Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 3 perc 15 másodperc

[$] Where to store your encrypted data

sze, 2014-10-22 18:04
In a talk entitled "Lies, Damned Lies, and Remotely Hosted Encrypted Data", Kolab Systems CEO Georg Greve outlined the thinking and investigation that the company did before deciding on where to store its customers' encrypted data. The talk, which was given at LinuxCon Europe in Düsseldorf, Germany, looked at various decisions that need to be made when determining where and how to store data on the internet. It comes down to a number of factors, including the legal framework of the country in question and physical security for the systems storing the data.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-10-22 17:49

CentOS has updated libxml2 (C7: denial of service), qemu-kvm (C7: information leak), rsyslog (C5: denial of service), and wireshark (C7; C5: multiple vulnerabilities).

Fedora has updated bugzilla (F20; F19: multiple vulnerabilities), java-1.8.0-openjdk (F19: multiple vulnerabilities), and perl-Mojolicious (F20; F19: parameter injection attack).

openSUSE has updated getmail (13.1, 12.3: multiple vulnerabilities) and wpa_supplicant (13.1; 12.3: command execution).

Oracle has updated kernel (OL6: multiple vulnerabilities), rsyslog (OL6: denial of service), rsyslog7 (OL6: denial of service), and wireshark (OL7; OL6: multiple vulnerabilities).

Red Hat has updated wireshark (RHEL6,7; RHEL5: multiple vulnerabilities).

Kategóriák: Linux

[$] The future of the realtime patch set

k, 2014-10-21 19:17

In a followup to last year's report on the future of realtime Linux, Thomas Gleixner once again summarized the status of the long-running patch set. The intervening year did not result in the industry stepping up to fund further work, which led Gleixner to declare that realtime Linux is now just his hobby. That means new releases will be done as his time allows and may eventually lead to dropping the patch set altogether if the widening gap between mainline and realtime grows too large.

Subscribers can click below for the full report of Gleixner's talk at this year's Linux Plumbers Conference.

Kategóriák: Linux

Tuesday's security updates

k, 2014-10-21 17:06

Debian has updated mysql-5.5 (multiple vulnerabilities).

Mandriva has updated bugzilla (multiple vulnerabilities), kernel (multiple vulnerabilities), mediawiki (cross-site scripting), perl (denial of service), python (buffer overflow), and rsyslog (two vulnerabilities).

Oracle has updated qemu-kvm (OL7: information leak) and rsyslog5 (OL5: denial of service).

Red Hat has updated qemu-kvm (RHEL7: information leak) and rsyslog (RHEL5,6: denial of service).

Scientific Linux has updated qemu-kvm (SL7: information leak).

Slackware has updated openssh (SSHFP-checking disabled).

Kategóriák: Linux

Emacs 24.4 released

k, 2014-10-21 13:25
Version 24.4 of the Emacs editor is out. New features this time around include a built-in web browser (unfortunately named "eww"), better multi-monitor support, the ability to save and restore the state of frames and windows, digital signatures on Emacs Lisp packages, access control list support, and much more. See the NEWS file for all the details.
Kategóriák: Linux

Debian Project mourns the loss of Peter Miller

k, 2014-10-21 01:20
The Debian Project recently learned that community member Peter Miller died last July. "Peter was a relative newcomer to the Debian project, but his contributions to Free and Open Source Software goes back the the late 1980s. Peter was significant contributor to GNU gettext as well as being the main upstream author and maintainer of other projects that ship as part of Debian, including, but not limited to srecord, aegis and cook. Peter was also the author of the paper "Recursive Make Considered Harmful"."
Kategóriák: Linux

Shuttleworth: V is for Vivid

k, 2014-10-21 01:16
Ubuntu 14.10 "Utopic Unicorn" is due to be released this week. That marks 10 years of Ubuntu releases, beginning with Ubuntu 4.10 "Warty Warthog". In this article Mark Shuttleworth announces the name of what will the 15.04 release. "This verbose tract is a venial vanity, a chance to vector verbal vibes, a map of verdant hills to be climbed in months ahead. Amongst those peaks I expect we’ll find new ways to bring secure, free and fabulous opportunities for both developers and users. This is a time when every electronic thing can be an Internet thing, and that’s a chance for us to bring our platform, with its security and its long term support, to a vast and important field. In a world where almost any device can be smart, and also subverted, our shared efforts to make trusted and trustworthy systems might find fertile ground. So our goal this next cycle is to show the way past a simple Internet of things, to a world of Internet things-you-can-trust."
Kategóriák: Linux

The FSF opens nominations for the 17th annual Free Software Awards

h, 2014-10-20 18:50
The Free Software Foundation (FSF) and the GNU Project have announced the opening of nominations for the 17th annual Free Software Awards. The Free Software Awards include the Award for the Advancement of Free Software and the Award for Projects of Social Benefit. "In the case of both awards, previous winners are not eligible for nomination, but renomination of other previous nominees is encouraged. Only individuals are eligible for nomination for the Advancement of Free Software Award (not projects), and only projects can be nominated for the Social Benefit Award (not individuals). For a list of previous winners, please visit https://www.fsf.org/awards."
Kategóriák: Linux

Security advisories for Monday

h, 2014-10-20 17:47

Debian has updated iceweasel (multiple vulnerabilities).

Fedora has updated glibc (F19: multiple vulnerabilities), gnome-shell (F20: lock screen bypass), kernel (F19: multiple vulnerabilities), libxml2 (F20: denial of service), openssl (F20; F19: multiple vulnerabilities), openstack-glance (F20: denial of service), and torque (F20; F19: authentication bypass).

openSUSE has updated bash (13.1; 12.3: multiple vulnerabilities).

Oracle has updated libxml2 (OL6: denial of service).

Kategóriák: Linux

Kernel prepatch 3.18-rc1

h, 2014-10-20 12:58
In a relatively predictable move, Linus has released 3.18-rc1 and closed the 3.18 merge window sooner than expected. He has, however, said that he will be more than usually open to post-rc1 pull requests from people who "grovel a bit." "There is also at least one pull request that I am hoping to get asap and planning on still pulling, ie I'm very much still hoping to get overlayfs finally merged." In the end, 9,711 non-merge changesets found their way into the mainline repository during this merge window.
Kategóriák: Linux

Interview: Thomas Voß of Mir (Linux Voice)

p, 2014-10-17 19:37

Linux Voice has an interview with Canonical's Thomas Voß, the technical architect of the Mir display server. The interview deals largely with background topics, such as the Mir team's decision to standardize on an API rather than define a protocol, and the various languages to support. "Obviously there are disadvantages to having only one graphics language, but the benefits outweigh the disadvantages. And I think that’s a common theme in the industry. Android made the same decision to go that way. Even Wayland to a certain degree has been doing that. They have to support EGL and GL, simply because it’s very convenient for app developers and toolkit developers – an open graphics language. That was the part that inspired us, and we wanted to have this one graphics language and support it well."

Kategóriák: Linux

Friday's security updates

p, 2014-10-17 17:09

CentOS has updated openssl (C5: protocol downgrade) and openssl (C6, C7: multiple vulnerabilities).

Debian has updated openssl (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities), java-1.7.0-openjdk (F20: multiple vulnerabilities), java-1.8.0-openjdk (F20: multiple vulnerabilities), kernel (F20: multiple vulnerabilities), php-ZendFramework (F19; F20: multiple vulnerabilities), and thunderbird (F20: multiple vulnerabilities).

Oracle has updated cups (O6: multiple vulnerabilities), file (O6: multiple vulnerabilities), firefox (O5; O6: multiple vulnerabilities), glibc (O6: multiple vulnerabilities), java-1.6.0-openjdk (O6: multiple vulnerabilities), java-1.7.0-openjdk (O6: multiple vulnerabilities), krb5 (O6: multiple vulnerabilities), libxml2 (O7: denial of service), openssh (O6: multiple vulnerabilities), openssl (O5; O6; O7: multiple vulnerabilities), thunderbird (O6: multiple vulnerabilities), and trousers (O6: denial of service).

Red Hat has updated java-1.6.0-sun (multiple vulnerabilities), java-1.7.0-oracle (multiple vulnerabilities), libxml2 (RHEL6,7: denial of service), openssl (RHEL5: protocol downgrade), openssl (RHEL6,7: multiple vulnerabilities), and rsyslog7 (RHEL6: denial of service).

Scientific Linux has updated openssl (SL5: protocol downgrade) and openssl (SL6,7:multiple vulnerabilities ).

Ubuntu has updated openjdk-6 (10.04, 12.04: multiple vulnerabilities) and openssl (multiple vulnerabilities).

Kategóriák: Linux

The Debian init system general resolution returns

p, 2014-10-17 06:34
Ian Jackson has resurrected the general resolution prohibiting Debian packages from depending on a single init system. This resolution failed to obtain enough seconds to proceed to a vote back in March, but this time more seconds have appeared and a vote will take place after the two-week discussion period. The initial discussion suggests that there is some support for the idea, but that not everybody appreciates seeing this resolution just before the jessie release is supposed to go into a freeze.
Kategóriák: Linux

Docker 1.3 released

cs, 2014-10-16 22:47
The 1.3 release of the Docker container system is available. "First up, in this release, the Docker Engine will now automatically verify the provenance and integrity of all Official Repos using digital signatures. Official Repos are Docker images curated and optimized by the Docker community to be the best building blocks for assembling distributed applications. A valid signature provides an added level of trust by indicating that the Official Repo image has not been tampered with."
Kategóriák: Linux

GCC Undefined Behavior Sanitizer – ubsan (RH Developer Blog)

cs, 2014-10-16 22:45
The Red Hat Developer Blog has an article about the undefined behavior sanitizer that was a part of the GCC 4.9 release. "One of the most important [checks] is the signed integer overflow checking. The practice shows that this undefined behavior is very common in real programs. Ubsan is able to check that the result of addition, subtraction, multiplication and negation does not overflow in signed arithmetic."
Kategóriák: Linux

Tor Browser 4.0 released

cs, 2014-10-16 22:41
Version 4.0 of the Tor Browser is now available. "The primary user-facing change since the 3.6 series is the transition to Firefox 31-ESR. More importantly for censored users who were using 3.6, the 4.0 series also features the addition of three versions of the meek pluggable transport. In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses."
Kategóriák: Linux

Thursday's security updates

cs, 2014-10-16 16:11

CentOS has updated thunderbird (C5: multiple vulnerabilities).

Debian has updated drupal7 (SQL injection) and wpa (code execution).

Fedora has updated php-ZendFramework2 (F21: multiple vulnerabilities) and rsyslog (F20; F21: denial of service).

Oracle has updated firefox (O7: multiple vulnerabilities), java-1.6.0-openjdk (O5: multiple vulnerabilities), and java-1.7.0-openjdk (O5; O7: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL5, RHEL6: multiple vulnerabilities) and thunderbird (RHEL5, RHEL6: multiple vulnerabilities).

Slackware has updated openssl (multiple vulnerabilities).

Ubuntu has updated mysql-5.5 (12.04, 14.04: multiple vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for October 16, 2014

cs, 2014-10-16 00:46
The LWN.net Weekly Edition for October 16, 2014 is available.
Kategóriák: Linux

[$] A damp discussion of network queuing

sze, 2014-10-15 22:01
Very few presenters at technical conferences come equipped with gallons of water and a small inflatable swimming pool to contain it. But that is just how Stephen Hemminger showed up at the 2014 Linux Plumbers Conference. Stephen was there to talk about the current state of the fight against bufferbloat; while there was some good news to share, the sad fact is that, in a number of areas, we are still all wet.
Kategóriák: Linux

Stable kernel updates

sze, 2014-10-15 17:14
Greg Kroah-Hartman has released four kernel updates: 3.17.1, 3.16.6, 3.14.22, and 3.10.58. All contain the usual set of important fixes.
Kategóriák: Linux