Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 23 min ago

Mailman 3.1.0 released

Friday 26th of May 2017 09:01:33 PM
The 3.1.0 release of the Mailman mailing list manager is out. "Two years after the original release of Mailman 3.0, this version contains a huge number of improvements across the entire stack. Many bugs have been fixed and new features added in the Core, Postorius (web u/i), and HyperKitty (archiver). Upgrading from Mailman 2.1 should be better too. We are seeing more production sites adopt Mailman 3, and we've been getting great feedback as these have rolled out. Important: mailman-bundler, our previous recommended way of deploying Mailman 3, has been deprecated. Abhilash Raj is putting the finishing touches on Docker images to deploy everything, and he'll have a further announcement in a week or two." New features include support for Python 3.5 and 3.6, MySQL support, new REST resources and methods, user interface and user experience improvements, and more.

Poyarekar: The story of tunables

Friday 26th of May 2017 07:43:09 PM
On his blog, Siddhesh Poyarekar looks at tunables in the GNU C library (glibc). The idea for centralizing the handling of tunable parameters in the library started back 2013, but was added to glibc in version 2.25 that was released in February. "Tunables is an internal implementation detail in glibc. It is a way to manage ways in which we allow behaviour in glibc to be modified. As of now the only way to manage glibc is via environment variables and the way to do that was strewn all over the place in the source code. Tunables provide one place to add the tunable parameter with all of the characteristics it would have and then the framework will handle everything from there. The user of that tunable (e.g. malloc for MALLOC_MMAP_THRESHOLD_ or malloc.mmap.threshold in tunables parlance) would then simply access the tunable from the list and do what it wants to do, without bothering about where it came from."

[$] What's new in gnuplot 5.2

Friday 26th of May 2017 04:59:51 PM
This article is a tour of some of the newest features in the gnuplot plotting utility. Some of these features are already present in the 5.0 release, and some are planned for the next official release, which will be gnuplot 5.2. Highlights in the upcoming release include hypertext labels, more control over axes, a long-awaited ability to add labels to contours, better lighting effects, and more; read on for the details.

Security updates for Friday

Friday 26th of May 2017 03:48:35 PM
Security updates have been issued by CentOS (kernel), Debian (graphicsmagick, imagemagick, kde4libs, and puppet), Fedora (FlightCrew, kernel, libvncserver, and wordpress), Gentoo (adobe-flash, smb4k, teeworlds, and xen), Mageia (kernel, kernel-linus, kernel-tmb, and perl-CGI-Emulate-PSGI), openSUSE (GraphicsMagick and rpcbind), Oracle (kernel), Red Hat (kernel and kernel-rt), and Scientific Linux (kernel).

The Licensing and Compliance Lab interviews AJ Jordon of gplenforced.org (FSF Blog)

Thursday 25th of May 2017 10:56:55 PM
The Free Software Foundation's blog is carrying an interview with AJ Jordon, who runs the gplenforced.org site to support GPL enforcement efforts and to help other projects indicate their support. "gplenforced.org is a small site I made that has exactly two purposes: host a badge suitable for embedding into a README file on GitLab or something, and provide some text with an easy and friendly explanation of GPL enforcement for that badge to link to. Putting badges in READMEs has been pretty trendy for a while now — people add badges to indicate whether their test suite is passing, their dependencies are up-to-date, and what version is published in language package managers. gplenforced.org capitalizes on that trend to add the maintainer's beliefs about license enforcement, too."

Alpine Linux 3.6.0 Released

Thursday 25th of May 2017 08:35:09 PM
Alpine Linux 3.6.0 has been released. Alpine is an independent, minimalist distribution that is built around musl libc and busybox to keep it small and resource efficient. This version adds support for 64-bit little-endian POWER machines (ppc64le) and 64-bit IBM z Systems (s390x).

Devuan Jessie 1.0.0 stable LTS

Thursday 25th of May 2017 08:17:14 PM
The Devuan project set out to create a systemd-less Debian, and now Devuan Jessie 1.0.0 Stable has been released. "There have been no significant bug reports since Devuan Jessie RC2 was announced only three weeks ago and the list of release critical bugs is now empty. So finally Devuan Jessie Stable is ready for release! As promised, this will also be a Long-Term-Support (LTS) release. Our team will participate in providing patches, security updates, and release upgrades beyond the planned lifespan of Debian Jessie."

Stable kernel updates

Thursday 25th of May 2017 05:55:01 PM
Greg Kroah-Hartman has announced the release of the 4.11.3, 4.9.30, 4.4.70, and 3.18.55 stable kernels. They contain a rather large set of patches all over the tree and users should upgrade.

Security updates for Thursday

Thursday 25th of May 2017 03:32:02 PM
Security updates have been issued by CentOS (samba and samba4), Mageia (samba), openSUSE (bash and samba), Oracle (samba and samba4), Slackware (samba), SUSE (ghostscript and java-1_7_0-openjdk), and Ubuntu (firefox and samba).

[$] LWN.net Weekly Edition for May 25, 2017

Thursday 25th of May 2017 12:46:50 AM
The LWN.net Weekly Edition for May 25, 2017 is available.

[$] Progress on the Gilectomy

Wednesday 24th of May 2017 08:37:29 PM

At the 2016 Python Language Summit, Larry Hastings introduced Gilectomy, his project to remove the global interpreter lock (GIL) from CPython. The GIL serializes access to the Python interpreter, so it severely limits the performance of multi-threaded Python programs. At the 2017 summit, Hastings was back to update attendees on the progress he has made and where Gilectomy is headed.

[$] The state of bugs.python.org

Wednesday 24th of May 2017 07:27:05 PM

In a brief session at the 2017 Python Language Summit, Maciej Szulik gave an update on the state and plans for bugs.python.org (bpo). It is the Roundup-based bug tracker for Python; moving to GitHub has not changed that. He described the work that two Google Summer of Code (GSoC) students have done to improve the bug tracker.

[$] New CPython workflow issues

Wednesday 24th of May 2017 04:57:23 PM

As part of a discussion in 2014 about where to host some of the Python repositories, Brett Cannon was delegated the task of determining where they should end up. In early 2016, he decided that Python's code and other repositories (e.g. PEPs) should land at GitHub; at last year's language summit, he gave an overview of where things stood with a few repositories that had made the conversion. Since that time, the CPython repository has made the switch and he wanted to discuss some of the workflow issues surrounding that move at this year's summit.

A Samba remote code execution vulnerability

Wednesday 24th of May 2017 04:18:48 PM
The Samba Team has issued an advisory regarding CVE-2017-7494: "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it." Distributors are already shipping the fix; there's also a workaround in the advisory for those who cannot update immediately.

[$] System monitoring with osquery

Wednesday 24th of May 2017 04:17:26 PM

Your operating system generates a lot of run-time data and statistics that are useful for monitoring system security and performance. How you get this information depends on the operating system you're running. It could be a from report in a fancy GUI, or obtained via a specialized API, or simply text values read from the filesystem in the case of Linux and /proc. However, imagine if you could get this data via an SQL query, and obtain the output as a database table or JSON object. This is exactly what osquery lets you do on Linux, macOS, and Windows.

Check Point: Hacked in Translation

Wednesday 24th of May 2017 04:13:22 PM
Check Point has issued an advisory that a number of video-player applications can be compromised via specially crafted subtitles. "By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years."

[$] Python 3.6.x, 3.7.0, and beyond

Wednesday 24th of May 2017 03:50:35 PM

Ned Deily, release manager for the Python 3.6 and 3.7 series, opened up the 2017 edition of the Python Language Summit with a look at the release process and where things stand. It was an "abbreviated update" to his talk at last year's summit, he said. He looked to the future for 3.6 and 3.7, but also looked a bit beyond those two.

This is the start of LWN's coverage of the language summit; look for more articles over the next week or so.

Security updates for Wednesday

Wednesday 24th of May 2017 03:41:13 PM
Security updates have been issued by CentOS (libtirpc and rpcbind), Debian (libtasn1-3, libtasn1-6, and samba), Fedora (FlightGear, openvpn, and python-fedora), openSUSE (libtirpc and libxslt), Oracle (libtirpc and rpcbind), Red Hat (samba, samba3x, and samba4), Scientific Linux (samba and samba4), SUSE (java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, samba, and tomcat), and Ubuntu (jbig2dec, miniupnpc, rtmpdump, and samba).

[$] Containers as kernel objects

Tuesday 23rd of May 2017 10:56:06 PM
The kernel has, over the years, gained comprehensive support for containers; that, in turn, has helped to drive the rapid growth of a number of containerization systems. Interestingly, though, the kernel itself has no concept of what a container is; it just provides a number of facilities that can be used in the creation of containers in user space. David Howells is trying to change that state of affairs with a patch set adding containers as a first-class kernel object, but the idea is proving to be a hard sell in the kernel community.

LibreOffice leverages Google’s OSS-Fuzz to improve quality of office suite

Tuesday 23rd of May 2017 06:31:44 PM
The Document Foundation looks at the progress made in improving the quality and reliability of LibreOffice's source code by using Google's OSS-Fuzz. "Developers have used the continuous and automated fuzzing process, which often catches issues just hours after they appear in the upstream code repository, to solve bugs - and potential security issues - before the next binary release. LibreOffice is the first free office suite in the marketplace to leverage Google's OSS-Fuzz. The service, which is associated with other source code scanning tools such as Coverity, has been integrated into LibreOffice's security processes - under Red Hat's leadership - to significantly improve the quality of the source code."

More in Tux Machines

today's howtos

GNOME: Mutter, gresg, and GTK

  • Mutter 3.25.2 Has Bug Fixes, Some Performance Work
    Florian Müllner has pushed out an updated Mutter 3.25.2 window manager / compositor release in time for the GNOME 3.25.2 milestone in the road to this September's GNOME 3.26 release. Mutter 3.25.2 has a number of fixes ranging from fixing frame updates in certain scenarios, accessible screen coordinates on X11, some build issues, and more.
  • gresg – an XML resources generator
    For me, create GTK+ custom widgets is a very common task. Using templates for them, too.
  • Free Ideas for UI Frameworks, or How To Achieve Polished UI
    Ever since the original iPhone came out, I’ve had several ideas about how they managed to achieve such fluidity with relatively mediocre hardware. I mean, it was good at the time, but Android still struggles on hardware that makes that look like a 486… It’s absolutely my fault that none of these have been implemented in any open-source framework I’m aware of, so instead of sitting on these ideas and trotting them out at the pub every few months as we reminisce over what could have been, I’m writing about them here. I’m hoping that either someone takes them and runs with them, or that they get thoroughly debunked and I’m made to look like an idiot. The third option is of course that they’re ignored, which I think would be a shame, but given I’ve not managed to get the opportunity to implement them over the last decade, that would hardly be surprising. I feel I should clarify that these aren’t all my ideas, but include a mix of observation of and conjecture about contemporary software. This somewhat follows on from the post I made 6 years ago(!) So let’s begin.

Distro News: Alpine, Devuan, and openSUSE

OSS Leftovers