Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 8 perc 5 másodperc

Red Hat's dynamic kernel patching project

k, 2014-03-04 16:32
It seems that Red Hat, too, has a project working on patching running kernels. "kpatch allows you to patch a Linux kernel without rebooting or restarting any processes. This enables sysadmins to apply critical security patches to the kernel immediately, without having to wait for long-running tasks to complete, users to log off, or scheduled reboot windows. It gives more control over uptime without sacrificing security or stability." It looks closer to ksplice than to SUSE's kGraft in that it patches out entire functions at a time.
Kategóriák: Linux

FSF, SFLC and OSI to fight software patents in U.S. Supreme Court

h, 2014-03-03 23:34
The Free Software Foundation has joined forces with the Software Freedom Law Center and the Open Source Initiative in filing an amicus brief in software patent case *Alice Corp. v. CLS Bank* before the United States Supreme Court. "The jointly filed brief argues that the "machine or transformation" inquiry employed by the Court in *Bilski v. Kappos* is the correct, and exclusive, bright line test for patent eligibility of computer-implemented inventions. It says that not only do software idea patents fail established tests for patentability; they also violate the First Amendment."
Kategóriák: Linux

Second Debian init system vote concludes

h, 2014-03-03 22:49
The second vote by the Debian technical committee addressed init system coupling. Bdale Garbee has announced the results of that vote. "With all 8 votes cast, this CFV on the init system coupling issue has ended in a tie between options "L" and "N". Given my vote on this issue, it should be no surprise that I use my casting vote to declare option "N" is the winner." (Thanks to Josh Triplett)

Option N: "The TC chooses to not pass a resolution at the current time about whether software may require specific init systems."

Kategóriák: Linux

What is good video editing software on Linux? (Xmodulo)

h, 2014-03-03 22:07
Xmodulo presents a brief overview of ten video editing applications available for Linux. "I will not cover subjective merits such as usability or interface design, but instead highlight notable features of each video editor."
Kategóriák: Linux

Security advisories for Monday

h, 2014-03-03 19:43

Debian has updated php5 (denial of service).

Fedora has updated drupal6-filefield (F20; F19: access bypass), drupal6-image_resize_filter (F20; F19: denial of service), drupal7-ctools (F20; F19: access bypass), kernel (F20; F19: denial of service), libvirt (F20: unsafe usage of paths under /proc/$PID/root), thunderbird (F19: multiple vulnerabilities), and xen (F20; F19: multiple vulnerabilities).

Mageia has updated apache-commons-fileupload (denial of service), mariadb (multiple vulnerabilities), mediawiki (multiple vulnerabilities), otrs (JavaScript code execution), tomcat (denial of service), x2goserver (code execution), and zarafa (denial of service).

openSUSE has updated vlc (13.1: unspecified vulnerability).

Kategóriák: Linux

Kernel prepatch 3.14-rc5

h, 2014-03-03 16:41
The 3.14-rc5 kernel prepatch is out right on schedule. Linus says: "Not a lot. Which is just how I like it. Go verify that it all works for you."
Kategóriák: Linux

Broadcom releases SoC graphics driver source

szo, 2014-03-01 01:46
Broadcom has announced the release of the source and documentation for its VideoCore IV graphics subsystem. This subsystem is found in the Raspberry Pi processor, among others. "The trend over the last decade has leaned towards greater openness in desktop graphics, and the same is happening in the mobile space. Broadcom — a long-time leader in graphics processors — is a frontrunner in this movement and aims to contribute to its momentum."
Kategóriák: Linux

The first Ubuntu 14.04 'Trusty Tahr' beta

p, 2014-02-28 20:25
The first beta release for the upcoming Ubuntu 14.04 long-term support release is available for testing in a number of flavors: "This beta features images for Edubuntu, Kubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu Studio, Xubuntu and the Ubuntu Cloud images."
Kategóriák: Linux

Friday's security updates

p, 2014-02-28 19:45

CentOS has updated libtiff (C5; C6: multiple vulnerabilities) and postgresql92-postgresql (multiple vulnerabilities).

Gentoo has updated argyllcms (code execution) and chrony (multiple vulnerabilities).

Mageia has updated chromium-browser (multiple vulnerabilities), imapsync (TLS botch), and subversion (M3; M4: denial of service).

openSUSE has updated icedtea-web (12.3, 13.1: insecure temporary file use), mupdf (13.1: denial of service), python-logilab-common (12.3, 13.1: multiple vulnerabilities), and subversion (13.1: denial of service).

Oracle has updated libtiff (O5; O6: multiple vulnerabilities).

Red Hat has updated libtiff (RHEL5; RHEL6: multiple vulnerabilities) and postgresql92-postgresql (multiple vulnerabilities).

Scientific Linux has updated libtiff (SL5; SL6: multiple vulnerabilities).

Slackware has updated subversion (multiple vulnerabilities).

Ubuntu has updated openjdk-6 (10.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

Josefsson: Replicant 4.2 on Samsung S3

cs, 2014-02-27 21:03
On his blog, Simon Josefsson describes the process of updating Replicant, the free-software-only Android-based mobile phone firmware project, from version 4.0 to 4.2. "I spent some time researching how to get the various non-free components running. This is of course sub-optimal, and the Replicant project does not endorse non-free software. Alas there aren’t any devices out there that meets my requirements and use only free software. Personally, I feel using a free core OS like Replicant and then adding some non-free components back is a better approach than using CyanogenMod directly, or (horror) the stock ROM. Even better is of course to not add these components back, but you have to decide for yourselves which trade-offs you want to make."
Kategóriák: Linux

Introducing: Debian for OpenRISC

cs, 2014-02-27 18:10
Christian Svensson has announced a version of Debian for the OpenRISC open-source processor. "Some people know that I've been working on porting Glibc and doing some toolchain work. My evil master plan was to make a Debian port, and today I'm a happy hacker indeed! Below is a link to a screencast of me installing Debian for OpenRISC, installing python2.7 via apt-get (which you shouldn't do in or1ksim, it takes ages! (but it works!)) and running a small Python script. http://asciinema.org/a/7362" (Thanks to Paul Wise.)
Kategóriák: Linux

Security updates for Thursday

cs, 2014-02-27 17:12

Mageia has updated kernel (M4: two vulnerabilities) and lxc (privilege escalation).

Ubuntu has updated file (10.04; 12.04; 12.10; 13.10: two vulnerabilities, one from 2012).

Kategóriák: Linux

[$] LWN.net Weekly Edition for February 27, 2014

cs, 2014-02-27 03:45
The LWN.net Weekly Edition for February 27, 2014 is available.
Kategóriák: Linux

[$] Lawrence Lessig on East-Coast vs West-Coast code

cs, 2014-02-27 00:51

At SCALE12x in Los Angeles, Harvard law professor Lawrence Lessig delivered an opening keynote that challenged the free software community to do something it does not normally attempt: engage with the political system. Lessig is perhaps best known as a public advocate for reform in the US government's patent and copyright systems and for his activism in intellectual property issues (such as founding Creative Commons), but in recent years he has focused his attention on the more fundamental problems of how campaign financing skews the political system, severely hindering the chances for real reform in many public policy areas. As he explained to the SCALE crowd, however, those affected public policy areas include some key technology issues—and Lessig's own commitment to the cause he credits directly to his friendship with developer Aaron Swartz.


Kategóriák: Linux

Security updates for Wednesday

sze, 2014-02-26 19:11

CentOS has updated mariadb55-mariadb (SCL: multiple vulnerabilities) and postgresql (C5; C6: multiple vulnerabilities).

Fedora has updated quassel (F20; F19: SQL injection).

Gentoo has updated pidgin-knotify (command execution).

Mageia has updated oath-toolkit (replays one time passwords), openswan (denial of service), otrs (two vulnerabilities), perl-CGI-Application (information leak), perl-Module-Metadata (code execution), phpseclib (cross-site scripting), springframework (multiple vulnerabilities), xstream (code execution), and zabbix (multiple vulnerabilities).

Oracle has updated postgresql (OL6; OL5: multiple vulnerabilities).

Red Hat has updated postgresql84 and postgresql (RHEL5&6: multiple vulnerabilities).

Scientific Linux has updated postgresql84 and postgresql (SL5&6: multiple vulnerabilities).

SUSE has updated flash-player (multiple vulnerabilities).

Ubuntu has updated freeradius (multiple vulnerabilities) and gnutls26 (certificate verification error).

Kategóriák: Linux

Everything you wanted to know about the security-focused Blackphone (ars technica)

k, 2014-02-25 21:51
Ars technica provides some details on the security focused Blackphone. "While Geeksphone is handling the hardware, Silent Circle is handling the software. The Blackphone runs a Google-less version of Android called "PrivatOS." Besides removing the user-tracking Google parts, most of the Blackphone's security and privacy advantages seem to come from the integration of Silent Circle apps. The suite of apps mentioned at the event were the existing Silent Phone and Silent Text apps, and a new product called "Silent Contacts." Silent Phone and Silent Text encrypt your phone calls, text messages, and file transfers to other users of the apps."
Kategóriák: Linux

Servo: Inside Mozilla's mission to reinvent the web browser (ZDNet)

k, 2014-02-25 20:42
Here's a ZDNet article looking at Mozilla's "Servo" project, an attempt to make web browsers perform better and more securely on multi-core systems. "Servo takes a different approach to current browsers. It splits the work to compute the layout, render content and execute scripts on a web page into three tasks, each of which it can carry out in parallel. The browser's ability to carry out these tasks at the same time stems from the nature of the Servo's underlying programming language, Rust, which has been developed by Mozilla for several years and is nearing version 1.0."
Kategóriák: Linux

Tuesday's security advisories

k, 2014-02-25 19:09

CentOS has updated openldap (C5: denial of service) and xen (Xen4CentOS: multiple vulnerabilities).

Fedora has updated openstack-nova (F20: insecure directory permissions).

Oracle has updated openldap (OL5: denial of service).

Red Hat has updated openldap (RHEL5: denial of service) and rubygems (denial of service).

Scientific Linux has updated openldap (SL5: denial of service).

SUSE has updated IBM Java 6 (multiple vulnerabilities).

Kategóriák: Linux

Videos from DevConf.cz

h, 2014-02-24 21:59
Videos of the talks at DevConf.cz are available on YouTube. DevConf.cz took place February 7-9 in Brno, Czech Republic. The conference was aimed at developers, administrators and users of Red Hat, JBoss and Fedora.
Kategóriák: Linux

Security advisories for Monday

h, 2014-02-24 21:07

Debian has updated gnutls26 (certificate verification error) and otrs2 (two vulnerabilities).

Fedora has updated drupal6-ctools (F20; F19: access bypass), file (F20: denial of service), gnutls (F19: certificate verification error), ibus-chewing (F19: password disclosure), libgadu (F19: code execution), lighttpd (F20; F19: multiple vulnerabilities), mingw-gnutls (F20; F19: certificate verification error), numpy (F19: insecure temp files), oath-toolkit (F19: replays one time passwords), perl-Capture-Tiny (F20; F19: insecure tmpfile use), postgresql (F20: multiple vulnerabilities), python-gnupg (F20; F19: shell injection), seamonkey (F20; F19: multiple vulnerabilities), and xstream (F20; F19: code execution).

Gentoo has updated gnupg (multiple vulnerabilities), kvirc (multiple vulnerabilities from 2010), libssh (code execution from 2012), libXfont (multiple vulnerabilities, one from 2011), openssl (denial of service), tcptrack (code execution from 2011), and tiff (multiple vulnerabilities, some from 2012).

Mageia has updated file (denial of service), flash-player-plugin (multiple vulnerabilities), freeradius (buffer overflow), gnome-chemistry-utils, gnumeric, goffice (MG3: denial of service), imagemagick: code execution), libtar (directory traversal), and python-numpy (insecure temp files).

openSUSE has updated curl (13.1, 12.3; 11.4: information disclosure), flash-player (13.1, 12.3; 11.4: multiple vulnerabilities), icinga (13.1, 12.3: cross-site request forgery), libvirt (13.1; 12.3: multiple vulnerabilities), libyaml (13.1, 12.3; 11.4: code execution), and mumble (13.1, 12.3: multiple vulnerabilities).

Ubuntu has updated postgresql-8.4, postgresql-9.1 (multiple vulnerabilities).

Kategóriák: Linux