Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 48 min ago

Conservancy Seeks Your Questions on GPL Enforcement

Monday 1st of June 2015 07:27:08 PM
Software Freedom Conservancy has announced a long-term campaign to increase education and understanding about community-driven GPL enforcement processes. "Conservancy invites developers and other Open Source and Free Software contributors to email their questions on GPL enforcement to <enforcement-questions@sfconservancy.org>. Conservancy cannot promise to answer every question; Conservancy will use the collected questions over the coming months to provide more educational and informational materials about GPL enforcement, and in particular about Conservancy's GPL Compliance Project for Linux Developers."

Security advisories for Monday

Monday 1st of June 2015 04:34:28 PM

Debian has updated fusionforge (code execution), postgresql-9.1 (regression in previous update), and symfony (restriction bypass).

Debian-LTS has updated ipsec-tools (denial of service), ruby1.9.1 (multiple vulnerabilities), and wordpress (multiple vulnerabilities).

Fedora has updated gcab (F21: directory traversal), libtiff (F21: two vulnerabilities), netty (F22: HttpOnly cookie bypass), php-ZendFramework (F22: CRLF injection), python-django (F22: incorrect session flushing), suricata (F21: denial of service), torque (F22; F21; F20: denial of service), and zeromq (F22: security bypass).

Gentoo has updated adobe-flash (multiple vulnerabilities) and phpmyadmin (multiple vulnerabilities).

openSUSE has updated Chromium (13.2, 13.1: multiple vulnerabilities), parallel (13.2, 13.1: file overwrite), and mysql-connector-java (13.2, 13.1: information disclosure).

SUSE has updated firefox (SLE11SP3: multiple vulnerabilities).

Kernel prepatch 4.1-rc6

Monday 1st of June 2015 09:39:17 AM
The 4.1-rc6 kernel prepatch is out. Linus says that "things look normal."

Linux support for digital video broadcasting

Friday 29th of May 2015 09:12:42 PM
Mauro Carvalho Chehab, the maintainer of the kernel's media subsystem, has posted the first two in a series of articles on digital video broadcasting support in Linux. Part 1 gives an overview of how the devices and protocols work, while part 2 looks at digital TV network interface use. "Supporting embedded Digital TV hardware is complex, considering that such hardware generally has multiple components that can be rewired in runtime to dynamically change the stream pipelines and provide flexibility for things like recording a video stream, then tuning into another channel to see a different program. This article describes how the DVB pipelines are setup and the needs that should be addressed by the Linux Kernel."

Announcing GitTorrent: A Decentralized GitHub

Friday 29th of May 2015 08:30:20 PM

At his blog, Chris Ball announces "GitTorrent," his new project designed to let developers host Git repositories on BitTorrent. The system takes advantage of Git's ability to run over arbitrary network protocols. "We ask for the commit we want and connect to a node with BitTorrent, but once connected we conduct this Smart Protocol negotiation in an overlay connection on top of the BitTorrent wire protocol, in what’s called a BitTorrent Extension. Then the remote node makes us a packfile and tells us the hash of that packfile, and then we start downloading that packfile from it and any other nodes who are seeding it using Standard BitTorrent. We can authenticate the packfile we receive, because after we uncompress it we know which Git commit our graph is supposed to end up at; if we don’t end up there, the other node lied to us, and we should try talking to someone else instead." The project is, obviously, a new one that still has important ground to cover—such as dealing with comments or pull requests—but there are interesting ideas to consider already.

Friday's security updates

Friday 29th of May 2015 02:42:01 PM

Debian has updated virtualbox (privilege escalation).

Debian-LTS has updated clamav (multiple vulnerabilities), postgresql-8.4 (multiple vulnerabilities), and tomcat6 (multiple vulnerabilities).

[$] LWN.net Weekly Edition for May 29, 2015

Friday 29th of May 2015 01:12:17 AM
The LWN.net Weekly Edition for May 29, 2015 is available.

LibreOffice Viewer for Android released

Thursday 28th of May 2015 04:24:27 PM
The Document Foundation has announced the availability of the LibreOffice viewer for Android systems. And it's not just for viewing: "LibreOffice Viewer also offers basic editing capabilities, like modifying words in existing paragraphs and changing font styles such as bold and italics. Editing is still an experimental feature which has to be enabled separately in the settings, and is not stable enough for mission critical tasks."

A security study of Docker images

Thursday 28th of May 2015 02:56:50 PM
The folks at Banyan have looked into the security state of the images stored on Docker Hub and published their results. "More than a third of all images have high priority vulnerabilities and close to two-thirds have high or medium priority vulnerabilities. These statistics are especially troublesome because these images are also some of the most downloaded images (several of them have hundreds of thousands of downloads)."

Security updates for Thursday

Thursday 28th of May 2015 01:39:05 PM

Arch Linux has updated curl (information leak).

Debian-LTS has updated dulwich (code execution), eglibc (code execution), exactimage (denial of service), and libnokogiri-ruby (information disclosure from 2012).

Fedora has updated ca-certificates (F20: CA update), hostapd (F21; F20: denial of service), java-1.8.0-openjdk (F20: insecure tmp file use), LibRaw (F21: denial of service), mingw-LibRaw (F21: denial of service), openslp (F20: two denial of service flaws, one from 2010, one from 2012), php (F21; F20: multiple vulnerabilities), postgresql (F22: three vulnerabilities), and rawtherapee (F22: denial of service).

Mageia has updated fuse (privilege escalation), kernel-linus (denial of service), and kernel-tmb (denial of service).

openSUSE has updated glibc, glibc-testsuite, glibc-utils, glibc.i686 (13.2, 13.1: two vulnerabilities).

SUSE has updated firefox (SLE12: multiple vulnerabilities).

[$] SourceForge replacing GIMP Windows downloads

Thursday 28th of May 2015 12:02:56 PM

In 2013, we reported that SourceForge.net had started to redirect the download links clicked on by some users, providing those users with an installer program that bundled in not just the software the user had requested, but a set of side-loaded "utilities" as well. The practice raised the ire of many in the community, even though it was an optional service that SourceForge offered to project owners. Matters may have changed recently, however, as the GIMP project discovered that "GIMP for Windows" downloads had suddenly become side-loading installers—and that the project could no longer access the SourceForge account that was used to distribute them.

This week's edition will be one day late

Thursday 28th of May 2015 03:10:41 AM
LWN staff celebrated the US Memorial Day holiday on Monday this week, so the Weekly Edition will come out on the holiday schedule — one day later than usual. We will return to our normal schedule next week. Thank you all, as always, for supporting LWN.

White House sides with Oracle, tells Supreme Court APIs are copyrightable (ArsTechnica)

Wednesday 27th of May 2015 08:21:17 PM
Ars Technica reports that the US Justice Department has sided with Oracle in its dispute with Google. "The dispute centers on Google copying names, declarations, and header lines of the Java APIs in Android. Oracle filed suit, and in 2012, a San Francisco federal judge sided with Google. The judge ruled that the code in question could not be copyrighted. Oracle prevailed on appeal, however. A federal appeals court ruled that the "declaring code and the structure, sequence, and organization of the API packages are entitled to copyright protection." Google maintained that the code at issue is not entitled to copyright protection because it constitutes a "method of operation" or "system" that allows programs to communicate with one another." (Thanks to Martin Michlmayr)

Wednesday's security updates

Wednesday 27th of May 2015 04:18:22 PM

Debian has updated ntfs-3g (incomplete fix in previous update).

Debian-LTS has updated ntfs-3g (incomplete fix in previous update).

Red Hat has updated kernel (RHEL6.4: privilege escalation) and qemu-kvm (RHEL6.5: code execution).

Ubuntu has updated ntfs-3g (15.04: incomplete fix in previous update) and openldap (15.04, 14.10, 14.04, 12.04: denial of service).

Mourning Marco Pesenti Gritti

Wednesday 27th of May 2015 02:06:35 PM
The GNOME community is mourning the loss of developer Marco Pesenti Gritti, who passed away on May 23. "He was the most passionate and dedicated hacker I knew, and I know he was extremely respected in the GNOME community, for his work on Epiphany, Evince and Sugar among many others, just like he was at litl. Those who knew him personally know he was also an awesome human being."

Jonathan Riddell forced out of Kubuntu

Wednesday 27th of May 2015 01:40:51 AM
Scott Kitterman has posted a series of emails around the the Ubuntu Community Council's decision to remove Jonathan Riddell as the leader of the Kubuntu project. He has also stated his intent to leave the Ubuntu community. "I also wish to extend my personal apology to the Kubuntu community for keeping this private for as long as we did. Generally, I don’t believe such an approach is consistent with our values, but I supported keeping it private in the hope that it would be easier to achieve a mutually beneficial resolution of the situation privately. Now that it’s clear that is not going to happen, I (and others in the KC) could not in good faith keep this private."

Trouble with the May 22 PostgreSQL update

Tuesday 26th of May 2015 09:45:04 PM
If you run PostgreSQL and have applied one of the updates that were released on May 22, it would be a good idea to read this page about an unfortunate bug in those releases. In some cases, the problem can cause the server to fail to restart after a crash. There is a new release in the works; meanwhile, a workaround is available.

The Moose is loose: Linux-based worm turns routers into social network bots (Ars Technica)

Tuesday 26th of May 2015 09:28:54 PM
Ars Technica takes a look at the latest malware threat. "A worm that targets cable and DSL modems, home routers, and other embedded computers is turning those devices into a proxy network for launching armies of fraudulent Instagram, Twitter, and Vine accounts as well as fake accounts on other social networks. The new worm can also hijack routers' DNS service to route requests to a malicious server, steal unencrypted social media cookies such as those used by Instagram, and then use those cookies to add "follows" to fraudulent accounts. This allows the worm to spread itself to embedded systems on the local network that use Linux-based operating systems. The malware, dubbed "Linux/Moose" by Olivier Bilodeau and Thomas Dupuy of the security firm ESET Canada Research, exploits routers open to connections from the Internet via Telnet by performing brute-force login attempts using default or common administrative credentials. Once connected, the worm installs itself on the targeted device."

Security advisories for Tuesday

Tuesday 26th of May 2015 04:53:19 PM

Arch Linux has updated nbd (denial of service), pgbouncer (denial of service), postgresql (multiple vulnerabilities), webkitgtk (information disclosure), and webkitgtk2 (information disclosure).

Debian has updated ipsec-tools (denial of service), nbd (denial of service), postgresql-9.1 (multiple vulnerabilities), postgresql-9.4 (multiple vulnerabilities), tiff (multiple vulnerabilities), and zendframework (multiple vulnerabilities).

Debian-LTS has updated ntfs-3g (privilege escalation).

Fedora has updated firefox (F22: multiple vulnerabilities), hostapd (F22: denial of service), java-1.8.0-openjdk (F22: file overwrites), kernel (F20: two vulnerabilities), libarchive (F21: denial of service), LibRaw (F22; F20: denial of service), mingw-LibRaw (F22; F22; F20: denial of service), openstack-glance (F22: access restriction bypass), php (F22: multiple vulnerabilities), php-ZendFramework2 (F22: CRLF injection), phpMyAdmin (F22: two vulnerabilities), qemu (F22; F20: code execution), quassel (F22: denial of service), suricata (F22: denial of service), thunderbird (F22: multiple vulnerabilities), wordpress (F22: cross-site scripting), and xen (F22; F21; F20: privilege escalation).

Mageia has updated chromium-browser-stable (multiple vulnerabilities) and kernel (memory corruption).

openSUSE has updated coreutils (13.2: multiple vulnerabilities), firefox (13.2, 13.1: multiple vulnerabilities), libraw (13.2, 13.1: denial of service), LibVNCServer (13.2: code execution), quassel (13.2, 13.1: SQL injection), thunderbird (13.2, 13.1: multiple vulnerabilities), and wireshark (13.2; 13.1: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities).

SUSE has updated KVM (SLES11SP2: code execution), MySQL (SLE11SP3: multiple vulnerabilities), and Xen (SLES11SP2; SLES11SP1; SLES10SP4: two vulnerabilities).

Ubuntu has updated kernel (14.04: denial of service), linux-lts-trusty (12.04: denial of service), and postgresql-9.1, postgresql-9.3, postgresql-9.4 (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

Fedora 22 released

Tuesday 26th of May 2015 02:15:57 PM
The Fedora 22 release is out. "If this release had a human analogue, it'd be Fedora 21 after it'd been to college, landed a good job, and kept its New Year's Resolution to go to the gym on a regular basis. What we're saying is that Fedora 22 has built on the foundation we laid with Fedora 21 and the work to create distinct editions of Fedora focused on the desktop, server, and cloud (respectively). It's not radically different, but there are a fair amount of new features coupled with features we've already introduced but have improved for Fedora 22." LWN's preview of Fedora 22 was published in the May 21 Weekly Edition.

More in Tux Machines

Linux Kernel 4.0 Arrives in antiX 15, New Beta Release Ready for Download

The final version of the antiX 15 Linux operating system will be released very soon, but until then we can test the Beta 3 pre-release version that has been announced today, June 1, 2015. Read more

Fotoxx 15.06 Open Source Photo Editor Released with New Tools and Many Improvements

kornelix has just released a new version of its Fotoxx open source and free photo and image editing and collection management software for GNU/Linux operating systems. Read more

Linux & the Bling Factor

I’ve spent the last decade introducing people to Linux. These weren’t “here-this-is-a-live-Linux-CD-figure-it-out-yourself-and-good-luck” encounters. We’re talking face-to-face interactions, and often those interactions took place for more than an hour. Sometimes in two or three sessions. I’ve had a chance to see and hear people’s wide range of first reactions to Linux on the desktop, and there is no way to misinterpret those reactions: Linux on the desktop will often float or sink just from the way it appears to the beholder in the first minute. Read more

Black Lab Linux Education Desktop 6 SR4 Is Now Based on Ubuntu 14.04 LTS

After informing us about the immediate availability of Black Lab Linux Enterprise Desktop 6 SR4, Black Lab Software had the great pleasure of sending us details about the fourth service release of their Black Lab Linux Education Desktop 6 distribution. Read more