Rosenzweig: Fun and Games with Exposure Notifications
([Development] Sep 8, 2020 17:31 UTC (Tue) (ris))
Alyssa Rosenzweig [1]looks at getting the [2]Exposure Notifications System protocol, developed by Apple and Google for facilitating COVID-19 contact tracing on Android and iOS phones, running on GNU/Linux. " All in all, we end up with a Linux implementation of Exposure Notifications functional in Ontario, Canada. What’s next? Perhaps supporting contact tracing systems elsewhere in the world – patches welcome. " The source code for [3]liben is available " for any one who dares go near ".
[1] https://rosenzweig.io/blog/fun-and-games-with-exposure-notifications.html
[2] https://en.wikipedia.org/wiki/Exposure_Notification
[3] https://gitlab.freedesktop.org/alyssa/liben
[1] https://rosenzweig.io/blog/fun-and-games-with-exposure-notifications.html
[2] https://en.wikipedia.org/wiki/Exposure_Notification
[3] https://gitlab.freedesktop.org/alyssa/liben
[$] Modernizing the tasklet API
([Kernel] Sep 14, 2020 15:39 UTC (Mon) (mrybczyn))
Tasklets offer a deferred-execution method in the Linux kernel; they have been available since the 2.3 development series. They allow interrupt handlers to schedule further work to be executed as soon as possible after the handler itself. The tasklet API has its shortcomings, but it has stayed in place while other deferred-execution methods, including workqueues, have been introduced. Recently, Kees Cook posted a security-inspired [1]patch set (also including work from Romain Perier) to improve the tasklet API. This change is uncontroversial, but it provoked a discussion that might lead to the removal of the tasklet API in the (not so distant) future.
[1] https://lwn.net/ml/kernel-hardening/20200716030847.1564131-1-keescook@chromium.org/
[1] https://lwn.net/ml/kernel-hardening/20200716030847.1564131-1-keescook@chromium.org/
GStreamer 1.18.0 released
([Development] Sep 8, 2020 16:38 UTC (Tue) (ris))
The GStreamer team has [1]announced a major feature release of GStreamer. " The 1.18 release series adds new features on top of the previous 1.16 series and is part of the API and ABI-stable 1.x release series of the GStreamer multimedia framework. " There is a lengthy list of highlights in the announcement and more details in the [2]release notes .
[1] https://gstreamer.freedesktop.org/news/#2020-09-08T00%3A30%3A00Z
[2] https://gstreamer.freedesktop.org/releases/1.18/
[1] https://gstreamer.freedesktop.org/news/#2020-09-08T00%3A30%3A00Z
[2] https://gstreamer.freedesktop.org/releases/1.18/
Security updates for Tuesday
([Security] Sep 8, 2020 14:43 UTC (Tue) (ris))
Security updates have been issued by Debian (imagemagick, lemonldap-ng, and zeromq3), Fedora (ark, cryptsetup, gnutls, kernel, kernel-headers, and kernel-tools), openSUSE (firefox, kernel, and thunderbird), Red Hat (cloud-init, go-toolset:rhel8, libcroco, librepo, php:7.3, postgresql:10, and thunderbird), SUSE (firefox and go1.14), and Ubuntu (linux, linux-aws, linux-aws-5.3, linux-aws-5.4, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke-4.15, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-hwe-5.4, linux-kvm, linux-oem, linux-oem-osp1, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-raspi2, linux-raspi2-5.3, linux-snapdragon and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).
[$] OpenPGP in Rust: the Sequoia project
([Development] Sep 11, 2020 16:06 UTC (Fri) (coogle))
In 2018, three former [1]GnuPG developers began work on [2]Sequoia , a new implementation of [3]OpenPGP in [4]Rust . OpenPGP is an open standard for data encryption, often used for secure email; GnuPG is an implementation of that standard. The GPLv2-licensed Sequoia is [5]heading toward version 1.0 , with a [6]handful of issues remaining to be addressed. The project's founders believe that there is much to be desired in GnuPG, which is the de facto standard implementation of OpenPGP today. They hope to fix this with a reimplementation of the specification using a language with features that will help protect users from common types of memory bugs.
[1] https://gnupg.org/
[2] https://sequoia-pgp.org
[3] https://www.openpgp.org/
[4] https://www.rust-lang.org/
[5] https://sequoia-pgp.org/blog/2020/04/26/202004-towards-sequoia-v1.0/
[6] https://gitlab.com/sequoia-pgp/sequoia/-/issues?milestone_title=v1.0
[1] https://gnupg.org/
[2] https://sequoia-pgp.org
[3] https://www.openpgp.org/
[4] https://www.rust-lang.org/
[5] https://sequoia-pgp.org/blog/2020/04/26/202004-towards-sequoia-v1.0/
[6] https://gitlab.com/sequoia-pgp/sequoia/-/issues?milestone_title=v1.0
Security updates for Monday
([Security] Sep 7, 2020 14:28 UTC (Mon) (ris))
Security updates have been issued by Debian (ark, netty, netty-3.9, qemu, squid3, and xorg-server), Fedora (chromium), Gentoo (dovecot and gnutls), Mageia (ansible, postgresql, and python-rsa), openSUSE (curl, freerdp, libX11, php7, squid, and xorg-x11-server), Oracle (kernel), Red Hat (thunderbird), Slackware (gnutls), and SUSE (firefox, kernel, and thunderbird).
Kernel prepatch 5.9-rc4
([Kernel] Sep 7, 2020 0:45 UTC (Mon) (corbet))
The [1]5.9-rc4 kernel prepatch is out for testing. " So I certainly can't claim that things have calmed down, but hopefully this was pretty much it. Knock wood. "
[1] https://lwn.net/Articles/830801/
[1] https://lwn.net/Articles/830801/
A pair of weekend stable kernels
([Kernel] Sep 5, 2020 22:53 UTC (Sat) (corbet))
The [1]5.8.7 and [2]5.4.63 stable kernels are out with a relatively small number of important fixes.
[1] https://lwn.net/Articles/830734/
[2] https://lwn.net/Articles/830735/
[1] https://lwn.net/Articles/830734/
[2] https://lwn.net/Articles/830735/
FSF: Free Software Award nominations sought
([Briefs] Sep 4, 2020 21:23 UTC (Fri) (ris))
The Free Software Foundation (FSF) has [1]announced that nominations are open, until October 28, for the [2]Free Software Awards . Winners will be announced at the annual [3]LibrePlanet conference. " You might know of a contributor or organization who has done significant and user-empowering work on free software. We invite you to take a moment to show them (and tell us) that you care, by nominating them for an award in one of three categories: the [4]Award for the Advancement of Free Software , the [5]Award for Projects of Social Benefit , or the [6]Award for Outstanding New Free Software Contributor . Don't assume that someone else will nominate them -- too often, everyone assuming someone else will express the appreciation means that it never happens. As taking initiative and speaking up for the community are important parts of free software, why not take the time yourself to make sure your voice is heard? "
[1] https://www.fsf.org/blogs/community/free-software-awards-recognize-those-who-advance-our-freedom-by-october-28th
[2] https://www.fsf.org/awards/
[3] https://libreplanet.org/2021/
[4] https://www.fsf.org/awards/fs-award
[5] https://www.fsf.org/awards/sb-award
[6] https://www.fsf.org/awards/onfsc-award
[1] https://www.fsf.org/blogs/community/free-software-awards-recognize-those-who-advance-our-freedom-by-october-28th
[2] https://www.fsf.org/awards/
[3] https://libreplanet.org/2021/
[4] https://www.fsf.org/awards/fs-award
[5] https://www.fsf.org/awards/sb-award
[6] https://www.fsf.org/awards/onfsc-award
Linux from Scratch version 10.0 released
([Distributions] Sep 4, 2020 20:00 UTC (Fri) (jake))
On September 1, the [1]Linux From Scratch (LFS) project [2]announced the release of version 10.0 of [3]LFS along with [4]Beyond Linux From Scratch (BLFS). LFS is " a project that provides you with step-by-step instructions for building your own customized Linux system entirely from source "; BLFS picks up where LFS leaves off. Both books are available online either with or without systemd: [5]LFS System V , [6]LFS systemd , [7]BLFS System V , and [8]BLFS systemd . " The LFS release includes updates to glibc-2.31, and binutils-2.34. A total of 35 packages have been updated. A new package, zstd-1.4.4, has also been added. Changes to text have been made throughout the book. The Linux kernel has also been updated to version 5.5.3. The BLFS version includes approximately 1000 packages beyond the base Linux From Scratch Version 9.1 book. This release has over 840 updates from the previous version in addition to numerous text and formatting changes. "
[1] http://www.linuxfromscratch.org/index.html
[2] http://lists.linuxfromscratch.org/pipermail/lfs-dev/2020-September/074077.html
[3] http://www.linuxfromscratch.org/lfs/
[4] http://www.linuxfromscratch.org/blfs/
[5] http://www.linuxfromscratch.org/lfs/view/stable/
[6] http://www.linuxfromscratch.org/lfs/view/10.0-systemd/
[7] http://www.linuxfromscratch.org/blfs/view/stable/
[8] http://www.linuxfromscratch.org/blfs/view/stable-systemd/
[1] http://www.linuxfromscratch.org/index.html
[2] http://lists.linuxfromscratch.org/pipermail/lfs-dev/2020-September/074077.html
[3] http://www.linuxfromscratch.org/lfs/
[4] http://www.linuxfromscratch.org/blfs/
[5] http://www.linuxfromscratch.org/lfs/view/stable/
[6] http://www.linuxfromscratch.org/lfs/view/10.0-systemd/
[7] http://www.linuxfromscratch.org/blfs/view/stable/
[8] http://www.linuxfromscratch.org/blfs/view/stable-systemd/
[$] Conventions for extensible system calls
([Kernel] Sep 8, 2020 14:50 UTC (Tue) (corbet))
The kernel does not have just one system call to rename a file; instead, there are three of them: [1]rename() , renameat() , and renameat2() . Each was added when the previous one proved unable to support a new feature. A similar story has played out with a number of system calls: a feature is needed that doesn't fit into the existing interfaces, so a new one is created — again. At the 2020 [2]Linux Plumbers Conference , Christian Brauner and Aleksa Sarai ran a pair of sessions focused on the creation of future-proof system calls that can be extended when the need for new features arises.
[1] https://man7.org/linux/man-pages/man2/renameat.2.html
[2] https://linuxplumbersconf.org
[1] https://man7.org/linux/man-pages/man2/renameat.2.html
[2] https://linuxplumbersconf.org
Preparing for the realtime future
([Kernel] Sep 9, 2020 22:47 UTC (Wed) (jake))
Unlike many of the previous gatherings of the Linux realtime developers, their microconference at the virtual [1]2020 Linux Plumbers Conference had a different feel about it. Instead of being about when and how to get the feature into the mainline, the microconference had two sessions that looked at what happens after the realtime patches are upstream. That has not quite happened yet, but is likely for the 5.10 kernel, so the developers were looking to the future of the stable realtime trees and, relatedly, plans for continuous-integration (CI) testing for realtime kernels.
[1] https://linuxplumbersconf.org/2020/
[1] https://linuxplumbersconf.org/2020/
Security updates for Friday
([Security] Sep 4, 2020 13:45 UTC (Fri) (jake))
Security updates have been issued by Fedora (curl, dovecot, geary, httpd, lua, mysql-connector-java, and squid), Mageia (lua and lua5.3, sane, and squid), Oracle (dovecot), Scientific Linux (dovecot), SUSE (java-1_7_1-ibm, kernel, php5, and xorg-x11-server), and Ubuntu (firefox).
Bottomley: Lessons from the GNOME Patent Troll Incident
([Briefs] Sep 3, 2020 18:55 UTC (Thu) (corbet))
James Bottomley got a copy of the patent-suit settlement between the GNOME Foundation and Leigh Rothschild and has [1]posted an analysis . " Although the agreement achieves its aim, to rid all of Open Source of the Rothschild menace, it also contains several clauses which are suboptimal, but which had to be included to get a speedy resolution. In particular, Clause 10 forbids the GNOME foundation or its affiliates from publishing the agreement, which has caused much angst in open source circles about how watertight the agreement actually was. Secondly Clause 11 prohibits GNOME or its affiliates from pursuing any further invalidity challenges to any Rothschild patents leaving Rothschild free to pursue any non open source targets. Fortunately the effect of clause 10 is now mitigated by me publishing the agreement and the effect of clause 11 by the fact that the Open Invention Network is now pursuing IPR invalidity actions against the Rothschild patents. "
[1] https://blog.hansenpartnership.com/lessons-from-the-gnome-patent-troll-incident/
[1] https://blog.hansenpartnership.com/lessons-from-the-gnome-patent-troll-incident/
GnuPG 2.2.23 released, fixing a critical security flaw
([Security] Sep 3, 2020 17:05 UTC (Thu) (jake))
[1]GNU Privacy Guard (GnuPG or GPG) has released version 2.2.23 to fix a critical security bug affecting GnuPG 2.2.21 and 2.2.22, as well as Gpg4win 3.1.12. " Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour. Importing an arbitrary key can often easily be triggered by an attacker and thus triggering this bug. Exploiting the bug aside from crashes is not trivial but likely possible for a dedicated attacker. The major hurdle for an attacker is that only every second byte is under their control with every first byte having a fixed value of 0x04. Software distribution verification should not be affected by this bug because such a system uses a curated list of keys. "
[1] https://gnupg.org/
[1] https://gnupg.org/
LWN.net Weekly Edition for September 10, 2020
Cook: Security things in Linux v5.6
([Kernel] Sep 3, 2020 14:20 UTC (Thu) (corbet))
Kees Cook [1]catches up with the security-relevant changes in the 5.6 kernel release. " With my 'attack surface reduction' hat on, I remain personally suspicious of the io_uring() family of APIs, but I can’t deny their utility for certain kinds of workloads. Being able to pipeline reads and writes without the overhead of actually making syscalls is pretty great for performance. Jens Axboe has added the IORING_OP_OPENAT command so that existing io_urings can open files to be added on the fly to the mapping of available read/write targets of a given io_uring. While LSMs are still happily able to intercept these actions, I remain wary of the growing 'syscall multiplexer' that io_uring is becoming. "
[1] https://outflux.net/blog/archives/2020/09/02/security-things-in-linux-v5-6/
[1] https://outflux.net/blog/archives/2020/09/02/security-things-in-linux-v5-6/
A new crop of stable kernels
([Kernel] Sep 3, 2020 14:22 UTC (Thu) (jake))
Greg Kroah-Hartman has released six new stable kernels: [1]5.8.6 , [2]5.4.62 , [3]4.19.143 , [4]4.14.196 , [5]4.9.235 , and [6]4.4.235 . As usual, they contain fixes throughout the tree and users should upgrade.
[1] https://lwn.net/Articles/830501/
[2] https://lwn.net/Articles/830502/
[3] https://lwn.net/Articles/830503/
[4] https://lwn.net/Articles/830505/
[5] https://lwn.net/Articles/830506/
[6] https://lwn.net/Articles/830507/
[1] https://lwn.net/Articles/830501/
[2] https://lwn.net/Articles/830502/
[3] https://lwn.net/Articles/830503/
[4] https://lwn.net/Articles/830505/
[5] https://lwn.net/Articles/830506/
[6] https://lwn.net/Articles/830507/
Security updates for Thursday
([Security] Sep 3, 2020 13:26 UTC (Thu) (jake))
Security updates have been issued by Debian (asyncpg and uwsgi), Mageia (cairo), openSUSE (chromium, kernel, and postgresql10), Red Hat (dovecot and squid:4), SUSE (curl, java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, kernel, libX11, php7, squid, and xorg-x11-server), and Ubuntu (apport, libx11, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).
[$] Notes from an online free-software conference
([Front] Sep 4, 2020 14:07 UTC (Fri) (corbet))
The 2020 [1]Linux Plumbers Conference (LPC) was meant to be held in Halifax, Nova Scotia, Canada at the end of August. As it happens, your editor was on the organizing committee for that event and thus got a close view of what happens when one's hopes for discussing memory-management changes on the Canadian eastern seaboard become one of the many casualties of an ongoing pandemic. Transforming LPC into a successful online experience was a lot of work, but the results more than justified the effort. Read on for some notes and thoughts from the experience of making LPC happen in 2020.
[1] https://linuxplumbersconf.org/
[1] https://linuxplumbersconf.org/
Space is limited.