Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 35 min ago

PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 released

Thursday 8th of November 2018 03:36:39 PM
There is a whole new set of PostgreSQL releases out there, the main purpose of which is to include an important security fix. "Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs `pg_upgrade` on the database or during a pg_dump dump/restore cycle. This attack requires a `CREATE` privilege on some non-temporary schema or a `TRIGGER` privilege on a table. This is exploitable in the default PostgreSQL configuration, where all users have `CREATE` privilege on `public` schema." Note that this is the final update for the 9.3 series; users on that version should be planning an upgrade in the near future.

Security updates for Thursday

Thursday 8th of November 2018 02:47:47 PM
Security updates have been issued by CentOS (python-paramiko and thunderbird), Debian (firefox-esr, libdatetime-timezone-perl, and mariadb-10.0), Fedora (curl, NetworkManager, and xorg-x11-server), openSUSE (kernel), Oracle (java-1.7.0-openjdk, python-paramiko, thunderbird, and xorg-x11-server), Red Hat (java-11-openjdk and spice-server), SUSE (firefox, kernel, and SDL_image), and Ubuntu (nginx).

[$] LWN.net Weekly Edition for November 8, 2018

Thursday 8th of November 2018 12:34:45 AM
The LWN.net Weekly Edition for November 8, 2018 is available.

[$] A "joke" in the glibc manual

Wednesday 7th of November 2018 09:28:16 PM

A "joke" in the glibc manual—targeting a topic that is, at best, sensitive—has come up for discussion on the glibc-alpha mailing list again. When we looked at the controversy in May, Richard Stallman had put his foot down and a patch removing the joke—though opinions of its amusement value vary—was reverted. Shortly after that article was published, a "cool down period" was requested (and honored), but that time has expired. Other developments in the GNU project have given some reason to believe that the time is ripe to finally purge the joke, but that may not work out any better than the last attempt.

[$] Limiting the power of package installation in Debian

Wednesday 7th of November 2018 05:19:34 PM

There is always at least a small risk when installing a package for a distribution. By its very nature, package installation is an invasive process; some packages require the ability to make radical changes to the system—changes that users surely would not want other packages to take advantage of. Packages that are made available by distributions are vetted for problems of this sort, though, of course, mistakes can be made. Third-party packages are an even bigger potential problem because they lack this vetting, as was discussed in early October on the debian-devel mailing list. Solutions in this area are not particularly easy, however.

Security updates for Wednesday

Wednesday 7th of November 2018 03:42:14 PM
Security updates have been issued by Arch Linux (ghostscript), Debian (curl), Fedora (curl, thunderbird, and zchunk), openSUSE (thunderbird), Oracle (389-ds-base, binutils, curl and nss-pem, glusterfs, gnutls, jasper, kernel, krb5, libcdio, libkdcraw, libmspack, libvirt, openssl, ovmf, python, samba, setup, sssd, wget, wpa_supplicant, xerces-c, zsh, and zziplib), Red Hat (xerces-c), SUSE (libarchive and systemd), and Ubuntu (ppp and spamassassin).

[$] Zinc: a new kernel cryptography API

Tuesday 6th of November 2018 04:26:24 PM

We looked at the WireGuard virtual private network (VPN) back in August and noted that it is built on top of a new cryptographic API being developed for the kernel, which is called Zinc. There has been some controversy about Zinc and why a brand new API was needed when the kernel already has an extensive crypto API. A recent talk by lead WireGuard developer Jason Donenfeld at Kernel Recipes 2018 would appear to be a serious attempt to reach out, engage with that question, and explain the what, how, and why of Zinc.

Security updates for Tuesday

Tuesday 6th of November 2018 04:18:54 PM
Security updates have been issued by Debian (glusterfs, gthumb, and mysql-5.5), Red Hat (389-ds-base, kernel, and xerces-c), Slackware (mariadb), SUSE (accountsservice, curl, icinga, kernel, and opensc), and Ubuntu (libxkbcommon, openssh, and ruby1.9.1, ruby2.0, ruby2.3, ruby2.5).

[$] 4.20 Merge window part 2

Monday 5th of November 2018 05:00:58 PM
At the end of the 4.20 merge window, 12,125 non-merge changesets had been pulled into the mainline kernel repository; 6,390 came in since last week's summary was written. As is often the case, the latter part of the merge window contained a larger portion of cleanups and fixes, but there were a number of new features in the mix as well.

Stable kernel updates

Monday 5th of November 2018 03:57:28 PM
Stable kernels 4.19.1, 4.18.17, and 4.14.79 have been released. As usual, there are important fixes and users should upgrade.

Security updates for Monday

Monday 5th of November 2018 03:51:07 PM
Security updates have been issued by Debian (curl, icecast2, mupdf, and ruby2.3), Fedora (lldpad, NetworkManager, python-django, roundcubemail, thunderbird, webkit2gtk3, xen, and xorg-x11-server), Mageia (axis, cimg, gmic, dnsmasq, gitolite, gnutls, java-1.8.0-openjdk, lighttpd, mbedtls, mediawiki, perl-Dancer2, python-cryptography, and virtualbox), Red Hat (openvswitch, Red Hat Virtualization, and thunderbird), SUSE (curl, ffmpeg, and soundtouch), and Ubuntu (network-manager and systemd).

Kernel prepatch 4.20-rc1

Monday 5th of November 2018 01:35:22 PM
Linus has released 4.20-rc1 and closed the merge window for this development cycle. "So I did debate calling it 5.0, but if we all help each other, I'm sure we can count to 20. It's a nice round number, and I didn't want to make a pattern of it. I think 5.0 happens next year, because then I *really* run out of fingers and toes."

[$] SpamAssassin is back

Friday 2nd of November 2018 09:35:04 PM
The SpamAssassin 3.4.2 release was the first from that project in well over three years. At the 2018 Open Source Summit Europe, Giovanni Bechis talked about that release and those that will be coming in the near future. It would seem that, after an extended period of quiet, the SpamAssassin project is back and has rededicated itself to the task of keeping junk out of our inboxes.

Duffy: Intro to UX design for the ChRIS Project – Part 1

Friday 2nd of November 2018 09:00:49 PM
On her blog, Máirín Duffy writes about her experiences helping design the "user experience" (UX) for the ChRIS project, which is an open-source effort aimed at medical imagery processing and distribution for hospitals and other facilities. "One of the driving reasons for ChRIS’ creation was to allow for hospitals to own and control their own data without needing to give it up to the industry. How do you apply the latest cloud-based rapid data processing technology without giving your data to one of the big cloud companies? ChRIS has been built to interface with cloud providers such as the Massachusetts Open Cloud that have consortium-based data governance that allow for users to control their own data. I want to emphasize the cloud-based computing piece here because it’s important – ChRIS allows you [to] run image processing tools at scale in the cloud, so elaborate image processing that typically days, weeks, or months to complete could be completed in minutes. For a patient, this could enable a huge positive shift in their care – rather than have to wait for days to get back results of an imaging procedure (like an MRI), they could be consulted by their doctor and make decisions about their care that day."

Security updates for Friday

Friday 2nd of November 2018 02:18:41 PM
Security updates have been issued by Arch Linux (kernel and linux-lts), Debian (chromium-browser and mono), Oracle (firefox), and Ubuntu (curl).

[$] Protecting the open-source license commons

Thursday 1st of November 2018 07:52:09 PM
Richard Fontana has a long history working with open-source licenses in commercial environments. He came to the 2018 Open Source Summit Europe with a talk that, he said, had never before been presented outside of "secret assemblies of lawyers"; it gave an interesting view of licenses as resources that are shared within the community and the risks that this shared nature may present. While our licenses have many good properties, including a de facto standardization role, those properties come with some unique and increasing risks when it comes to litigation.

Introducing Zink, an OpenGL implementation on top of Vulkan (Collabora blog)

Thursday 1st of November 2018 05:55:33 PM
Over at the Collabora blog, Erik Faye-Lund writes about Zink, which is an effort to create an OpenGL driver on top of Vulkan that he has been working on with Dave Airlie. "One problem is that OpenGL is a big API with a lot of legacy stuff that has accumulated since its initial release in 1992. OpenGL is well-established as a requirement for applications and desktop compositors. But since the very successful release of Vulkan, we now have two main-stream APIs for essentially the same hardware functionality. It's not looking like neither OpenGL nor Vulkan is going away, and the software-world is now hard at work implementing Vulkan support everywhere, which is great. But this leads to complexity. So my hope is that we can simplify things here, by only require things like desktop compositors to support one API down the road. We're not there yet, though; not all hardware has a Vulkan-driver, and some older hardware can't even support it. But at some point in the not too far future, we'll probably get there. This means there might be a future where OpenGL's role could purely be one of legacy application compatibility. Perhaps Zink can help making that future a bit closer?"

Security updates for Thursday

Thursday 1st of November 2018 03:07:20 PM
Security updates have been issued by Debian (phpldapadmin, poppler, and tzdata), Fedora (firefox, java-11-openjdk, libarchive, sos-collector, and teeworlds), Scientific Linux (java-1.7.0-openjdk, python-paramiko, and thunderbird), Slackware (curl), and SUSE (kernel, MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss, and wireshark).

[$] LWN.net Weekly Edition for November 1, 2018

Thursday 1st of November 2018 12:26:25 AM
The LWN.net Weekly Edition for November 1, 2018 is available.

[$] Init system support in Debian

Wednesday 31st of October 2018 09:08:29 PM

The "systemd question" has roiled Debian multiple times over the years, but things had mostly been quiet on that front of late. The Devuan distribution is a Debian derivative that has removed systemd; many of the vocal anti-systemd Debian developers have switched, which helps reduce the friction on the Debian mailing lists. But that seems to have led to support for init system alternatives (and System V init in particular) to bitrot in Debian. There are signs that a bit of reconciliation between Debian and Devuan will help fix that problem.

More in Tux Machines

Server: Silicon Sky, IBM and Red Hat

today's howtos

  • Free Ebook Kubernetes Essentials - A Tutorial for Beginners
  • Twitter Alerts: A Trick for the Twitter-averse
  • Tuning your Intel Graphics Card in Ubuntu 18.04
    In the computing world things move at a brisk pace. To appeal to business users and conservative types like me Ubuntu releases the Long Term Support (LTS) versions of Ubuntu the latest of which is Ubuntu 18.04 which came out early this year. Ubuntu 16.04 for which I wrote the guide, is the LTS version prior to 18.04. It’s a little bit late to say this now but Ubuntu 18.04 came with a lot of changes including the infamous switchback to GNOME and the subsequent death of Unity. Another not so famous change was the fact that Intel drivers now ship with the kernel. This is not an Ubuntu specific change per se which explains why it was more of a footnote and not a headline in the Ubuntu world.
  • 4 Best open source & free YouTube Downloader for Ubuntu Linux
    Downloading YouTube Videos on Ubuntu Linux is not that much difficult as it appears. Lots of newbies think that Windows is the only platform to download online Youtube videos due to the availability of tons of free YouTube downloader software for it. However, after going through this article their opinion would be changed forever because not only normal videos but 4K videos can be downloaded on the Linux platforms as easy as on Windows.
  • Beginner's Guide: How To Install Ubuntu Linux 18.10

Interview With Mark Shuttleworth

Mark Shuttleworth delivered an unashamed plug for Ubuntu while cheerfully throwing a little shade on the competition at the OpenStack Berlin 2018 summit last week. If Nick Barcet of Red Hat had elicited gasps by suggesting the OpenStack Foundation (OSF) might consider releasing updates a bit more frequently, Shuttleworth sent eyebrows skywards by announcing that the latest Long Term Support (LTS) edition of Ubuntu, 18.04, would get 10 years of support. Read more

Security: Facebook/Instagram Breach and More FUD From Microsoft's Friends at WhiteSource