2018 in perspective

It’s arguable, but by now, it’s pretty safe to say that the proverbial year of Linux on the desktop is never happening. But… do we really need it so much? Especially if there an impressive lineup of upcoming libre software releases set for 2018? Let’s see what this year is bringing us.

FreeCAD 0.17

Over the past 1.5 years since v0.16 release, FreeCAD has gained a huge amount of changes: massive updates in the PartDesign and Path workbenches, composite solids now possible in the Part workbench thanks to upgrading to newer OpenCascade kernel, improved BIM workflow for architects, new Spreadsheet workbench for importing Excel data, and new TechDraw workbench for creating technical drawings.

The Arch workbench in particular now features new presets to build precast concrete elements,as well as tools for designing rebars and a plumbing system.

Unfortunately, FreeCAD 0.17 won’t be shipped with any Assembly workbench, as available solutions are still experimental, and the focus seems to have shifted from Assembly2 to Assembly3. There are, however, builds of FreeCAD + Assembly3 on GitHub.

Since last year, FreeCAD also has a GitHub repository that unifies the most interesting workbenches/add-ons. it’s very much worth checking out.

The FreeCAD team recently announced feature freeze and is actively encouraging translators to update localization files, while developers deal with bug reports.

Release notes are still work in progress, and you can learn a lot more about changes in the Arch workbench from Yorik’s blog.

Preliminary builds of FreeCAD 0.17 are available on GitHub as well. If you are interested in providing feedback, this forum thread is for you.

Blender 2.80

Originally proposed to be released “somewhere in 2016”, Blender 2.80 now seems complete enough to land somewhere in 2018.

Real-time PBR in the viewport, asset management, grease pencil improvements, complete overhaul of layers and dependency graph, UI cleanup… Blender 2.80 has the makings of a huge update that will indeed immensily improve the workflow.

The Blender team does an excellent job promoting new features in the upcoming major update. There’s a dedicated page that serves as intermediate release notes for v2.80. Moreover, Ton Roosendaal recently posted a great overview of new stuff expected this year. Do check it out!

Krita 4.0

Two of the major new features in upcoming Krita 4.0, vector graphics and text, were subject of the 2016 campaign on Kickstarter. For vector graphics, here is an overview from Jeremy Bullock, one of the leading OpenToonz contributors:

With text, the idea was to simplify adding speech ballons and suchlike in comics. That’s a somewhat specialized use of the text tool, although adding generic captions works just fine. The team also notes that due to all the troubles with the tax office they had to limit the feature set for 4.0 (at least for the text tool), aiming to enhance it in further updates (better OpenType support, more control over glyphs etc.).

As usual, you should expect many improvements in the painting tools: various user experience improvements, possibility to use brushes larged than 1,000px, better performance by realying on multh-threading. For painting-related changes overview, see this video:

The team also published preliminary released notes well worth reading. Currently, there is a beta of 4.0 available for downloading.

GIMP 2.10

After almost 6 years of work, the GIMP team is finalizing the next big update. The plan is to cut a beta of v2.10 once the amount of critical bugs falls further down: it’s currently stuck at 20, as new bugs get promoted to blockers, while old blockers get fixed. It’s a bit of an uphill battle.

GIMP 2.10

The team initially intended v2.10 to be more or less a GEGL-based upgrade of v2.8 plus high bit depth precision support. Needless to say, the plan hasn’t exactly worked: there will be a lot more than that.

In fact, even now, when only critical bugs are supposed to be worked on, the team cannot resist making improvements that aren’t blocking the release. Just last night, Ell implemented masks for layer groups and updated the PSD plug-in accordingly.

So v2.10 is arriving later in 2018 with features including, but not limited to:

  • Processing with 16-/32-bit per color channel precision
  • Loading/exporting 16-bit PNG, 16/32-bit TIFF/PSD/EXR, 16/32/64-bit FITS files
  • Color management rewritten as a core feature, with all color widgets now color-managed
  • 10+ new blend modes: Pass-Through, Linear Burn, Vivid Light, Linear Light etc.
  • 80+ GEGL-based filters, with on-canvas preview
  • New and improved transformation, selection, and painting tools
  • Canvas rotation/flipping
  • Initial multi-threaded image processing

So far the community’s response to finalization of 2.10 seems to be mixed. A lot of people feel that the release is too long overdue (and developers readily admit that). Hence the decision to relax the release policy and allow new features in stable branches (when possible). This way, contributions will get to end-users a lot faster.

RawTherapee 5.4 and darktable 2.6

Quite a few free software users are torn between RawTherapee and darktable. Both are very solid digital photography applications with an overlapping feature set, yet different approach to the processing workflow and UI/UX.

Local contrast tool in RawTherapee 5.4

RawTherapee 5.4 is currently expected later this February. The release brings quite a few much welcome updates, some of which are:

  • New tools such as histogram matching, HDR Tone Mapping, and Local Contrast
  • New RCD demosaicing algorithm to minimize various artifacts
  • Out-of-gamut areas visualization
  • Creating and processing Sony Pixel Shift ARQ files
  • Saving 32-bit floating-point TIFF files, clamped to [0-1].
  • Lensfun-based chromatic aberration correction
  • Cleaner UI

But there is lot more going on. In a conversation, RT developer Morgan Hardwood told us:

We have been putting off a major refactoring and unification of the four existing pipelines (main image, thumbnail, etc.) into one. That work will begin now and should make a lot of new cool stuff possible, like on-canvas editing.

Naturally, there are no estimations of release dates beyond v5.4 at this point.

For darktable, it’s hard to predict what’s coming in the next major version. The team traditionally releases a major update around winter holidays time, so we are a mere month into the new development cycle.

There are, however, two new features that might make it to the next big update. The first one is a Filmulate plugin that reuses Filmulator technology to emulate film development.

The other one is a new Retouch tool that performs various operations such as healing on wavelet scales. The team wasn’t originally fond of adding localized edits beyond spot removal to darktable. But they eventually gave in, when Liquify was submitted by a contributor (and it took quite a while to complete the feature). Releasing darktable with even more retouching tools could be… well, fun?

SVG2 to be finalized

In November 2016, we published an interview with Tavmjong Bah, Inkscape’s core team developer responsible for introducing several artists-centered features to upcoming SVG2. During the conversation, he voiced his concerns about the possibility of terminating the working group and moving the specification to W3C’s Web Platform Incubator Community Group (WICG) where its future would be rather uncertain.

The charter wasn’t renewed in January 2017, but the project wasn’t moved to WICG either. A new charter was announced in August with Microsoft’s Bogdan Brinza (Principal PM Manager, Microsoft Edge) at the helm.

The WG was rechartered for the sole purpose of getting SVG2 unstuck and making it reach the Proposed Recommendation status which is scheduled for June 2018. Not quite coincidentally, this is when this WG will be disbanded again.

The Charter page is very specific about the focus of this charter period:

As a primary focus […], the group will concentrate on the stabilisation and interoperability testing of the core SVG2 specification. As part of that testing, features which are in the reference draft of SVG2 and which do not meet the stability and interoperability requirements for a Proposed Recommendation may be moved to separate specification modules, work on which would remain in scope, but at a lower priority.

This is what the working group has been busy with ever since.

FreieFarbe/FreeColour is going DIN

In December 2017, FreieFarbe e.V. announced that their initiative for „Open Colour Communication“ standard was supported by DIN and will become a DIN SPEC (which is the first step towards DIN Norm). It is claimed that DIN intends to turn this into an international standard via ISO later.

The FreieFarbe / FreeColour initiative aims to provide an open alternative to Pantone, HKS, and other proprietary colour systems. They argue that unlike Pantone and some other proprietary manufacturers like RAL, FreiFarbe has an actual color system.

As part of the proposal to DIN, they submitted a prototype of a CIE LCH based color reference (printed by Proof.de), where colors are sorted by their hue, lightness, and chroma values in steps of 10, 5, and 10 respectively (hue would be in steps of 5 in the final version). Which is, in fact, quite similar (if not identical) to the color system of RAL Design.

The team has just published HLC Colour Atlas: a printed reference (A4, ring binder), a printed documentation in German and English, colour palettes with LAB values in ASE (Adobe), SBZ (SwatchBooker), and other file formats, a PDF master file of the atlas with layers for different output targets, a CxF3 file where color data is stored in spectral values.

The specification should be done by June 2018. Ink formulas might not make it to the spec, in which case FreieFarbe e.V. promises to publish them freely online.

Ardour 6.0

Although projects like LMMS, MusE, and Rosegarden haven’t really gone anywhere and have their following, it does look like Ardour and Qtractor are the dominating digital audio workstations on Linux these days. Both projects have exemplary maintenance and get regular updates, although Ardour’s release pace recently slipped for a good reason.

Ardour 6 alpha

Since mid-2017 or so, Ardour has been undergoing a completely boring procedure called refactoring and internal redesign. Hence Ardour 6, expected later this year, will feature mostly behind-the-scenes changes. Most of the work going into the next version so far is architectural (like proper handling of musical time), with one exception: cue monitoring.

At this point, it’s hard to tell whether it’s going to stay that way by the time v6.0 is finalized (after all, GIMP 2.10 was going to be mostly v2.8+GEGL, and we do know how this ended). That said, further 6.x releases are likely to gain what lead developer Paul Davis cautiously calls “some features to support a more “groove-centric” workflow”.

It’s not exactly a huge surprise that Paul has been interested in making Ardour more suitable for live performances for quite a long time. So we probably should be looking forward to something along the lines of advanced looping and sample stretching. Existing support for both Ableton Push 2 and NI Maschine 2 control surfaces would come in handy then.

So far, Ardour 6 looks like a summer-time release, but it’s too early to tell.

More synths awesomeness

Last year, VCV Rack stormed into the softsynths scene as a free/libre software implementation of Eurorack/modular synths and became one of the most exciting projects in the Linux audio ecosystem.

VCV Rack is designed as a real modular synth, and there’s an increasing amount of all sorts of modules available. And this thing is addictive as hell. We expect VCV Rack to keep rapidly growing this year.

In 2018, we are also likely to see further improvements of Zyn-Fusion, next generation of ZynAddSubFX. Although Mark McCurry only raised half the money he expected through selling binaries of Zyn-Fusion on Gumroad, he doesn’t regret this decision a bit. On the last day of 2017, he released the final bit of source code he wrote for that project, so now anyone can build ZynAddSubFX with new, improved UI from source code.

From now on, the old UI is getting just bugfixes, all new stuff is happening in the new UI. The 3.1.x series is expected to focus on workflow improvements. If you don’t have Zyn-Fusion in your Linux repo, you can have a go at build instructions.

After a spectacular launch around 2016, the free/libre Helm soft synth wasn’t getting many updates in 2017. It might seem that Matt Tytel lost interest in the project, but he was actually rethinking it:

There were a bunch of things I wanted to change in Helm, but they would require ripping out most features. I’m going to fix more Helm bugs in the future, but I will not not add any features. I’m working on a new synth with a new name.

Again, no release dates.

NLEs

Unlike with DAWs, non-linear video editors is where it’s quite impossible to mention one application without hearing “But you forgot [my libre NLE of choice]!”. Indeed, there are just so many of them these days!

Pitivi, Shotcut, Kdenlive, Flowblade, OpenShot… Most of these projects have regular updates. Blender VSE reportedly still doesn’t have a maintainer, but is now being improved by Nathan Lovato et al. via his Power Sequencer add-on. And, of course, we still have three flavours of Cinelerra. Even Lumiera still shows signs of life.

So in 2018, you are in for a treat, whichever non-linear video editor you end up using.

Read More

RHSA-2018:0275-1: Important: jboss-ec2-eap security, bug fix, and enhancement update

Red Hat Enterprise Linux: An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise
Application Platform 6.4 for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-12174, CVE-2017-12617, CVE-2018-1041

Read More

RHSA-2018:0271-1: Important: Red Hat JBoss Enterprise Application Platform 6.4.19 security update

Red Hat Enterprise Linux: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-12174, CVE-2017-12617, CVE-2018-1041

Read More

RHSA-2018:0270-1: Important: Red Hat JBoss Enterprise Application Platform 6.4.19 security update

Red Hat Enterprise Linux: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4
for Red Hat Enterprise Linux 6

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-12174, CVE-2017-12617, CVE-2018-1041

Read More

USN-3550-2: ClamAV vulnerabilities

Ubuntu Security Notice USN-3550-2

5th February, 2018

clamav vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in ClamAV.

Software description

  • clamav
    – Anti-virus utility for Unix

Details

USN-3550-1 fixed several vulnerabilities in ClamAV. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

It was discovered that ClamAV incorrectly handled parsing certain mail
messages. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-12374, CVE-2017-12375, CVE-2017-12379, CVE-2017-12380)

It was discovered that ClamAV incorrectly handled parsing certain PDF
files. A remote attacker could use this issue to cause ClamAV to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-12376)

It was discovered that ClamAV incorrectly handled parsing certain mew
packet files. A remote attacker could use this issue to cause ClamAV to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-12377)

It was discovered that ClamAV incorrectly handled parsing certain TAR
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2017-12378)

In the default installation, attackers would be isolated by the ClamAV
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
clamav

0.99.3+addedllvm-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

CVE-2017-12374,

CVE-2017-12375,

CVE-2017-12376,

CVE-2017-12377,

CVE-2017-12378,

CVE-2017-12379,

CVE-2017-12380

Read More

USN-3557-1: Squid vulnerabilities

Ubuntu Security Notice USN-3557-1

5th February, 2018

squid3 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Squid.

Software description

  • squid3
    – Web proxy cache server

Details

Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)

William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)

Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This issue only applied to Ubuntu 16.04
LTS. (CVE-2016-2571)

Santiago Ruano Rincón discovered that Squid incorrectly handled certain
Vary headers. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. This issue was only
addressed in Ubuntu 16.04 LTS. (CVE-2016-3948)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge
Side Includes (ESI) responses. A malicious remote server could possibly
cause Squid to crash, resulting in a denial of service. (CVE-2018-1000024)

Louis Dion-Marcil discovered that Squid incorrectly handled certain Edge
Side Includes (ESI) responses. A malicious remote server could possibly
cause Squid to crash, resulting in a denial of service. (CVE-2018-1000027)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.10:
squid3

3.5.23-5ubuntu1.1
Ubuntu 16.04 LTS:
squid3

3.5.12-1ubuntu7.5
Ubuntu 14.04 LTS:
squid3

3.3.8-1ubuntu6.11

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-2569,

CVE-2016-2570,

CVE-2016-2571,

CVE-2016-3948,

CVE-2018-1000024,

CVE-2018-1000027

Read More

USN-3558-1: systemd vulnerabilities

Ubuntu Security Notice USN-3558-1

5th February, 2018

systemd vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in systemd.

Software description

  • systemd
    – system and service manager

Details

Karim Hossen & Thomas Imbert and Nelson William Gamazo Sanchez
independently discovered that systemd-resolved incorrectly handled certain
DNS responses. A remote attacker could possibly use this issue to cause
systemd to temporarily stop responding, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-15908)

It was discovered that systemd incorrectly handled automounted volumes. A
local attacker could possibly use this issue to cause applications to hang,
resulting in a denial of service. (CVE-2018-1049)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
systemd

229-4ubuntu21.1
Ubuntu 14.04 LTS:
systemd

204-5ubuntu20.26

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-15908,

CVE-2018-1049

Read More