Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 24 perc 51 másodperc

Tridgell: ArduPilot and DroneCode

k, 2016-09-13 15:31
Andrew "Tridge" Tridgell writes about the ArduPilot project's withdrawal from the Dronecode group. "Unfortunately DroneCode has a built-in flaw. The structure and bylaws of DroneCode are built around exceptional power for the Platinum members, giving them extraordinary control over the future of DroneCode. [...] Just how great a flaw that is has been shown by the actions of the Platinum members over the last two months. Due to their overwhelming desire to be able to make a proprietary autopilot stack the Platinum members staged what can only be called a coup. They removed all top level open source projects from DroneCode, leaving only their own nominees in the Technical Steering Committee. They passed a resolution requiring that all projects hand over control of all trademarks, accounts and domains to their control."
Kategóriák: Linux

Vim 8.0 released

h, 2016-09-12 19:42
The Vim editor project is celebrating its 8.0 release. "This the first major Vim release in ten years. There are interesting new features, many small improvements and lots of bug fixes." New features include asynchronous I/O, jobs, a package system, GTK+ 3 support, and more.
Kategóriák: Linux

Stable kernel update - 3.14 eol

h, 2016-09-12 18:52
Greg KH has released stable kernel 3.14.79. This is the last update in the 3.14.x series. "Please use 4.4 if you want a LTS kernel that will last for another year, or even better yet, just use the normal stable releases as those will always contain the latest fixes and updates."
Kategóriák: Linux

Security advisories for Monday

h, 2016-09-12 18:03

Arch Linux has updated file-roller (file deletion), graphicsmagick (denial of service), and tomcat8 (redirect HTTP traffic).

Debian has updated openjpeg2 (multiple vulnerabilities) and pdns (multiple denial of service flaws).

Debian-LTS has updated libarchive (two vulnerabilities), qemu (directory/path traversal), and qemu-kvm (directory/path traversal).

Fedora has updated chromium (F24: multiple vulnerabilities), elog (F24; F23: unauthorized posts), phpMyAdmin (F23: multiple vulnerabilities), python-jwcrypto (F24; F23: information disclosure), and slock (F24; F23: screen locking bypass).

openSUSE has updated libtorrent-rasterbar (Leap42.1: denial of service), kernel (Leap42.1: multiple vulnerabilities), and wget (13.2: race condition).

Slackware has updated gnutls (denial of service).

SUSE has updated java-1_7_0-ibm (SOSC5, SMP2.1, SM2.1, SLES11-SP2,3: three vulnerabilities).

Kategóriák: Linux

Kernel prepatch 4.8-rc6

h, 2016-09-12 14:42
Linus has released the 4.8-rc6 kernel prepatch. "I still haven't decided whether we're going to do an rc8, but I guess I don't have to decide yet. Nothing looks particularly bad, and it will depend on how rc7 looks."
Kategóriák: Linux

Abbott: Success with Interns

szo, 2016-09-10 01:16

Laura Abbott marks the end of the latest round of open-source internships at Outreachy with a blog post reflecting on "what makes an internship successful," especially as seen in the kernel team's internships. Among Abbott's lessons: "Choose your tasks carefully. Tasks with a specific goal but multiple ways to solve are best. Too open ended tasks can be frustrating for all involved but there should be some chance for decision making. Just giving a list of tasks and exactly how they should be completed isn't good for learning. Give your intern a chance to propose a solution and then review it together." Also: "Speaking of review, code review is a skill. Model how to respond to code review comments. Encourage interns to practice reviewing others code and ask questions as well." That is just a sampling; in total, Abbott lists well over a dozen take-aways from the experience, all worth reading.

Kategóriák: Linux

Friday's security updates

p, 2016-09-09 16:26

Arch Linux has updated wordpress (multiple vulnerabilities).

Debian has updated inspircd (user impersonation) and xen (multiple vulnerabilities).

Debian-LTS has updated curl (certificate reuse) and xen (multiple vulnerabilities).

openSUSE has updated fontconfig (Leap 42.1: privilege escalation), gdk-pixbuf (13.2, Leap 42.1: denial of service), krb5 (Leap 42.1: denial of service), mariadb (Leap 42.1: multiple vulnerabilities), ocaml (Leap 42.1: information leak), tiff (13.2: multiple vulnerabilities), and wget (Leap 42.1: multiple vulnerabilities).

Slackware has updated php (14.0, 14.1, 14.2: multiple vulnerabilities).

Ubuntu has updated file-roller (14.04, 16.04: file deletion) and imlib2 (12.04, 14.04, 16.04: multiple vulnerabilities).

Kategóriák: Linux Weekly Edition for September 9, 2016

p, 2016-09-09 02:08
The Weekly Edition for September 9, 2016 is available.
Kategóriák: Linux

A bite of Python (Red Hat Security Blog)

cs, 2016-09-08 19:59
On the Red Hat Security Blog, Ilya Etingof describes some traps for the unwary in Python, some that have security implications. "Being easy to pick up and progress quickly towards developing larger and more complicated applications, Python is becoming increasingly ubiquitous in computing environments. Though apparent language clarity and friendliness could lull the vigilance of software engineers and system administrators -- luring them into coding mistakes that may have serious security implications. In this article, which primarily targets people who are new to Python, a handful of security-related quirks are looked at; experienced developers may well be aware of the peculiarities that follow." (Thanks to Paul Wise.)
Kategóriák: Linux

Thursday's security advisories

cs, 2016-09-08 19:54

Debian-LTS has updated icu (code execution) and roundcube (three vulnerabilities, one each from 2015 and 2014).

openSUSE has updated libsrtp (42.1: denial of service from 2015), libstorage (42.1: password disclosure), and libtcnative-1-0 (42.1: cipher downgrade from 2015).

Red Hat has updated Kibana (RHOS3: two vulnerabilities).

Scientific Linux has updated thunderbird (multiple vulnerabilities).

SUSE has updated java-1_7_1-ibm (SLE11: three unspecified vulnerabilities).

Kategóriák: Linux

[$] What's next for Apache OpenOffice

cs, 2016-09-08 11:00
Concerns about the viability of the Apache OpenOffice (AOO) project are not new; they had been in the air for a while by the time LWN looked at the project's development activity in early 2015. Since then, though, the worries have grown more pronounced, especially after AOO's recent failure to produce a release with an important security fix nearly one year after being notified of the vulnerability. The result is an internal discussion on whether the project should be "retired," or whether it will find a way to turn its fortunes around.
Kategóriák: Linux

[$] An asynchronous Internet in GNOME

cs, 2016-09-08 06:57

At GUADEC 2016 in Karlsruhe, Germany, Jonathan Blandford challenged the GNOME project to rethink how its desktop software uses network access. The GNOME desktop assumes Internet connectivity is always available, which has the side effect of making the software stack considerably less useful and, indeed, usable to people who live in those places regarded as the developing world.

Kategóriák: Linux

Weekly edition one day late this week

sze, 2016-09-07 20:43
Last Monday was the Labor Day holiday in the US, so the LWN crew took the day off to celebrate. As a result, the weekly edition will be published one day late this week. It will be available on Friday, sometime shortly after midnight UTC.
Kategóriák: Linux

Stable kernel updates

sze, 2016-09-07 18:05
Stable kernels 4.7.3, 4.4.20, and 3.14.78 have been released with the usual set of important fixes. There will be one more 3.14.x kernel release before this kernel series hits its end-of-life.
Kategóriák: Linux

Wednesday's security advisories

sze, 2016-09-07 17:56

Debian has updated charybdis (incorrect SASL authentication).

Debian-LTS has updated libtomcrypt (signature forgery).

Fedora has updated 389-ds-base (F23: information disclosure), libgcrypt (F23: flawed random number generation), libksba (F23: denial of service), and mediawiki (F24; F23: multiple vulnerabilities).

openSUSE has updated Chromium (Leap42.1: multiple vulnerabilities), thunderbird (SPH for SLE12; Leap42.1, 13.2: multiple vulnerabilities), and tomcat (Leap42.1: two vulnerabilities).

Red Hat has updated postgresql92-postgresql (RHSCL: two vulnerabilities) and rh-postgresql95-postgresql (RHSCL: two vulnerabilities).

SUSE has updated Chromium (SPH for SLE12: multiple vulnerabilities).

Kategóriák: Linux

Git v2.10.0

k, 2016-09-06 22:21
Git 2.10 has been released, with lots of updates to the user interface and workflows, performance enhancements, and much more. See the announcement for details.
Kategóriák: Linux

Danko: Next steps for Gmane

k, 2016-09-06 21:01
LWN previously reported that Gmane creator and maintainer Lars Magne Ingebrigtsen shut down the website and was contemplating shutting down the service entirely. Martin Danko now reports that Gmane has a new maintainer. "I petitioned some of our directors to allow us to offer to take it over and in the end we entered into agreement with Lars to take over Gmane. The assets of Gmane have been placed into a UK company Gmane Ltd. As part of the agreement, we have received the INN spool with all the articles but none of the code that drives the site. We’ve started rebuilding parts of the site just to get it back online, its not perfect and there are pieces missing but we’re working on building all the functionality back into the site." (Thanks to Brian Thomas)
Kategóriák: Linux

Security advisories for Tuesday

k, 2016-09-06 19:08

Arch Linux has updated thunderbird (code execution).

CentOS has updated ipa (C7; C6: denial of service) and thunderbird (C7; C6; C5: code execution).

Debian has updated chromium-browser (multiple vulnerabilities), flex (regression in previous update), and kernel (multiple vulnerabilities).

Debian-LTS has updated jsch (path traversal), kernel (multiple vulnerabilities), and tiff3 (multiple vulnerabilities).

Fedora has updated ca-certificates (F23: certificate update), ganglia (F24; F23: cross-site scripting), glibc (F23: denial of service), kernel (F24; F23: two vulnerabilities), lcms2 (F23: heap memory leak), and phpMyAdmin (F24: multiple vulnerabilities).

openSUSE has updated curl (13.2: three vulnerabilities), dosfstools (Leap42.1: two vulnerabilities), eog (Leap42.1, 13.2: out-of-bounds write), and xerces-c (Leap42.1: two vulnerabilities).

Oracle has updated thunderbird (OL7; OL6: code execution).

Red Hat has updated kernel (RHEL6.7; RHEL6.5: information leak) and thunderbird (RHEL5,6,7: code execution).

Scientific Linux has updated ipa (SL6,7: denial of service).

SUSE has updated kernel (SOSC5, SMP2.1, SM2.1, SLE11-SP3: multiple vulnerabilities).

Kategóriák: Linux

LLVM 3.9 released

k, 2016-09-06 10:37
Version 3.9 of the LLVM compiler suite is out. "This release is the result of the LLVM community's work over the past six months, including ThinLTO, new libstdc++ ABI compatibility, support for all OpenCL 2.0 and all non-offloading OpenMP 4.5 features, clang-include-fixer, many new clang-tidy checks, significantly improved ELF linking with lld, identical code folding and initial LTO support in lld, as well as improved optimization, many bug fixes and more."
Kategóriák: Linux

Anticipating KDE's 20th anniversary

k, 2016-09-06 08:38
The announcement of a project to develop the "Kool Desktop Environment" went out on October 14, 1996. As the 20th anniversary of that announcement approaches, the KDE project is celebrating with a project timeline and a 20 Years of KDE book. "This book presents 37 stories about the technical, social and cultural aspects that shaped the way the KDE community operates today. It has been written as part of the 20th anniversary of KDE. From community founders and veterans to newcomers, with insights from different perspectives and points of view, the book provides you with a thrilling trip through the history of such an amazing geek family."
Kategóriák: Linux