LWN.net

Security updates have been issued by Fedora (mingw-poppler and php), Mageia (apache, gnome-keyring, gnupg2, hiawatha, and rsyslog), openSUSE (libcomps and obs-service-tar_scm), and Ubuntu (libvirt and linux-lts-trusty).

The GNOME project has released GNOME 3.32, which is code named "Taipei"."This release brings a refreshed visual style, new icons, the demise of the'application menu' and a new on-screen keyboard, among other things.Improvements to core GNOME applications include a shell extension fordesktop icons, improved automation and reader mode in GNOME Web,an 'Application Permissions' panel, and many more." In addition,there is an experimental option for fractional scaling, improvements toGNOME Software, and more. See the release notesfor more information.

Greg Kroah-Hartman has announced the release of the 5.0.2, 4.20.16, 4.19.29, 4.14.106, and 4.9.163 stable kernels. All contain the usualpile of important fixes; users of those series should upgrade.

Sharing a disk between users in Linux is awful. Different applicationshave different I/O patterns, they have different latency requirements, andthey are never consistent. Throttling can help ensure that users get theirfair share of the available bandwidth but, since most I/O is in thewriteback path, it's often too late to throttle without putting pressureelsewhere on the system. Disks are all different as well. You havespinning rust, solid-state devices (SSDs), awful SSDs, and barely usableSSDs. Each class of device has its own performance characteristics and,even in a single class, they'll perform differently based on the workload.Trying to address all of these issues with a single I/O controller wastricky, but we at Facebook think that we have come up with a reasonablesolution.

Security updates have been issued by Arch Linux (chromium), Debian (libsdl1.2 and libsdl2), Fedora (firefox), Gentoo (bind, glibc, openssl, oracle-jdk-bin, webkit-gtk, and xrootd), Mageia (kernel), openSUSE (freerdp, mariadb, and obs-service-tar_scm), Oracle (openssl), Red Hat (kernel, kernel-rt, openstack-ceilometer, openstack-octavia, and tomcat), Scientific Linux (cockpit, openssl, and tomcat), and SUSE (java-1_7_1-ibm and mariadb).

The LWN.net Weekly Edition for March 14, 2019 is available.

The Czech Republic top-level domain registrar, CZ.NIC, wondered about the safety of homerouters, so it set out to gather some information on the prevalence ofattacks against them. It turns out that one good way to do that is tocreate a home router that logs statistics and other information.Michal Hrušecký from CZ.NIC came to the 2019 Southern CaliforniaLinux Expo (SCALE 17x) in Pasadena, CA to describe the experiment and how it grew intoa larger project that makes and sells open-source routers.

A proposal to add a new dictionary operator for Python has spawned a PEPand two large threads on the python-ideas mailing list. To a certainextent, it is starting to look a bit like the "PEP 572 mess"; there are plenty of opinions onwhether the feature should be implemented and how it should be spelled, forexample. As yet, there has been no formal decision made on how the new steering council will be handling PEPpronouncements, though a reviewof open PEPs is the council's "highest priority". This PEP will presumably be added intothe process; it is likely too late to be included in Python 3.8 evenif it were accepted soon,so there is plenty of time to figure it all out before 3.9 is releasedsometime in 2021.

Security updates have been issued by Debian (libsndfile, systemd, waagent, and xmltooling), Fedora (guacamole-server, postgresql-jdbc, and xen), Oracle (cockpit and kernel), Red Hat (cockpit, docker, kernel-alt, and openssl), SUSE (ceph, java-1_7_0-ibm, java-1_7_1-ibm, openssl-1_0_0, python-azure-agent, python-numpy, and supportutils), and Ubuntu (kernel, php5, and walinuxagent).

Kees Cook reviewssome of the security-related enhancements in the 5.0 kernel."While the C language has a statement to indicate the end of a switchcase ('break'), it doesn’t have a statement to indicate that executionshould fall through to the next case statement (just the lack of a 'break'is used to indicate it should fall through — but this is not always thecase), and such 'implicit fall-through' may lead to bugs. Gustavo Silva hasbeen the driving force behind fixing these since at least v4.14, with wellover 300 patches on the topic alone (and over 20 missing break statementsfound and fixed as a result of the work). The goal is to be able to add-Wimplicit-fallthrough to the build so that the kernel will stay entirelyfree of this class of bug going forward. From roughly 2300 warnings, thekernel is now down to about 200. It’s also worth noting that with StephenRothwell’s help, this bug has been kept out of linux-next by him sendingwarning emails to any tree maintainers where a new instance is introduced(for example, here’s a bug introduced on Feb 20th and fixed on Feb21st)."

The Linux Foundation has announceda new initiative called CommunityBridge; its purpose is tohelp with funding and support for open-source developers. It includes somesecurity-related services and a means for connecting developers withmentors. The program is in an "early access" mode for now.The Linux Foundation is not the first to provide such services, of course;see thisstatement from the Software Freedom Conservancy for its take on thisnew initiative.

One of the bigger developments of the last year has beenthe introduction of licenses that purport to address perceivedshortcomings in existing free and open-source software licenses. Much hasbeen said and written about them, some of it here, and they are clearlymuch on the community's mind. At FOSDEM2019, Michael Cheng gave his view on the motivations for the introduction of these licenses,whether they've been effective in addressing those motivations, whatunintended consequences they may also have had, and the need for thecommunity to develop some ground rules about them going forward.

Security updates have been issued by Arch Linux (pacman), CentOS (java-1.7.0-openjdk), Debian (zabbix), Fedora (kernel-headers), openSUSE (libcomps), Oracle (kernel), Red Hat (chromium-browser), SUSE (ovmf and qemu), and Ubuntu (tiff).

One of the traditional rites of the (northern hemisphere) spring is theelection for the Debian project leader. Over a six-week period, interestedcandidates put their names forward, describe their vision for the projectas a whole, answer questions from Debian developers, then wait and watchwhile the votes come in. But what would happen if Debian were to hold anelection and no candidates stepped forward? The Debian project has justfound itself in that situation and is trying to figure out what will happennext.

Drew DeVault has announcedthe first stable release of sway, an i3-compatible Wayland desktop forLinux and FreeBSD. "Sway 1.0 adds a huge variety of features which were sorely missed on 0.x, improves performance in every respect, offers a more faithful implementation of Wayland, and exists as a positive political force in the Wayland ecosystem pushing for standardization and cooperation among Wayland projects."

Google Open Source has announcedSeason of Docs. "During Season of Docs, technical writers will spend a few months working closely with open source communities. Each writer works with their chosen open source project. The writers bring their expertise to the projects’ documentation while at the same time learning about open source and new technologies.Mentors from participating open source organizations share knowledge oftheir communities’ processes and tools. Together the technical writers andmentors build a new doc set, improve the structure of the existing docs,develop a much-needed tutorial, or improve contribution processes andguides." Open source organizations may apply to take part in Seasonof Docs starting April 2.

Software in the Public Interest has released its annualreport [PDF] for 2018. "During the current board term SPIcontinues to strive for self-improvement and renewal. Treasuryteamsprints, bank visits, and legal consultations during in-person meetingshave helped keep the wheels turning. An overhaul of our corporate bylawsthat better meets our needs is being presented to the members for theirapproval. And we have improved our reimbursement workflow with a viewtoward speedier and smoother processing."

Security updates have been issued by CentOS (polkit), Debian (chromium, openjpeg2, php7.0, poppler, and symfony), Fedora (evolution, kernel, and kernel-headers), Gentoo (curl, firefox, keepalived, rdesktop, systemd, tar, wget, and zsh), openSUSE (gdm and hiawatha), Slackware (ntp), SUSE (audit, containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, file, java-1_8_0-openjdk, mariadb, openssl-1_0_0, and sssd), and Ubuntu (poppler).

The 5.0.1,4.20.15,and 4.19.28stable kernel updates have been released; each contains the usual set ofimportant fixes.

As of this writing, 6,135 non-merge changesets have been pulled into themainline repository for the 5.1 release. That is approximately halfwaythrough the expected merge-window volume, which is a goodtime for a summary. A number of important new features have been mergedfor this release; read on for the details.

Security updates have been issued by Fedora (php-typo3-phar-stream-wrapper2), Mageia (gnutls, nagios, openssl, and python-gnupg), openSUSE (apache2, ceph, chromium, openssh, and webkit2gtk3), and Ubuntu (nvidia-graphics-drivers-390).

David Malcolm writesabout improved diagnostics and more in the GCC 9 release."Speaking of annotations, this example shows another new GCC 9feature: diagnostics can label regions of the source code to show pertinentinformation. Here, what’s most important are the types of the left-hand andright-hand sides of the '+' operator, so GCC highlights them inline. Noticehow the diagnostic also uses color to distinguish the two operands fromeach other and the operator."

The recent addition of support for direct (peer-to-peer) operations between PCIe devices in thekernel has opened the door for different use cases. The initial workconcentrated on in-kernel support and the NVMe subsystem; it alsoadded support for memory regions that can be used for such transfers.Jérôme Glisse recently proposedtwo extensions that would allow the mapping of those regions into userspace and mapping device files between two devices. The resulting discussion surprisingly led to consideration of thefuture of core kernel structures dealing with memory management.

Security updates have been issued by openSUSE (amavisd-new, apache2, and containerd, docker, docker-runc,), Red Hat (java-1.7.1-ibm and java-1.8.0-ibm), and Ubuntu (linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-hwe, linux-azure, and php5, php7.0).

The LWN.net Weekly Edition for March 7, 2019 is available.

It should come as no surprise that plugging untrusted devices into acomputer system can lead to a wide variety of bad outcomes—though oftenenough it works just fine. We have reported on a number of these kinds ofvulnerabilities (e.g. BadUSB in 2014) alongthe way. So it will not shock readers to find out that anothervulnerability of this type has beendiscovered, though it may not sit well that, even after years of vulnerableplug-in buses, there are still no solid protections against these roguedevices. This most-recent entrant into this space targets the Thunderboltinterface; thevulnerabilities found have been dubbed "Thunderclap".

The Maru distribution adds a full Linux desktop to Android devices; it wasreviewed here in 2016. The 0.6release is now available. Changes include a rebase onto LineageOS andDebian 9, and the ability to stream the desktop to a Chromecastdevice.

The recently announcedcontainer-confinement breakout for containers started with runc is interesting froma few different perspectives.For one, it affects more than just runc-based containers as privileged LXC-based containers (and likelyothers) are alsoaffected, though the LXC-based variety are harder to compromise than therunc ones.But it also, once again, shows that privilegedcontainers are difficult—perhaps impossible—to create in a secure manner.Beyond that, itexploits some Linux kernel interfaces in novel ways and the fixes use aperhaps lesser-known system call that was added to Linux less than fiveyears back.

Stable kernels 4.20.14, 4.19.27, 4.14.105, and 4.9.162 have been released. They all containthe usual set of important fixes and users should upgrade.

Security updates have been issued by CentOS (java-1.7.0-openjdk and java-11-openjdk), Debian (mumble and sox), Fedora (drupal7, drupal7-link, firefox, gpsd, ignition, ming, php-erusev-parsedown, and php-Smarty), openSUSE (hiawatha, python, and supportutils), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk), Scientific Linux (java-1.7.0-openjdk), and Ubuntu (linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 and linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle).

Corporations that get their feet wet in the sea of free softwareoften find out that not only do they now have obligations toprovide source code, but that people will actually try to accessit and complain loudly if they can't get it. At the first Copyleft Conference,Alexios Zavras from Intel spoke alongside Stefano Zacchiroli from Software Heritage abouthow the two organizations are working together. Software Heritage's missionmakes it ideally suited to host Intel's many source-code releases in a waythat provides stable long-term repositories that Intel can then reference.

Kernel code must often access data that is stored in user space. Most ofthe time, this access is uneventful, but it is not without its dangers andcannot be done without exercising due care. A couple of recent discussionshave made it clear that this care is not always being taken, and that notall kernel developers fully understand how user-space access should beperformed. The good news is that kernel developers are currently workingon a set of changes to make user-space access safer in the future.

Security updates have been issued by Debian (nss), openSUSE (procps), Red Hat (redhat-virtualization-host, rhvm-appliance, and vdsm), SUSE (freerdp, kernel, and obs-service-tar_scm), and Ubuntu (openssh).

Here's alengthy piece from Alyssa Rosenzweig on preserving freedom despite theinevitable centralization of successful information services."Indeed, it seems all networked systems tend towards centralisationas the natural consequence of growth. Some systems, both legitimate andillegitimate, are intentionally designed for centralisation. Other systems,like those in the Mastodon universe, are specifically designed to avoidcentralisation, but even these succumb to the centralised black hole astheir user bases grow towards the event horizon."

Security updates have been issued by Arch Linux (chromium, file, gdm, lib32-openssl-1.0, openssl-1.0, and pcre), Debian (advancecomp, ceph, jackson-databind, openssh, and openssl), Fedora (community-mysql, distcc, freerdp, gdm, gnome-boxes, libexif, openocd, pidgin-sipe, remmina, SDL, and xpdf), openSUSE (kernel-firmware and php5), Oracle (java-1.8.0-openjdk and java-11-openjdk), Slackware (infozip and python), and SUSE (caasp-container-manifests, changelog-generator-data-sles12sp3-velum, kubernetes-salt, rubygem-aes_key_wrap, rubygem-json-jwt, sles12sp3-velum-image, velum and gdm).

Linus has released the 5.0 kernel."But I'dlike to point out (yet again) that we don't do feature-based releases,and that "5.0" doesn't mean anything more than that the 4.x numbersstarted getting big enough that I ran out of fingers and toes."Headline features from this release includethe energy-awarescheduling patch set,a bunch of year-2038 work that comes closeto completing the core-kernel transition,zero-copy networking for UDP traffic,the Adiantum encryption algorithm,the seccomp trap to user space mechanism,and, of course, lots of new drivers and fixes.See the KernelNewbies 5.0page for lots of details.

For much of its history, the kernel has had little in the way of formaltesting infrastructure. It is not entirely an exaggeration to say thattesting is what the kernel community kept users around for. Over theyears, though, that situation has improved; internal features likekselftest and services like the 0day testing system have increased our testcoverage considerably. The story is unlikely to end there, though; thenext addition to the kernel's testing arsenal may be a unit-testing frameworkcalled KUnit.

Security updates have been issued by Debian (bind9, file, ikiwiki, ldb, openssl1.0, php7.0, uw-imap, and wordpress), Fedora (ansible, file, flatpak, kernel, kernel-headers, and python-django), openSUSE (kernel and systemd), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (openssl-1_1 and webkit2gtk3), and Ubuntu (libgd2).

Over at Opensource.com, Richard Fontana argues that contributor license agreements (CLAs) are not particularly useful or helpful for open-source projects. "Since CLAs continue to be a minority practice and originate from outside open source community culture, I believe that CLA proponents should bear the burden of explaining why they are necessary or beneficial relative to their costs. I suspect that most companies using CLAs are merely emulating peer company behavior without critical examination. CLAs have an understandable, if superficial, appeal to risk-averse lawyers who are predisposed to favor greater formality, paper, and process regardless of the business costs." He goes on to look at some of the arguments that CLA proponents make and gives his perspective on why they fall short.

Kernel developers are used to having to defend their work when posting itto the mailing lists, so when a longtime kernel developer describes theirown work as "expensive and nasty", one tends to wonder what is going on. The patch set in question is corescheduling from Peter Zijlstra. It is intended to make simultaneousmultithreading (SMT) usable on systems where cache-based side channels area concern, but even its author is far from convinced that it shouldactually become part of the kernel.

Security updates have been issued by Debian (gpac, qemu, and sox), openSUSE (libqt5-qtbase), Red Hat (java-1.8.0-openjdk and java-11-openjdk), SUSE (bluez), and Ubuntu (nss and openssl, openssl1.0).

The LWN.net Weekly Edition for February 28, 2019 is available.

A report of a potential security problem in the GNU Multiple Precision Arithmetic (GMP)library was met with a mixed reaction, from skepticism to responses verging on hostility, but the report ultimatelyraised a question worth pondering. What role should assertions(i.e. calls to the POSIX assert()macro)play in error handling? An assertion that fails leads to a process exit, which may not be what adeveloper calling into a library expects. Unexpected behavior is, ofcourse, one step on a path that can lead to security holes.

With the uptake of Python 3 (and the imminent end of life forPython 2.7), there is a question ofwhich version of Python a user should get when they type "python"at the command line or have it as part of a shebang("#!") line in a script. Back in 2011, PEP 394 ("The'python' Command on Unix-Like Systems") was created as an informational PEPthat relayed the recommendations of the Python core developers to Linuxdistributions and others in a similar position about which versionto point python to. Now, Petr Viktorin, one of the authors of thePEP, would like to revisitthose recommendations, which is something that is suggestedin the PEP itself.

Stable kernels 4.20.13, 4.19.26, 4.14.104, and 4.9.161 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Arch Linux (elasticsearch and logstash), CentOS (java-1.8.0-openjdk, kernel, and polkit), Debian (chromium, exiv2, and phpmyadmin), Fedora (java-1.8.0-openjdk-aarch32 and mgetty), openSUSE (docker-runc, gvfs, qemu, systemd, and thunderbird), Oracle (java-1.8.0-openjdk, kernel, and polkit), Red Hat (polkit), Scientific Linux (java-1.8.0-openjdk, kernel, and polkit), Slackware (openssl), SUSE (amavisd-new, apache2, ceph, containerd, docker, docker-runc, golang-github-docker-libnetwork, runc, openssh, and webkit2gtk3), and Ubuntu (firefox and thunderbird).

The venerable printk() function has been part of Linux since the verybeginning, though it has undergone a fair number of changes along the way.Now, John Ogness is proposing to fundamentally rework printk() inorder to get rid of handful of issues that currently plague it. The proposed code does thisby adding yet another ring-buffer implementation to the kernel; this one is aimed atmaking printk() work better from hard-to-handle contexts. Fora task that seems conceptually simple—printing messages to theconsole—printk() is actually a rather complex beast; that won'tchange if these patches are merged, though many of the problems with the current implementationwill be removed.

Security updates have been issued by Arch Linux (bind, kibana, systemd, and thunderbird), Debian (elfutils and liblivemedia), Fedora (kernel, kernel-headers, kernel-tools, and SDL), openSUSE (dovecot23, firefox, kauth, python-Jinja2, python-numpy, and thunderbird), Red Hat (java-1.8.0-openjdk and kernel), SUSE (python, python-amqp, python-oslo.messaging, python-ovs, python-paramiko, python-psql2mysql, qemu, and supportutils), and Ubuntu (ghostscript, gnome-keyring, and ldb).

Version 1.12 of the Golanguage has been released. "Some of the highlights includeopt-in support for TLS 1.3, improved modules support (in preparation forbeing the default in Go 1.13), support for windows/arm, and improved macOS& iOS forwards compatibility". See the release notes for details.

Concurrency is hard even when the hardware's behavior is entirelydeterministic; it gets harder in situations where operations can bereordered in seemingly random ways. In these cases, developers tend toreach for barriers as a way of enforcing ordering, but explicit barriersare tricky to use and are often not the best way to think about theproblem. It is thus common to see explicit barriers removed as codematures. That now seems to be happening with an especially obscuretype of barrier used with memory-mapped I/O (MMIO) operations.