Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 24 min ago

International Day Against DRM

Tuesday 5th of May 2015 11:41:22 PM
This year the International Day Against DRM will be held on May 6. The Free Software Foundation focuses on community with a wide variety of community groups, activist organizations, and businesses all taking part in the ninth International Day Against DRM.

The FSF's DefectiveByDesign campaign looks at how DRM affects people with disabilities. "DRM is especially bad for those of us that face additional hurdles using computers. It's beastly for blind people, who are dependent on an audiobook market heavily laden with DRM."

Git code hosting beta (launchpadblog)

Tuesday 5th of May 2015 10:53:14 PM
Early support for hosting Git repositories directly on Launchpad has been announced. "This has been by far the single most commonly requested feature from Launchpad code hosting for a long time; we’ve been working hard on it for several months now, and we’re very happy to be able to release it for general use. This is distinct from the facility to import code from Git (and some other systems) into Bazaar that Launchpad has included for many years."

App Container spec gains new support as a community-led effort

Tuesday 5th of May 2015 05:45:50 PM
CoreOS looks at community adoption of the App Container spec (appc). "In order to ensure the specification remains a community-led effort, the appc project has established a governance policy and elected several new community maintainers unaffiliated with CoreOS: initially, Vincent Batts of Red Hat, Tim Hockins of Google and Charles Aylward of Twitter. This new set of maintainers brings each of their own unique points of view and allows appc to be a true collaborative effort. Two of the initial developers of the spec from CoreOS, Brandon Philips and Jonathan Boulle, remain as maintainers, but now are proud to have the collective help of others to make the spec what it is intended to be: open, well-specified and developed by a community."

Tuesday's security updates

Tuesday 5th of May 2015 03:28:42 PM

Debian has updated wordpress (multiple vulnerabilities).

Fedora has updated mingw-curl (F21: multiple vulnerabilities), mingw-libgcrypt (F21: multiple vulnerabilities), mingw-openssl (F21: multiple vulnerabilities), and mingw-qt5-qtbase (F21: multiple vulnerabilities).

Mageia has updated clamav (multiple vulnerabilities), gstreamer0.10-plugins-bad (code execution), hiawatha (multiple vulnerabilities), net-snmp (code execution), nodejs (privilege escalation), pdns, pdns-recursor (denial of service), and squid (certificate validation bypass).

Mandriva has updated cherokee (MBS1.0: authentication bypass), clamav (MBS2.0, MBS1.0: multiple vulnerabilities), directfb (MBS2.0, MBS1.0: two vulnerabilities), fcgi (MBS1.0: denial of service), mariadb (MBS2.0, MBS1.0: multiple unspecified vulnerabilities), ppp (MBS2.0, MBS1.0: denial of service), and ruby (MBS2.0, MBS1.0: man-in-the-middle attack).

Ubuntu has updated dnsmasq (15.04, 14.10, 14.04, 12.04: information disclosure) and libxml-libxml-perl (15.04, 14.10, 14.04, 12.04: information disclosure).

Synfig Studio 1.0

Monday 4th of May 2015 06:39:02 PM
Synfig Studio 1.0 has been released. This version features a reworked UI, a full-featured bone system to create cutout animation, advanced image distortion, a new Cutout Tool, sound support, and more.

Security advisories for Monday

Monday 4th of May 2015 04:42:06 PM

Arch Linux has updated clamav (multiple vulnerabilities) and squid (certificate validation bypass).

Debian has updated jqueryui (cross-site scripting), libphp-snoopy (command execution), libxml-libxml-perl (information disclosure), owncloud (multiple vulnerabilities), ruby1.8 (man-in-the-middle attack), ruby1.9.1 (man-in-the-middle attack), and ruby2.1 (man-in-the-middle attack).

Debian-LTS has updated xorg-server (denial of service).

Fedora has updated clamav (F21: multiple vulnerabilities), curl (F21: multiple vulnerabilities), ikiwiki (F21; F20: cross-site scripting), mingw-libtiff (F21: two vulnerabilities), proftpd (F20: unauthenticated copying of files), qt3 (F21; F20: code execution), and xen (F21; F20: information leak).

Mageia has updated 389-ds-base (access control bypass), cherokee (authentication bypass), chromium-browser-stable (multiple vulnerabilities), curl (multiple vulnerabilities), directfb (two vulnerabilities), fcgi (denial of service), python-pip (two vulnerabilities), ruby (man-in-the-middle attack), and subversion (multiple vulnerabilities).

Mandriva has updated curl (MBS2.0; MBS1.0: multiple vulnerabilities).

Kernel prepatch 4.1-rc2

Monday 4th of May 2015 03:57:38 AM
The second 4.1 prepatch is out for testing. "As usual, it's a mixture of driver fixes, arch updates (with s390 really standing out due to that one prng commit), and some filesystem and networking."

OpenBSD 5.7

Friday 1st of May 2015 05:50:30 PM
OpenBSD 5.7 has been released. This version includes improved hardware support, network stack improvements, installer improvements, security and bug fixes, and more. OpenSSH 6.8, LibreSSL, and other packages have also seen improvements and bug fixes.

Security advisories for Friday

Friday 1st of May 2015 04:02:05 PM

Arch Linux has updated perl-xml-libxml (information disclosure).

Debian has updated chromium-browser (multiple vulnerabilities).

Debian-LTS has updated libjson-ruby (denial of service), libxml-libxml-perl (information disclosure), squid (denial of service), xdg-utils (command execution), and xorg-server (information leak/denial of service).

Mageia has updated kernel (multiple vulnerabilities), kernel-linus (multiple vulnerabilities), libreoffice (code execution), ppp (denial of service), and quassel (SQL injection).

openSUSE has updated wpa_supplicant (13.2, 13.1: code execution).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and kernel (RHEL5.6: privilege escalation).

Scientific Linux has updated 389-ds-base (SL7: access control bypass).

SUSE has updated kernel (SLES10 SP4: multiple vulnerabilities).

Mozilla: Deprecating Non-Secure HTTP

Friday 1st of May 2015 01:10:03 AM
The Mozilla community has declared its intent to phase out "non-secure" (not encrypted with TLS) web access. "Since the goal of this effort is to send a message to the web developer community that they need to be secure, our work here will be most effective if coordinated across the web community. We expect to be making some proposals to the W3C WebAppSec Working Group soon."

Apache SpamAssassin 3.4.1 released

Thursday 30th of April 2015 08:43:40 PM
The Apache SpamAssassin 3.4.1 release is out. "Highlights include: Improved automation to help combat spammers that are abusing new top level domains; Tweaks to the SPF support to block more spoofed emails; Increased character set normalization to make rules easier to develop, block more international spam and stop spammers from using alternate character sets to bypass tests; Continued refinement to the native IPv6 support; and Improved Bayesian classification with better debugging and attachment hashing."

Unboxing Linux/Mumblehard: Muttering spam from your servers (WeLiveSecurity)

Thursday 30th of April 2015 06:40:23 PM
WeLiveSecurity reports that ESET researchers have revealed a family of Linux malware that stayed under the radar for more than 5 years. They are calling it Linux/Mumblehard. "There are two components in the Mumblehard malware family: a backdoor and a spamming daemon. They are both written in Perl and feature the same custom packer written in assembly language. The use of assembly language to produce ELF binaries so as to obfuscate the Perl source code shows a level of sophistication higher than average. Monitoring of the botnet suggests that the main purpose of Mumblehard seems to be to send spam messages by sheltering behind the reputation of the legitimate IP addresses of the infected machines."

Debian GNU/Hurd 2015 released

Thursday 30th of April 2015 05:22:15 PM
Debian GNU/Hurd 2015 has been released. "This is a snapshot of Debian "sid" at the time of the stable Debian "jessie" release (April 2015), so it is mostly based on the same sources. It is not an official Debian release, but it is an official Debian GNU/Hurd port release."

Thursday's security updates

Thursday 30th of April 2015 04:34:10 PM

Debian has updated curl (information leak), elasticsearch (directory traversal), and icecast2 (denial of service).

Debian-LTS has updated curl (two vulnerabilities), openjdk-6 (multiple vulnerabilities), php5 (multiple vulnerabilities), and qt4-x11 (multiple vulnerabilities).

Fedora has updated ax25-tools (F21; F20: denial of service), fcgi (F21; F20: denial of service), FlightGear (F21: unspecified vulnerability), FlightGear-data (F21: unspecified vulnerability), mailman (F21: path traversal attack), mksh (F21; F20: multiple issues), pdns (F21; F20: denial of service), pdns-recursor (F21; F20: denial of service), and qt (F21: multiple vulnerabilities).

Mandriva has updated glibc (MBS2.0, MBS1.0: two vulnerabilities) and sqlite3 (MBS2.0, MBS1.0: three vulnerabilities).

openSUSE has updated DirectFB (13.2, 13.1: two vulnerabilities).

Ubuntu has updated curl (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities), EC2 kernel (10.04: privilege escalation), kernel (14.10; 14.04; 12.04; 10.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: denial of service).

[$] LWN.net Weekly Edition for April 30, 2015

Thursday 30th of April 2015 01:04:14 AM
The LWN.net Weekly Edition for April 30, 2015 is available.

New stable kernels

Wednesday 29th of April 2015 04:51:35 PM
Greg KH has released stable kernels 4.0.1, 3.19.6, 3.14.40, and 3.10.76. All of them contain important fixes.

Security advisories for Wednesday

Wednesday 29th of April 2015 04:28:22 PM

Arch Linux has updated chromium (multiple vulnerabilities) and dovecot (denial of service).

CentOS has updated 389-ds-base (C7: access control bypass).

Debian-LTS has updated jruby (denial of service).

Fedora has updated libreoffice (F21: code execution) and yourls (F21; F20: cross-site scripting).

Mandriva has updated lftp (MBS1.0: man-in-the-middle attack), libksba (MBS1.0, MBS2.0: denial of service), ntop (MBS1.0: cross-site-scripting), and t1utils (MBS1.0: multiple vulnerabilities).

openSUSE has updated curl (13.2, 13.1: multiple vulnerabilities) and python-Pillow (13.2: denial of service).

Oracle has updated 389-ds-base (OL7: access control bypass).

GNU Mailman 3.0 released

Tuesday 28th of April 2015 11:52:30 PM

GNU Mailman 3.0 has been released. "Over seven years in development, Mailman 3 represents a major new version, redesigned as a suite of cooperating components which can be used to mix and match however you want. The core engine is now backed by a relational database and exposes its functionality to other components via an administrative REST+JSON API. Our new web user interface, Postorius is Django-based, as is our new archiver HyperKitty. The core requires Python 3.4 while Postorius and HyperKitty require Python 2.7. LWN looked at Mailman 3.0 in March, and at HyperKitty in April 2014.

[$] The programming talent myth

Tuesday 28th of April 2015 11:27:27 PM

Jacob Kaplan-Moss is known for his work on Django but, as he would describe in his PyCon 2015 keynote, many think he had more to do with its creation than he actually did. While his talk ranged quite a bit, the theme covered something that software development organizations—and open source projects—may be grappling with: a myth about developer performance and how it impacts the industry. It was a thought-provoking talk that was frequently punctuated by applause; these are the kinds of issues that the Python community tries to confront head on, so the talk was aimed well.

KDE Ships Plasma 5.3

Tuesday 28th of April 2015 05:18:46 PM
KDE has announced the release of Plasma 5.3. This release features improved power management, better Bluetooth capabilities, improved Plasma widgets, a tech preview of the Plasma Media Center, big steps towards Wayland support, and more.

More in Tux Machines

Akanda Pledges to Keep SDN Tech for OpenStack Open-Source

Rosendahl emphasized that Akanda was born as open-source software and will remain open-source. From a commercial perspective what Akanda provides to enterprises is support and professional services. Read more

A New Firefox OS phone

Last Monday, I bought the phone anyway. I must say that I am very pleased by its performance and very cheap price. One can swap the SIM card to use the phone with another carrier here, too. Read more

Yet Another Convergence Demo: Desktop, Phone And Tablet All Running Ubuntu

Canonical’s endgame is to create a full desktop-mobile convergent system, to run the same code-base on Ubuntu Desktop, Ubuntu Phone and Internet of Things devices. Also, the user interface is responsive, adjusting itself to fit best the screen. Read more

Fedora Server 22 Benchmarks With XFS & The Linux 4.0 Kernel

Fedora 22 is shaping up quite well across the Fedora Workstation, Server, and Cloud offerings. Out of curiosity, this week I ran some initial comparison tests of Fedora Server 21 vs. Fedora Server 22. Fedora Server 22 notably switches its default file-system over to XFS from EXT4 for new installations. Fedora Server 22 also has the other same updated packages to Fedora 22 like the Linux 4.0.2 kernel and GCC 5.1.1. Read more