LWN.net

Security updates have been issued by Debian (net-snmp), Fedora (php-horde-nag), openSUSE (git, java-1_8_0-openjdk, libxml2, mgetty, moinmoin-wiki, postgresql10, and soundtouch), Oracle (spamassassin), Red Hat (spamassassin), SUSE (apache2, axis, kernel, libX11 and libxcb, and texlive), and Ubuntu (clamav, git, and texlive-bin).

Beyond just encrypting messages, and thus providing secrecy, the OpenPGPstandard also enables digitally signing messages to authenticatethe sender. Email applications and plugins usually verify thesesignatures automatically and will show whether an email contains a validsignature. However, with a surprisingly simple attack, it's often possibleto fool users by faking — or spoofing — the indication of a valid signature usingHTML email.

Here's aLinux Journal article from one of the creators of the Tutanotaencrypted email client. "That's why we decided to build Tutanota: a secure email service that is so easy to use, everyone can send confidential email, not only the tech-savvy. The entire encryption process runs locally on users' devices, and it's fully automated. The automatic encryption also enabled us to build fully encrypted email apps for Android and iOS.Finally, end-to-end encrypted email is starting to become the standard: 58% of all email sent from Tutanota already are end-to-end encrypted, and the percentage is constantly rising."

Security updates have been issued by Debian (dnsruby, gnulib, and jekyll), Fedora (calamares, fawkes, git, kernel-headers, librime, and pdns), openSUSE (ImageMagick), Oracle (kernel), Scientific Linux (glusterfs, kernel, and nss), Slackware (git), SUSE (ImageMagick), and Ubuntu (tomcat7, tomcat8).

The LWN.net Weekly Edition for October 11, 2018 is available.

The Android Developers Blog describesthe control-flow integrity work that is shipping on the Pixel 3handset. "LLVM's CFI implementation adds a check before eachindirect branch to confirm that the target address points to a validfunction with a correct signature. This prevents an indirect branch fromjumping to an arbitrary code location and even limits the functions thatcan be called. As C compilers do not enforce similar restrictions onindirect branches, there were several CFI violations due to function typedeclaration mismatches even in the core kernel that we have addressed inour CFI patch sets for kernels 4.9 and 4.14."

At the 2018 X.Org DevelopersConference, Elie Tournier gave an update on the state of the Virgil (or virgl) virtual 3D GPU forQEMU. He looked at the project's history along with what hashappened with it over the last year or so. As is usual in a status updatetalk, he finished with some thoughts about future plans for virgl. For thelast year, Tournier has been working on virgl for Collabora.

Microsoft has announcedthat it has joined the Open Invention Network (OIN). "We know Microsoft’s decision to join OIN may be viewed as surprising to some, as it is no secret that there has been friction in the past between Microsoft and the open source community over the issue of patents. For others who have followed our evolution as a company, we hope this will be viewed as the next logical step for a company that is listening to its customers and is firmly committed to Linux and other open source programs."

Stable kernels 4.18.13, 4.14.75, 4.9.132, and 4.4.160 have been released. They all containimportant fixes throughout the tree and users should upgrade.

Security updates have been issued by Arch Linux (patch), CentOS (firefox, glusterfs, kernel, and nss), Debian (net-snmp), Oracle (firefox, glusterfs, kernel, and nss), Red Hat (glusterfs, kernel, and nss), Scientific Linux (firefox), SUSE (kernel), and Ubuntu (webkit2gtk).

Continuous integration (CI) has become increasingly prevalent in open-sourceprojects over the last few years. Intel has been active in building CIsystems for graphics, both for the kernelside and for the Mesa-baseduser-space side of the equation. Mark Janes and Clayton Craft gave apresentation on Intel's Mesa CI system at the 2018 X.Org Developers Conference (XDC), which was held in A Coruña, Spain in late September. The Mesa CI system is one of the earliest successful CI initiatives in opensource that he knows of, Janes said. It is a core component of Mesa development,especially at Intel.

Brendan Gregg introducesthe bpftrace tracing tool. "bpftrace was created as an evenhigher-level front end for custom ad-hoc tracing, and can serve a similarrole as DTrace. We've been adding bpftrace features as we need them, notjust because DTrace had them. I can think of over a dozen things thatDTrace can do that bpftrace currently cannot, including custom aggregationprinting, shell arguments, translators, sizeof(), speculative tracing, andforced panics."

Security updates have been issued by Arch Linux (git), Debian (kernel, samba, and tinc), Fedora (kernel-headers), Oracle (firefox), Red Hat (firefox and qemu-kvm-rhev), Scientific Linux (firefox), SUSE (java-1_8_0-ibm, kubernetes-salt, velum, libxml2, and postgresql10), and Ubuntu (libxkbcommon).

PCI Express hotplug has been supported in Linux for fourteen years. Thecode, which is aging, is currently undergoing a transformation to fit theneeds of contemporary applications such as hot-swappable flash drives indata centers and power-manageable Thunderbolt controllers in laptops. Timefor a roundup.

Nadav Amit decided to dig into why some small kernel functions were notbeing inlined by GCC; the result is a detailedinvestigation into how these things can go wrong. "Ignoring theassembly shenanigans that this code uses, we can see that in practice itgenerates a single ud2 instruction. However, the compiler considers thiscode to be 'big' and consequently oftentimes does not inline functions thatuse WARN() or similar functions.The reason turns to be the newline characters (marked as '\n' above). Thekernel compiler, GCC, is unaware to the code size that will be generated bythe inline assembly. It therefore tries to estimate its size based onnewline characters and statement separators (';' on x86)."

Security updates have been issued by Debian (adplug, git, php-horde, php-horde-core, and php-horde-kronolith), Fedora (firefox, liblouis, libmad, mediawiki, opensc, php-horde-horde, php-horde-Horde-Core, php-horde-kronolith, and rust), Gentoo (imagemagick, openssh, and sox), openSUSE (ghostscript, gitolite, java-1_8_0-openjdk, kernel, php5, php7, python, thunderbird, tomcat, and unzip), Red Hat (firefox and rh-haproxy18-haproxy), and SUSE (ImageMagick, java-1_8_0-openjdk, kernel, qpdf, soundtouch, and texlive).

The 4.19-rc7 kernel prepatch is out."Given the current rate of change, and looking at thetravel/conference schedule happening this month, it seems like we will behaving a -rc8 just to be sure 4.19 is solid as well as not having to be inthe middle of a merge window during a conference week."

The release of 4.19-rc6 onSeptember 30 is an indication that the 4.19 development cycle isheading toward its conclusion. Naturally, that means it's time to have alook at where the contributions for this cycle came from. The upheavalscurrently playing out in the kernel community do not show at this level, but there aresome new faces to be seen in the top contributors this time around.

It would be reasonable to expect doing nothing to be an easy, simple task for a kernel, but it isn't. At Kernel Recipes 2018, Rafael Wysocki discussed what CPUs do when they don't have anything to do, how the kernel handles this, problems inherent in the current strategy, and how his recent rework of the kernel's idle loop has improved power consumption on systems that aren't doing anything.

The 2018 GNU Tools Cauldron was held in early September; videos of the talks fromthat event are now available. There is a wide range of discussionscovering various aspects of the toolchain, including GCC, GDB, glibc, and more.

Security updates have been issued by Debian (kernel), Fedora (lcms2, php-tcpdf, and udisks2), openSUSE (ImageMagick, libX11, openssl-1_0_0, openssl-1_1, and otrs), SUSE (kernel, php5, php53, php7, and python), and Ubuntu (apparmor and imagemagick).

Microsoft has announced that it has joined the LOT Network, which is an organization set up to help thwart patent trolls by licensing any member's patents to all members if they end up in the hands of a troll. "What does all of this mean for you if you’re a software developer or in the technology business? It means that Microsoft is taking another step to help stop patents from being asserted against you by companies running aggressive monetization campaigns. It also means that Microsoft is aligning with other industry leaders on this topic and committing to do more in the future to address IP risk. By joining the LOT network, we are committing to license our patents for free to other members if we ever transfer them to companies in the business of asserting patents. This pledge has immediate value to the nearly 300 members of the LOT community today, which covers approximately 1.35 million patents."

Greg Kroah-Hartman has announced the release of the 4.18.12, 4.14.74, and 4.9.131 stable kernels. As usual, theycontain important fixes throughout the tree; users of those kernel seriesshould upgrade.

System calls like openat() have access to the entire filesystem —or, at least, that part of the filesystem that exists in the current mountnamespace and which the caller has thepermission to access. There are times, though, when it is desirable toreduce that access, usually for reasons of security; that has proved to beespecially true in many container use cases. A new patchset from Aleksa Sarai has revived an old idea: provide a set ofAT_ flags that can be used to control the scope of a givenpathname lookup operation.

Security updates have been issued by Arch Linux (firefox and python-django), Debian (dnsmasq, firefox-esr, imagemagick, and linux-4.9), Fedora (haproxy), openSUSE (bitcoin, firefox, and texlive), SUSE (openslp), and Ubuntu (apache2).

The LWN.net Weekly Edition for October 4, 2018 is available.

At the 2018 X.Org DevelopersConference (XDC) in A Coruña, Spain, Daniel Stone gave an update on thestatus of freedesktop.org,which serves multiple projects as a hosting site for code, mailing lists,specifications, and more. As its name would imply, it started out with a focus on freedesktops and cross-desktop interoperability, but it lost that focus—alongwith its focus in general—along the way. He recapped the journey of fd.o (as it is often known) and unveiledsome idea of where it may be headed in the future.

Security updates have been issued by Fedora (elfutils), Gentoo (firefox), Red Hat (instack-undercloud, openstack-tripleo-heat-templates and openstack-nova), Slackware (mozilla), SUSE (ghostscript, ImageMagick, kernel, mgetty, qemu, and unzip), and Ubuntu (firefox, haproxy, kernel, liblouis, and webkit2gtk).

Back in the halcyon days of the previous century, those with a technicalinclination often became overly acquainted with modems—not just the strange sounds theymade when connecting, but the ATcommands that were used to control them. While the AT command set isstill in use (notably for GSM networks), it is generallyhidden these days. But some security researchers have found that Android phonesoften make AT commands available via their USB ports, which is somethingthat can potentially be exploited by rogue USB devices of various sorts.

One of the most common tasks carried out by device drivers is settingup DMA operations for data transfers between main memory and the device. Often,data read into memory from one device will be immediately written, unchanged,to another device. Common examples include carrying the image between thecamera and screen on a mobile phone, or downloading files to be saved on adisk. Those transfers have an impact on the CPU even if it does not use thedata directly, due to higher memory use and effects likecache trashing. There are cases where it is possible to avoid usage of thesystem memory completely, though. A patch set (posted by Logan Gunthorpe withcontributions by Christoph Hellwig and Steve Wise)has been in the works for some time that addresses this case for PCIdevices using peer-to-peer (P2P) transfers, with a focus on offering anoffload option for the NVMe fabrics target subsystem.

The Linux Security Module (LSM) subsystem allows securitymodules to hook into many low-level operations within the kernel; modulescan use those hooks to examine each requested operation and decide whetherit should be allowed to proceed or not. In theory, just about everylow-level operation is covered by an LSM hook; in practice, there are somegaps. A discussion regarding one of those gaps — low-levelioctl() operations on XFS filesystems — has revealed a thornyproblem and a significant difference of opinion on what the correctsolution is.

Security updates have been issued by Arch Linux (lib32-libxml2, libxml2, mosquitto, and ntp), Debian (kernel and strongswan), Fedora (firefox), openSUSE (zsh), Oracle (kernel), Red Hat (ceph-iscsi-cli), SUSE (openssl-1_0_0), and Ubuntu (kernel, linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, and strongswan).

Version1.0 of the Stratis storage-management system (covered here in May) has been released."After two years of development, Stratis 1.0 has stabilized itson-disk metadata format and command-line interface, and is ready for morewidespread testing and evaluation by potential users." See the FAQ for moreinformation.

Security updates have been issued by Arch Linux (mediawiki), CentOS (389-ds-base, firefox, flatpak, kernel, mod_perl, nss, spice and spice-gtk, and spice-gtk and spice-server), Debian (389-ds-base, ghostscript, mosquitto, and python3.5), Fedora (ca-certificates, firefox, glusterfs, kernel-headers, kernel-tools, libxkbcommon, udisks2, and zchunk), Mageia (firefox), openSUSE (gd, gnutls, mgetty, openssl, and yast2-smt), Oracle (firefox and kernel), Scientific Linux (firefox), SUSE (libX11 and openssl-1_1), and Ubuntu (bind9 and ghostscript).

The 4.19-rc6 kernel prepatch is out."As always, please go test and report any problems. It all 'justworks' on my systems, and I have not heard of any major outstanding issuesas of this point in time."

The stable-kernel machine continues to crank out updates:4.18.11,4.14.73,4.9.130, and4.4.159 are now available with another setof important fixes.

One of the key aspects of hardening the user-space side of an operatingsystem is to provide mechanisms for restricting which parts of thefilesystem hierarchy a given process can access. Linux has a number ofmechanisms of varying capability and complexity for this purpose, but otherkernels have taken a different approach. Over the last few months, OpenBSDhas inaugurated a new system call named unveil() for thistype of hardening that differs significantly from the mechanisms found inLinux.

Nuitka is a compilerfor the Python 2.7 and 3.7 languages; version 0.6.0 isnow available. "This release adds massive improvements for optimization and a couple of bug fixes.It also indicates reaching the mile stone of doing actual type inference,even if only very limited." At this point, the claim is that allPython language features have been implemented, so the focus is shiftingtoward optimization.

Security updates have been issued by Debian (libxml2 and python2.7), Fedora (hylafax+, lcms2, libbson, moodle, mozilla-noscript, visualboyadvance-m, and yum-utils), openSUSE (dom4j and php7), Oracle (firefox), Red Hat (firefox and qemu-kvm-rhev), SUSE (gnutls, kernel, openssl, smt, smt, yast2-smt, xorg-x11-libX11, and yast2-smt), and Ubuntu (mutt).

Security updates have been issued by Debian (asterisk, otrs2, and strongswan), Fedora (kernel-headers, moodle, ntp, visualboyadvance-m, and yaml-cpp), Mageia (rsyslog), openSUSE (ant, libzypp, zypper, shadow, and tiff), Oracle (389-ds-base, flatpak, kernel, nss, and openssl), Red Hat (rh-perl524-mod_perl and rh-perl526-mod_perl), Scientific Linux (389-ds-base, flatpak, kernel, and nss), SUSE (firefox, gd, glibc, kernel, mgetty, php7, and wireshark), and Ubuntu (udisks2).

The BBC talkedwith Linus Torvalds about recent events. "Will everybody behappy? No. People who don't like my blunt behaviour even when I'm not beingactively nasty about it will just see that as 'look, nothing changed'. I'mtrying to get rid of my outbursts, and be more polite about things, buttechnically wrong is still technically wrong, and I won't start acceptingbad code just to make people feel better about themselves."

The LWN.net Weekly Edition for September 27, 2018 is available.

The kernel address sanitizer (KASAN) is akernel debugging tool meant to catch incorrect use of kernel pointers. Itis an effective tool, if the number of KASAN-based bug reports showing upon the mailing lists is any indication. The downside of KASAN is asignificant increase in the amount of memory used by a running system. Thesoftware-tag-basedmode proposed by Andrey Konovalov has the potential to address thatproblem, but it brings some limitations of its own.

For anybody who has been concerned by the talk from a few outsiders aboutrevoking GPL licensing, thisnew section in the Software Freedom Conservancy's copyleft guide isworth a read.Thus, anyone downstream of the contributor (which is anyone using thecontributor’s code), has an irrevocable license from the contributor. Acontributor may claim to revoke their grant, and subsequently sue forcopyright infringement, but a court would likely find the revocation wasineffective and the downstream user had a valid license defense to a claimof infringement.Nevertheless, for purposes of argument, we will assume that for some reasonthe GPLv2 is not enforceable against the contributor, or that theirrevocable license can be revoked. In that case, the application ofpromissory estoppel will likely mean that the contributor still cannotenforce their copyright against downstream users.

The dust has begun to settle after the abrupt decisions by Linus Torvaldsto take a break from kernel maintainership and to adopt a code of conductfor the community as a whole. Unsurprisingly, the development community,most of which was not consulted prior to the adoption of this code, has alot of questions about it and a number of concerns. While many of theanswers to those questions will be a while in coming, a few things arebeginning to come into focus.

Jann Horn describesCVE-2018-17182, a locally exploitable memory-management bug in thekernel, in great detail. "Fundamentally, this bug can be triggeredby any process that can run for a sufficiently long time to overflow thereference counter (about an hour if MAP_FIXED is usable) and has theability to use mmap()/munmap() (to manage memory mappings) and clone() (tocreate a thread). These syscalls do not require any privileges, and theyare often permitted even in seccomp-sandboxed contexts, such as the Chromerenderer sandbox (mmap, munmap, clone), the sandbox of the main gVisor hostcomponent, and Docker's seccomp policy."

When last we looked at the WireGuard VPN code and its progresstoward mainline inclusion, said progress was impeded by disagreements aboutthe new "Zinc"cryptographic library that is added by the WireGuard patches. Since thatAugust look, several more versions of WireGuard and Zinc have been posted; it would seem that Zinc is gettingcloser to being accepted. Once that happens, the networking developers arepoised to review that portion of the code, which likely will leadto WireGuard in the kernel some time in the next development cycle or two.

Stable kernels 4.18.10, 4.14.72, 4.9.129, 4.4.158, and 3.18.123 have been released. They all containimportant fixes throughout the tree and users should upgrade.

Security updates have been issued by Debian (python2.7 and python3.4), openSUSE (php5-smarty3), Oracle (389-ds-base, flatpak, kernel, and nss), Red Hat (389-ds-base, chromium-browser, flatpak, kernel, kernel-alt, kernel-rt, nss, and qemu-kvm-ma), and SUSE (ant, dom4j, kernel, and wireshark).

Security updates have been issued by Arch Linux (strongswan and zsh), Debian (dom4j and polarssl), openSUSE (apache2, gd, gnutls, GraphicsMagick, nodejs8, php7, and shadow), Oracle (mod_perl), Red Hat (mod_perl), Scientific Linux (mod_perl), SUSE (ant, gd, gnutls, java-1_8_0-ibm, libXcursor, mgetty, pam_pkcs11, php7, python-paramiko, shadow, and tiff), and Ubuntu (strongswan).