Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 18 sec ago

Clasen: Using modern gettext

Friday 22nd of July 2016 10:33:52 PM

At his blog, Matthias Clasen explores the recent enhancements to the the classic GNU gettext utility. Thanks in large part to new maintainer Daiki Ueno, gettext now understands many more file formats—thus enabling developers to easily extract strings from a wide variety of source files for translation. In addition to programming languages, Clasen notes, gettext understands .desktop files, GSettings schemas, GtkBuilder ui files, and Appdata files. "If you don’t want to wait for your favorite format to come with built-in its support, you can also include its files with your application; gettext will look for such files in $XDG_DATA_DIRS/gettext/its/."

Friday's security updates

Friday 22nd of July 2016 03:23:13 PM

Arch Linux has updated drupal (proxy injection).

Debian has updated mysql-5.5 (multiple vulnerabilities) and squid3 (multiple vulnerabilities).

Debian-LTS has updated python-django (cross-site scripting).

openSUSE has updated p7zip (13.1: code execution).

Slackware has updated gimp (14.0, 14.1, 14.2: code execution) and php (14.0, 14.1, 14.2: multiple vulnerabilities).

Ubuntu has updated mysql-5.5, mysql-5.6, mysql-5.7 (12.04, 14.04, 15.10, 16.04: multiple vulnerabilities).

EFF Lawsuit Takes on DMCA Section 1201: Research and Technology Restrictions Violate the First Amendment

Thursday 21st of July 2016 07:37:03 PM
The Electronic Frontier Foundation (EFF) has announced that it is suing the US government over provisions in the Digital Millennium Copyright Act (DMCA). The suit has been filed on behalf of Andrew "bunnie" Huang, who has a blog post describing the reasons behind the suit. The EFF also explained why these DMCA provisions should be ruled unconstitutional: "These provisions—contained in Section 1201 of the DMCA—make it unlawful for people to get around the software that restricts access to lawfully-purchased copyrighted material, such as films, songs, and the computer code that controls vehicles, devices, and appliances. This ban applies even where people want to make noninfringing fair uses of the materials they are accessing. Ostensibly enacted to fight music and movie piracy, Section 1201 has long served to restrict people’s ability to access, use, and even speak out about copyrighted materials—including the software that is increasingly embedded in everyday things. The law imposes a legal cloud over our rights to tinker with or repair the devices we own, to convert videos so that they can play on multiple platforms, remix a video, or conduct independent security research that would reveal dangerous security flaws in our computers, cars, and medical devices. It criminalizes the creation of tools to let people access and use those materials."

Security updates for Thursday

Thursday 21st of July 2016 02:02:30 PM

Arch Linux has updated bind (denial of service).

CentOS has updated java-1.8.0-openjdk (C7; C6: multiple vulnerabilities).

Debian-LTS has updated libarchive (multiple vulnerabilities, most from 2015).

Fedora has updated openssh (F24: user enumeration via timing side-channel) and p7zip (F24: two code execution flaws).

openSUSE has updated dhcp (42.1: denial of service).

Oracle has updated java-1.8.0-openjdk (OL7; OL6: multiple vulnerabilities).

Red Hat has updated java-1.6.0-sun (multiple vulnerabilities), java-1.7.0-oracle (multiple vulnerabilities), java-1.8.0-oracle (RHEL6&7: multiple vulnerabilities), and openstack-neutron (RHOSP8; RHOSP7: three vulnerabilities, one from 2015).

Scientific Linux has updated java-1.8.0-openjdk (SL6&7: multiple vulnerabilities).

SUSE has updated obs-service-source_validator (SLE12: code execution).

[$] LWN.net Weekly Edition for July 21, 2016

Thursday 21st of July 2016 12:02:59 AM
The LWN.net Weekly Edition for July 21, 2016 is available.

An honorary degree for Alan Cox

Wednesday 20th of July 2016 06:24:46 PM
Congratulations are due to Alan Cox, who was awarded an honorary degree by Swansea University for his work with Linux. "Alan started working on Version 0. There were bugs and problems he could correct. He put Linux on a machine in the Swansea University computer network, which revealed many problems in networking which he sorted out; later he rewrote the networking software. Alan brought to Linux software engineering discipline: Linux software releases that were tested, corrected and above all stable. On graduating, Alan worked at Swansea University, set up the UK Linux server and distributed thousands of systems."

Smedberg: Reducing Adobe Flash Usage in Firefox

Wednesday 20th of July 2016 06:01:20 PM
Benjamin Smedberg writes that the Firefox browser will soon start taking a more active approach to the elimination of Flash content. "Starting in August, Firefox will block certain Flash content that is not essential to the user experience, while continuing to support legacy Flash content. These and future changes will bring Firefox users enhanced security, improved battery life, faster page load, and better browser responsiveness."

Security updates for Wednesday

Wednesday 20th of July 2016 04:42:50 PM

Debian has updated apache2 (HTTP redirect).

Debian-LTS has updated apache2 (HTTP redirect).

Fedora has updated ecryptfs-utils (F24: two vulnerabilities), kernel (F24; F23: multiple vulnerabilities), php-doctrine-orm (F24; F23: privilege escalation), and spice (F24: two vulnerabilities).

Gentoo has updated ansible (code execution), arpwatch (privilege escalation from 2012), bugzilla (multiple vulnerabilities from 2014), commons-beanutils (code execution from 2014), dropbear (information disclosure), exim (code execution from 2014), libbsd (denial of service), ntp (many vulnerabilities), and varnish (access control bypass).

openSUSE has updated ImageMagick (Leap42.1: many vulnerabilities), nodejs (Leap42.1, 13.2: buffer overflow), and samba (13.2: crypto downgrade).

Red Hat has updated java-1.8.0-openjdk (RHEL6,7: multiple vulnerabilities).

SUSE has updated flash-player (SLE12-SP1: multiple vulnerabilities).

Ubuntu has updated python-django (16.04: cross-site scripting).

Tor veteran Lucky Green exits, torpedos critical 'Tonga' node and relays (The Register)

Tuesday 19th of July 2016 09:17:17 PM
The Register reports that longtime Tor contributor Lucky Green is quitting and closing down the node and bridge authority he operates. "Practically, it's a big deal. Bridge Authorities are part of the infrastructure that lets users get around some ISP-level blocks on the network (not, however, defeating deep packet inspection). They're also incorporated in the Tor code, meaning that to remove a Bridge Authority is going to need an update." The shutdown is scheduled for August 31. (Thanks to Nomen Nescio)

The Importance of Following Community-Oriented Principles in GPL Enforcement Work

Tuesday 19th of July 2016 08:55:02 PM
The Software Freedom Conservancy is one of the few organizations involved in GPL enforcement, and it has published principles regarding enforcement practices that seek compliance and not financial penalties. Bradley Kuhn and Karen Sandler urge others doing GPL enforcement to follow principles set forth by the SFC. "One impetus in drafting the Principles was our discovery of ongoing enforcement efforts that did not fit with the GPL enforcement community traditions and norms established for the last two decades. Publishing the previously unwritten guidelines has quickly separated the wheat from the chaff. Specifically, we remain aware of multiple non-community-oriented GPL enforcement efforts, where none of those engaged in these efforts have endorsed our principles nor pledged to abide by them. These “GPL monetizers”, who trace their roots to nefarious business models that seek to catch users in minor violations in order to sell an alternative proprietary license, stand in stark contrast to the work that Conservancy, FSF and gpl-violations.org have done for years." The actions of one individual prompted the netfilter project to make a statement endorsing the principles, which we covered earlier this month.

Qt WebBrowser 1.0

Tuesday 19th of July 2016 06:46:37 PM
Version 1.0 of the QtWebBrowser has been released. Qt WebBrowser is a browser for embedded devices developed using the capabilities of Qt and Qt WebEngine. "The browser is optimized for embedded touch displays (running Linux), but you can play with it on the desktop platforms, too! Just make sure that you have Qt WebEngine, Qt Quick, and Qt VirtualKeyboard installed (version 5.7 or newer). For optimal performance on embedded devices you should plan for hardware-accelerated OpenGL, and around 1 GiByte of memory for the whole system. Anyhow, depending on your system configuration and the pages to be supported there is room for optimization."

Security advisories for Tuesday

Tuesday 19th of July 2016 03:48:50 PM

CentOS has updated httpd (C7; C6; C5: HTTP redirect).

Debian has updated mysql-connector-java (information disclosure) and python-django (cross-site scripting).

Fedora has updated dnsmasq (F24: denial of service), gd (F23: two vulnerabilities), kernel (F22: multiple vulnerabilities), mingw-openjpeg2 (F24; F23: multiple vulnerabilities), pagure (F24: unspecified), pdfbox (F24: XML External Entity (XXE) attacks), perl (F24; F23: code execution), and tcpreplay (F24; F23: denial of service).

Mageia has updated imagemagick (three vulnerabilities).

openSUSE has updated apache2 (Leap42.1, 13.2: HTTP redirect).

Oracle has updated httpd (OL7; OL6; OL5: HTTP redirect).

Red Hat has updated httpd (RHEL7; RHEL5,6: HTTP redirect) and httpd24-httpd (RHSCL: two vulnerabilities).

Scientific Linux has updated httpd (SL7; SL5,6: HTTP redirect) and kernel (SL6: privilege escalation).

Ubuntu has updated apache2 (HTTP redirect) and thunderbird (two vulnerabilities).

How (and why) FreeDOS keeps DOS alive (ComputerWorld)

Monday 18th of July 2016 10:49:48 PM
ComputerWorld talks with Jim Hall, a contributor to FreeDOS. "FreeDOS (it was originally dubbed ‘PD-DOS’ for ‘Public Domain DOS’, but the name was changed to reflect that it’s actually released under the GNU General Public License) dates back to June 1994, meaning it is just over 22 years old — a formidable lifespan compared to many open source projects. “And if you consider the DOS platform, MS-DOS 1.0 dates back to 1981, ‘DOS’ as an operating system has been around for 35 years! That’s not too shabby,” Hall said. (Version 1.0 of MS-DOS — then marketed by IBM as PC DOS — was released in August 1981.)" (Thanks to Paul Wise)

Security advisories for Monday

Monday 18th of July 2016 04:24:08 PM

Arch Linux has updated flashplugin (multiple vulnerabilities), gimp (use-after-free), and lib32-flashplugin (multiple vulnerabilities).

Debian has updated libgd2 (multiple vulnerabilities) and pidgin (multiple vulnerabilities).

Debian-LTS has updated binutils (multiple vulnerabilities), phpmyadmin (multiple vulnerabilities), and ruby-eventmachine (denial of service).

Fedora has updated gimp (F22: use-after-free), httpd (F23: authentication bypass), openjpeg2 (F23: multiple vulnerabilities), perl (F22: code execution), python (F23: denial of service), python3 (F23: denial of service), samba (F23: crypto downgrade), and sudo (F23; F22: race condition).

Gentoo has updated cacti (multiple vulnerabilities), chromium (multiple vulnerabilities), cups (code execution), and gd (multiple vulnerabilities).

Ubuntu forums compromised

Friday 15th of July 2016 11:20:14 PM
Canonical has disclosed that the Ubuntu forum system has been compromised. "The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers. This gave them the ability to read from any table but we believe they only ever read from the ‘user’ table. They used this access to download portions of the ‘user’ table which contained usernames, email addresses and IPs for 2 million users. No active passwords were accessed."

Notes from the fourth RISC-V workshop

Friday 15th of July 2016 10:16:19 PM

The lowRISC project, which is an effort to develop a fully open-source, Linux-powered system-on-chip based on the RISC-V architecture, has published notes from the fourth RISC-V workshop. Notably, the post explains, the members of the RISC-V foundation voted to keep the RISC-V instruction-set architecture (ISA) and related standards open and license-free to all parties. There are also accounts included of the work on RISC-V interrupts, heterogeneous multicore RISC-V processors, support for non-volatile memory, and Debian's RISC-V port.

Friday's security updates

Friday 15th of July 2016 03:21:25 PM

Debian has updated php5 (multiple vulnerabilities).

Debian-LTS has updated clamav (fix for previously released update) and drupal7 (privilege escalation).

Fedora has updated openjpeg2 (F24: multiple vulnerabilities) and sqlite (F24: information leak).

Mageia has updated graphicsmagick (M5: multiple vulnerabilities), pdfbox (M5: XML External Entity (XEE) attack), sqlite3 (M5: information leak:), thunderbird (M5: multiple vulnerabilities), and util-linux (M5: denial of service).

openSUSE has updated flash-player (13.1: multiple vulnerabilities), LibreOffice (Leap 42.1: multiple vulnerabilities), libvirt (13.2; Leap 42.1: authentication bypass), and xerces-c (13.2: multiple vulnerabilities).

Red Hat has updated atomic-openshift (RHOSE 3.2: information leak).

Ubuntu has updated ecryptfs-utils (15.10, 16.04: information leak), kernel (14.04; 15.10: denial of service), libarchive (12.04, 14.04, 15.10, 16.04: code execution), linux-lts-trusty (12.04: denial of service), linux-lts-utopic (14.04: denial of service), linux-lts-vivid (14.04: denial of service), linux-lts-wily (14.04: denial of service), and linux-raspi2 (15.10: denial of service).

Automotive Grade Linux Releases 2.0 Spec Amid Growing Support (Linux.com)

Thursday 14th of July 2016 09:39:19 PM
Over at Linux.com, Eric Brown writes about the release of Automotive Grade Linux (AGL) Unified Code Base (UCB) 2.0 for in-vehicle infotainment (IVI) systems. "The latest version adds features like audio routing, rear seat display support, the beginnings of an app platform, and new development boards including the DragonBoard, Wandboard, and Raspberry Pi. AGL’s Yocto Project derived UCB distro, which is also based on part on the GENIVI and Tizen automotive specs, was first released in January. UCB 1.0 followed an experimental AGL stack in 2014 and an AGL Requirements Specification in June, 2015. UCB is scheduled for a 3.0 release in early 2017, at which point some automotive manufacturers will finally use it in production cars. Most of the IVI software will be based on UCB, but carmakers can also differentiate with their own features." We looked at AGL UCB 1.0 back in January.

Security advisories for Thursday

Thursday 14th of July 2016 02:23:11 PM

Fedora has updated gnutls (F23: certificate verification botch).

Gentoo has updated flash (many vulnerabilities).

openSUSE has updated flash-player (13.2: many vulnerabilities) and kernel (42.1: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL 5↦6: many vulnerabilities) and rh-nginx18-nginx (RHSC: multiple vulnerabilities).

SUSE has updated MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (SLE11: multiple vulnerabilities).

[$] LWN.net Weekly Edition for July 14, 2016

Thursday 14th of July 2016 01:11:58 AM
The LWN.net Weekly Edition for July 14, 2016 is available.

More in Tux Machines

Leftovers: Software

Emulation or WINE

Fedora: The Latest

  • New "remi-php71" repository
  • PHP on the road to the 7.1.0 release
  • First round of Fedora 24 Updated Lives now available. (torrents expected later this week)
    As noted by my colleague on his blog the first round of F24 Updated Lives are now available and carry the date 20160720, Also as mentioned last week on his blog F23 Respins are not going to be actively made, however we and the rest of the volunteer team will field off-off requests as time and resources permit. We are considering a new/second tracker for the Updated Spins but as of today there are only .ISO files available at https://alt.fedoraproject.org/pub/alt/live-respins [shortlink] F24 Live-Respins . The F24 respins carry the 4.6.4-200 Kernel and roughly ~500M of updates since the Gold ISOs were released just 5 weeks ago. (some ISOs have more updates, some less)

Leftovers: Ubuntu

  • Snappy Packaging Happenings In The Fedora, Arch Space
    This week Canonical hosted a Snappy Sprint in Heidelberg, Germany where they worked to further their new package management solution originally spearheaded for Ubuntu Touch. This wasn't an Ubuntu-only event, but Canonical did invite other distribution stakeholders. Coming out of this week's event were at least positive moments to share for both Arch and Fedora developers. The Arch snaps package guy made progress on snap confinement on Arch. Currently when using Snaps on Arch, there isn't any confinement support, which defeats some of the purpose. There isn't any confinement support since it relies upon some functionality in the Ubuntu-patched AppArmor with that code not yet being mainlined. Arch's Timothy Redaelli has got those AppArmor patches now running via some AUR packages. Thus it's possible to get snap confinement working on Arch, but it's not yet too pleasant of an experience.
  • PhantomJS 2.1.1 in Ubuntu different from upstream
    At the moment of this writing Vitaly's qtwebkit fork is 28 commits ahead and 39 commits behind qt:dev. I'm surprised Ubuntu's PhantomJS even works.
  • Ubuntu 16.04.1 LTS released
    Ubuntu 16.04 is a LTS version of Ubuntu.Now Ubuntu team has announced the release of it's first point release,Ubuntu 16.04.1.This first point release includes many updates containing bug fixes and fixing security issues as well and as always what most of users want from a distribution and most of distributions tries to perform,Stability.This release is also well focoused on stabilty as Ubuntu 16.04.