Hírolvasó

For those who do everything in the Emacs editor: the ELPA repository has just gained an OpenStreetMap viewer. A quick test (example shown on the right) suggests that it works reasonably well; click below for the details.

The gcobol project has announced its existence; it is a compiler for the COBOL language currently implemented as a fork of GCC.

There's another answer to Why: because a free Cobol compiler is an essential component to any effort to migrate mainframe applications to what mainframe folks still call "distributed systems". Our goal is a Cobol compiler that will compile mainframe applications on Linux. Not a toy: a full-blooded replacement that solves problems. One that runs fast and whose output runs fast, and has native gdb support.

The developers hope to merge back into GCC after the project has advanced further.

Security updates have been issued by Debian (spip), Fedora (chromium), Mageia (chromium-browser-stable, kernel, kernel-linus, and ruby), openSUSE (firefox, flac, java-11-openjdk, protobuf, tomcat, and xstream), Oracle (thunderbird), Red Hat (kpatch-patch and thunderbird), Scientific Linux (thunderbird), Slackware (httpd), SUSE (firefox, flac, glib2, glibc, java-11-openjdk, libcaca, SDL2, squid, sssd, tomcat, xstream, and zsh), and Ubuntu (zsh).

Following a request-for-testing thread on tech@, Stefan Sperling (stsp@) has committed some IEEE 802.11ac support to iwx(4):

CVSROOT: /cvs Module name: src Changes by: stsp@cvs.openbsd.org 2022/03/14 09:08:50 Modified files: sys/dev/pci : if_iwx.c if_iwxreg.h if_iwxvar.h Log message: Add initial support for 802.11ac (VHT) to the iwx(4) driver. This makes it possible to use 80MHz channels and VHT-specific MCS. Other 11ac features remain disabled for now. Tested: ax200: Matthias Schmidt, phessler, dv, kevlo, Joel Carnat, hrvoje, jmc, stsp ax201: mlarkin, stsp iwm (regression testing): stsp

As always, thanks Stefan!

Gabriel Krisman Bertazi describes the new FAN_FS_ERROR event type added to the fanotify mechanism in 5.16.

This is why we worked on a new mechanism for closely monitoring volumes and notifying recovery tools and sysadmins in real-time that an error occurred. The feature, merged in kernel 5.16, won't prevent failures from happening, but will help reduce the effects of such errors by guaranteeing any listener application receives the message. A monitoring application can then reliably report it to system administrators and forward the detailed error information to whomever is unlucky enough to be tasked with fixing it.

When the kernel first gained support for huge pages, most of the work was left to user space. System administrators had to set aside memory in the special hugetlbfs filesystem for huge pages, and programs had to explicitly map memory from there. Over time, the transparent huge pages mechanism automated the task of using huge pages. That mechanism is not perfect, though, and some users feel that they have better knowledge of when huge-page use makes sense for a given process. Thus, huge pages are now coming full circle with this patch set from Zach O'Keefe returning huge pages to user-space control.

Security updates have been issued by Debian (expat, haproxy, libphp-adodb, nbd, and vim), Fedora (chromium, cobbler, firefox, gnutls, linux-firmware, radare2, thunderbird, and usbguard), Mageia (gnutls), Oracle (.NET 5.0, .NET 6.0, .NET Core 3.1, firefox, and kernel), SUSE (firefox, tomcat, and webkit2gtk3), and Ubuntu (libxml2 and nbd).

Linus has released 5.17-rc8 rather than the final 5.17 kernel.

Last week was somewhat messy, mostly because of embargoed patches we had pending with another variation of spectre attacks. And while the patches were mostly fine, we had the usual "because it was hidden, all our normal testing automation didn't see it either".

And once the automation sees things, it tests all the insane combinations that people don't tend to actually use or test in any normal case, and so there was a (small) flurry of fixes for the fixes.

None of this was really surprising, but I naïvely thought I'd be able to do the final release this weekend anyway.

And honestly, I considered it. I don't think we really have any pending issues that would hold up a release, but on the other hand we also really don't have any reason _not_ to give it another week with all the proper automated testing. So that's what I'm doing, and as a result we have an -rc8 release today instead of doing a final 5.17.

We are pleased to announce the first batch of proposed microconferences at the Linux Plumbers Conference (LPC) 2022:

• LinuxBoot is deployed at scale; what’s next?
• linux/arch
• Confidential Computing Microconference
• Kernel Testing & Dependability
• Containers and Checkpoint/Restore
• Service Management and systemd
• Zoned Storage Devices (SMR HDDs & ZNS SSDs)
• RISC-V
• Compute Express Link
• Kernel Memory Management

The call for microconferences proposal will close on Saturday, 2. April 2022. The slots are filling up fast so we strongly encourage everyone thinking about submitting a microconference to do so as soon as possible!

LPC 2022 is currently planned to take place in Dublin, Ireland from 12 September to 14 September. For details about the location, co-location with other events see our website and social media for updates.

We do hope that LPC 2022 will be mainly an in-person event. Ideally, microconference runners should be willing and able to attend in person.

One of the key characteristics of a random-number generator (RNG) is its unpredictability; by definition, it should not be possible to know what the next number to be produced will be. System security depends on this unpredictability at many levels. An attacker who knows an RNG's future output may be able to eavesdrop on (or interfere with) network conversations, compromise cryptographic keys, and more. So it is a bit disconcerting to know that there is a common event that can cause RNG predictability: the forking or duplication of a virtual machine. Linux RNG maintainer Jason Donenfeld is working on a solution to this problem.

Greg Kroah-Hartman has announced the release of seven stable kernels—these contain mitigations for the Spectre branch history injection variant: 5.16.14, 5.15.28, 5.10.105, 5.4.184, 4.19.234, 4.14.271, and 4.9.306. Users should upgrade.

Security updates have been issued by Debian (nbd, ruby-sidekiq, tryton-proteus, and tryton-server), Mageia (shapelib and thunderbird), openSUSE (minidlna, python-libxml2-python, python-lxml, and thunderbird), Oracle (kernel, kernel-container, and python-pip), Red Hat (.NET 5.0, .NET 6.0, .NET Core 3.1, firefox, kernel, and kernel-rt), Scientific Linux (firefox), SUSE (openssh, python-libxml2-python, python-lxml, and thunderbird), and Ubuntu (expat vulnerabilities and, firefox, and subversion).

Linked lists are conceptually straightforward; they tend to be taught toward the beginning of entry-level data-structures classes. It might thus be surprising that the kernel community is concerned about its longstanding linked-list implementation and is not only looking for ways to solve some problems, but has been struggling to find that solution. It now appears that some improvements might be at hand: after more than 30 years, the kernel developers may have found a better way to safely iterate through a linked list.

Security updates have been issued by Debian (firefox-esr and kernel), Fedora (cyrus-sasl, mingw-protobuf, and thunderbird), Mageia (kernel-linus), openSUSE (firefox, kernel, and libcaca), Oracle (.NET 6.0, kernel, kernel-container, and ruby:2.5), Slackware (mozilla-thunderbird), and SUSE (firefox, mariadb, and tomcat).

James Hastings (hastings@) has committed mtw(4), a driver for MediaTek MT7601U USB Wi-Fi devices:

CVSROOT: /cvs Module name: src Changes by: hastings@cvs.openbsd.org 2021/12/20 06:59:02 Added files: sys/dev/ic : mtwreg.h sys/dev/usb : if_mtw.c if_mtwvar.h Log message: Add mtw(4), a driver for MediaTek MT7601U wifi devices. Ported from run(4) with legacy chipsets removed. Not yet enabled in the build. ok stsp@ jmatthew@

Read more…

The LWN.net Weekly Edition for March 10, 2022 is available.

The curl utility is a command-line program (and associated library) for interacting with various network protocols; it is commonly used to do things like transferring data from a remote server over HTTP or HTTPS using a URL. But curl also supports a lot more protocols, some of which are probably rarely used, obsolete, deprecated, or all three. As a recent discussion on the Fedora devel mailing list shows, though, it is hard to find agreement that support for only some of those protocols should be installed by default, while others might be left in an optional package for those who need them.

Version 3.1 of the Blender artistic suite is out. The list of changes is long and can be seen in the video-heavy announcement page; it includes Apple Metal support, a new "point cloud" object, and much more.

A few days prior to the expected 5.17 release, the mainline kernel has just received a series of Spectre mitigations for the x86 and ARM architectures. The vulnerability this time is called "branch history injection"; it has been deemed CVE-2022-0001 and CVE-2022-0002. Some information can be found in this Intel disclosure, this ARM advisory, and this VUSec page:

Branch History Injection (BHI or Spectre-BHB) is a new flavor of Spectre-v2 in that it can circumvent eIBRS and CSV2 to simplify cross-privilege mistraining. The hardware mitigations do prevent the unprivileged attacker from injecting predictor entries for the kernel. However, the predictor relies on a global history to select the target entries to speculatively execute. And the attacker can poison this history from userland to force the kernel to mispredict to more “interesting” kernel targets (i.e., gadgets) that leak data.

According to a documentation patch merged into the mainline, the only known way to exploit this problem is via unprivileged BPF.

According to this report on The Hacker News, there are a couple of recent Firefox vulnerabilities that are currently being exploited.

Tracked as CVE-2022-26485 and CVE-2022-26486, the zero-day flaws have been described as use-after-free issues impacting the Extensible Stylesheet Language Transformations (XSLT) parameter processing and the WebGPU inter-process communication (IPC) Framework.

Updating seems like a good idea.