Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 5 perc 40 másodperc

[$] LWN.net Weekly Edition for January 5, 2017

cs, 2017-01-05 03:31
The LWN.net Weekly Edition for January 5, 2017 is available.
Kategóriák: Linux

[$] Moving on from net-tools

sze, 2017-01-04 20:00
Old habits die hard, even when support for the tools required by those habits ended over a decade ago. It is not surprising for users to cling to the tools they learned early in their careers, even when they are told that it is time to move on. A recent discussion on the Debian development list showed the sort of stress that this kind of inertia can put on a distribution and explored the options that distributors have to try to nudge their users toward more supportable solutions.
Kategóriák: Linux

Grumpy: Go running Python

sze, 2017-01-04 19:27
The Google Open Source Blog introduces the Grumpy project. "Grumpy is an experimental Python runtime for Go. It translates Python code into Go programs, and those transpiled programs run seamlessly within the Go runtime. We needed to support a large existing Python codebase, so it was important to have a high degree of compatibility with CPython (quirks and all). The goal is for Grumpy to be a drop-in replacement runtime for any pure-Python project."
Kategóriák: Linux

Security updates for Wednesday

sze, 2017-01-04 18:15

Arch Linux has updated lib32-curl (two vulnerabilities), lib32-libcurl-compat (two vulnerabilities), lib32-libcurl-gnutls (two vulnerabilities), libcurl-compat (two vulnerabilities), libcurl-gnutls (two vulnerabilities), and pcsclite (privilege escalation).

CentOS has updated ghostscript (C7; C6: multiple vulnerabilities).

Debian has updated libphp-phpmailer (regression in previous update).

Debian-LTS has updated libphp-phpmailer (code execution) and libvncserver (two vulnerabilities).

Fedora has updated borgbackup (F25; F24: two vulnerabilities) and freeipa (F24: two vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities).

Mageia has updated kernel-linus (multiple vulnerabilities), kernel-tmb (multiple vulnerabilities), libupnp (code execution), and python-html5lib (cross-site scripting).

openSUSE has updated dnsmasq (42.2, 42.1: denial of service), samba (42.2; 42.1: three vulnerabilities), and wget (42.2, 42.1: race condition).

Red Hat has updated ghostscript (RHEL7; RHEL6: multiple vulnerabilities), kernel (RHEL7.1: denial of service), and systemd (RHEL7.1: denial of service).

Scientific Linux has updated ghostscript (SL7; SL6: multiple vulnerabilities) and ipa (SL7: two vulnerabilities).

Kategóriák: Linux

Inkscape 0.92 released

sze, 2017-01-04 14:34
Version 0.92 of the Inkscape vector drawing editor is available. "New features include mesh gradients, improved SVG2 and CSS3 support, new path effects, interactive smoothing for the pencil tool, a new Object dialog for directly managing all drawing elements, and much more. Infrastructural changes are also under way, including a switch to CMake from the venerable Autotools build system." See the release notes for details.
Kategóriák: Linux

[$] A look at darktable 2.2.0

k, 2017-01-03 22:41
In what is becoming its annual tradition, the darktable project released a new stable version of its image-editing system at the end of December. The new 2.2 release incorporates several new photo-correction features of note.

Click below (subscribers only) for the full article from Nathan Willis.

Kategóriák: Linux

Bottomley: TPM2 and Linux

k, 2017-01-03 22:26
James Bottomley looks at Trusted Platform Module (TPM) version 2. "Recently Microsoft started mandating TPM2 as a hardware requirement for all platforms running recent versions of windows. This means that eventually all shipping systems (starting with laptops first) will have a TPM2 chip. The reason this impacts Linux is that TPM2 is radically different from its predecessor TPM1.2; so different, in fact, that none of the existing TPM1.2 software on Linux (trousers, the libtpm.so plug in for openssl, even my gnome keyring enhancements) will work with TPM2. The purpose of this blog is to explore the differences and how we can make ready for the transition." (Thanks to Paul Wise)
Kategóriák: Linux

Tuesday's security updates

k, 2017-01-03 17:34

Arch Linux has updated gst-plugins-bad (two vulnerabilities), lib32-libpng (denial of service), lib32-libpng12 (denial of service), libpng (denial of service), and libpng12 (denial of service).

CentOS has updated ipa (C7: two vulnerabilities).

Debian-LTS has updated samba (privilege escalation).

Fedora has updated bzip2 (F25: denial of service), dovecot (F25: denial of service), and seamonkey (F25: multiple vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities, some from 2014).

Oracle has updated ipa (OL7: two vulnerabilities).

Kategóriák: Linux

Ringing in 2017 with 90 hacker-friendly single board computers (HackerBoards)

k, 2017-01-03 00:19
HackerBoards.com takes a look at hacker-friendly single board computers. "Community backed, open spec single board computers running Linux and Android sit at the intersection between the commercial embedded market and the open source maker community. Hacker boards also play a key role in developing the Internet of Things devices that will increasingly dominate our technology economy in the coming years, from home automation devices to industrial equipment to drones. This year, we identified 90 boards that fit our relatively loose requirements for community-backed, open spec SBCs running Linux and/or Android."
Kategóriák: Linux

Eulogy for Pieter Hintjens

h, 2017-01-02 21:17
Pieter Hintjens passed away last October. "Pieter was known mostly for founding the ZeroMQ project but he was also an ambitious fighter for the open source philosophy, an active opponent to software patents and an inspiring and keen thinker on open systems of all kind." (Thanks to Viktor Horvath)
Kategóriák: Linux

Security advisories for Monday

h, 2017-01-02 20:38

Arch Linux has updated curl (two vulnerabilities) and libwmf (multiple vulnerabilities).

Debian has updated libgd2 (denial of service) and libphp-phpmailer (code execution).

Debian-LTS has updated hdf5 (multiple vulnerabilities), hplip (man-in-the-middle attack from 2015), kernel (multiple vulnerabilities), libphp-phpmailer (code execution), pgpdump (denial of service), postgresql-common (file overwrites), python-crypto (denial of service), and shutter (code execution from 2015).

Fedora has updated curl (F24: buffer overflow), cxf (F25: two vulnerabilities), game-music-emu (F24: multiple vulnerabilities), libbsd (F25; F24: denial of service), libpng (F25: NULL dereference bug), mingw-openjpeg2 (F25; F24: multiple vulnerabilities), openjpeg2 (F24: two vulnerabilities), php-zendframework-zend-mail (F25; F24: parameter injection), springframework (F25: directory traversal), tor (F25; F24: denial of service), xen (F24: three vulnerabilities), and zookeeper (F25; F24: buffer overflow).

Gentoo has updated bash (code execution), busybox (denial of service), chicken (multiple vulnerabilities going back to 2013), cyassl (multiple vulnerabilities from 2014), e2fsprogs (code execution from 2015), hdf5 (multiple vulnerabilities), icinga (privilege escalation), libarchive (multiple vulnerabilities, some from 2015), libjpeg-turbo (code execution), libotr (code execution), lzo (code execution from 2014), mariadb (multiple unspecified vulnerabilities), memcached (code execution), musl (code execution), mutt (denial of service from 2014), openfire (multiple vulnerabilities from 2015), openvswitch (code execution), pillow (multiple vulnerabilities, two from 2014), w3m (multiple vulnerabilities), xdg-utils (command execution from 2014), and xen (multiple vulnerabilities).

Mageia has updated mcabber (roster push attack) and tracker (denial of service).

openSUSE has updated firefox (13.1: multiple vulnerabilities), gd (42.2, 42.1: stack overflow), GNU Health (42.2: two vulnerabilities), roundcubemail (13.1: cross-site scripting), kernel (42.1: information leak), thunderbird (42.2, 42.1, 13.2; SPH for SLE12: multiple vulnerabilities), and xen (42.2; 42.1; 13.2: multiple vulnerabilities).

Red Hat has updated ipa (RHEL7: two vulnerabilities) and rh-nodejs4-nodejs and rh-nodejs4-http-parser (RHSCL: multiple vulnerabilities).

Slackware has updated libpng (NULL dereference bug), thunderbird (code execution), and seamonkey (multiple vulnerabilities).

SUSE has updated gstreamer-plugins-good (SLE12-SP2: multiple vulnerabilities) and kernel (SLERTE12-SP1: multiple vulnerabilities).

Kategóriák: Linux

7 notable legal developments in open source in 2016 (opensource.com)

h, 2017-01-02 14:58
Richard Fontana reviews legal development in 2016 on opensource.com. "The Federal Source Code Policy is notable for placing emphasis on adhering to proper standards for open development as well as open source licensing. Agencies releasing open source code are directed to do so in a manner that encourages engagement with existing communities, fosters growth of new communities, and facilitates contribution both by the community to the federal code and by federal employees and contractors to upstream projects."
Kategóriák: Linux

Kernel prepatch 4.10-rc2

h, 2017-01-02 14:36
The second 4.10 kernel prepatch is out for testing. "Hey, it's been a really slow week between Christmas Day and New Years Day, and I am not complaining at all. It does mean that rc2 is ridiculously and unrealistically small. I almost decided to skip rc2 entirely, but a small little meaningless release every once in a while never hurt anybody. So here it is."
Kategóriák: Linux

[$] New features in Python 3.6

p, 2016-12-30 21:45

The Python 3.6 release occurred on December 23, only one week later than planned all the way back in October 2015. Python 3.6 adds a number of new features, including more support for asynchronous operations (generators and comprehensions), a filesystem path protocol, a new literal string formatting option, two random-number-related features, a frame evaluation API for debuggers and just-in-time (JIT) compilation, and more. Some of these features have been described in LWN articles along the way, but many haven't, so an overview of the highlights of the new release is in order.

Subscribers can click below to see the article that will appear in next week's edition.

Kategóriák: Linux

Security updates for Friday

p, 2016-12-30 17:11

Debian has updated dcmtk (code execution from 2015).

Debian-LTS has updated curl (code execution) and libxi (regression in previous update).

Fedora has updated js-jquery (F24: cross-site scripting), js-jquery1 (F25; F24: cross-site scripting), smack (F25: TLS bypass), and tracker (F24: adding sandboxing).

Gentoo has updated mod_wsgi (privilege escalation from 2014).

Mageia has updated game-music-emu (multiple vulnerabilities), gstreamer1.0-plugins-good (multiple vulnerabilities), hdf5 (multiple vulnerabilities), kernel, kmod (three vulnerabilities), libgsf (denial of service), openjpeg2 (multiple vulnerabilities), roundcubemail (code execution), and samba (authentication bypass).

openSUSE has updated irc-otr (42.2: information disclosure).

Slackware has updated python (two vulnerabilities) and samba (three vulnerabilities).

SUSE has updated gstreamer-plugins-bad (SLE12: multiple vulnerabilities) and gstreamer-plugins-good (SLE12: multiple vulnerabilities).

Kategóriák: Linux

EFF: The Patent Troll Abides

sze, 2016-12-28 20:21
The Electronic Frontier Foundation has a review of patent lawsuits in 2016. "We saw mixed results in the courts this year. The Supreme Court issued a good decision cutting back on out of control damages in design patent cases. Meanwhile, the Federal Circuit issued a very disappointing decision that allows patent owners to undermine ownership by asserting patent rights even after selling a patented good. Fortunately, the Supreme Court has agreed to review that ruling. We will file an amicus brief supporting the fundamental principle that once you buy something, you own it."
Kategóriák: Linux

Security advisories for Wednesday

sze, 2016-12-28 18:23

Arch Linux has updated openfire (multiple vulnerabilities).

Debian-LTS has updated libcrypto++ (denial of service).

Fedora has updated community-mysql (F25; F24: multiple unspecified vulnerabilities), curl (F25: buffer overflow), hdf5 (F25: multiple vulnerabilities), js-jquery (F25: cross-site scripting), nagios-plugins (F25; F24: multiple vulnerabilities), python-wikitcms (F25; F24: code execution), and xen (F25: multiple vulnerabilities).

Gentoo has updated firejail-lts (denial of service).

openSUSE has updated ntp (42.2, 42.1: multiple vulnerabilities) and tor (42.2; 42.1, 13.2: denial of service).

SUSE has updated openjpeg2 (SLE12-SP2: multiple vulnerabilities) and xen (SOSC5, SMP2.1, SM2.1, SLE11-SP3: multiple vulnerabilities).

Kategóriák: Linux

darktable 2.2.0 released

h, 2016-12-26 21:10
Darktable 2.2.0 has been released. This version includes the new automatic perspective correction module, a liquify tool for all your fancy pixel moving, a new image module to use a Color Look Up Table (CLUT) to change colors in the image, and much more.
Kategóriák: Linux

Announcing FreeDOS 1.2

h, 2016-12-26 20:19
Jim Hall has announced the release of FreeDOS 1.2. "The FreeDOS 1.2 release is an updated, more modern FreeDOS. You'll see that we changed many of the packages. Some packages were replaced, deprecated by newer and better packages. We also added other packages. And we expanded what we should include in the FreeDOS distribution. Where FreeDOS 1.0 and 1.1 where fairly spartan distributions with only "core" packages and software sets, the FreeDOS 1.2 distribution includes a rich set of additional packages. We even include games." There is also a new installer.
Kategóriák: Linux

Security advisories for Monday

h, 2016-12-26 18:35

Debian has updated exim4 (information leak), graphicsmagick (multiple vulnerabilities), libcrypto++ (denial of service), libxml2 (two vulnerabilities), and squid3 (information leak).

Debian-LTS has updated exim4 (information leak), phpmyadmin (multiple vulnerabilities), python-bottle (CRLF attacks), qemu (three vulnerabilities), qemu-kvm (three vulnerabilities), spip (two vulnerabilities), and squid3 (information leak).

Fedora has updated httpd (F25; F24: three vulnerabilities).

Gentoo has updated roundcube (code execution), samba (multiple vulnerabilities), tor (denial of service), and xerces-c (code execution).

Slackware has updated expat (multiple vulnerabilities), httpd (multiple vulnerabilities), and openssh (multiple vulnerabilities).

SUSE has updated dnsmasq (SLE12-SP2,SP1: denial of service).

Kategóriák: Linux