Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 32 min ago

[$] Moving on from net-tools

Wednesday 4th of January 2017 07:00:56 PM
Old habits die hard, even when support for the tools required by those habits ended over a decade ago. It is not surprising for users to cling to the tools they learned early in their careers, even when they are told that it is time to move on. A recent discussion on the Debian development list showed the sort of stress that this kind of inertia can put on a distribution and explored the options that distributors have to try to nudge their users toward more supportable solutions.

Grumpy: Go running Python

Wednesday 4th of January 2017 06:27:27 PM
The Google Open Source Blog introduces the Grumpy project. "Grumpy is an experimental Python runtime for Go. It translates Python code into Go programs, and those transpiled programs run seamlessly within the Go runtime. We needed to support a large existing Python codebase, so it was important to have a high degree of compatibility with CPython (quirks and all). The goal is for Grumpy to be a drop-in replacement runtime for any pure-Python project."

Security updates for Wednesday

Wednesday 4th of January 2017 05:15:12 PM

Arch Linux has updated lib32-curl (two vulnerabilities), lib32-libcurl-compat (two vulnerabilities), lib32-libcurl-gnutls (two vulnerabilities), libcurl-compat (two vulnerabilities), libcurl-gnutls (two vulnerabilities), and pcsclite (privilege escalation).

CentOS has updated ghostscript (C7; C6: multiple vulnerabilities).

Debian has updated libphp-phpmailer (regression in previous update).

Debian-LTS has updated libphp-phpmailer (code execution) and libvncserver (two vulnerabilities).

Fedora has updated borgbackup (F25; F24: two vulnerabilities) and freeipa (F24: two vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities).

Mageia has updated kernel-linus (multiple vulnerabilities), kernel-tmb (multiple vulnerabilities), libupnp (code execution), and python-html5lib (cross-site scripting).

openSUSE has updated dnsmasq (42.2, 42.1: denial of service), samba (42.2; 42.1: three vulnerabilities), and wget (42.2, 42.1: race condition).

Red Hat has updated ghostscript (RHEL7; RHEL6: multiple vulnerabilities), kernel (RHEL7.1: denial of service), and systemd (RHEL7.1: denial of service).

Scientific Linux has updated ghostscript (SL7; SL6: multiple vulnerabilities) and ipa (SL7: two vulnerabilities).

Inkscape 0.92 released

Wednesday 4th of January 2017 01:34:45 PM
Version 0.92 of the Inkscape vector drawing editor is available. "New features include mesh gradients, improved SVG2 and CSS3 support, new path effects, interactive smoothing for the pencil tool, a new Object dialog for directly managing all drawing elements, and much more. Infrastructural changes are also under way, including a switch to CMake from the venerable Autotools build system." See the release notes for details.

[$] A look at darktable 2.2.0

Tuesday 3rd of January 2017 09:41:03 PM
In what is becoming its annual tradition, the darktable project released a new stable version of its image-editing system at the end of December. The new 2.2 release incorporates several new photo-correction features of note.

Click below (subscribers only) for the full article from Nathan Willis.

Bottomley: TPM2 and Linux

Tuesday 3rd of January 2017 09:26:46 PM
James Bottomley looks at Trusted Platform Module (TPM) version 2. "Recently Microsoft started mandating TPM2 as a hardware requirement for all platforms running recent versions of windows. This means that eventually all shipping systems (starting with laptops first) will have a TPM2 chip. The reason this impacts Linux is that TPM2 is radically different from its predecessor TPM1.2; so different, in fact, that none of the existing TPM1.2 software on Linux (trousers, the libtpm.so plug in for openssl, even my gnome keyring enhancements) will work with TPM2. The purpose of this blog is to explore the differences and how we can make ready for the transition." (Thanks to Paul Wise)

Tuesday's security updates

Tuesday 3rd of January 2017 04:34:08 PM

Arch Linux has updated gst-plugins-bad (two vulnerabilities), lib32-libpng (denial of service), lib32-libpng12 (denial of service), libpng (denial of service), and libpng12 (denial of service).

CentOS has updated ipa (C7: two vulnerabilities).

Debian-LTS has updated samba (privilege escalation).

Fedora has updated bzip2 (F25: denial of service), dovecot (F25: denial of service), and seamonkey (F25: multiple vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities, some from 2014).

Oracle has updated ipa (OL7: two vulnerabilities).

Ringing in 2017 with 90 hacker-friendly single board computers (HackerBoards)

Monday 2nd of January 2017 11:19:30 PM
HackerBoards.com takes a look at hacker-friendly single board computers. "Community backed, open spec single board computers running Linux and Android sit at the intersection between the commercial embedded market and the open source maker community. Hacker boards also play a key role in developing the Internet of Things devices that will increasingly dominate our technology economy in the coming years, from home automation devices to industrial equipment to drones. This year, we identified 90 boards that fit our relatively loose requirements for community-backed, open spec SBCs running Linux and/or Android."

Eulogy for Pieter Hintjens

Monday 2nd of January 2017 08:17:55 PM
Pieter Hintjens passed away last October. "Pieter was known mostly for founding the ZeroMQ project but he was also an ambitious fighter for the open source philosophy, an active opponent to software patents and an inspiring and keen thinker on open systems of all kind." (Thanks to Viktor Horvath)

Security advisories for Monday

Monday 2nd of January 2017 07:38:29 PM

Arch Linux has updated curl (two vulnerabilities) and libwmf (multiple vulnerabilities).

Debian has updated libgd2 (denial of service) and libphp-phpmailer (code execution).

Debian-LTS has updated hdf5 (multiple vulnerabilities), hplip (man-in-the-middle attack from 2015), kernel (multiple vulnerabilities), libphp-phpmailer (code execution), pgpdump (denial of service), postgresql-common (file overwrites), python-crypto (denial of service), and shutter (code execution from 2015).

Fedora has updated curl (F24: buffer overflow), cxf (F25: two vulnerabilities), game-music-emu (F24: multiple vulnerabilities), libbsd (F25; F24: denial of service), libpng (F25: NULL dereference bug), mingw-openjpeg2 (F25; F24: multiple vulnerabilities), openjpeg2 (F24: two vulnerabilities), php-zendframework-zend-mail (F25; F24: parameter injection), springframework (F25: directory traversal), tor (F25; F24: denial of service), xen (F24: three vulnerabilities), and zookeeper (F25; F24: buffer overflow).

Gentoo has updated bash (code execution), busybox (denial of service), chicken (multiple vulnerabilities going back to 2013), cyassl (multiple vulnerabilities from 2014), e2fsprogs (code execution from 2015), hdf5 (multiple vulnerabilities), icinga (privilege escalation), libarchive (multiple vulnerabilities, some from 2015), libjpeg-turbo (code execution), libotr (code execution), lzo (code execution from 2014), mariadb (multiple unspecified vulnerabilities), memcached (code execution), musl (code execution), mutt (denial of service from 2014), openfire (multiple vulnerabilities from 2015), openvswitch (code execution), pillow (multiple vulnerabilities, two from 2014), w3m (multiple vulnerabilities), xdg-utils (command execution from 2014), and xen (multiple vulnerabilities).

Mageia has updated mcabber (roster push attack) and tracker (denial of service).

openSUSE has updated firefox (13.1: multiple vulnerabilities), gd (42.2, 42.1: stack overflow), GNU Health (42.2: two vulnerabilities), roundcubemail (13.1: cross-site scripting), kernel (42.1: information leak), thunderbird (42.2, 42.1, 13.2; SPH for SLE12: multiple vulnerabilities), and xen (42.2; 42.1; 13.2: multiple vulnerabilities).

Red Hat has updated ipa (RHEL7: two vulnerabilities) and rh-nodejs4-nodejs and rh-nodejs4-http-parser (RHSCL: multiple vulnerabilities).

Slackware has updated libpng (NULL dereference bug), thunderbird (code execution), and seamonkey (multiple vulnerabilities).

SUSE has updated gstreamer-plugins-good (SLE12-SP2: multiple vulnerabilities) and kernel (SLERTE12-SP1: multiple vulnerabilities).

7 notable legal developments in open source in 2016 (opensource.com)

Monday 2nd of January 2017 01:58:59 PM
Richard Fontana reviews legal development in 2016 on opensource.com. "The Federal Source Code Policy is notable for placing emphasis on adhering to proper standards for open development as well as open source licensing. Agencies releasing open source code are directed to do so in a manner that encourages engagement with existing communities, fosters growth of new communities, and facilitates contribution both by the community to the federal code and by federal employees and contractors to upstream projects."

Kernel prepatch 4.10-rc2

Monday 2nd of January 2017 01:36:58 PM
The second 4.10 kernel prepatch is out for testing. "Hey, it's been a really slow week between Christmas Day and New Years Day, and I am not complaining at all. It does mean that rc2 is ridiculously and unrealistically small. I almost decided to skip rc2 entirely, but a small little meaningless release every once in a while never hurt anybody. So here it is."

[$] New features in Python 3.6

Friday 30th of December 2016 08:45:30 PM

The Python 3.6 release occurred on December 23, only one week later than planned all the way back in October 2015. Python 3.6 adds a number of new features, including more support for asynchronous operations (generators and comprehensions), a filesystem path protocol, a new literal string formatting option, two random-number-related features, a frame evaluation API for debuggers and just-in-time (JIT) compilation, and more. Some of these features have been described in LWN articles along the way, but many haven't, so an overview of the highlights of the new release is in order.

Subscribers can click below to see the article that will appear in next week's edition.

Security updates for Friday

Friday 30th of December 2016 04:11:16 PM

Debian has updated dcmtk (code execution from 2015).

Debian-LTS has updated curl (code execution) and libxi (regression in previous update).

Fedora has updated js-jquery (F24: cross-site scripting), js-jquery1 (F25; F24: cross-site scripting), smack (F25: TLS bypass), and tracker (F24: adding sandboxing).

Gentoo has updated mod_wsgi (privilege escalation from 2014).

Mageia has updated game-music-emu (multiple vulnerabilities), gstreamer1.0-plugins-good (multiple vulnerabilities), hdf5 (multiple vulnerabilities), kernel, kmod (three vulnerabilities), libgsf (denial of service), openjpeg2 (multiple vulnerabilities), roundcubemail (code execution), and samba (authentication bypass).

openSUSE has updated irc-otr (42.2: information disclosure).

Slackware has updated python (two vulnerabilities) and samba (three vulnerabilities).

SUSE has updated gstreamer-plugins-bad (SLE12: multiple vulnerabilities) and gstreamer-plugins-good (SLE12: multiple vulnerabilities).

EFF: The Patent Troll Abides

Wednesday 28th of December 2016 07:21:26 PM
The Electronic Frontier Foundation has a review of patent lawsuits in 2016. "We saw mixed results in the courts this year. The Supreme Court issued a good decision cutting back on out of control damages in design patent cases. Meanwhile, the Federal Circuit issued a very disappointing decision that allows patent owners to undermine ownership by asserting patent rights even after selling a patented good. Fortunately, the Supreme Court has agreed to review that ruling. We will file an amicus brief supporting the fundamental principle that once you buy something, you own it."

Security advisories for Wednesday

Wednesday 28th of December 2016 05:23:35 PM

Arch Linux has updated openfire (multiple vulnerabilities).

Debian-LTS has updated libcrypto++ (denial of service).

Fedora has updated community-mysql (F25; F24: multiple unspecified vulnerabilities), curl (F25: buffer overflow), hdf5 (F25: multiple vulnerabilities), js-jquery (F25: cross-site scripting), nagios-plugins (F25; F24: multiple vulnerabilities), python-wikitcms (F25; F24: code execution), and xen (F25: multiple vulnerabilities).

Gentoo has updated firejail-lts (denial of service).

openSUSE has updated ntp (42.2, 42.1: multiple vulnerabilities) and tor (42.2; 42.1, 13.2: denial of service).

SUSE has updated openjpeg2 (SLE12-SP2: multiple vulnerabilities) and xen (SOSC5, SMP2.1, SM2.1, SLE11-SP3: multiple vulnerabilities).

darktable 2.2.0 released

Monday 26th of December 2016 08:10:35 PM
Darktable 2.2.0 has been released. This version includes the new automatic perspective correction module, a liquify tool for all your fancy pixel moving, a new image module to use a Color Look Up Table (CLUT) to change colors in the image, and much more.

Announcing FreeDOS 1.2

Monday 26th of December 2016 07:19:44 PM
Jim Hall has announced the release of FreeDOS 1.2. "The FreeDOS 1.2 release is an updated, more modern FreeDOS. You'll see that we changed many of the packages. Some packages were replaced, deprecated by newer and better packages. We also added other packages. And we expanded what we should include in the FreeDOS distribution. Where FreeDOS 1.0 and 1.1 where fairly spartan distributions with only "core" packages and software sets, the FreeDOS 1.2 distribution includes a rich set of additional packages. We even include games." There is also a new installer.

Security advisories for Monday

Monday 26th of December 2016 05:35:27 PM

Debian has updated exim4 (information leak), graphicsmagick (multiple vulnerabilities), libcrypto++ (denial of service), libxml2 (two vulnerabilities), and squid3 (information leak).

Debian-LTS has updated exim4 (information leak), phpmyadmin (multiple vulnerabilities), python-bottle (CRLF attacks), qemu (three vulnerabilities), qemu-kvm (three vulnerabilities), spip (two vulnerabilities), and squid3 (information leak).

Fedora has updated httpd (F25; F24: three vulnerabilities).

Gentoo has updated roundcube (code execution), samba (multiple vulnerabilities), tor (denial of service), and xerces-c (code execution).

Slackware has updated expat (multiple vulnerabilities), httpd (multiple vulnerabilities), and openssh (multiple vulnerabilities).

SUSE has updated dnsmasq (SLE12-SP2,SP1: denial of service).

Kernel prepatch 4.10-rc1

Monday 26th of December 2016 04:49:37 PM
Linus has released the 4.10-rc1 kernel prepatch and closed the merge window for this release. "Everything looks pretty normal, although we had an unusual amount of tree-wide final cleanups in the last days of the merge window. But the general statistics look fairly common: a bit over half is drivers, maybe slightly less arch updates than normal, and a fair amount of documentation updates due to the sphinx conversion."

More in Tux Machines

today's howtos

Ubuntu 16.04.2 LTS Delayed Until February 2, Will Bring Linux 4.8, Newer Mesa

If you've been waiting to upgrade your Ubuntu 16.04 LTS (Xenial Xerus) operating system to the 16.04.2 point release, which should have hit the streets a couple of days ago, you'll have to wait until February 2. We hate to give you guys bad news, but Canonical's engineers are still working hard these days to port all the goodies from the Ubuntu 16.10 (Yakkety Yak) repositories to Ubuntu 16.04 LTS, which is a long-term supported version, until 2019. These include the Linux 4.8 kernel packages and an updated graphics stack based on a newer X.Org Server version and Mesa 3D Graphics Library. Read more

Calamares Release and Adoption

  • Calamares 3.0 Universal Linux Installer Released, Drops Support for KPMcore 2
    Calamares, the open-source distribution-independent system installer, which is used by many GNU/Linux distributions, including the popular KaOS, Netrunner, Chakra GNU/Linux, and recently KDE Neon, was updated today to version 3.0. Calamares 3.0 is a major milestone, ending the support for the 2.4 series, which recently received its last maintenance update, versioned 2.4.6, bringing numerous improvements, countless bug fixes, and some long-anticipated features, including a brand-new PythonQt-based module interface.
  • Due to Popular Request, KDE Neon Is Adopting the Calamares Graphical Installer
    KDE Neon maintainer Jonathan Riddell is announcing today the immediate availability of the popular Calamares distribution-independent Linux installer framework on the Developer Unstable Edition of KDE Neon. It would appear that many KDE Neon users have voted for Calamares to become the default graphical installer system used for installing the Linux-based operating system on their personal computers. Indeed, Calamares is a popular installer framework that's being successfully used by many distros, including Chakra, Netrunner, and KaOS.

Red Hat Financial News