Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 29 perc 13 másodperc

Security updates for Tuesday

k, 2016-04-05 18:28

Arch Linux has updated optipng (code execution).

Debian has updated mercurial (three vulnerabilities) and roundcube (code execution).

Fedora has updated krb5 (F22: null pointer dereference) and vtun (F23; F22: denial of service).

Gentoo has updated xen (multiple vulnerabilities, some from 2012).

openSUSE has updated ghostscript (Leap42.1: buffer overflow).

Red Hat has updated nss, nss-util, nspr (RHEL6: two vulnerabilities).

Slackware has updated thunderbird (multiple vulnerabilities).

SUSE has updated xen (SLE11-SP4: multiple vulnerabilities, some from 2013).

Ubuntu has updated libav (12.04: multiple vulnerabilities) and xchat-gnome (man-in-the-middle attack).

Kategóriák: Linux

Garrett: There's more than one way to exploit the commons

k, 2016-04-05 14:35
Matthew Garrett's take on the Debian-XScreenSaver disagreement is worth a read. "Free software doesn't benefit from distributions antagonising their upstreams, even if said upstream is a cranky nightclub owner. Debian's users are Debian's highest priority, but those users are going to suffer if developers decide that not using free licenses improves their quality of life. Kneejerk reactions around specific instances aren't helpful, but now is probably a good time to start thinking about what value Debian bring to its upstream authors and how that can be increased."
Kategóriák: Linux

New Linux-based effort to support global civil infrastructure demands

k, 2016-04-05 00:29
The Linux Foundation has announced the Civil Infrastructure Platform, "an open source framework that will provide the software foundation needed to deliver essential services for civil infrastructure and economic development on a global scale." Civil infrastructure systems deliver critical services such as electric power, oil and gas, water, health care, communications, transportation and more. "The Civil Infrastructure Platform will aim to work upstream with the Linux kernel and other open source projects to establish a “base layer” of industrial-grade software. This base layer will enable the use of software building blocks that meet safety, security, reliability and other requirements that are critical to industrial and civil infrastructure projects."
Kategóriák: Linux

Security advisories for Monday

h, 2016-04-04 18:39

Arch Linux has updated squid (denial of service).

Debian has updated lhasa (code execution) and srtp (denial of service).

Fedora has updated apache-commons-collections (F23; F22: code execution), bind (F22: multiple vulnerabilities), bind99 (F22: multiple vulnerabilities), and NetworkManager (F23: multiple vulnerabilities).

Gentoo has updated qemu (multiple vulnerabilities) and xalan (code execution from 2014).

openSUSE has updated krb5 (13.2: null pointer dereference).

Oracle has updated openssh (OL5: two vulnerabilities).

Scientific Linux has updated krb5 (SL7: three vulnerabilities) and mariadb (SL7: multiple vulnerabilities).

Slackware has updated mercurial (three vulnerabilities) and php (multiple vulnerabilities).

Kategóriák: Linux

Kernel prepatch 4.6-rc2

v, 2016-04-03 16:34
Linus has released the second 4.6 prepatch. "You all know the drill by now - another week, another rc. I'd say that things look fairly normal at this point: it's not a big rc2, but that's been true lately (rc3 tends to be a bit bigger - probably just because it takes time for people to start noticing issues)."
Kategóriák: Linux

Discourse 1.5 released

szo, 2016-04-02 00:36

Version 1.5 of the Discourse open-source discussion-and-commenting system has been released. Significant work went into rewriting the top-level "topics" page, resulting in a five-fold speed increase. Administrators can now change and customize every object label used in the interface. "Want topics to be 'threads'? Users to be 'funkatrons'? Like to be 'brofist'? Well, Discourse is your huckleberry." Support for email comments has also been improved, and user groups can now exchange private messages. The badge system, which is used to denote user roles and to mark popular posts, received a visual refresh and new documentation; user summary pages were also refreshed.

Kategóriák: Linux

Friday's security updates

p, 2016-04-01 18:49

Arch Linux has updated jdk7-openjdk (sandbox escape), jre7-openjdk (sandbox escape), and jre7-openjdk-headless (sandbox escape).

CentOS has updated krb5 (C7: multiple vulnerabilities) and mariadb (C7: multiple vulnerabilities).

Fedora has updated kubernetes (F23: improper admission check control).

Mageia has updated chromium-browser-stable (M5: multiple vulnerabilities), proftpd (M5: weak key usage), and thunderbird/thunderbird-l10n (M5: unspecified vulnerabilities).

openSUSE has updated Chromium (13.2, Leap 42.1; SLE12 SPH: multiple vulnerabilities).

Oracle has updated krb5 (O7: multiple vulnerabilities) and mariadb (O7: multiple vulnerabilities).

Red Hat has updated bind (RHEL6: multiple vulnerabilities), krb5 (RHEL7: multiple vulnerabilities), libssh (RHEL7: insecure ssh sessions), and mariadb (RHEL7: multiple vulnerabilities).

Kategóriák: Linux

Mono Relicensed MIT

p, 2016-04-01 00:12

At the Mono Project blog, Miguel de Icaza announced that the Mono runtime has been relicensed, moving from a dual-license slate (with LGPLv2 and proprietary optiona) to the MIT license. The Mono compiler and class libraries were already under the MIT license and will remain so. "Moving the Mono runtime to the MIT license removes barriers to the adoption of C# and .NET in a large number of scenarios, embedded applications, including embedding Mono as a scripting engine in game engines or other applications." De Icaza notes that Xamarin (which was recently acquired by Microsoft) had developed several proprietary Mono modules in recent years; these will also now be released under the MIT license.

Kategóriák: Linux

Thursday's security updates

cs, 2016-03-31 17:46

Debian has updated imlib2 (multiple vulnerabilities), libebml (multiple vulnerabilities), and libstruts1.2-java (input validation bypass).

Fedora has updated git (F22: multiple vulnerabilities) and moodle (F23; F22: multiple vulnerabilities).

openSUSE has updated libqt4 (Leap 42.1: unsafe SSL ciphers), webkitgtk (13.2, Leap 42.1: multiple vulnerabilities), and xen (Leap 42.1: multiple vulnerabilities).

Red Hat has updated openvswitch (RHEL7 OSP: code execution).

SUSE has updated pidgin-otr (SLE12: code execution).

Kategóriák: Linux

LWN.net Weekly Edition for March 31, 2016

cs, 2016-03-31 01:54
The LWN.net Weekly Edition for March 31, 2016 is available.
Kategóriák: Linux

[$] A single Node of failure

sze, 2016-03-30 22:38

The web-development community was briefly thrown into chaos in late March when a lone Node.js developer suddenly unpublished a short but widely used package from the Node Package Manager (npm) repository. The events leading up to that developer's withdrawal are controversial in their own right, but the chaotic effects raise even more serious questions for the Node.js and npm user communities.

Kategóriák: Linux

MIT Media Lab defaults to free & open source software (NetworkWorld)

sze, 2016-03-30 20:32
NetworkWorld reports that software developed at MIT Media Lab will be open source by default. "This effort does away with developers having to get such licenses approved first by an internal committee, which [Lab Director Joi Ito] says "always allowed our developers to open-source their work" anyway."
Kategóriák: Linux

Ubuntu on Windows

sze, 2016-03-30 19:24
Dustin Kirkland announces the availability of the Ubuntu user space on Windows 10 — a cooperative project with Microsoft. "Finally, I imagine some of you -- long time Windows and Ubuntu users alike -- are still wondering, perhaps, 'Why?!?' Having dedicated most of the past two decades of my career to free and open source software, this is an almost surreal endorsement by Microsoft on the importance of open source to developers. Indeed, what a fantastic opportunity to bridge the world of free and open source technology directly into any Windows 10 desktop on the planet."
Kategóriák: Linux

Security advisories for Wednesday

sze, 2016-03-30 18:00

Arch Linux has updated jdk8-openjdk (sandbox bypass), jre8-openjdk (sandbox bypass), and jre8-openjdk-headless (sandbox bypass).

Debian has updated dhcpcd (multiple vulnerabilities) and kamailio (code execution).

Fedora has updated openssh (F22: command injection) and webkitgtk (F22: multiple vulnerabilities).

Oracle has updated kernel-uek (OL7; OL6: unspecified).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities) and openvswitch (RHELOSP6 for RHEL7; RHELOSP5 for RHEL7: code execution).

SUSE has updated firefox, nspr, nss (SLE11-SP2: multiple vulnerabilities) and kernel (SLE11-SP4: multiple vulnerabilities).

Ubuntu has updated pcre3 (multiple vulnerabilities).

Kategóriák: Linux

KDE's "Kirigami UI"

sze, 2016-03-30 15:45
The KDE project has announced a new framework called the Kirigami UI; it appears to be oriented toward the needs of mobile applications. "Kirigami UI isn't just a set of components, it's also a philosophy: It defines precise UI/UX patterns to allow developers to quickly develop intuitive and consistent apps that provide a great user experience."
Kategóriák: Linux

OpenBSD 5.9 released

sze, 2016-03-30 09:35
The OpenBSD 5.9 release is available. There are a lot of enhancements and improvements. Perhaps most significant is the addition of the pledge() system call, which can be used by a process to limit its future capabilities. LWN looked at an early version of this work, back when it was called tame().
Kategóriák: Linux

[$] Distribution-friendly tactics in the desktop wars

k, 2016-03-29 19:25
For many aspiring projects, getting accepted and shipped by popular distributions is an important step toward a long and successful life. But even large and established projects can struggle in this area. The distribution outreach program recently launched by the KDE project hosted a discussion making it clear that KDE cannot count on the support of distributions without supporting them in turn. If the participants are to be believed, KDE's second-place position in the desktop competition can at least partially be attributed to how the project works with distributors.
Kategóriák: Linux

Tuesday's security updates

k, 2016-03-29 18:30

Debian has updated openvswitch (code execution).

openSUSE has updated gdk-pixbuf (13.2: three vulnerabilities).

SUSE has updated samba (SLES11-SP2: ACL ownership overwrite).

Kategóriák: Linux

Linux at 25: Q&A With Linus Torvalds (Spectrum)

k, 2016-03-29 17:56
IEEE Spectrum interviews Linus Torvalds. "The kernel is actually doing very well. People continue to worry about things getting too complicated for people to understand and fix bugs. It’s certainly an understandable worry. But at the same time, we have a lot of smart people involved. The fact that the system has grown so big and complicated and so many people depend on it has forced us to have a lot of processes in place. It can be very challenging to get big and have invasive changes accepted, so I wouldn’t call it one big happy place, but I think kernel development is working."
Kategóriák: Linux

Git v2.8.0 released

k, 2016-03-29 08:10
Version 2.8.0 of the Git version control system has been released. It contains a long list of new features and the removal of the rsync:// transport mechanism which, apparently, has been broken for some time without complaints from users.
Kategóriák: Linux