Brief items
Security
A remotely exploitable OpenSSL/LibreSSL vulnerability
The OpenSSL project has disclosed a vulnerability wherein an attacker presenting a malicious certificate can cause the execution of an infinite loop. It is thus a denial-of-service vulnerability for any application — server or client — that handles certificates from untrusted sources. The OpenSSL 3.0.2 and 1.1.1n releases contain fixes for the problem. This advisory makes it clear that LibreSSL, too, suffers from this vulnerability; updated releases are available there too.
Kernel development
Kernel release status
The current development kernel is 5.17-rc8, released on March 13. Linus said:
Last week was somewhat messy, mostly because of embargoed patches we had pending with another variation of spectre attacks. And while the patches were mostly fine, we had the usual "because it was hidden, all our normal testing automation didn't see it either".And once the automation sees things, it tests all the insane combinations that people don't tend to actually use or test in any normal case, and so there was a (small) flurry of fixes for the fixes.
None of this was really surprising, but I naïvely thought I'd be able to do the final release this weekend anyway.
And honestly, I considered it. I don't think we really have any pending issues that would hold up a release, but on the other hand we also really don't have any reason _not_ to give it another week with all the proper automated testing. So that's what I'm doing, and as a result we have an -rc8 release today instead of doing a final 5.17.
Stable updates: 5.16.14, 5.15.28, 5.10.105, 5.4.184, 4.19.234, 4.14.271, and 4.9.306 were released on March 11, followed by 5.16.15, 5.15.29, 5.10.106, 5.4.185, 4.19.235, 4.14.272, and 4.9.307 on March 16.
Improving the reliability of file system monitoring tools (Collabora blog)
Gabriel Krisman Bertazi describes the new FAN_FS_ERROR event type added to the fanotify mechanism in 5.16.
This is why we worked on a new mechanism for closely monitoring volumes and notifying recovery tools and sysadmins in real-time that an error occurred. The feature, merged in kernel 5.16, won't prevent failures from happening, but will help reduce the effects of such errors by guaranteeing any listener application receives the message. A monitoring application can then reliably report it to system administrators and forward the detailed error information to whomever is unlucky enough to be tasked with fixing it.
Quotes of the week
It's a GCC warning...— Dan CarpenterPeople accept such absolute garbage from GCC. It's like in Africa when you get bitten by a snake they rub cow dung into the wound. If it hurts it must be good.
It's very hard to express how fair queuing works, also, correctly, in the context of this talk. There are quite a few other networking concepts that I hope could be explained in this way, the difficulties with doing full duplex wireless using a water balloon to splatter the receiver was originally part of the act but I cut it in deference to the hotel staff!— Dave Täht
Distributions
Candidates for the 2022 Debian project leader election
Debian's annual ritual of electing a project leader is underway. There are three candidates this time: Felix Lechner, Hideki Yamane, and incumbent Jonathan Carter. Platforms for the candidates are being placed on this page as they become available.Distributions quote of the week
It is really hard for packagers to know what curl features that are used and not used. There simply is no way to find out, besides shipping a version and listening the screams of users in pain when things break. It will also force them into line-drawing decisions such as “only N users seem to use feature Z so let’s keep that in the full package” and figuring out the N number is a fuzzy estimate at best.— Daniel Stenberg
Development
gcobol: a native COBOL compiler
The gcobol project has announced its existence; it is a compiler for the COBOL language currently implemented as a fork of GCC.
There's another answer to Why: because a free Cobol compiler is an essential component to any effort to migrate mainframe applications to what mainframe folks still call "distributed systems". Our goal is a Cobol compiler that will compile mainframe applications on Linux. Not a toy: a full-blooded replacement that solves problems. One that runs fast and whose output runs fast, and has native gdb support.
The developers hope to merge back into GCC after the project has advanced further.
An OpenStreetMap viewer for Emacs
![[OSM in Emacs]](https://static.lwn.net/images/2022/osm-emacs-sm.png)
For those who do everything in the Emacs editor: the ELPA repository has
just gained an OpenStreetMap viewer. A quick test (example shown on the
right) suggests that it works reasonably well; click below for the details.
Miscellaneous
Red Hat fails to take WeMakeFedora.org
Red Hat recently filed a request to have the domain name WeMakeFedora.org transferred from its current owner, Daniel Pocock, alleging trademark violations, bad faith, and more. The judgment that came back will not have been to the company's liking:
The Panel finds that Respondent is operating a genuine, noncommercial website from a domain name that contains an appendage ("we make") that, as noted in the Response, is clearly an identifier of contributors to Complainant’s website. In registering the domain name using an appendage that identifies Complainant’s contributors, Respondent is not attempting to impersonate Complainant nor misleadingly to divert Internet users. Rather, Respondent is using the FEDORA mark in the domain name to identify Complainant for the purpose of operating a website that contains some criticism of Complainant. Such use is generally described as "fair use" of a trademark.
The judgment concludes with a statement that this action was an abuse of the process.
Page editor: Jake Edge
Next page:
Announcements>>