Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 49 min ago

X.org election results

Friday 10th of April 2015 11:38:27 AM
As was discussed in this LWN article, the X.Org Foundation recently held an election to choose four board members and decide whether to change the organization's by-laws to enable it to become a member of Software in the Public Interest (SPI). The results are now available. The board members elected are Peter Hutterer, Martin Peres, Rob Clark, and Daniel Vetter. The measure to change the by-laws did not pass, though, despite receiving only two "no" votes, because the required two-thirds majority was not reached.

Linux Foundation to host Let's Encrypt

Thursday 9th of April 2015 11:44:10 PM

The Linux Foundation (LF) has announced that it will serve as host of the Let's Encrypt project, as well as the Internet Security Research Group (ISRG). Let's Encrypt is the free, automated SSL/TLS certificate authority that was announced in November 2014 by the Electronic Frontier Foundation (EFF) to provide TLS certificates for every domain on the web. ISRG is the non-profit organization created to spearhead efforts like Let's Encrypt (which, as of now, is ISRG's only public project). In the LF announcement, executive director Jim Zemlin notes that "by hosting this important encryption project in a neutral forum we can accelerate the work towards a free, automated and easy security certification process that benefits millions of people around the world."

Thursday's security updates

Thursday 9th of April 2015 03:53:46 PM

Arch Linux has updated chrony (denial of service).

CentOS has updated krb5 (C6: multiple vulnerabilities).

Debian-LTS has updated arj (multiple vulnerabilities), checkpw (denial of service), libgcrypt11 (multiple vulnerabilities), and libgd2 (multiple vulnerabilities).

Fedora has updated drupal7-webform (F20; F21: unspecified vulnerability), firefox (F21: multiple vulnerabilities), powerpc-utils-python (F20; F21: code execution), and xterm (F20; F21: denial of service).

Mandriva has updated java-1.8.0-openjdk (BS2: multiple vulnerabilities).

Oracle has updated kernel (O5: multiple vulnerabilities) and krb5 (O6: denial of service).

Red Hat has updated krb5 (RHEL6: multiple vulnerabilities).

Ubuntu has updated kernel (12.04; 14.04; 14.10: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

[$] LWN.net Weekly Edition for April 9, 2015

Wednesday 8th of April 2015 11:48:01 PM
The LWN.net Weekly Edition for April 9, 2015 is available.

Security advisories for Wednesday

Wednesday 8th of April 2015 04:42:14 PM

Arch Linux has updated ntp (two vulnerabilities).

CentOS has updated kernel (C5: multiple vulnerabilities).

Debian has updated libxml2 (denial of service).

Fedora has updated setroubleshoot (F21; F20: privilege escalation) and texlive (F21: arbitrary file removal).

openSUSE has updated Chromium (13.2, 13.1: two vulnerabilities), libgit2 (13.2, 13.1: code execution), firefox, thunderbird (13.2, 13.1: multiple vulnerabilities), php5 (13.2, 13.1: multiple vulnerabilities), potrace (13.2, 13.1: denial of service), quassel (13.2, 13.1: denial of service), and subversion (13.2, 13.1: multiple vulnerabilities).

Red Hat has updated kernel (RHEL5: multiple vulnerabilities), novnc (RHEL OSP6.0: VNC session hijacking), openstack-nova (RHEL OSP6.0: cross-site websocket hijack attack), openstack-packstack (RHEL OSP6.0: root command execution), and installer (RHEL OSP6.0: root command execution).

Scientific Linux has updated kernel (C5: multiple vulnerabilities).

SUSE has updated xorg-x11-libs (SLE11 SP3: privilege escalation).

Ubuntu has updated libtasn1-3, libtasn1-6 (14.10, 14.04, 12.04, 10.04: denial of service) and mailman (14.10, 14.04, 12.04: path traversal attack).

Mourning Chris Yeoh

Wednesday 8th of April 2015 12:39:02 PM
From the OpenStack community comes the sad announcement of the passing of Chris Yeoh, a longtime free-software developer. "Chris was humble, helpful and honest. The OpenStack and broader Open Source communities are poorer for his passing." Those with memories of Chris are encouraged to contribute them to a collection being put together for his daughter.

[$] An update on the freedreno graphics driver

Wednesday 8th of April 2015 10:04:03 AM
The freedreno project was started by Rob Clark to create a free-software driver for the Adreno family of GPUs, which are used by the Qualcomm Snapdragon system-on-chip (SoC) family. He presented a status report on the project, along with some history and future plans, at the Embedded Linux Conference, which was held in San Jose, CA, March 23-25.

Click below (subscribers only) for the full report from ELC 2015.

Post-Cryptanalysis, TrueCrypt Alternatives Step Forward (Threat Post)

Tuesday 7th of April 2015 11:10:24 PM
Threat Post takes a look at two TrueCrypt forks, VeraCrypt and CipherShed. Although TrueCrypt development was discontinued last year, the code underwent a two phase audit and passed with a relatively clean bill of health. "VeraCrypt and CipherShed have addressed many of the shortcomings identified not only by the audit, but by others who have scrutinized the TrueCrypt code in recent years. VeraCrypt’s [Mounir] Idrassi, for example, said he replaced TrueCrypt’s lone support of the RIPEMD-160 algorithm with SHA-256 support for system encryption. He said VeraCrypt has also tried to simplify the build process, especially for Linux and Mac OS X systems, so that other less common configurations could be used." The results of the audit of TrueCrypt are available in PDF format; phase 1 was completed in February 2014, and phase 2 was completed March 2015.

Tuesday's security updates

Tuesday 7th of April 2015 04:34:21 PM

Arch Linux has updated tor (denial of service).

Debian has updated arj (multiple vulnerabilities), libgd2 (denial of service), mailman (path traversal attack), and tor (denial of service).

Debian-LTS has updated mailman (path traversal attack) and tor (denial of service).

Fedora has updated chicken (F21; F20: buffer overflow), kernel (F20: multiple vulnerabilities), libxml2 (F21: denial of service), and seamonkey (F21; F20: multiple vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities).

Mandriva has updated cups-filters (MBS2.0: remote command execution), libtasn1 (MBS1.0, MBS2.0: denial of service), and python-django (MBS1.0: cross-site scripting).

Red Hat has updated kernel (RHEL6.5: multiple vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: certificate verification bypass) and oxide-qt (14.10, 14.04: multiple vulnerabilities).

Kernel prepatch 4.0-rc7

Tuesday 7th of April 2015 09:25:19 AM
Linus has released 4.0-rc7 after a delay of a couple of days for the holiday. "But it's still pretty small, and things are on track for 4.0 next weekend. There's a tiny chance that I'll decide to delay 4.0 by a week just because I'm traveling the week after, and I might want to avoid opening the merge window. We'll see how I feel about it next weekend."

Linux Australia server breach

Monday 6th of April 2015 07:15:53 PM
Linux Australia has reported a breach on the Conference Management (Zookeepr) hosting server. This server hosted the conference systems for linux.conf.au 2013, 2014 and 2015, and for PyCon Australia 2013 and 2014. "The database dumps which occurred during the breach include information provided during conference registration - First and Last Names, physical and email addresses, and any phone contact details provided, as well as a hashed version of the user password. As Zookeepr uses a third party credit card payment gateway for credit card processing, the database dumps do not contain any credit card or banking details."

Security advisories for Monday

Monday 6th of April 2015 05:07:54 PM

Arch Linux has updated firefox (certificate verification bypass), java-batik (information leak), and thunderbird (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities), freeipa (F21: two vulnerabilities), glpi (F21; F20: privilege escalation), lasso (F21; F20: denial of service), mingw-libzip (F21; F20: code execution), mingw-qt5-qtbase (F21; F20: denial of service), mingw-qt5-qtdeclarative (F21; F20: denial of service), mingw-qt5-qtgraphicaleffects (F21; F20: denial of service), mingw-qt5-qtimageformats (F21; F20: denial of service), mingw-qt5-qtlocation (F21; F20: denial of service), mingw-qt5-qtmultimedia (F21; F20: denial of service), mingw-qt5-qtquick1 (F21; F20: denial of service), mingw-qt5-qtscript (F21; F20: denial of service), mingw-qt5-qtsensors (F21; F20: denial of service), mingw-qt5-qtsvg (F21; F20: denial of service), mingw-qt5-qttools (F21; F20: denial of service), mingw-qt5-qttranslations (F21; F20: denial of service), mingw-qt5-qtwebkit (F21; F20: denial of service), mingw-qt5-qtwinextras (F21; F20: denial of service), moodle (F21; F20: multiple vulnerabilities), osc (F21; F20: command injection), patch (F20: multiple vulnerabilities), PyYAML (F21; F20: denial of service), rt (F21: multiple vulnerabilities), slapi-nis (F21: multiple vulnerabilities), thunderbird (F21: multiple vulnerabilities), and tor (F21; F20: denial of service).

Mageia has updated cups-filters (remote command execution), novnc (VNC session hijacking), and php, libzip (multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: two vulnerabilities).

10 Years of Git: An Interview with Git Creator Linus Torvalds (Linux.com)

Monday 6th of April 2015 05:01:08 PM
Linux.com talks with Linus Torvalds about the development of Git. "Just to pick an example: the concept of 'merging' was generally considered to be something really quite painful and hard in most SCM's. You'd plan your merges, because they were big deals. That's not acceptable to me, since I commonly do tens of merges a day when in the merge window, and even then, the biggest overhead shouldn't be the merge itself, it should be testing the result. The 'git' part of the merge is just a couple of seconds, it should take me much longer just to write the merge explanation message."

Tor Summer of Privacy

Friday 3rd of April 2015 10:02:03 PM

The Tor Project and the Electronic Frontier Foundation (EFF) have announced a mentoring program entitled the "Tor Summer of Privacy" (TorSoP). Akin to the Google Summer of Code, TorSoP will provide financial support and mentorship for a group of students to work on privacy-related free software. Three student positions are available this year; applications will be accepted through April 10. More details (including project ideas) are provided on the TorSoP page.

Rust 1.0 beta released

Friday 3rd of April 2015 08:07:28 PM

The Rust team at Mozilla Research has announced the first beta release of Rust 1.0. The release notes detail a number of important changes, but the announcement adds some additional noteworthy items. "The Beta release also marks a turning point in our approach to stability. During the alpha cycle, the use of unstable APIs and language features was permitted, but triggered a warning. As of the Beta release, the use of unstable APIs will become an error (unless you are using Nightly builds or building from source)." A new continuous-integration infrastructure has also been deployed. The final release is currently expected around May 15.

Friday's security updates

Friday 3rd of April 2015 04:22:04 PM

Arch Linux has updated libtasn1 (denial of service).

Debian has updated icedove (multiple vulnerabilities).

Fedora has updated drupal7-ctools (F20; F21: multiple vulnerabilities), firefox (F21: multiple vulnerabilities), icu (F21: multiple vulnerabilities), and texlive (F20: arbitrary file removal).

Mageia has updated firefox, thunderbird (M4: multiple vulnerabilities), iceape (M4: multiple vulnerabilities), libtasn1 (M4: denial of service), mercurial (M4: command injection), mongodb (M4: denial of service), and python-django (M4: multiple vulnerabilities).

Mandriva has updated icu (BS1: multiple vulnerabilities) and subversion (BS1, BS2: multiple vulnerabilities).

SUSE has updated kernel (SLE12: multiple vulnerabilities).

Ubuntu has updated thunderbird (12.04, 14.04, 14.10: multiple vulnerabilities).

What to Expect When You're Expecting: PHP 7, Part 1 (Engine Yard)

Friday 3rd of April 2015 09:16:03 AM
The Engine Yard blog has an introduction to the changes coming in the PHP 7 release. "My personal favorite addition to PHP 7 is the addition of the Combined Comparison Operator, <=>,otherwise known as the spaceship operator. [...] It effectively works like strcmp(), or version_compare(), returning -1 if the left operand is smaller than the right, 0 if they are equal, and 1 if the left is greater than the right. The major difference being that it can be used on any two operands, not just strings, but also integers, floats, arrays, etc."

Android security state of the union

Thursday 2nd of April 2015 09:25:51 PM
Google has announced the issuing of a lengthy report [PDF] on the state of Android security. "In 2014, the Android platform made numerous significant improvements in platform security technology, including enabling deployment of full disk encryption, expanding the use of hardware- protected cryptography, and improving the Android application sandbox with an SELinux- based Mandatory Access Control system (MAC). Developers were also provided with improved tools to detect and react to security vulnerabilities, including the nogotofail project and the SecurityProvider. We provided device manufacturers with ongoing support for fixing security vulnerabilities in devices, including development of 79 security patches, and improved the ability to respond to potential vulnerabilities in key areas, such as the updateable WebView in Android 5.0."

Open Crypto Audit gives TrueCrypt a passing grade

Thursday 2nd of April 2015 07:17:42 PM

At his blog, cryptographer Matt Green announced that the Open Crypto Audit project's review of the now-abandoned TrueCrypt encryption tool is complete, and that "based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances." TrueCrypt was abruptly abandoned by its anonymous developers in 2014, leading some to suspect that a serious vulnerability had been discovered. The final Open Crypto Audit report [PDF] suggests otherwise, which is good news for users as well as for the multiple open-source projects that have subsequently developed TrueCrypt-compatibility support.

Thursday's security updates

Thursday 2nd of April 2015 02:26:23 PM

Arch Linux has updated chromium (multiple vulnerabilities).

CentOS has updated thunderbird (C5: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities).

Mandriva has updated flac (BS2: multiple vulnerabilities), graphviz (BS2: format-string vulnerability), owncloud (BS1; BS2: multiple vulnerabilities), and tor (BS1: denial of service).

openSUSE has updated php5 (13.1, 13.2: multiple vulnerabilities) and python-Django (13.2: multiple vulnerabilities).

Oracle has updated firefox (O5: multiple vulnerabilities) and thunderbird (O6; O7: multiple vulnerabilities).

Scientific Linux has updated thunderbird (multiple vulnerabilities).

SUSE has updated kernel (SLES11: multiple vulnerabilities).

Ubuntu has updated tiff (regression fix for previous update).

More in Tux Machines

Leftovers: Software

Leftovers: Gaming

Android Leftovers

  • Android Candy: Intercoms
    Ever since my "tiny $20 tablet" project (see my Open-Source Classroom column in the March 2015 issue), I've been looking for more and more cool things to do with cheap Android devices. Although the few obvious ones like XBMC or Plex remotes work well, I've recently found that having Android devices around the house means I can gain back an old-school ability that went out of style in the late 1980s—namely, an intercom system.
  • There's a wild prank hidden in Google Maps that insults Apple in the most childishly inappropriate way
    Rawalpindi is a vibrant Pakistani city known for its bazaars, ancient ruins, and array of religious shrines. But if you pay it a visit on Google Maps, you're going to notice something very unusual on the outskirts of the city — the Android "droid" mascot urinating on the Apple logo.
  • There's an Android bot peeing on an Apple logo on Google Maps
    Sick of all the Apple Watch news today? You're in luck, because we have something completely different for you. An image of an Android mascot, also known as an Android bot or Bugdroid, peeing on an Apple logo has been discovered on Google Maps.
  • An Android robot is peeing on an Apple logo in Google Maps
  • An Android is urinating on the Apple logo in Google Maps (update)
    Google and Apple have always had their differences, but a new Easter egg inside Google Maps has just taken their rivalry to a whole new level. As spotted by Team Android, if you head to these coordinates with the regular Map view enabled, you'll see Google's iconic Android mascot taking a leak on the Apple logo. At the moment, it's unclear who created this little piece of mischief and whether Google is taking action. But if this hidden message is any indication, it was snuck through by a member of the public using Google's Map Maker service, rather than a Google employee. Regardless, it's a crazy (and pretty hilarious) addition that's sure to rile some of the employees in Cupertino. Shots fired!
  • Sony's Android TV-powered 4K televisions are ridiculously thin
    Four models from Sony’s 2015 Android TV-powered 4K television range are now available for pre-order, with shipping to begin in May. The Japanese electronics giant unveiled its 4K TV lineup for 2015 at the Consumer Electronics Show in January, but kept pricing and release information to itself, only saying the new sets would be available sometime in the spring. Those details are finally here and the TVs themselves aren’t far off.
  • Android Wear v1.1 APK has Apple references in it, but when is iOS support coming?
    That Google is working on iOS support for Android Wear is nearly undeniable at this point, but even more evidence has surfaced in case you aren’t a believer. We peeked inside the latest Android Wear update APK to see what hidden bits were swarming about, and we came across some very interesting references.
  • 5 Things to Expect from the Nexus 5 Android 5.1.1 Release
    A few weeks ago, an Android 5.1.1 update mysteriously appeared alongside an update for Google’s Android SDK. Earlier this week, Google finally confirmed the Nexus Android 5.1.1 release with an update for its Nexus Player. With an Android 5.1.1 update now on the minds of Nexus users, particularly Nexus 5 users dealing with Android 5.0 Lollipop problems, we want to take a look at what we expect from the Nexus 5 Android 5.1 release from Google.

The Turing Phone Is Super Durable and Ultra Secure

The device also sports a 13MP/8MP camera combo, 64GB / 128GB of internal storage and runs Android 5.0 Lollipop out of the box. Read more