Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 3 hours 26 min ago

Some news from LWN

Wednesday 3rd of August 2016 09:26:54 PM
It has been some time since our last update on the state of LWN itself. That's somewhat by design, as we'd rather be writing about the community and the code than ourselves. Occasionally, though, we do like to update our readers and subscribers on the state of the operation, especially when there is some news to report, as is the case now.

Security advisories for Wednesday

Wednesday 3rd of August 2016 04:50:24 PM

CentOS has updated firefox (C7; C6: multiple vulnerabilities), golang (C7: denial of service), kernel (C7: three vulnerabilities), and libtiff (C7; C6: multiple vulnerabilities).

Debian has updated curl (three vulnerabilities).

Debian-LTS has updated libidn (three vulnerabilities), libreoffice (code execution), and lighttpd (man-in-the-middle attacks).

Fedora has updated libreswan (F24: unspecified) and python-django (F24; F23: cross-site scripting).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), java-1.8.0-openjdk (multiple vulnerabilities), php-ZendFramework (SQL injection), and wireshark (multiple vulnerabilities).

Oracle has updated golang (OL7: denial of service), kernel (OL7: three vulnerabilities), and libtiff (OL7; OL6: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), golang (RHEL7: denial of service), kernel (RHEL7: three vulnerabilities), kernel-rt (RHEMRG2.5; RHEL7: two vulnerabilities), libtiff (RHEL7; RHEL6: multiple vulnerabilities), and ntp (RHEL6.7: multiple vulnerabilities).

Scientific Linux has updated libtiff (SL6: multiple vulnerabilities).

Ubuntu has updated php5, php7.0 (multiple vulnerabilities).

LibreOffice 5.2 released

Wednesday 3rd of August 2016 01:49:14 PM
The LibreOffice 5.2 release is out. "LibreOffice 5.2 provides document classification according to the TSCP standard, and a set of improved forecasting functions in Calc. In addition, multiple signature descriptions are now supported, along with import and export of signatures from OOXML files. Interoperability features have also been improved, with better Writer import filters for DOCX and RTF files, and the added support for Word for DOS legacy documents." There's a lot more; see the release notes [PDF] for an illustrated list.

See also: this post from Michael Meeks on the last year of LibreOffice development.

[$] Statistics from the 4.7 development cycle

Tuesday 2nd of August 2016 08:10:59 PM
The 4.7 kernel was released on July 24, so longtime readers might be wondering where the usual development statistics are. We're running a little late this time around, but for good reason — Greg Kroah-Hartman obtained information from a large number of developers on who they work for, and we're now able to use that information to produce better numbers. Of course, the overall story hasn't changed a whole lot — kernel development is relatively boring and predictable these days — but each cycle still has a few noteworthy points.

Click below (subscribers only) for the full article from this week's Kernel Page.

Firefox 48 released

Tuesday 2nd of August 2016 06:39:22 PM
Firefox 48 is out, featuring process separation (e10s) for some users, mandatory add-ons signatures, stable WebExtensions, enhanced download protection, and more. See the release notes for details.

Tuesday's security updates

Tuesday 2nd of August 2016 04:19:32 PM

Arch Linux has updated openssh (user enumeration via timing side-channel).

Fedora has updated dropbear (F23: multiple vulnerabilities), krb5 (F24: denial of service), p7zip (F23: two code execution flaws), php-doctrine-common (F24; F23: privilege escalation), and wireshark (F24: multiple vulnerabilities).

Oracle has updated kernel 2.6.39 (OL6; OL5: information disclosure).

SUSE has updated bsdtar (SLE11-SP4: multiple vulnerabilities) and kernel (SLERTE12-SP1: multiple vulnerabilities).

GNOME Maps has tiles again

Monday 1st of August 2016 09:30:46 PM
GNOME Maps recently ran into a tile problem (LWN article) when a service it relied on shut down. Jonas Danielsson reports that Maps will be getting tiles from Mapbox. "We access Mapbox through a GNOME based redirect, so that we could redirect to something else if a similar situation would arise again."

Klitzke: Why Uber Engineering Switched from Postgres to MySQL

Monday 1st of August 2016 08:26:38 PM
Evan Klitzke explains why Uber Engineering moved away from Postgresql. "The early architecture of Uber consisted of a monolithic backend application written in Python that used Postgres for data persistence. Since that time, the architecture of Uber has changed significantly, to a model of microservices and new data platforms. Specifically, in many of the cases where we previously used Postgres, we now use Schemaless, a novel database sharding layer built on top of MySQL. In this article, we’ll explore some of the drawbacks we found with Postgres and explain the decision to build Schemaless and other backend services on top of MySQL." (Thanks to Dimitri John Ledkov)

TP-Link agrees to allow third-party firmware in FCC settlement

Monday 1st of August 2016 07:18:03 PM

The US Federal Communications Commission (FCC) has announced a settlement with network-hardware manufacturer TP-Link, covering both the company's non-compliance with FCC transmission-power regulations and the company's plan to lock-out third-party firmware—including open-source firmware projects like OpenWrt. "While manufacturers of Wi-Fi routers must ensure reasonable safeguards to protect radio parameters, users are otherwise free to customize their routers and we support TP-Link’s commitment to work with the open-source community and Wi-Fi chipset manufacturers to enable third-party firmware on TP-Link routers." Under the settlement agreement, TP-Link will pay a $200,000 fine for shipping WiFi routers that could be configured to run above the permitted power limits, but it will also have to cooperate with open-source firmware projects to make sure they remain installable. TP-Link had moved to block user-installed firmware in March as its first attempt to satisfy the FCC's complaint about non-compliant power settings.

Security updates for Monday

Monday 1st of August 2016 04:46:18 PM

Arch Linux has updated imagemagick (information leak) and libidn (multiple vulnerabilities).

Debian has updated chromium-browser (multiple vulnerabilities), collectd (code execution), libdbd-mysql-perl (code execution), and redis (information leak).

Debian-LTS has updated collectd (code execution), icedove (code execution), kde4libs (command execution), libdbd-mysql-perl (code execution), openssh (user enumeration via timing side-channel), qemu (multiple vulnerabilities), qemu-kvm (multiple vulnerabilities), redis (information leak), wordpress (multiple vulnerabilities), xen (multiple vulnerabilities), and xmlrpc-epi (denial of service).

Fedora has updated bind (F24: denial of service), bind99 (F24: denial of service), and php-pecl-zip (F24; F23: buffer overflow).

Gentoo has updated bsh (code execution).

Mageia has updated glibc, libtirpc (denial of service) and kernel (multiple vulnerabilities).

openSUSE has updated Chromium (13.1: multiple vulnerabilities), dropbear (13.1: multiple vulnerabilities), libidn (13.2: multiple vulnerabilities), mupdf (Leap42.1, 13.2: denial of service), php5 (Leap42.1: multiple vulnerabilities), polarssl (13.2: code execution), and sqlite3 (13.2: information leak).

Oracle has updated kernel 3.8.13 (OL7; OL6: information disclosure) and kernel-uek (OL7; OL6: multiple vulnerabilities).

SUSE has updated ntp (SLES10-SP4: many vulnerabilities).

Last chance to submit linux.conf.au talks

Monday 1st of August 2016 02:26:54 PM
The CFP deadline for the 2017 linux.conf.au (January 16-20, Hobart) is August 5; the organizers are warning that, contrary to the usual LCA tradition, that deadline will not be extended this year. So anybody who thinks they may want to speak at LCA should get going on a proposal; see the CFP page for instructions.

OpenSSH 7.3 released

Monday 1st of August 2016 02:15:05 PM
OpenSSH 7.3 is out. This release fixes a number of security issues (mostly related to timing attacks) and adds a handful of new minor features. The developers also warn that RSA keys less than 1024 bits will be refused in a near-future release.

The July 2016 Android security bulletin

Monday 1st of August 2016 01:14:30 PM
The Android security bulletin for July covers the issues that have recently been fixed for supported Android devices. "The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files." There are several dozen CVE numbers listed overall, including 31 Qualcomm-specific vulnerabilities dating as far back as 2013.

More in Tux Machines

today's leftovers

Linux Development and LinuxCon

  • Linus Torvalds says GPL was defining factor in Linux's success
    Linus Torvalds and Dirk Hohndel, vice president and chief of open source at VMware, discussed the role that GNU GPL played in the success of Linux during a keynote conversation this week at LinuxCon NA in Toronto. Hohndel, who has been involved with the kernel for a very long time, said that during the past 25 years there have been many challenges, and one of the biggest challenges was the possibility of fragmentation. "How do we keep one single kernel?" he asked. "I used to be worried about fragmentation, and I used to think that it was inevitable at some point," said Torvalds. “Everyone was looking at the history of Linux and comparing it with UNIX. People would say that it’s going to fail because it's going to fragment. That's what happened before, so why even bother?" What made the difference was the license. "FSF [Free Software Foundation] and I don't have a loving relationship, but I love GPL v2," said Torvalds. "I really think the license has been one of the defining factors in the success of Linux because it enforced that you have to give back, which meant that the fragmentation has never been something that has been viable from a technical standpoint."
  • Making Use Of eBPF In The Mainline Linux Kernel
    One of the exciting innovations within the Linux kernel in the past few years has been extending the Berkeley Packet Filter (BPF) to become a more generalized in-kernel virtual machine. The eBPF work with recent versions of the Linux kernel allow it to be used by more than just networking so that these programs can be used for tracing, security, and more.
  • Linux turns 25 with a brilliant history
    Chances are, you use it every day. Linux runs every Android phone and tablet on Earth. And even if you’re on an iPhone or a Mac or a Windows machine, Linux is working behind the scenes, across the Internet, serving up most of the webpages you view and powering most of the apps you use. Facebook, Google, Pinterest, Wikipedia—it’s all running on Linux. Now, Linux is finding its way onto televisions, thermostats, and even cars. As software creeps into practically every aspect of our lives, so does the OS designed by Linus Torvalds.
  • Intel Lost Another Open-Source Driver Developer To Google Earlier This Summer
    There was another long-time Intel open-source Linux graphics driver developer that left the company earlier this summer and is now working at Google on the Chrome/Chromium OS graphics stack. Among the notable departures in the past few months from Intel's Open-Source Technology Center were Jesse Barnes, Wayland-founder Kristian Høgsberg, and Dirk Hohndel and apparently others that went under the radar or outside of our area of focus. Another graphics driver developer no longer at Intel is Chad Versace.
  • OpenGL ES 3.1 For Haswell Lands With Intel's Mesa Driver

today's howtos

Distro Development: Rescatux and Bodhi

  • Rescatux 0.40 beta 9 released
    Many code in the grub side and in the windows registry side has been rewritten so that these new features could be rewritten. As a consequence it will be easier to maintain Rescapp. Finally the chntpw based options which modify the Windows registry now perform a backup of the Windows registry files in the unlikely case you want to undo some of the changes that Rescapp performs. I guess that in the future there will be a feature to be able to restore such backups from Rescapp itself, but, let’s focus on releasing an stable release. It’s been a while since the last one. UEFI feedback is still welcome. Specially if the Debian installation disks work for you but not the Rescatux ones.
  • Bodhi 4.0.0 Updates and July Donation Totals
    Late last month I posted a first alpha look at Bodhi 4.0.0. Work since then has been coming along slowly due to a few unpredictable issues and my own work schedule outside of Bodhi being hectic over the summer. Bodhi 4.0.0 will be happening, but likely not with a stable release until September. I am traveling again this weekend, but am hoping to get out a full alpha release with 32bit and non-PAE discs next week.