Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 26 perc

The kernel's code of conflict

h, 2015-03-09 19:41
A brief "code of conflict" was merged into the kernel's documentation directory for the 4.0-rc3 release. The idea is to describe the parameters for acceptable discourse without laying down a lot of rules; it also names the Linux Foundation's technical advisory board as a body to turn to in case of unacceptable behavior. This document has been explicitly acknowledged by a large number of prominent kernel developers.
Kategóriák: Linux

Security advisories for Monday

h, 2015-03-09 19:06

Debian-LTS has updated konversation (information disclosure), libarchive (directory traversal), and redcloth (cross-site scripting).

Fedora has updated cabextract (F21; F20: privilege escalation), kernel (F21: denial of service), krb5 (F20: multiple vulnerabilities), lftp (F20: automatically accepting ssh keys), libpng10 (F21; F20: two vulnerabilities), and qt3 (F21; F20: denial of service).

Gentoo has updated dbus (denial of service), freetype (multiple vulnerabilities), glibc (multiple vulnerabilities), and php (multiple vulnerabilities).

Mageia has updated apache (denial of service), jython (code execution), librsvg (multiple vulnerabilities), mapserver (command execution), and putty, filezilla (information disclosure).

Mandriva has updated rpm (code execution).

openSUSE has updated libmspack (13.2, 13.1: denial of service), thunderbird (13.2, 13.1: multiple vulnerabilities), and tiff (13.2, 13.1: multiple vulnerabilities).

SUSE has updated firefox (SLE11 SP3; SLE11 SP2,SP1, SLES10 SP4: multiple vulnerabilities).

Ubuntu has updated icu (12.04: regression in previous update).

Kategóriák: Linux

Kernel prepatch 4.0-rc3

h, 2015-03-09 15:17
The 4.0-rc3 prepatch is out. "Back on track with a Sunday afternoon release schedule, since there was nothing particularly odd going on this week, and no last-minute bugs that I knew of and wanted to get fixed holding things up."
Kategóriák: Linux

Three Debian technical committee appointments

h, 2015-03-09 15:10
Debian project leader Lucas Nussbaum has confirmed the appointment of three new members to the Debian technical committee. The new members are Didier Raboud, Tollef Fog Heen, and Sam Hartman; they will be replacing Ian Jackson, Russ Allbery, and Colin Watson.
Kategóriák: Linux

A pile of stable kernel updates

v, 2015-03-08 17:19
The 3.19.1, 3.18.9, 3.14.35, and 3.10.71 stable kernel updates are available; each contains a relatively large set of important fixes.
Kategóriák: Linux

Edmundson: High DPI Progress

p, 2015-03-06 23:30

At his blog, David Edmundson writes about the state of high-DPI support in KDE. "For some applications supporting high DPI has been easy. It is a single one line in KWrite, and suddenly all icons look spot on with no regressions. For applications such as Dolphin which do a lot more graphical tasks, this has not been so trivial. There are a lot of images involved, and a lot of complicated code around caching these which conflicts with the high resolution support without some further work." He is personally tracking the progress of many applications, but notes that there are many unsolved issues. "There are still many applications without a frameworks release even in the upcoming 15.04 applications release. Even in the next applications release in 15.08 August we are still unlikely to see a released PIM stack. Is it a good idea to add an option into our UIs that improves some applications at the cost of consistency? It's not an easy answer." This update is Edmunsdon's second post on the subject; the first, from November 2014, is also quite informative.

Kategóriák: Linux

Friday's security updates

p, 2015-03-06 18:58

Debian has updated libarchive (directory traversal).

Debian-LTS has updated eglibc (multiple vulnerabilities).

Fedora has updated gnupg (F21: multiple vulnerabilities), libjpeg-turbo (F20; F21: denial of service), and qt (F20: denial of service).

Gentoo has updated jasper (multiple vulnerabilities).

Mageia has updated dokuwiki (M4: access control circumvention), maradns (M4: denial of service), python (M4: missing hostname check), vlc (M4: code execution), and vorbis-tools (M4: multiple vulnerabilities).

openSUSE has updated chromium (13.1, 13.2: multiple vulnerabilities) and php5 (13.1, 13.2: multiple vulnerabilities).

Oracle has updated 389-ds-base (O6: information disclosure).

Red Hat has updated 389-ds-base (RHEL6; RHEl7: information disclosure), chromium-browser (RHEL6: multiple vulnerabilities), firefox (RHEL7: multiple vulnerabilities), glibc (RHEL7: multiple vulnerabilities), gnome-shell, mutter, clutter, cogl (RHEL7: denial of service), hivex (RHEL7: code execution), httpd (RHEL7: multiple vulnerabilities), ipa (RHEL7: multiple vulnerabilities), kernel (RHEL7: multiple vulnerabilities), krb5 (RHEL7: multiple vulnerabilities), libreoffice (RHEL7: multiple vulnerabilities), libvirt (RHEL7: multiple vulnerabilities), openssh (RHEL7: multiple vulnerabilities), openstack-glance (RHEL OSP6: denial of service), pcre (RHEL7: denial of service), powerpc-utils (RHEL7: information disclosure), ppc64-diag (RHEL7: information disclosure), qemu-kvm (RHEL7: multiple vulnerabilities), qemu-kvm-rhev (RHEL OSP6: buffer overflow), redhat-access-plugin-openstack (RHEL OSP6: information disclosure), thunderbird (RHEL7: multiple vulnerabilities), and virt-who (RHEL7: credentials disclosure).

Slackware has updated samba (14.1: code execution).

SUSE has updated PHP 5.3 (SLES11: multiple vulnerabilities).

Kategóriák: Linux

Samba 4.2.0 released

p, 2015-03-06 01:55
The Samba team has announced the first release in the new stable 4.2.x series. This release adds transparent file compression, access to "Snapper" snapshots via the Windows Explorer "previous versions" dialog, better clustering support, and much more. This release also marks the end of support for Samba 3.
Kategóriák: Linux

[$] A GPL-enforcement suit against VMware

cs, 2015-03-05 19:05
When Karen Sandler, the executive director of the Software Freedom Conservancy, spoke recently at the Linux Foundation's Collaboration Summit, she spent some time on the Linux Compliance Project, an effort to improve compliance with the Linux kernel's licensing rules. This project, launched with some fanfare in 2012, has been relatively quiet ever since. Karen neglected to mention that this situation was about to change; that had to wait for the announcement on March 5 of the filing of a lawsuit against VMware alleging copyright infringement for its use of kernel code.

Subscribers can click below for the full story.

Kategóriák: Linux

Thursday's security updates

cs, 2015-03-05 17:59

Fedora has updated bind (F21; F20: denial of service), lftp (F21: automatically accepting ssh keys), and rubygem-actionpack (F20: two information leaks).

openSUSE has updated vsftpd (13.2, 13.1: access restriction bypass).

Ubuntu has updated icu (14.10, 14.04, 12.04: multiple vulnerabilities, some from 2013).

Kategóriák: Linux

[$] LWN.net Weekly Edition for March 5, 2015

cs, 2015-03-05 03:55
The LWN.net Weekly Edition for March 5, 2015 is available.
Kategóriák: Linux

[$] A look at EasyNAS

sze, 2015-03-04 20:24
Thus far, this series on network-attached storage (NAS) distributions has looked at three different approaches to the problem. OpenMediaVault provides a NAS server using traditional Linux filesystems, Rockstor bases everything on the Btrfs filesystem, and FreeNAS is a FreeBSD-based system using ZFS. This fourth (and probably final) installment in this series goes back to Btrfs with a look at EasyNAS, which is another attempt to make the unique features of Btrfs available in a dedicated NAS distribution.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-03-04 19:07

Debian has updated icedove (multiple vulnerabilities).

Debian-LTS has updated unace (code execution).

Fedora has updated arc (F21; F20: directory traversal), e2fsprogs (F21; F20: code execution), glibc (F21; F20: multiple vulnerabilities), php (F20: multiple vulnerabilities), and qt (F21: denial of service).

Mageia has updated php (multiple vulnerabilities).

Mandriva has updated bind (denial of service) and freetype2 (many vulnerabilities).

openSUSE has updated apache2 (13.2: denial of service), postgresql93 (13.2: multiple vulnerabilities), and python-rope (13.2, 13.1: unauthorized pickle.load).

Red Hat has updated foreman-proxy (RHEL OSP Foreman; RHEL OSP4.0: restriction bypass).

SUSE has updated php5 (SLE12: two vulnerabilities).

Ubuntu has updated kernel (14.04: regression in previous update) and linux-lts-trusty (12.04: regression in previous update).

Kategóriák: Linux

GitLab acquires Gitorious

k, 2015-03-03 20:27
GitLab and Gitorious have announced that GitLab will acquire Gitorious. "Starting today, Gitorious.org users can import their existing projects into GitLab.com by clicking the “Import projects from Gitorious.org” link when creating a new project. Gitorious.org will stay online until the end of May 2015 to give people time to migrate their repositories."
Kategóriák: Linux

Kernel prepatch 4.0-rc2

k, 2015-03-03 19:38
The 4.0-rc2 kernel prepatch is out. "So rc2 missed the usual Sunday afternoon timing, because I spent most of the weekend debugging an issue that happened on an old Mac Mini I have around, and I hate making even early -rc releases with problems on machines that I have direct access to. Even if it only affected old machines that actual developers are unlikely to have or at least use. Today I got the patch from Daniel Vetter to fix it, so instead of doing a Sunday evening rc2, it's a Tuesday morning one. Go get it. It works better for the delay."
Kategóriák: Linux

Security updates for Tuesday

k, 2015-03-03 18:12

Debian has updated unace (code execution).

Mandriva has updated patch (multiple vulnerabilities), sympa (information disclosure), tomcat (multiple vulnerabilities), and tomcat6 (multiple vulnerabilities).

Red Hat has updated kernel (RHEL6.5; RHEL6.4: multiple vulnerabilities).

SUSE has updated firefox (SLE12: multiple vulnerabilities).

Ubuntu has updated thunderbird (14.10, 14.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

Security advisories for Monday

h, 2015-03-02 18:51

Debian-LTS has updated bind9 (denial of service), e2fsprogs (code execution), libgtk2-perl (code execution), and sudo (two vulnerabilities).

Fedora has updated httpd (F20: multiple vulnerabilities), librsvg2 (F21; F20: multiple unspecified vulnerabilities), libuv (F21: privilege escalation), nodejs (F21: privilege escalation), v8 (F21: privilege escalation), and vorbis-tools (F21; F20: denial of service).

Mandriva has updated cups (buffer overflow).

openSUSE has updated firefox, nss (13.2, 13.1: multiple vulnerabilities).

SUSE has updated java-1_6_0-ibm (SLES11 SP1,SP2: multiple vulnerabilities).

Ubuntu has updated kernel (14.04: regression in previous update).

Kategóriák: Linux

IPython 3.0 released

szo, 2015-02-28 17:23
The IPython interactive development system project has announced its 3.0 release. "Support for languages other than Python is greatly improved, notebook UI has been significantly redesigned, and a lot of improvement has happened in the experimental interactive widgets. The message protocol and document format have both been updated, while maintaining better compatibility with previous versions than prior updates. The notebook webapp now enables editing of any text file, and even a web-based terminal (on Unix platforms)." (LWN looked at IPython in 2014).
Kategóriák: Linux

VLC 2.2.0 released

szo, 2015-02-28 00:23

Version 2.2.0 of the VLC media player has been released. According to the announcement, highlights in the new version include automatic, hardware-accelerated rotation of portrait-orientation videos such as those shot on smartphones, resuming playback at the last point watched in the previous session, in-application download and installation of extensions, support for interactive Blu-Ray menus, and "compatibility with a very large number of unusual codecs." The release is available for Linux, Android, and Android TV, plus various Windows and Apple platforms.

Kategóriák: Linux

LLVM 3.6 Released

p, 2015-02-27 23:22
Version 3.6 of the LLVM compiler suite is out. Changes include "many many bug fixes, optimization improvements, support for more proposed C++1z features in Clang, better native Windows compatibility, embedding LLVM IR in native object files, Go bindings, and more." Details can be found in the LLVM 3.6 release notes and the Clang 3.6 release notes.
Kategóriák: Linux