lwn.net

Stable kernels 5.11.9, 5.4.108, 4.19.183, 4.14.227, 4.9.263, and 4.4.263 have been released. They all contain important fixes and users should upgrade.

Security updates have been issued by Debian (imagemagick and squid), Fedora (jasper and kernel), Red Hat (pki-core), SUSE (gnutls, go1.15, go1.16, hawk2, jetty-minimal, libass, nghttp2, openssl, ruby2.5, sudo, and wavpack), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.3, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-kvm, linux-oem-5.10, linux-oem-5.6, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-raspi2-5.3).

Firefox 87 has been released. This version introduces SmartBlock, "a new intelligent tracker blocking mechanism for Firefox Private Browsing and Strict Mode."

Firefox ESR 78.9 has also been released with the usual set of fixes.

Security updates have been issued by Debian (dnsmasq, libmediainfo, and mariadb-10.1), Fedora (dotnet5.0, moodle, and radare2), Mageia (kernel and kernel-linus), Oracle (python27:2.7, python36:3.6, and python38:3.8), Red Hat (pki-core:10.6), and Ubuntu (privoxy).

The kernel's memory-management subsystem is built upon many concepts, one of which is called "copy on write", or "COW". The idea behind COW is conceptually simple, but its details are tricky and its past is troublesome. Any change to its implementation can have unexpected consequences and cause subtle breakage for existing workloads. So it is somewhat surprising that last year we saw two major changes the kernel's COW code; less surprising is the fact that, both times, these changes had unexpected consequences and broke things. Some of the resulting problems are still not fixed today, almost ten months after the first change, while the original reason for the changes — a security vulnerability — is also not fully fixed. Read on for a description of COW, the vulnerability, and the initial fix; the concluding article in the series will describe the complications that arose thereafter.

Security updates have been issued by Arch Linux (chromium, ffmpeg, flatpak, git, gnutls, minio, openssh, opera, and wireshark-qt), Debian (cloud-init, pygments, and xterm), Fedora (flatpak, glib2, kernel, kernel-headers, kernel-tools, pki-core, and upx), Mageia (glibc, htmlunit, koji, and python-cairosvg), openSUSE (chromium, connman, froxlor, grub2, libmysofa, netty, privoxy, python-markdown2, tor, and velocity), Oracle (ipa), SUSE (evolution-data-server, glib2, openssl, python3, python36, and wavpack), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon, linux-oem-5.10, and pygments).

At the LibrePlanet conference over the weekend, Richard Stallman announced that he has returned to the Free Software Foundation's board of directors. Video of the announcement is available, but there is little information beyond that.

The fourth 5.12 kernel prepatch is out for testing. "So I'll just tempt the fates and say that everything looks pretty normal and this release seems to look good despite the rc1 hiccup."

The Free Software Foundation has announced the recipients of its 2021 Free Software Awards. Alyssa Rosenzweig received the award for outstanding new free-software contributor, the CiviCRM project won the award for social benefit, and Bradley Kuhn received the award for the advancement of free software.

The 5.11.8, 5.10.25, 5.4.107, and 4.19.182 stable kernels have been released; each contains another set of important fixes.

Last week's installment in this series on lockless patterns took a first look at the compare-and-swap (CAS) operation. CAS is a powerful tool that can be used to implement a number of lockless primitives. The next step is to look at other atomic read-modify-write operations that can be implemented on top of compare-and-swap.

Followers of the linux-next integration tree may have noticed a significant addition: initial support for writing device drivers in the Rust language. There is some documentation in Documentation/rust, while the code itself is in the rust top-level directory. Appearance in linux-next generally implies readiness for the upcoming merge window, but it is not clear if that is the case here; this code has not seen a lot of wider review yet. It is, regardless, an important step toward the ability to write drivers in a safer language.

Security updates have been issued by CentOS (kernel and pki-core), Debian (shibboleth-sp, shibboleth-sp2, and squid3), openSUSE (libmysofa and privoxy), Oracle (bind), and Ubuntu (ruby2.3, ruby2.5, ruby2.7).

Memory management generally works at the level of pages, which typically contain 4,096 bytes but may be larger. The kernel, though, has extended the concept of pages to include compound pages, which are groups of contiguous single pages. That, in turn, has made the definition of what a "page" is a bit fuzzy. Matthew Wilcox has been working since last year on a concept called "page folios" which is meant to bring the picture back into focus; whether the memory-management community will accept it remains unclear, though.

Security updates have been issued by Debian (velocity-tools), Fedora (switchboard-plug-bluetooth), Mageia (discover, flatpak, and xmlgraphics-commons), openSUSE (chromium and python), Oracle (kernel, kernel-container, and pki-core), Red Hat (openvswitch2.11 and ovn2.11, python-django, qemu-kvm-rhev, and rubygem-em-http-request), and SUSE (crmsh, openssl1, and php53).

The LWN.net Weekly Edition for March 18, 2021 is available.

A number of different attacks against Linux systems rely on brute-force techniques using the fork() system call, so a new Linux security module (LSM), called "Brute", has been created to detect and thwart such attacks. Repeated fork() calls can be used for various types of attacks, such as exploiting the Stack Clash vulnerability or Heartbleed-style flaws. Version 6 of the Brute patch set was recently posted and looks like it might be heading toward the mainline.

Stable kernels 5.11.7, 5.10.24, 5.4.106, 4.19.181, 4.14.226, 4.9.262, and 4.4.262 have been released. There are important fixes throughout the tree and users should upgrade.

Open-source projects have many non-technical needs as they grow. But, running a FOSS non-profit organization for supporting these projects is a lot of work, as anyone involved in such an organization will attest. These days, some software platforms, such as LFX from the Linux Foundation and Open Collective, are in development to provide important services, such as crowdfunding, to projects and other organizations. These platforms have the potential to improve both the quality and range of services available to projects.

Security updates have been issued by Debian (shadow, tor, and velocity), Fedora (gsoap, qt5-qtsvg, and switchboard-plug-bluetooth), Mageia (batik, chromium-browser-stable, glibc, ksh, and microcode), openSUSE (389-ds, connman, freeradius-server, froxlor, openssl-1_0_0, openssl-1_1, postgresql12, and python-markdown2), Red Hat (bind, curl, kernel, nss and nss-softokn, perl, python, and tomcat), Scientific Linux (ipa, kernel, and pki-core), SUSE (glib2 and velocity), and Ubuntu (containerd).