LWN.net

Stable kernels 4.17.7, 4.14.56, 4.9.113, and 4.4.141 have been released. The 4.17.7 kernel is broken for i386 systems. "I did this release anyway with this known problem as there is a fix in here for x86-64 systems that was nasty to track down and was affecting people. Given that the huge majority of systems are NOT i386, I felt this was a safe release to do at this point in time." Beyond that, these kernels all contain the usual set of important fixes.

Security updates have been issued by Arch Linux (thunderbird), Debian (ruby-rack-protection), Fedora (firefox and soundtouch), Red Hat (kernel), Scientific Linux (gnupg2), SUSE (perl and python-paramiko), and Ubuntu (policykit-1).

The recent announcement by Guido van Rossumthat he was stepping away from his "benevolent dictator for life" (BDFL) role for Python was met with somesurprise, but not much shock, at least in the core-developer community.Van Rossum has been telegraphing some kind of change, at some unspecifiedpoint, for several years now, though the proximate cause (the "PEP 572 mess") isunfortunate. In the meantime, though, the project needs to figure outhow to govern itself moving forward—Van Rossum did not appoint a successorand has left the governance question up to the core developers.

Security updates have been issued by CentOS (firefox, gnupg2, kernel, python, and qemu-kvm), Debian (389-ds-base, cups, imagemagick, kernel, mailman, ruby2.1, sssd, thunderbird, and znc), Fedora (glpi, hadoop, kernel, rubygem-sprockets, singularity, thunderbird, wordpress, xapian-core, and xen), Mageia (cantata and flash-player-plugin), openSUSE (exiv2, libvorbis, nodejs6, nodejs8, openslp, singularity, slurm, and tiff), and SUSE (kernel-azure and openssl).

The 4.18-rc5 kernel prepatch has beenreleased. "For some reason this week actually felt very busy, butthe rc5 numbers show otherwise. It's all small and calm, and things areprogressing nicely."

All underutilized systems are essentially the same, but each overutilizedsystem tends to be overloaded in its own way. If one's goal is tomaximize the use of the available computing resources, overutilizationtends not to be too far away, but when it happens, it can be hard to tellwhere the problem is. Sometimes, even the fact that there is a problem atall is not immediately apparent. Thepressure-stall information patch set from Johannes Weiner may make lifeeasier for system administrators by exposing more information about the real utilizationstate of the system.

Security updates have been issued by Debian (cinnamon), Fedora (docker, firefox, jetty, and knot-resolver), Oracle (gnupg2), Scientific Linux (gnupg2), SUSE (gdk-pixbuf, java-1_8_0-openjdk, libopenmpt, php7, and rsyslog), and Ubuntu (dns-root-data, dnsmasq, and thunderbird).

Python creator and Benevolent Dictator for Life Guido van Rossum has decided,in the wake of the difficult PEP 572discussion, to step down from his leadership of the project. "Now that PEP 572 is done, I don't ever want to have to fight so hard for aPEP and find that so many people despise my decisions.I would like to remove myself entirely from the decision process. I'llstill be there for a while as an ordinary core dev, and I'll still beavailable to mentor people -- possibly more available. But I'm basicallygiving myself a permanent vacation from being BDFL, and you all will be onyour own."

Mounting filesystems is a complicated business. The kernel supports a widevariety of filesystem types, and each has its own, often extensive set of options. As a result, the mount()system call is complex, and the list of mountoptions is a rather long read. But even with all of that complexity,mount() does not do everything that users would like. Forexample, the options for a mount operation must all fit within a single4096-byte page — the fact that this is a problem for some users isillustrative in its own right. Theproblems with mount() have come up at various meetings, includingat the 2018 Linux Storage, Filesystem, andMemory-Management Summit. A setof patches implementing a new approach is getting closer to beingready, but it features some complexity of its own and there are someremaining concerns about the proposed system-call API.

Security updates have been issued by Arch Linux (qutebrowser), CentOS (firefox), Debian (ruby-sprockets), Fedora (botan2, git-annex, kernel, kernel-tools, and visualboyadvance-m), Mageia (chromium-browser-stable, graphviz, mailman, nikto, perl-Archive-Zip, redis, and w3m), openSUSE (nextcloud), Oracle (gnupg2), Red Hat (flash-plugin, gnupg2, and kernel), Slackware (bind and curl), SUSE (java-1_8_0-openjdk, php7, rsyslog, slurm, and ucode-intel), and Ubuntu (cups, libpng, and libpng, libpng1.6).

The LWN.net Weekly Edition for July 12, 2018 is available.

The compromise of the Gentoo's GitHubmirror was certainly embarrassing, but its overall impact on Gentoo userswas likely fairly limited. Gentoo and GitHub respondedquickly and forcefully to the breach, which greatly limited the damagethat could be done; the fact that it was a mirror and not the master copyof Gentoo's repositories made it relatively straightforward to recoverfrom. But the black eye that it gave the project has led some to consider waysto make it even harder for an attacker to add malicious content toGentoo—even if the distribution's own infrastructure were to becompromised.

Greg Kroah-Hartman has released stable kernels 4.17.6, 4.14.55, 4.9.112, 4.4.140, and 3.18.115. As usual, they contain importantfixes and users should upgrade.

<p>A recent query about the status of network security (TLS settings inparticular) in Emacs led to a long thread in the emacs-devel mailing list. That threadtouched on a number of different areas, including using OpenSSL (or otherTLS libraries) rather thanGnuTLS, what kinds of problems should lead to complaints out of the box, what settings should be the default, and when those settings couldchange for Emacs so as not to discombobulate users. The latter issue isone that lots of projects struggle with: what kinds of changes areappropriate for a bug-fix release versus a feature release. For Emacs, itslengthy development cycle, coupled with the perceived urgency ofsecurity changes, makes that question even more difficult.

Security updates have been issued by Debian (cups), Oracle (kernel and qemu-kvm), Red Hat (ansible, kernel, kernel-rt, and qemu-kvm), Scientific Linux (kernel and qemu-kvm), Slackware (thunderbird), and Ubuntu (curl, firefox, imagemagick, and xapian-core).

Here's areport in Sensors Tech Forum on the discovery of a set of hostilepackages in the Arch Linux AUR repository system. AUR containsuser-contributed packages, of course; it's not a part of the Arch distributionitself. "The security investigation shows that shows that amalicious user with the nick name xeactor modified in June 7 an orphanedpackage (software without an active maintainer) called acroread. Thechanges included a curl script that downloads and runs a script from aremote site. This installs a persistent software that reconfigures systemdin order to start periodically. While it appears that they are not aserious threat to the security of the infected hosts, the scripts can bemanipulated at any time to include arbitrary code. Two other packages weremodified in the same manner." Thisthread in the aur-general list shows the timeline of the discovery andresponse.

In many ways, Spectre variant 1 (the bounds-check bypass vulnerability) isthe ugliest of the Meltdown/Spectre set, despite being relatively difficultto exploit. Any given code base could be filled with V1 problems, but theyare difficult to find and defend against. Static analysis can help, butthe available tools are few, mostly proprietary, and prone to falsepositives. There is also a lack of efficient, architecture-independentways of addressing Spectre V1 in user-space code. As a result, only alimited effort (at most) to find and fix Spectre V1 vulnerabilities hasbeen made in most projects. An effort to add some defenses to GCC may helpto make this situation better, but it comes at a cost of its own.

Security updates have been issued by Debian (ruby-sprockets), Red Hat (ansible and rh-git29-git), Scientific Linux (firefox), SUSE (ceph), and Ubuntu (libjpeg-turbo, ntp, and openslp-dfsg).

In the 4.18 kernel, a new feature was merged to allow infrared (IR)decoding to be done using BPF. Infrared remotes use many differentencodings; if a decoder were to be written for each, we would end up withhundreds of decoders in the kernel. So, currently, the kernel only supportsthe most widely used protocols. Alternatively, the lirc daemon canbe run to decode IR. Decoding IR can usually be expressed in a few lines ofcode, so a more lightweight solution without many kernel-to-userspacecontext switches would be preferable. This article will explain how IRmessages are encoded, the structure of a BPF program, and how a BPF programcan maintain state between invocations. It concludes with a look at thesteps that are taken to end up with a button event, such as a volume-up keyevent.

Security updates have been issued by Debian (bouncycastle and ca-certificates), Fedora (cantata, cinnamon, php-symfony3, and transifex-client), openSUSE (ghostscript, openssl, openvpn, php7, rubygem-yard, thunderbird, ucode-intel, and unzip), and SUSE (libqt4, nodejs8, and openslp).

The 4.18-rc4 kernel prepatch has beenreleased. "Things look pretty normal here, and size-wise this looksgood too, so it's another of those 'solid progress to release'weeks. Boring is good."

The 4.17.5 and 4.14.54 stable kernels have been released withyet another set of important fixes.

For those with a significant chunk of spare time and nothing better to do:Swapnil Bhartiya interviewed LWN editor Jonathan Corbet in February has now posted the resulting video onthe Patreon site.

Security updates have been issued by Debian (dokuwiki, libsoup2.4, mercurial, php7.0, and phpmyadmin), Fedora (ant, gnupg, libgit2, and libsoup), openSUSE (cairo, git-annex, postgresql95, and zsh), Scientific Linux (firefox), Slackware (mozilla), SUSE (nodejs6 and rubygem-yard), and Ubuntu (AMD microcode, devscripts, and firefox).

Large data centers routinely use control groups to balance the use of theavailable computing resources among competing users. Block I/O bandwidthcan be one of the most important resources for certain types of workloads,but the kernel's I/O controller is not a complete solution to the problem.The upcoming block I/O latency controllerlooks set to fill that gap in the near future, at least for some classes ofusers.

Security updates have been issued by Oracle (firefox), SUSE (exiv2, ghostscript, libvorbis, openssl, openvpn, php7, tiff, and unzip), and Ubuntu (libarchive-zip-perl and php7.2).

The LWN.net Weekly Edition for July 5, 2018 is available.

LWN reported on June 29 that Gentoo'sGitHub mirror had been compromised. Gentoo now considers the incidentresolved and the full report isavailable. "An unknown entity gained control of an admin account for the Gentoo GitHub Organization and removed all access to the organization (and its repositories) from Gentoo developers. They then proceeded to make various changes to content. Gentoo Developers & Infrastructure escalated to GitHub support and the Gentoo Organization was frozen by GitHub staff. Gentoo has regained control of the Gentoo GitHub Organization and has reverted the bad commits and defaced content."

The venerable Linux boot menu has made its appearance at boot time sincethe days when LILO was thestandard boot loader, through the days of GRUB, and onward totoday's GRUB 2and others.It is sometimes configured out by distributions as something that willpotentially confuse less-technical users, but it has been a mainstay ofFedora for many releases. A recent proposalto hide the menu, starting in Fedora 29, has met a mixed reaction, butthose who are not in favor are also those most able to revert to theexisting behavior.

Security updates have been issued by Arch Linux (git-annex and gitlab), CentOS (kernel, libvirt, pki-core, and qemu-kvm), Debian (cups, exiv2, and gosa), Fedora (ant, drupal7-backup_migrate, glusterfs, libsoup, standard-test-roles, and xen), Oracle (firefox and python), Scientific Linux (python), SUSE (cairo, git, and zsh), and Ubuntu (exiv2, libsoup2.4, and php7.2).

Dan Callahan is a developer advocate at Mozilla and no stranger toPyCon (we covered a talk of his at PyCon2013). He was also the champion at Mozilla for the grant that helped revamp the Python Package Index (PyPI). AtPyCon 2018, he gave a keynote talk [YouTube video] that focused on platforms of varioussorts—and where Python fits into the platforms of the future.

There are many things to love about the Linux Plumbers Conference (LPC),but the event's web site has not often been considered one of them.This year, your editor took on the task of finding a new system to handleproposal submission, review, and scheduling, despite his own poor trackrecord when it comes to creating attractive web sites. The search finallysettled on a system called Indico; readon for some impressions of this interesting free event-management system.

Stable kernels 4.17.4, 4.14.53, 4.9.111, 4.4.139, and 3.18.114 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Fedora (drupal7-backup_migrate, firefox, and podman), Red Hat (python), Scientific Linux (glibc, kernel, libvirt, pcs, samba, samba4, sssd and ding-libs, and zsh), and Ubuntu (kernel, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-azure, linux-lts-trusty, linux-lts-xenial, linux-aws, linux-oem, and zziplib).

For many years, Linux system administrators have gone out of their way toavoid swapping. The advent of nonvolatile memory is changing the equation,though, and swapping is starting to look interesting again — if it canperform well enough. That is not the case in current kernels, but alongstanding project to allow the swapping of transparent huge pagespromises to improve that situation considerably. That work is reaching itsfinal stage and might just enter the mainline soon.

Security updates have been issued by Debian (chromium-browser, mosquitto, python-pysaml2, simplesamlphp, tiff, and tomcat7), Fedora (kernel, libgxps, nodejs, and phpMyAdmin), Mageia (ansible, firefox, java-1.8.0-openjdk, libcrypt, libgcrypt, ncurses, phpmyadmin, taglib, and webkit2), openSUSE (GraphicsMagick, ImageMagick, mailman, Opera, and rubygem-sprockets), and SUSE (ImageMagick, kernel, mariadb, and python-paramiko).

SUSE has announcedthat it has been acquired again — this time by an investment company calledEQT. Some more bright-future talk can be found in this blogentry: "In keeping with our 25-year history, SUSE intends toremain committed to an open source development and business model andactively participate in communities and projects to bring open sourceinnovation to the enterprise as high quality, reliable and usablesolutions. Our truly open, open source model, where open refers to thefreedom of choice provided to customers and not just the code used in oursolutions, is embedded in SUSE culture, differentiates us in the marketplace and has been key to our years of success."

The 4.18-rc3 kernel prepatch is out fortesting. "And things look fairly normal - a bit over a third isdrivers (various parts: input, usb, sound, gpu, mtd, networking, ...), withthe rest being arch updates (arm/arm64 - dts files dominating, microblaze,powerpc, x86), filesystems (xfs, some btrfs, some minor core vfs),networking, documentation updates and tooling."

Lubomir Rintel has a look at the NetworkManager 1.12 release on his blog. There are lots of new features, including WiFi improvements (FILS, Wake on WLAN, IWD), colored nmcli output, removal of some unloved code, and checkpoint/restore:"One of the lesser known goodies provided by NetworkManager is the checkpoint/restore functionality. It allows the user to roll back to a working network configuration if any changes render a machine inaccessible over a network.The user needs to define a checkpoint first, then conduct the potentially dangerous changes and finally confirm that the changes didn’t disrupt connectivity. A checkpoint is essentially a snapshot of an active network configuration along with a timer. Should the changes cause a networking outage, the timer expires before the user can confirm success and the changes are reverted, hopefully restoring connectivity."

On his blog, Cornelius Schumacher writes about some lessons he's learned about governance in nearly 20 years of experience with open-source projects. "Governance is important. Your project does have a governance model even if you don't think about it or if you don't write down the rules. It governs how your project will work and how people will be able to collaborate. It will also define a big part of your culture. You don't want to leave these things to chance. So be conscious about governance.That doesn't mean that you have to write rules and policies for everything. Often a healthy culture where people learn by following the example of the leaders and other members of the community works well. It might be tempting to create a formal structure to cover all [kinds] of possible scenarios. But creating and maintaining policies is an expensive process. Don't be formal where you are not sure it's needed."

One of the the most commonly repeated mistakes in system-call design is a failure to check for unknown flags whereverflags are accepted. If there is ever a point where callers can get awaywith setting unknown flags, then adding new flags becomes a hazardous act.In the case of mmap(),though, developers found a clever way around this problem. A recentdiscussion has briefly called that approach into question, though, andraised the issue of what constitutes a kernel regression. No changes areforthcoming as a result, but the discussion does provide an opportunity tolook at both the specific hack and how the kernel community decides whethera change is a regression or not.

Linux Mint 19 "Tara" has been released in Cinnamon and MATE editions. See moreabout new features in Tara for Cinnamonand MATEand the release notes (Cinnamon, MATE) for additionaldetails. "In Linux Mint 19, the star of the show is Timeshift. Although it was introduced in Linux Mint 18.3 and backported to all Linux Mint releases, it is now at the center of Linux Mint's update strategy and communication.Thanks to Timeshift you can go back in time and restore your computer to the last functional system snapshot. If anything breaks, you can go back to the previous snapshot and it's as if the problem never happened."

Brett Cannon is a longtime Python core developer and member of the open-sourcecommunity. He got to check off one of his bucket-list items when he gave akeynote [YouTube video]at PyCon 2018. That keynote was a rather personal look at what he sees as some problem areas in the expectations of the users of open-sourcesoftware with respect to those who produce it. While there is lots to behappy for in the open-source world, there are some sharp edges (and worse)that need filing down.

Security updates have been issued by Arch Linux (firefox), Debian (firefox-esr, lava-server, libgcrypt20, mariadb-10.0, and zendframework), Fedora (firefox, podman, webkitgtk4, and xen), openSUSE (procps and unixODBC), Oracle (pki-core), Red Hat (firefox), SUSE (kernel, procps, and tomcat6), and Ubuntu (file and nasm).

The Gentoo project's GitHub account hasbeen compromised and used to distribute malicious code. "Thisdoes NOT affect any code hosted on the Gentoo infrastructure. Since themaster Gentoo ebuild repository is hosted on our own infrastructure andsince Github is only a mirror for it, you are fine as long as you are usingrsync or webrsync from gentoo.org."

Worth a read: Geoff Huston'swriteup of how the net has evolved over the last ten years and where itmay be going. "Perhaps this increased resistance to change isbecause as the size of the network increases, its inertial mass alsoincreases. We used to quote Metcalf’s Law to each other, reciting themantra that the value of a network increases in proportion to the square ofthe number of users. A related observation appears to be that a network’sinherent resistance to change, or inertial mass, is also directly relatedto the square of the number of users as well."

Lennart Poettering describesthe new systemd "portable service" feature, which appears to be a new takeon containers. "Both resource bundling and isolation/sand-boxing areconcepts systemd has implemented to varying degrees for a longertime. Specifically, RootDirectory= and RootImage= have been around for along time, and so have been the various sand-boxing features systemdprovides. The Portable Services concept builds on that, putting thesefeatures together in a new, integrated way to make them more accessible andusable."

The latest feature release of Python, 3.7.0, hasbeen announced, along with the latest maintenance release forPython 3.6, 3.6.6.As noted on the "What's New InPython 3.7" page, there are many significant changes in therelease. These include postponedevaluation of type annotations (for performance and simpler forwardreferences to types), insertion-order preservation for dict objects is nowpart of the language, data classes havebeen added, async and await are now keywords,there are usability and performance improvements for asyncio, a newC API for thread-local storage has been added, and more. 3.7 will getbug fix updates until shortly after 3.8 is released (in roughly 18 months) and then willget security updates until mid-2023.3.6 will continue to get bug fixes through the end of 2018 and securityfixes into 2021.

Security updates have been issued by Debian (exiv2, firefox-esr, graphicsmagick, php-horde-crypt, ruby-passenger, tomcat7, and xen), Fedora (dcraw, file, kernel-tools, and mupdf), openSUSE (firefox and tiff), Oracle (kernel, libvirt, pki-core, and qemu-kvm), Red Hat (patch), SUSE (jpeg, python-Django, tiff, and unixODBC), and Ubuntu (jasper).

The LWN.net Weekly Edition for June 28, 2018 is available.