LWN.net

The LWN.net Weekly Edition for May 6, 2021 is available.

The era of tracking users all across the web using third-partycookies is coming to a close; that type of cookie issomething of a zombie at this point. All of the major browsers, saveone, are blocking third-party cookies by default and the holdout, GoogleChrome, plans to make that change next year. But Google, which has abusiness model built around advertising that benefits greatly from thestatus quo, has offered up an alternative scheme to "replace" third-partycookies. The Federated Learning ofCohorts (FLoC) is an in-browser mechanism to pigeonhole users in a waythat will be useful to advertisers, but the only reason the idea has anytraction at all is because it is being implemented in Chrome—the dominantbrowser today.

The Linux Foundation Technical Advisory Board has issued itsreport on the submission of (intentionally and unintentionally) buggy patches from theUniversity of Minnesota.

Security updates have been issued by Debian (cgal, exim4, and mediawiki), Fedora (axel, libmicrohttpd, libtpms, perl-Image-ExifTool, pngcheck, python-yara, and yara), Gentoo (exim), Mageia (kernel-linus), openSUSE (bind and postsrsd), SUSE (avahi, openexr, p7zip, python-Pygments, python36, samba, sca-patterns-sle11, and webkit2gtk3), and Ubuntu (nvidia-graphics-drivers-390, nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450, nvidia-graphics-drivers-450-server, nvidia-graphics-drivers-460, nvidia-graphics-drivers-460-server).

The movement toward using memory-safelanguages, and Rust in particular, has picked up a lot of steam over the past year or two. Removing thepossibility of buffer overflows, use-after-free bugs, and other woes associatedwith unmanaged pointers is an attractive feature, especially given thatthe majority of today's vulnerabilities stem from memory-safetyissues. On April 20, the Internet Security ResearchGroup (ISRG) announceda funding initiative targeting the Rustls TLS library in order toprepare it for more widespread adoption—including by ISRG's Let's Encrypt project.

Security updates have been issued by Debian (bind9, chromium, exim4, and subversion), Fedora (exiv2 and skopeo), openSUSE (gsoap), Oracle (bind, kernel, and sudo), SUSE (bind, ceph, ceph, deepsea, permissions, and stunnel), and Ubuntu (clamav, exim4, openvpn, python-django, and samba).

There are, it seems, 21 vulnerabilities in theExim email server that have been fixed in the 4.94.2 release; at least someof these are remotely exploitable for root access."The current Exim versions (and likely older versions too) suffer fromseveral exploitable vulnerabilities. These vulnerabilities were reportedby Qualys via security@exim.org back in October 2020.Due to several internal reasons it took more time than usual for the Eximdevelopment team to work on these reported issues in a timelymanner." See this advisoryfrom Qualys for the details.

The Red Hat Developer Blog has posted anintroduction to the rr debugger. "rr records trace informationabout the execution of an application. This information allows you torepeatedly replay a particular recording of a failure and examine it in theGNU Debugger (GDB) to better investigate the cause. In addition toreplaying the trace, rr lets you run the program in reverse, in essenceallowing you 'rewind the tape' to see what happened earlier in theexecution of the program."

The kernel's control-group mechanism existsto partition processes and to provide resource guarantees (and limits) for each. Processes runningwithin a properly configured control group are unable to deprivethose running in a different group of their allocated resources (CPU time,memory, I/O bandwidth, etc.), and are equally protected from interferenceby others. With few exceptions, control groups are not used to takedirect actions on processes; Christian Brauner's cgroup.killpatch set is meant to be one of those exceptions.

Security updates have been issued by CentOS (bind, GNOME, java-1.8.0-openjdk, java-11-openjdk, nss and nspr, xstream, and xterm), Debian (bind9 and libimage-exiftool-perl), Fedora (ansible, babel, java-11-openjdk, and java-latest-openjdk), Gentoo (chromium, clamav, firefox, git, grub, python, thunderbird, tiff, webkit-gtk, and xorg-server), Mageia (kernel, nvidia-current, nvidia390, qtbase5, and sdl2), openSUSE (Chromium, cifs-utils, cups, giflib, gsoap, libnettle, librsvg, netdata, postsrsd, samba, thunderbird, virtualbox, and webkit2gtk3), Red Hat (bind), Scientific Linux (bind), and SUSE (containerd, docker, runc and xen).

The 5.12.1,5.11.18,5.10.34, and5.4.116stable updates have been released. These are small and relativelyminor-seeming updates with the exception of 5.4.116, which contains asignificant set of BPF verifier fixes.

Version 6.0.0 ofthe QEMU hardware emulator is out. "This release contains 3300+commits from 268 authors." This release includes a lot of newemulations; see the announcement for a short list or the changelog for details.

As of this writing, just over 7,800 non-merge commits have been pulled intothe mainline repository for the 5.13 development cycle. It does indeedseem true that 5.13 will be busier than its predecessor was. The workmerged thus far affects subsystems across the kernel; read on for a summaryof what has been merged so far.

Security updates have been issued by Arch Linux (bind, chromium, firefox, gitlab, libupnp, nimble, opera, thunderbird, virtualbox, and vivaldi), Debian (composer, edk2, and libhibernate3-java), Fedora (java-1.8.0-openjdk, jetty, and samba), openSUSE (nim), Oracle (bind and runc), Red Hat (bind), SUSE (cifs-utils, cups, ldb, samba, permissions, samba, and tomcat), and Ubuntu (samba).

Martin Michlmayr has put together a primer on managing open-source projectsthrough their growth cycle, specifically with the help of a supportfoundation, and published the results as a67-page PDF file.

On April 20, the world became aware of aresearch program conducted out of the University of Minnesota (UMN) thatinvolved submitting intentionally buggy patches for inclusion into theLinux kernel. Since then, a paper resulting from this work has beenwithdrawn, various letters have gone back and forth, and numerous patches from UMN have beenaudited. It's clearly time for an update on the situation.

Security updates have been issued by Fedora (ceph, jetty, kernel, kernel-headers, kernel-tools, openvpn, and shim-unsigned-x64), Mageia (firefox and thunderbird), Oracle (nss and openldap), Red Hat (bind), Slackware (bind), SUSE (firefox, giflib, java-1_7_0-openjdk, libnettle, librsvg, thunderbird, and webkit2gtk3), and Ubuntu (bind9 and gst-plugins-good1.0).

The LWN.net Weekly Edition for April 29, 2021 is available.

The researchers at the University of Minnesota have posted adescription of the work they did [PDF] as part of their "hypocritecommits" project. It includes a list of the buggy commits they posted andhow they were handled.

Now that the Fedora 34 release is out the door, the Fedora project isturning its attention to Fedora 35, which is currently scheduledfor release on October 26. One of the changes under consideration forFedora 35 is thisproposal allowing maintainers to choose whether to build their packageswith GCC or Clang. This policy change may give maintainers some welcomeflexibility, but it has not proved entirely popular in the Fedoracommunity.

Stable kernels 5.11.17, 5.10.33, 5.4.115, 4.19.189, 4.14.232, 4.9.268, and 4.4.268 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (chromium and shibboleth-sp), Fedora (ceph and salt), Oracle (thunderbird), Red Hat (etcd), Scientific Linux (nss and openldap), SUSE (curl, gdm, and libnettle), and Ubuntu (openjdk-8, openjdk-lts and underscore).

The Tag1 Consulting site has posted aninterview with Linus Torvalds.

Yocto Project, a system to build embedded Linux distributions, releasedversion 3.3 "Hardknott". In this version all OE-Core recipes buildreproducibly regardless of host distro/build location except golang recipesand ruby's docs package. There are many more new features, upgrades, andbug fixes. The releasenotes have more details.

A filesystem's role is to store information and retrieve it in its originalform on request. But filesystems are also expected to prevent theretrieval of information by people who should not see it. That requirementextends to data that has been deleted; users expect that data to be trulygone and will not welcome its reappearance in surprising places. Some workbeing done with ext4 shows the kind of measures that are required to liveup to that expectation.

Security updates have been issued by Debian (gst-libav1.0, gst-plugins-bad1.0, gst-plugins-base1.0, and gst-plugins-ugly1.0), Fedora (kernel, kernel-headers, kernel-tools, and rust), openSUSE (firefox), Oracle (firefox, mariadb:10.3 and mariadb-devel:10.3, thunderbird, and xstream), Red Hat (kernel, kernel-alt, kpatch-patch, nss, and openldap), Scientific Linux (firefox, thunderbird, and xstream), SUSE (firefox), and Ubuntu (file-roller, firefox, and ruby2.7).

The Fedora 34release is now available. "This release features GNOME 40, thenext step in focused, distraction-free computing. GNOME 40 bringsimprovements to navigation whether you use a trackpad, a keyboard, or amouse. The app grid and settings have been redesigned to make interactionmore intuitive." LWN recently reviewed the Fedora 34 Workstationrelease.

Version 11.1 of the GCC compiler suite is out."This release switches the default debugging format to DWARF 5 on mosttargets and switches the default C++ language version to -std=gnu++17.It makes great progress in the C++20 language support, both on the compilerand library sides, adds experimental C++23 support, some C2X enhancements,various optimization enhancements and bug fixes, several new hardwareenablement changes and enhancements to the compiler back-ends and many otherchanges."

The Register reportson the death of security researcher Dan Kaminsky. "Though Kaminsky rose to fame in 2008 for identifying a critical design weakness in the internet's infrastructure – and worked in secret with software developers to mitigate the issue before it could be easily exploited – he had worked behind the scenes in the infosec world for at least the past two decades."

By the time the 5.12kernel was finally released, some 13,015 non-merge changesets had been pulled into the mainlinerepository for this development cycle. That makes 5.12 the slowestdevelopment cycle since 5.6, which was released at the end of March 2020.Still, there was plenty of work done for 5.12. Read on for our traditionallook at where that work came from and how it got into the kernel.

Security updates have been issued by Debian (drupal7, gst-libav1.0, gst-plugins-bad1.0, gst-plugins-base1.0, gst-plugins-good1.0, gst-plugins-ugly1.0, jackson-databind, libspring-java, opendmarc, openjdk-11, and pjproject), Fedora (buildah, containers-common, crun, firefox, java-11-openjdk, nextcloud-client, openvpn, podman, python3-docs, python3.9, runc, and xorg-x11-server), Mageia (connman, krb5-appl, and virtualbox), openSUSE (apache-commons-io, ImageMagick, jhead, libdwarf, nim, nodejs-underscore, qemu, ruby2.5, shim, and sudo), Red Hat (firefox, thunderbird, and xstream), and SUSE (apache-commons-io, java-11-openjdk, kvm, librsvg, and python-aiohttp).

Linus Torvalds has released the 5.12kernel. "Thanks to everybody who made last week very calm indeed, which justmakes me feel much happier about the final 5.12 release."Headline features in 5.12 includethe removal of a number of obsolete, (mostly) 32-bit Arm subarchitectures,atomicinstructions for BPF,conditional file lookups with LOOKUP_CACHED,support for zoned block devices in the Btrfsfilesystem, threaded NAPI polling in the network stack,filesystem ID mapping,support for building the kernel with Clang link-timeoptimization,the KFENCEkernel-debugging tool, and more. See the LWN merge-window summaries(part 1, part 2) and the (in-progress) KernelNewbies 5.12 page formore information.

The University of Minnesota researchers who have stirred up the kernel community with varioustypes of bad patches have sentan open letter to the linux-kernel list. "This current incidenthas caused a great deal of anger in the Linux community toward us, theresearch group, and the University of Minnesota. We apologizeunconditionally for what we now recognize was a breach of the shared trustin the open source community and seek forgiveness for our missteps."

Many of us think that we operate busy web servers; LWN's server, forexample, sweats hard when keeping up with the comment stream thataccompanies any article mentioning the Rust programming language. But someorganizations run truly busy servers and have to take someextraordinary measures to keep up with levels of traffic that even languageadvocates cannot create. The SO_REUSEPORT socket option is one ofmany features that have been added to the network stack to help these usecases. SO_REUSEPORT suffers from an implementation problem that cancause connections to fail, though. Kuniyuki Iwashima has posted a patchset addressing this problem, but there is some doubt as to whether ittakes the right approach.

Security updates have been issued by Debian (firefox-esr, openjdk-8, and wpa), openSUSE (irssi, jhead, opera, and python-django-registration), SUSE (firefox and qemu), and Ubuntu (dnsmasq and shibboleth-sp).

Speaking for the Linux Foundation Technical Advisory Board, Kees Cook hasposted a brief statement on the controversyover patches submitted from the University of Minnesota.

The Ubuntu21.04 distribution release is available. "Today, Canonicalreleased Ubuntu 21.04 with native Microsoft Active Directory integration,Wayland graphics by default, and a Flutter application developmentSDK. Separately, Canonical and Microsoft announced performance optimizationand joint support for Microsoft SQL Server on Ubuntu."

The kernel's BPF virtual machine is versatile;it is possible to load BPF programs into the kernel to carry outa large (and growing) set of tasks. The growing body of BPF code canreasonably bethought of as kernel code in its own right. But, while the kernel cancheck signatures on loadable modules and prevent the loading of modulesthat are not properly signed, there is no such mechanism for BPF programs;any sufficiently privileged process can load any program that will pass theverifier. One might think that adding this checking for BPF would bestraightforward, but that subsystem has some unique characteristics thatmake things more challenging than one might expect. There may be asolution in the works, though; fittingly, it works by loading yet another BPFprogram.

Security updates have been issued by Debian (thunderbird and wordpress), Fedora (curl, firefox, mediawiki, mingw-binutils, os-autoinst, and rpm-ostree), Oracle (java-1.8.0-openjdk and java-11-openjdk), SUSE (kernel, pcp, and tomcat6), and Ubuntu (linux, linux-aws, linux-gke-5.3, linux-hwe, linux-kvm, linux-lts-xenial, linux-oem-5.6, linux-raspi2-5.3, linux-snapdragon).

The LWN.net Weekly Edition for April 22, 2021 is available.

A buggy patchposted to the linux-kernel mailing list in early April was apparently thelast straw for Greg Kroah-Hartman as it led to the planned reversion of a whole slew ofcommits with one thing in common: their origin at the University ofMinnesota (UMN). The patch to the NFSv4 authorization mechanism was dulyquestioned by two NFS developers, but it is not an honest mistake; according to Kroah-Hartman, there has been an attackof sorts underway as part of some academic research at the university. Inorder to be sure that these intentional bugs, many with securityimplications, do not continue to haunt Linux, he is workingon reverting commits that came from email addresses with theumn.edu domain.

Stable kernels 5.11.16, 5.10.32, and 5.4.114 have been released. They containimportant fixes and users should upgrade.

Security updates have been issued by Debian (firefox-esr, php-pear, wordpress, and zabbix), Oracle (java-1.8.0-openjdk and java-11-openjdk), Red Hat (java-1.8.0-openjdk, java-11-openjdk, kernel, and kpatch-patch), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (seamonkey), SUSE (apache-commons-io, ImageMagick, kvm, ruby2.5, and sudo), and Ubuntu (edk2, libcaca, ntp, and ruby2.3, ruby2.5, ruby2.7).

In a lengthymessage to the linux-kernel mailing list, Miguel Ojeda "introduced" theRust for Linux project. Itwas likely not the first time that most kernel developers had heard of theeffort; there was an extensive discussionof the project at the 2020 Linux PlumbersConference, for example. It has also been raisedbefore on the list. Now, the project is looking for feedback fromthe kernel community about its plans, thus the RFC posting on April 14.

Linux.com has published aninterview with Thomas Gleixner with a focus on the realtime preemptionwork. "The approach to funding these kinds of projects reminds me of the Mikado Game, which is popular in Europe, where the first player who picks up the stick and disturbs the pile often is the one who loses.That’s puzzling to me, especially as many companies build key productsdepending on these technologies and seem to take the availability andsustainability for granted up to the point where such a project fails, orpeople stop working on it due to lack of funding. Such companies shouldseriously consider supporting the funding of the Real-Time project."

Security updates have been issued by Debian (xorg-server), Fedora (CImg, gmic, leptonica, mingw-binutils, mingw-glib2, mingw-leptonica, mingw-python3, nodejs, and seamonkey), openSUSE (irssi, kernel, nextcloud-desktop, python-django-registration, and thunderbird), Red Hat (389-ds:1.4, kernel, kernel-rt, perl, and pki-core:10.6), SUSE (kernel, sudo, and xen), and Ubuntu (clamav and openslp-dfsg).

Zonedblock devices have some unfamiliar characteristics that result fromcompromises made in the name of higher storage density. They are dividedinto zones, some or all of which do not support random access for writeoperations. Instead, these "sequential" zones can only be written inorder, from the first block to the last. This constraint poses a newchallenge for filesystems, which are normally designed with the assumptionthat storage blocks can be written in any order. It is thus not surprisingthat zoned-device support in mainstream filesystems in Linux has been slowin coming; that is changing, though, with the additionof support for zoned block devices to Btrfs in Linux 5.12.

OpenSSH 8.6 is now available. The "ssh-rsa" signature scheme, which usesthe SHA-1 hash algorithm, will be disabled by default in the nearfuture. "Note that the deactivation of "ssh-rsa" signatures does notnecessarily require cessation of use for RSA keys. In the SSH protocol,keys may be capable of signing using multiple algorithms. In particular,"ssh-rsa" keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last ofthese is being turned off by default."

Firefox 88 has been released. Newfeatures include support for PDF forms with embedded JavaScript and smoothpinch-zooming using a touchpad, and better protection against cross-siteprivacy leaks. See thisarticle for more information on how Firefox 88 combats window.nameprivacy abuses. Firefox 78.10 ESR containsvarious fixes for stability, functionality, and security.

Security updates have been issued by CentOS (nettle, squid, and thunderbird), Debian (libebml, python-bleach, and python2.7), Fedora (batik, gnuchess, kernel-headers, kernel-tools, ruby, singularity, and xorg-x11-server), Mageia (clamav, kernel, kernel-linus, and python3), openSUSE (chromium, fluidsynth, opensc, python-bleach, and wpa_supplicant), Oracle (gnutls and nettle), Red Hat (dpdk, gnutls and nettle, mariadb:10.3 and mariadb-devel:10.3, and redhat-ds:11), and SUSE (kernel, qemu, and xen).