Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 25 perc 3 másodperc

[$] Development statistics for the 4.2 kernel

k, 2015-08-18 16:12
As of this writing, the 4.2-rc7 prepatch is out and the final 4.2 kernel looks to be (probably) on-track to be released on August 23. Tradition says that it's time for a look at the development statistics for this cycle. 4.2, in a couple of ways, looks a bit different from recent cycles, with some older patterns reasserting themselves. Click below (subscribers only) for the full article.
Kategóriák: Linux

Schaller: An Open Letter to Apache Foundation and Apache OpenOffice team

k, 2015-08-18 02:22
Christian Schaller has posted an open letter to the Apache Software Foundation with a non-trivial request: "So dear Apache developers, for the sake of open source and free software, please recommend people to go and download LibreOffice, the free office suite that is being actively maintained and developed and which has the best chance of giving them a great experience using free software. OpenOffice is an important part of open source history, but that is also what it is at this point in time."

In this context, it's interesting to note that OpenOffice project chair Jan Iverson recently stepped down, listing resistance to an effort to cooperate with LibreOffice as one of the main reasons. The project currently looks set to name Dennis Hamilton (who is running unopposed) as its new chair.

Kategóriák: Linux

The Open Mainframe Project

k, 2015-08-18 01:31
The Linux Foundation has announced the launch of the Open Mainframe Project. "In just the last few years, demand for mainframe capabilities have drastically increased due to Big Data, mobile processing, cloud computing and virtualization. Linux excels in all these areas, often being recognized as the operating system of the cloud and for advancing the most complex technologies across data, mobile and virtualized environments. Linux on the mainframe today has reached a critical mass such that vendors, users and academia need a neutral forum to work together to advance Linux tools and technologies and increase enterprise innovation."
Kategóriák: Linux

Stable kernels 4.1.6, 3.14.51, and 3.10.87

k, 2015-08-18 00:34
Greg Kroah-Hartman has announced the release of the 4.1.6, 3.14.51, and 3.10.87. As usual, there are important fixes throughout the tree and users of those kernel series should upgrade.
Kategóriák: Linux

Security updates for Monday

h, 2015-08-17 19:17

Arch Linux has updated glibc (denial of service from 2014).

Debian-LTS has updated libidn (information disclosure) and subversion (information disclosure).

Fedora has updated bzr (F22; F21: denial of service from 2013), firefox (F21: multiple vulnerabilities), and flac (F22: two vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities), icecast (denial of service), and libgadu (three vulnerabilities from 2013 and 2014).

openSUSE has updated firefox (13.2; 13.1: multiple vulnerabilities) and flash-player (13.2; 13.1: many vulnerabilities).

Oracle has updated kernel 3.8.13 (OL7; OL6: two remote denial of service flaws), kernel 2.6.39 (OL6; OL5: two remote denial of service flaws), and kernel 2.6.32 (OL6; OL5: two remote denial of service flaws).

Red Hat has updated glibc (RHEL5: code execution from 2013), mysql55-mysql (RHEL5; RHSC2: multiple unspecified vulnerabilities, one from 2014), rh-mysql56-mysql (RHSC2: multiple unspecified vulnerabilities), sqlite (RHEL6: code execution), sqlite (RHEL7: three vulnerabilities), and subversion (RHEL6: three vulnerabilities).

Scientific Linux has updated sqlite (SL7: three vulnerabilities).

Slackware has updated firefox (multiple vulnerabilities) and thunderbird (multiple vulnerabilities).

Ubuntu has updated openssh (15.04, 14.04, 12.04: two vulnerabilities) and pollinate (15.04, 14.04: certificate update).

Kategóriák: Linux

Kernel prepatch 4.2-rc7

h, 2015-08-17 06:04
Linus has released the 4.2-rc7 prepatch, but he's still not sure about whether it will be the last for this development cycle. "So this may be the last RC, and it might not be. It will depend on whether anything more comes up next week, and how good I feel about things come next Sunday. A part of me is convinced that all the odd 32-bit compat issues etc fallout is finally fixed, but a part of me is still a bit leery."
Kategóriák: Linux

Glibc 2.22 released

szo, 2015-08-15 15:02
Version 2.22 of the GNU C Library is out. The biggest user-visible changes are an update to Unicode 7.0.0 and the addition of a vectorized math library for the x86_64 architecture. Beyond that, of course, there is a pile of bug fixes, a few of which address security-related problems.
Kategóriák: Linux

Stagefright: Mission Accomplished? (Exodus Intelligence)

p, 2015-08-14 23:31
It would seem that reports of the demise of the Stagefright Android vulnerability may be rather premature. Exodus Intelligence is reporting that at least one of the fixes for integer overflow did not actually fully fix the problem, so MPEG4 files can still crash Android and potentially allow code execution. "Around July 31st, Exodus Intelligence security researcher Jordan Gruskovnjak noticed that there seemed to be a severe problem with the proposed patch. As the code was not yet shipped to Android devices, we had no ability to verify this authoritatively. In the following week, hackers converged in Las Vegas for the annual Black Hat conference during which the Stagefright vulnerability received much attention, both during the talk and at the various parties and events. After the festivities concluded and the supposedly patched firmware was released to the public, Jordan proceeded to investigate whether his assumptions regarding its fallibility were well founded. They were."
Kategóriák: Linux

Friday's security advisories

p, 2015-08-14 18:30

Arch Linux has updated freeradius (certificate verification botch) and subversion (two vulnerabilities).

CentOS has updated kernel (C6: two remote denial of service flaws).

Fedora has updated gnutls (F22: denial of service), nbd (F22; F21: denial of service), pcre (F22: code execution), and wordpress (F22; F21: multiple vulnerabilities).

Mageia has updated gdk-pixbuf2.0 (M5: code execution) and owncloud (three vulnerabilities).

openSUSE has updated glibc (13.1: denial of service from 2014) and kernel (13.2: multiple vulnerabilities, some from 2014).

Oracle has updated kernel (OL6: two remote denial of service flaws).

Red Hat has updated kernel (RHEL6: two remote denial of service flaws).

Scientific Linux has updated kernel (SL6: two remote denial of service flaws).

SUSE has updated firefox (SLE11SP4, SP3: information leak).

Kategóriák: Linux

The State of Fedora: 2015 Edition (Fedora Magazine)

cs, 2015-08-13 23:12
Fedora Magazine reports on Fedora project leader Matthew Miller's keynote at Flock, which is the Fedora contributor conference. He outlined the state of the distribution using some graphs and statistics and said "we’re doing very well as a project and it’s thanks to all of you". The use of Internet Relay Chat (IRC) by the project was another topic: "Fedorans do like to work together. Last year there were 1,066 IRC meetings (official meetings, not just being in IRC talking), and 765 IRC meetings in 2015 alone. 'This shows how vibrant we are, but also is buried in IRC. There’s a lot of Fedora activity you don’t see on the Fedora Web site… I want to look at ways to make that more visible,' says Miller. There are efforts to make the activity more visible, says Miller. 'If I want to interact with the project, is somebody there? Yes, but we have millions of dead pages on the wiki… we need to make this more visible.' IRC is 'definitely a measure of engagement' but it’s also a high barrier of entry, says Miller. 'Wow that’s complicated. Wow, that’s still around?' is a common response from new contributors to IRC. The technology, and 'culture' can be confusing."
Kategóriák: Linux

Security updates for Thursday

cs, 2015-08-13 16:30

Debian has updated request-tracker4 (cross-site scripting).

Red Hat has updated flash-plugin (RHEL5&6: many vulnerabilities).

SUSE has updated firefox (SLE12: information leak), java-1_7_0-ibm (SLE11SP3, SP2: many vulnerabilities), and kernel-rt (SLE11SP3: many vulnerabilities, including some from 2014).

Kategóriák: Linux

[$] LWN.net Weekly Edition for August 13, 2015

cs, 2015-08-13 03:41
The LWN.net Weekly Edition for August 13, 2015 is available.
Kategóriák: Linux

[$] Working with xdg-app application bundles

sze, 2015-08-12 22:43

One of the oft-recurring topics at GUADEC 2015 was the xdg-app application-packaging system currently being developed. Xdg-app's lead developer Alexander Larsson gave a presentation on its current status on the first day, and it featured prominently in Christian Hergert's keynote about reaching new developers as well as in Bastien Nocera's talk about hardware enablement. Perhaps the most practical discussion of the subject, however, came in Stephan Bergmann's talk about his recent attempts to bundle LibreOffice into an xdg-app package.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-08-12 18:43

Arch Linux has updated firefox (multiple vulnerabilities).

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).

Debian has updated gnutls28 (denial of service), iceweasel (multiple vulnerabilities), and wordpress (multiple vulnerabilities).

Fedora has updated devscripts (F22; F21: two vulnerabilities), kernel (F22; F21: information leak), pure-ftpd (F22: denial of service), xen (F22; F21: code execution), and xfsprogs (F22: information disclosure from 2012).

Mageia has updated firefox (MG4,5: multiple vulnerabilities), flash-player-plugin (MG4,5: multiple vulnerabilities), and qemu (MG4,5: multiple vulnerabilities).

openSUSE has updated gnutls (13.2, 13.1: denial of service).

Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities) and kernel (RHEL6.5: use-after-free flaw).

Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities).

SUSE has updated flash-player (SLE12; SLED11SP4,SP3: multiple vulnerabilities).

Ubuntu has updated firefox (15.04, 14.04, 12.04: multiple vulnerabilities) and ubufox (15.04, 14.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

Docker 1.8 released

sze, 2015-08-12 17:10
The 1.8 release of the Docker container system is out, with a number of new features. "Docker Content Trust is a new feature in Docker Engine 1.8 that makes it possible to verify the publisher of Docker images. When a publisher pushes an image to a remote registry, Docker signs the image with a private key. When you later pull this image, Docker uses the publisher’s public key to verify that the image you are about to run is exactly what the publisher created, has not been tampered with, and is up to date."
Kategóriák: Linux

Thor: another free video codec

k, 2015-08-11 22:04
Cisco, it seems, is unhappy with the patent mess around video codecs, so it has launched a project called "Thor" to make one that can be freely distributed. "The effort is being staffed by some of the world’s most foremost codec experts, including the legendary Gisle Bjøntegaard and Arild Fuldseth, both of whom have been heavy contributors to prior video codecs. We also hired patent lawyers and consultants familiar with this technology area. We created a new codec development process which would allow us to work through the long list of patents in this space, and continually evolve our codec to work around or avoid those patents."
Kategóriák: Linux

Firefox 40 is available

k, 2015-08-11 19:56
Mozilla has released Firefox 40. There are several new features listed in the release notes such as; improved scrolling, graphics, and video playback performance with off main thread compositing, added protection against unwanted software downloads, a new style for add-on manager based on the in-content preferences style, and an improved graphic blocklist mechanism.
Kategóriák: Linux

Kali Linux 2.0 released

k, 2015-08-11 18:38
Kali Linux is a Debian-based distribution oriented toward penetration testing and related tasks; the 2.0 release is now available. "There’s a new 4.0 kernel, now based on Debian Jessie, improved hardware and wireless driver coverage, support for a variety of Desktop Environments (gnome, kde, xfce, mate, e17, lxde, i3wm), updated desktop environment and tools – and the list goes on. But these bulletpoint items are essentially a side effect of the real changes that have taken place in our development backend. Ready to hear the real news? Take a deep breath, it’s a long list." At the top of that list is that Kali is now a rolling distribution.
Kategóriák: Linux

Security updates for Tuesday

k, 2015-08-11 18:17

Arch Linux has updated ppp (denial of service).

Debian has updated subversion (two vulnerabilities).

Debian-LTS has updated opensaml2 (denial of service).

Fedora has updated elasticsearch (F22: multiple vulnerabilities), lxc (F22; F21: two vulnerabilities), and rubygems (F22: DNS hijacking).

Kategóriák: Linux

OpenSSH 7.0

k, 2015-08-11 16:00
The OpenSSH 7.0 release is out. It fixes a number of problems and adds a few new configuration features, but the main focus of 7.0 is taking things out: "This focus of this release is primarily to deprecate weak, legacy and/or unsafe cryptography." More old crypto is slated for removal in 7.1; see the announcement for the list.
Kategóriák: Linux