Linux Foundation 2020 annual report
([Briefs] Dec 3, 2020 16:08 UTC (Thu) (corbet))
The Linux Foundation has published [1]a glossy report of its activities for 2020. " 2020 has been a year of challenges for the Linux Foundation ('LF') and our hosted communities. During this pandemic, we’ve all seen our daily lives and those of many of our colleagues, friends, and family around the world completely changed. Too many in our community also grieved over the loss of family and friends. It was uplifting to see LF members join the fight against COVID-19. Our members worldwide contributed technical resources for scientific researchers, offered assistance to struggling families and individuals, contributed to national and international efforts, and some even came together to create open source projects under LF Public Health to help countries deal with the pandemic. "
[1] https://www.linuxfoundation.org/blog/2020/12/download-the-2020-linux-foundation-annual-report/
[1] https://www.linuxfoundation.org/blog/2020/12/download-the-2020-linux-foundation-annual-report/
Security updates for Thursday
([Security] Dec 3, 2020 14:16 UTC (Thu) (jake))
Security updates have been issued by Mageia (cimg, pngcheck, poppler, tor, and xdg-utils), openSUSE (mariadb), Red Hat (go-toolset-1.14-golang), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon).
[$] XFS, stable kernels, and -rc releases
([Kernel] Dec 3, 2020 18:36 UTC (Thu) (corbet))
Ever since the stable-update process was created, there have been questions about which patches are suitable for inclusion in those updates; usually, these discussions are driven by people who think that the criteria should be more restrictive. A regression in the XFS filesystem that found its way into the [1]5.9.9 stable update briefly rekindled this discussion. In one sense, there was little new ground covered in this iteration, but there was an interesting point raised about the relationship between stable updates and the mainline kernel -rc releases.
[1] https://lwn.net/ml/linux-kernel/1605788188121239@kroah.com/
[1] https://lwn.net/ml/linux-kernel/1605788188121239@kroah.com/
Certificates from Let's Encrypt (R3 active)
([Security] Dec 2, 2020 19:25 UTC (Wed) (ris))
Let's Encrypt has announced that, as of today, the TLS certificates issued by the Let's Encrypt certificate authority are using a new intermediate certificate. " While LE will start using their new _roots_ next year, the change today is using a _variant_ of their "R3" certificate which is cross-signed from IdenTrust, rather than chaining back to their "ISRG Root X1". This will affect you if you're using DANE, TLSA records in DNS, signed by DNSSEC, to advertise properties of the certificate chain which remote systems should expect to see. "
[$] The future of 32-bit Linux
([Kernel] Dec 4, 2020 21:06 UTC (Fri) (arnd))
The news for processors and system-on-chip (SoC) products these days is all about 64-bit cores powering the latest computers and smartphones, so it's easy to be misled into thinking that all 32-bit technology is obsolete. That quickly leads to the idea of removing support for 32-bit hardware, which would clearly make life easier for kernel developers in a number of ways. At the same time, a majority of embedded systems shipped today do use 32-bit processors, so a valid question is if this will ever change, or if 32-bit will continue to be the best choice for devices that do not require significant resources.
Stable kernel updates
([Kernel] Dec 2, 2020 16:09 UTC (Wed) (ris))
Stable kernels [1]5.9.12 , [2]5.4.81 , [3]4.19.161 , [4]4.14.210 , [5]4.9.247 , and [6]4.4.247 have been released with important fixes. Users should upgrade.
[1] https://lwn.net/Articles/838789/
[2] https://lwn.net/Articles/838790/
[3] https://lwn.net/Articles/838791/
[4] https://lwn.net/Articles/838792/
[5] https://lwn.net/Articles/838793/
[6] https://lwn.net/Articles/838794/
[1] https://lwn.net/Articles/838789/
[2] https://lwn.net/Articles/838790/
[3] https://lwn.net/Articles/838791/
[4] https://lwn.net/Articles/838792/
[5] https://lwn.net/Articles/838793/
[6] https://lwn.net/Articles/838794/
Security updates for Wednesday
([Security] Dec 2, 2020 15:59 UTC (Wed) (ris))
Security updates have been issued by Debian (brotli, jupyter-notebook, and postgresql-9.6), Fedora (perl-Convert-ASN1 and php-pear), openSUSE (go1.15, libqt5-qtbase, mutt, python-setuptools, and xorg-x11-server), Oracle (firefox, kernel, libvirt, and thunderbird), Red Hat (rh-postgresql10-postgresql and rh-postgresql12-postgresql), SUSE (java-1_8_0-openjdk, python, python-cryptography, python-setuptools, python3, and xorg-x11-server), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-kvm, linux-lts-trusty, linux-raspi2, linux-snapdragon, python-werkzeug, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).
Popov: Linux kernel heap quarantine versus use-after-free exploits
([Kernel] Dec 2, 2020 15:21 UTC (Wed) (corbet))
Alexander Popov [1]describes his kernel heap-quarantine patches designed to protect the system against use-after-free vulnerabilities. " In July 2020, I got an idea of how to break this heap spraying technique for UAF exploitation. In August I found some time to try it out. I extracted the slab freelist quarantine from KASAN functionality and called it SLAB_QUARANTINE. If this feature is enabled, freed allocations are stored in the quarantine queue, where they wait to be actually freed. So there should be no way for them to be instantly reallocated and overwritten by UAF exploits. "
[1] https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html
[1] https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html
xorg-server 1.20.10
([Development] Dec 1, 2020 22:40 UTC (Tue) (ris))
Xorg-server 1.20.10 has been released. This version fixes [1]security issues that could lead to privilege escalation, or other problems.
[1] https://lwn.net/Articles/838695/
[1] https://lwn.net/Articles/838695/
Security updates for Tuesday
([Security] Dec 1, 2020 16:41 UTC (Tue) (ris))
Security updates have been issued by Debian (libxstream-java, musl, mutt, pdfresurrect, vips, and zsh), Fedora (libuv, nodejs, thunderbird, and xen), openSUSE (libssh2_org, mutt, neomutt, and thunderbird), Oracle (firefox and thunderbird), Red Hat (firefox, rh-nodejs12-nodejs, rh-php73-php, and thunderbird), Scientific Linux (thunderbird), SUSE (libX11, mariadb, mutt, python-pip, python-setuptools, and python36), and Ubuntu (containerd, php-pear, and sniffit).
Python structural pattern matching morphs again
([Development] Dec 2, 2020 22:30 UTC (Wed) (jake))
A way to specify multiply branched conditionals in the Python language—akin to the C switch statement—has been a longtime feature request. Over the years, various proposals have been mooted, but none has ever crossed the finish line and made it into the language. A highly ambitious proposal that would solve the multi-branch-conditional problem (and quite a bit more) has been discussed—dissected, perhaps—in the Python community over the last six months or so. We have covered some of the discussion in [1]August and [2]September , but the ground has shifted once again so it is time to see where things stand.
[1] https://lwn.net/Articles/827179/
[2] https://lwn.net/Articles/828486/
[1] https://lwn.net/Articles/827179/
[2] https://lwn.net/Articles/828486/
pip 20.3 release
([Development] Nov 30, 2020 17:03 UTC (Mon) (ris))
The Python Packaging Authority has announced the release of pip 20.3. There is some potential for disruption with this release. " The new resolver is now *on by default*. It is significantly stricter and more consistent when it receives incompatible instructions, and reduces support for certain kinds of constraints files, so some workarounds and workflows may break. "
Security updates for Monday
([Security] Nov 30, 2020 16:27 UTC (Mon) (ris))
Security updates have been issued by Arch Linux (c-ares, libass, raptor, rclone, and swtpm), Debian (libproxy, qemu, tcpflow, and x11vnc), Fedora (asterisk, c-ares, microcode_ctl, moodle, pam, tcpdump, and webkit2gtk3), Mageia (jruby and webkit2), openSUSE (buildah, c-ares, ceph, fontforge, java-1_8_0-openjdk, kernel, LibVNCServer, mariadb, thunderbird, ucode-intel, and wireshark), Red Hat (firefox, rh-mariadb103-mariadb and rh-mariadb103-galera, and thunderbird), SUSE (binutils, libssh2_org, LibVNCServer, libX11, and nodejs12), and Ubuntu (mysql-8.0 and qemu).
PHP 8.0.0 released
([Development] Nov 30, 2020 14:22 UTC (Mon) (corbet))
Version 8.0.0 of the PHP language has been released. New features include union types, named arguments, match expressions, a just-in-time compiler, and more; see [1]this article for more information.
[1] https://lwn.net/Articles/834672/
[1] https://lwn.net/Articles/834672/
Kernel prepatch 5.10-rc6
([Kernel] Nov 30, 2020 0:47 UTC (Mon) (corbet))
The [1]5.10-rc6 kernel prepatch is out. " So I'm feeling pretty good about 5.10, and I hope I won't be proven wrong about that. But please do test. "
[1] https://lwn.net/Articles/838514/
[1] https://lwn.net/Articles/838514/
Challenges in protecting virtual machines from untrusted entities
([Security] Dec 1, 2020 20:01 UTC (Tue) (kashyap))
As an ever-growing number of workloads are being moved to the cloud, CPU vendors have begun to roll out purpose-built hardware features to isolate virtual machines (VMs) from potentially hostile parties. These processor features, and their extensions, enable the notion of "secure VMs" (or "confidential VMs") — where a VM's "sensitive state" needs to be protected from untrusted entities. Drawing from his experience contributing to the secure VM implementation for the s390 architecture, Janosch Frank described the challenges involved in a [1]talk at the 2020 (virtual) KVM Forum. Though the implementations across CPU vendors may vary, there are many shared problems, which opens up possibilities for collaboration.
[1] https://kvmforum2020.sched.com/event/eE21/the-common-challenges-of-secure-vms-janosch-frank-ibm
[1] https://kvmforum2020.sched.com/event/eE21/the-common-challenges-of-secure-vms-janosch-frank-ibm
Security updates for Friday
([Security] Nov 27, 2020 15:20 UTC (Fri) (jake))
Security updates have been issued by Arch Linux (go, libxml2, postgresql, and wireshark-cli), Debian (drupal7 and lxml), Fedora (drupal7, java-1.8.0-openjdk-aarch32, libxml2, pacemaker, slurm, and swtpm), openSUSE (c-ares, ceph, chromium, dash, firefox, go1.14, java-1_8_0-openjdk, kernel, krb5, perl-DBI, podman, postgresql10, postgresql12, rclone, slurm, ucode-intel, wireshark, wpa_supplicant, and xen), SUSE (ceph, firefox, kernel, LibVNCServer, and python), and Ubuntu (freerdp, poppler, and xdg-utils).
Thanksgiving security updates
([Security] Nov 26, 2020 14:46 UTC (Thu) (jake))
Security updates have been issued by openSUSE (blueman, chromium, firefox, LibVNCServer, postgresql10, postgresql12, thunderbird, and xen), Slackware (bind), SUSE (bluez, kernel, LibVNCServer, thunderbird, and ucode-intel), and Ubuntu (mutt, poppler, thunderbird, and webkit2gtk).
Scheduling for asymmetric Arm systems
([Kernel] Nov 30, 2020 18:15 UTC (Mon) (corbet))
The Arm processor architecture has pushed the boundaries in a number of ways, some of which have required significant kernel changes in response. For example, the [1]big.LITTLE architecture placed fast (but power-hungry) and slower (but more power-efficient) CPUs in the same system-on-chip (SoC); significant scheduler changes were needed for Linux to be able to properly distribute tasks on such systems. For all their quirkiness, big.LITTLE systems still feature CPUs that are in some sense identical: they can all run any task in the system. What is the scheduler to do, though, if confronted with a system where that is no longer true?
[1] https://lwn.net/Articles/481055/
[1] https://lwn.net/Articles/481055/
The new rules for Perl governance
([Development] Nov 25, 2020 16:29 UTC (Wed) (corbet))
The process of adopting a new governance model for the Perl project appears to be reaching an end; the new model is designed to look a lot like the one adopted by the Python project. " So, now Perl has two well-defined bodies involved in its governance: a core team of a few dozen and a steering council of three people. The core team sets the rules of Perl governance, votes on membership of the two groups, and delegates substantial decision making power to the steering council. The steering council has broad authority to make decisions about the development of the Perl language, the interpreter, and all other components, systems and processes that result in new releases of the language interpreter. " The [1]full description is available for those looking for the details.
[1] https://github.com/Perl/perl5/pull/18357/files
[1] https://github.com/Perl/perl5/pull/18357/files
The Great Movie Posters:
SCENES THAT WILL STAGGER YOUR SIGHT!
-- DANCING CALLED GO-GO
-- MUSIC CALLED JU-JU
-- NARCOTICS CALLED BANGI!
-- FIRES OF PUBERTY!
SEE the burning of a virgin!
SEE power of witch doctor over women!
SEE pygmies with fantastic Physical Endowments!!!
-- Kwaheri (1965)
The Big Comedy of Nineteen-Sexty-Sex!
-- Boeing-Boeing (1965)
AN ASTRONAUT WENT UP-
A "GUESS WHAT" CAME DOWN!
The picture that comes complete with a 10-foot tall monster to
give you the wim-wams!
-- Monster a Go-Go (1965)