ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Security updates for Monday

([Security] Nov 9, 2020 16:13 UTC (Mon) (ris))

Security updates have been issued by CentOS (bind, firefox, java-1.8.0-openjdk, kernel, libX11, qemu-kvm, thunderbird, and xorg-x11-server), Debian (guacamole-server, krb5, libexif, poppler, raptor2, and sympa), Fedora (blueman, chromium, freetype, galera, krb5, libtpms, mariadb, mariadb-connector-c, pngcheck, and salt), Mageia (blueman, docker, fontforge, junit, libproxy, libuv, mariadb, suricata, and webmin), openSUSE (apache-commons-httpclient, bluez, gnome-settings-daemon, gnome-shell, python, salt, sddm, u-boot, virt-bootstrap, and wireshark), Red Hat (chromium-browser), SUSE (ceph, deepsea, kernel, Salt, salt, SUSE Manager 3.2, u-boot, and yast2-multipath), and Ubuntu (openldap and pacemaker).

Kernel prepatch 5.10-rc3

([Kernel] Nov 9, 2020 1:28 UTC (Mon) (corbet))

The [1]5.10-rc3 kernel prepatch is out for testing. " Things look normal. rc3 is neither particularly small or particularly large - it's pretty much average for an rc3 release for the last couple of years. "



[1] https://lwn.net/Articles/836577/

Mutt 2.0 released

([Development] Nov 7, 2020 23:39 UTC (Sat) (corbet))

Version 2.0 of the Mutt email client is out. " This release was bumped to 2.0, not because of the magnitude of features (which is actually smaller than past releases), but because of a few changes that are backward incompatible ". New features include a cd command to change directories, automatic IMAP reconnection, and "MuttLisp", a Lisp-like language for the configuration file. See [1]the release notes for details.



[1] http://www.mutt.org/relnotes/2.0/

OSS EU and ELC EU videos available

([Front] Nov 6, 2020 18:36 UTC (Fri) (jake))

The 2020 editions of [1]Open Source Summit Europe (OSS EU) and [2]Embedded Linux Conference Europe (ELC EU) were held virtually October 26-30, along with some other events (KVM Forum, Linux Security Summit, and more). The videos, Q&A, and presentations from those conferences are now available to all at the [3]event site through the month of November. The videos will also be posted to YouTube during the month so that they will be available for the future. The [4]schedule is available as well.



[1] https://events.linuxfoundation.org/open-source-summit-europe/

[2] https://events.linuxfoundation.org/embedded-linux-conference-europe/

[3] https://www.accelevents.com/e/OSSELCEU2020

[4] https://osseu2020.sched.com/

Migration disable for the mainline

([Kernel] Nov 9, 2020 20:50 UTC (Mon) (corbet))

The realtime developers have been working for many years to create a kernel where the highest-priority task is always able to run without delay. That has meant a long process of finding and fixing situations where high-priority tasks might be blocked from running; one of the persistent problems in this regard has been kernel code that disables preemption. One tool that the realtime developers have reached for is disabling migration (moving a process from one CPU to another) rather than preemption; this approach has not been entirely popular among scheduler developers, though. Even so, the solution would appear to be [1]this migration-disable patch set from scheduler developer Peter Zijlstra.



[1] https://lwn.net/ml/linux-kernel/20201023101158.088940906@infradead.org/

Fallout from upcoming Let's Encrypt certificate changes

([Security] Nov 6, 2020 17:37 UTC (Fri) (corbet))

As described in [1]this Let's Encrypt blog entry , certificates issued by Let's Encrypt will soon be signed solely by that organization's own root certificate, which is accepted by all modern browsers. There is one little catch, though: versions of Android prior to 7.1.1 (released in late 2016) do not recognize that certificate and will start throwing errors. " Currently, 66.2% of Android devices are running version 7.1 or above. The remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let’s Encrypt certificate. In our communications with large integrators, we have found that this represents around 1-5% of traffic to their sites. " There appears to be little to be done about this problem other than to encourage owners of older Android devices to install Firefox.



[1] https://letsencrypt.org/2020/11/06/own-two-feet.html

Security updates for Friday

([Security] Nov 6, 2020 14:24 UTC (Fri) (jake))

Security updates have been issued by Debian (sddm and wordpress), Fedora (blueman, chromium, pngcheck, and salt), openSUSE (chromium, salt, tiff, tigervnc, tmux, tomcat, transfig, and xen), Oracle (freetype, kernel, libX11, thunderbird, and xorg-x11-server), SUSE (bluez, ImageMagick, java-1_8_0-openjdk, rmt-server, salt, and u-boot), and Ubuntu (dom4j, firefox, netqmail, phpldapadmin, and tmux).

LWN.net Weekly Edition for November 12, 2020


Security updates for Thursday

([Security] Nov 5, 2020 14:24 UTC (Thu) (jake))

Security updates have been issued by Debian (bouncycastle, gdm3, and libonig), Fedora (arpwatch, thunderbird, and trousers), openSUSE (chromium, gn), Red Hat (freetype, libX11, thunderbird, and xorg-x11-server), and SUSE (ImageMagick, java-11-openjdk, salt, and wireshark).

New stable kernels

([Kernel] Nov 5, 2020 14:24 UTC (Thu) (jake))

Four new stable kernels have been released: [1]5.9.5 , [2]5.4.75 , [3]4.19.155 , and [4]4.14.204 . They are fairly large updates with lots of important fixes throughout the kernel tree; users should upgrade.



[1] https://lwn.net/Articles/836209/

[2] https://lwn.net/Articles/836210/

[3] https://lwn.net/Articles/836211/

[4] https://lwn.net/Articles/836212/ Update : [1]5.9.6 has been released to fix a build problem with 5.9.5: " if 5.9.5 built properly for you, wonderful, no need to upgrade ".



[1] https://lwn.net/Articles/836275/

Stable kernel 5.9.4

([Kernel] Nov 4, 2020 21:31 UTC (Wed) (ris))

Greg Kroah-Hartman has released stable kernel [1]5.9.4 . " This is only a bugfix for the 5.9.3 kernel release which had some problems with some symlinks for the powerpc selftests. " If you did not have any issues with 5.9.3 there is no need to upgrade.



[1] https://lwn.net/Articles/836158/

[$] Atomic kmaps become local

([Kernel] Nov 6, 2020 14:40 UTC (Fri) (corbet))

The kmap() interface in the kernel is a bit of a strange beast. It only exists to overcome the virtual addressing limitations of 32-bit CPUs, but it affects code across the kernel and has side effects on 64-bit machines as well. A recent discussion on the handling of preemption within the kernel identified a number of problems in need of attention, [1]one of which was the kmap() API . Now, an extension to this API called kmap_local() is being proposed to address some of the problems; it signals another step in the kernel community's slow move away from supporting 32-bit machines as first-class citizens.



[1] https://lwn.net/Articles/831678/#highmem

Security updates for Wednesday

([Security] Nov 4, 2020 15:39 UTC (Wed) (ris))

Security updates have been issued by Arch Linux (chromium and firefox), Fedora (nss), openSUSE (pacemaker), Red Hat (bind, binutils, bluez, cloud-init, container-tools:rhel8, cryptsetup, cups, curl, cyrus-imapd, cyrus-sasl, dovecot, dpdk, edk2, evolution, expat, file-roller, fontforge, freeradius:3.0, freerdp and vinagre, freetype, frr, gd, glibc, GNOME, gnome-software and fwupd, gnupg2, grafana, httpd:2.4, idm:DL1 and idm:client, kernel, kernel-rt, libarchive, libexif, libgcrypt, libldb, libpcap, librabbitmq, libreoffice, librsvg2, libsolv, libssh, libtiff, libvpx, libX11, libxml2, libxslt, mailman:2.1, mingw-expat, nodejs:12, oddjob, oniguruma, opensc, openssl, openwsman, pcre2, pki-core:10.6 and pki-deps:10.6, poppler, prometheus-jmx-exporter, python-pip, python27:2.7, python3, python38:3.8, qt5-qtbase and qt5-qtwebsockets, resource-agents, SDL, spamassassin, sqlite, squid:4, subversion:1.10, sysstat, systemd, targetcli, tcpdump, thunderbird, varnish:6, vim, and virt:rhel and virt-devel:rhel), SUSE (apache-commons-httpclient, gnome-settings-daemon, gnome-shell, kernel, libvirt, opensc, ovmf, python, rmt-server, and sane-backends), and Ubuntu (accountsservice, gdm3, libytnef, python-cryptography, and spice-vdagent).

Signed pushes for kernel.org

([Kernel] Nov 3, 2020 23:47 UTC (Tue) (corbet))

Kernel.org manager Konstantin Ryabitsev [1]describes the Git signed-push functionality , which is now supported by the kernel.org system. " To help hedge against this problem, git provides developers a way to sign their actual pushes, as a means to attest 'yes, I actually did intend to push these commits into this ref in this repository on this server, and here's my PGP signature to prove it.' " Among other things, these signatures can be preserved in a commit transparency log, [2]which is also now provided by kernel.org.



[1] https://people.kernel.org/monsieuricon/signed-git-pushes

[2] https://people.kernel.org/monsieuricon/introducing-the-kernel-org-git-transparency-log

Rosenzweig: From Panfrost to production, a tale of Open Source graphics

([Development] Nov 3, 2020 21:46 UTC (Tue) (ris))

Alyssa Rosenzweig [1]reports on the progress of the Panfrost driver. " Since our [2]previous update on Panfrost , the open source stack for Arm's Mali Midgard and Bifrost GPUs, we've focused on taking our driver from its reverse-engineered origins on Midgard to a mature stack. We've overhauled both the Gallium driver and the backend compiler, and as a result, Mesa 20.3 -- scheduled for release at the end-of-the-month -- will feature some Bifrost support out-of-the-box . "



[1] https://www.collabora.com/news-and-blog/blog/2020/11/03/from-panfrost-to-production-a-tale-of-open-source-graphics/

[2] https://www.collabora.com/news-and-blog/blog/2020/06/05/bifrost-meets-gnome-onward-upward-zero-graphics-blobs/

[$] Deprecating scp

([Security] Nov 5, 2020 20:25 UTC (Thu) (corbet))

The [1]scp command, which uses the [2]SSH protocol to copy files between machines, is deeply wired into the fingers of many Linux users and developers — doubly so for those of us who still think of it as a more secure replacement for rcp . Many users may be surprised to learn, though, that the resemblance to rcp goes beyond the name; much of the underlying protocol is the same as well. That protocol is showing its age, and the [3]OpenSSH community has considered it deprecated for a while. Replacing scp in a way that keeps users happy may not be an easy task, though.



[1] https://man7.org/linux/man-pages/man1/scp.1.html

[2] https://en.wikipedia.org/wiki/Ssh_(Secure_Shell)

[3] https://www.openssh.com/

Security updates for Tuesday

([Security] Nov 3, 2020 15:57 UTC (Tue) (ris))

Security updates have been issued by Debian (blueman and wordpress), Fedora (fastd, kernel, and samba), Gentoo (bluez, fossil, kpmcore, libssh, and opendmarc), openSUSE (claws-mail and icinga2), and Ubuntu (blueman).

An introduction to Pluto

([Development] Nov 4, 2020 0:16 UTC (Wed) (leephillips))

[1]Pluto is a new computational notebook for the [2]Julia programming language. Computational notebooks are a way to program inside of a web browser, storing code, annotations, and output, including graphics, in a single place. They became popular with the advent of the [3]Jupyter notebook, which originally targeted Julia, Python, and R—the names got mashed together to make the word "Jupyter".



[1] https://github.com/fonsp/Pluto.jl

[2] http://julialang.org/

[3] https://jupyter.org/

A Matrix overview

([Development] Nov 4, 2020 23:49 UTC (Wed) (jake))

At this year's (virtual) [1]Open Source Summit Europe , Oleg Fiksel gave an [2]overview talk on the [3]Matrix decentralized, secure communication network project. Matrix has been seeing increasing adoption recently, he said, including by governments (beyond France, which we already reported on in [4]an article on a FOSDEM 2019 talk ) and other organizations. It also aims to bridge all of the different chat mechanisms that people are using in order to provide a unified interface for all of them.



[1] https://events.linuxfoundation.org/open-source-summit-europe/

[2] https://osseu2020.sched.com/event/eCGN/matrix-open-secure-decentralised-real-time-communication-across-networks-oleg-fiksel-deutsche-telekom

[3] https://matrix.org/

[4] https://lwn.net/Articles/779331/

Walleij: Setting up the Arm32 architecture

([Kernel] Nov 2, 2020 18:37 UTC (Mon) (corbet))

For those who are following along with Linus Walleij's detailed writeup of how the 32-bit Arm bootstrap process works, he has posted two new installments ( [1]part 1 , [2]part 2 ) on what happens once virtual memory is enabled. " This init task is task 0. It is not identical to task 1, which will be the init process. That is a completely different task that gets forked in userspace later on. This task is only about providing context for the kernel itself, and a point for the first task (task 1) to fork from. The kernel is very dependent on context as we shall see, and that is why its thread/task information and even the stack pointer for this 'task zero' is hardcoded into the kernel like this. This 'zero task' does not even appear to userspace if you type ps aux , it is hidden inside the kernel. "



[1] https://people.kernel.org/linusw/setting-up-the-arm32-architecture-part-1

[2] https://people.kernel.org/linusw/setting-up-the-arm32-architecture-part-2
More

/*
* [...] Note that 120 sec is defined in the protocol as the maximum
* possible RTT. I guess we'll have to use something other than TCP
* to talk to the University of Mars.
* PAWS allows us longer timeouts and large windows, so once implemented
* ftp to mars will work nicely.
*/
-- from /usr/src/linux/net/inet/tcp.c, concerning RTT [round trip time]