lwn.net

Fuzz testing is the process of supplying a program with random inputs and watching to see what breaks; it has been responsible for the identification of vast numbers of bugs in recent years — and the fixing of many of them. Developers generally appreciate bug reports, but they can sometimes be a bit less enthusiastic about a flood of reports from automated fuzzing systems. A recent discussion around filesystem fuzzing highlighted two points of view on whether the current fuzz-testing activity is a good thing.

Security updates have been issued by Debian (gnutls28, libtirpc, postgresql-11, and samba), Fedora (microcode_ctl, wpebackend-fdo, and xen), Oracle (.NET 6.0, galera, mariadb, and mysql-selinux, and kernel), SUSE (dbus-1 and python-numpy), and Ubuntu (booth).

Version 1.63.0 of the Rust language has been released. Changes include the addition of scoped threads, a new ownership model for raw file descriptors, and the completion of the borrow-checker transition:

As detailed in this blog post, we've fully removed the previous lexical borrow checker from rustc across all editions, fully enabling the non-lexical, new, version of the borrow checker. Since the borrow checker doesn't affect the output of rustc, this won't change the behavior of any programs, but it completes a long-running migration (started in the initial stabilization of NLL for the 2018 edition) to deliver the full benefits of the new borrow checker across all editions of Rust. For most users, this change will bring slightly better diagnostics for some borrow checking errors, but will not otherwise impact which code they can write.

The Project Zero blog has posted a detailed look at CVE-2021-0920 in the first of a two-part series on how this bug created a vulnerability that was subsequently exploited.

Google's Threat Analysis Group (TAG) discovered Samsung browser exploit chains being used in the wild. TAG then performed root cause analysis and discovered that this vulnerability, CVE-2021-0920, was being used to escape the sandbox and elevate privileges. CVE-2021-0920 was reported to Linux/Android anonymously. The Google Android Security Team performed the full deep-dive analysis of the exploit.

This issue was initially discovered in 2016 by a RedHat kernel developer and disclosed in a public email thread, but the Linux kernel community did not patch the issue until it was re-reported in 2021.

We live in a 64-bit world, to the point that many distributors want to stop supporting 32-bit systems at all. However, lurking within our 64-bit kernels is a subsystem that has not really managed to move past 32-bit addresses. The quick merge-window failure of an attempt to use 64-bit addresses in the I/O memory-management unit (IOMMU) subsystem shows how hard it can be to leave all of one's 32-bit history behind.

Greg Kroah-Hartman has announced the release of the 5.19.1, 5.18.17, 5.15.60, 5.10.136, 5.4.210, and 4.19.255 stable kernels. They contain a fairly small set of important fixes; users should upgrade.

Security updates have been issued by Gentoo (aiohttp, faac, isync, motion, and nextcloud), Red Hat (.NET 6.0), SUSE (libnbd, oracleasm, python-codecov, rubygem-tzinfo, sssd, and thunderbird), and Ubuntu (http-parser, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi, linux-intel-iotg, linux-oem-5.14, linux-oem-5.17, and node-moment).

The LWN.net Weekly Edition for August 11, 2022 is available.

Offline computing and learning was something of a theme at GUADEC 2022 as there were multiple talks by people from the Endless OS Foundation, which targets that use case. Dylan McCall and Manuel Quiñones had a talk on day two about a switch that Endless has made over the last few years away from its home-rolled "knowledge apps" to apps based on the Kolibri learning platform. While Endless has its roots in GNOME, and Kolibri runs well in that environment, the switch will allow Endless to reach users who are not running a GNOME desktop.

Security updates have been issued by Debian (gst-plugins-good1.0), Fedora (firefox and ghostscript), Gentoo (consul, firefox, libass, libraw, lxml, mdbtools, pam_u2f, spice, and thunderbird), Oracle (kernel, kernel-container, and vim), Red Hat (galera, mariadb, and mysql-selinux, kernel, and kernel-rt), Scientific Linux (kernel), SUSE (bind, java-11-openjdk, kernel, mokutil, ncurses, and u-boot), and Ubuntu (epiphany-browser, libcdio, linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-lts-xenial, and linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle).

A tool to discover known security vulnerabilities in the Python packages installed on a system or required by a project, called pip-audit, was recently discussed on the Python discussion forum. The developers of pip-audit raised the idea of adding the functionality directly into the pip package installer, rather than keeping it as a separately installable tool. While the functionality provided by pip-audit was seen as a clear benefit to the ecosystem, moving it inside the pip "tent" was not as overwhelmingly popular. It is not obvious that auditing is part of the role that the package installer should play.

Security updates have been issued by Debian (gnutls28 and unzip), Fedora (dovecot and net-snmp), Red Hat (kernel-rt and vim), and Ubuntu (gst-plugins-good1.0).

The addition of the ublk driver during the 6.0 merge window would have been easy to miss; it was buried deeply within an io_uring pull request and is entirely devoid of any sort of documentation that might indicate why it merits a closer look. Ublk is intended to facilitate the implementation of high-performance block drivers in user space; to that end, it uses io_uring for its communication with the kernel. This driver is considered experimental for now; if it is successful, it might just be a harbinger of more significant changes to come to the kernel in the future.

Security updates have been issued by Debian (chromium, libtirpc, and xorg-server), Fedora (giflib, mingw-giflib, and teeworlds), Mageia (chromium-browser-stable, kernel, kernel-linus, mingw-giflib, osmo, python-m2crypto, and sqlite3), Oracle (httpd, php, vim, virt:ol and virt-devel:ol, and xorg-x11-server), SUSE (caddy, crash, dpkg, fwupd, python-M2Crypto, and trivy), and Ubuntu (gdk-pixbuf, libjpeg-turbo, and phpliteadmin).

As Jeff Mahoney notes in this message to the openSUSE factory list, the reiserfs filesystem has been unmaintained for years and lacks many of the features that users have come to expect. He has thus proposed removing reiserfs from openSUSE Tumbleweed immediately.

I recognize that there may be people out there with disks containing reiserfs file systems. If these are in active use, I would seriously encourage migrating to something actively maintained.

The merge window for the kernel that will probably be called "6.0" has gotten off to a strong start, with 6,820 non-merge changesets pulled into the mainline repository in the first few days. The work pulled so far makes changes all over the kernel tree; read on for a summary of what has happened in the first half of this merge window.

Security updates have been issued by CentOS (firefox, thunderbird, and xorg-x11-server), Debian (xorg-server), Gentoo (Babel, go, icingaweb2, lib3mf, and libmcpp), Oracle (389-ds:1.4, go-toolset:ol8, httpd, mariadb:10.5, microcode_ctl, and ruby:2.5), Red Hat (xorg-x11-server), Scientific Linux (xorg-x11-server), SUSE (buildah, go1.17, go1.18, harfbuzz, python-ujson, qpdf, u-boot, and wavpack), and Ubuntu (gnutls28, libxml2, mod-wsgi, openjdk-8, openjdk-8, openjdk-lts, openjdk-17, openjdk-18, and python-django).

The Register reports that GitLab is planning to start deleting repositories belonging to free accounts if they have been inactive for at least a year.

GitLab is aware of the potential for angry opposition to the plan, and will therefore give users weeks or months of warning before deleting their work. A single comment, commit, or new issue posted to a project during a 12-month period will be sufficient to keep the project alive.

The Linux Security Module (LSM) subsystem works by way of an extensive set of hooks placed strategically throughout the kernel. Any specific security module can attach to the hooks for the behavior it intends to govern and be consulted whenever a decision needs to be made. The placement of LSM hooks often comes with a bit of controversy; developers have been known to object to the performance cost of hooks in hot code paths, and sometimes there are misunderstandings over how integration with LSMs should be handled. The disagreement over a security hook for the creation of user namespaces, though, is based on a different sort of concern.

On his blog, Federico Mena Quintero posted a transcript of his recent talk at GUADEC 2022 on the technical debt in the GNOME accessibility infrastructure—and what he has been doing to help pay that down. He began the talk by describing the infrastructure and how it came about: Gnome-shell implements its own toolkit, St, which stands for "shell toolkit". It is made accessible by implementing the GObject interfaces in atk. To make a toolkit accessible means adding a way to extract information from it in a standard way; you don't want screen readers to have separate implementations for GTK, Qt, St, Firefox, etc. For every window, regardless of toolkit, you want to have a "list children" method. For every widget you want "get accessible name", so for a button it may tell you "OK button", and for an image it may tell you "thumbnail of file.jpg". For widgets that you can interact with, you want "list actions" and "run action X", so a button may present an "activate" action, and a check button may present a "toggle" action.

However, ATK is just abstract interfaces for the benefit of toolkits. We need a way to ship the information extracted from toolkits to assistive tech like screen readers. The atspi protocol is a set of DBus interfaces that an application must implement; atk-adaptor is an implementation of those DBus interfaces that works by calling atk's slightly different interfaces, which in turn are implemented by toolkits. Atk-adaptor also caches some things that it already asked to the toolkit, so it doesn't have to ask again unless the toolkit notifies about a change.

Does this seem like too much translation going on? It is! We will see the reasons behind that when we talk about how accessibility was implemented many years ago in GNOME.