LWN.net

The LWN.net Weekly Edition for August 12, 2021 is available.

Child pornography and other types of sexual abuse of children are unquestionablyheinous crimes; those who participate in them should be caught and severelypunished. But some recent efforts to combat these scourges have gone a goodways down the path toward a kind of AI-driven digital panopticon that willinvade the privacy of everyone in order to try to catch people who areviolating laws prohibiting those activities. It is thus no surprise that privacyadvocates are up in arms about an Apple plan to scan iPhone messages andan EU measureto allow companies to scan private messages, both looking for "child sexual abuse material" (CSAM). As with many things of thisnature, there are concerns about the collateral damage that these efforts willcause—not to mention the slippery slope that is being created.

David A. Wheeler listssome of the security-related projects he is overseeing at the LinuxFoundation. For example:

Security updates have been issued by Debian (ceph), Fedora (buildah, containernetworking-plugins, and podman), openSUSE (chromium, kernel, php7, python-CairoSVG, python-Pillow, seamonkey, and transfig), Red Hat (microcode_ctl), SUSE (kernel and libcares2), and Ubuntu (c-ares).

Version6 of the elementary OS distribution is now available. "It’s beena long road to elementary OS 6—what with a whole global pandemic dropped onus in the middle of development—but it’s finally here. elementary OS 6 Odinis available to download now. And it’s the biggest update to the platformyet!" Headline changes include a new dark-mode theme, a switch toFlatpak for application packaging, arewritten email client, and more.

Linux Mint 20.2 "Uma" wasreleased in Cinnamon,MATE, andXfce editions on July 8. This newversion of the popular desktop-oriented distribution has severalimprovements, including changes to the Update Manager, a new "StickyNotes" app, a bulk file-renaming tool,improved file search, and better memory management inCinnamon. Mint 20.2 is a long-term support (LTS) release that willreceive security updates until 2025.

The 4.4.280 stable kernel update isavailable; it contains a small set of fixes, mostly focused on the futexsubsystem.

The Firefox91 release is available. Changes include stronger tracking-cookieprotection, use of HTTPS within anonymous windows whenever possible, andmore.

Security updates have been issued by CentOS (flatpak and microcode_ctl), Debian (c-ares, lynx, openjdk-8, and tomcat9), Fedora (kernel), openSUSE (apache-commons-compress, aria2, djvulibre, fastjar, kernel, libvirt, linuxptp, mysql-connector-java, nodejs8, virtualbox, webkit2gtk3, and wireshark), Oracle (kernel, kernel-container, and microcode_ctl), Red Hat (glib2, kernel, kernel-rt, kpatch-patch, and rust-toolset-1.52 and rust-toolset-1.52-rust), Scientific Linux (microcode_ctl), SUSE (kernel), and Ubuntu (c-ares, gpsd, and perl).

Traditionally, in virtualized environments, the host is trusted by itsguests, and mustprotect itself from potentially malicious guests. With initiativeslike confidential computing, this rule is extended in the other direction: theguest no longer trusts the host. This change of paradigm requiresadding boundary defenses in places where there have been none before.Recently, Andi Kleen submitted a patchset attempting to add the needed protections in virtio. The discussionthat resulted from this patch set highlighted the need to securevirtio for a wider range of use cases.

Security updates have been issued by Debian (ansible and bluez), Fedora (curl, kernel, mod_auth_openidc, rust-rav1e, and webkit2gtk3), Mageia (kernel and kernel-linus), openSUSE (php7 and python-reportlab), Oracle (ruby:2.7), Red Hat (microcode_ctl), SUSE (fastjar, kvm, mariadb, php7, php72, php74, and python-Pillow), and Ubuntu (docker.io).

The fifth 5.14 prepatch is out for testing."Things are looking perfectly normal. Size is nominal, diffstat lookspretty normal, and the changes are all in the usual places"

The5.13.9,5.10.57,5.4.139,4.19.202,4.14.243,4.9.279, and4.4.279stable kernel updates have been released. Each contains a small set ofimportant fixes. Users of 4.4 should note that 4.4.280is already in the review process; it is due on August 10.

The memfd_secret() system call has, in one form or another, beencovered here since February 2020. In thebeginning, it was a flag to memfd_create(),but its functionality was later moved to a separate system call. Therehave been many changes during this feature's development, but its corepurpose remains the same: allow a user-space process to create a range of memory that isinaccessible to anybody else — kernel included. That memory can be used tostore cryptographic keys or any other data that must not be exposed toothers. This new system call was finally merged for the upcoming 5.14release; what follows is a look at the form this call will take in themainline kernel.

Security updates have been issued by Debian (tomcat8), Mageia (bluez, exiv2, fetchmail, libsndfile, nodejs, php-pear, python-pillow, and rabbitmq-server), openSUSE (apache-commons-compress, balsa, djvulibre, mariadb, mysql-connector-java, nodejs8, opera, and spice-vdagent), Red Hat (ruby:2.7), SUSE (apache-commons-compress, djvulibre, java-11-openjdk, libsndfile, mariadb, nodejs8, and spice-vdagent), and Ubuntu (docker.io).

The Android12 beta release first appeared in May of this year. As is almostobligatory, this release features "the biggest design change inAndroid's history"; what's an Android release without requiringusers to relearn everything? That historical event was not meant toinclude one change that many beta testers are noticing, though: a kernelregression that breaks a significant number of apps. This problem has justbeen fixed, but it makes a good example of why preventing regressions canbe so hard and how the kernel project responds to them when they do happen.

Security updates have been issued by Debian (jetty9 and openexr), openSUSE (mariadb and virtualbox), Red Hat (go-toolset-1.15 and go-toolset-1.15-golang), SUSE (djvulibre and mariadb), and Ubuntu (opencryptoki).

The LWN.net Weekly Edition for August 5, 2021 is available.

The GPSD project provides adaemon for communicating with various GPS devices in order to retrieve thelocation information that those sensors provide. But the GPS satellitesalso provide highly accurate time information that GPSD canextract for use by Network TimeProtocol (NTP) servers. A bug in the GPSD code will cause time togo backward in October, though, which may well cause some havoc if affected NTPservers donot get an update before then.

Stable kernels 5.13.8, 5.10.56, 5.4.138, 4.19.201, 4.14.242, 4.9.278, and 4.4.278 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (asterisk, libpam-tacplus, and wordpress), Fedora (buildah and podman), openSUSE (thunderbird and webkit2gtk3), Oracle (kernel and varnish:6), SUSE (kernel, kvm, and webkit2gtk3), and Ubuntu (libdbi-perl and php-pear).

Over on the Google Security Blog, Kees Cook describes his vision for approaches to assuring kernel security in a more collaborative way. He sees a number of areas where companies could work together to make it easier for everyone to use recent kernels rather than redundantly backporting fixes to older kernel versions. It will take more engineers working on things like testing and its infrastructure, security tool development, toolchain improvements for security, and boosting the number of kernel maintainers:

Neovim 0.5, the fifth major version of the Neovimeditor, which descends from the venerable vieditor by way of Vim, wasreleasedon July 2. This release is the culmination of almost two years of work,and it comes with some major features that aim to modernize the editingexperience significantly. Highlights include native support for the LanguageServer Protocol (LSP), which enables advanced editing features for a wide variety oflanguages, improvements toits Lua APIs for configuration and plugins, and better syntax highlightingusing Tree-sitter. Overall, the 0.5 release is a solid upgrade for the editor; the improvements shouldplease the existing fan base and potentially draw in new users and contributorsto the project.

Security updates have been issued by Arch Linux (chromium, nodejs, nodejs-lts-erbium, and nodejs-lts-fermium), Debian (pyxdg, shiro, and vlc), openSUSE (qemu), Oracle (lasso), Red Hat (glibc, lasso, rh-php73-php, rh-varnish6-varnish, and varnish:6), Scientific Linux (lasso), SUSE (dbus-1, lasso, python-Pillow, and qemu), and Ubuntu (exiv2, gnutls28, and qpdf).

On his blog, Colin Watson has a lengthy reflection on moving the code for Ubuntu's Launchpad software-collaboration web application from Python 2 to Python 3. He looks at some of the problem areas for upgrading, both in general and for Launchpad specifically, some pain points that were encountered, lessons learned, and the nine known regressions that reached the Launchpad production code during the process.

The kernel-development community is a busy place, with thousands of emailsflying by every day and many different projects under development at anygiven time. Much of that work ends up inspiring articles at LWN, but there is no way to evercover all of it, or even all of the most interesting parts. What followsis a first attempt at what may become a semi-regular LWN feature: a quick lookat some of the work that your editor is tracking that may or may not showup as the topic of a full article in the future. The first set of topicsincludes memory folios, task isolation, and a lightweight threadingframework from Google.

Version 2.34 of the GNU C library has been released. Significant changesinclude the folding of libpthread, libdl, libutil, and libanl into the mainlibrary, support for 64-bit (year-2038 safe) times on 32-bit systems,support for the close_range() system call, a handful of securityfixes, and many other changes.

Stable kernels 5.13.7, 5.10.55, 5.4.137, and 4.19.200 have been released. As usual, thereare important fixes and users should upgrade.

Security updates have been issued by Arch Linux (389-ds-base, consul, containerd, geckodriver, powerdns, vivaldi, webkit2gtk, and wpewebkit), Debian (aspell, condor, libsndfile, linuxptp, and lrzip), and Fedora (bluez, buildah, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, kernel, kernel-tools, mbedtls, mingw-exiv2, mingw-python-pillow, mrxvt, python-pillow, python2-pillow, redis, and seamonkey).

The 5.14-rc4 kernel prepatch is out fortesting. "Nothing to see here, entirely normal rc4".

The C programming language is famously prone to memory-safety problemsthat lead to buffer overflows and a seemingly endless stream of securityvulnerabilities. But, even in C, it is possible to improve thesituation in many cases. One of those is the memcpy() family offunctions, which are used to efficiently copy or overwrite blocks ofmemory; with a bit of help from the compiler, those functions can beprevented from writing past the end of thedestination object they are passed. Enforcing that condition in the kernelis harder than one might expect, though, as thismassive patch set from Kees Cook shows.

Security updates have been issued by Debian (libsndfile and openjdk-11), Fedora (php-pear and seamonkey), openSUSE (fastjar and php7), SUSE (php72, qemu, and sqlite3), and Ubuntu (libsndfile, php-pear, and qpdf).

The change in copyright-assignment policy proposed in June for the GNU C Library projecthas nowbeen adopted:

On its blog, the Free Software Foundation (FSF) hasannounceda call for white papers about GitHubCopilot and the questions surroundingit. The FSF will pay $500 for papers that it publishes because they"help elucidate the problem":

Filesystem developers tend to disagree with each other about many things,but they are nearly unanimous in their dislike for the truncate()system call, which chops data off the end of a file. Implementingtruncate() tends to be full of traps for the unwary — the kind oftraps that can lead to lost data. But it turns out that a similaroperation, called "hole punching", may be worse. This operation has beensubject to difficult-to-hit but real race conditions in many filesystemsfor years; thispatch set from Jan Kara may finally be at a point where it can fill thehole in hole punching.

Security updates have been issued by Debian (webkit2gtk), Fedora (ruby and webkit2gtk3), Mageia (aspell and varnish), openSUSE (git), SUSE (ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema and git), and Ubuntu (libsndfile, mariadb-10.3, and webkit2gtk).

The LWN.net Weekly Edition for July 29, 2021 is available.

Backlogs in bug triage, code review, and other elements of the developmentprocess are nothing new for free-software projects; there is clearly a lotmore interest in creating new features (and the bugs that go with them, ofcourse) than in taking on the less-satisfying bits. For a large projectlike CPython, though, the backlog can seriously impede progress—potentiallychasing off contributors whose work falls through the cracks. In orderto address that, the Python Software Foundation (PSF) hasraised some funds to hireŁukasz Langa as the CPython "Developer-in-Residence". Langa will beworking to help clear the backlog, while also looking into other areas ofinterest to the PSF and the Pythonsteering council.

Stable kernels 5.13.6, 5.10.54, 5.4.136, 4.19.199, 4.14.241, 4.9.277, and 4.4.277 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Fedora (golang), Mageia (curl, filezilla, jdom/jdom2, netty, pdfbox, perl-Mojolicious, perl-Net-CIDR-Lite, perl-Net-Netmask, python-urllib3, python3, quassel, transfig, and virtualbox), openSUSE (umoci), Red Hat (rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon and rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon), and SUSE (firefox, glibc, libsndfile, linuxptp, qemu, and umoci).

The annual Linux Plumbers Conference (LPC) is a gathering of a relativelysmall subset of the developers working on the low-level (plumbing) detailsof Linux systems. It covers topics from below the kernel through the user-spacecomponents that underlie the interfaces and applications that most Linuxusers interact with. This year's event will be heldvirtually September 20‑24; it is shaping up to be anothergreat edition of one of the premier open-registration Linux technical conferences on thecalendar.

Security updates have been issued by Debian (drupal7), Fedora (linux-firmware), openSUSE (qemu), Oracle (kernel and thunderbird), Red Hat (thunderbird), Scientific Linux (java-1.8.0-openjdk, java-11-openjdk, kernel, and thunderbird), SUSE (dbus-1, libvirt, linuxptp, qemu, and slurm), and Ubuntu (aspell and mysql-5.7, mysql-8.0).

One of the fundamental invariants of computing is that, regardless of howmuch memory is installed in a system, it is never enough. This isespecially true of systems with tight performance constraints, where everypage of memory is allocated and in use, making it difficult to findmore when it is badly needed. One way to make more memoryavailable is to kill one or more processes, freeing their resources forother users. But that often does not work as quickly or reliably as userswould like. In an attempt to improve the situation, Suren Baghdasaryan hasproposedthe addition of a system call named process_mrelease().

Security updates have been issued by Debian (aspell, intel-microcode, krb5, rabbitmq-server, and ruby-actionpack-page-caching), Fedora (chromium, containernetworking-plugins, containers-common, crun, fossil, podman, skopeo, varnish-modules, and vmod-uuid), Gentoo (leptonica, libsdl2, and libyang), Mageia (golang, lib3mf, nodejs, python-pip, redis, and xstream), openSUSE (containerd, crmsh, curl, icinga2, and systemd), Oracle (containerd), and Red Hat (thunderbird).

The third 5.14 kernel prepatch is out fortesting.

The5.13.5,5.10.53, and5.4.135stable kernels have been released; each contains another set of importantfixes.

After a long pause, the K-9 Android mail client project has released version5.800. "The user interface has been redesigned. Some of you willlove it, some will hate it. You’re welcome and we're sorry." There arealso a number of improvements to make background operation work better oncurrent Android systems.

The DAMON patch set was first covered herein early 2020; this work, now in its34th revision, enables the efficient collection of information aboutmemory-usage patterns on Linux systems. That data can then be used toinfluence the kernel's memory-management subsystem; one possible way to dothat is to more aggressively reclaim memory that is not being used. Tothat end, DAMON author SeongJae Park is proposing aDAMON-based mechanism to perform user-controllable proactive reclaim.

Security updates have been issued by Arch Linux (chromium, curl, impacket, jdk11-openjdk, jre-openjdk, jre-openjdk-headless, jre11-openjdk-headless, kernel, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, libcurl-gnutls, libpano13, linux-hardened, linux-lts, linux-zen, nvidia-utils, opera, systemd, and virtualbox), CentOS (java-11-openjdk and kernel), Debian (lemonldap-ng), Fedora (curl and podman), Gentoo (icedtea-web and velocity), openSUSE (bluez, go1.15, go1.16, kernel, thunderbird, transfig, and wireshark), Oracle (java-1.8.0-openjdk, java-11-openjdk, kernel, and kernel-container), SUSE (bluez, curl, kernel, qemu, thunderbird, transfig, and wireshark), and Ubuntu (curl).

Disagreements over which patches should find their way into stable updatesare not new — or uncommon. So when the topic came up again recently, therewas little reason to expect anything but more of the same. And, for themost part, that is what ensued but, in this exchange, we were also able tosee the core issue that drives these discussions. There are, in theend, two fundamentally different views of what the stable tree should be.