Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 23 perc 11 másodperc

The Document Liberation, one year after

h, 2015-04-13 21:35
The Document Foundation's project Document Liberation looks at its progress during the past year. "During 2014, members of the project released a new framework library, called librevenge, which contains all the document interfaces and helper types, in order to simplify the dependency chain. In addition, they started a new library for importing Adobe PageMaker documents, libpagemaker, written as part of Google Summer of Code 2014 by Anurag Kanungo. Existing libraries have also been extended with the addition of more formats, like libwps with the addition of Microsoft Works Spreadsheet and Database by Laurent Alonso. He is now working on adding support for Lotus 1-2-3, which is one of the most famous legacy applications for personal computers. Laurent has also added support for more than twenty legacy Mac formats to libmwaw."
Kategóriák: Linux

Stable kernel updates

h, 2015-04-13 20:05
Greg KH has released stable kernels 3.19.4, 3.14.38, and 3.10.74. All of them contain the usual set of important fixes.
Kategóriák: Linux

Security advisories for Monday

h, 2015-04-13 19:06

Arch Linux has updated icecast (denial of service).

CentOS has updated xorg-x11-server (C6: information leak).

Debian has updated chrony (multiple vulnerabilities), das-watchdog (privilege escalation), libdbd-firebird-perl (buffer overflow), libtasn1-3 (denial of service), libx11 (code execution), ntp (two vulnerabilities), and wesnoth-1.10 (information leak).

Debian-LTS has updated chrony (multiple vulnerabilities), das-watchdog (privilege escalation), libtasn1-3 (denial of service), and ntp (two vulnerabilities).

Fedora has updated arj (F20: multiple vulnerabilities), ca-certificates (F21; F20: certificate update), ImageMagick (F21: multiple vulnerabilities), libxml2 (F20: denial of service), openldap (F21: denial of service), qemu (F21: multiple vulnerabilities), varnish (F21: heap buffer overflow), and xen (F21; F20: multiple vulnerabilities).

Gentoo has updated apache (multiple vulnerabilities), mysql (multiple unspecified vulnerabilities), sudo (information disclosure), and xen (multiple vulnerabilities).

Mandriva has updated batik (MBS1,2: information leak).

openSUSE has updated kernel (13.2; 13.1: multiple vulnerabilities) and tor (13.2, 13.1: denial of service).

Red Hat has updated openssl (RHEL5: multiple vulnerabilities).

Scientific Linux has updated openssl (SL5: multiple vulnerabilities).

SUSE has updated firefox (SLES12; SLED12: multiple vulnerabilities).

Kategóriák: Linux

Hubička: Link time and inter-procedural optimization improvements in GCC 5

h, 2015-04-13 14:08
Jan Hubička has posted a lengthy discussion of the optimization improvements found in the upcoming GCC 5.0 release. "Identical code folding is a new pass (contributed by Martin Liška, SUSE) looking for functions with the same code and variables with the same constructors. If some are found, one copy is removed and replaced one by an alias to another where possible. This is especially important for C++ code bases that tend to contain duplicated functions as a result of template instantiations."
Kategóriák: Linux

The 4.0 kernel has been released

h, 2015-04-13 09:32
Linus has released the 4.0 kernel right on schedule. "Feature-wise, 4.0 doesn't have all that much special. Much have been made of the new kernel patching infrastructure, but realistically, that not only wasn't the reason for the version number change, we've had much bigger changes in other versions. So this is very much a 'solid code progress' release." Beyond the (incomplete) live-patching mechanism, this release includes the removal of the remap_file_pages() system call, improved persistent memory support, the lazytime mount option, and the kernel address sanitizer.
Kategóriák: Linux

Turon: Fearless Concurrency with Rust

p, 2015-04-10 19:54
Aaron Turon has posted a lengthy introduction to concurrency in the Rust programming language. "Every data type knows whether it can safely be sent between or accessed by multiple threads, and Rust enforces this safe usage; there are no data races, even for lock-free data structures. Thread safety isn't just documentation; it's law."
Kategóriák: Linux

Friday's security updates

p, 2015-04-10 17:07

Arch Linux has updated mediawiki (multiple vulnerabilities).

CentOS has updated xorg-x11-server (C7: information leak/denial of service).

Debian has updated dpkg (integrity-verification bypass).

Fedora has updated arj (F21: multiple vulnerabilities), echoping (F20; F21: multiple vulnerabilities), and python-dulwich (F20; F21: code execution).

Mageia has updated batik (M4: information leak), chromium-browser-stable (M4: multiple vulnerabilities), jakarta-taglibs-standard (M4: code execution), less (M4: information leak), mediawiki (M4: multiple vulnerabilities), openldap (M4: denial of service), qt-creator (M4: key-verification failure), suricata (M4: denial of service), and xerces-c (M4: denial of service).

Mandriva has updated arj (BS1: multiple vulnerabilities), less (BS1,2: information leak), mediawiki (BS1: multiple vulnerabilities), and ntp (BS1,2: multiple vulnerabilities).

Oracle has updated xorg-x11-server (O6; O7: information leak/denial of service).

Red Hat has updated qemu-kvm-rhev (RHEL OSP: privilege escalation) and xorg-x11-server (RHEL6,7: information leak/denial of service).

Scientific Linux has updated krb5 (SL6: multiple vulnerabilities).

SUSE has updated libXfont (SLE12: multiple vulnerabilities).

Ubuntu has updated dpkg (integrity-verification bypass).

Kategóriák: Linux

X.org election results

p, 2015-04-10 13:38
As was discussed in this LWN article, the X.Org Foundation recently held an election to choose four board members and decide whether to change the organization's by-laws to enable it to become a member of Software in the Public Interest (SPI). The results are now available. The board members elected are Peter Hutterer, Martin Peres, Rob Clark, and Daniel Vetter. The measure to change the by-laws did not pass, though, despite receiving only two "no" votes, because the required two-thirds majority was not reached.
Kategóriák: Linux

Linux Foundation to host Let's Encrypt

p, 2015-04-10 01:44

The Linux Foundation (LF) has announced that it will serve as host of the Let's Encrypt project, as well as the Internet Security Research Group (ISRG). Let's Encrypt is the free, automated SSL/TLS certificate authority that was announced in November 2014 by the Electronic Frontier Foundation (EFF) to provide TLS certificates for every domain on the web. ISRG is the non-profit organization created to spearhead efforts like Let's Encrypt (which, as of now, is ISRG's only public project). In the LF announcement, executive director Jim Zemlin notes that "by hosting this important encryption project in a neutral forum we can accelerate the work towards a free, automated and easy security certification process that benefits millions of people around the world."

Kategóriák: Linux

Thursday's security updates

cs, 2015-04-09 17:53

Arch Linux has updated chrony (denial of service).

CentOS has updated krb5 (C6: multiple vulnerabilities).

Debian-LTS has updated arj (multiple vulnerabilities), checkpw (denial of service), libgcrypt11 (multiple vulnerabilities), and libgd2 (multiple vulnerabilities).

Fedora has updated drupal7-webform (F20; F21: unspecified vulnerability), firefox (F21: multiple vulnerabilities), powerpc-utils-python (F20; F21: code execution), and xterm (F20; F21: denial of service).

Mandriva has updated java-1.8.0-openjdk (BS2: multiple vulnerabilities).

Oracle has updated kernel (O5: multiple vulnerabilities) and krb5 (O6: denial of service).

Red Hat has updated krb5 (RHEL6: multiple vulnerabilities).

Ubuntu has updated kernel (12.04; 14.04; 14.10: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for April 9, 2015

cs, 2015-04-09 01:48
The LWN.net Weekly Edition for April 9, 2015 is available.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-04-08 18:42

Arch Linux has updated ntp (two vulnerabilities).

CentOS has updated kernel (C5: multiple vulnerabilities).

Debian has updated libxml2 (denial of service).

Fedora has updated setroubleshoot (F21; F20: privilege escalation) and texlive (F21: arbitrary file removal).

openSUSE has updated Chromium (13.2, 13.1: two vulnerabilities), libgit2 (13.2, 13.1: code execution), firefox, thunderbird (13.2, 13.1: multiple vulnerabilities), php5 (13.2, 13.1: multiple vulnerabilities), potrace (13.2, 13.1: denial of service), quassel (13.2, 13.1: denial of service), and subversion (13.2, 13.1: multiple vulnerabilities).

Red Hat has updated kernel (RHEL5: multiple vulnerabilities), novnc (RHEL OSP6.0: VNC session hijacking), openstack-nova (RHEL OSP6.0: cross-site websocket hijack attack), openstack-packstack (RHEL OSP6.0: root command execution), and installer (RHEL OSP6.0: root command execution).

Scientific Linux has updated kernel (C5: multiple vulnerabilities).

SUSE has updated xorg-x11-libs (SLE11 SP3: privilege escalation).

Ubuntu has updated libtasn1-3, libtasn1-6 (14.10, 14.04, 12.04, 10.04: denial of service) and mailman (14.10, 14.04, 12.04: path traversal attack).

Kategóriák: Linux

Mourning Chris Yeoh

sze, 2015-04-08 14:39
From the OpenStack community comes the sad announcement of the passing of Chris Yeoh, a longtime free-software developer. "Chris was humble, helpful and honest. The OpenStack and broader Open Source communities are poorer for his passing." Those with memories of Chris are encouraged to contribute them to a collection being put together for his daughter.
Kategóriák: Linux

[$] An update on the freedreno graphics driver

sze, 2015-04-08 12:04
The freedreno project was started by Rob Clark to create a free-software driver for the Adreno family of GPUs, which are used by the Qualcomm Snapdragon system-on-chip (SoC) family. He presented a status report on the project, along with some history and future plans, at the Embedded Linux Conference, which was held in San Jose, CA, March 23-25.

Click below (subscribers only) for the full report from ELC 2015.

Kategóriák: Linux

Post-Cryptanalysis, TrueCrypt Alternatives Step Forward (Threat Post)

sze, 2015-04-08 01:10
Threat Post takes a look at two TrueCrypt forks, VeraCrypt and CipherShed. Although TrueCrypt development was discontinued last year, the code underwent a two phase audit and passed with a relatively clean bill of health. "VeraCrypt and CipherShed have addressed many of the shortcomings identified not only by the audit, but by others who have scrutinized the TrueCrypt code in recent years. VeraCrypt’s [Mounir] Idrassi, for example, said he replaced TrueCrypt’s lone support of the RIPEMD-160 algorithm with SHA-256 support for system encryption. He said VeraCrypt has also tried to simplify the build process, especially for Linux and Mac OS X systems, so that other less common configurations could be used." The results of the audit of TrueCrypt are available in PDF format; phase 1 was completed in February 2014, and phase 2 was completed March 2015.
Kategóriák: Linux

Tuesday's security updates

k, 2015-04-07 18:34

Arch Linux has updated tor (denial of service).

Debian has updated arj (multiple vulnerabilities), libgd2 (denial of service), mailman (path traversal attack), and tor (denial of service).

Debian-LTS has updated mailman (path traversal attack) and tor (denial of service).

Fedora has updated chicken (F21; F20: buffer overflow), kernel (F20: multiple vulnerabilities), libxml2 (F21: denial of service), and seamonkey (F21; F20: multiple vulnerabilities).

Gentoo has updated firefox (multiple vulnerabilities).

Mandriva has updated cups-filters (MBS2.0: remote command execution), libtasn1 (MBS1.0, MBS2.0: denial of service), and python-django (MBS1.0: cross-site scripting).

Red Hat has updated kernel (RHEL6.5: multiple vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: certificate verification bypass) and oxide-qt (14.10, 14.04: multiple vulnerabilities).

Kategóriák: Linux

Kernel prepatch 4.0-rc7

k, 2015-04-07 11:25
Linus has released 4.0-rc7 after a delay of a couple of days for the holiday. "But it's still pretty small, and things are on track for 4.0 next weekend. There's a tiny chance that I'll decide to delay 4.0 by a week just because I'm traveling the week after, and I might want to avoid opening the merge window. We'll see how I feel about it next weekend."
Kategóriák: Linux

Linux Australia server breach

h, 2015-04-06 21:15
Linux Australia has reported a breach on the Conference Management (Zookeepr) hosting server. This server hosted the conference systems for linux.conf.au 2013, 2014 and 2015, and for PyCon Australia 2013 and 2014. "The database dumps which occurred during the breach include information provided during conference registration - First and Last Names, physical and email addresses, and any phone contact details provided, as well as a hashed version of the user password. As Zookeepr uses a third party credit card payment gateway for credit card processing, the database dumps do not contain any credit card or banking details."
Kategóriák: Linux

Security advisories for Monday

h, 2015-04-06 19:07

Arch Linux has updated firefox (certificate verification bypass), java-batik (information leak), and thunderbird (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities), freeipa (F21: two vulnerabilities), glpi (F21; F20: privilege escalation), lasso (F21; F20: denial of service), mingw-libzip (F21; F20: code execution), mingw-qt5-qtbase (F21; F20: denial of service), mingw-qt5-qtdeclarative (F21; F20: denial of service), mingw-qt5-qtgraphicaleffects (F21; F20: denial of service), mingw-qt5-qtimageformats (F21; F20: denial of service), mingw-qt5-qtlocation (F21; F20: denial of service), mingw-qt5-qtmultimedia (F21; F20: denial of service), mingw-qt5-qtquick1 (F21; F20: denial of service), mingw-qt5-qtscript (F21; F20: denial of service), mingw-qt5-qtsensors (F21; F20: denial of service), mingw-qt5-qtsvg (F21; F20: denial of service), mingw-qt5-qttools (F21; F20: denial of service), mingw-qt5-qttranslations (F21; F20: denial of service), mingw-qt5-qtwebkit (F21; F20: denial of service), mingw-qt5-qtwinextras (F21; F20: denial of service), moodle (F21; F20: multiple vulnerabilities), osc (F21; F20: command injection), patch (F20: multiple vulnerabilities), PyYAML (F21; F20: denial of service), rt (F21: multiple vulnerabilities), slapi-nis (F21: multiple vulnerabilities), thunderbird (F21: multiple vulnerabilities), and tor (F21; F20: denial of service).

Mageia has updated cups-filters (remote command execution), novnc (VNC session hijacking), and php, libzip (multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: two vulnerabilities).

Kategóriák: Linux

10 Years of Git: An Interview with Git Creator Linus Torvalds (Linux.com)

h, 2015-04-06 19:01
Linux.com talks with Linus Torvalds about the development of Git. "Just to pick an example: the concept of 'merging' was generally considered to be something really quite painful and hard in most SCM's. You'd plan your merges, because they were big deals. That's not acceptable to me, since I commonly do tens of merges a day when in the merge window, and even then, the biggest overhead shouldn't be the merge itself, it should be testing the result. The 'git' part of the merge is just a couple of seconds, it should take me much longer just to write the merge explanation message."
Kategóriák: Linux