LWN.net

The 5.15.9, 5.10.86, and 5.4.166 stable kernels have beenreleased. "Only change here is a permission setting of a netfilterselftest file. No need to upgrade if this problem is not bothering you."

By now, most readers will likely have seen something about the Log4j vulnerability that has been making life miserable for system administratorssince its disclosure on December 9. This bug is relatively easy toexploit, results in remote code execution, and lurks on servers all acrossthe net; it is not hyperbolic to call it one of the worst vulnerabilitiesthat has been disclosed in some years. In a sense, the lessons from Log4jhave little new to teach us, but this bug does highlight some problems inthe free-software ecosystem in an unambiguous way.

Security updates have been issued by Debian (apache-log4j2 and mediawiki), Fedora (libmysofa, libolm, and vim), Oracle (httpd), Red Hat (go-toolset:rhel8), and Ubuntu (apache-log4j2 and mumble).

The LWN.net Weekly Edition for December 16, 2021 is available.

When last we looked in on the great typing PEPdebate for Python, back in August, two PEPs were still beingdiscussed as alternatives for handling annotations in the language.The steering council was considering the issue after deferring on adecision for the Python 3.10 release, but the question has beendeferred again for Python 3.11. More study is needed and the councilis looking for help from the Python community to guide itsdecision. In the meantime, though, discussion about the deferral has ledto the understanding that annotations are not a general-purpose feature,but are only meant for typing information. In addition, there is a growingrealization that typing information is effectively becoming mandatoryfor Python libraries.

Version1.0 of the mold linker has been released.

Security updates have been issued by Fedora (libopenmpt), openSUSE (icu.691, log4j, nim, postgresql10, and xorg-x11-server), Red Hat (idm:DL1), SUSE (gettext-runtime, icu.691, runc, storm, storm-kit, and xorg-x11-server), and Ubuntu (xorg-server, xorg-server-hwe-18.04, xwayland).

Version21.12 of the Kdenlive video editor is out.

Adding fs-verity file-integrity informationto RPM packages for Fedora 36 is the topic of a recent discussion on the Fedora devel mailing list. The featurewould provide a means to install files from RPM packages as read-only filesthat cannot be read or otherwise operated on if the data in the files changesat any point. The proposal is mostly about making the plumbing availablefor use cases that are not particularly clear—which has led to somequestions and skepticism among those participating in the thread.

Stable kernels 5.15.8, 5.10.85, 5.4.165, 4.19.221, 4.14.258, 4.9.293, and 4.4.295 have been released. As usual thereare important fixes and users should upgrade.

Security updates have been issued by Debian (libsamplerate and raptor2), Fedora (pam-u2f and python-markdown2), openSUSE (chromium, fetchmail, ImageMagick, and postgresql10), Oracle (samba), SUSE (fetchmail, postgresql10, python-pip, python3, and sles12sp2-docker-image), and Ubuntu (apache-log4j2, flatpak, glib, and samba).

Email is often seen as a technology with a dim future; it is slow, easilyfaked, and buried in spam. Kids These Days want nothing to do with it, andemail has lost its charm with many others as well.But many development projects are still dependent on it, and evennon-developers still cope with large volumes of mail. While developmentforges show one possible path away from email, they are not the only one.What if new structures could be built on top of email to address some ofits worst problems while keeping the good parts that many projects dependon? The "lei" system recently launched by Konstantin Ryabitsev is a hintof how such a future might look.

Security updates have been issued by Arch Linux (chromium, firefox, gitlab, grafana, grafana-agent, thunderbird, and vivaldi), Debian (apache-log4j2, privoxy, and wireshark), Fedora (firefox, grub2, mariadb, mod_auth_openidc, rust-drg, rust-tiny_http, and rust-tiny_http0.6), Mageia (chromium-browser-stable, curaengine, fetchmail, firefox, libvirt, log4j, opencontainers-runc, python-django, speex, and thunderbird), openSUSE (clamav, firefox, glib-networking, glibc, gmp, ImageMagick, log4j, nodejs12, nodejs14, php7, python-Babel, python-pip, webkit2gtk3, and wireshark), Red Hat (mailman:2.1 and samba), and SUSE (bcm43xx-firmware, firefox, glib-networking, ImageMagick, kernel-rt, and python-pip).

The Electronic Frontier Foundation warnsagainst Manifest V3, a set of changes coming to a Chrome browser nearyou.

The 5.16-rc5 kernel prepatch is out fortesting.

For those who have not yet seen it, thisadvisory from Apache describes a nasty vulnerability in the widely usedLog4j package.

Guido van Rossum has posted the sad news that longtime Pythoncontributor Fredrik Lundh has died.

The "Meta for Developers" blog has anintroduction to the drgn kernel debugger.

Regressions are no fun; among other things, finding the source of aregression among thousands of changes can be a needle-in-the-haystack sortof problem. The gitbisect command can help; it is a (relatively) easy way to sift through large numbers of commits to find the one that introduces a regression. When itworks well, it can quickly point out the change that causes a specificproblem. Bisection is not a perfect tool, though; it can go badly wrong insituations where a bug cannot be reliably reproduced. In an attempt tomake bisection more useful in such cases, Jan Kara is proposing to add "stochasticbisection" support to Git.

Security updates have been issued by Debian (python-babel), Fedora (golang-github-opencontainers-image-spec and libmysofa), openSUSE (hiredis), Oracle (firefox and thunderbird), Red Hat (thunderbird and virt:8.2 and virt-devel:8.2), Scientific Linux (thunderbird), SUSE (kernel-rt and xen), and Ubuntu (firefox).

PostgreSQL developer Robert Haas has beguna blog series on what would be needed to allow database administratorsto safely delegate superuser powers.

The Spectre class of vulnerabilities was given that name because, it wasthought, these problems would haunt us for a long time. As the fourthanniversary of the disclosure of Meltdown andSpectre approaches, there is no reason to doubt the accuracy of thatname. One of the more recent Spectre variants goes by the name "straight-linespeculation"; it was first disclosed in June 2020, but fixes are stilltrying to find their way into the compilers and the kernel.

Security updates have been issued by Fedora (firefox, libopenmpt, matrix-synapse, vim, and xen), Mageia (gmp, heimdal, libsndfile, nginx/vsftpd, openjdk, sharpziplib/mono-tools, and vim), Red Hat (java-1.8.0-ibm), Scientific Linux (firefox), SUSE (kernel-rt), and Ubuntu (bluez).

The LWN.net Weekly Edition for December 9, 2021 is available.

Feature deprecations are often controversial, but many projects find itnecessary, or desirable, to lose some of the baggage that has accreted overtime. A mid-November request to get rid of three Python standard librarymodules provides a case in point. It was initially greeted as a good ideasince the modules had been officially deprecated starting withPython 3.6; there are better ways to accomplish theirtasks now. But, of course, removing a module breaks any project that usesit, at least without the project making some, perhaps even trivial,changes. The cost of that is not insignificant, and the value in doing sois not always clear, which led to higher-level conversation about deprecations.

Stable kernels 5.15.7, 5.10.84, 5.4.164, 4.19.220, 4.14.257, 4.9.292, and 4.4.294 have been released. They all containimportant fixes and users of those series should upgrade.

Security updates have been issued by Debian (nss), Fedora (rubygem-rmagick), openSUSE (xen), Red Hat (firefox and nss), SUSE (kernel and xen), and Ubuntu (mailman and nss).

The Linux random-number generator (RNG) seems to attract an outsized amount of attention (and work) for what is, or seemingly should be, a fairly smallcomponent of the kernel. In part that is because random numbers, andtheir quality, are extremely important to a number of securityprotections, from unpredictable IP-packet sequence numbers to cryptographickeys. A recent post ofversion 43 of the Linux Random Number Generator (LRNG) by Stephan Müller is not likely to go any further than itspredecessors, but the discussion around it may lead to support for afeature that some distributions need.

Firefox 95.0 is nowavailable. With this version the RLBoxsandboxing technology is enabled on all platforms, as is the SiteIsolation security architecture, which protects against side-channelattacks.Firefox ESR91.4.0 is also available with various securityfixes.

Security updates have been issued by CentOS (nss), Debian (roundcube and runc), openSUSE (aaa_base, brotli, clamav, glib-networking, gmp, go1.16, hiredis, kernel, mozilla-nss, nodejs12, nodejs14, openexr, openssh, php7, python-Babel, ruby2.5, speex, wireshark, and xen), Oracle (kernel and nss), Red Hat (kpatch-patch, nss, rpm, and thunderbird), SUSE (brotli, clamav, glib-networking, gmp, kernel, mariadb, mozilla-nss, nodejs12, nodejs14, openssh, php7, python-Babel, and wireshark), and Ubuntu (busybox, mariadb-10.3, mariadb-10.5, python-django, and samba).

For those who would like to catch up on what the Linux Foundation has beendoing, the 2021annual report is available as an 87-page PDF file.

Reference counts are a commonly used mechanism for tracking the life cycleof objects in a computing system. As long as every user of an objectcorrectly maintains its references by incrementing and decrementing thereference count, that object will persist for as long as itis neededand will be properly destroyed once the last user is done. The "correctly"in that sentence is important, though; things do not workas well in the presence of reference-counting errors. Networkingdeveloper Eric Dumazet is working on areference-count tracking system that could prove useful for findingthese errors in the networking subsystem and, someday, throughout the kernel.

Security updates have been issued by Arch Linux (isync, lib32-nss, nss, opera, and vivaldi), Debian (gerbv and xen), Fedora (autotrace, chafa, converseen, digikam, dmtx-utils, dvdauthor, eom, kxstitch, libsndfile, nss, pfstools, php-pecl-imagick, psiconv, q, R-magick, rss-glx, rubygem-rmagick, seamonkey, skopeo, synfig, synfigstudio, vdr-scraper2vdr, vdr-skinelchihd, vdr-skinnopacity, vdr-tvguide, vim, vips, and WindowMaker), Mageia (golang, kernel, kernel-linus, mariadb, and vim), openSUSE (aaa_base, python-Pygments, singularity, and tor), Red Hat (nss), Slackware (mozilla), SUSE (aaa_base, kernel, openssh, php74, and xen), and Ubuntu (libmodbus, lrzip, samba, and uriparser).

The fourth 5.16 kernel prepatch is out fortesting. "Nothing looks all that scary, although I certainly hopethe kvm side will calm down".

The CentOS blog has announced the release of CentOS Stream 9:

It is natural, when looking at the kernel development process, to focus onpatches that find their way to acceptance and become a part of futurekernels. But there can be value in looking at work that doesn't clear thebar; in failing, these patches often reveal things about the kernel and thecommunity that creates it. Such is the case with the proof-of-conceptnamespacefspatch series recently posted by Yordan Karadzhov. One should notexpect to see namespacefs in a future kernel but, in failing, this workshowed a real use case and why it is hard to satisfy that use case in thekernel.

Security updates have been issued by CentOS (krb5 and mailman), Debian (gmp and librecad), Fedora (php-symfony4 and wireshark), Mageia (bluez, busybox, docker-containerd, gfbgraph, hivex, nss, perl/perl-Encode, and udisks2/libblockdev), openSUSE (permissions), Oracle (mailman and mailman:2.1), Red Hat (mailman, mailman:2.1, and nss), Scientific Linux (mailman and nss), and SUSE (nodejs14).

Writing (correct) concurrent code that uses locking to avoid raceconditions is difficult enough. When the objective is to use lockless algorithms, relying on memorybarriers instead of locks to eliminate locking overhead, the problembecomes harder still. Bugs are easy to create and hard to find in this type of code.There may be some help on the way, though, in the form of thispatch set from Marco Elver that enhances the KernelConcurrency Sanitizer (KCSAN) with the ability to detect some types of missingmemory barriers.

Version1.57.0 of the Rust language is out. "Rust 1.57 brings panic! toconst contexts, adds support for custom profiles to Cargo, and stabilizesfallible reservation APIs."

Over on the Project Zero blog, Tavis Ormandy has a lengthy postmortem on a vulnerability that he found in the Network Security Services (NSS) cryptography library. The vulnerability is a bog-standard buffer overflow that has existed in the library since 2012 despite various kinds of static analysis, testing, and fuzzing that Mozilla and others have applied to it over the years. He found it with a new fuzzing technique:

Security updates have been issued by CentOS (kernel, openssh, and rpm), Debian (nss), Fedora (seamonkey), Mageia (glibc), openSUSE (go1.16, go1.17, kernel, mariadb, netcdf, openexr, poppler, python-Pygments, python-sqlparse, ruby2.5, speex, and webkit2gtk3), Oracle (nss), Red Hat (nss), SUSE (clamav, glibc, gmp, go1.16, go1.17, kernel, mariadb, netcdf, OpenEXR, openexr, openssh, poppler, python-Pygments, python-sqlparse, ruby2.1, ruby2.5, speex, webkit2gtk3, and xen), and Ubuntu (nss and thunderbird).

The LWN.net Weekly Edition for December 2, 2021 is available.

A seemingly straightforward question aimed at candidates for the in-progressFedoraelections led to a discussion on the Fedora devel mailing list thatbranched into a few different directions. The question was related to astruggle that the distribution has had before: whether using non-free Gitforges is appropriate. One of thedifferences this time, though, is that the focus is on where source-git (or src-git)repositories will be hosted, which is a separate question from where the dist-git repositorylives.

The Software Freedom Conservancy providesan update on its suit against Vizio forcopyleft license violations. Vizio's response was not to release thesource code:

Stable kernels 5.15.6, 5.10.83, 5.4.163, and 4.19.219 have been released. They all containimportant fixes throughout the tree. Users of those series should upgrade.

Security updates have been issued by Debian (rsync, rsyslog, and uriparser), Fedora (containerd, freeipa, golang-github-containerd-ttrpc, libdxfrw, libldb, librecad, mingw-speex, moby-engine, samba, and xen), Red Hat (kernel, kernel-rt, kpatch-patch, and samba), and Ubuntu (linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13, linux-oracle, linux-raspi, and linux-oem-5.14).

Version1.7 of the Julia programming language has been released. The list ofnew features is long; see the release announcement and this LWN article for the details.

While there are few rules on the names of variables, classes, functions,and so on (i.e. identifiers) in the Python language, there are someguidelines on how those things should be named. But, of course, thoseguidelines were not always followed in the standard library, especially in the early years of the project. Asuggestion to add aliases to the standard library foridentifiers that do not follow the guidelines seems highly unlikely to goanywhere, but it led to an interesting discussion on the python-ideas mailing list.

Security updates have been issued by Debian (samba), Fedora (kernel), openSUSE (netcdf and tor), SUSE (netcdf and python-Pygments), and Ubuntu (imagemagick).

One of the key features of the extended BPF virtual machine is the verifierbuilt into the kernel that ensures that all BPF programs are safe to run.BPF developers often see the verifier as a bit of a mixed blessing, though;while it can catch a lot of problems before they happen, it can also behard to please. Comparisons with a well-meaning but rule-bound and pickybureaucracy would not be entirely misplaced. The bpf_loop()proposal from Joanne Koong is an attempt to make pleasing the BPFbureaucrats a bit easier for one type of loop construct.