Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 5 perc 51 másodperc

Day: New Human Interface Guidelines for GNOME and GTK+

p, 2014-08-22 23:25

At his blog, Allan Day announces the preliminary availability of a brand-new edition of the GNOME Human Interface Guidelines (HIG). Prepared for the upcoming GNOME 3.14 release, this is the first major overhaul of the GNOME HIG in some time. Day notes: "There is a downside to all the experimentation that has been happening in software design in recent years, of course – it can often be a bewildering space to navigate. This is where the HIG comes in. Its goal is to help developers and designers take advantage of the new abilities at their disposal, without losing their way in the process. This is reflected in the structure of the new HIG: the guidelines don’t enforce a single template on which applications have to be based, but presents a series of patterns and elements which can be drawn upon." He also emphasizes that the new HIG, despite its name, is not a GNOME-only document, but is designed to aid interface design in other GTK+ applications, too.

Kategóriák: Linux

Calibre 2.0 released

p, 2014-08-22 22:14
Version 2.0 of the Calibre electronic book management tool has been released. There is a long list of new features since the 1.0 release. "The biggest new feature is an e-book editor, capable of editing ebooks in both the EPUB and AZW3 (Kindle) formats."
Kategóriák: Linux

Friday's security updates

p, 2014-08-22 17:21

Debian has updated python-imaging (denial of service).

Mageia has updated krb5 (multiple vulnerabilities) and sdcc (denial of service).

Ubuntu has updated ceilometer (14.04: information leak), glance (14.04: denial of service), horizon (14.04: multiple vulnerabilities), keystone (14.04: multiple vulnerabilities), neutron (14.04: multiple vulnerabilities), and nova (14.04: information leak).

Kategóriák: Linux

FSF: GNU hackers discover HACIENDA government surveillance and give us a way to fight back

p, 2014-08-22 00:40

The Free Software Foundation blog has posted an article detailing a newly discovered government surveillance project as well as a new technological countermeasure. The surveillance project is known as HACIENDA, as is reportedly a multi-national effort "to map every server in twenty-seven countries, employing a technique known as port scanning." The countermeasure, developed by Julian Kirsch, Christian Grothoff, Jacob Appelbaum, and Holger Kenn, is called TCP Stealth. According to the TCP Stealth whitepaper, the system "replaces the traditional random TCP SQN number with a token that authenticates the client and (optionally) the first bytes of the TCP payload. Clients and servers can enable TCP Stealth by explicitly setting a socket option or linking against a library that wraps existing network system calls." A Linux implementation of the scheme is available.

Kategóriák: Linux

Thursday's security updates

cs, 2014-08-21 19:46

Debian has updated libstruts1.2-java (code execution) and php5 (multiple vulnerabilities).

Fedora has updated drupal7 (F19; F20: denial of service), drupal7-date (F19; F20: cross-site scripting), libndp (F19; F20: code execution), and wordpress (F20: denial of service).

Mageia has updated catfish (M3; M4: privilege escalation), gpgme (code execution), phpmyadmin (multiple vulnerabilities), python-imaging, python-pillow (denial of service), and subversion (M3; M4: information leak).

openSUSE has updated openstack-neutron (13.1: access restriction bypass), apache2 (12.3; 13.1: multiple vulnerabilities), apache2-mod_security2 (rules bypass), krb5, (code execution), openssl (multiple vulnerabilities), python (12.3; 13.1: information leak), python3 (13.1: information leak), and samba (13.1: multiple vulnerabilities).

Red Hat has updated openstack-nova (RHEL OpenStack: multiple vulnerabilities).

Ubuntu has updated oxide-qt (14.04: multiple vulnerabilities).

Kategóriák: Linux

Linux Foundation Technical Advisory Board election results

cs, 2014-08-21 18:09
The results from the Linux Foundation TAB election have been announced; the five open seats went to Chris Mason, John Linville, H. Peter Anvin, Grant Likely, and Kristen Accardi.
Kategóriák: Linux

[$] LWN.net Weekly Edition for August 21, 2014

cs, 2014-08-21 03:56
The LWN.net Weekly Edition for August 21, 2014 is available.
Kategóriák: Linux

[$] GNOME development updates from GUADEC

sze, 2014-08-20 21:39

A project as large as GNOME consists of enough constituent parts that it can be a challenge just to keep up with the latest developments of the various applications, libraries, and infrastructure efforts. GUADEC 2014 in Strasbourg provided a number of opportunities to get up speed on the various moving pieces. Of course, it is impossible to catch everything at a multi-track event, but there were still quite a few updates worth mentioning.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-08-20 17:41

CentOS has updated qemu-kvm (C6: code execution).

Debian has updated cacti (multiple vulnerabilities).

openSUSE has updated gpgme (13.1, 12.3: code execution) and wireshark (13.1: multiple vulnerabilities).

Oracle has updated qemu-kvm (OL6: multiple vulnerabilities).

Red Hat has updated kernel-rt (RHE MRG 2.5: multiple vulnerabilities), openstack-neutron (RHEL OSP 4.0: denial of service), and thermostat1-httpcomponents-client (RHSC1: SSL server spoofing).

Ubuntu has updated openjdk-7 (14.04 LTS: multiple vulnerabilities).

Kategóriák: Linux

[$] The 2014 Kernel Summit

sze, 2014-08-20 16:37
The 2014 Kernel Summit was held on August 18-20 in Chicago, IL, USA. Reports from the first day's session are now available to LWN subscribers. Topics covered range from I/O memory management units to the stable and linux-next trees, to performance regressions and code review. Click below (subscribers only) for access to the full set of articles.
Kategóriák: Linux

Linux Kernel Git Repositories Add 2-Factor Authentication (Linux.com)

k, 2014-08-19 19:47
Linux.com takes a look at using 2-factor authentication for commit access to kernel git repositories. "Having the technology available is one thing, but how to incorporate it into the kernel development process -- in a way that doesn't make developers' lives painful and unbearable? When we asked them, it became abundantly clear that nobody wanted to type in 6-digit codes every time they needed to do a git remote operation. Where do you draw the line between security and usability in this case? We looked at the options available in gitolite, the git repository management solution used at kernel.org, and found a way that allowed us to trigger additional checks only when someone performed a write operation, such as "git push." Since we already knew the username and the remote IP address of the developer attempting to perform a write operation, we put together a verification tool that allowed developers to temporarily whitelist their IP addresses using their 2-factor authentication token."
Kategóriák: Linux

Security advisories for Tuesday

k, 2014-08-19 17:16

CentOS has updated nss-util (C7: incorrect wildcard certificate handling), nss-softokn (C7: incorrect wildcard certificate handling), and nss (C7: incorrect wildcard certificate handling).

Fedora has updated kernel (F19: multiple vulnerabilities) and samba (F19: remote code execution/privilege escalation).

Oracle has updated nss, nss-util, nss-softokn (OL7: incorrect wildcard certificate handling).

Red Hat has updated qemu-kvm (RHEL6: multiple vulnerabilities).

Scientific Linux has updated qemu-kvm (SL6: multiple vulnerabilities).

SUSE has updated flash-player (SLED11 SP3: multiple vulnerabilities).

Ubuntu has updated openssl (10.04 LTS: regression in previous update).

Kategóriák: Linux

Coghlan: Why Python 4.0 won't be like Python 3.0

k, 2014-08-19 16:47
Python core developer Nick Coghlan seeks to dispel worries that an eventual Python 4.0 release will be as disruptive as 3.0 was. "Why mention this point? Because this switch to 'Unicode by default' is the most disruptive of the backwards incompatible changes in Python 3 and unlike the others (which were more language specific), it is one small part of a much larger industry wide change in how text data is represented and manipulated. With the language specific issues cleared out by the Python 3 transition, a much higher barrier to entry for new language features compared to the early days of Python and no other industry wide migrations on the scale of switching from 'binary data with an encoding' to Unicode for text modelling currently in progress, I can't see any kind of change coming up that would require a Python 3 style backwards compatibility break and parallel support period."
Kategóriák: Linux

An md/raid6 data corruption bug

k, 2014-08-19 16:15
Neil Brown, the MD maintainer, has sent out an alert for a bug which, in fairly abnormal conditions, can lead to data loss on an MD-hosted RAID6 array. "There is no risk to an optimal array or a singly-degraded array. There is also no risk on a doubly-degraded array which is not recovering a device or is not receiving write requests." RAID6 users will likely want to apply the patch, though, which is likely to show up in the next stable kernel update from distributors.
Kategóriák: Linux

The Linux Foundation Technical Advisory Board election

h, 2014-08-18 22:47
The election for half of the members of the Linux Foundation's Technical Advisory board will be held 8:00PM, August 20, at the Kernel Summit/LinuxCon joint reception. As of this writing, there are fewer candidates than open positions. Anybody interested in serving on the TAB is encouraged to make their interest known prior to the election time and, if possible, attend the election.
Kategóriák: Linux

Monday's security updates

h, 2014-08-18 17:37

Debian has updated xen (multiple vulnerabilities).

Fedora has updated 389-ds-base (F20: information disclosure), iodine (F19; F20: authentication bypass), kernel (F20: multiple vulnerabilities), krfb (F19; F20: denial of service), pixman (F20: denial of service), and tboot (F19; F20: boot chain bypass).

Gentoo has updated libmodplug (multiple vulnerabilities).

Mageia has updated 389-ds-base (information disclosure), dhcpcd (denial of service), flash-player-plugin (multiple vulnerabilities), kernel-linus (M3; M4: multiple vulnerabilities), kernel-tmb (M3; M4: multiple vulnerabilities), and kernel-vserver (multiple vulnerabilities).

openSUSE has updated flash-player (11.4: multiple vulnerabilities).

Red Hat has updated nss, nss-util, nss-softokn (RHEL7: incorrect certificate handling).

SUSE has updated krb5 (code execution).

Ubuntu has updated kernel (14.04: multiple vulnerabilities) and linux-lts-trusty (12.04: multiple vulnerabilities).

Kategóriák: Linux

Kernel prepatch 3.17-rc1

szo, 2014-08-16 21:27
Linus has released 3.17-rc1 and closed the merge window for this release. He had suggested that the merge window could be extended, but that's not how things turned out. "I'm going to be on a plane much of tomorrow, and am not really supportive of last-minute pull requests during the merge window anyway, so I'm closing the merge window one day early, and 3.17-rc1 is out there now."
Kategóriák: Linux

Ten years of OpenStreetMap (O'Reilly Radar)

p, 2014-08-15 23:11

O'Reilly Radar has posted a retrospective look at the OpenStreetMap (OSM) project on the occasion of OSM's ten-year anniversary. Tyler Bell calls the project "the most significant development in the Open Geo Data movement" outside of GPS; noting that before OSM's creation, "map data sources were few, and largely controlled by a small collection of private and governmental players. The scarcity of map data ensured that it remained both expensive and highly restrictive, and no one but the largest navigation companies could use map data." Particularly interesting are the various comparisons between the state of the map in 2007 and today; the project's 1.5 million registered users do not seem to be slowing down, even if today's emphasis has shifted somewhat to less-visible features: "nodes are getting connected and turn restrictions added to facilitate navigation, while addresses are being sourced to help with geocoding and place finding."

Kategóriák: Linux

Friday's security updates

p, 2014-08-15 17:29

Fedora has updated gd (F20: denial of service), httpd (F19: multiple vulnerabilities), krb5 (F20: code execution), python-bottle (F19; F20: remote code execution), tor (F19; F20: traffic confirmation), transmission (F19: code execution), and v8 (F19: denial of service).

Ubuntu has updated serf (12.04, 14.04: information leak) and subversion (12.04, 14.04: multiple vulnerabilities).

Kategóriák: Linux

Riddell: Upstream and Downstream: why packaging takes time

cs, 2014-08-14 19:15
Kubuntu developer Jonathan Riddell looks at packaging all of the pieces of KDE on his blog. His perspective is, of course, Kubuntu-focused, but the comments contain lengthy responses from Fedora and openSUSE KDE packagers, which makes for a good look at the work distributions put into packaging a huge code base like KDE. "Much of what we package are libraries and if one small bit changes in the library, any applications which use that library will crash. This is ABI and the rules for binary [compatibility] in C++ are nuts. Not infrequently someone in KDE will alter a library ABI without realising. So we maintain symbol files to list all the symbols, these can often feel like more trouble than they're worth because they need updated when a new version of GCC produces different symbols or when symbols disappear and on investigation they turn out to be marked private and nobody will be using them anyway, but if you miss a change and apps start crashing as nearly happened in KDE PIM last week then people get grumpy." (Thanks to Robie Basak.)
Kategóriák: Linux