Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 7 perc 17 másodperc

Red Hat acquires Ansible

p, 2015-10-16 14:49
Red Hat has announced that it is acquiring Ansible, the company behind the Ansible configuration management system. "Ansible's automation capabilities, together with Red Hat's existing management portfolio, will help users drive down the cost and complexity of deploying and managing both cloud-native and traditional applications across hybrid cloud environments." LWN looked at Ansible in August.
Kategóriák: Linux

Thursday's security updates

cs, 2015-10-15 17:18

Arch Linux has updated mbedtls (code execution).

Fedora has updated fossil (F22; F21: man-in-the-middle attack).

Mageia has updated roundcubemail (multiple vulnerabilities).

openSUSE has updated flash-player (13.2, 13.1: multiple vulnerabilities), jakarta-taglibs-standard (13.2, 13.1: code execution), rsync (13.2, 13.1: file checksum collision), and spice (13.2, 13.1: multiple vulnerabilities).

Oracle has updated docker-engine (OL7; OL6: two vulnerabilities).

Red Hat has updated flash-plugin (RHEL6: multiple vulnerabilities).

SUSE has updated docker (SLE12: two vulnerabilities).

Ubuntu has updated commons-httpclient (15.04, 14.04, 12.04: multiple vulnerabilities) and pollinate (15.04, 14.04: new certificate).

Kategóriák: Linux

[$] Weekly Edition for October 15, 2015

cs, 2015-10-15 01:28
The Weekly Edition for October 15, 2015 is available.
Kategóriák: Linux

[$] Permissive licenses, community, and copyleft

sze, 2015-10-14 19:46

On the final day of LinuxCon Europe 2015, HP's Chief Technology Officer Martin Fink delivered a bold keynote about software licensing. Fink recapped the negative effects of license proliferation and addressed projects that use their choice of license as hostile act against the competition. He then ended the session with an extended appeal to move the open-source software industry away from permissive licenses like Apache 2.0 and toward copyleft licenses like the GPL. Not doing so, he said, puts the FOSS community at just as much risk of collapse as license proliferation threatened to in years past.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-10-14 17:34

Arch Linux has updated chromium (multiple vulnerabilities) and flashplugin (multiple vulnerabilities).

Fedora has updated icu (F22: multiple vulnerabilities), php (F22: multiple vulnerabilities), and xen (F22; F21: denial of service).

Mageia has updated flash-player-plugin (multiple vulnerabilities), git (multiple vulnerabilities), openjpeg2 (code execution), and qemu (multiple vulnerabilities).

openSUSE has updated polkit (13.2, 13.1: multiple vulnerabilities).

SUSE has updated flash-player (SLE12; SLE11-SP3,4: multiple vulnerabilities).

Ubuntu has updated gdk-pixbuf (15.04, 14.04, 12.04: two vulnerabilities).

Kategóriák: Linux

[$] WiFi routers: from lockdown to lock-open

sze, 2015-10-14 14:19
There has been a lot of concern recently that a new set of rules [PDF] from the US Federal Communications Commission (FCC) could lead to locking-down of home router devices. It appears that the worst-case scenario feared by many will not come to pass, but that has not stopped a large, high-profile group of developers from putting together a detailed counter-proposal to the FCC that could change the game entirely. Not content with fending off the lockdown threat, this group seeks to push the pendulum the other way by forcing router software to be open. The result, it is said, would be an Internet that performs better and which is much more secure.
Kategóriák: Linux

[$] Fedora opens up to bundling

k, 2015-10-13 21:01
The term "bundling" refers to the practice of distributing a copy of one software project (usually some sort of library) within another one. Software developers may have a number of reasons for bundling, but Linux distributors tend to dislike it for reasons of their own. The Fedora project, in particular, has long forbidden bundling except in a few cases where it could not be avoided. It now seems, though, that Fedora has decided to back off a bit on its anti-bundling policy — a decision that is not uniformly popular in its development community, but which may well be necessary to help ensure the distribution's ongoing relevance.
Kategóriák: Linux

Security advisories for Tuesday

k, 2015-10-13 16:23

CentOS has updated spice (C7: multiple vulnerabilities) and spice-server (C6: multiple vulnerabilities).

Debian has updated kernel (multiple vulnerabilities).

Debian-LTS has updated linux-2.6 (multiple vulnerabilities).

Fedora has updated openjpeg2 (F21: code execution) and php (F21: multiple vulnerabilities).

Oracle has updated spice (OL7: multiple vulnerabilities) and spice-server (OL6: multiple vulnerabilities).

Red Hat has updated spice (RHEL7: multiple vulnerabilities) and spice-server (RHEL6: multiple vulnerabilities).

Scientific Linux has updated spice (SL7: multiple vulnerabilities) and spice-server (SL6: multiple vulnerabilities).

SUSE has updated kernel-source (SLE12: multiple vulnerabilities).

Kategóriák: Linux

Convicted by Code (Slate)

k, 2015-10-13 13:14
Here is an article in Slate about the dangers of using closed-source software to provide evidence in criminal trials. "Because eliminating errors from code is so hard, experts have endorsed openness to public scrutiny as the surest way to keep software secure. Similarly, requiring the government to rely exclusively on open-source forensic tools would crowd-source cross-examination of forensic device software. Forensic device manufacturers, which sell exclusively to government crime laboratories, may lack incentives to conduct the obsessive quality testing required."
Kategóriák: Linux

EFF: One Year Later, Hundreds of Tor Challenge Relays Still Active

k, 2015-10-13 00:45
The Electronic Frontier Foundation reports that 567 relays from the 2014 Tor Challenge are still up and running—"more than were established during the entire inaugural Tor Challenge back in 2011. To put that number in perspective, these nodes represent more than 8.5% of the roughly 6,500 public relays currently active on the entire Tor network, a system that supports more than 2-million directly connecting clients worldwide."
Kategóriák: Linux

Security updates for Monday

h, 2015-10-12 17:19

Arch Linux has updated gdk-pixbuf2 (two vulnerabilities).

Debian has updated spice (multiple vulnerabilities).

Fedora has updated ntp (F22: multiple vulnerabilities).

Mageia has updated isodumper (MG5: command execution), jakarta-commons-httpclient (MG5: denial of service), kernel-linus (MG5: multiple vulnerabilities), php-ZendFramework/php-ZendFramework2 (MG5: privilege escalation), php/php-timezonedb (MG5: multiple vulnerabilities), and spice (MG5: multiple vulnerabilities).

openSUSE has updated chromium (13.2, 13.1: information disclosure) and lxc (13.2, 13.1: apparmor policy bypass).

Kategóriák: Linux

Kernel prepatch 4.3-rc5

v, 2015-10-11 22:25
The fifth 4.3 prepatch is out. "It's the usual 'lots of small fixes to drivers and architecture code, with some filesystem updates thrown in for variety'." This prepatch also features a change to the kernel codename, which is now "Blurry Fish Butt".
Kategóriák: Linux

The new Linksys WRT1900ACS router

szo, 2015-10-10 09:09
The new version of the WRT1900AC router from Linksys looks like just another high-end home router, but there is an important difference: "Linksys has collaborated with OpenWrt and Marvell to provide full open source support for the WRT1900ACS in OpenWrt's stable and development branches." When asked, the company confirmed that the router is fully supported by free drivers. LWN is not normally filled with new-product announcements, but, given the pervasive binary-blob problem in this space, a router with free drivers seems noteworthy.
Kategóriák: Linux

Friday's security advisories

p, 2015-10-09 15:27

Arch Linux has updated opensmtpd (multiple vulnerabilities).

Fedora has updated 389-ds-base (F21: cipher downgrade), kernel (F22: three vulnerabilities), and qemu (F22 F21: multiple vulnerabilities).

openSUSE has updated freetype2 (13.1: two vulnerabilities from 2014).

Red Hat has updated OpenStack director (RHELOSP7: authentication bypass) and python-django (RHELOSP7: denial of service).

SUSE has updated firefox (SLE11SP3, SLE11SP4: multiple vulnerabilities).

Kategóriák: Linux

CC BY-SA 4.0 now one-way compatible with GPLv3

p, 2015-10-09 08:06
The Creative Commons has announced that a "detailed analysis" has determined that materials licensed under BY-SA 4.0 license may be distributed under the terms of GPLv3. "But if your use case calls for or requires (in the case of remixing CC BY-SA 4.0 and GPLv3 material to make a single adaptation) releasing a CC BY-SA 4.0 adaptation under GPLv3, now you can: copyright in the guise of incompatible copyleft licenses is no longer a barrier to growing the part of the commons you’re working in. We hope that this new compatibility not only removes a barrier, but helps inspire new and creative combinations of software and culture, design, education, and science, and the adoption of software best practices such as source control (e.g., through “git”) in these fields."
Kategóriák: Linux

Gräßlin: September update for Plasma’s Wayland porting

cs, 2015-10-08 22:17
On his blog, Martin Gräßlin has posted an update on porting KDE's Plasma desktop to Wayland. There has been progress in various areas, including transient window positioning (which makes menus appear at the right location), Plasma/KWin specific extensions, support for multiple X servers, and support for "KWin in the cloud": "So on Friday I decided to dedicate my development time on a virtual framebuffer backend. This backend (to start use kwin_wayland --xwayland --virtual) doesn’t render to any device, but only “simulates” rendering by using a QImage which then isn’t used at all. Well not completely true: there is an environment variable to force the backend to store each rendered frame into a temporary directory. Why is such a virtual backend so exiting? Well it means we can run KWin anywhere. We are not bound to any hardware restrictions like screen attached or screen resolution. With other words we can run it on servers – in the cloud. The first such instance runs on our CI [continuous integration] servers in the form of an automated integration test. And in future there will be much more such tests."
Kategóriák: Linux

Security advisories for Thursday

cs, 2015-10-08 16:05

Arch Linux has updated bugzilla (privilege escalation).

openSUSE has updated IPython, (cross-site scripting).

SUSE has updated php5 (SLE11SP2: three vulnerabilities).

Kategóriák: Linux

Bottomley: Respect and the Linux Kernel Mailing Lists

cs, 2015-10-08 08:15
SCSI subsystem maintainer James Bottomley has posted a different view on the issue of civility on the kernel's mailing lists. "So, by and large, I’m proud of the achievements we’ve made in civility and the way we have improved over the years. Are we perfect? by no means (but then perfection in such a large community isn’t a realistic goal). However, we have passed our stress test: that an individual with bad patches to several mailing lists was met with courtesy and helpful advice, in spite of serially repeating the behaviour."
Kategóriák: Linux

[$] Weekly Edition for October 8, 2015

cs, 2015-10-08 02:03
The Weekly Edition for October 8, 2015 is available.
Kategóriák: Linux

[$] Status updates for three graphics drivers

sze, 2015-10-07 18:02
Drivers for graphics hardware are an important part of the graphics stack, so it was not unexpected that the 2015 X.Org Developers Conference had several status updates for free graphics drivers. Three projects had talks: the Nouveau driver for NVIDIA devices, the amdgpu driver for AMD hardware, and the Etnaviv driver for Vivante GPUs. Each presented an update on its progress and plans.
Kategóriák: Linux