LWN.net

SUSE Linux Enterprise (SLE) 15 SP3 hasbeen released.

Stable kernels 5.12.13, 5.10.46, and 5.4.128 have been released with the usual setof important fixes. Users should upgrade.Note that 5.12.13 and 5.10.46 contain a fix for asignificant Spectre vulnerability; stay tuned to LWN for details.

Security updates have been issued by Debian (kernel and linux-4.19), Fedora (tor), Oracle (rh-postgresql10-postgresql), Red Hat (kernel), SUSE (ansible, apache2, dovecot23, OpenEXR, ovmf, and wireshark), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-hwe, linux-gke-5.3, linux-raspi2-5.3, linux-oem-5.10, and thunderbird).

Python 3.10 is proceeding apace; everything looks to be ontrack for the final release, which is expected onOctober 4. The beta releases started in early May, with the first of those marking the feature-freeze for this version ofthe language. There are a number of interesting changes that are coming withPython 3.10, including what is perhaps the "headline feature":structural pattern matching.

Security updates have been issued by Fedora (audacity), openSUSE (chromium), Oracle (glib2), SUSE (Salt and salt), and Ubuntu (apache2 and openexr).

Rocky Linux is a community enterpriseoperating system, created by Gregory Kurtzer, founder of the CentOSproject. Rocky Linux 8.4 has beenreleased for x86-64 and aarch64. "Sufficient testing has been performed such that we have confidence in its stability for production systems."

The kernel-development community has long had a tense relationship withcompanies that create and ship proprietary loadable kernel modules. In theview of many developers, such modules are a violation of the GPL and shouldsimply be disallowed. That has never happened, though; instead, thecommunity has pursued a policy of legal ambiguity and technicalinconvenience to discourage proprietary modules. A"technical-inconvenience" patch that was merged nearly one year ago hasbegun to show up in stable kernel releases, leading at least onedeveloper to complain that things have gone a little too far.

Security updates have been issued by Arch Linux (connman, go, and grub), Debian (nettle, prosody, and tor), Fedora (iaito, mingw-ilmbase, mingw-openexr, mingw-python-urllib3, mosquitto, nettle, polkit, and radare2), Mageia (puddletag, python-babel, python-eventlet, and python-pikepdf), openSUSE (htmldoc), SUSE (go1.15, go1.16, gupnp, and libgcrypt), and Ubuntu (apache2 and dovecot).

The 5.13-rc7 kernel prepatch is out fortesting. "So there's not a huge number of patches in here, and most of thepatches are pretty small too. A fair number of one-liners and'few-liners'.Which is just how I like it."For reasons that have not been disclosed on the list, the codename for this release has been changed to "Opossums on Parade".

The 5.12.12, 5.10.45, and 5.4.127 stable kernels have been released.They contain important fixes, as usual, so users should upgrade.

Memory ordering issues are, as Linus Torvalds recentlyobserved, "the rocket science of CS". Understandingmemory ordering is increasingly necessary to write scalable code, so kerneldevelopers often find themselves having to become rocket scientists. Thesubtleties associated with control dependencies turn out to be anespecially tricky sort of rocket. A recent discussion about how to forcecontrol dependencies to be observed shows the sorts of difficulties thatarise in this area.

Security updates have been issued by Arch Linux (aspnet-runtime, aspnet-runtime-3.1, chromium, drupal, intel-ucode, nginx, opera, python-django, radare2, thefuck, and vivaldi), Debian (jetty9), Fedora (dogtag-pki and pki-core), openSUSE (htmldoc and postgresql10), Oracle (dhcp), SUSE (apache2, caribou, jetty-minimal, libxml2, postgresql12, python-PyJWT, python-rsa, python-urllib3, thunderbird, tpm2.0-tools, xstream, and xterm), and Ubuntu (grub2-signed, grub2-unsigned and libxml2).

Kernel development is not for people who lack persistence; changes can takea number of revisions and a lot of time to make it into a mainlinerelease. Even so, the story of the Landlock security module, developed byMickaël Salaün, seems like an extreme case; this code was merged for 5.13 aftermore than five years of development and 34 versions of the patch set.This sandboxing mechanism has evolved considerably since LWN covered version 3 of the patch set in2016, so a look at what Landlock has become is warranted.

The Prossimo project has announcedthat it has contracted with Miguel Ojeda to work on Rust in the Linux kernelfor the next year. Prossimo is a new name for the memory-safetyprojects being run by the Internet Security ResearchGroup (ISRG), which is the organization behind the Let's Encrypt certificate authority(CA) project. Google provided the funds to enable Ojeda to work full-timeon the project starting back in April.

Security updates have been issued by CentOS (gnupnp and postgresql), Fedora (dino, microcode_ctl, and xen), Mageia (apache, gsoap, libgd, openssh, perl-Image-ExifTool, python-bleach, and qt4 and qtsvg5), openSUSE (chromium, containerd, docker, runc, djvulibre, htmldoc, kernel, libjpeg-turbo, libopenmpt, libxml2, spice, squid, and ucode-intel), Red Hat (dhcp and glib2), SUSE (apache2, inn, java-1_8_0-openjdk, and webkit2gtk3), and Ubuntu (nettle).

The LWN.net Weekly Edition for June 17, 2021 is available.

The specter of more events like the SolarWindssupply-chain attacks is something that concerns many in ourcommunities—and beyond. Linux distributions provide a supply chain thatobviously needs to be protected against attackers injecting malicious codeinto the update stream. This problem recently came up on the Fedora develmailing list, which led to a discussion covering a few different topics.For the most part, Fedora users are protected against such attacks, whichis not to say there is nothing more to be done, of course.

Stable kernels 5.12.11, 5.10.44, 5.4.126, 4.19.195, 4.14.237, 4.9.273, and 4.4.273 have been released. They all containimportant fixes and users should upgrade.

Security updates have been issued by Debian (prosody, python-urllib3, and xen), Fedora (dino, dotnet3.1, dotnet5.0, and vmaf), Oracle (gupnp, kernel, and kernel-container), Red Hat (gupnp), Scientific Linux (kernel), SUSE (java-1_8_0-openjdk, kernel, snakeyaml, and xorg-x11-libX11), and Ubuntu (bluez).

The Audacity multi-track audioeditor and recorder got its start in the previous century; it is a popularapplication that is available for multiple platforms, and it is licensed under theGPLv2 or later. But Audacity has been acquired by a newlyformed organization called Muse Group;that event has caused something of an uproar in its community. The problem, atleast in part, isthe new ContributorLicense Agreement (CLA) required to contribute to Audacity.

The Free Software Foundation Europe introduces REUSEBooster. REUSE is a set of bestpractices to make Free Software licensing easier. "With REUSEBooster, we go one step further. We invite Free Software projects to register for getting help by theFSFE's legal experts. As the name suggests, this will boost the process ofadopting the best practices as well as general understanding of licensingand copyright." The registration deadline is July 8.

Konstantin Ryabitsev has announceda new service providing @linux.dev mailboxes for people to usewith kernel development. The documentation pagehas more information. "This is a BETA offering. Currently, it isonly available to people listed in the MAINTAINERS file. We hope to be ableto offer it to everyone else who can demonstrate an ongoing history ofcontributions to the Linux kernel (patches, git commits, mailing listdiscussions, etc)."

Security updates have been issued by CentOS (389-ds-base, dhcp, firefox, glib2, hivex, kernel, postgresql, qemu-kvm, qt5-qtimageformats, samba, and xorg-x11-server), Fedora (kernel and kernel-tools), Oracle (kernel and postgresql), Red Hat (dhcp and gupnp), Scientific Linux (gupnp and postgresql), SUSE (postgresql10 and xterm), and Ubuntu (imagemagick).

The GNU C Library developers are askingfor comments on a proposal to stop requiring developers to assign theircopyrights to the Free Software Foundation. This mirrors the recent change by GCC, except that thecommunity is being consulted first. "The changes to accept patcheswith or without FSF copyright assignment would be effective on August 2nd, and would apply to all open branches.The glibc stewards, like the GCC SC, continue to affirm the principles ofFree Software, and that will never change."

The first release of the Aya BPF library has been announced; this projectallows the writing of BPF programs in the Rust language. "Over thelast year I've talked with many folks interested in using eBPF in the Rustcommunity. My goal is to get as many of you involved in the project aspossible! Now that the rustc target has been merged, it's time to build asolid foundation so that we can enable developers to write great eBPFenabled apps".

The quotactl()system call is used to manipulate disk quotas on a filesystem; it canbe used to turn quota enforcement on or off, change quotas, retrievecurrent usage information, and more. The 5.13 merge window brought in anew variant of that system call that was subsequently disabled due to APIconcerns; its replacement is now taking form.

The Google Developers Blog has thisannouncement describing the release of a fullyhomomorphic encryption project under the Apache license."With FHE, encrypted data can travel across the Internet to a server,where it can be processed without being decrypted. Google’s transpiler willenable developers to write code for any type of basic computation such assimple string processing or math, and run it on encrypted data. Thetranspiler will transform that code into a version that can run onencrypted data. This then allows developers to create new programmingapplications that don’t need unencrypted data." See thiswhite paper for more details on how it all works.

Security updates have been issued by Arch Linux (apache, gitlab, inetutils, isync, kube-apiserver, nettle, polkit, python-urllib3, python-websockets, thunderbird, and wireshark-cli), Debian (squid3), Fedora (glibc, libxml2, mingw-openjpeg2, and openjpeg2), Mageia (djvulibre, docker-containerd, exif, gnuchess, irssi, jasper, kernel, kernel-linus, microcode, python-lxml, python-pygments, rust, slurm, and wpa_supplicant, hostapd), openSUSE (389-ds and pam_radius), Oracle (.NET Core 3.1, container-tools:3.0, container-tools:ol8, krb5, microcode_ctl, postgresql:12, postgresql:13, and runc), Red Hat (dhcp, postgresql, postgresql:10, postgresql:12, postgresql:9.6, rh-postgresql10-postgresql, rh-postgresql12-postgresql, and rh-postgresql13-postgresql), Scientific Linux (dhcp and microcode_ctl), SUSE (ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone, crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store, freeradius-server, libjpeg-turbo, spice, and squid), and Ubuntu (rpcbind).

The 5.13-rc6 kernel prepatch is out fortesting. "Nothing particularly special to say about this - rc6 iscertainly smaller than rc5 was, so we're moving in the rightdirection".

Free-software development is meant to be fun, at least some of the time.Even developers of database-management systems seem to think that it isfun; there is no accounting for taste, it seems. Part of having fun iscertainly allowing the occasional exercise of one's sense of humor whileworking on the code. But, as some recent "fix" attempts show, humor doesnot always carry through to developers all over the planet. Balancinghumor and inclusiveness is always going to be a challenge for our community.

Over on the Mozilla blog, Eric Rescorla looksinto some of the privacy implications of the Federated Learning of Cohorts(FLoC), which is a Google effort to replacethird-party cookies with a different type of identifier that is lesstrackable. But less tracking does not equal no tracking. "People'sinterests aren't constant and neither are their FLoC IDs. Currently, FLoCIDs seem to be recomputed every week or so. This means that if a tracker isable to use other information to link up user visits over time, they canuse the combination of FLoC IDs in week 1, week 2, etc. to distinguishindividual users. This is a particular concern because it works even withmodern anti-tracking mechanisms such as Firefox's TotalCookie Protection (TCP). TCP is intended to prevent trackers from correlating visits acrosssites but not multiple visits to one site. FLoC restores cross-sitetracking even if users have TCP enabled."

In a lengthyblog post, Lennart Poettering describes the advantages of using theunique IDs (UUIDs) and flags from the discoverable partitionsspecification to label the entries in a GUID PartitionTable (GPT). That information can be used to tag disk images in aself-descriptive way, so that external configuration files (such as/etc/fstab) are not needed to assemble the filesystems for therunning system. Systemd can use this information in a variety of ways,including for running the image in a container: "If a disk imagefollows the Discoverable Partition Specification then systemd-nspawn hasall it needs to just boot it up. Specifically, if you have a GPT disk imagein a file foobar.raw and you want to boot it up in a container, just runsystemd-nspawn -i foobar.raw -b, and that's it (you can specify a blockdevice like /dev/sdb too if you like). It becomes easy and natural toprepare disk images that can be booted either on a physical machine, insidea virtual machine manager or inside such a container manager: the necessarymeta-information is included in the image, easily accessible beforeactually looking into its file systems."

Security updates have been issued by Debian (libwebp), Fedora (firefox, lasso, mod_auth_openidc, nginx, redis, and squid), Oracle (.NET 5.0, container-tools:2.0, dhcp, gupnp, hivex, kernel, krb5, libwebp, nginx:1.16, postgresql:10, and postgresql:9.6), SUSE (containerd, docker, runc, csync2, and salt), and Ubuntu (libimage-exiftool-perl, libwebp, and rpcbind).

Extended BPF (eBPF), the general-purposeexecution engine inside of the Linux kernel, has proved helpful for tracing andmonitoring the system, for processing network packets, or generally forextending the behavior of the kernel. So helpful, in fact, that developersworking on other operating systems have been watching it. Dave Thaler andPoorna Gaddehosur, on behalf of Microsoft, recentlypublished an implementation of eBPF for Windows. A Linux feature makingits way to Windows, in itself, deserves attention. Even more so when thatfeature has brought new degrees of programmability to the Linux kernel overthe last few years. This makes it especially interesting to look at what thenew project can do, and to ponder how the current ecosystem might evolve aseBPF begins its journey toward Windows.

On the GitHub blog, Kevin Backhouse writesabout a privilege escalation vulnerability in polkit, which"enables an unprivileged local user to get a root shell on thesystem" CVE-2021-3560"is triggered by starting a dbus-send command but killing it whilepolkit is still in the middle of processing the request. [...] Why doeskilling the dbus-send command cause an authentication bypass? Thevulnerability is in step four of the sequence of events listed above. Whathappens if polkit asks dbus-daemon for the UID of connection :1.96, butconnection :1.96 no longer exists? dbus-daemon handles that situationcorrectly and returns an error. But it turns out that polkit does nothandle that error correctly. In fact, polkit mishandles the error in aparticularly unfortunate way: rather than rejecting the request, it treatsthe request as though it came from a process with UID 0. In other words, itimmediately authorizes the request because it thinks the request has comefrom a root process."

The 5.12.10, 5.10.43, 5.4.125, 4.19.194, 4.14.236, 4.9.272, and 4.4.272 stable kernels have been released. Asusual, they contain fixes all over the kernel tree and users of thoseseries should upgrade.

Security updates have been issued by Debian (htmldoc, lasso, and rails), Fedora (exiv2, firefox, and microcode_ctl), openSUSE (python-HyperKitty), Oracle (389-ds-base, qemu-kvm, qt5-qtimageformats, and samba), Red Hat (container-tools:3.0, container-tools:rhel8, postgresql:12, and postgresql:13), Scientific Linux (389-ds-base, hivex, libwebp, qemu-kvm, qt5-qtimageformats, samba, and thunderbird), SUSE (caribou, djvulibre, firefox, gstreamer-plugins-bad, kernel, libopenmpt, libxml2, python-Pillow, qemu, spice, spice-gtk, and ucode-intel), and Ubuntu (rpcbind).

The LWN.net Weekly Edition for June 10, 2021 is available.

Annotations in Python came late to the party; they were introduced inPython 3 as a way to attach information to functions describing their arguments andreturn values. While that mechanism had obvious applications for addingtype information to Python functions, standardized interpretations for theannotations came later with type hints.But evaluating the annotations at function-definition time caused somedifficulties, especially with respect to forward references to type names,so a Python Enhancement Proposal (PEP) was created to postpone theirevaluation until they were needed. The PEP-described behavior was set tobecome the default in the upcoming Python 3.10 release, but that isnot to be; the postponement of evaluation by default has itself been postponed in thehopes of unwinding things.

Security updates have been issued by Debian (eterm, mrxvt, and rxvt), Mageia (cgal, curl, exiv2, polkit, squid, thunderbird, and upx), openSUSE (firefox and libX11), Oracle (libwebp, nginx:1.18, and thunderbird), Red Hat (.NET 5.0, .NET Core 3.1, 389-ds-base, dhcp, gupnp, hivex, kernel, kernel-rt, libldb, libwebp, microcode_ctl, nettle, postgresql:10, postgresql:9.6, qemu-kvm, qt5-qtimageformats, rh-dotnet50-dotnet, and samba), SUSE (apache2-mod_auth_openidc, firefox, gstreamer-plugins-bad, kernel, libX11, pam_radius, qemu, runc, spice, and spice-gtk), and Ubuntu (intel-microcode and rpcbind).

As movement toward memory-safe languages, and Rust in particular, continues togrow, it is worth looking atone of the larger scale efforts to port C code that has existed for decadesto Rust. The uutils project aims torewrite all of the individual utilities included in the GNU Coreutils project inRust. Originally created by JordiBoggiano in 2013, the project aims to provide drop-inreplacements for the Coreutils programs, addingthe data-race protection and memory safety that Rust provides.

Security updates have been issued by Debian (nginx), Fedora (musl), Mageia (dnsmasq, firefox, graphviz, libebml, libpano13, librsvg, libxml2, lz4, mpv, tar, and vlc), openSUSE (csync2, python-py, and snakeyaml), Oracle (qemu), Red Hat (container-tools:2.0, kernel, kpatch-patch, nettle, nginx:1.16, and rh-nginx116-nginx), Slackware (httpd and polkit), SUSE (389-ds, gstreamer-plugins-bad, shim, and snakeyaml), and Ubuntu (gnome-autoar and isc-dhcp).

The realtime project has been the source of many of theinnovations that have found their way into the core kernel in the lastfifteen years or so. There is more to it than that, though; the wider realtimecommunity is also doing interesting work in a number of areas that go beyond ensuring deterministicresponse. One example is Daniel Bristot de Oliveira's runtimeverification patch set, which can monitor the kernel to ensure that itis behaving the way one thinks it should.

Security updates have been issued by Debian (libwebp, python-django, ruby-nokogiri, and thunderbird), Fedora (dhcp, polkit, transfig, and wireshark), openSUSE (chromium, inn, kernel, redis, and umoci), Oracle (pki-core:10.6), Red Hat (libwebp, nginx:1.18, rh-nginx118-nginx, and thunderbird), SUSE (gstreamer-plugins-bad), and Ubuntu (linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle).

The 5.13-rc5 kernel prepatch is out fortesting. "Hmm. Things haven't really started to calm down very much yet, but rc5seems to be fairly average in size. I'm hoping things will startshrinking now."

Back in a distant time — longer ago than he cares to admit — your editormanaged a system-administration group. At that time, most of the day-to-daypain reliably came from two types of devices: modems and printers. Modemsare more plentiful than ever now, but they have disappeared into interfacecontrollers and (usually) manage to behave themselves. Printers, instead,are still entirely capable of creating problems and forcing areconsideration of one's life choices.Behind the scenes, though, the situation has been getting better but, as arecent conversation within the Fedora project made clear, taking advantageof those improvements will require some changes and a bit of a leap of faith.

There is a new release of CentOS Linux 8. "Effectively immediately, this is the current release for CentOSLinux 8 and is tagged as 2105, derived from Red Hat Enterprise Linux 8.4Source Code." See therelease notes for the changes in this release.

Security updates have been issued by Debian (lasso), Fedora (mingw-djvulibre, mingw-exiv2, python-lxml, and singularity), openSUSE (ceph, dhcp, inn, nginx, opera, polkit, upx, and xstream), Oracle (firefox, perl, and polkit), Scientific Linux (firefox), SUSE (avahi, csync2, djvulibre, libwebp, polkit, python-py, slurm, slurm_18_08, thunderbird, and umoci), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-oem-5.10, and squid, squid3).

The io_uring subsystem, first introduced in2019, has quickly become the leading way to perform high-bandwidth,asynchronous I/O. It has drawn the attention of many developers, including,more recently,those who are focused more on security than performance. Now some membersof the security community are lamenting a perceived lack of thought about security support inio_uring, and are trying to remedy that shortcoming by adding audit andLinux security module support there. That process is proving difficult,and has raised the prospect of an unpleasant fallback solution.

Greg Kroah-Hartman has announced the release of the 5.12.9, 5.10.42, 5.4.124, 4.19.193, 4.14.235, 4.9.271, and 4.4.271 stable kernels. As usual, thesecontain fixes throughout the kernel tree; users should upgrade.