Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 22 min ago

Ardour 5.5 released

Thursday 1st of December 2016 05:34:23 PM
Version 5.5 of the Ardour audio editor has been released. "Among the notable new features are support for VST 2.4 plugins on OS X, the ability to have MIDI input follow MIDI track selection, support for Steinberg CC121, Avid Artist & Artist Mix Control surfaces, 'fanning out' of instrument outputs to new tracks/busses and the often requested ability to do horizontal zoom via vertical dragging on the rulers."

Thursday's security advisories

Thursday 1st of December 2016 04:24:21 PM

Debian has updated firefox-esr (code execution).

Debian-LTS has updated gst-plugins-good0.10 (three code execution flaws).

Gentoo has updated imagemagick (multiple vulnerabilities) and php (multiple vulnerabilities, one from 2015).

openSUSE has updated bash (42.1: multiple vulnerabilities, two from 2014) and libcares2 (13.2: code execution).

Slackware has updated firefox (code execution) and thunderbird (code execution).

Ubuntu has updated c-ares (code execution), firefox (two vulnerabilities), imagemagick (multiple vulnerabilities), kernel (16.10; 16.04; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), linux-ti-omap4 (12.04: code execution), and thunderbird (multiple vulnerabilities).

Trouble at Cyanogen

Thursday 1st of December 2016 03:50:59 PM
Cyanogen Inc. has put out a terse press release announcing the departure of founder (and CyanogenMod creator) Steve Kondik. See this rather less terse Android Police article for Kondik's view of the matter. The future of the CyanogenMod distribution seems unclear at this point; if it goes forward, it may have to do so with a different name.

[$] LWN.net Weekly Edition for December 1, 2016

Thursday 1st of December 2016 12:02:10 AM
The LWN.net Weekly Edition for December 1, 2016 is available.

Security advisories for Wednesday

Wednesday 30th of November 2016 05:08:16 PM

Arch Linux has updated neovim (code execution).

Debian has updated hdf5 (multiple vulnerabilities).

Fedora has updated drupal7 (F25; F24; F23: multiple vulnerabilities), p7zip (F25: denial of service), teeworlds (F25; F24; F23: code execution), and vagrant (F25; F24; F23: nfs export insertion).

Mageia has updated jenkins-remoting (code execution) and teeworlds (code execution).

Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities).

SUSE has updated vim (SLE12-SP2; SLE11-SP4: code execution).

[$] The Emacs dumper dispute

Wednesday 30th of November 2016 04:17:13 PM
As covered here in January, changes to the GNU C Library's memory-allocation routines have broken the "unexec" method used to build the Emacs editor. Fixing this problem has proved to be more challenging than originally thought; that issue has now come to a head in a disagreement that could cost the Emacs community one of its maintainers.

Git 2.11 released

Tuesday 29th of November 2016 10:11:07 PM
The Git project has announced the release of Git 2.11.0. This version prints longer abbreviated SHA-1 names and has better tools for dealing with ambiguous short SHA-1s, it's faster at accessing delta chains, and has other performance enhancements, and much more. The release notes contain more details.

Tuesday's security updates

Tuesday 29th of November 2016 04:37:39 PM

CentOS has updated expat (C6: code execution) and memcached (C6: code execution).

openSUSE has updated ffmpeg (Leap42.2: heap corruption) and virtualbox (Leap42.2: multiple unspecified vulnerabilities).

Oracle has updated expat (OL7; OL6: code execution).

Red Hat has updated expat (RHEL6,7: code execution) and thunderbird (RHEL5,6,7: multiple vulnerabilities).

SUSE has updated mariadb (SLE12-SP1,2; SLES12: multiple vulnerabilities) and qemu (SLES12: multiple vulnerabilities).

Ubuntu has updated python-cryptography (16.10, 16.04: bad key generation) and vim (code execution).

Time is running out for NTP (InfoWorld)

Monday 28th of November 2016 10:44:39 PM
InfoWorld looks at the underfunded NTP project. "NTP is more than 30 years old—it may be the oldest codebase running on the internet. Despite some hiccups, it continues to work well. But the project’s future is uncertain because the number of volunteer contributors has shrunk, and there’s too much work for one person—principal maintainer Harlan Stenn—to handle. When there is limited support, the project has to pick and choose what tasks it can afford to complete, which slows down maintenance and stifles innovation."

Security advisories for Monday

Monday 28th of November 2016 05:43:11 PM

Arch Linux has updated lib32-libtiff (multiple vulnerabilities), libtiff (multiple vulnerabilities), and ntp (multiple vulnerabilities).

Debian has updated icu (multiple vulnerabilities) and imagemagick (three vulnerabilities).

Debian-LTS has updated irssi (information disclosure), libsoap-lite-perl (XML expansion), and mcabber (roster push attack).

Fedora has updated bind (F23: denial of service) and python-tornado (F25: XSRF protection bypass).

Mageia has updated bzip2 (denial of service), chromium-browser-stable (multiple vulnerabilities), clamav (three vulnerabilities), giflib (denial of service), icu (two vulnerabilities), kernel-4.4.32 (code execution), libtiff (two vulnerabilities), lighttpd (man-in-the-middle attacks), and perl-Email-Address (denial of service).

openSUSE has updated wireshark (Leap42.2: multiple vulnerabilities).

SUSE has updated kernel (SLE12-SP1: multiple vulnerabilities).

Ubuntu has updated gst-plugins-good0.10, gst-plugins-good1.0 (incomplete fix in previous update).

Welte: Ten years anniversary of Openmoko

Monday 28th of November 2016 03:01:22 PM
Harald Welte looks back at the Openmoko phone with a ten-year perspective (and an almost unreadable low-contrast web page). "So yes, the smartphone world is much more restricted, locked-down and proprietary than it was back in the Openmoko days. If we had been more successful then, that world might be quite different today. It was a lost opportunity to make the world embrace more freedom in terms of software and hardware."

Kernel prepatch 4.9-rc7

Sunday 27th of November 2016 11:47:56 PM
The 4.9-rc7 kernel prepatch is out. Linus says that things are shaping up and it is possible, but perhaps not likely, that the final 4.9 release will happen on December 4. "I basically reserve the right to make up my mind next weekend."

Stable kernels 4.8.11 and 4.4.35

Sunday 27th of November 2016 04:14:01 PM
Greg Kroah-Hartman has announced the release of the 4.8.11 and 4.4.35 stable kernels. As usual, they contain fixes throughout the kernel tree and users of those kernel series should upgrade.

Friday's security updates

Friday 25th of November 2016 04:40:03 PM

Arch Linux has updated tomcat6 (two vulnerabilities), wireshark-cli (multiple vulnerabilities), wireshark-gtk (multiple vulnerabilities), and wireshark-qt (multiple vulnerabilities).

Debian has updated gst-plugins-good0.10 (three vulnerabilities) and gst-plugins-good1.0 (three vulnerabilities).

Debian-LTS has updated libgc (code execution) and xen (multiple vulnerabilities).

Fedora has updated bind99 (F23: two vulnerabilities), ghostscript (F23: two vulnerabilities), icu (F25; F24: code execution), kernel (F23: multiple vulnerabilities), moodle (F24; F23: three vulnerabilities), mujs (F25; F24: multiple vulnerabilities), perl-DBD-MySQL (F24: out of bounds read), sudo (F23: privilege escalation), and zathura-pdf-mupdf (F25; F24: multiple vulnerabilities).

openSUSE has updated java-1_7_0-openjdk (13.2: multiple vulnerabilities).

SUSE has updated kvm (SLE11: multiple vulnerabilities).

Ubuntu has updated lxc (16.10, 16.04, 14.04: directory traversal) and moin (three vulnerabilities).

The UK is about to wield unprecedented surveillance powers (The Verge)

Wednesday 23rd of November 2016 08:20:04 PM
The Verge looks at legislation in the UK that would allow police and intelligence agencies to legally spy on its own people. "The legislation in question is called the Investigatory Powers Bill. It’s been cleared by politicians and awaits only the formality of royal assent before it becomes law. The bill will legalize the UK’s global surveillance program, which scoops up communications data from around the world, but it will also introduce new domestic powers, including a government database that stores the web history of every citizen in the country. UK spies will be empowered to hack individuals, internet infrastructure, and even whole towns — if the government deems it necessary."

Security advisories for Wednesday

Wednesday 23rd of November 2016 05:27:04 PM

Debian has updated tomcat7 (multiple vulnerabilities), tomcat8 (multiple vulnerabilities), and vim (code execution).

Debian-LTS has updated moin (cross-site scripting), tiff (multiple vulnerabilities), and vim (code execution).

Gentoo has updated adobe-flash (multiple vulnerabilities), chromium (multiple vulnerabilities), poppler (code execution), rpcbind (denial of service), tar (file overwrite), and testdisk (code execution).

Mageia has updated bash (code execution), flex (buffer overflow), libssh2 (insecure ssh sessions), libxslt (code execution), and tre (code execution).

openSUSE has updated dovecot22 (information disclosure), gnuchess (code execution), monit (two vulnerabilities), sudo (13.2: privilege escalation), and tar (13.2: file overwrite).

Oracle has updated ipsilon (OL7: information leak/denial of service) and memcached (OL7; OL6: multiple vulnerabilities).

Red Hat has updated memcached (RHEL7; RHEL6: code execution).

Scientific Linux has updated 389-ds-base (SL6: multiple vulnerabilities), firefox (SL5,6,7: multiple vulnerabilities), kernel (SL6: two vulnerabilities), memcached (SL6: code execution), nss and nss-util (SL5,6,7: multiple vulnerabilities), and policycoreutils (SL6,7: sandbox escape).

Slackware has updated ntp (multiple vulnerabilities).

SUSE has updated java-1_8_0-openjdk (SLE12-SP1,2: multiple vulnerabilities) and pacemaker (SLE12-SP2: two vulnerabilities).

Ubuntu has updated gst-plugins-good0.10, gst-plugins-good1.0 (code execution), python2.7, python3.2, python3.4, python3.5 (16.04, 14.04, 12.04: multiple vulnerabilities), and tar (file overwrite).

Fedora 25 released

Tuesday 22nd of November 2016 02:51:12 PM
The Fedora 25 release is now available "The Fedora Project is pleased to announce the immediate availability of Fedora 25, the next big step our journey into the containerized, modular future!" See the announcement and the release notes for details on the many changes in this release.

Cinnamon 3.2 released

Tuesday 22nd of November 2016 12:06:36 AM
Clement Lefebvre has announced the release of Cinnamon 3.2. This version has QT 5.7+ support, support for libinput touchpads as well as synaptics, and many more changes across the stack.

What’s new in Fedora 25 Workstation (Fedora Magazine)

Monday 21st of November 2016 11:07:46 PM
Fedora Magazine has a brief overview of the changes to be found in the workstation version of the Fedora 25 release. "Wayland now replaces the old X11 display server by default. Its goal is to provide a smoother, richer experience when navigating Fedora Workstation. Like all software, there may still be some bugs. You can still choose the old X11 server if required."

Security advisories for Monday

Monday 21st of November 2016 07:48:12 PM

Arch Linux has updated drupal (multiple vulnerabilities), php (multiple vulnerabilities), slock (screen locking bypass), and w3m (multiple vulnerabilities).

CentOS has updated 389-ds-base (C6: multiple vulnerabilities), firefox (C6; C5: multiple vulnerabilities), java-1.7.0-openjdk (C5: multiple vulnerabilities), kernel (C6: two vulnerabilities), nss (C6; C5: multiple vulnerabilities), nss-util (C6: multiple vulnerabilities), and policycoreutils (C6: sandbox escape).

Debian has updated wireshark (multiple vulnerabilities).

Debian-LTS has updated drupal7 (multiple vulnerabilities), gst-plugins-bad0.10 (multiple vulnerabilities), sniffit (privilege escalation), and wireshark (multiple vulnerabilities).

Fedora has updated 389-ds-base (F25: information leak), ansible (F25: two vulnerabilities), bind (F25: denial of service), bind99 (F25: denial of service), chromium (F25; F23: multiple vulnerabilities), chromium-native_client (F25: multiple vulnerabilities), curl (F25: multiple vulnerabilities), docker (F25; F25: access bypass), dracut (F25: information disclosure), firefox (F25 (v49.02); F25 (V50.0); F23: multiple vulnerabilities), ghostscript (F25: two vulnerabilities), icu (F25: code execution), java-1.8.0-openjdk-aarch32 (F25: multiple vulnerabilities), kernel (F25; F24: denial of service), libgit2 (F25: unspecified), libwebp (F25: integer overflows), mingw-gnutls (F25: information leak), mingw-libwebp (F25: integer overflows), mingw-nettle (F25: information leak), moodle (F25: multiple vulnerabilities), python-cryptography (F25; F24; F23: bad key generation), python-django (F25: two vulnerabilities), quagga (F25: multiple vulnerabilities), sudo (F25: privilege escalation), tomcat (F25: multiple vulnerabilities), tre (F25: code execution), and xen (F25: multiple vulnerabilities) (Note: Fedora 25 will be released tomorrow).

Gentoo has updated imlib2 (multiple vulnerabilities), mit-krb5 (multiple vulnerabilities), mongodb (denial of service), and qemu (multiple vulnerabilities).

openSUSE has updated java-1_8_0-openjdk (13.2: multiple vulnerabilities), firefox, nss (Leap42.2, Leap42.1, 13.2: multiple vulnerabilities), and php5 (13.2: use after free).

Oracle has updated kernel 4.1.12 (OL7; OL6: multiple vulnerabilities), kernel 3.8.13 (OL7; OL6: multiple vulnerabilities), kernel 2.6.39 (OL6; OL5: multiple vulnerabilities).

Red Hat has updated ipsilon (RHEL7: information leak/denial of service).

Slackware has updated firefox (multiple vulnerabilities).

Ubuntu has updated firefox (multiple vulnerabilities) and imagemagick (multiple vulnerabilities).

More in Tux Machines

today's leftovers

  • 5 Things To Expect From The World Of Linux In 2017
    Linux has come out of oblivion to become a mainstream technology today - making its presence felt in the world of marketing, finance, operations and in every other domain. The New Year 2017, should hold promise for Linux, as Bryan Lunduke said recently. There will be some crucial outcomes of the Linux Foundation-Microsoft partnership as well, which made waves in the tech circles the world over. From the predictions available, there will be increased focus on some areas, while the others will witness a lot of trial and error, and even predictive failure, for that matter.
  • Over 1,000 games have released on Steam this year with Linux support
    Don't adjust your screens, as you did read that correctly. Over 1,000 games have released on Steam this year alone with Linux support. I've been slowly writing up an end of year roundup and something I wanted to know was how well we have done this year in terms of actual releases. It took a while to add it all up, as some games show up in the list with a date that’s passed and they aren’t actually released. I had to be pretty careful and do it slowly to make sure it's right.
  • KDE Neon User LTS Edition Released, Powered By Plasma 5.8
    Jonathan Riddell has announced the KDE Neon User LTS Edition availability. Rather than tracking the bleeding-edge KDE developments as KDE Neon traditionally does, the User LTS Edition tracks Plasma 5.8 LTS.
  • KDE e.V. Community Report - 2nd Half of 2015
    The KDE e.V. community report for the second half of 2015 is now available. It presents a survey of all the activities and events carried out, supported, and funded by KDE e.V. in that period, as well as the reporting of major conferences that KDE has been involved in.
  • Best distro of 2016 poll
    Time for you to express yourselves. It's been another year full of ups and downs, good distros and bad distros. Or if I may borrow a quote from a movie, Aladeen distros and Aladeen distros. Indeed. The rules are very similar to what we did in years gone past. I will conduct my own annual contest best thingie wossname, with a sprinkling of KDE, Xfce and other desktops, having their separate forays. But then, I will incorporate your ideas and thoughts into the final verdict, much like the 2015 best distro nomination. Let us.

Networking and Servers

  • Best Open Source Hosting Control Panels
    Most website owners use web hosting control panels to manage their hosting environment. The fact is, the control panel facilitates the server administration and allows users to manage multiple websites without hiring an expert. Today, with so many options available, you don’t have to be a command line guru in order to host a simple website. All you need is a server and a web hosting control panel. There are paid control panels like WHM/cPanel or DirectAdmin which are very powerful, but if you don’t like to pay for a control panel you can simply choose one of the open source alternatives. In this guide, we will present to you some of the most popular open source hosting control panels.
  • ZEPL Announces $4.1M Funding to Accelerate Innovation and Adoption of Apache Zeppelin For End-to-End Analytics Workflow
  • Apache Zeppelin Gets Commercial Backing from ZEPL
    NFlabs rebrands as ZEPL and announces $4.1M in funding in support of open-source Apache Zeppelin data analytics project. The open-source Apache Zeppelin project is an increasingly popular, web-based notebook for interactive data analytics that directly integrates with the Apache Spark project for Big Data analytics. Among the commercial backers of Zeppelin is ZEPL, formerly known as NFLabs. On December 8, the newly branded ZEPL announced that it has raised $4.1 million in an initial funding round. The funding round was led by Vertex Ventures and it included the participation of Translink Capital, Specialized Types and Big Basin Capital. The funding is set to be used to help ZEPL build a successful business model. Sejun Ra, co-founder and CEO at ZEPL said that the plan for the new money to help his company build and develop a single platform for end-to-end data analytics workflow.
  • New Amazon Web Services Region Opens in Canada
    Amazon launches AWS Canada (Central) Region in Montreal, extending Amazon's cloud infrastructure to 15 regions and 40 availability zones around the world. At long last, the cloud is coming to Canada. Amazon Web Services (AWS) announced on December 8, the official launch of the new AWS Canada (Central) Region, providing cloud infrastructure from data centers in Montreal, Quebec. The new AWS region is set to help serve customers in Canada with Amazon already highlighting a number of well-known organizations including National Bank of Canada, Porter Airlines and clothing retailer Lululemon.
  • MEF, TM Forum Unite With Open Source Groups on Network Vision
    MEF Thursday announced the release of a new white paper – “An Industry Initiative For Third Generation Network and Services“ – spearheaded by MEF and co-authored by ON.Lab, ONOS, OPEN-O, OpenDaylight (ODL), the Open Networking Foundation (ONF), Open Platform for NFV (OPNFV), and TM Forum. The white paper describes an industry vision for the evolution and transformation of network connectivity services and the networks used to deliver them. MEF refers to this vision as the “Third Network,” which combines the agility and ubiquity of the Internet with the performance and security of CE 2.0 (Carrier Ethernet 2.0) networks.
  • The New Role of Assurance for Virtualized Networks
    For as long as any of us can remember, fulfillment and assurance were two independent processes, mostly because they were conceived, operated and purchased by separate departments. As Alfred D. Chandler demonstrated in his classic book “Strategy and Structure,” operations and even business structure follow organizational charts and vice-versa. Fulfillment and assurance are no exceptions, with those organizations driving processes and supporting software purchases. While many know that its not ideal, the situation has mostly worked.
  • IBM building blockchain ecosystem
    IBM believes blockchain technology, with its capability to create an essentially immutable ledger of digital events, will alter the way whole industries conduct transactions. To make that happen, Big Blue asserts, requires a complete ecosystem of industry players working together. To that end, IBM today said it is building a blockchain ecosystem, complete with a revenue sharing program, to accelerate the growth of networks on the Linux Foundation's Hyperledger Fabric. IBM envisions the ecosystem as an open environment that allows organizations to collaborate using the Hyperledger Fabric.

today's howtos