LWN.net

The New Stack coversa conference talk by Bjarne Stroustrup on turning C++ into a saferlanguage.

The 6.6 kernel was released,right on schedule, on October29. This development cycle saw theaddition of 14,069 non-merge changesets from 1,978 developers - fairlytypical numbers for recent releases. The time has come for LWN'straditional look at where the changes in this release came from, along witha look at the longer development "supercycle" that (probably) ends with6.6.

Security updates have been issued by Debian (distro-info, distro-info-data, gst-plugins-bad1.0, node-browserify-sign, nss, openjdk-11, and thunderbird), Fedora (chromium, curl, nghttp2, and xorg-x11-server-Xwayland), Gentoo (Dovecot, Rack, rxvt-unicode, and UnZip), Mageia (apache, bind, and vim), Red Hat (varnish:6), SUSE (nodejs12, opera, python-bugzilla, python-Django, and vorbis-tools), and Ubuntu (exim4, firefox, nodejs, and slurm-llnl, slurm-wlm).

Linus has released the 6.6 kernel. "Sothis last week has been pretty calm, and I have absolutely no excuses todelay the v6.6 release any more, so here it is."Headline features in 6.6 include the earliesteligible virtual deadline first (EEVDF) CPU scheduler, a number ofenhancements (quota support, user extended attributes, direct I/O) to thetmpfs filesystem, the fchmodat2()system call, initial support for building akernel without buffer-head support, the kmalloc() randomness patches, user-space shadow stacks for Intel CPUs, andquite a bit more. See the LWN merge window summaries (part1, part2) and the KernelNewbies 6.6 page formore information.

User-space developers working with highly threaded applications would oftenlike to be able to use spinlocks to protect shared data structures fromconcurrent access. There is a fundamental problem with user-spacespinlocks, though: there is no way to prevent a thread from beingpreempted. Various ways of working around this problem have been explored,but thispatch from Steven Rostedt questions the premise on which much of thatwork is based: what if it were possible to prevent preemption, for ashort period at least?

For a view into the OpenBSD approach to security, see this message fromTheo de Raadt, where he describes a plan to remove the syscall() system call(which allows the invocation of any available system call by providing itsnumber) from the kernel. The purpose, of course, is to make it harder foran attacker to invoke an arbitrary system call, even if they are able torun some code on the target system.

Security updates have been issued by Debian (chromium and firefox-esr), Fedora (firefox, redis, samba, and xen), Oracle (python39:3.9, python39-devel:3.9), Slackware (mozilla and xorg), and SUSE (libnbd, open-vm-tools, python, sox, vorbis-tools, and zchunk).

The C programming language is replete with features that seemed like a goodidea at the time (and perhaps even were good ideas then) that have not agedwell. Most would likely agree that string handling, and the use ofNUL-terminated strings, is one of those. Kernel developers have, foryears, tried to improve the handling of strings in an attempt to slow theflow of bugs and vulnerabilities that result from mistakes in that area.Now there is an early discussion on the idea of moving away fromNUL-terminated strings in much of the kernel.

Security updates have been issued by Debian (firefox-esr and xorg-server), Fedora (firefox, mbedtls, nodejs18, nodejs20, and xen), Gentoo (libinput, unifi, and USBView), Mageia (python-nltk), Oracle (linux-firmware), Red Hat (nginx:1.22), SUSE (chromium, firefox, java-11-openjdk, jetty-minimal, nghttp2, nodejs18, webkit2gtk3, and zlib), and Ubuntu (linux, linux-lowlatency, linux-oracle-5.15, vim, and xorg-server, xwayland).

The LWN.net Weekly Edition for October 26, 2023 is available.

The kernel has, for many years, had the ability to control how memoryallocation is performed in systems with multiple NUMA nodes. Morerecently, NUMA nodes have also been pressed into service to representdifferent classes of memory; those nodes are now organized into tiersaccording to their performance characteristics. While memory-allocationpolicies can control the placement of pages at the NUMA-node level, thekernel provides no way to connect those policies with memory tiers. Thispatch series from Gregory Price aims to change this situation byallowing allocations to be placed across tiers in a weighted manner.

The Python Steering Council has posted adetailed plan for the addition of "free-threaded" (no globalinterpreter lock) support into the Python mainline. It will not be a shortprocess and does not have a guaranteed successful outcome.

The6.5.9,6.1.60,5.15.137,5.10.199,5.4.259,4.19.297, and4.14.328stable kernels have all been released; each contains another set ofimportant fixes.

Security updates have been issued by Debian (gst-plugins-bad1.0, openssl, roundcube, and xorg-server), Fedora (dotnet6.0, dotnet7.0, roundcubemail, and wordpress), Mageia (redis), Oracle (dnsmasq, python27:2.7, python3, tomcat, and varnish), Red Hat (python39:3.9, python39-devel:3.9), Slackware (mozilla and vim), SUSE (openssl-3, poppler, ruby2.5, and xen), and Ubuntu (.Net, linux-gcp-5.15, linux-gkeop-5.15, linux-intel-iotg-5.15, linux-starfive-6.2, mysql-5.7, ncurses, and openssl).

Many home-automation devices come with their own mobile app or cloudservice. However, using multiple apps or services isinconvenient, so it's (purposely) tempting to only buy devices from the samevendor, but this can lead to lock-in. One project that letsusers manage home-automation devices from various vendors without lock-inis Home Assistant. Over itsten-year existence, it has developed into a user-friendly home-automationplatform that caters to both technically inclined and less tech-savvypeople.

Version119.0 of the Firefox browser has been released. The list of changesincludes improvements to FirefoxView, some PDF-editing improvements, better cookie protection, encryptedclient hello support, and more.

Security updates have been issued by Debian (ceph and dbus), Fedora (cachelib, fb303, fbthrift, fizz, folly, matrix-synapse, mcrouter, mvfst, nats-server, nodejs18, proxygen, wangle, watchman, and wdt), Mageia (libcue), Oracle (18, grafana, kernel, nodejs, nodejs:16, nodejs:18, php, php:8.0, and tomcat), Red Hat (python27:2.7, python3, python39:3.9, python39-devel:3.9, toolbox, varnish, and varnish:6), SUSE (fwupdate, gcc13, icu73_2, netty, netty-tcnative, and xen), and Ubuntu (aom, ffmpeg, libvpx, libxpm, linux-aws, linux-gcp-5.4, php7.0, php7.2, ring, and sofia-sip).

The 2023 election for members of the Linux Foundation Technical AdvisoryBoard will be held during the upcoming LinuxPlumbers Conference. The callfor nominees has been posted.

It is probably fair to say that most Linux users spend little time thinkingabout the troff typesetting program, despite that application'sgroundbreaking role in computing history. Troff (along with nroff) isstill with us, though, even if they are called groff these days, and everynow and then they make their presence known. A recent groff change createda bit of a tempest within the Debian community, and has effectively beenreverted there. It all comes down to the question of what, exactly, is thecharacter used to mark command-line options on Unix systems?

Security updates have been issued by Debian (krb5, redis, roundcube, ruby-rack, ruby-rmagick, zabbix, and zookeeper), Fedora (ansible-core, chromium, libvpx, mingw-xerces-c, python-asgiref, python-django, and vim), Mageia (cadence, kernel, kernel-linus, libxml2, nodejs, and shadow-utils), Oracle (nghttp2), Slackware (LibRaw), and SUSE (chromium, java-11-openjdk, nodejs18, python-Django, python-urllib3, and suse-module-tools).

Linus has released 6.6-rc7 for testing.

Jeff Xu recently proposedthe addition of a new system call, named mseal(), that would allowapplications to prevent modifications to selected memory mappings. Itwould enable the hardening of user-space applications against certain typesof attacks; some other operating systems have this type of feature already.There is support for adding this type of mechanism to the Linux kernel aswell, but it has become clear that mseal() will not land in themainline in anything resembling its current form. Instead, it has becomean example of how not to do kernel development at a number of levels.

Security updates have been issued by Debian (linux-5.10 and webkit2gtk), Fedora (matrix-synapse and trafficserver), Mageia (chromium-browser-stable, ghostscript, libxpm, and ruby-RedCloth), Oracle (.NET 7.0, curl, dotnet7.0, galera, mariadb, go-toolset, golang, java-1.8.0-openjdk, and python-reportlab), Red Hat (php, php:8.0, tomcat, and varnish), Slackware (httpd), SUSE (bluetuith, grub2, kernel, rxvt-unicode, and suse-module-tools), and Ubuntu (dotnet6, dotnet7, dotnet8, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15,linux-nvidia, linux-oracle, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-gcp-6.2, linux-hwe-6.2, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-6.2, linux-oracle, linux-raspi, linux-starfive, linux, linux-aws, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-bluefield, linux-intel-iotg, linux-oem-6.1, linux-raspi, and mutt).

The6.5.8,6.1.59, and5.15.136stable kernel updates have been released; each contains another set ofimportant fixes.

When considering the interface provided by the GNU C Library (glibc),thoughts naturally turn to the programming interface as specified by POSIX,along with numerous extensions added over the years. But glibc alsoprovides a "tunables" interface to control how the library operates; ratherthan being managed by a C API, tunables are set with theGLIBC_TUNABLES environmentvariable. Glibc tunables have been a part of a few security problemsinvolving setuid binaries, most recently the "LooneyTunables" bug disclosed at the beginning of October. The glibcdevelopers are now considering significant changes to tunable handling inthe hope of avoiding such problems in the future.

Security updates have been issued by Debian (node-babel), Fedora (moodle), Gentoo (mailutils), Oracle (go-toolset:ol8 and java-11-openjdk), Red Hat (ghostscript, grafana, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, nghttp2, nodejs:16, nodejs:18, and rhc-worker-script), SUSE (cni, cni-plugins, container-suseconnect, containerd, cups, exim, grub2, helm, libeconf, nodejs18, python3, runc, slurm, supportutils, and tomcat), and Ubuntu (glib2.0, openssl, and vips).

The LWN.net Weekly Edition for October 19, 2023 is available.

Open-source hardware (or open hardware) refers to hardware that isdeveloped in a manner similar to open-source software. There's a widelyaccepted definition of open-source hardware, but it is probably not as wellknown as its open-source-software counterpart. In addition, there is a popularcertification program that hardware makers can use to indicate which oftheir devices meets that criteria. But there are some vendors that areshowing more enthusiasm than others in participating in the process-or inproducing open hardware at all.

The GNOME Foundation has announcedthe hiring of Holly Million as its new executive director.

Security updates have been issued by Debian (slurm-wlm), Fedora (icecat and python-configobj), Oracle (dotnet6.0, kernel-container, nginx, nginx:1.20, nginx:1.22, and python3.9), Red Hat (bind9.16, curl, dotnet6.0, kernel-rt, kpatch-patch, nghttp2, nodejs, python-reportlab, and virt:rhel), Slackware (util), SUSE (buildah, conmon, erlang, glibc, kernel, nghttp2, opensc, python-urllib3, samba, slurm, and suse-module-tools), and Ubuntu (frr, linux-azure, and pmix).

The Linux kernel has supported restartablesequences (sometimes referred to as "RSEQ") since 2018, but it remainsa bit of a niche feature, mostly useful to performance-oriented developerswho do not mind writing assembly code. According to Mathieu Desnoyers, the developerbehind the kernel's implementation of restartable sequences, this featurecan be applicable to a much wider range of performance-sensitive code withproper library support. He came to the 2023 GNU Tools Cauldron topresent the case for use of restartable sequences within the GNU C Library(glibc).

Security updates have been issued by Debian (axis, nghttp2, node-babel7, and tomcat9), Fedora (curl and ghostscript), Oracle (bind, kernel-container, mariadb:10.5, and python3.11), Red Hat (.NET 7.0, go-toolset, golang, and go-toolset:rhel8), SUSE (kernel, libcue, libxml2, python-Django, and python-gevent), and Ubuntu (curl, ghostscript, iperf3, libcue, python2.7, quagga, and samba).

OpenBSD 7.4 is out. Changes include a new kqueue1() system callthat allows close-on-exec behavior, support for better arm64 control-flowintegrity, support for TCP segmentation offloading, and much more.

Following up from last year's first Image-BasedLinux Summit), a second meeting was held in Berlin on September 12th,2023, the day before All Systems Go!2023, at the Microsoft office. The goal of these summits is to findcommon ground among stakeholders from various engineering groups around thetopic of image-based Linux distributions, communicate progress, and attemptto build a strategy to tackle shared problems together. The organizers -Luca Boccassi, Lennart Poettering, and Christian Brauner - welcomedparticipants from the UAPI Group,which draws developers from a long list of companies with an interest inthis area, and spent the full day discussing a variety of topics. Fullminutes have been published on the UAPI Group's web site.

Security updates have been issued by Debian (batik, poppler, and tomcat9), Fedora (chromium, composer, curl, emacs, ghostscript, libwebp, libXpm, netatalk, nghttp2, python-asgiref, python-django, and webkitgtk), Mageia (curl and libX11), Oracle (bind, busybox, firefox, and kernel), Red Hat (curl, dotnet6.0, dotnet7.0, and nginx), SUSE (chromium, cni, cni-plugins, grub2, netatalk, opensc, opera, and wireshark), and Ubuntu (iperf3).

The 6.6-rc6 kernel prepatch is out fortesting. "So the previous week has been pretty calm, and a lot of thediscussion has been about future changes as so often happens late in therelease cycle."

The 6.1.58 stable kernel update has beenreleased; it consists mostly of a handful of reverts in the NFS subsystem.

The primary job of a compiler is to translate source code into a binaryform that can be run by a computer. Increasingly, though, developers wantmore from their tools, compilers included. Since the compiler mustunderstand the code it is being asked to translate, it is in a goodposition to provide information about how that code will execute - andwhere things might go wrong. At the 2023 GNU Tools Cauldron,David Malcolm talked about recent work to improve the diagnostic outputfrom the GCC compiler.

Version23.10 of the Ubuntu distribution is out. Changes include support forhardware-backed full-disk encryption, tighter control over user namespaces,a new App Center application, and more.

Version23.05.0 of the OpenWrt distribution has been released: "OpenWrt23.05 supports over 1790 devices. Support for over 200 new devices wasadded in addition to the device support by OpenWrt 22.03". Along withnew device support, this release features a switch to the mbedtlscryptographic library, the ability to include utilities written in Rust, anupdated toolchain, and more.

Security updates have been issued by Debian (chromium, tomcat9, and webkit2gtk), Fedora (cacti, cacti-spine, grafana-pcp, libcue, mbedtls, samba, and vim), Oracle (kernel, libvpx, and thunderbird), Red Hat (bind and galera, mariadb), SUSE (exiv2, go1.20, go1.21, and kernel), and Ubuntu (ffmpeg).

The Civil Infrastructure Platform project has announcedthat it will be maintaining the 6.1 kernel for a minimum of ten years pastits initial release (and, thus, through 2032).

Programs running in the BPF machine can, depending on how they areattached, perform a number of privileged operations; the ability to loadand run those programs, thus, must be a privileged operation in its ownright. Almost since the beginning of the extended-BPF era, developers havestruggled to find a way to allow users to run the programs they needwithout giving away more privilege than is necessary. Earlier this year,the idea of a BPF token ran into someopposition from security-oriented developers. Andrii Nakryiko has sincereturned with anupdated patch set that significantly increases the granularity of theprivileges that can be conferred with a BPF token.

Security updates have been issued by Debian (libcue, org-mode, python3.7, and samba), Fedora (libcue, oneVPL, oneVPL-intel-gpu, and xen), Mageia (glibc), Oracle (glibc, kernel, libssh2, libvpx, nodejs, and python-reportlab), Slackware (libcaca), SUSE (gsl, ImageMagick, kernel, opensc, python-urllib3, qemu, rage-encryption, samba, and xen), and Ubuntu (curl and samba).

The LWN.net Weekly Edition for October 12, 2023 is available.

While the vulnerability itself is pretty run-of-the-mill, the recently disclosedGNOME vulnerability has a number of interesting facets. The problem liesin a library that reads files in a fairly obscure format, but it turns outthat files in that format are routinely-automatically-processed by GNOME ifthey are downloaded to the local system. That turns a vulnerability in alargely unknown library into a one-click remote-code-execution flaw forthe GNOME desktop.

Version8.4.0 of the curl data-transfer tool has been released, mostly inresponse to a relatively severe security vulnerability that can betriggered when a SOCKS5 proxy server is in use. See thisblog post for details on what went wrong. "In hindsight, shipping aheap overflow in code installed in over twenty billion instances is not anexperience I would recommend."

Security updates have been issued by Debian (curl, mediawiki, tomcat10, and tomcat9), Fedora (libcaca, oneVPL, oneVPL-intel-gpu, and tracker-miners), Gentoo (curl), Mageia (cups and firefox, thunderbird), Red Hat (curl, kernel, kernel-rt, kpatch-patch, libqb, libssh2, linux-firmware, python-reportlab, tar, and the virt:rhel module), Slackware (curl, libcue, libnotify, nghttp2, and samba), SUSE (conmon, curl, glibc, kernel, php-composer2, python-reportlab, samba, and shadow), and Ubuntu (curl, dotnet6, dotnet7, firefox, libx11, samba, tiff, and webkit2gtk).

The6.5.7,6.1.57,5.15.135,5.10.198,5.4.258,4.19.296, and4.14.327stable kernel updates have all been released; each contains another set ofimportant fixes.

Back at the end of July, the Python steering council announcedits intention to approve the proposal to make the global interpreter lock(GIL) optional over the next few Python releases. The details of thatacceptance are still being decided on, but work on the feature isproceeding-in discussion form at least. Beyond that, though, there areefforts underway to solve that hardest of problems in computerscience, naming, for the no-GIL version.