LWN.net

Linus has released the 4.13 kernel, right on schedule.Headline features in this release includekernel hardening via structure layoutrandomization,native TLS protocol support,better huge-page swapping,improved handling of writeback errors,better asynchronous I/O support,better power management via next-interruptprediction,the elimination of the DocBook toolchain for formatted documentation,and more. There is one other change that is called out explicitly in theannouncement: "The change in question is simply changing the default cifs behavior:instead of defaulting to SMB 1.0 (which you really should not use:just google for 'stop using SMB1' or similar), the default cifs mountnow defaults to a rather more modern SMB 3.0."

Steve McIntyre reports from a BoF session on the year-2038 problem atDebConf 17. "It's important that we work on fixing issues *now* to stop peoplebuilding broken things that will bite us. We all expect that our owncomputer systems will be fine by 2038; Debian systems will be fixedand working! We'll have rebuilt the world with new interfaces andfound the issues. The issues are going to be in the IoT, with systemsthat we won't be able to simply rebuild/verify/test - they'll fail. Weneed to get the underlying systems right ASAP for those systems."

The postmarketOS distribution looksback at its first 100 days. "One of our previously stated goalsis using the mainline Linux kernel on as many mobile devices aspossible. This is not as easy as it might sound, since many Linux-basedsmartphones (Android) require binary drivers which depend on very specifickernel versions. It's a tremendous task to rewrite these drivers to workwith the current kernel APIs. Nevertheless, some people have been doingthat since long before postmarketOS existed. In the case of the Nokia N900this has been going on for some number of years and almost all componentsare now supported in the mainline kernel. This has allowed us to use themainline kernel as the default kernel for the N900, jumping from Maemo's2.6.x to mainline 4.12!"

The 4.9.47,4.4.86, and3.18.69stable kernel updates have been released; each contains another set ofimportant fixes. Note that there is no 4.12 update in this series.

Running one's own mail system on the Internet has become an increasinglydifficult thing to do, to the point that many people don't bother, even ifthey have the necessary skills. Among the challenges is spam; withouteffective spam filtering, an email account will quickly drown under adeluge of vile offers, phishing attempts, malware, and alternative facts. Many ofus turn to SpamAssassin forthis task, but it's not the only alternative; Rspamd is increasingly worth considering inthis role. Your editor gave Rspamd a spin to get a sense for whetherswitching would be a good thing to do.

Security updates have been issued by CentOS (openssh, poppler, and thunderbird), Debian (graphicsmagick and openexr), Fedora (cacti, dnsdist, exim, groovy18, kernel, libsndfile, mingw-libzip, and taglib), Oracle (openssh), Red Hat (openssh), Scientific Linux (openssh), and SUSE (git and xen).

Allan Day sharessome welcome news about the GNOME status icon tray."GNOME 3 currently shows status icons in the bottom-left corner ofthe screen, in a tray that slides in and out. We know that this isn’t agood solution. The tray gets in the way and it generally feels quiteawkward. There’s a general consensus that we don’t want to continue withthis UI for the upcoming version of GNOME 3."

Security updates have been issued by Debian (connman, faad2, gnupg, imagemagick, libdbd-mysql-perl, mercurial, and php5), openSUSE (postgresql93 and samba and resource-agents), Oracle (poppler), Scientific Linux (poppler), SUSE (firefox and php7), and Ubuntu (pyjwt).

The Android Developers Blog has anoverview of the security features added to the kernel in the Android"Oreo" release. "Usercopy functions are used by the kernel totransfer data from user space to kernel space memory and back again. Since2014, missing or invalid bounds checking has caused about 45% of Android'skernel vulnerabilities. Hardened usercopy adds bounds checking to usercopyfunctions, which helps developers spot misuse and fix bugs in theircode. Also, if obscure driver bugs slip through, hardening these functionsprevents the exploitation of such bugs."

The LWN.net Weekly Edition for August 31, 2017 is available.

A nearly year-old "fix" to the main logging function used in the kernel,printk(), changed the appearance of some log messages in anunexpected way, at least for some.Messages that had appeared on a single line will now be spread over multiplelines as each call to printk() begins a new line in the outputunless the KERN_CONT flag is used.That is how a comment in the kernel code says it should work, but thechange was made by Linus Torvalds without any discussion orfanfare, so it took some by surprise.

In many ways, distributions shackle their users to particular versions oftools, libraries, and frameworks. Distributions do not do that to becruel, of course, but to try to ensure aconsistent and well-functioning experience across all of the software they ship. But users have often chafed at these restrictions, especiallyfor the fast-moving environments surrounding various web frameworks and theirdependencies. Fedora has been making an effort to make it easier for a single system tosupport these kinds of environments with its Modularityinitiative. In late July, Fedora announced apreview release of the server side of the Modularity equation, Boltron, which is aversion of the distribution that supports the initiative.

Stable kernels 4.12.10, 4.9.46, 4.4.85, and 3.18.68 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (libgcrypt20, poppler, and wordpress), Fedora (cvs, java-1.8.0-openjdk-aarch32, and postgresql), Mageia (gstreamer0.10-plugins-base, gstreamer1.0-plugins-base and libgit2), openSUSE (exim), Red Hat (instack-undercloud, openvswitch, and poppler), Scientific Linux (poppler), SUSE (kernel and quagga), and Ubuntu (linux-lts-trusty).

<p>Importing a module into a Python program is a pretty invasive operation; itdirectly runs code in the current process that has access to anything theprocess can reach. So it is not wildly surprising that a suggestion to adda way to directly import modules from remote sites was met with considerabledoubt—if not something approaching hostility. It turns out that the personsuggesting the change was not unaware of the security implications of theidea, but thought it had other redeeming qualities; others in thediscussion were less sanguine.

Stack-smashing attacks have a long history; they featured, for example, asa core part of the Morris worm back in1988. Restrictions on executing code on the stack have, to a great extent,put an end to such simple attacks, but that does not mean thatstack-smashing attacks are no longer a threat. Return-orientedprogramming (ROP) has become a common technique for compromising systems via astack-smashing vulnerability. There are various schemes out there fordefeating ROP attacks, but a mechanism called "RETGUARD" that is being implementedin OpenBSD is notable for its relative simplicity.

A team of Positive Technologies researchers describethe discovery of a mechanism that can disable Intel Management Engine(ME) 11 after hardware is initialized and the main processor starts."Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform. We see increasing interest in Intel ME internals from researchers all over the world. One of the reasons is the transition of this subsystem to new hardware (x86) and software (modified MINIX as an operating system). The x86 platform allows researchers to make use of the full power of binary code analysis tools. Previously, firmware analysis was difficult because earlier versions of ME were based on an ARCompact microcontroller with an unfamiliar set of instructions."

Security updates have been issued by Debian (ffmpeg, fontforge, and openjdk-7), Fedora (cvs, java-1.8.0-openjdk-aarch32, krb5, and mercurial), Mageia (chromium and libgxps), Red Hat (rh-nginx110-nginx), SUSE (java-1_7_1-ibm), and Ubuntu (ghostscript, kernel, linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, linux, linux-raspi2, linux-hwe, linux-lts-xenial, and python-crypto).

Like most actively developed programs, the kernel grows over time; therehave only been two development cycles ever (2.6.36 and 3.17) where thekernel as a whole was smaller than its predecessor. The kernel's internal API tends to grow insize and complexity along with the rest. The good thing about the internalAPI, though, is that it is completely under the control of the developmentcommunity and can be changed at any time. Among other things, that meansthat parts of the kernel's internal API can be removed if they are nolonger needed — or if their addition in the first place is deemed to be amistake. A pair of pending removals in the memory-management area shows howthis process can work.

Security updates have been issued by Debian (augeas, connman, fontforge, freeradius, git, mariadb-10.1, openjdk-7, php5, qemu, qemu-kvm, and tenshi), Fedora (augeas, libsndfile, thunderbird, and xen), Gentoo (AutoTrace and jbig2dec), Mageia (dbus, flash-player-plugin, groovy, groovy18, heimdal, kernel-linus, kmail(kdepimlibs4), libice, libmodplug, miniupnpc, and postgresql9.3/4/6), openSUSE (freeradius-server, gnome-shell, ImageMagick, and openvswitch), and SUSE (java-1_8_0-ibm, libzypp, and postgresql94).

Version 2.2.0 of the GNU Privacy Guard is out; this is the beginning of anew long-term stable series. Changes in this release are mostly minor, butit does now install as gpg rather than gpg2, and it willautomatically fetch keys from keyservers by default. "Note: this enables keyserver and Web Key Directory operators to notice when you intend to encrypt to a mail address without having the key locally. This new behaviour will eventually make key discovery much easier and mostly automatic."

The 4.13-rc7 kernel prepatch has beenreleased. "We had a few issues come up the past week, but nothing that isreally impacting the release schedule.So here's rc7, and I still expect this to the the last rc, althoughthe best-laid plans of mice and men.."

Version 1.9 of the Go languagehas been released. "The most important change to the language is theintroduction of type aliases: a feature created to support gradual coderepair." See the releasenotes for details.

Security updates have been issued by Fedora (taglib), Mageia (augeas, gstreamer1.0, perltidy, thunderbird, unrar, and xmlsec1), openSUSE (GraphicsMagick), and Oracle (kernel and thunderbird).

Greg Kroah-Hartman has announced the release of the 4.12.9, 4.9.45, 4.4.84, and 3.18.67 stable kernels. As usual, theycontain fixes throughout the tree and users should upgrade.

Over at Opensource.com, Heather Meeker, a lawyer who specializes in open-source licensing, published a lengthy FAQ on the GPL enforcement efforts of netfilter developer Patrick McHardy. In it, Meeker looks at how much code McHardy has contributed, specifics of the German legal system that may make it attractive to copyright trolling (or profiteering), and steps that companies and others can take to oppose these kinds of efforts."Copyright ownership in large projects such as the Linux kernel is complicated. It’s like a patchwork quilt. When developers contribute to the kernel, they don’t sign any contribution agreement or assignment of copyright. The GPL covers their contributions, and the recipient of a copy of the software gets a license, under GPL, directly from all the authors. (The kernel project uses a document called a Developer Certificate of Origin, which does not grant any copyright license.) The contributors’ individual rights exist side-by-side with rights in the project as a whole. So, an author like McHardy would generally own the copyright in the contributions he created, but not in the whole kernel."

As of this writing, the 4.13 kernel appears headed toward release onSeptember 3, after a nine-week development cycle. It must, therefore,be about time for a look at the statistics for this development cycle. Thepicture that results shows a fairly typical kernel cycle with, as usual,few surprises.

Security updates have been issued by Arch Linux (salt and thunderbird), Debian (aodh), Fedora (kernel and nginx), Mageia (apache, graphicsmagick, kernel-tmb, and openjpeg2), Red Hat (bind and thunderbird), Scientific Linux (thunderbird), and Ubuntu (python-pysaml2).

SUSE has let itbe known that it plans to continue developing and supporting the Btrfsfilesystem, regardless of what other distributors do. "If one of the rather small contributors to the btrfs filesystem announced to not support btrfs for production systems: should you wonder, whether SUSE, strongest contributor to btrfs today, would stop investing into btrfs?You probably shouldn’t.SUSE is committed to btrfs as the default filesystem for SUSE Linux Enterprise, and beyond."

The LWN.net Weekly Edition for August 24, 2017 is available.

Deficiencies in the startup time forPython, along with the collections.namedtuple()data structurebeing identified as part of the problem, led Guido van Rossum to decree that named tuples should be optimized. That immediately set off amini-storm of thoughts about the data structure and how it might beredesigned in the original python-dev thread, but Van Rossum directedparticipants over to python-ideas, where a number of alternatives were discussed. Theyranged from straightforward tweaks to address the most pressing performanceproblems to elevating named tuples to be a new top-level datastructure—joining regular tuples, lists, sets, dictionaries, and so on.

At DebConf17, John Sullivan, the executive director of the FSF,gave a talk on the supposed decline of the use ofcopyleft licenses in free-software projects. In his presentation, Sullivanquestioned the notion that permissive licenses, like the BSD or MITlicenses, are gaining ground at the expense of the traditionally dominantcopyleft licenses from the FSF. While there does seem to be a rise inthe use of permissive licenses, in general, there are several possibleexplanations for the phenomenon.

The D-Bus Broker Project is an effort to rethink the D-Bus message bus andproduce an implementation that addresses many of its longstanding problems;this project has now made its first public release. "Its aim is toprovide high performance and reliability, while keeping compatibility tothe D-Bus reference implementation. It is exclusively written for linuxsystems, and makes use of many modern features provided by recent linuxkernel releases." See thispost for an introduction to the project, or the GitHub page forsource. This is a purely user-space implementation.

Security updates have been issued by Arch Linux (curl), Debian (libxml2 and smb4k), Fedora (kernel and xen), Red Hat (ansible and java-1.6.0-ibm), and SUSE (firefox, freerdp, GraphicsMagick, postgresql93, and samba).

The persistent-memory arrays we're told we'll all be able to get somedaypromise high-speed, byte-addressable storage in massive quantities. TheLinux kernel community has been working to support thistechnology fully for a few years now, but there is one problem lacking a propersolution: allowing direct writes to persistent memory that is managed by afilesystem. None of the proposed solutions have yet madeit into the mainline, but that hasn't stopped developers from trying; nowtwo new patch sets addressing this issue are under consideration.

The release of the 2017 version of TeX Live had plenty of incrementalimprovements for the TeXcomputer typesetting system and the myriad of tools that go with it. Oneof the more significant changes, though, was the release of the 1.0.4version of LuaTeX, which allows users to embed Lua programs into their TeXdocuments. That ability allows creating non-standard and unusualtypesetting effects much more easily than it would be with TeX itself.Guest author Lee Phillips gives an overview of LuaTeX and shows some of thethings that can be accomplished using it.

Version 3.6.0 of the GnuTls TLS library is out. For details on thisrelease, see this overview."In short, this release introduces a new lock-free random generatorand adds new TLS extensions shared by both TLS 1.2 and 1.3, such as FiniteField Diffie Hellman negotiation, Ed25519 and RSA-PSS signatures. Theseadditions modernize the current TLS 1.2 support and pave the way for TLS1.3 support in the library. Furthermore, tlsfuzzer is introduced in ourcontinuous integration test suite. Tlsfuzzer, is a meticulous TLS testsuite, which tests the behavior of the implementation on various corner(and not) cases, and acts complementary to the internal GnuTLS test suiteand its unit testing."

Security updates have been issued by Debian (extplorer and libraw), Fedora (mingw-libsoup, python-tablib, ruby, and subversion), Mageia (avidemux, clamav, nasm, php-pear-CAS, and shutter), Oracle (xmlsec1), Red Hat (openssl tomcat), Scientific Linux (authconfig, bash, curl, evince, firefox, freeradius, gdm gnome-session, ghostscript, git, glibc, gnutls, groovy, GStreamer, gtk-vnc, httpd, java-1.7.0-openjdk, kernel, libreoffice, libsoup, libtasn1, log4j, mariadb, mercurial, NetworkManager, openldap, openssh, pidgin, pki-core, postgresql, python, qemu-kvm, samba, spice, subversion, tcpdump, tigervnc fltk, tomcat, X.org, and xmlsec1), SUSE (git), and Ubuntu (augeas, cvs, and texlive-base).

Oracle has announcedthat it is considering stepping back from management of the Java EnterpriseEdition. "We are discussing how we can improve the Java EEdevelopment process following the delivery of Java EE 8. We believe thatmoving Java EE technologies including reference implementations and testcompatibility kit to an open source foundation may be the right next step,in order to adopt more agile processes, implement more flexible licensing,and change the governance process. We plan on exploring this possibilitywith the community, our licensees and several candidate foundations to seeif we can move Java EE forward in this direction."

The first stop in the search for a free accounting system that can replaceQuickBooks is a familiar waypoint: the GnuCash application. GnuCash has beenaround for many years and is known primarily as a personal-finance tool,but it has acquired some business features as well. The question is: arethose business features solid enough to allow the program to serve as areplacement for QuickBooks?

The registration for the NetDev 2.2 networking conference is now open. It will be held in Seoul, Korea November 8-10. As usual, it will be preceded by the invitation-only Netconf for core kernel networking hackers. "Netdev 2.2 is a community-driven conference geared towards Linux netheads. Linux kernel networking and user space utilization of the interfaces to the Linux kernel networking subsystem are the focus. If you are using Linux as a boot system for proprietary networking, then this conference _may not be for you_." LWN covered these conferences in 2016 and earlier this year; with luck, we will cover these upcoming conferences as well.

Security updates have been issued by Arch Linux (newsbeuter), Debian (augeas, curl, ioquake3, libxml2, newsbeuter, and strongswan), Fedora (bodhi, chicken, chromium, cryptlib, cups-filters, cyrus-imapd, glibc, mingw-openjpeg2, mingw-postgresql, qpdf, and torbrowser-launcher), Gentoo (bzip2, evilvte, ghostscript-gpl, Ked Password Manager, and rar), Mageia (curl, cvs, fossil, jetty, kernel, kernel-linus, kernel-tmb, libmspack, mariadb, mercurial, potrace, ruby, and taglib), Oracle (kernel), Red Hat (xmlsec1), and Ubuntu (graphite2 and strongswan).

Gentoo has long provided a hardened kernel package, but that iscoming to an end. "As you may know the core ofsys-kernel/hardened-sources has been the grsecurity patches. Recently thegrsecurity developers have decided to limit access to these patches. As aresult, the Gentoo Hardened team is unable to ensure a regular patchingschedule and therefore the security of the users of these kernelsources. Thus, we will be masking hardened-sources on the 27th of Augustand will proceed to remove them from the package repository by the end ofSeptember."

The 4.13-rc6 kernel prepatch is out."So everything still looks on target for a normal release schedule,which would imply rc7 next weekend, and then the final 4.13 the weekafter that.Unless something happens, of course. Tomorrow is the solar eclipse,and maybe it brings doom and gloom even beyond the expected Oregontrafficalypse. You never know."

Power-efficient workqueues were first introduced in the 3.11 kernel release; since then, fifty or sosubsystems and drivers have been updated to use them. These workqueuescan be especially useful on handheld devices (like tablets andsmartphones), where power is at a premium.ARM platforms with power-efficient workqueues enabled on Ubuntu andAndroid have shown significant improvements in energy consumption (up to15% for some use cases).

Security updates have been issued by Debian (kernel and libmspack), Fedora (groovy18 and nasm), openSUSE (curl, java-1_8_0-openjdk, libplist, shutter, and thunderbird), Oracle (git, groovy, kernel, and mercurial), Red Hat (rh-git29-git), SUSE (openvswitch), and Ubuntu (c-ares, clamav, firefox, libmspack, and openjdk-7).

Security updates have been issued by CentOS (git), Debian (firefox-esr and mariadb-10.0), Gentoo (bind and tnef), Mageia (kauth, kdelibs4, poppler, subversion, and vim), openSUSE (fossil, git, libheimdal, libxml2, minicom, nodejs4, nodejs6, openjpeg2, openldap2, potrace, subversion, and taglib), Oracle (git and kernel), Red Hat (git, groovy, httpd24-httpd, and mercurial), Scientific Linux (git), and SUSE (freeradius-server, ImageMagick, and subversion).

The LWN.net Weekly Edition for August 17, 2017 is available.

Stable kernels 4.12.8, 4.9.44, 4.4.83, and 3.18.66 have been released. Each contains important fixes throughout the tree and users should upgrade.

<p>A bug that allows an attacker to overwrite a function pointer in the kernelopens up a relativelyeasy way to compromise the kernel—doubly so, if an attacker simplyneeds to wait for the kernel use the compromised pointer. There are varioustechniques that can be used to protect kernel function pointers that areset at either compile or initialization time, but there are some pointersthat are routinely set as the kernel runs; timer completion functions are agood example. An RFC patch posted to the kernel-hardening mailing listwould add a way to detect that those function pointers have been changedin an unexpected way and to stop the kernel from executing that code.