Hírolvasó

In mid-December, Thorsten Behrens, a board member for the Document Foundation (TDF), posted a seemingly simple proposal for an "attic" that would become the home of abandoned projects. No specific projects were named as the first intended residents of the attic, but the proposal clearly related to the LibreOffice Online (LOOL) project. The following discussion made it clear that the unhappiness around LOOL has yet to fade away, and that the Foundation still has some work to do when it comes to defining its relationship with its corporate members.

Security updates have been issued by CentOS (polkit), Debian (uriparser), Fedora (cryptsetup, flatpak, flatpak-builder, and polkit), Gentoo (polkit), Mageia (virtualbox), Red Hat (httpd24-httpd, httpd:2.4, and parfait:0.5), SUSE (clamav, log4j, python-numpy, and strongswan), and Ubuntu (vim).

The LWN.net Weekly Edition for January 27, 2022 is available.

Back in May, we looked at a Google proposal to replace third-party cookies with something called the "Federated Learning of Cohorts" (FLoC). Third-party cookies were once used to track users all over the web so that advertisers could, supposedly, target their ads better, but, of the major browsers, only Google's Chrome browser fails to block them today. Google took a fair amount of flak for FLoC, since it was not perceived to be much of a win for users' privacy—and was mostly a sop to the (Google-dominated) web-advertising industry. Now the company is back with a different proposal that could, eventually, replace third-party cookies in Chrome: Topics.

Crystal Kolipe has done a four partmulti-part write up about getting OpenBSD running on a PinePhone here:
https://www.exoticsilicon.com/crystal/pinephone_openbsd/part_1

As mentioned in the piece, this comes with a bit of a warning:

The information presented on these pages is NOT intended to be followed as a guide to installing OpenBSD on your own Pinephone device, and must not be used for this purpose.

Unlike most SBCs, the Pinephone contains a rechargeable battery intended to power the device. Correct configuration of the charging circuits, including various safety features such as thermal protection will not be enabled by the current OpenBSD kernel as of the time of writing.

Nonetheless, it seems promising! Not that this particular undeadly editor actually has a PinePhone to test such things with personally.

Update: We were notified that the wrong author was attributed, so have corrected the article to show the write up is from Crystal Kolipe

Security updates have been issued by CentOS (httpd), Debian (libxfont, lrzsz, nss, openjdk-17, policykit-1, webkit2gtk, and wpewebkit), Mageia (polkit), openSUSE (expat, json-c, kernel, polkit, qemu, rust1.55, rust1.57, thunderbird, unbound, and webkit2gtk3), Oracle (httpd:2.4, java-11-openjdk, and polkit), Red Hat (httpd:2.4, OpenShift Container Platform 3.11.570, polkit, and Red Hat OpenStack Platform 16.1 (etcd)), Scientific Linux (polkit), Slackware (polkit), SUSE (aide, expat, firefox, json-c, kernel, polkit, qemu, rust, rust1.55, rust1.57, thunderbird, unbound, and webkit2gtk3), and Ubuntu (policykit-1 and xorg-server).

A few weeks back, we looked at a proposal to add an integrity-management feature to Fedora. One of the selling points was that the integrity checking could be done using the PGP signatures that are already embedded into the RPM package files that Fedora uses. But the kernel needs to be able to verify PGP signatures in order for the Fedora feature to work. That addition to the kernel has been proposed, but some in the kernel-development community seem less than completely enthusiastic about bringing PGP support into the kernel itself.

Qualys has announced the disclosure of a local-root vulnerability in Polkit. They are calling it "PwnKit" and have even provided a proof-of-concept video.

Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. Other Linux distributions are likely vulnerable and probably exploitable. This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009.

Updates from distributors are already rolling out.

Version 2.35.0 of the Git source-code management system has been released. There are a lot of changes, as usual; see the announcement and this GitHub blog entry for details.

Security updates have been issued by CentOS (java-11-openjdk), Debian (aide, apr, ipython, openjdk-11, qt4-x11, and strongswan), Fedora (binaryen and rust), Mageia (expat, htmldoc, libreswan, mysql-connector-c++, phpmyadmin, python-celery, python-numpy, and webkit2), openSUSE (kernel and virtualbox), Red Hat (etcd, libreswan, nodejs:14, OpenJDK 11.0.14, OpenJDK 17.0.2, and rpm), Slackware (expat), SUSE (java-1_7_1-ibm, kernel, and zxing-cpp), and Ubuntu (strongswan).

Linus Torvalds released 5.17-rc1 and closed the 5.17 merge window on January 23 after having pulled just over 11,000 non-merge changesets into the mainline repository. A little over 4,000 of those changesets arrived after our first-half merge-window summary was written. Activity thus slowed down, as expected, in the second half of the merge window, but there still a number of significant changes that made it in for the next kernel release.

The netfilter project, which works on packet-filtering for the Linux kernel, has announced that it has reached a settlement (English translation) with Patrick McHardy that is "legally binding and it governs any legal enforcement activities" on netfilter programs and libraries as well as the kernel itself. McHardy has been employing questionable practices in doing GPL enforcement in Germany over the last six years or more. The practice has been called "copyright trolling" by some and is part of what led to the creation of The Principles of Community-Oriented GPL Enforcement. This settlement establishes that any decision-making around netfilter-related enforcement activities should be based on a majority vote. Thus, each active coreteam member at the time of the enforcement request holds one right to vote. This settlement covers past and new enforcement, as well as the enforcement of contractual penalties related to past declarations to cease-and-desist.

Security updates have been issued by Debian (chromium, golang-1.7, golang-1.8, pillow, qtsvg-opensource-src, util-linux, and wordpress), Fedora (expat, harfbuzz, kernel, qt5-qtsvg, vim, webkit2gtk3, and zabbix), Mageia (glibc, kernel, and kernel-linus), openSUSE (bind, chromium, and zxing-cpp), Oracle (kernel), Red Hat (java-11-openjdk and kpatch-patch), Scientific Linux (java-11-openjdk), SUSE (bind, clamav, zsh, and zxing-cpp), and Ubuntu (aide, dbus, and thunderbird).

Ariadne Conill writes about the FSF's policy toward proprietary firmware and, specifically, the rules for "Respects Your Freedom" certification.

Purism was able to accomplish this by making the Librem 5 have not one, but two processors: when the phone first boots, it uses a secondary CPU as a service processor, which loads all of the relevant blobs (such as those required to initialize the DDR4 memory) before starting the main CPU and shutting itself off. In this way, they could have all the blobs they needed to use, without having to worry about them being user visible from PureOS. Under the policy, that left them free and clear for certification.

This is not a new story; see Papering over a binary blob from 2011, for example.

The first 5.17 kernel prepatch is out for testing, and the merge window is closed for this release.

5.17 doesn't seem to be slated to be a huge release, and everything looks fairly normal. We've got a bit more activity than usual in a couple of corners of the kernel (random number generator and the fscache rewrite stand out), but even with those things, the big picture view looks very much normal: the bulk is various driver updates, with architectures updates, documentation, and tooling being the bulk of the rest.

One of your editor's long-time hobbies is photography; it is an activity that can be rewarding even with the lack of any particular talent — a useful attribute. Photography has changed greatly over the years; as a result, those hard-earned darkroom skills are of little use, and photo processing has become yet another software problem. This is a field that supports a lot of proprietary software, but there is also no shortage of free software available. The time has come to combine work and pleasure and catch up with the state of free software for photography, starting with the darktable raw photo editor.

Anybody who upgraded to the recent Rust 1.58.0 release will probably want to move on to Rust 1.58.1; among other things it contains a fix for a security vulnerability in the standard library. "We recommend all users to update their toolchain immediately and rebuild their programs with the updated compiler".

Security updates have been issued by Debian (aide, flatpak, kernel, libspf2, and usbview), Fedora (kernel, libreswan, nodejs, texlive-base, and wireshark), openSUSE (aide, cryptsetup, grafana, permissions, rust1.56, and stb), SUSE (aide, apache2, cryptsetup, grafana, permissions, rust1.56, and webkit2gtk3), and Ubuntu (aide, thunderbird, and usbview).

Planning for the 2022 Linux Plumbers Conference is well underway. The hope is to be in Dublin co-located with OSS EU (although with hopefully non-overlapping dates). However, the Linux Foundation is still negotiating for a suitable venue so we can’t fully confirm the location yet.

There is an outside (and hopefully receding) chance that we may have to go back to being fully on-line this year, but if that happens, we’ll be sure to alert you through the usual channels of this blog and twitter.

The kernel community is a busy place, so it is not even remotely possible to write full-length articles about everything that is going on. Other topics may be of interest, but not require a longer treatment. The answer is a collection of short topics covering developments that are on the radar; the selection this time around includes folios, the multi-generational LRU, and Rust in the kernel.