Many programs - free and proprietary - offer a plug-in interface to make it
easy to add new functionality. In many situations, the existence of a
well-defined plugin interface has been a key driver for the success of the
system as a whole; imagine Firefox, for example, without its extension
mechanism. The GNU compiler collection (GCC) is an example of a complex
system which could benefit from such an interface, but which currently
lacks one. GCC developers have been talking about adding a plugin API, but
it is far from clear that this will be done; how this decision goes may
have major consequences for how GCC works with its wider development
community and the free software community as a whole.
GCC is designed as an extended pipeline of cooperating modules.
Language-specific front-end code parses code in a specific source language and
turns it into a generic, high-level, internal representation. Various
optimization passes then operate on that representation at various levels.
At the back end, an architecture-specific module turns the optimized
internal code into something which will run on the target processor. It's
a long chain of modules; at each point in the chain, there is an
opportunity to see the code in a different stage of analysis and processing.
There can be a lot of value in hooking into an arbitrary point in that
chain. Static analysis tools need to look at a program at different levels
to get a sense for what is going on and look for problems or opportunities
for improvement. New types of optimization passes could be added at
specific points, making the compiler perform better. Project-specific
modules could look for problems (violations of locking rules, perhaps) tied
to a given code base. Language-specific modules can provide tighter
checking for certain constructs. And so on.
Currently, adding this sort of extension to GCC is not a task for the faint
of heart. The GCC build system is known to be challenging, and GCC's
internal documentation is, one might say, not quite as complete as one
might like. Researcher Alexander Lamaison described it this way:
Out of the 6 months, 4 were spent learning the GCC internals and
fighting the GCC build process, 1 was spent writing up leaving 1
month of actual productive research... I fully understand that
this can seems strange to people who know GCC like the back of
their hand, but to a newcomer it is a huge task just to write a
single useful line of code. I'm sure many give up before ever
reaching that point.
Once they have overcome these problems, developers adding extensions to GCC run
into another problem: if they want to distribute their work, they end up in
the business of shipping a whole new compiler. Brendon Costa, who works on
the EDoc++ GCC extension, noted:
I approached the debian maintainers list with a debian package for
this project to see if they would include it in the official
repositories. It was not accepted and the reason for that is
because it includes another patched version of GCC which takes up
too much disk space. They don't want to accept these sorts of
projects because they all effectively require duplicates of the
same code(GCC)
Both of these problems could be addressed by adding a plugin mechanism to
GCC. A well-defined API would make it relatively easy for developers to
hook a new tool into the compiler without having to understand its
internals or fight with the build process. If an off-the-shelf GCC could
accept plugins, distributors could ship those plugins without having to
include multiple copies of the compiler. Given that we would all benefit from
a more capable GCC, and given the many examples of how other systems have
benefited from a plugin architecture, one would think that the addition of
plugins to GCC would not be a controversial thing.
It seems that one would be wrong, however. In a recent discussion on plugins, two concerns were
raised:
Adding plugins to GCC would make it easy for people to create and
distribute proprietary enhancements.
A plugin API would have to be maintained in a stable manner, possibly
impeding further GCC development.
There were also some suggestions that, if the effort put into a plugin API
were, instead, put into documentation of GCC internals, the overall benefit
would be much higher.
The proprietary extensions concern is clearly the big stumbling block,
though. Some participants stated that
Richard Stallman has blocked any sort
of GCC plugin mechanism for just this reason - though it should be noted
that Mr. Stallman has not contributed directly to this discussion. But,
given that GCC remains a GNU project, it is not hard to imagine anything
which could lead to proprietary versions of GCC would encounter a high
level of opposition.
The attentive reader may have spied some similarities between this
discussion and the interminable debate over kernel modules. The kernel's
plugin mechanism has certainly enabled the creation of proprietary
extensions. In the GCC case, it has been suggested that any plugins would
have to be derived products and, thus, covered by the GPL. This, too, is
an argument which has been heard in the kernel context. In that case,
concerns over the copyright status of proprietary modules have kept them
out of most distributions and, in general, cast a cloud over those
modules. Something similar would probably happen to proprietary GCC
modules: they would not be widely distributed, would be the subject of
constant criticism, and would be an impetus for others to replace them with
free versions. It is hard to imagine that there would be a thriving market
for proprietary GCC extensions, just like there is no real market for
proprietary GIMP extensions - even though Photoshop has created just that
kind of market.
It has also been pointed out that the status quo has not prevented the
creation of proprietary GCC variants. As an example, consider GCCfss - GCC
for Solaris systems. This compiler is a sort of Frankenstein-like grafting
of the GCC front end onto Sun's proprietary SPARC code generator. Back
when Coverity's static analysis tools were known as the "Stanford checker,"
they, too, were a proprietary tool built on top of GCC (the current version
does not use GCC, though). People wanting to do proprietary work with GCC
have been finding ways to do so even without a plugin mechanism.
The GCC developers could also look to the kernel for an approach to the API
stability issue and simply declare that the plugin API can change. That
would make life harder for plugin developers and distributors, but it would
make it even harder for any proprietary plugin vendors. An unstable API
would not take away the value of the plugin architecture in general, but it
would avoid putting extra demands onto the core GCC developers.
In general, GCC is at a sort of crossroads. There are a number of
competing compiler projects which are beginning to make some progress; they
are a long way from rivaling GCC, but betting against the ability of a free
software project to make rapid progress is almost never a good idea. There
is a pressing need for better analysis tools - it is hard to see how we
will make the next jump in code quality without them. Developers would
like to work on other enhancements, such as advanced optimization
techniques, but are finding that work hard to do. If GCC is unable to
respond to these pressures, things could go badly for the project as a
whole; GCC
developer Ian Lance Taylor fears the worst
in this regard:
I have a different fear: that gcc will become increasing
irrelevant, as more and more new programmers learn to work on
alternative free compilers instead. That is neutral with regard to
freedom, but it will tend to lose the many years of experience
which have been put into gcc. In my view, if we can't even get
ourselves together to permit something as simple as plugins with an
unstable API, then we deserve to lose.
Back at the beginning of the GNU project, Richard Stallman understood that
a solid compiler would be an important building block for his free system.
In those days, even the creation of a C compiler looked like an overly
ambitious project for volunteer developers, but he made GCC one of his
first projects anyway (once the all-important extensible editor had been
released). His vision and determination, combined with a large (for the
times) testing community with a high tolerance for pain, got the job done.
When Sun decided that a C compiler was no longer something
which would be bundled with a SunOS system, GCC was there to fill in the
gap. When Linus created his new kernel, GCC was there to compile it.
It is hard to imagine how the free software explosion in
the early 1990's could have happened without the GCC platform (and
associated tool chain) to build our code with.
The vision and determination that brought us GCC has always been associated
with a certain conservatism which has held that project back, though. In
the late 1990's, frustration with the management of GCC led to the creation
of the egcs compiler; that fork proved to be so successful that it
eventually replaced the "official" version of GCC. If enough developers
once again reach a critical level of frustration, they may decide to fork
the project anew, but, this time, there are other free compiler projects
around as well. Perhaps, as some have suggested, better documentation is
all that is really required. But, somehow, the GCC developers will want to
ensure that all the energy which is going into improving GCC doesn't wander
elsewhere. GCC needs that energy if it is to remain one of the cornerstones
of our free system.
The libre-java movement got a huge boost on November 13 2006, "Java
Liberation Day". On that day, Sun announced its intent to distribute
all the source code for their implementations of Java Standard Edition
(SE, code name OpenJDK),
Enterprise Edition (EE, code name Glassfish) and Micro
Edition (ME, code name PhoneME) as free
software. All are licensed under the GPL, using the classpath
exception clause for selected libraries.
Sun went out of its way to make its commitment to the GPL, with
everything it implies, very clear in an extensive FAQ.
Two things, unrelated to source code, are reserved: the specification and
certification of Java is reserved for the JCP
(Java Community Process), while Sun
controls the usage of the Java(TM) trademark. Everybody
is free to run, copy, distribute, study, change, share and improve the
source code for any purpose as long as they follow the tit-for-tat,
share-alike, copyleft rules of the GPL for all the code they release.
Sun not only contacted big Free Software names, like Richard Stallman
and Eben Moglen, before the event, the company also made sure that the
existing libre-java communities knew about the plans before it all hit
the press. Jonathan Schwartz, the Sun CEO, himself explicitly reached
out to the existing GNU Classpath, GCJ and Kaffe communities with an offer to collaborate
with the developers making
libre-java on GNU/Linux a reality. The Sun OpenJDK engineers came to
the Fosdem conference to have a DevJam
and share their ideas with the existing libre-java communities.
Sun couldn't liberate all the code at once, but did so in stages for
anything it could get all the rights to over the last year. At
the same time, Sun has been slowly opening up the internal development process and
switching to a public repository for all the code (Kelly O'Hair keeps
a blog that is
a great case study for moving a large project to Mercurial). Currently
all code for Glassfish and phoneME have been released, while about 96%
of the OpenJDK code base is available (almost all the parts not
released yet are because Sun couldn't get the rights from some third
party). Rich Sands gives a great overview of how all this looked
from inside Sun in his one
year retrospective on java liberation day.
Meanwhile, an effort called IcedTea was started to put
OpenJDK into GNU/Linux distributions by moving it quickly towards that
100% free software line. As Andrew Haley explained during the official announcement, it is an experimental build tree that
tries to stay close to the OpenJDK upstream but does not contain any
non-free proprietary blobs. Those pieces are either stubbed out or
replaced with code from GNU Classpath. IcedTea can be built using only
free software. In particular, you can use GCJ for the first build phase
to bootstrap those parts that depend on a working java
compiler and runtime. It can be easily built on a modern
GNU/Linux distribution with a simple ./configure && make; or at
least that is the theory. It builds out of the box on Fedora 7 or
8. For Debian
and Gentoo
some additional steps are still needed.
Because OpenJDK didn't have a open bug database and (until recently) a
source code repository, IcedTea has an open public bugtracker and a
mercurial repository. All
discussions about the code are done on the public OpenJDK distro-pkg-dev
mailing list.
IcedTea is what most GNU/Linux distributions ship now for x86 and x86_64 in
addition to GCJ for other architectures. IcedTea also adds some things that
make things easier for distribution packagers. It adds patches so that
the runtime and core libraries link to system shared libraries, like
zlib and libjpeg, which should make security updates simpler. It adds
support for using things like the system wide tzdata files for the
TimeZone utility classes. It also supports using the system
installed certificate authority files for security related checks as
used in the ssl network classes. Thomas Fitzsimmons, who helped with
the above items, keeps a Packager's Wishlist for
OpenJDK.
IcedTea also contains some bug fixes from people who submitted patches
to the OpenJDK upstream, which haven't been accepted yet, to give them a
wider testing audience. Others have offered alternative backends for
existing packages that make java applications integrate better in a
GNU/Linux system. An example is the GConf backend for the
java.util.prefs package by Mario Torre, which he ported
from GNU Classpath.
Lastly, IcedTea is a testbed for porting OpenJDK to other
architectures beyond the currently supported x86, x86_64 and sparc. There are
two different approaches. The first is to start with the Hotspot C++
Interpreter. HotSpot is the runtime of OpenJDK and actually contains
another byte code interpreter by default, the Template
Interpreter which is a bit harder to port. After requests from the
community, Sun also released its older C++ based interpreter to help
the porting effort. Gary Benson recently made a breakthrough and got
that working for PowerPC (both 32 and 64 bit). He wrote a guide to porting
IcedTea that will hopefully help people porting to other
architectures. Of course the interpreter alone is slow, but the benefit is that you get a full system up and running
that is similar to the existing architectures with full support for
all features. The next
step is to add support for the HotSpot just-in-time (JIT) compilers, which
will be a lot
of work.
Another approach is taken by the Cacao team who are working on replacing
the whole HotSpot runtime with
a libjvm.so based on the Cacao JITs, but reusing all of
the core libraries. This now works for s390 and powerpc. Cacao also
supports alpha, arm and mips, so this is an interesting path for
getting a faster port. You will have to replace all of the Hotspot
runtime to get it. The Cacao VM is still missing some features,
like annotations and full debugging support.
There are some other interesting developments around former GNU
Classpath-based projects that are now experimenting with combining
their code and the new OpenJDK and/or PhoneME projects. Dalibor Topic
worked on a Google Summer
of Code project to make the OpenJDK javac compiler a source-to-bytecode
front end for the GCJ native compiler. The MIDPath project combines
elements of SE and ME, plus different backends (SDL, FB, AWT, X11,
Gtk+ and Qt) to provide access to MIDP2, a mobile devices standard used
on many phones for various platforms. JaLiMo provides all of the above
packaged for the Maemo and OpenMoko platforms. JNode is a full operating system written
in java that is now built upon a hybrid of OpenJDK and GNU Classpath
libraries. There is also the IKVM
project that is providing a java implementation, translation and
interoperability framework for .net implementations like Mono.
With all this one could safely say that The Java Trap
has been dismantled. But even with some replacements from GNU
Classpath, IcedTea/OpenJDK is still missing some small parts. The
java.sound implementation isn't complete, but Sun released
the parts so it could. The Java Management Extensions (JMX) implementation is missing SNMP
support. Applets are currently supported through gcjwebplugin, which
has the benefit that there is finally a 64-bit plugin, but it is still
missing LiveConnect (Java/JavaScript integration). And finally
there is no support yet for Java Network Launch Protocol (JNLP aka Java Web
Start), although there is netx, which might be
added to IcedTea soon.
So when you put all the above together, what Java version do we get?
Officially what the GNU/Linux distributions ship now isn't Java(TM) since it
isn't certified. And IcedTea comes with the following warning:
IcedTea is derived from OpenJDK, Sun's open-source implementation
of the Java SE platform. At this time the build from which IcedTea
was constructed corresponds to an early build (b21) of JDK 7. When
JDK 7 is complete it will implement the Java SE 7 Platform
Specification. Work on that specification is underway, but far
from final. Any APIs in the JDK 7 implementation, whether new or
old, are therefore subject to minor adjustments, major revisions,
or even outright removal between now and the time that the Java SE
7 Platform Specification is finalized. Please take these facts
into account before depending upon IcedTea.
Red Hat has recently signed
the OpenJDK
Community TCK License Agreement. This gives them access to the
test suite that determines whether an implementation that is derived
from the OpenJDK project complies with the Java SE 6 specification. This
will cover the
binary releases that they ship (while the source code will of course still
be available under the GPL). This agreement does, however, contain an NDA
which prevents talking about how compatible the current code is.
The test compatibility kit itself is still proprietary, so it will be
hard to work together with the community at large on this.
One year after Java Liberation Day modern GNU/Linux distributions are
starting to ship with a more complete free java-like stack than ever
before, but there are still some small loose ends to tie up. It was a
learning experience for all communities involved as suddenly the whole
free java ecosystem changed. There was certainly a lot of frustration
about the speed with which things opened up. On the other side, there was
frustration with
the fact that shipping something purely-free seemed more important
than compatibility. But Sun consistently kept its promises about
opening up. The existing libre-java communities learned to respect
and take advantage of the now free reference implementation of the code that they
worked so hard to replace over the
last decade. Now the fruits of collaboration and reusing each others
code is materializing. In less than another year, it will be common to
have a full, free, java stack, either SE, ME or EE, wherever you
find GNU/Linux running.
[ Mark Wielaard has been doing libre-java development since 1999. He is
also the maintainer of GNU Classpath. He is currently employed as an
engineer by Red Hat
on non-java related projects. ]
Long-time Red Hat employee and Mozilla contributor Christopher Blizzard
recently took a new job as a member of the Evangelism team at Mozilla
Corporation. Just settling in – he started just over a week ago
– he graciously
agreed to be interviewed. His answers provide a look at
evangelism at Mozilla, what his role will be, along with a bit of a
retrospective on his days at Red Hat.
LWN: What does it mean to be on the Evangelism team at Mozilla?
What kinds of things does the team do?
The Evangelism team at Mozilla has quite a few roles to play. We
handle a lot of external communications, including some amount of
press, although there's a separate press team that handles most of
that. Sometimes it's tactical – responding to a bad blog entry or
press result and repairing misleading facts or conclusions when that's
possible. But it's strategic as well in the sense that we try and
understand and compose the story of Mozilla into a consumable form and
then try and tell that to the world. Mozilla has a good story to tell
and helping people understand who we are and what we're doing opens
doors both for us and for others. It's an important role in any
organization, but especially ours.
We also do a bit of internal communications facilitating as well. As
the project and the company grow past certain sizes that kind of
"internal understanding" role is going to be more and more critical.
Organizations that don't understand themselves get into trouble in
pretty short order. We're around to keep that from happening as best
we can. Think of it as guarding the culture as new people come on
board.
We also do a lot of technical evangelism as well. Just as examples
you can see that work in Mark Finkle's weblog where he does a lot of
work describing add-ons and extensions and what's going on in that
area. John Resig also does a lot of work telling the story of
JavaScript and the upcoming ES4 work to the world as well. Asa
Dotzler and Seth Bindernagel do a lot of work with the community
directly while Deb Richardson and Eric Shepherd both do a lot of work
on documentation and external communications.
We're a diverse group with a lot of different roles, but that's the
nature of the audiences we face.
[PULL QUOTE:
But these systems are
under attack by companies like Microsoft and Adobe, attempting to
replace them with a proprietary platform under the control of a single
company. These represent an attack on the web itself, and should be
taken very seriously.
END QUOTE]LWN: What are your specific near-term tasks as part of the team?
My role is really to figure out how to work with
other open source projects and help them figure out how to properly
leverage what we're doing in Mozilla. This includes organizational
development. For example, we are a non-profit, public benefit organization
that acts like a business. But we are also an open source project with a
very active non-corporate contributor base, targets a consumer market and
has a strong product focus and over 100 million users - we would love to
see that replicated in other places as well and we would love the chance to
teach others how to do it.
We also share a common alignment with a huge number of other open
source projects. Open source projects require an open playing field
to build on. These usually take the form of "open standards" and
right now form the basis of the web that we see today, and many of the
forms of communication used on the Internet. HTTP, HTML, CSS, SMTP,
Jabber, etc. These were standards that anyone was able to implement
and saw an explosive growth in use as a result. But these systems are
under attack by companies like Microsoft and Adobe, attempting to
replace them with a proprietary platform under the control of a single
company. These represent an attack on the web itself, and should be
taken very seriously. Remember that the web is still the killer app,
and keeping that open and protected is paramount.
Our role has to be larger than just delivering a browser that normal
people can use. We also have to push the web itself forward to make
sure that it remains competitive against other platforms and is the
platform of choice for development. This means evolving the languages
that the web uses, adding capabilities to the browser itself (video,
audio, canvas, SVG, others) and then putting it into a consumable
package that people love to use on the widest possible set of platforms.
That's the context for my role. What I will try and do is to make
sure that well-aligned open source projects understand this story and
know what we're doing on the ground so that we can help them and they
can help us. Mozilla has a huge footprint of users and we want to
make sure that other open source projects know how to take advantage
of that. What this actually means in terms of actions is still
something that's being figured out but we'll start to see movement in
the next few weeks.
There are some easy first steps. First steps include helping with our
embedded and mobile stories (where open source and Linux have a lot of
leverage) and sparking discussions on performance and footprint. I
will also continue with my Linux role and act as a contact for the
Linux distributions that are shipping Firefox and Mozilla technologies
today.
LWN: Are there specific ways that you will be using your Red Hat and
Linux background in your new job?
I was at Red Hat for nearly 9 years, and I am a vastly changed person
as a result of that time, so of course! But a lot of the work that I
did there will be used indirectly. I learned a lot of things at Red
Hat. I learned to think strategically, how to build and run teams,
what makes successful projects and a nearly rabid devotion to building
products that really help the people who are using them. How
important design and a user focus is to building a successful
product. The incredible importance of brand in the development of
products and how to build messaging around that. I learned some
important lessons about how to mix business and open source projects.
That recognizing companies is an incredibly important part of making
many projects successful and cultivating those relationships can
create wins on both sides. I learned that open source itself isn't a
business model, but requires a different way to think about how you
deliver value to people and organizations. But the most important
thing that I probably walked away with was that the most important
factor that seems to make an organization successful (aside from
having a market to work in!) is the people that you bring to the
table. Red Hat was filled with wonderful people, and still is. I
take that lesson to heart in choosing the people around me and who I
will try and bring to Mozilla as well. It's incredibly important.
LWN: Will you still be involved in OLPC development? In an official
capacity as part of your job with Mozilla? What kinds of things will you be
working on?
I certainly won't be involved to the same level I was. I had day to
day involvement in the software development and design process and
what OLPC will deliver to the public is something that I both deserve
much of the credit and much of the blame for. There are still some
touch points with OLPC from time to time, largely around the browser
that's included on the OLPC machine, but I'm not that involved with
them right now.
[PULL QUOTE:
I decided it was time to go somewhere that would let
me affect a lot of people and create some leverage for open source.
Mozilla is that place.
END QUOTE]LWN: What led to deciding to leave Red Hat after so many years?
The answer to that question is complicated and deeply personal. Some
small part of it was just employment diversification. I had been
there for 9 years, which is a huge portion of my young life, and I
felt like I should experience something else.
But it was also a question of leverage for me. Red Hat is an
enterprise company. They are doing well in that market and are doing
a great job of developing value for that customer segment and bringing
the story of open source along with them. The are a committed
organization and are well-liked and continue to make good decisions.
But they aren't going to be able to change the world from the back
office and have become far too conservative over the years to go out
and touch human beings directly. And they aren't going to be large
enough any time soon to be able to have credible experiments to grow
into a "consumer" market. I learned that the hard way with both OLPC
and Mugshot and I decided it was time to go somewhere that would let
me affect a lot of people and create some leverage for open source.
Mozilla is that place.
But, really, that question should be "why Mozilla?" Mozilla is still
a pretty small organization, less than 150 people. I feel like I have
a lot to bring to the organization, both based on my experience inside
of Mozilla (which is longer than my Red Hat experience!) and from my
work at Red Hat. Mozilla is trying to create change in the world in a
very real way by touching people directly, and doing so using open
source methodologies under the umbrella of a public benefit company. They have a
fantastic team from the top to the bottom of the organization, want to
compete and want to keep their users winning by creating a great
product that protects the web. It's unique in the market, and I hope
to do my part to keep it that way.
LWN: What things do you look back on that you did at Red Hat that
you are most pleased with? Are there things you would have done
differently?
I've always been pretty happy with the desktop work that happened at
Red Hat. These days Ubuntu gets most of the credit for the Linux
Desktop but it was _clearly_ Red Hat (and Ximian/Novell!) that did
much of the heavy lifting to get it from where it was in the mid-1990s
to where it is today, and that is still the case. GNOME in particular
would have not gotten past the stages of its infancy without Red Hat's
early involvement, and I like where it's gotten today. (Anyone else
remember GNOME 0.27?) I had a part to play there with my early
Mozilla development work, which I very carefully selected for that
reason, and I think that helped things get on the right track. It was
a good decision and I really like the outcome.
The OLPC work was quite satisfying. If not only because of the
proposed effect - helping millions of poor kids gain a foothold in the
world of knowledge that I take for granted every day - but also
because I was able to take that decade of knowledge of what was broken
in computing and apply it. A lot of what you will see in OLPC is a
result of that, sometimes with me acting as the guy driving ideas and
sometimes acting as a champion for the ideas of others. I can take
some solace that even though I'm not working on it today, a lot of
that work I can point at as my own. I hope that many of the other
team members feel the same way.
But I made a huge number of mistakes. I passed on some very early
leadership opportunities where I probably could have made an earlier
difference and pushed things harder. Failing to grow out of an early
engineering position and thinking about wider issues around teams,
users, strategy, markets and business. I should have done that
earlier and I think that if I had, we would all be a little better
off.
But on reflection, it would be hard to point to many things that I
would want to change. It's still a good company and I am happy to
have worked there.
Our thanks to Christopher for taking time to respond, especially during
his, probably rather busy, first week on the job.
Fingerprint scanners are becoming more commonplace, especially on laptops,
to add a layer of biometric authentication. Linux support for these devices has been
somewhat varied, with each scanner model supported by its own driver
and API, or not supported at all. In addition, a number of the drivers are
closed source; something that should worry anyone installing security
software. The fprint
project aims to change that by providing a standardized API for as many
different scanners as it can.
Born out of a Computer Science academic project for founder Daniel Drake,
fprint was released this month under the LGPL. Unlike other scanner projects,
fprint is not targeted at a specific device, it
supports
quite a few using a half-dozen or so different drivers. The drivers, as
the name would imply, handle the low-level details of talking to the devices
using libusb.
Fingerprint scanners all work differently; some process the image of the
print internally, while others present the image to the driver. In order
to have a standard API, regardless of the scanner used, the libfprint
library handles those differences internally. If required, it uses
image processing
code from the US National Institute of Standards and Technology that is
specifically designed for fingerprint matching.
In order to use fingerprints for authentication, there must be a training
or enrollment mode where the scanned fingerprint is stored away for later
use. Once that has been done, fingerprints can be verified for a particular
user. fprint does not yet support identification mode, where an unknown
finger is scanned and a database of stored prints is checked for a match.
The current code requires a username or other identifier, comparing the
print stored for that user with the one scanned.
Because it handles multiple devices, there could be occasions where there
is a print stored for a particular user, but it was scanned with a different
device. Some fprint drivers can handle multiple similar scanners, so it
distinguishes between them using a device type assigned by the driver. It
tags each stored print with the driver ID as well as the device type. To
be comparable, the
prints must have come from the same driver with the same device type.
Application writers do not want to have to interface to multiple different
library APIs to support fingerprint authentication. The
libfprint API
provides a single interface for applications. All phases of dealing with
the scanners are available through the API: device discovery, print
enrollment, print discovery, and verification. In addition,
pam_fprint
has integrated with Pluggable Authentication Modules (PAM) to handle logging
in via fingerprint instead of password.
There are other projects out there solving similar problems, but none seems
to have taken the big picture view that fprint has. The Debian FingerForce
team has gathered a list of
Linux fingerprint scanning solutions, most of which are specific to a
particular scanner or family of scanners.
BioAPI also tries to abstract away the
specifics of biometric authentication, but it is not a free standard.
By trying to support as many scanners as they can, while providing a generic
interface, fprint seems to have the right approach to fingerprint
authentication. There is still plenty to be worked on, fingerprint data
is currently stored unencrypted for example, but the approach seems sound.
For anyone with a scanner on their laptop, or a USB version that they carry
around, applications supporting fprint will be very welcome. Anyone creating
software that is interested in supporting fingerprint authentication, will
definitely want to give fprint a look.
A Wordpress cookie vulnerability exploit is floating around in the wild according to the advisory (Full Story link below). Anyone who has (or can get) access to the wp_users table can authenticate as any user, including the administrative user. Passwords are stored in the table as MD5 hashes, but the cookies contain the MD5 of that value (i.e. a double MD5 of the password). Attackers just need to provide the MD5 of the value they find in the database in a cookie to be authenticated as that user. There is no patch and there are no very satisfactory workarounds other than changing every user password and ensuring that no one can access the database after that.
Bruce Schneier has posted an interesting look at a U.S. random number generator standard. "What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."
Light Blue Touchpaper covers a somewhat surprising use of Google to crack Wordpress passwords. Other passwords stored as hashed values without salt would also be vulnerable to this kind of search. "Instead, I asked Google. I found, for example, a genealogy page listing people with the surname 'Anthony', and an advert for a house, signing off 'Please Call for showing. Thank you, Anthony'. And indeed, the MD5 hash of 'Anthony' was the database entry for the attacker. I had discovered his password."
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
The Mailman mailing list manager is vulnerable to log file spoofing.
A remote attacker can insert carriage return/line feed sequences,
causing invalid error log messages to be recorded. This makes
it possible to trick the administrator into visiting malicious URLs.
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port (161 by default)
could send a malicious packet causing snmpd to crash, resulting in a
denial of service.
The ssh server can incorrectly write account names to the
audit subsystem. A remote attacker can inject strings with
parts of audit messages in order to corrupt logs. This can
mislead administrators and confuse log parsing tools.
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224.
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code.
The PEAR MDB2 in versions prior to 2.5.0a1 can interpret a request to
store a URL string as a request to retrieve and store the contents of the URL. This can allow remote attackers to obtain information by inserting
a URL in a form field in an MDB2 application.
Bas Wijnen discovered a vulnerability in the Pioneers server.
Sessions objects may be freed while in use, allowing unauthorized
memory access. A remote attacker can use this to cause a denial of service.
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible.
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service.
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12).
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images.
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
Double-free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5
through 0.5.3i allows remote attackers to cause a denial of service (daemon
crash) via multiple OPEN commands to the FTP proxy.
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges.
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users."
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header."
A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)
A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465)
A heap-based buffer overflow in the bx_ne2k_c::rx_frame function in
iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users
of the guest operating system to write to arbitrary memory locations and
gain privileges on the host operating system via vectors that cause TXCNT
register values to exceed the device memory size, aka "RX Frame heap
overflow."
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters.
Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow
remote attackers to execute arbitrary code via unspecified vectors. NOTE:
the provenance of this information is unknown; the details are obtained
solely from third party information. NOTE: this might overlap
CVE-2007-0160.
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives.
Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510:
It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.
CVE-2007-4560:
It was discovered clamav-milter performs insufficient input
sanitizing, resulting in the execution of arbitrary shell commands.
A flaw was found in ricci during a code audit. A remote attacker who is
able to connect to ricci could cause ricci to temporarily refuse additional
connections, a denial of service (CVE-2007-4136).
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system).
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code.
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target.
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service.
The CUPS code charged with dealing with TCP-based Internet Printer Protocol connections suffers from a buffer overflow which could possibly be exploitable remotely. The vulnerability is only present if remote hosts are allowed to connect to the IPP port, which is usually not the default setting.
The gpdf library contains an integer overflow which can be exploited via a malicious PDF file. This code finds its way into multiple packages, including xpdf, kpdf, poppler, cups, and more.
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart.
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions."
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name.
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message.
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges.
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions.
From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables'
function does not behave correctly when `enable-local-variables' is
set to :safe. The documentation of `enable-local-variables' states
that the value :safe means to set only safe variables, as determined
by `safe-local-variable-p' and `risky-local-variable-p' (and the data
driving them), but Emacs ignores this and instead sets all the local
variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands.
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers.
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail.
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user.
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845)
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)
A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code.
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user.
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478)
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused.
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user.
The GForge collaborative development tool uses temp files in an insecure
manner. Local users can use this to truncate files with the privileges
of the gforge user, they can also use this to cause a denial of service.
Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
included in gFTP when processing overly long directory or file names. A
remote attacker could trigger these vulnerabilities by enticing a user to
download a file with a specially crafted directory or file name, possibly
resulting in the execution of arbitrary code (CVE-2007-3962) or a Denial of
Service (CVE-2007-3961).
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader.
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver.
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code.
Several remote vulnerabilities have been discovered in the Horde web
application framework. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2006-3548:
Moritz Naumann discovered that Horde allows remote attackers
to inject arbitrary web script or HTML in the context of a logged
in user (cross site scripting).
CVE-2006-3549:
Moritz Naumann discovered that Horde does not properly restrict
its image proxy, allowing remote attackers to use the server as a
proxy.
CVE-2006-4256:
Marc Ruef discovered that Horde allows remote attackers to
include web pages from other sites, which could be useful for
phishing attacks.
CVE-2007-1473:
Moritz Naumann discovered that Horde allows remote attackers
to inject arbitrary web script or HTML in the context of a logged
in user (cross site scripting).
CVE-2007-1474:
iDefense discovered that the cleanup cron script in Horde
allows local users to delete arbitrary files.
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user).
Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user.
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges.
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667.
A vulnerability has been reported in inotify-tools, which can potentially be
exploited by malicious users to compromise an application using the library.
Successful exploitation may allow the execution of arbitrary code with
privileges of the application using the affected library.
NOTE: The programs shipped with inotify-tools are reportedly not affected.
The vulnerability is reported in versions prior to 3.11.
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files.
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files.
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274)
An integer overflow vulnerability exists in the embedded ICC profile
image parser (CVE-2007-2788), an unspecified vulnerability exists in
the font parsing implementation (CVE-2007-4381), and an error exists
when processing XSLT stylesheets contained in XSLT Transforms in XML
signatures (CVE-2007-3716), among other vulnerabilities.
According to this KDE advisory KDM can be
tricked into performing a password-less login even for accounts with a
password set under certain circumstances, namely autologin to be configured
and "shutdown with password" enabled. KDE versions 3.3.0 up to including
3.5.7 are vulnerable.
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before
2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of
service (crash) via an AppleTalk frame that is shorter than the specified
length, which triggers a BUG_ON call when an attempt is made to perform a
checksum.
The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the
Linux kernel before 2.6.22 allows remote attackers to cause a denial of
service (crash) via an encoded, out-of-range index value for a choice
field, which triggers a NULL pointer dereference.
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register.
The Linux kernel has a boundary error problem with the
Omnikey CardMan 4040 driver read and write functions. This can be used
to cause a buffer overflow and possible execution or arbitrary code with
kernel privileges.
The ipv6_getsockopt_sticky function in
net/ipv6/ipv6_sockglue.c is vulnerable to a NULL pointer dereference.
Local users can use this to crash the kernel or to disclose kernel
memory.
A flaw in the ISDN CAPI subsystem could allow a remote user to cause a
denial of service or potential remote access. Exploitation would require
the attacker to be able to send arbitrary frames over the ISDN network to
the victim's machine.
A flaw in the perfmon subsystem on ia64 platforms could allow a local user
to cause a denial of service.
Linux kernel versions from 2.6.9 to 2.6.20 have a denial of service
vulnerability. A remote attacker can cause the key_alloc_serial
function's key serial number collision avoidance code to have a
null dereference, resulting in a crash.
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538)
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to
2.6.17, and possibly later versions, allows local users to cause a denial
of service (memory consumption) by writing more data to the serial port
than the driver can handle, which causes the data to be queued.
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error."
The Linux kernel before 2.6.20.1 allows remote attackers to cause a denial
of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free
of an incorrect pointer.
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453)
From the MOKB-05-11-2006
advisory: "The ISO9660 filesystem handling code of the Linux
2.6.x kernel fails to properly handle corrupted data structures, leading to
an exploitable denial of service condition. This particular vulnerability
seems to be caused by a race condition and a signedness issue. When
performing a read operation on a corrupted ISO9660 fs stream, the
isofs_get_blocks() function will enter an infinite loop when
__find_get_block_slow() callback from sb_getblk() fails ("due to various
races between file io on the block device and getblk")."
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack.
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures.
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105)
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798).
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash.
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitize parts of the URI when building the command for
KVIrc's internal script system.
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files.
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code.
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable.
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application.
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266)
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow.
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim.
Heap-based buffer overflow in libsndfile 1.0.17 and earlier might allow
remote attackers to execute arbitrary code via a FLAC file with crafted PCM
data containing a block with a size that exceeds the previous block size.
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code.
libvorbis has a number of vulnerabilities that can be triggered by
opening a specially crafted Ogg file. Vulnerabilities include
crashing and the execution of arbitrary code.
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code.
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed.
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service.
Stack-based buffer overflow in the separate_word function in tokenize.c in
Link Grammar 4.1b and possibly other versions, as used in AbiWord Link
Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long
word, as reachable through the separate_sentence function.
Tatsuya Kinoshita discovered that Lookup, a search interface to electronic
dictionaries on emacsen, creates a temporary file in an insecure fashion
when the ndeb-binary feature is used, which allows a local attacker to
craft a symlink attack to overwrite arbitrary files.
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx.
The MadWifi driver for Atheros Wireless Lan cards
does not process beacon frames correctly. This can be
used by a remote attacker to cause a denial of service.
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content."
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted.
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter.
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code.
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service.
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server.
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226).
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query.
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects).
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges.
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting.
From the Red Hat advisory: A flaw was discovered in the way opal handled certain Session Initiation
Protocol (SIP) packets. An attacker could use this flaw to crash an
application, such as Ekiga, which is linked with opal. (CVE-2007-4924)
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service.
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code.
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of
service (crash) by sending an invalid protocol sequence with
USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
An unspecified vulnerability in portable OpenSSH before 4.4, when running
on some platforms, allows remote attackers to determine the validity of
usernames via unknown vectors involving a GSSAPI "authentication abort."
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms.
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors.
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application.
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites.
A flaw was found in the way pam_console set console device permissions. It
was possible for various console devices to retain ownership of the console
user after logging out, possibly leaking information to an unauthorized
user.
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660)
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)
A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)
A flaw was found in the way the mbstring extension set global variables. A
script which used the mb_parse_str() function to set global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)
A flaw was discovered in the way PHP's mail() function processed header
data. If a script sent mail using a Subject header containing a string from
an untrusted source, a remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)
A heap based buffer overflow flaw was discovered in PHP's gd extension. A
script that could be forced to process WBMP images from an untrusted source
could result in arbitrary code execution. (CVE-2007-1001)
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661)
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used)
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users.
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem.
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI.
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter.
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows
remote attackers to cause a denial of service (NULL dereference and
application crash) via a message that contains invalid HTML data, a
different vector than CVE-2007-4996.
The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well.
PostgreSQL 8.1 and probably later and earlier versions, when local trust
authentication is enabled and the Database Link library (dblink) is
installed, allows remote attackers to access arbitrary accounts and execute
arbitrary SQL queries via a dblink host parameter that proxies the
connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL
(plpgsql) language has been created, grants certain plpgsql privileges to
the PUBLIC domain, which allows remote attackers to create and execute
functions, as demonstrated by functions that perform local brute-force
password guessing attacks, which may evade intrusion
detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements functions
via CREATE statements that map to arbitrary libraries based on the C
programming language, which allows remote authenticated superusers to map
and execute a function from any library, as demonstrated by using the
system function in libc.so.6 to gain shell access. (CVE-2007-3280)
From the Red Hat advisory: A memory management flaw was discovered in PWLib. An attacker could use this
flaw to crash an application, such as Ekiga, which is linked with pwlib
(CVE-2007-4897).
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows.
Format string bugs were found in several Qt warning messages.
Applications using Qt for processing certain data types could
trigger them if the data caused Qt to print warnings. The bugs
potentially allow to execute arbitrary code via specially crafted
files (CVE-2007-3388).
A buffer overflow was found in how Qt expanded malformed Unicode strings.
If an application linked against Qt parsed a malicious Unicode string, it
could lead to a denial of service or potentially allow for the execution of
arbitrary code.
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute.
The redhat cluster suite's
cluster manager is vulnerable to a remote attack. Attackers
can connect to the DLM port and block subsequent DLM operations,
resulting in a denial of service.
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow
remote attackers to execute arbitrary code via directory names that are not
properly handled when calling the f_name function.
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
From the Samba advisory: When the rfc2307 or sfu nss_info plugin has been enabled, in
the absence of either the RFC2307 or SFU primary group attribute,
Winbind will assign a primary group ID of 0 to the domain user
queried using the getpwnam() C library call.
Tim Brown discovered these multiple issues: the translation module does
not properly sanitize the value to the "dir" parameter (CVE-2007-5491,
CVE-2007-5694); the translation module also does not sanitize the
values of the "edit" and "value" parameters which it passes to eval()
and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does
not validate the URL to redirect users to after logging in
(CVE-2007-5695); SiteBar also contains several cross-site scripting
vulnerabilities (CVE-2007-5692).
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit.
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files.
T1lib, an enhanced rasterizer for X11 Type 1 fonts, does
not properly perform bounds checking. An attacker can send
specially crafted input to applications linked against the library in
order to create a buffer overflow, resulting in a denial of service
or the execution of arbitrary code.
The tar utility has a symlink path traversal vulnerability involving
extracted archives. Maliciously created tar archives can be used to
write arbitrary data to files that the tar user has write access to.
An integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6
and earlier allows remote attackers to execute arbitrary code via crafted
TLVs in a BGP packet, related to an unchecked return value.
Off-by-one buffer overflow in the parse_elements function in the 802.11
printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote
attackers to cause a denial of service (crash) via a crafted 802.11
frame. NOTE: this was originally referred to as heap-based, but it might be
stack-based.
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function.
An attacker could execute arbitrary code with the rights of the user
running the web server by passing a specially crafted parameter string
to the tiki-graph_formula.php file.
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007.
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450).
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386).
mount and umount in util-linux call the setuid and setgid functions in the
wrong order and do not check the return values, which might allow attackers
to gain privileges via helpers such as mount.nfs.
During an internal audit, Raphael Marichez of the Gentoo Linux Security
Team found that Vixie Cron has weak permissions set on Gentoo, allowing
for a local user to create hard links to system and users cron files,
while a st_nlink check in database.c will generate a superfluous error.
A malicious user could send a long chat message with multibyte characters,
the server would truncate the message on a fixed length, without paying
attention to the multibyte characters. This led to invalid utf-8 on the
client and an uncaught exception was thrown.
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector.
xorg-x11 has a number of integer and heap overflow vulnerabilities in
the xfs font server. A local attacker may be able to use these for
the execution of arbitrary code with elevated privileges.
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667)
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges.
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed.
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges.
Previous versions of the xterm package assigned incorrect ownership and
write permissions to pseudo-terminal devices, permitting local users to
direct output to other users' xterm sessions.
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
It was discovered that Plone, a web content management system, allows
remote attackers to execute arbitrary code via specially crafted web
browser cookies.
The current 2.6 prepatch is 2.6.24-rc3, released by Linus on
November 16. Along with a lot of fixes it contains support for newer
I/OAT devices and a patch marking the PID namespace feature as
"experimental." See the short-form
changelog for a list of patches, or the
full changelog for the details.
As of this writing, a very small number of post-rc3 fixes has been merged
into the mainline git repository.
The current stable 2.6 release is 2.6.23.8, released on
November 16. A couple of days earlier,
Greg Kroah-Hartman had started a
new stable update review with this note:
Ok, I've been slacking
on the -stable front for a bit here, and didn't realize how far behind I've
gotten. Everyone has been sending patches in, which is great, but now we
are facing a HUGE 114 patch release.
As a way of making life
easier for reviewers, he split those patches into several distinct chunks,
each of which has now come out as a stable release. So we have 2.6.23.2 (core kernel changes),
2.6.23.3 (architecture-specific fixes),
2.6.23.4 (networking),
2.6.23.5 (network drivers),
2.6.23.6 (other drivers),
2.6.23.7 (filesystems), and
2.6.23.8 (security fixes - but note that
there are security-related fixes in the other updates too). The 2.6.23.9
update, featuring 29 patches, is in the review
process currently.
For older kernels: 2.6.22.13 was
released on November 16 with (only) security fixes. The 2.6.22.14 release,
with a couple dozen fixes, is in the review
process as of this writing.
For ancient kernels: 2.4.35.4 was released on
November 17 with a handful of fixes. 2.4.36-pre2 was also released
with many of the same fixes.
And along the 802.11n front, I'm _this_ close to getting a major
chipset's specs, so hopefully we might have some more work for you
to do soon. Now of only the lawyers would hurry up...
I always considered HIGHMEM to just be unusable. It's ok for
extending to 2-4GB (ie HIGHMEM4G, not 64G), and it's probably
borderline usable for 4-8G if you are careful.
But quite frankly, I refuse to even care about anything past
that. If you have 12G (or heaven forbid, even more) in your
machine, and you can't be bothered to just upgrade to a 64-bit CPU,
then quite frankly, *I* personally can't be bothered to care.
Creating user-space APIs is a hard task. Even if an interface seems
complete and well designed when it is created, the future can often add new
requirements which the old API is hard-put to satisfy. So, for example,
Unix started with the wait() system call. As applications got
more complicated, it became necessary to wait for a specific process, to
get more information about exiting processes, to wait in a non-blocking
manner, and so on. So now, in addition to wait(), we have
waitid(), waitpid(), and wait4(). Since old
versions of system calls can (almost) never go away, changing needs over
time tend to cause a proliferation of new calls.
Most recently, Ulrich Drepper has been asking for the ability to add flags
to system calls which create file descriptors, but which have no flags
argument. Examples of these include socket() and
accept(). It is possible to adjust the behavior of file
descriptors created with these system calls after the fact (with
fcntl()), but there will always be a period during which the file
descriptors exist, but the desired behavior has not been set. When that
behavior is "close on exec," and a multi-threaded program is running, one
thread might run a new program with exec() before another one has
managed to set the "close on exec flag." The result of this race is a
leaked file descriptor which can, in turn, be a security
problem. The only efficient way to close this particular race is for the
kernel to create file descriptors with the desired flags set from the
outset.
Traditionally, this sort of problem would be solved through the creation of
a new system call; one could, for example, add a four-argument
socket4() which has the requisite flags parameter. This
solution is unsatisfying, though; as has been seen, it leads to an
ever-growing list of system calls. So it would be nice to find a different
solution. Ulrich thinks he has done so by adding a single system call
(indirect()), which works by passing additional information to
existing system calls.
It should be noted that the first
sys_indirect() implementation was created by Davide Libenzi
back in July. Ulrich wasn't entirely happy with that code, though:
Davide's previous implementation is IMO far more complex than
warranted. This code here is trivial, as you can see. I've
discussed this approach with Linus last week and for a brief moment
we actually agreed on something.
The prototype for the new system call looks something like this:
int indirect(struct indirect_registers *regs,
void *userparams,
size_t paramslen,
int flags);
The regs structure holds the process registers normally used in
system calls; the system call number and its (normal) arguments, in other
words. The extra parameters to be passed to the system call live in
userparams, with a length of paramslen. The
flags argument is currently unused; it's there for any sort of
future expansion, since extending indirect() with itself is not
allowed.
The task_struct structure has been extended with a new field:
union indirect_params indirect_params;
This union is meant to contain fields for each sort of parameter which can
be added to a system call; in Ulrich's patch it looks like this:
union indirect_params {
struct {
int flags;
} file_flags;
};
It can, thus, be used to pass a flags argument to system calls
which deal in file descriptors.
When indirect() is called, it checks the requested system call
number against an internal whitelist. If the specific system call has not
been marked as being extensible in this way, the call fails with
EINVAL. Otherwise the application-supplied parameters are copied
into the current process's task_struct structure and the system
call is invoked in the usual way. Once that system call completes, the
indirect_params area in the task structure is zeroed.
The kernel provides no indication to the system call that it has been
invoked via indirect(); the only difference in that case is that
there might be non-zero values in indirect_params. So, in a
sense, this mechanism can be seen as a way to add parameters to system
calls with a default value of zero. So it is not possible, without some
additional work, to add a parameter to a system call where passing a value
of zero has a different meaning than omitting the parameter altogether.
Should a need for yet another parameter materialize in the future, the size
of the indirect_params structure can be increased as needed. As
long as the kernel retains the old behavior when the new parameter has a
value of zero, older applications and libraries will continue to operate as
they did before. The extended system call need not (and cannot) know
whether the larger indirect_params structure is being used or not.
There is a possible use for this mechanism beyond extending system calls:
the syslet developers see it as a possible way of specifying asynchronous
behavior. The current syslet patches are essentially an indirect wrapper
layer around system calls which specifies that the call is asynchronous
(and what to do with the results). Adding two separate indirect layers for
system calls seems like a suboptimal solution, so there is interest in
adding syslet information to indirect() instead. That is one of
the intended purposes for the currently-unused flags argument.
Naturally, it would be surprising to see applications ever making calls to
indirect(), well, directly. A much more likely scenario is for
uses of indirect() to be buried inside the C library, which would
then export a more straightforward
interface to the application.
While some developers (including Linus, evidently) like this patch set,
others are less enthusiastic. David Miller was
blunt in his review, saying: "I think this indirect syscall stuff
is the most ugly interface I've ever seen proposed for the kernel."
H. Peter Anvin is also unimpressed:
I think it is a horrible kluge. It's yet another multiplexer,
which we are trying desperately to avoid in the kernel. Just to
make things more painful, it is a multiplexer which creates yet
another ad hoc calling convention, whereas we should strive to make
the kernel calling convention as uniform as possible.
So would it not be surprising if this new system call were to evolve
somewhat before making its way into the mainline - it's a new and
somewhat tricky API which could certainly benefit from discussion. But
there are some real needs driving this work. So
chances are that indirect() will eventually show up, in some form,
in mainline kernels.
The familiar CRT monitors or backlit LCD screens on our desks continuously
consume power in order to hold an image. Electronic paper (e-paper) is
different: power is only needed to change the image. Just like paper,
e-paper is able to hold the image permanently without consuming any power.
Displays using CRT, backlit LCD, plasma and OLED technologies are all
emissive, meaning that they have to produce the photons that reach the eye.
This implies that they have to compete in brightness with ambient lighting,
which can result in eye strain. E-paper is the opposite: it is reflective,
which makes it possible to read the display using ambient light even in the
brightness of a hot sunny day.
Interferometric modulation uses the same principle of light wave
interference that results in the rainbow of colors seen with oil floating on
water. Control of wave interference through bi-stable or multi-stable
micro-electro-mechanical systems (MEMS) is what enables electronic control
of the color of a pixel.
In standard twisted nematic liquid crystal displays (TNLCD), the liquid
crystal is sandwiched between two rubbed polymer orthogonal alignment
layers. Bi-stable twisted nematic implementations such as Zenithal liquid
crystal replace the first or both alignment layers in favour of a sub-micron
relief profile that weakens anchoring to the surface and makes it possible
to latch various stable orientations of a liquid crystal pixel using
electrical pulses.
Cholesteric liquid crystal provides the ability to selectively reflect
various ranges of wavelengths of visible light based on the pitch of the
liquid crystal. The pitch can then be electronically controlled to set
various pixel states.
Electrophoresis describes the fact that particles within a fluid can be
kinetically affected by an electrical field. Basically, applying a voltage
pulse causes pigment particles within a solvent solution to move. This
concept is what is used to control whether a pixel appears black, white or a
shade of gray. This article will focus on electrophoretic displays
since they are relatively easy to obtain.
Controllers
Traditional display controllers are interfaced to the host using a bus such
as PCI Express or AGP. These controllers have local framebuffer memory or
sufficient internal line buffering to utilize shared host memory; they
expose their framebuffers through memory mappable regions.
Display servers like Xorg or Xfbdev that utilize the kernel's fbdev
interface expect to be able to mmap() the device framebuffer. The
implication is that a driver that implemented only write()/seek() access to
the framebuffer would have limited usage.
Electrophoretic displays require specialized controllers that are capable of
driving suitable waveforms in order to control the display media. This is
because of subtle issues around the behavior of pigment particles within a
solvent. The controller must drive waveforms that result in fast,
reproducible and optimal movement of pigment particles. These waveforms are
a key factor in minimizing pixel update latency, achieving good contrast and
reducing ghosting effects in the output image. Currently, electrophoretic
display updates are significantly slower than CRT or LCD display updates.
For example, a grayscale update of E-Ink's most recent Vizplex display
material can take up to 740ms. This latency has an effect on how hardware is
interfaced with electrophoretic display controllers and how software should
then interact with the display.
One of the electrophoretic display controllers for which Linux support has
been posted (tarball) is
a controller from E-Ink called Apollo. This controller is
interfaced to the host through 8-bit data and 6-bit control over General
Purpose IO (GPIO) interfaces. The implication of the use of GPIO is that it
is not a memory mappable interface. Each pixel of the framebuffer has to be
wiggled to the controller by turning individual GPIO lines on and off. Display
updates on the Apollo with an E-Ink 6" panel with a resolution of 800x600
and 2 bits of grayscale require between 500ms - 1200ms. Given this set of
circumstances, it would have been an option to implement a userspace library
or support code that performed the GPIO wiggling. However, such an
implementation would forfeit support from Xfbdev and other common
fbdev compatible applications.
An early driver implementation has also been posted for an E-Ink controller
named Metronome.
This controller interfaces to the host using the Active
Matrix LCD (AMLCD) bus. AMLCD is a 16-bit data bus used to interface LCDs
with CPUs. Normally, the AMLCD bus is used to transfer video display
data only, but, in the case of the Metronome controller, the host transfers a whole
slew of things including waveform, command and image data. The Metronome
becomes a secondary display controller feeding on the output of the primary
display controller on the host. Since AMLCD is an output-only data path, two
GPIO pins are used to retrieve status from the controller.
Many embedded processors provide a built-in LCD controller (LCDC) that is
compatible with the AMLCD interface. For example, the Xscale pxa255 cpu has
an LCDC that has DMA support and is able to pull data directly from host
memory at specified intervals. This type of capability allows drivers to
remap host memory to form an mmap-able framebuffer. However, the Metronome
controller imposes an additional requirement beyond delivering image data
for each display update. This is the need for a specific display update
command that has to be formed and set each time the display is to be
updated. This means that the framebuffer driver needs to know when the
framebuffer has been updated. That is not a trivial task because the nature
of a memory-mapped framebuffer is that the driver is not involved in
changes to the buffer; it is
therefore unaware of when the framebuffer has been written to by a userspace
application.
The three problems described so far can therefore be summarized as follows:
How to memory map a "non memory mappable" IO interface like GPIO.
How to mitigate the latency associated with display updates.
How to cheaply detect when userspace has written to a memory mapped
address.
One early solution to problem 3 was to use a timer and perform framebuffer
differencing to detect the changed pixels. The negative aspects of this
solution are that it requires a large amount of redundant memory and
significant cpu and memory bandwidth consumption every time that framebuffer
differencing is done. Both of these resources are scarce on embedded systems
and, therefore, that solution was not satisfactory.
Deferred IO
Deferred IO is an alternative method of solving these problems. The key concept
behind deferred IO is that one can periodically mark an active page of host
memory as read-only in order to catch writes to it. The way it works is quite
straightforward: page table entries for framebuffer pages in host memory are
initially marked as read-only. When the application first writes to any memory
address that maps to any of those pages, a deferred IO specific page fault
handler is reached. This handler schedules a delayed workqueue job. In the interval
before this workqueue is executed, the application can continue to write to
that page with no additional cost.
When the workqueue task executes, it then marks
the page table entry as read-only and then processes the framebuffer data
stored in that page. At that point, the processed data can be delivered to the
device through its native IO interface, which could be GPIO, AMLCD, USB, or
anything else. Since the page was re-marked to read-only, the sequence would
repeat if the application ever rewrote that page. This is somewhat similar
to a writeback cache. Host memory is used as a cache for device memory or
any output destined for the device. The page fault is then used as a
trigger to determine when to actually "writeback" this memory to the device.
This technique solves problem 1 because host memory is used and can therefore be
memory mapped. The output from the application intended for the device is
written to host memory and, unlike hardware supported memory mapped IO,
this output is not transfered to the device for each memory write. It is
only after the driver specified delay has expired that this collected data
is transfered to the device. The fact that the transfer would be through
GPIO or any other mechanism is transparent to the application and requires
no intervention.
The delay between the page fault and the IO is what addresses problem 2. The
application sees only a framebuffer which happens to be in host memory.
Writes to the framebuffer are therefore as fast as writes to any other part
of memory. The display update latency is therefore transparent to the
application. The driver specified interval should be selected to be
appropriate for the latency of the device. For example, if the device has a
one-second display update latency, then a one-second delay would be reasonable.
A longer delay would result in the display being less interactive than what
it was really capable of. A shorter delay would result in host updates
building up since the device would not be able to keep up. Applications that
require display synchronization primitives could use fsync() or the
FBIO_WAITFORVSYNC ioctl depending on their needs.
Problem 3 is solved because the address that is the cause of the page fault
is known. Internally, deferred IO uses the memory management subsystem's
page_mkwrite() callback and page_mkclean() to implement the core of its
functionality. The current deferred IO implementation passes a list of
page structures to the framebuffer driver's deferred IO callback. The driver
can then use page->index to identify which part of the framebuffer was
written to. This provides PAGE_SIZE granularity in identifying the updated
pixels.
Status
This method works fine in common use cases. For example, if one were to run
xpdf and use page-up to flip through pages, then xpdf would render to the
framebuffer in host memory on each page-up. Then, at the end of each write
induced interval, the driver would deliver the current image to the display.
This would give the effect where one would be seeing the most recent page on
the display rather than every single page that had been flipped through.
This enables the system to be reasonably interactive. Applications like
xclock (an analog clock ticking every second) as well as playback
applications (displaying a slider showing playback position) behave in a
similar fashion.
Deferred IO support was merged into the Linux kernel in 2.6.22;
Documentation/fb/deferred_io.txt contains additional information. The driver
for the Apollo controller was also merged in 2.6.22 and is in
drivers/video/hecubafb.c. The driver for the Metronome controller
is posted
but not yet complete; it also
includes necessary bugfixes for deferred IO.
The current development focus is on the Metronome controller. It is being
tested with a Gumstix Connex board which has an Xscale pxa255 CPU. The
display media that is being used is an E-Ink Vizplex 6" 800x600 panel with 3
bits of grayscale. The metronomefb driver for this controller uses deferred
IO and is still a work-in-progress but it is capable of running Xfbdev. X
clients such as xclock, xeyes, xlogo and xloadimage have been run without
problems. It is not yet clear how to measure framebuffer performance on such
a system; the reason for this is that most display benchmarks use the time
for a drawing operation to complete as the basis for performance statistics.
On this system, such a benchmark would be merely measuring time to render to
host memory rather than time to deliver to the actual display. It may be
necessary to develop an alternate method of measuring display system
performance for e-paper displays.
All is not yet perfect.
Applications that render images that affect only a small number of pixels
but cross multiple pages because of the framebuffer layout (eg: a thin
vertical image) result in reduced efficiency. This is because the ratio of
changed pixels to the number of written pages is low.
The architectural weakness of deferred IO is that it depends on the system
having an MMU. It may be possible to implement a similar approach using the
lower level memory protection capabilities that are available on some no-MMU
systems. For example, the Blackfin architecture has a Data Cacheability
Protection Lookaside Buffer (DCPLB) that has notions of read/write
permissions on its entries. This will be an interesting area for future
exploration.
The current implementation only works with framebuffers allocated from
virtual memory. Support needs to be implemented to achieve the same functionality
with memory obtained from kmalloc() or the DMA layer.
There have been suggestions that this technique may be useful in other
areas. One scenario that has been mentioned is optimizing display bandwidth
consumption by switching between DMA and plain memory copies based on the
number of written pages. Another scenario is USB-to-VGA adapters. It may
also be the case that any device connected via a relatively slow bus where
the data flow is primarily output could benefit from a similar approach.
Acknowledgments:
the author is grateful to E-Ink engineers for their extensive support and
hardware help, Peter Zijlstra, Antonino Daplas, Paul Mundt, Geert Uytterhoeven,
Hugh Dickins, James Simmons and others for mm, fbdev, and general help.
This article was contributed by Pavel Emelyanov and Kir Kolyshkin
One of the new features in the upcoming 2.6.24 kernel will be the PID
namespaces support developed by the OpenVZ team with the help of IBM.
The PID namespace allows for creating sets of tasks, with each such set looking
like a standalone machine with respect to process IDs. In other words,
tasks in different namespaces can have the same IDs.
This feature is the major prerequisite for the migration of containers between
hosts; having a namespace, one may move it to another host while keeping the PID
values -- and this is a requirement since a task is not expected to change
its PID. Without this feature, the migration will very likely fail, as
the processes with the same IDs can exist on the destination node, which
will cause conflicts when addressing tasks by their IDs.
PID namespaces are hierarchical; once a new PID namespace is created,
all the tasks in the current PID namespace will see the tasks (i.e. will
be able to address them with their PIDs) in this new namespace. However,
tasks from the new namespace will not see the ones from the current.
This means that now each task has more than one PID -- one for each namespace.
User-space API
To create a new namespace, one should just call the clone(2)
system call with the CLONE_NEWPID flag set.
After this, it is useful to change the root directory and mount
a new procfs instance in the /proc to make the common utilities
like ps work.
Note that since the parent knows the PID of its child, it may
wait() in the usual way for it to exit.
The first task in a new namespace will have a PID of 1. Thus, it
will be this namespace's init and child reaper, so all the orphaned
tasks will be re-parented to it. Unlike the standalone machine, this "init"
can die, and in this case, the whole namespace will be terminated.
Since now we will have isolated sets of tasks, we should make proc
show only the set of PIDs which is visible for a particular task. To achieve
this goal, procfs should be mounted multiple times -- once
for each namespace. After this the PIDs that are shown in the mounted instance
will be from the namespace which created that mount.
For example, a user may create some new proc_2 directory,
spawn a PID namespace and mount a procfs to it. After this, the
user will be able to see the PIDs as they appear inside this new namespace.
There will be the PID number 1, which is the namespace's init,
and all the other PIDs may coincide with some PIDs from the current namespace,
but refer to some other task.
No other changes in the user API are necessary. Tasks still have the ability to
get their PIDs, PGIDs, etc. with the known system calls. They can also
work with sessions and groups. Tasks may create threads and work with futexes.
Internal API
All the PIDs that a task may have are described in the struct pid.
This structure contains the ID value, the list of tasks having this ID,
the reference counter and the hashed list node to be stored in the
hash table for a faster search.
A few more words about the lists of tasks. Basically a task has three PIDs:
the process ID (PID), the process group ID (PGID), and the
session ID (SID). The PGID and the SID may be shared between the tasks,
for example, when two or more tasks belong to the same group, so each
group ID addresses more than one task.
With the PID namespaces this structure becomes elastic. Now, each PID
may have several values, with each one being valid in one namespace. That is,
a task may have PID of 1024 in one namespace, and 256 in another. So, the
former struct pid changes.
Here is how the struct pid looked like before introducing
the PID namespaces:
struct pid {
atomic_t count; /* reference counter */
int nr; /* the pid value */
struct hlist_node pid_chain; /* hash chain */
struct hlist_head tasks[PIDTYPE_MAX]; /* lists of tasks */
struct rcu_head rcu; /* RCU helper */
};
And this is how it looks now:
struct upid {
int nr; /* moved from struct pid */
struct pid_namespace *ns; /* the namespace this value
* is visible in
*/
struct hlist_node pid_chain; /* moved from struct pid */
};
struct pid {
atomic_t count;
struct hlist_head tasks[PIDTYPE_MAX];
struct rcu_head rcu;
int level; /* the number of upids */
struct upid numbers[0];
};
As you can see, the struct upid now represents the PID
value -- it is stored in the hash and has the PID value.
To convert the struct pid to the PID or vice versa one may
use a set of helpers like task_pid_nr(), pid_nr_ns(),
find_task_by_vpid(), etc.
All these calls has some information in their names:
..._nr()
These operate with the so called "global" PIDs.
Global PIDs are the numbers that are unique in the whole system, just
like the old PIDs were. E.g. pid_nr(pid) will tell you the
global PID of the given struct pid. These are only useful
when the PID value is not going to leave the kernel. For example, some code
needs to save the PID and then find the task by it. However, in this
case saving the direct pointer on the struct pid is
more preferable as global PIDs are going be used in kernel logs only.
..._vnr()
These helpers work with the "virtual" PID, i.e.
with the ID as seen by a process. For example, task_pid_vnr(tsk)
will tell you the PID of a task, as this task sees it (with
sys_getpid()). Note that this value will most likely be
useless if you're working in another namespace, so these are always used when working
with the current task, since all tasks always see their virtual PIDs.
..._nr_ns()
These work with the PIDs as seen from the specified
namespace. If you want to get some task's PID (for example, to report it to
the userspace and find this task later), you may call
task_pid_nr_ns(tsk, current->nsproxy->pid_ns) to get
the number, and then find the task using
find_task_by_pid_ns(pid, current->nsproxy->pid_ns).
These are used in system calls, when the PID comes from the user
space. In this case one task may address another which exists in
another namespace.
Conclusion
The interface as described here has been merged for the 2.6.24 kernel
release. It has, however, been marked as "experimental" to prevent its
wide deployment by distributors while some remaining issues are worked
out. Few, if any, changes to this API are expected between now and when
the "experimental" tag is removed in a later kernel release.
This is a look at some very young projects that are not ready for prime
time. It is interesting to see what's coming down the road and there are
some preview releases for developers to play with.
First up is JeOS, a project recently announced by the Ubuntu team. JeOS,
pronounced "juice" stands for Just Enough Operating System. It is intended
to be an efficient variant of Ubuntu configured specifically for virtual
appliances. The JeOS 7.10 CD image for x86 systems is available for
download. The source code is in Launchpad, here. There is an
ongoing discussion
in Ubuntu forums which starts to get interesting around
here.
Next up is Mamona, an
embedded Linux distribution for ARM EABI. The main goal of the Mamona
Project, according to this announcement, is
to offer a completely open source alternative/experimental SDK package and
flash image generation process for the Maemo Platform using only free and
open source components. Mamona 0.1 currently runs on the Nokia Internet
Tablet (N800 or N810), or it can be used as a SDK in a PC running over
qemu.
The GNOME Online
Desktop is a concept that moves more of your desktop online, so you can
move to different computers and still have your familiar desktop. There is
a tour in Red
Hat Magazine of the pre-alpha demo release included in Fedora 8. If
you travel or find yourself using different machines on a regular basis,
the Online Desktop should simplify your life.
Last on this tour is Fedora's announcement
the availability of CBI enabled packages for Fedora 8. CBI stands for the
Cooperative Bug Isolation Project
and it's not a new project, but it's worth a mention anyway. CBI is an
ongoing effort to track down software bugs. CBI enabled versions of
Evolution, The GIMP, GNOME Panel, Gnumeric, Nautilus, Pidgin, Rhythmbox,
and SPIM are available for
download for Fedora 8 and earlier versions of Fedora. These special
versions of the applications monitor their own behavior while they run and
send back information on how things should work (when they work properly)
or on how things can go wrong. Privacy is important to CBI.
They are looking for patterns in the data and will not collect any data
without your permission. The more people who participate the more data they
can collect and the more bugs can ultimately be squashed. This snapshot page
shows graphs of recent findings.
The Fedora Unity Project has released a Fedora 8 "Everything" spin for i386
and x86_64 architectures. "This spin also includes 3 DVD images for
each architecture, as well as 2 DVD Dual Layer images for those who are
able to use them. Please mind that the second DVD Dual Layer ISO images is
actually small enough to be burned onto a normal DVD."
Debian Project Leader Sam Hocevar presents some delegations. These include
Kalle Kivimaa, Debian Auditor; Peter Palfrader, Debian System
Administrator; Anibal Monsalve Salazar, Debian Maintainer Keyring.
In early August, Debian voted to endorse the concept of "Debian
Maintainers" which allows contributors to maintain their own packages in
the archive without requiring a sponsor for every upload, and without
becoming a Debian Developer. The separate keyring for the DMs has been
implemented and tested. "We're now ready to accept limited numbers
of applicants, and as such are entering an open beta phase. That means that
we think we've got everything in order and it should be working properly,
but we've probably missed some things, and until we know what they are and
fix them, we'll be relying on DMs to help us make sure the system is
running as smoothly as it's meant to."
CAELinux is a live DVD
distribution for Computer Aided Engineering. It is based on PCLinuxOS 2007
and incorporates the open source CAE applications Salomé and
Code_Aster.
The Fedora Weekly News for November 12, 2007 is out. "In
Announcements, we have "Fedora Unity releases Fedora 8 Everything Spin".
In AskFedora, we have "GIMP 2.4.1 and Fedora 7", "Automatic Security
Updates". In PlanetFedora, we have "Seam running under IcedTea on Fedora
8", "Fedora 8 on a MacBook (intel)", "Custom Kernel documentation updated"
and "First Torrent Movie"."
The November
2007 edition of PCLinuxOS Magazine is available. "We hope you
enjoy Issue 15! We have a great issue with the final article of the series
on KDE, help on the Linux command line, the Linux directory explained and
much more."
The Ubuntu Weekly Newsletter for November 17, 2007 covers the LoCo teams up
next for official approval, the welcoming of a new MOTU, some news from the
good folks in Ubuntuforums and much more.
The DistroWatch
Weekly for November 19, 2007 is out. "Following our review of
Fedora 8 last Monday, this week's DistroWatch Weekly offers a few more
observations about Red Hat's community distribution - this time from the
perspective of your DistroWatch maintainer. While clearly an excellent
product, it nevertheless suffers from a few annoyances and dubious design
decisions. In the news section, Red Hat Magazine introduces GNOME Online
Desktop, Ubuntu releases a specialist distribution for virtual appliances,
Oracle's Larry Ellison fires more ugly shots at Red Hat Enterprise Linux,
and Kurumin's Carlos Morimoto considers the future of the popular Brazilian
community project. Finally, for those interested in Computer Aided
Engineering, don't miss the new release from CAELinux."
Red Hat has announced the fourth-annual Red Hat Summit to take place June
18-20, 2008 at the Hynes Convention Center in Boston, Mass. There should
be a FUDCon happening as well.
Debian Venezuela has announced the Second Venezuelan MiniDebConf, held with
the 5th World Forum on Free Knowledge, November 21 - 23, 2007 in the city
of Puerto Ordaz (Bolivar) in Venezuela. "Everyone is invited to
participate in the round table to be held on the morning of Friday 23rd.,
at the Community Room (Room 4) in Hotel Intercontinental, where the team
will address questions from the public regarding Debian, how to be involved
with the Project as well as common issues such as legal status,
infrastructure and projects for 2008."
LinuxForce has announced that Debian Administration has published a
technical article submitted by LinuxForce on how to simplify VPN
(Virtual Private Network) authentication management with FOSS.
Dan Walsh is a Red Hat engineer and the principal developer of SELinux in
Fedora. In this interview Dan
talks about what SELinux does and how it's improved in Fedora 8. There are
also some screenshots which show-off the new policy creation GUI.
"We have made major enhancements to system-config-selinux including
the addition of the selinux-polgengui, This tool allows you to generate a
SELinux policy framework. It attempts to generate the most common policy
for your particular domain. It is a wizard that will ask you a series of
questions, and generate you the files necessary to build policy as well as
a script to compile, build and relabel the application you are trying to
confine. Once you have written your policy template, you can run tests to
generate AVC messages, then you can use the enhanced version of audit2allow
to generate additional policy rules. This enhanced audit2allow takes AVC
messages and searches through the reference policy interfaces for a better
match. This makes for better policy and simplifies the process."
The Mozilla Firefox
web browser project has just
announced the first
beta release of Firefox 3.
The
release notes explain some of the major changes in this release:
Firefox 3 Beta 1 is based on the new Gecko 1.9 Web rendering platform, which has been under development for the past 27 months and includes nearly 2 million lines of code changes, fixing more than 11,000 issues. Gecko 1.9 includes some major re-architecting for performance, stability, correctness, and code simplification and sustainability. Firefox 3 has been built on top of this new platform resulting in a more secure, easier to use, more personal product with a lot under the hood to offer website and Firefox add-on developers.
The list of new features in Firefox 3 includes:
Built-in malware protection.
A web forgery protection page for flagging suspect pages.
New SSL error pages that show when invalid SSL certificates are found.
Automatic check/disable feature for insecure and obsolete plugins.
An improved password management system.
A streamlined add-on installation system.
Individual plugins can be disabled in the Add-on Manager.
A new favicon button in the location bar that displays site metadata.
The download manager now has buttons for file location and handlers.
Downloads can now be restarted after a new session is started.
New zooming capabilities with a full page mode.
New tab features including scrolling, a quickmenu and save on exit.
Resizeable Location and Search bars.
More options for the mouse-based text selection mechanism.
Bookmarks can be added by clicking the star in the location bar.
Bookmarks can now be associated with keywords.
A new auto-complete function for the location bar.
Search capabilities for the Bookmarks and History Organizer.
The protocol handlers now supports web-based applications.
A new Download Actions preference pane for configuring handlers.
Personal data is now stored in a DBMS for improved reliability.
Speed improvements and the fixing of numerous memory leaks.
A number of additional features for Windows and Mac versions.
Installation of Firefox 3 was simple, the tar.bz2 file was
downloaded, uncompressed and untared. Running the software
involved moving to the newly created firefox directory and typing
./firefox on the command line.
Your author used Firefox 3 to perform a day of browser-intensive
lwn.net work.
The browser did not crash, and no unusual actions were encountered.
Performance was initially not hugely different from
Firefox 2, one noticeable slowdown was observed when switching
between tabs. After several hours of use, Firefox 3 started to
bog down considerably. The memory footprint of 300MB Virtual
and 100MB resident was slightly higher than for Firefox 2
with a similar number of open tabs.
From a user interface perspective, the browser is very similar in
appearance to Firefox 2. The location bar has a few more buttons
on the sides, moving the mouse over the buttons reveals the
underlying new functions. A number of changes are visible in the
pulldown Tools menu, but nothing is too difficult to understand.
A number of previously installed Firefox 2 plugins,
discussed here,
worked without any troubles.
The new Edit/Preferences/Applications window gives some new
control on the handling of various file types.
The Tools/Add-ons/Plugins window has a Get Plugins option
that should streamline the process of installing add-on
handlers.
Despite the 2 million changed source code lines, Firefox 3 Beta 1
is in decent shape and appears to be close to ready for daily use.
Since the software is still in the beta stage, it may be best to
hold off on using it for mission critical applications.
Version 2.0.6 patchset 2 of Open Computer Forensics Architecture has been
announced. The software description states:
"A modular computer forensics framework. The project aims to be highly modular, robust,fault tolerant, recursive and scalable in order to be usable in large investigations that spawn numerous terabytes of evidence data and covers hundreds of evidence items.
The patch level 2 of ocfa fixes a number of issues, the most important one is a workaround for the fact that the lucene indexer is unable to process large files without allocating very large amounts of memory.
Next to this the configure process has been made more robust."
Version 2.2 of PHP For Applications has been
announced.
"P4A (PHP For Applications) is a PHP RAD and object oriented PHP framework for building event-driven stateful web applications. Features tableless HTML, accesskey, auto data type recognition, transparent AJAX, UTF-8, i18n/l10n, PEAR integration."
Version 1.8.13 of Segue CMS has been
announced.
"Segue is an open source collaborative content management system designed for e-learning that combines the ease of use of course management systems with the flexibility of weblogs for creating various types of sites including course, news, and journal.
This release fixes bugs in Segue's email functionality."
Version 1.41 of the Shared Registry System has been
announced.
"The Shared Registry System is software (client and servers) for managing a domain name registry, and is most likely to be of use for managing a country TLD. The software was originally developed in 2002 to manage the New Zealand (.nz) domain name space."
Version 1.3 of Jitterbit has been
announced.
"Jitterbit is an open source integration tool that delivers a quick and simple way to design, configure, test, and deploy integration solutions. It supports many document types and protocols: XML, web services, database, LDAP, text, FTP, HTTP(S), file.
We are excited to announce the newest version of our Open Source integration platform is now available in general release. Jitterbit 1.3 is a major release that significantly improves the overall architecture for enterprise companies and the overall user experience."
Version 1.4.1 of the
Audacious music player and Audacious-Plugins have been announced.
"Audacious 1.4.1 and Plugins 1.4.1 have been released. You need to compile both, as a minor API change happened to fix a regression bug between 1.4.0 and 1.4.1.
Update: version 1.4.2 of the Audacious core was released to add functions needed for xmms-crossfade."
Version 1.3.4 of the Audacity audio editor has been
announced.
"The Audacity Team is pleased to announce the release of Audacity 1.3.4 (beta), which includes several new features and user interface improvements, such as:
New Welcome Screen with introduction to Audacity.
New 'Mix and Render to New Track' command.
Support for VAMP audio analysis plug-ins.
More keyboard shortcuts and navigation.
Reworked solo/mute handling.
New preference: Select all audio in project, if none selected (on by default).
New preference: Beep on completion of longer activities.
Envelopes: Many fixes when copying, pasting, or repeating.
Many translation updates.
Metadata editor added for OGG, FLAC and WAV/AIFF exports. Metadata import improved.
Muted tracks are no longer audible in the exported mix.
Improvements to latency correction."
Version 0.4 of the XMMS2 music player has been announced.
"XMMS2 0.4 DrKosmos contains the new official XMMS2 logo, a few new
plugins such as a PulseAudio output plugin and lots of bugfixes. Hope
you will have as much fun downloading, compiling and using it as we had
making it."
Version 1.2 of the Equinox desktop environment has been
announced.
"This is a bugfix release of EDE and eFLTK packages (and hopefully the last one of 1.x code and the last eFLTK release). It comes with improved support for 64-bit platforms, redesigned epanelconf and full German and French translations."
Version 2.21.2 of the GNOME desktop environment has been released.
"This is the second release of the GNOME 2.21.x series, heading towards
the stable GNOME 2.22.x release."
Version 2.21.2 GARNOME, the bleeding-edge GNOME distribution, is out.
"This release includes all of GNOME 2.21.2 plus a
whole bunch of updates and fixes that were released after the GNOME
freeze date."
The KDE Project has announced
the first release candidate for KDE 4.0. "While the final bits of
Plasma, the brand new desktop shell and panel in KDE 4, are falling into
place, the KDE community decided to publish a first release candidate for
the KDE 4.0 Desktop. Release Candidate 1 is the first preview of KDE 4.0
which is suitable for general use and discovering the improvements that
have taken place all over the KDE codebase." The announcement also
mentions the final release of the KDE Development Platform.
Don Hopkins provides
a history
of SimCity on the One Laptop Per Child (OLPC) platform.
"The GPL source code version of SimCity will not be called "SimCity", but we will use the SimCity source code to make a city building game called "Micropolis", which was the original working title of SimCity. That's because EA reserves the right to review and QA the official version of the game that's published under the name "SimCity" on the OLPC. So we can make improvements to the TCL/Tk version of Micropolis (based on the GPL source code), and submit them to EA for review and QA, which if they approve, will be used as the officially branded version of SimCity for the OLPC."
Version 2.0.10 of BZFlag has been
announced.
"The BZFlag developers are not so proud to announce the release of BZFlag 2.0.10 Never Say Never. This version contains some bug fixes for newer hardware (dual core, and 64 bit machines). We recommend that all users and server owners upgrade to it as soon as possible. The release has only a small number of new features, Please see the change log for details."
KDE.News reports
on the donation of graphics tablets to the developers of the
Krita image editor project.
"The Krita donation drive has succeeded beyond the expectations of the Krita developers. Donations from all over the world made it possible to buy two Intuos graphics tablets and two art pens for the Krita developers to test their software with. The Krita developers are very grateful to the community for making this possible. The Intuos tablets and art pens make it possible to develop brushes and tools that make use of advanced features such as tilt and rotation for Krita 2.0."
Version 1.0.0 of UniConvertor has been
announced.
"UniConvertor is a universal vector graphics translator. It uses sK1 engine to convert one format to another.
Development of the import/export modules for this program goes through different stages, quality and feature coverage are different among formats." (Thanks to Valek).
Version 3.1.0 of the Claws Mail email client has been
announced, many new
features have been added. Here are some of the changes:
"Non-blocking NNTP has been implemented. NNTP support is now provided
by and depends upon libetpan
GnuTLS support has been implemented as an alternative to OpenSSL.
A run-time alternative configuration directory switch has been added,
Tags: Added tag alphabetical sorting and unified the dialogues.
Edit accounts dialogue: The 'default account' (D) column has been
removed, instead the default account is indicated by use of
bold text..."
Version 0.1.1 of nova, a Dataflow language for music composition, is out.
"i just did a new release of nova. i didn't add too many new features
since the last 0.1 release, but was mainly working on bug fixes ..."
The November 8, 2007 edition of the Mozilla Links Newsletter
is online, take a look for the latest news about the Mozilla browser
and related projects.
Version 1.53plus of LimeSurvey has been
announced.
"LimeSurvey (formerly PHPSurveyor) is a fully functional survey development & dataentry system - including dataentry screen, public dataentry script, method for issuing tokens, emailing invitations & recording responses, basic statistical analysis and more.
In our ongoing quest for absolute stability and the firm will to provide you always with the finest and most stable code and new languages we released today the first 1.53plus stable version (this version will be updated every week). This new version contains beside a few minor bugfixes three new languages: Macedonian, Estonian and Bosnian!"
Version 2.43 of GNU CLISP has been announced.
"Among other things,
this version was updated to use the standard GNU build process,
support for Berkeley DB 4.5 and 4.6 was added, and a few bugs were
fixed."
Version 4.4.5 beta 1 of Leo has been
announced, it has several new capabilities and bug fixes.
"Leo is: 1) a programmers, outlining editor and a flexible browser, 2) a literate programming tool, 3) a data organizer and project manager. 4) fully scriptable using Python, 5) Portable. Leo.py will run on any platform with Python and Tk/tcl."
Version 3.10.0 of FreeImage, a library with support for numerous graphic
formats, has been
announced.
"Release 3.10.0 comes with two new HDR formats, JPEG2000 and OpenEXR, as well as the now famous 'Fattal tone mapping algorithm'.
To Linux users: the library now make use of the gcc 'visibility' option, so that previous incompatibilities reported with some libraries such as GTK should now belong to the past."
Version 0.0.82 of libnetfilter_conntrack has been announced.
"libnetfilter_conntrack is a userspace library providing a programming
interface (API) to the in-kernel connection tracking state table.
This release includes TCP flags support and one bugfix for big-endian
platforms."
Version 1.0.1 beta 52 of Pantheios has been
announced.
"Pantheios is an Open Source C/C++ Logging API library, offering an optimal combination of 100% type-safety, efficiency, genericity and extensibility. It is simple to use and extend, highly-portable (platform and compiler-independent) and, best of all, it upholds the C tradition of you only pay for what you use."
Val Henson takes a
look at content-based addressing. "Used properly, content-based
addressing dramatically reduces bandwidth use, simplifies code, and
improves security. But used when it doesn't make sense, it can reduce
performance, increase bandwidth usage, and create new security
risks. Figuring out when content-based addressing is good and when it is
very, very bad requires an understanding of both systems programming and
mathematics. What's a programmer to do? In this article, we'll lay out the
considerations in language that any programmer (and even some managers) can
understand."
Joe Brockmeier revisits the
'year of the Linux desktop'. "No doubt you've heard the prediction
before — "this is going to be the year of the Linux desktop." At the
risk of being repetitive, though, I'm going to go ahead and say it: 2008
really could be the year of the Linux desktop. Yes, yes. I know —
we've all heard this before. If I recall correctly, 2001 through 2007 have
also been" the year of the Linux desktop," according to various
pundits. Hear me out, though, because it seems a few vendors are starting
to get a clue about how they can make Linux compelling."
LinuxDevices looks at a
partnership between Movial and MontaVista Software. "Along with its
recent phone-stack partnership with Access, the Movial partnership could
help silence critics who claim that MontaVista does not provide sufficient
integrated support for higher-level mobile-phone stacks. The key advantage
for developers appears to be the single-source support from either company,
which MontaVista claims will reduce the complexity of creating advanced
mobile applications."
Matthew Aslett speculates on what's really going on with Oracle Linux on the 451 CAOS site. "To put it simply: a win for Linux is a win for Oracle as it immediately takes SQL Server, Exchange, Visual Studio et al out of the equation and increases the likelihood that a customer will choose Oracle software. From that perspective it is clearly in Oracles interests that Linux succeeds, whether that means Red Hat, Novell or Ubuntu.
The only problem for Oracle is that a win for Linux introduces a new third party that stands between its software and its customers."
Linux-Watch
reports
on Dell's selling of Ubuntu-based servers.
"Ubuntu is extremely popular on the desktop, but it's made comparatively little progress on servers. That's about to change. Dell is expected to announce in the first quarter of 2008 that it has certified Ubuntu Linux for its server lines.
In an interview with Rick Becker, Dell Product Group's vice president of solutions, Becker said that Dell is currently in the process of certifying Ubuntu for all its server lines. "But we are still several months away from announcing a certification. I'd say it'll be announced in Q1 next year."
Dell, however, is already selling pre-loaded Ubuntu on its servers."
InformationWeek
notes that Wal-Mart is selling a lot of Linux-based Everex gPC machines.
"The Everex TC2502 Green gPC will again be available at Walmart.com "in the coming weeks," said a spokesman for the company.
Wal-Mart began selling the Everex gPC online for $199 earlier this month, but it's currently listed as "Sold Out". Wal-Mart's spokesman wouldn't disclose precise sales figures, but said the gPC "has been one of the top performing desktop computers on Wal-Mart.com over the last few weeks.""
Swedish police have arrested and questioned Dan Egerstad, the security researcher who listened in on Tor traffic, as reported by ars technica. "Swedish law enforcement authorities, who allegedly informed Egerstad that he is suspected of breaking into foreign computers, confiscated hardware and documents at his apartment and then questioned him at length. After what Egerstad describes as a two-hour interrogation, he was permitted to leave. Egerstad told the Sydney Morning Herald that the raid is harming his business and that the confiscated equipment and records still have not been returned even though he has yet to be charged with any crime."
eWeek presents
an interview with Sun's Rich Sands. Sands gives a history of events
since the initial open-source release of Java.
"It has been quite an exciting year and some of the key milestones from this past year include Nov. 13, 2006: We open-sourced several components of Java SE [javac, HotSpot], and the entire Java ME code base, both CLDC [Connected Limited Device Configuration] and CDC [Connected Device Configuration], under the surprising and courageous choice of GPLv2. Richard Stallman said: "It shows leadership. It's an example I hope others will follow." The "Java Trap" finished."
OSnews reviews the Archos 604 Personal Multimedia Player, a Linux-based video and audio storage and playback device. "Where Archos shines compared to any similar product out there today is video codec support. This is the first PMP that I have reviewed that was able to playback any DivX/XDiV file, and without a hitch. The Archos people also sent us the h.264 and mpeg/mpeg2 plugins for the purpose of this review (sold separately as addons, $20 each), and with these plugins Archos played back all such files we threw at it. Archos also played back normal mpeg-4 files, like the ones cellphones usually record. WMV9/ASF worked too, although it was not able to fast forward on these kinds files (or set "bookmarks"). The only files we tried but the device was not able to playback was WMV8, 3GP and the old kind of .mov files that Apple used to encode with Quicktime back in 2002. The point is though, as long as the resolution of the file is up to 720x576, the Archos 604 is able to playback without dropping frames 95% of the user-oriented formats out there, and that's quite an accomplishment."
The Software Freedom Law Center has sent out a press release stating that it has filed two more GPL-infringement lawsuits on behalf of the BusyBox developers. The defendants this time around are Xterasys Corporation and High-Gain Antennas LLC.
The Electronic Frontier
Foundation has announced the winning of a U.S. Patent
and Trademark Office reexamination of a questionable patent on Internet
subdomains.
"The patent, now held by Hoshiko, LLC, claims to cover the
method of automatically assigning Internet subdomains, like
"action.eff.org" for the parent domain "eff.org." Previous
patent owner Ideaflood used this illegitimate patent to
demand payment from website hosting companies that offer
such personalized domains, including Freehomepage.com, T35
Hosting, and LiveJournal, a social networking site where
each of its three million users have their own subdomain."
The Electronic Frontier Foundation has sent out an announcement regarding
telecom spying in the U.S.
"Members of the Senate Judiciary
Committee meet Thursday to discuss letting telecoms off the
hook for their role in illegal spying on millions of
ordinary Americans -- a blatant attempt to block lawsuits
that would determine if the surveillance is legal.
The "FISA Amendments Act" includes blanket immunity for
telecommunications companies who took part in a massive
warrantless domestic surveillance program to wiretap
Americans' communications. However, committee member Sen.
Russ Feingold says he will offer an amendment that would
remove this blanket immunity from the bill.
The Electronic Frontier Foundation (EFF) urges lawmakers
to support Sen. Feingold in holding the telecoms accountable
for their involvement in the illegal spying."
The Free Software Foundation has released the Affero GPL v3. The Affero GPL adds an additional term to the GPL allowing users who run the program as a network service or web application to get the source of that application. "Many
programmers choose to use the GNU GPL to cultivate community development;
if many of the modifications developed by the programs users are never
released, this can be discouraging for them. The GNU AGPL addresses their
concerns. The FSF recommends that people consider using the GNU AGPL for
any software which will commonly be run over a network." Click below for the full press release.
Harald Welte, who recently announced
his departure from OpenMoko, has lost little time in getting back into the
GPL compliance arena. A release has been sent out (click below for the
full text) stating that Harald and others are going to court to get Iliad
(a French telecom company) to release the source for the GPL-licensed code
shipped in its "Freebox" set-top box.
"At the same time, a donation campaign has been launched to try and
cover the procedural expenses and lawyers' fees. For the writers, this
is a 'real challenge', the necessary sum already amounting to €25.000,
and subject to increase should Iliad not withdraw." More
information is available on the
campaign web site.
Coverity has announced the addition of Java support to its Scan site.
"Coverity, Inc., the leader in
improving software quality and security automatically, today announced
expanded capabilities of the company's popular open source code analysis
site:
http://www.scan.coverity.com.
Beginning today, the open source Scan
site will provide static source code analysis for Java-based open source
projects as an extension of Coverity's relationship with the U.S.
Department of Homeland Security under the 'Vulnerability Discovery and
Remediation Open Source Hardening Project.'"
Nagios Enterprises and GroundWork Open Source Forge have announced
a strategic partnership involving open source IT monitoring and management.
"Under the terms of the joint partnership, Nagios Enterprises will soon
offer tier three support for Nagios-related aspects of Groundwork Open
Source. In addition, GroundWork Open Source and Nagios Enterprises will
engage in various market development activities including
cross-promotion via advertising, joint marketing efforts, and business
referral opportunities."
Trimble has
announced the winning of a contract from the U.S. Coast
Guard. The company will produce up to 400 reference station receivers
for the Maritime Differential GPS (DGPS) Service modernization
program.
"With Internet Protocol as the primary communications mechanism, the
NetRS GPS receiver can be accessed and fully controlled remotely using
simple Internet browsers or Trimble infrastructure software. The NetRS uses
the Linux framework, which allows for extension and customization that is
simply not possible with proprietary operating systems."
Mandriva Linux has won a Product of the Year 2007 award.
"Mandriva has been selected as 'Product of the Year 2007' in the Linux
category at the Softool exhibition in Moscow. The 'Product of the
Year 2007' competition was held by the department of information
technologies and computing systems of the Russian Academy of Sciences,
the Federal Agency of Information Technologies, the publishing house
SK Press, and IT-expo."
A call for papers has gone out for the Linux Audio Conference 2008.
The event takes place in Cologne, Germany on February 28 through March 2.
Submissions are due by December 1.
"We invite submissions of papers addressing all areas of audio
processing based on Linux and open source software. Papers can focus
on technical, artistic or scientific issues and can target developers
or users. For details please refer to the call for papers below and on
the web at
http://lac.linuxaudio.org".
A call for music has also been announced.
The 2008 Linux Symposium has been scheduled for July 23 to 26; it
will, as usual, be held in Ottawa. This year's program looks to feature
mini-summits prior to the main events and "speakers from outside the
industry" to give a wider view. The call for papers is
open now with submissions due by the beginning of February.
A call for participation has gone out for the O'Reilly Velocity Conference.
"The first ever O'Reilly Velocity conference will take place June
23-24, 2008 at the San Francisco Airport Marriott in Burlingame, California. Web companies, big and
small, face many of the same challenges: sites must be faster, infrastructure needs to scale, and
everything must be available to customers at all times, no matter what. Velocity is dedicated to
helping attendees obtain the crucial skills and knowledge to build successful websites. Velocity is
where to learn how to build websites that are fast, scalable, resilient, and highly-available." Submissions are due by December 31, 2007.
PyCon 2008 has been announced.
"PyCon 2008, the sixth annual Python community conference, will be
held in Chicago from March 14 to 16, 2008 at the Crowne Plaza Chicago O'Hare Hotel. Business
leaders, developers, and enthusiasts will gather for the largest and most comprehensive Python
meeting in history. Python, the popular open source programming language that is increasingly seen
as an alternative to Java, is currently used by thousands of organizations including Google,
Industrial Light & Magic, iRobot, NASA, and YouTube."
It seems that the User Friendly comic is now ten years old. Attentive readers will note a certain recurring theme between the original strip and the one which was posted ten years later.
![[Firefox 3]](/images/ns/firefox3.png)