause somedisruption for valid usecases like screen sharing with things likeBlueJeans and Google Hangouts. We been working on resolving that with thehelp of PipeWire. We been at it for some time and things are now comingtogether. Chrome 73 ships with everything needed to make this work withChrome."

Security updates have been issued by Debian (apache2, golang, and putty), Gentoo (xen), and SUSE (clamav, SM3.1, and SMS3.1).

The LWN.net Weekly Edition for April 4, 2019 is available.

<p>A pair of flaws in the web interface for two small-business Cisco routersmake for a prime example of the wrong way to go about security fixes.These kinds of flaws are, sadly, fairly common, but the comedy of errorsthat resulted here is, thankfully, rather rare. Among other things, itshows thatvendors may wish to await areal fix rather than to release a small, ineffective band-aid to try to closea gaping hole.

It's been a year since we looked in on thekernel lockdown patches; that's because things have been fairly quiet onthat front since there was a loud anddiscordant dispute about them back then. But Matthew Garrett has beenposting new versions over the last two months; it would seem that thechanges that have been made might be enough to tamp down the flames and,perhaps, even allow them to be merged into the mainline.

Stable kernels 5.0.6, 4.19.33, 4.14.110, 4.9.167, 4.4.178, and 3.18.138 have been released. They all containimportant fixes throughout the tree and users should upgrade.

Security updates have been issued by Debian (apache2), Fedora (edk2 and tomcat), openSUSE (ansible, ghostscript, lftp, libgxps, libjpeg-turbo, libqt5-qtimageformats, libqt5-qtsvg, libssh2_org, openssl-1_0_0, openwsman, pdns, perl-Email-Address, putty, python-azure-agent, python-cryptography, python-pyOpenSSL, python-Flask, thunderbird, tor, unzip, and wireshark), Scientific Linux (freerdp), Slackware (wget), SUSE (bluez, file, firefox, libsndfile, netpbm, thunderbird, and xen), and Ubuntu (busybox, firebird2.5, kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle, linux-hwe, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, linux-raspi2, and policykit-1).

A Linux user's $PATH likely contains well over a thousand differentcommands that were installed by various packages. It's not immediatelyobvious which package is responsible for a command witha generic name, like createuser. There are ways to figure it out, ofcourse, but perhaps it would make sense for packages like PostgreSQL, whichis responsible for createuser, to give their commands names thatare less generic—and more easily disambiguated—such aspg_createuser. But renaming commands down the road has "backwardcompatibility problems" written all over it, as a recent discussion on the pgsql-hackers mailinglist shows.

The Debian Project sadly announced the passing of Innocent de Marchi. "Innocent was a math teacher and a free software developer. One of hispassions was tangram puzzles, which led him to write a tangram-like gamethat he later packaged and maintained in Debian. Soon his contributionsexpanded to other areas, and he also worked as a tireless translatorinto Catalan."

Software Freedom Conservancy reportsthat the Hamburg Higher Regional Court affirmed the lower court's decision,which dismissed Christoph Hellwig's case against VMWare inGermany. Hellwig will not pursue the case further in German courts.Conservancy's staff also spent a significant amount of time and resourcesat each stage of the proceedings — most recently, analyzing what thisruling could mean for future enforcement actions. The German court made afinal decision in this case on procedure and standing, not onsubstance. While we are disappointed that the courts did not take theopportunity to deliver a clear pro-software-freedom ruling, this rulingdoes not set precedent and the implications of the decision arelimited. This matter certainly would proceed differently with differentpresentation of plaintiffs or in another jurisdiction.In addition to VMware committing to removing vmklinux from their kernel, this case also succeeded in sparking significant discussion about the community-wide implications for free software when some companies playing by the rules while others continually break them. Our collective insistence, that licensing terms are not optional, has now spurred other companies to take copyleft compliance more seriously. The increased focus on respecting licenses post-lawsuit and providing source code for derivative works — when coupled with VMware's reluctant but eventual compliance — is a victory, even if we must now look to other jurisdictions and other last-resort legal actions to adjudicate the question of the GPL and derivative works of Linux.

Security updates have been issued by CentOS (firefox, libssh2, and thunderbird), Debian (firmware-nonfree, kernel, and libssh2), Fedora (drupal7, flatpak, and mod_auth_mellon), Gentoo (burp, cairo, glusterfs, libical, poppler, subversion, thunderbird, and unbound), openSUSE (yast2-rmt), Red Hat (freerdp), and SUSE (bash, ed, libarchive, ntp, and sqlite3).

Chef, the purveyor of a popular configuration-management system, has announceda move away from the open-core business model and toward the open-sourcing of allof its software. "We aren’t making this change lightly. Over theyears we have experimented with and learned from a variety of differentopen source, community and commercial models, in search of the rightbalance. We believe that this change, and the way we have made it, bestaligns the objectives of our communities with our own businessobjectives. Now we can focus all of our investment and energy on buildingthe best possible products in the best possible way for our communitywithout having to choose between what is 'proprietary' and what is 'in thecommons.'"

One of the surest signs that the Linux Storage, Filesystem, andMemory-Management (LSFMM) Summit is approaching is the seasonal migration ofmemory-management developers toward the get_user_pages() problem.This core kernel primitive is necessary for high-performance I/O touser-space memory, but its interactions with filesystems have never beenreliable — or even fully specified. There are currently a couple of patchsets in circulation that are attempting to improve the situation, though afull solution still seems distant.

James Bottomley has posted adetailed description of how patent exhaustion might be used to mostlyeliminate the software patent threat to free software. "Theintriguing possibility this offers us is that we may be close to anenforceable court decision (at least in the US) that would render allpatents in open source owned by community members exhausted and thusunenforceable. The purpose of this blog post is to explain the currentlandscape and how we might be able to get the necessary missing courtdecisions to make this hope a reality." LWN covered the FOSDEM talk by Van Lindberg that underlies Bottomley's post.

Security updates have been issued by Debian (chromium, drupal7, gpsd, libav, libdatetime-timezone-perl, php5, rails, thunderbird, twig, tzdata, and wordpress), Fedora (edk2, flatpak, fuse, ghostscript, gnutls, golang-googlecode-go-crypto, grub2, mxml, poppler, and systemd), Mageia (file, kernel, live, mplayer, vlc, openjpeg2, pdns, and poppler), openSUSE (containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, kernel, ovmf, and ucode-intel), SUSE (adcli, sssd, GraphicsMagick, kernel, liblouis, libssh2_org, nodejs6, openssl, ovmf, SDL, sysstat, tiff, various KMPs, and xen), and Ubuntu (dovecot and gpac).

Linux Journal celebrates 25years since it began publishing. "Most magazines have the life expectancy of a house plant.Such was the betting line for Linux Journal when it started in April 1994. Our budget was a shoestring. The closest our owner, SSC (Specialized System Consultants) came to the magazine business was with the reference cards it published for UNIX, C, VI, Java, Bash and so on."

The 5.1-rc3 kernel prepatch is out fortesting. Linus says: "Nothing particularly unusual going onhere".

On the Guix blog, Ludovic Courtès writes about connecting reproducible builds for the Guix package manager with the Software Heritage archive."It quickly became clear that reproducible builds had 'reproducible source code downloads', so to speak, as a prerequisite. The Software Heritage archive is the missing piece that would finally allow us to reproduce software environments years later in spite of the volatility of code hosting sites. Software Heritage’s mission is to archive essentially 'all' the source code ever published, including version control history. Its archive already periodically ingests release tarballs from the GNU servers, repositories from GitHub, packages from PyPI, and much more.We quickly settled on a scheme where Guix would fall back to the Software Heritage archive whenever it fails to download source code from its original location. That way, package definitions don’t need to be modified: they still refer to the original source code URL, but the downloading machinery transparently goes to Software Heritage when needed."

BFQis a proportional-share I/O scheduler available for blockdevices since the 4.12 kernel release. It associates each process or groupof processes with a weight, and grants a fraction of the available I/O bandwidthproportionalto that weight. BFQ also triesto maximize system responsiveness and to minimize latency fortime-sensitive applications. Finally, BFQ aims at boostingthroughput and at running efficiently. A new set of changes has improvedBFQ’s performance with respect to all of these criteria. Inparticular, they increase the throughput that BFQ reacheswhile handling the most challenging workloads for this I/O scheduler. Anotable example is DBENCHworkloads, for which BFQ now provides 150% more throughput. Thesechanges also improve BFQ’s I/O control — applications start about 80% morequickly under load — and BFQ itself now runs about 10% faster.

Linux.com interviews Richard Hughes about the Linux Vendor Firmware Service (LVFS), which has recently joined the Linux Foundation as a new project. Hughes is the founder and maintainer of the project. "The short-term goal was to get 95% of updatable consumer hardware supported. With the recent addition of HP that's now a realistic target, although you have to qualify the 95% with 'new consumer non-enterprise hardware sold this year' as quite a few vendors will only support hardware no older than a few years at most, and most still charge for firmware updates for enterprise hardware. My long-term goal is for the LVFS to be seen like a boring, critical part of infrastructure in Linux, much like you’d consider an NTP server for accurate time, or a PGP keyserver for trust.With the recent Spectre and Meltdown issues hitting the industry, firmware updates are no longer seen as something that just adds support for new hardware or fixes the occasional hardware issue. Now the EFI BIOS is a fully fledged operating system with networking capabilities, companies and government agencies are realizing that firmware updates are as important as kernel updates, and many are now writing in 'must support LVFS' as part of any purchasing policy."

Security updates have been issued by Arch Linux (dovecot and imagemagick), Debian (dovecot, libraw, pdns, and ruby2.1), Fedora (mingw-podofo, openwsman, podofo, qemu, and svgsalamander), openSUSE (chromium, ffmpeg-4, firefox, libssh2_org, nodejs4, and qemu), Red Hat (libssh2), Scientific Linux (libssh2 and thunderbird), SUSE (kernel, liblouis, ntp, openssl-1_1, and tiff), and Ubuntu (firefox, freeimage, libapache2-mod-auth-mellon, and thunderbird).

In the real world, text is expressed in many languages using a wide varietyof character sets; those character sets can be encoded in a lot ofdifferent ways. In the kernel, life has always been simpler; file namesand other string data are just opaque streams of bytes. In the few caseswhere the kernel must interpret text, nothing more than ASCII is required.The proposed addition of case-insensitivefile-name lookups to the ext4 filesystem changes things, though; nowsome kernel code must deal with the full complexity of Unicode. A look at the API being providedto handle encodings illustrates nicely just how complicated this task is.

Security updates have been issued by Debian (kernel and wpa), Fedora (firefox and pdns), Gentoo (apache, cabextract, chromium, gd, nasm, sdl2-image, and zeromq), openSUSE (GraphicsMagick and lftp), Red Hat (thunderbird), Scientific Linux (firefox), Slackware (gnutls), and SUSE (ImageMagick).

The LWN.net Weekly Edition for March 28, 2019 is available.

While a few weeks back it looked like theremight be a complete lack of Debian project leader (DPL) candidates, that situation has changed. After a one-weekdelay, five Debian developers have nominated themselves. We are now abouthalfway through the campaign phase; platforms have been posted andquestions have been asked and answered. It seems a good time to have alook at the candidates and their positions.

Stable kernels 5.0.5, 4.19.32, 4.14.109, and 4.9.166 have been released. They all containimportant fixes and users should upgrade.

<p>Handling file names in a case-insensitive way for Linux filesystems hasbeen an ongoing discussion topic for many years. It is a (dubious) feature of filesystemsfor other operating systems (e.g. Android, Windows, macOS), but Linux haslimited support for it. Over the last year or more, Gabriel KrismanBertazi has been working on the problem forext4, but it is a messy one to solve. He recently posted his latest patchset, which reflects some changes made at the behest of Linus Torvalds.

Security updates have been issued by Debian (openjdk-7), Fedora (cfitsio, firefox, librsvg2, and pdns), openSUSE (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (gd, grub2, ImageMagick, kernel, libcaca, libmspack, ntp, ovmf, w3m, and wavpack), and Ubuntu (php7.0, php7.2, qemu, and xmltooling).

The Oregon State University Open SourceLab (OSU OSL) has been a longtime hosting site for a wide variety offree and open-source software (FOSS) projects. At SCALE 17x, OSLdirector Lance Albertson gave an overview of what the lab does, some of its history, and itsrole in mentoring undergraduates at OSU. There are a lot of facets to thelab and its work, most of which flies under the radar, which is why Albertsoncame to Pasadena, CA to fill attendees in.

Security updates have been issued by CentOS (ghostscript), Debian (libssh2 and wireshark), openSUSE (aubio, blueman, and kauth), Red Hat (kernel-rt and openwsman), Scientific Linux (openwsman), Slackware (mozilla), and SUSE (ovmf and ucode-intel).

It has been just over one full year since the WireGuard virtual privatenetwork implementation was reviewed here.WireGuard has advanced in a number of ways since that article was written;it has gained many happy users, has been endorsedby Linus Torvalds, and is now supported by tools like NetworkManager.There is one notable thing that has not happened, though: WireGuardhas not yet been merged into the mainline kernel. After a period ofsilence, WireGuard is back, and it would appear that the long process ofgetting upstream is nearly done.