Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 6 perc 21 másodperc

Kernel prepatch 3.18-rc4

h, 2014-11-10 02:41
The 3.18-rc4 prepatch is out for test. "Hey, things are finally calming down. In fact, it looked *really* calm until yesterday, at which point some people clearly realized 'hey, I should push my stuff to Linus so that it makes it into -rc4', and then a third of all changes came in the last day, but despite that, rc4 finally looks like things are falling into place, and we'll get to stabilize this release after all."
Kategóriák: Linux

FSF and Software Freedom Conservancy unveil Copyleft.org

p, 2014-11-07 22:41

The Free Software Foundation (FSF) and the Software Freedom Conservancy (SFC) have announced a new site called Copyleft.org that will play host to "useful information, tutorial material, and new policy ideas regarding all forms of copyleft licensing." The most prominent content at present is a comprehensive guide to the concept of copyleft and copyleft licenses. The announcement notes that the content is viable, among other things, as training material. "As the author, primary interpreter, and ultimate authority on the GPL, the FSF is in a unique position to provide insights into understanding free software licensing. While the guide as a living text will not automatically reflect official FSF positions, the FSF has already approved and published one version for use at its Seminar on GPL Enforcement and Legal Ethics in March 2014."

Kategóriák: Linux

Peck: New GIMP Save/Export plug-in: Saver

p, 2014-11-07 20:54

At her blog, Akkana Peck has announced a new GIMP plugin called "Saver" that is intended to replace the default Save/Export functionality introduced with the GIMP 2.8 release. GIMP 2.8 famously separated "Save"and "Export" into two separate functions, with "Save" only able to write out images to GIMP's native, multi-layer XCF format. As Peck notes, that change "has been a matter of much controversy. It's been over two years now, and people are still complaining on the gimp-users list." The new plugin is an attempt to perform the "expected" action in each circumstance. "I've been using Saver for nearly all my saving for the past year. If I'm just making a quick edit of a JPEG camera image, Ctrl-S overwrites it without questioning me. If I'm editing an elaborate multi-layer GIMP project, Ctrl-S overwrites the .xcf.gz. If I'm planning to export that image for the web, I Ctrl-Shift-S to bring up the Saver As... dialog, make sure the main filename is .xcf.gz, set a name (ending in .jpg) for the exported copy; and from then on, Ctrl-S will save both the XCF and the JPG copy.

Kategóriák: Linux

Ubuntu, ownCloud, and a hidden dark side of Linux software repositories (PC World)

p, 2014-11-07 19:25
Here's a PC World article on the old, insecure version of ownCloud shipped in Ubuntu 14.04 — and the difficulties in getting it updated or removed.

Ubuntu’s developers initially balked at this. Why, this isn’t the way the system works! The package is now locked-in for the stable release and shouldn’t have any major changes, even though it’s a fundamentally insecure piece of server software. Actually removing it would be highly unusual. They proposed that ownCloud should take over maintenance of the ownCloud packages in Ubuntu and keep them up-to-date. At the very least, it was ownCloud’s job to create an empty package and go through the bureaucratic process to push it out.

The writing is a little breathless, but there is a valid issue here; the software found in the more remote corners of distribution repositories may not be particularly well maintained.

Kategóriák: Linux

Friday's security updates

p, 2014-11-07 17:21

CentOS has updated php (C5: multiple vulnerabilities).

Debian has updated curl (information leak), konversation (denial of service), qemu (multiple vulnerabilities), and qemu-kvm (multiple vulnerabilities).

Fedora has updated hostapd (F19; F20: command execution), Pound (F19: multiple vulnerabilities), python-rhsm (F19; F20: protocol downgrade), seamonkey (F19: multiple vulnerabilities), subscription-manager (F20: protocol downgrade), webkitgtk3 (F19: protocol downgrade), wss4j (F20: authentication spoofing), and xml-security (F20: denial of service).

Oracle has updated php (O5: multiple vulnerabilities).

Red Hat has updated php (RHEL4: code execution; RHEL5: multiple vulnerabilities).

Scientific Linux has updated mod_auth_mellon (SL6: multiple vulnerabilities) and php (SL5: multiple vulnerabilities).

Kategóriák: Linux

Kügler: Diving into Plasma’s 2015

cs, 2014-11-06 20:18
On his blog, Sebastian Kügler looks at what next year holds for KDE Plasma 5. He looks at high-DPI and Wayland support as well as the plans by distributions (Kubuntu 15.04 for example) to start shipping Plasma 5 as the default desktop environment. "In terms of user demographic, we’re almost certain to see one thing happening with the new Plasma 5 UI, as distros start to ship it by default, this is what these new users are going to see. Not everybody in this group of users is interested in how cool the technology stack lines up, they just want to get their work done and certainly not feel impeded in their daily workflows. This is the target group which we’ve been focusing our work on in months since summer, since the release of Plasma 5.0. Wider group of users sounds pretty abstract, so let’s take some numbers: While Plasma 5 is run by a group of people already, the number of users who get it via Linux distributions is much larger than the group of early adopters. This means by the end of next year, Plasma 5 will be in the hands of millions of users, probably around 10 million, and increasing."
Kategóriák: Linux

Thursday's security updates

cs, 2014-11-06 16:04

Debian has updated libxml-security-java (xml signature spoofing from 2013).

Gentoo has updated mysql (multiple unspecified vulnerabilities), tigervnc (code execution), and vlc (multiple vulnerabilities from 2010-2013).

Oracle has updated mod_auth_mellon (OL6: two vulnerabilities) and shim (OL7: three vulnerabilities).

SUSE has updated flash-player (SLE11SP3: three vulnerabilities), OpenSSL (SLE11SP3: three vulnerabilities), and wget (SLE11SP3: code execution).

Ubuntu has updated libreoffice (14.10, 14.04: code execution).

Kategóriák: Linux

GnuPG 2.1.0 "modern" released

cs, 2014-11-06 14:43
Version 2.1.0 of the GNU Privacy Guard has been released; this is the first release in the new "modern" branch. Changes include elliptic curve cryptography support, better keyserver pool handling, the creation of revocation certificates by default, the removal of support for PGP2 keys, and more.
Kategóriák: Linux

[$] LWN.net Weekly Edition for November 6, 2014

cs, 2014-11-06 02:37
The LWN.net Weekly Edition for November 6, 2014 is available.
Kategóriák: Linux

[$] A control group manager

sze, 2014-11-05 18:53

CGManager is a year-old project to develop a daemon to manage control groups (cgroups) on a Linux system. These days, it is mostly targeted at doing that management for LXC containers, but it was originally envisioned as an alternative to systemd's cgroup management for those distributions that were not using systemd as their init. LXC maintainer Serge Hallyn gave a presentation about CGManager on October 13 at LinuxCon Europe in Düsseldorf, Germany.

Subscribers can click below for the full report on the talk from this week's edition.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-11-05 18:02

CentOS has updated mod_auth_mellon (C6: two vulnerabilities).

Debian has updated php5 (three vulnerabilities).

Fedora has updated fedup (F19: temporary directory creation), php-Smarty (F20; F19: code execution), and thunderbird (F19: multiple vulnerabilities).

Red Hat has updated mod_auth_mellon (RHEL6: two vulnerabilities) and shim (RHEL7: multiple vulnerabilities).

SUSE has updated openssl1 (SLES11 SP3: multiple vulnerabilities) and wpa_supplicant (SLE11 SP3: command execution).

Ubuntu has updated ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 (14.10, 14.04, 12.04: two vulnerabilities).

Kategóriák: Linux

LCA2015 Keynote Speaker - Professor Eben Moglen

sze, 2014-11-05 02:20
Professor Eben Moglen, Executive Director of the Software Freedom Law Center and professor of Law and Legal History at Columbia University Law School, will be a keynote speaker at linux.conf.au.
Kategóriák: Linux

[$] Kdbus meets linux-kernel

k, 2014-11-04 22:16
There has been a long history of attempts to put interprocess messaging systems into the Linux kernel; in general, these attempts have not gotten very far. From the beginning, though, the expectations around "kdbus," an in-kernel implementation of the widely used D-Bus mechanism, have been higher than the usual. Kdbus has been under development for more than two years, and was unveiled at linux.conf.au in January. But it had never been posted to the linux-kernel mailing list for review and, with luck, eventual inclusion — until October 29, when Greg Kroah-Hartman posted a twelve-part series for consideration.
Kategóriák: Linux

Mobile Linux Distros Keep on Morphing (Linux.com)

k, 2014-11-04 20:58
Linux.com looks at the distributions powering mobile devices, including Firefox OS, Tizen, Ubuntu, and WebOS. "At the Mozilla Festival held earlier this week in the U.K. , Mozilla unveiled a PiFxOS version of Firefox OS for the Raspberry Pi, also dubbed Foxberry Pi, with promises to make it competitive with Raspbian Linux. It's currently a bleeding edge demoware build, but Mozilla appears to be serious about ramping it up, with an early focus on robotics hacking and media players. PiFxOS is based on a Firefox OS port to the Pi developed by Oleg Romashin and Philip Wagner, which seems to have stalled. Mozilla plans to beef it up with support for sensors, control motors, LEDs, solenoids, and other components, as well as build a modified version for drones. A longer term project is to develop a DOM/CSS platform for robots using "a declarative model of a reactive system.""
Kategóriák: Linux

Videos from the GNU Tools Cauldron

k, 2014-11-04 20:39
The GNU Tools Cauldron, a conference on the low-level toolchain (GCC, glibc, GDB, etc.) was held last July. There is now a full set of videos from the event available for your viewing pleasure. Anybody with an interest in this area is advised to have a fair amount of time available before visiting that page; there are quite a few interesting topics in the list.
Kategóriák: Linux

Fedora 21 beta released

k, 2014-11-04 19:35
The Fedora 21 beta release is available for testing. "Every bug you uncover is a chance to improve the experience for millions of Fedora users worldwide. Together, we can make Fedora 21 a rock-solid distribution. We have a culture of coordinating new features and pushing fixes upstream as much as feasible and your feedback will help improve not only Fedora but Linux and free software on the whole."
Kategóriák: Linux

Tuesday's security updates

k, 2014-11-04 17:58

CentOS has updated cups-filters (C7: command execution).

Oracle has updated cups-filters (OL7: command execution).

Red Hat has updated cups-filters (RHEL7: command execution) and RHOSE (two vulnerabilities).

Scientific Linux has updated cups (SL6: multiple vulnerabilities), cups-filters (SL7: command execution), file (SL6: multiple vulnerabilities), firefox (SL5,6,7: multiple vulnerabilities), glibc (SL6: two vulnerabilities), java-1.8.0-openjdk (SL6: multiple vulnerabilities), kernel (SL7; SL6: multiple vulnerabilities), krb5 (SL6: multiple vulnerabilities), luci (SL6: code execution), php (SL6,7: multiple vulnerabilities), php53 (SL5: multiple vulnerabilities), thunderbird (SL6: multiple vulnerabilities), wget (SL6,7: symlink attack), and X11 client libraries (SL6: multiple vulnerabilities).

Slackware has updated mariadb (multiple vulnerabilities), firefox (multiple vulnerabilities), php (three vulnerabilities), and seamonkey (multiple vulnerabilities).

Kategóriák: Linux

openSUSE 13.2 released

k, 2014-11-04 14:14
The openSUSE 13.2 release is now available. "This version presents the first step to adopt the new openSUSE design guidelines system-wide. The graphical revamp is noticeable everywhere: the installer, the bootloader, the boot sequence and all of the (seven!) supported desktops (KDE, GNOME, Xfce, LXDE, Enlightenment 19, Mate and Awesome). Even the experimental Plasma 5.1 is adapted to the overall experience." See the announcement for details on what's new in this release.
Kategóriák: Linux

Introducing Dynomite - Making non-distributed databases, distributed

k, 2014-11-04 14:07
The Netflix Tech Blog has posted an introduction to Dynomite, a database distribution system. "In the age of high scalability and big data, Dynomite’s design goal is to turn those single-server datastore solutions into peer-to-peer, linearly scalable, clustered systems while still preserving the native client/server protocols of the datastores, e.g., Redis protocol." Dynomite is available under the Apache license.
Kategóriák: Linux

Vetter: Atomic Modeset Support for KMS Drivers

h, 2014-11-03 21:50
For those who are interested in the grungy details of getting the new atomic modesetting operations working with existing graphics drivers, Daniel Vetter has the scoop: "So I've just reposted my atomic modeset helper series, and since the main goal of all that work was to ensure a smooth and simple transition for existing drivers to the promised atomic land it's time to elaborate a bit. The big problem is that the existing helper libraries and callbacks to driver backends don't really fit the new semantics, so some shuffling was required to avoid long-term pain. So if you are a driver writer and just interested in the details then read for what needs to be done to support atomic modeset updates using these new helper libraries."
Kategóriák: Linux