Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 53 min ago

The GNOME Foundation gets a new director

Thursday 2nd of February 2017 12:41:44 AM
The GNOME Foundation's long search for a new executive director has finally come to an end: Neil McGovern has taken the job. "McGovern is an experienced leader in Free Software projects and is best known for his role as Debian Project Leader from 2014-15. He has been on the Boards of numerous organizations, including Software in the Public Interest, Inc. and the Open Rights Group."

[$] LWN.net Weekly Edition for February 2, 2017

Thursday 2nd of February 2017 12:13:09 AM
The LWN.net Weekly Edition for February 2, 2017 is available.

Krita 3.1.2 released

Wednesday 1st of February 2017 07:36:27 PM
Version 3.1.2 of the Krita painting application has been released. This version features audio support for animations along with other improvements and bug fixes. "Audio is not yet available in the Linux appimages. It is an experimental feature, with no guarantee that it works correctly yet — we need your feedback!"

[$] Three new FOSS umbrella organizations in Europe

Wednesday 1st of February 2017 06:45:41 PM
Last year, three new umbrella organizations for free and open-source software (and hardware) projects emerged in Europe. Their aim is to cater to the needs of the community by providing a legal entity for projects to join, leaving the projects free to focus on technical and community tasks. These organizations (Public Software CIC, [The Commons Conservancy], and the Center for the Cultivation of Technology) will take on the overhead of actually running a legal entity themselves.

Security advisories for Wednesday

Wednesday 1st of February 2017 04:48:52 PM

Arch Linux has updated salt (two vulnerabilities).

CentOS has updated libtiff (C7; C6: multiple vulnerabilities).

Debian has updated libgd2 (multiple vulnerabilities), ruby-archive-tar-minitar (file overwrites), and wordpress (multiple vulnerabilities).

Debian-LTS has updated ikiwiki (three vulnerabilities), libplist (two vulnerabilities), and wordpress (multiple vulnerabilities).

Gentoo has updated pcsc-lite (privilege escalation).

openSUSE has updated openssh (42.2: multiple vulnerabilities).

Oracle has updated libtiff (OL7; OL6: multiple vulnerabilities).

Red Hat has updated libtiff (RHEL6,7: multiple vulnerabilities).

SUSE has updated gnutls (SLE12-SP1,2: multiple vulnerabilities) and java-1_8_0-openjdk (SLE12-SP1,2: multiple vulnerabilities).

Ubuntu has updated openssl (multiple vulnerabilities).

LEDE v17.01.0-rc1 released

Wednesday 1st of February 2017 03:28:58 PM
The LEDE project, working on a fork of the OpenWrt router distribution, has announced its first release candidate. "With this release, the LEDE development team closes out an intense effort to modernize many parts of OpenWrt and incorporate many new modules, packages, and technologies." Click below for a terse list of changes; they include the significant WiFi performance improvements described in this article.

LibreOffice 5.3 released

Wednesday 1st of February 2017 03:08:05 PM
Version 5.3 of the LibreOffice office suite is out. "LibreOffice 5.3 represents a significant step forward in the evolution of the software: it offers an introduction to new features such as online with collaborative editing, which increase the competitive positioning of the application, and at the same time provides incremental improvements, to make the program more reliable, interoperable and user friendly."

Open-Sourcing Google Earth Enterprise

Tuesday 31st of January 2017 09:21:07 PM
Google has announced that Google Earth Enterprise (GEE) will be published on GitHub under the Apache2 license in March. GEE is an enterprise product that allows developers to build and host their own private maps and 3D globes. This release includes GEE Fusion, GEE Server, and GEE Portable Server source code. "Feedback is important to us and we’ve heard from our customers that GEE remains in-use in mission-critical applications. Many customers have not transitioned to other technologies. Open-sourcing GEE allows our customer community to continue to improve and evolve the project in perpetuity. Note that the Google Earth Enterprise Client, Google Maps JavaScript® API V3 and Google Earth API will not be open sourced. The Enterprise Client will continue to be made available and updated. However, since GEE Fusion and GEE Server are being open-sourced, the imagery and terrain quadtree implementations used in these products will allow third-party developers to build viewers that can consume GEE Server Databases." (Thanks to Paul Wise)

Time To Upgrade Your Python: TLS v1.2 Will Soon Be Mandatory

Tuesday 31st of January 2017 08:53:20 PM
The Python Software Foundation has announced that python.org and related sites will begin disabling the old TLS versions 1.0 and 1.1. "This change was imposed on us by our content delivery network, Fastly, in response to a change imposed on them by the Payment Card Industry Security Standards Council. In order to continue serving websites that take credit card payments, Fastly is required to disable the old, insecure versions of TLS. Since the PSF's servers, including PyPI, use Fastly, the old versions of TLS will be disabled as well."

Security updates for Tuesday

Tuesday 31st of January 2017 05:46:21 PM

Debian has updated chromium-browser (multiple vulnerabilities).

Debian-LTS has updated libarchive (denial of service), ruby-archive-tar-minitar (file overwrites), and tcpdump (multiple vulnerabilities).

Fedora has updated flatpak (F24: sandbox escape), irssi (F25; F24: multiple vulnerabilities), kernel (F25; F24: multiple vulnerabilities), and python-crypto (F25; F24: denial of service).

Gentoo has updated ansible (code execution) and harfbuzz (multiple vulnerabilities).

openSUSE has updated lcms2 (42.1: heap memory leak) and virtualbox (42.1: multiple vulnerabilities).

Red Hat has updated kernel (RHEL7.2: two vulnerabilities), kernel (RHEL6.6; RHEL6.2 (code execution), and nagios (RHELOSP7 for RHEL7; RHELOSP6 for RHEL7; RHELOSP5 for RHEL6; RHELOSP5 for RHEL7: multiple vulnerabilities).

SUSE has updated kernel (SLE11-SP2: multiple vulnerabilities).

KDE Plasma 5.9 released

Tuesday 31st of January 2017 03:29:36 PM
The KDE project has announced the release of the Plasma 5.9 desktop environment with a number of new features. "Global Menus have returned. KDE's pioneering feature to separate the menu bar from the application window allows for new user interface paradigm with either a Plasma Widget showing the menu or neatly tucked away in the window bar."

How to get up and running with sweet Orange Pi (Opensource.com)

Monday 30th of January 2017 08:48:24 PM
David Egts reviews the Orange Pi at Opensource.com. "Compared to a $5 Raspberry Pi Zero, the Orange Pi Zero is only a few dollars more expensive, but it is much more useful out of the box because it has onboard Internet connectivity and four CPU cores instead of one. This onboard networking capability also makes the Orange Pi Zero a better gift than a Raspberry Pi Zero because the Raspberry Pi Zero needs Micro-USB-to-USB adapters and a Wi-Fi USB adapter to connect to the Internet. When giving IoT devices as gifts, you want the recipient to enjoy the product as quickly and easily as possible, instead of giving something incomplete that will just end up on a shelf."

Security advisories for Monday

Monday 30th of January 2017 06:33:10 PM

Arch Linux has updated chromium (multiple vulnerabilities), firefox (multiple vulnerabilities), kernel (privilege escalation), lib32-openssl (three vulnerabilities), libimobiledevice (access restriction bypass), linux-lts (privilege escalation), linux-zen (privilege escalation), openssl (three vulnerabilities), and thunderbird (multiple vulnerabilities).

Debian has updated lcms2 (heap memory leak), openssl (three vulnerabilities), and tcpdump (multiple vulnerabilities).

Debian-LTS has updated bind9 (three denial of service flaws), imagemagick (multiple vulnerabilities), libgd2 (three vulnerabilities), tiff3 (invalid tiff files), and zoneminder (information leak, authentication bypass).

Fedora has updated fedmsg (F24: insufficient signature validation), firefox (F24: multiple vulnerabilities), flatpak (F25: sandbox escape), ghostscript (F25; F24: denial of service), ikiwiki (F25; F24: three vulnerabilities), libXpm (F24: code execution), mapserver (F25; F24: code execution), and pdns (F25; F24: multiple vulnerabilities).

Gentoo has updated a2ps (code execution from 2014), ark (code execution), chromium (multiple vulnerabilities), ffmpeg (multiple vulnerabilities), firewalld (authentication bypass), freeimage (two vulnerabilities, one from 2015), libpng (NULL dereference bug), libXpm (code execution), perl (multiple vulnerabilities, two from 2015), and squashfs-tools (two vulnerabilities from 2015).

Mageia has updated 389-ds-base (denial of service), libvncserver (two vulnerabilities), mbedtls (two vulnerabilities), nvidia-current, ldetect-lst (three vulnerabilities), opus (code execution), pcsc-lite (privilege escalation), python-bottle (CRLF attacks), and shadow-utils (two vulnerabilities).

openSUSE has updated gstreamer-0_10-plugins-base (42.1: code execution), gstreamer-plugins-base (42.2: code execution), and rabbitmq-server (42.2: authentication bypass).

SUSE has updated gnutls (SLE11-SP4: multiple vulnerabilities).

Ubuntu has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).

Kernel prepatch 4.10-rc6

Monday 30th of January 2017 02:49:06 PM
The 4.10-rc6 kernel prepatch is out for testing. Linus is worried that the patch activity has increased this time around. "It's still not all that big by historical standards, since 4.10 has generally been pretty calm, but it's a bit distressing. I was hoping to do the usual 'rc7 is the last rc' release schedule for once (with both 4.8 and 4.9 pushing out to rc8), and I really want things to calm down for that to happen." The codename has changed again, now it's "Fearless Coyote".

Shutting down FTP services (kernel.org)

Sunday 29th of January 2017 06:40:09 PM
Kernel.org has announced that it will be shutting down FTP access to its archives in two stages: March 1 will see the end of ftp.kernel.org, while December 1 is the termination date for mirrors.kernel.org.

Let's face it -- while kinda neat and convenient, offering a public NFS/CIFS server was a Pretty Bad Idea, not only because both these protocols are pretty terrible over high latency connections, but also because of important security implications.

Well, 19 years later we're thinking it's time to terminate another service that has important protocol and security implications -- our FTP servers. Our decision is driven by the following considerations:

  1. The protocol is inefficient and requires adding awkward kludges to firewalls and load-balancing daemons
  2. FTP servers have no support for caching or accelerators, which has significant performance impacts
  3. Most software implementations have stagnated and see infrequent updates
All kernel.org FTP services will be shut down by the end of this year.

Friday's security updates

Friday 27th of January 2017 05:02:51 PM

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities), mysql (C6: three vulnerabilities), squid (C7: information leak), and squid34 (C6: information leak).

Debian has updated libxpm (code execution).

Debian-LTS has updated asterisk (denial of service from 2014), firefox-esr (multiple vulnerabilities), lcms2 (denial of service), and libxpm (code execution).

Mageia has updated firefox (multiple vulnerabilities), gstreamer (code execution), and php-phpmailer (two vulnerabilities).

openSUSE has updated apache2 (42.2: denial of service) and gstreamer-0_10-plugins-good (42.1: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and puppet-swift (OSP10.0: information disclosure).

Slackware has updated mozilla-thunderbird (multiple vulnerabilities).

Friday's security updates

Friday 27th of January 2017 05:02:51 PM

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities), mysql (C6: three vulnerabilities), squid (C7: information leak), and squid34 (C6: information leak).

Debian has updated libxpm (code execution).

Debian-LTS has updated asterisk (denial of service from 2014), firefox-esr (multiple vulnerabilities), lcms2 (denial of service), and libxpm (code execution).

Mageia has updated firefox (multiple vulnerabilities), gstreamer (code execution), and php-phpmailer (two vulnerabilities).

openSUSE has updated apache2 (42.2: denial of service) and gstreamer-0_10-plugins-good (42.1: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and puppet-swift (OSP10.0: information disclosure).

Slackware has updated mozilla-thunderbird (multiple vulnerabilities).

An Interview with Krita Maintainer Boudewijn Rempt (Renderosity)

Friday 27th of January 2017 04:13:08 PM
Renderosity Magazine talks with Boudewijn Rempt about the Krita painting application. "Well, we make Krita for artists who want to create images. It's not an image editor with a brush engine, it's really meant for sketching, painting, illustrating. So that is what we optimize the workflow for. And people tell us that that works very well for them!"

An Interview with Krita Maintainer Boudewijn Rempt (Renderosity)

Friday 27th of January 2017 04:13:08 PM
Renderosity Magazine talks with Boudewijn Rempt about the Krita painting application. "Well, we make Krita for artists who want to create images. It's not an image editor with a brush engine, it's really meant for sketching, painting, illustrating. So that is what we optimize the workflow for. And people tell us that that works very well for them!"

More in Tux Machines

RaspEX Linux Brings Ubuntu 16.10 with LXDE Desktop to Raspberry Pi 3 and 2 SBCs

GNU/Linux developer Arne Exton is back with a new release, and this time he managed to publish a new build of his RaspEX Linux project for Raspberry Pi 2 and Raspberry Pi 3 single-board computers. Read more

Black Lab Linux 9 to Launch in June as Version 10 Is Planned for November 2017

Softpedia was informed by Black Lab Software that the managed to publish an initial roadmap for the next point releases and major versions of the Ubuntu-based Black Lab Linux operating system in 2017. Read more

What a Linux Desktop Does Better

After I resolved to adopt Linux, my confidence grew slowly but surely. Security-oriented considerations were compelling enough to convince me to switch, but I soon discovered many more advantages to the Linux desktop. For those still unsure about making the transition, or those who have done so but may not know everything their system can do, I'll showcase here some of the Linux desktop's advantages. Read more

Slackware-Based Zenwalk Linux Gets New ISO Snapshot with GTK3 Build of Firefox

The development team behind the Slackware-based Zenwalk GNU/Linux distribution have announced the release and general availability of a new ISO snapshot image with all the latest software versions and some exciting new features. Read more