Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 29 min ago

[$] 25 Years of Linux — so far

11 hours 1 min ago
On August 25, 1991, an obscure student in Finland named Linus Benedict Torvalds posted a message to the comp.os.minix Usenet newsgroup saying that he was working on a free operating system as a project to learn about the x86 architecture. He cannot possibly have known that he was launching a project that would change the computing industry in fundamental ways. Twenty-five years later, it is fair to say that none of us foresaw where Linux would go — a lesson that should be taken to heart when trying to imagine where it might go from here.

In Memory of Jonathan “avenj” Portnoy

11 hours 35 min ago
The Gentoo community is mourning the loss of Jonathan Portnoy. "Jon was an active member of the International Gentoo community, almost since its founding in 1999. He was still active until his last day. His passing has struck us deeply and with disbelief. We all remember him as a vivid and enjoyable person, easy to reach out to and energetic in all his endeavors."

Wednesday's security updates

12 hours 31 min ago

CentOS has updated kernel (C6: TCP injection).

Debian-LTS has updated libgcrypt11 (flawed random number generation).

Fedora has updated eog (F24: out-of-bounds write), kernel (F23: use-after-free), mariadb (F23: multiple vulnerabilities), mingw-lcms2 (F24: heap memory leak), postgresql (F23: multiple vulnerabilities), and python (F23: proxy injection).

openSUSE has updated libidn (Leap 42.1: multiple vulnerabilities) and kernel (13.2: multiple vulnerabilities).

Oracle has updated kernel (O6: TCP injection).

Red Hat has updated kernel (RHEL 7.1: multiple vulnerabilities; RHEL6: TCP injection) and qemu-kvm-rhev (RHOSP8: multiple vulnerabilities).

Scientific Linux has updated kernel (SL6: TCP injection).

Slackware has updated gnupg (flawed random number generation), kernel (14.2: TCP injection), and libgcrypt (flawed random number generation).

KDevelop 5.0 released

Wednesday 24th of August 2016 12:31:38 AM

Version 5.0.0 of the KDevelop integrated development environment (IDE) has been released, marking the end of a two-year development cycle. The highlight is a move to Clang for C and C++ support: "The most prominent change certainly is the move away from our own, custom C++ analysis engine. Instead, C and C++ code analysis is now performed by clang." The announcement goes on to describe other benefits of using Clang, such as more accurate diagnostics and suggested fixes for many syntax errors. KDevelop has also been ported to KDE Frameworks 5 and Qt 5, which opens up the possibility of Windows releases down the line.

Tuesday's security updates

Tuesday 23rd of August 2016 02:35:45 PM

Arch Linux has updated libgcrypt (information disclosure).

Fedora has updated kernel (F24: use-after-free vulnerability), pagure (F24: cross-site scripting), and postgresql (F24: multiple vulnerabilities).

Red Hat has updated qemu-kvm-rhev (RHEL7 OSP5; RHEL7 OSP7; RHEL6 OSP5; RHEL7 OSP6: multiple vulnerabilities).

SUSE has updated MozillaFirefox (SLE12: multiple vulnerabilities).

Android 7.0 "Nougat" released

Monday 22nd of August 2016 07:06:12 PM
Google has announced that the Android 7.0 release has started rolling out to recent-model Nexus devices. "It introduces a brand new JIT/AOT compiler to improve software performance, make app installs faster, and take up less storage. It also adds platform support for Vulkan, a low-overhead, cross-platform API for high-performance, 3D graphics. Multi-Window support lets users run two apps at the same time, and Direct Reply so users can reply directly to notifications without having to open the app. As always, Android is built with powerful layers of security and encryption to keep your private data private, so Nougat brings new features like File-based encryption, seamless updates, and Direct Boot." See this page for a video-heavy description of new features.

Stable kernels 4.7.2, 4.4.19, and 3.14.77

Monday 22nd of August 2016 01:27:03 PM
Greg Kroah-Hartman has announced the release of the 4.7.2, 4.4.19, and 3.14.77 stable kernels. As usual, they contain fixes throughout the tree and users of those series should upgrade.

Monday's security advisories

Monday 22nd of August 2016 01:22:28 PM

Arch Linux has updated linux-lts (connection hijacking).

CentOS has updated kernel (C7: connection hijacking).

Debian-LTS has updated cracklib2 (code execution) and suckless-tools (screen lock bypass).

Fedora has updated firewalld (F24: authentication bypass), glibc (F24: denial of service on armhfp), knot (F24; F23: denial of service), libgcrypt (F24: bad random number generation), and perl (F23: privilege escalation).

openSUSE has updated apache2-mod_fcgid (42.1, 13.2: proxy injection), gd (13.2: multiple vulnerabilities), iperf (SPHfSLE12; 42.1, 13.2: denial of service), pdns (42.1, 13.2: denial of service), python3 (42.1, 13.2: multiple vulnerabilities), roundcubemail (42.1; 13.2; 13.1: multiple vulnerabilities, two from 2015), and typo3-cms-4_7 (42.1, 13.2: three vulnerabilities from 2013 and 2014).

Scientific Linux has updated kernel (SL7: connection hijacking) and python (SL6&7: three vulnerabilities).

Kernel prepatch 4.8-rc3

Monday 22nd of August 2016 11:36:15 AM
The 4.8-rc3 kernel prepatch is out. "It all looks pretty sane, I'm not seeing anything hugely scary here."

Fedora 25 to run Wayland by default

Friday 19th of August 2016 06:46:45 PM
The Fedora engineering steering committee has agreed that the upcoming Fedora 25 release should use the Wayland display manager by default. "There are still some bugs that are important to solve. However, there is still time to work on them. And the legacy Xorg session option will not be removed, and will be clearly documented how to fallback in cases where users need it." If this plan holds, it may be an important step in the long-awaited move away from the X Window system.

kdenlive 16.08.0 released

Friday 19th of August 2016 05:56:16 PM
The kdenlive video editor project has announced the 16.08.0 release. "Kdenlive 16.08.0 marks a milestone in the project’s history bringing it a step closer to becoming a full-fledged professional tool." Highlights include three-point editing, pre-rendering of timeline effects, Krita image support, and more.

Friday's security updates

Friday 19th of August 2016 03:16:14 PM

CentOS has updated python (C7; C6: multiple vulnerabilities).

Fedora has updated ca-certificates (F24: update to CA certificates) and spice (F23: multiple vulnerabilities).

Oracle has updated kernel (O7: TCP injection) and python (O7; O6: multiple vulnerabilities).

Red Hat has updated kernel (RHEL7; RHEL6: TCP injection), kernel-rt (RHEL7: TCP injection), python (RHEL 6,7: multiple vulnerabilities), python27-python (RHSC: multiple vulnerabilities), python33-python (RHSC: multiple vulnerabilities), realtime-kernel (RHEM2.5: TCP injection), rh-mariadb101-mariadb (RHSC: multiple vulnerabilities), rh-python34-python (RHSC: multiple vulnerabilities), and rh-python35-python (RHSC: multiple vulnerabilities).

SUSE has updated the Linux Kernel (SLE12: multiple vulnerabilities) and xen (SLE11: multiple vulnerabilities).

Ubuntu has updated gnupg (12.04, 14.04, 16.04: flawed random-number generation), libgcrypt11, libgcrypt20 (12.04, 14.04, 16.06: flawed random-number generation), and postgresql-9.1, postgresql-9.3, postgresql-9.5 (12.04, 14.04, 16.04: multiple vulnerabilities).

Microsoft announces PowerShell for Linux and Open Source

Thursday 18th of August 2016 10:35:42 PM
Microsoft has announced the release of its PowerShell automation and scripting platform under the MIT license, complete with a GitHub repository. "Last year we started down this path by contributing to a number of open source projects (e.g. OpenSSH) and open sourcing a number of our own components including DSC resources. We learned that working closely with the community, in the code and with our backlog and issues list, allowed us prioritize and drive the development much more responsively. We’ve always worked with the community but shifting to a fine-grain, tight, feedback loop with the code, energized the team and allowed us to focus on the things that had the most impact for our customers and partners. Now we are going big by making PowerShell itself an open source project and making it available on Mac OS X, Ubuntu, CentOS/RedHat and others in the future."

Xenomai project mourns Gilles Chanteperdrix

Thursday 18th of August 2016 07:47:46 PM
The Xenomai project is mourning Gilles Chanteperdrix, a longtime maintainer of the realtime framework, who recently passed away. In the announcement, Philippe Gerum writes: "Gilles will forever be remembered as a true-hearted man, a brilliant mind always scratching beneath the surface, looking for elegance in the driest topics, never jaded from such accomplishment. According to Paul Valéry, “death is a trick played by the inconceivable on the conceivable”. Gilles’s absence is inconceivable to me, I can only assume that for once, he just got rest from tirelessly helping all of us."

Security against Election Hacking (Freedom to Tinker)

Thursday 18th of August 2016 07:01:08 PM
Over at the Freedom to Tinker blog, Andrew Appel has a two-part series on security attacks and defenses for the upcoming elections in the US (though some of it will obviously be applicable elsewhere too). Part 1 looks at the voting and counting process with an eye toward ways to verify what the computers involved are reporting, but doing so without using the computers themselves (having and verifying the audit trail, essentially). Part 2 looks at the so-called cyberdefense teams and how their efforts are actually harming all of our security (voting and otherwise) by hoarding bugs rather than reporting them to get them fixed.

With optical-scan voting, the voter fills in the bubbles next to the names of her selected candidates on paper ballot; then she feeds the op-scan ballot into the optical-scan computer. The computer counts the vote, and the paper ballot is kept in a sealed ballot box. The computer could be hacked, in which case (when the polls close) the voting-machine lies about how many votes were cast for each candidate. But we can recount the physical pieces of paper marked by the voter’s own hands; that recount doesn’t rely on any computer. Instead of doing a full recount of every precinct in the state, we can spot-check just a few ballot boxes to make sure they 100% agree with the op-scan computers’ totals.

Problem: What if it’s not an optical-scan computer, what if it’s a paperless touchscreen (“DRE, Direct-Recording Electronic) voting computer? Then whatever numbers the voting computer says, at the close of the polls, are completely under the control of the computer program in there. If the computer is hacked, then the hacker gets to decide what numbers are reported. There are no paper ballots to audit or recount. All DRE (paperless touchscreen) voting computers are susceptible to this kind of hacking. This is our biggest problem.

Thursday's security advisories

Thursday 18th of August 2016 03:39:58 PM

Arch Linux has updated chromium (multiple vulnerabilities) and linux-zen (connection hijacking).

Debian has updated gnupg (flawed random number generation) and libgcrypt20 (flawed random number generation).

Debian-LTS has updated libupnp (arbitrary file overwrite).

Fedora has updated bind (F23: denial of service), fontconfig (F23: privilege escalation), and python3 (F23: proxy injection).

SUSE has updated xen (SLE12: multiple vulnerabilities, one from 2014) and yast2-ntp-client (SLE10: multiple vulnerabilities, most from 2015).

Ubuntu has updated fontconfig (16.04, 14.04, 12.04: privilege escalation).

[$] LWN.net Weekly Edition for August 18, 2016

Thursday 18th of August 2016 12:16:34 AM
The LWN.net Weekly Edition for August 18, 2016 is available.

[$] Bus1: a new Linux interprocess communication proposal

Wednesday 17th of August 2016 07:44:33 PM
Anyone who has been paying attention to Linux kernel development in recent years would be aware that IPC — interprocess communication — is not a solved problem. There are certainly many partial solutions, from pipes and signals, through sockets and shared memory, to more special-purpose solutions like Cross Memory Attach and Android's binder. But it seems there are still some use cases that aren't fully addressed by current solutions, leading to new solutions being occasionally proposed to try to meet those needs. The latest proposal is called "bus1".

Security updates for Wednesday

Wednesday 17th of August 2016 04:02:33 PM

Fedora has updated curl (F23: three vulnerabilities), drupal7-theme-zen (F24; F23: cross-site scripting), mingw-libarchive (F24: code execution), mingw-xz (F24: code execution), pulp (F24: two vulnerabilities), pulp-docker (F24: two vulnerabilities), pulp-ostree (F24: two vulnerabilities), pulp-puppet (F24: two vulnerabilities), pulp-python (F24: two vulnerabilities), and pulp-rpm (F24: two vulnerabilities).

Red Hat has updated kernel (RHEL6.2: privilege escalation).

Scientific Linux has updated mariadb (SL7: multiple unspecified vulnerabilities), php (SL7: proxy injection), and qemu-kvm (SL7: two vulnerabilities).

SUSE has updated squid3 (SLE11-SP4: multiple vulnerabilities).

Ubuntu has updated openjdk-7 (14.04: multiple vulnerabilities).

Stable kernel updates

Tuesday 16th of August 2016 09:28:00 PM
Stable kernels 4.7.1, 4.6.7, 4.4.18, and 3.14.76 have been released. All contain important fixes. This is the last 4.6.y kernel, users should upgrade to 4.7.1 now.

More in Tux Machines

PuppEX Linux Live CD Now Based on Puppy Xenial, Compatible with Ubuntu 16.04 LTS

Arne Exton informs us about the availability of a new stable build of its Puppy-derived PuppEX Linux Live CD distribution, version 160822, which is now using the latest kernel and software applications. Read more

KDevelop 5.0 Open-Source IDE Officially Released with New C/C++ Language Support

After being in development for the past two years, the open-source KDevelop IDE (Integrated Development Environment) software has finally reached the 5.0 milestone. Read more

Open source drone controller has an FPGA-enhanced brain

Aerotenna has launched an open source, $499 “OcPoc” drone flight controller that runs Linux on an Altera Cyclone V ARM/FPGA SoC. Lawrence, Kansas based Aerotenna, which bills itself as “the leading provider of innovative microwave sensors and flight control systems,” describes OcPoC (Octagonal Pilot on Chip) as a ready-to-fly, open source flight control platform. The system integrates an IMU, barometer, GPS, and a CSI-camera interface. Read more

Linux Kernel 3.16.37 LTS Is a Massive Update with Tons of Networking Changes

Immediately after announcing the release of Linux kernel 3.2.82 LTS, maintainer Ben Hutchings proudly informed the community about the availability of the thirty-seventh maintenance update to the Linux 3.16 LTS kernel series. Read more