Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 9 perc 12 másodperc

"Ubuntu Core" announced

k, 2014-12-09 18:14
Mark Shuttleworth has announced the availability of "Ubuntu Core," a version of the distribution that takes a different approach to package management. "This is in a sense the biggest break with tradition in 10 years of Ubuntu, because Ubuntu Core doesn’t use debs or apt-get. We call it 'snappy' because that’s the new bullet-proof mechanism for app delivery and system updates; it’s completely different to the traditional package-based Ubuntu server and desktop. The snappy system keeps each part of Ubuntu in a separate, read-only file, and does the same for each application. That way, developers can deliver everything they need to be confident their app will work exactly as they intend, and we can take steps to keep the various apps isolated from one another, and ensure that updates are always perfect. Of course, that means that apt-get won’t work, but that’s OK since developers can reuse debs to make their snappy apps, and the core system is exactly the same as any other Ubuntu system – server or desktop."
Kategóriák: Linux

Tuesday's security updates

k, 2014-12-09 17:49

Debian has updated bind9 (denial of service) and kernel (multiple vulnerabilities).

Gentoo has updated dovecot (denial of service), libvirt (multiple vulnerabilities), nfs-utils (information disclosure), and qemu (multiple vulnerabilities).

SUSE has updated OpenVPN (SLE11 SP3: denial of service).

Ubuntu has updated graphviz (format string vulnerability).

Kategóriák: Linux

Fedora 21 released

k, 2014-12-09 16:30
The Fedora 21 distribution release is now available, in three different flavors (cloud, server, and workstation). "Fedora 21 is a game-changer for the Fedora Project, and we think you're going to be very pleased with the results." See the announcement for the highlights found in each of the released spins.
Kategóriák: Linux

Kocialkowski: A hacker's journey: freeing a phone from the ground up, first part

h, 2014-12-08 20:55
Paul Kocialkowski shares his experience with porting Replicant to the LG Optimus Black. "Every once in a while, an unexpected combination of circumstances ends up enabling us to do something pretty awesome. This is the story of one of those times. About a year ago, a member of the Replicant community started evaluating a few targets from CyanogenMod and noticed some interesting ones. After some early research, he picked a device: the LG Optimus Black (P970), bought one and started porting Replicant to it. After a few encouraging results, he was left facing issues he couldn't overcome and decided to give up with the port. As the device could still be an interesting target for Replicant, we decided to buy the phone from him so that I could pick up the work where he stalled." (Thanks to Paul Wise)
Kategóriák: Linux

The SFLC's intervention in Google v. Oracle

h, 2014-12-08 20:07
The Software Freedom Law Center has filed an interesting brief with the U.S. Supreme Court on whether the Court should review the Federal Circuit court decision stating that Android violates Oracle's copyrights by shipping some Java headers. The SFLC disagrees with the Circuit court decision, but, interestingly, still argues that the Supreme Court should not look at the case. "Given that the parties are agreed that Petitioner has the right to royalty-free use of all the material at issue under GNU GPL, and it is in addition entitled to claim that its use was licensed at all relevant times, there is no public interest in the adjudication a controversy which remains merely theoretical if not factually moot."
Kategóriák: Linux

[$] A quick look at the new FontForge release

h, 2014-12-08 19:07

FontForge is the most feature-rich free-software application for building and editing font files, but that is a niche that, regrettably, attracted relatively few developers over the project's lifespan. The situation has improved considerably in the last two years, however, and the latest release introduces several significant improvements. The new features include some expansion and enhancement to the editing tools, which will appeal to existing FontForge users, but they also include other changes that may be more significant in making FontForge appealing to new users.


Kategóriák: Linux

Security advisories for Monday

h, 2014-12-08 19:02

Debian has updated getmail4 (multiple vulnerabilities) and icedove (multiple vulnerabilities).

Fedora has updated arm-none-eabi-binutils-cs (F20; F19: multiple vulnerabilities), avr-binutils (F20; F19: multiple vulnerabilities), firefox (F19: multiple vulnerabilities), flac (F20: multiple vulnerabilities), graphviz (F20; F19: format string vulnerability), hivex (F20; F19: invalid hive files), kwebkitpart (F20; F19: code execution), libksba (F20; F19: denial of service), nrpe (F19: code execution), readline (F19: insecure temporary files), and thunderbird (F19: multiple vulnerabilities).

Mageia has updated apache-mod_wsgi (privilege escalation), jasper (code execution), and openvpn (denial of service).

openSUSE has updated apache2-mod_wsgi (13.1, 12.3: privilege escalation), docker (13.2: privilege escalation), firefox (13.2, 13.1, 12.3: multiple vulnerabilities), flac (13.2, 13.1, 12.3: multiple vulnerabilities), icecast (13.2; 13.1, 12.3: information leak/privilege escalation), openvpn (13.2, 13.1, 12.3: denial of service), and ruby19 (13.1, 12.3: two vulnerabilities).

Oracle has updated docker (OL7; OL6: privilege escalation).

Scientific Linux has updated kernel (SL5: restriction bypass).

SUSE has updated clamav (SLE11 SP3; SLES11 SP1,2: multiple vulnerabilities).

Ubuntu has updated ghostscript (10.04: code execution) and jasper (14.10, 14.04, 12.04: code execution).

Kategóriák: Linux

The 3.18 kernel has been released

h, 2014-12-08 05:17
Linus has released the 3.18 kernel. "I'd love to say that we've figured out the problem that plagues 3.17 for a couple of people, but we haven't. At the same time, there's absolutely no point in having everybody else twiddling their thumbs when a couple of people are actively trying to bisect an older issue, so holding up the release just didn't make sense." Highlights in this release include the bpf() system call, some significant networking performance improvements, dozens of new drivers, thousands of fixes, and more.
Kategóriák: Linux

Some stable kernel updates

v, 2014-12-07 21:27
The 3.17.5 stable kernel has been released with a comment saying "No one should use it"; instead, the immediately following 3.17.6, containing an important patch reversion, should be used. Also available are 3.14.26 and 3.10.62.
Kategóriák: Linux

Software Freedom Conservancy launches supporter program

p, 2014-12-05 20:48

Software Freedom Conservancy (SFC), the US-based non-profit organization that sponsors around 30 separate FOSS projects, has announced a "Supporter" program. The program allows individuals to make a recurring donation to SFC's general operating fund, akin to the individual membership-style programs also offered by the Free Software Foundation, Software In The Public Interest, and various other non-profits in the community. As always, individuals can also make donations directly to SFC member projects.

Kategóriák: Linux

Friday's security updates

p, 2014-12-05 17:44

CentOS has updated kernel (C5: privilege escalation).

Mageia has updated mutt (M4: denial of service), yaml, perl-YAML-LibYAML (M4: denial of service), phpmyadmin (M4: denial of service), and tcpdump (M4: code execution).

openSUSE has updated clamav (12.3, 13.1, 13.2: multiple vulnerabilities), flash-player: code execution), and phpMyAdmin (12.3, 13.1, 13.2: multiple vulnerabilities).

Oracle has updated kernel (O5: privilege escalation; O6; O7: multiple vulnerabilities).

Red Hat has updated kernel (RHEL5: privilege escalation).

Ubuntu has updated MAAS (12.04, 14.04, 14.10: privilege escalation).

Kategóriák: Linux

Hutterer: pointer acceleration in libinput - building a DPI database for mice

p, 2014-12-05 15:54
Peter Hutterer describes a new mechanism aimed at providing consistent acceleration behavior across mice. "For us, useless and unpredictable is bad, especially in the use-case of everyday desktops. To work around that, libinput 0.7 now incorporates the physical resolution into pointer acceleration. And to do that we need a database, which will be provided by udev as of systemd 218 (unreleased at the time of writing). This database incorporates the various devices and their physical resolution, together with their sampling rate. udev sets the resolution as the MOUSE_DPI property that we can read in libinput and use as reference point in the pointer accel code." The developers are looking for help to populate this new database.
Kategóriák: Linux

The first CentOS Linux Rolling media release

p, 2014-12-05 15:23
The CentOS project has announced the availability of the first in a series of monthly rolling releases. "CentOS Linux rolling builds are point in time snapshot media rebuild from original release time, to include all updates pushed to mirror.centos.org's repositories. This includes all security, bugfix, enhancement and general updates for CentOS Linux. Machines installed from this media will have all these updates pre-included and will look no different when compared with machines installed with older media that have been yum updated to the same point in time."
Kategóriák: Linux

A new set of Docker tools

cs, 2014-12-04 19:24
Docker has announced a new set of container management tools: Machine (for system provisioning), Swarm (native clustering for Dockerized applications), and Compose (assembly of multi-container applications). "Finally, Docker Swarm has a pluggable architecture and ships 'batteries included' with a default scheduler. Stay tuned for the public API in the first half of 2015 which will allow swapping-in a scheduler implemented by an ecosystem partner or even your own custom implementation. Nevertheless, regardless of the underlying scheduler implementation, the interface to the app remains consistent, meaning that the app remains 100% portable."
Kategóriák: Linux

Thursday's security updates

cs, 2014-12-04 19:20

CentOS has updated firefox (C5; C6; C7: multiple vulnerabilities), nss (C5; C6; C7: protocol downgrade), thunderbird (C5; C6: multiple vulnerabilities), and wpa_supplicant (C7: command execution).

Debian has updated iceweasel (multiple vulnerabilities), jasper (code execution), qemu (privilege escalation), qemu-kvm (privilege escalation), and tcpdump (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities), tcpdump (F19: multiple vulnerabilities), teeworlds (F19; F20: denial of service), thunderbird (F20: multiple vulnerabilities), util-linux (F20: command injection), and wireshark (F20: multiple vulnerabilities).

Mageia has updated firefox, thunderbird (M4: multiple vulnerabilities), libreoffice (M4: code execution), mediawiki (M4: multiple vulnerabilities), and sddm (M4: multiple vulnerabilities).

Oracle has updated firefox (O5; O6: multiple vulnerabilities) and wpa_supplicant (O7: command execution).

Red Hat has updated wget (RHEL6.5: code execution) and wpa_supplicant (RHEL7: command execution).

Scientific Linux has updated firefox (multiple vulnerabilities), nss, nss-util, nss-softokn (protocol downgrade), thunderbird (SL6: multiple vulnerabilities), and wpa_supplicant (SL7: command execution).

Ubuntu has updated eglibc, glibc (10.04, 12.04, 14.04, 14.10: multiple vulnerabilities), tcpdump (10.04, 12.04, 14.04, 14.10: multiple vulnerabilities), and thunderbird (12.04, 14.04, 14.10: multiple vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for December 4, 2014

cs, 2014-12-04 02:21
The LWN.net Weekly Edition for December 4, 2014 is available.
Kategóriák: Linux

[$] Moving some of Python to GitHub?

sze, 2014-12-03 19:06
Over the years, Python's source repositories have moved a number of times, from CVS on SourceForge to Subversion at Python.org and, eventually, to Mercurial (aka hg), still on Python Software Foundation (PSF) infrastructure. But the new Python.org site code lives at GitHub (thus in a Git repository) and it looks like more pieces of Python's source may be moving in that direction. While some are concerned about moving away from a Python-based DVCS (i.e. Mercurial) into a closed-source web service, there is a strong pragmatic streak in the Python community that may be winning out.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-12-03 18:46

Debian has updated wordpress (multiple vulnerabilities).

Fedora has updated drupal6 (F20; F19: two vulnerabilities), drupal7 (F20; F19: denial of service), lsyncd (F20; F19: command injection), mariadb-galera (F20: multiple vulnerabilities), and wordpress (F20; F19: multiple vulnerabilities).

Oracle has updated firefox (OL7: multiple vulnerabilities), nss (OL7; OL6; OL5: man-in-the-middle attack), and thunderbird (OL6: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), kernel-rt (RHE MRG: multiple vulnerabilities), mariadb-galera (RHEL OSP for RHEL7; RHEL OSP for RHEL6: multiple vulnerabilities), nss (RHEL5,6,7: man-in-the-middle attack), openstack-neutron (RHEL OSP for RHEL7; RHEL OSP for RHEL6: denial of service), openstack-trove (RHEL OSP for RHEL7: information disclosure), qemu-kvm-rhev (RHEL OSP for RHEL7: information leak), and thunderbird (RHEL5,6,7: multiple vulnerabilities).

Slackware has updated mozilla (multiple vulnerabilities).

SUSE has updated flash-player (SLED11 SP3: code execution), IBM Java (SLE11 SP2: multiple vulnerabilities), and java-1_7_1-ibm (SLE12: multiple vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: multiple vulnerabilities) and mod-wsgi (14.10, 14.04, 12.04: privilege escalation).

Kategóriák: Linux

Announcing netdev 0.1

k, 2014-12-02 22:19
"Netdev" is a new conference aimed at networking developers; it will be held February 14 to 17 in balmy Ottawa, Canada. The call for papers is open now, with a submission deadline of January 10. "Netdev 0.1 (year 0, conference 1) is a community-driven conference geared towards Linux netheads. Linux kernel networking and user space utilization of the interfaces to the Linux kernel networking subsystem are the focus. If you are using Linux as a boot system for proprietary networking, then this conference may not be for you."

Update: the conference organizers have posted more information on the CFP and the types of proposals they are looking for.

Kategóriák: Linux

The Impact of the Linux Philosophy (Opensource.com)

k, 2014-12-02 22:04
Starting with the premise that all operating systems have a philosophy, this article on Opensource.com looks at the Linux philosophy and how it differs from other operating systems. "Imagine for a moment the chaos and frustration that would result from attempting to use a nail gun that asked you if you really wanted to shoot that nail and would not allow you to pull the trigger until you said the word “yes” aloud. Linux allows you to use the nail gun as you choose. Other operating systems let you know that you can use nails but don't tell you what tool is used to insert the nails let alone allow you to put your own finger on the trigger."
Kategóriák: Linux