Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 3 hét 40 perc

Coghlan: The Python packaging ecosystem

szo, 2016-09-17 13:55
Here's a lengthy piece from Nick Coghlan on how Python software gets to users. "There have been a few recent articles reflecting on the current status of the Python packaging ecosystem from an end user perspective, so it seems worthwhile for me to write-up my perspective as one of the lead architects for that ecosystem on how I characterise the overall problem space of software publication and distribution, where I think we are at the moment, and where I'd like to see us go in the future."
Kategóriák: Linux

Bash 4.4 and Readline 7.0 released

p, 2016-09-16 23:22
The GNU Bourne Again SHell (Bash) project has released version 4.4 of the tool. It comes with a large number of bug fixes as well as new features:"The most notable new features are mapfile's ability to use an arbitrary record delimiter; a --help option available for nearly all builtins; a new family of ${parameter@spec} expansions that transform the value of `parameter'; the `local' builtin's ability to save and restore the state of the single-letter shell option flags around function calls; a new EXECIGNORE variable, which adds the ability to specify names that should be ignored when searching for commands; and the beginning of an SDK for loadable builtins, which consists of a set of headers and a Makefile fragment that can be included in projects wishing to build their own loadable builtins, augmented by support for a BASH_LOADABLES_PATH variable that defines a search path for builtins loaded with `enable -f'. The existing loadable builtin examples are now installed by default with `make install'." In addition, the related Readline command-line editing library project has released Readline 7.0.
Kategóriák: Linux

Friday's security advisories

p, 2016-09-16 18:15

CentOS has updated libarchive (C7; C6: multiple vulnerabilities, some from 2015).

Debian has updated tomcat7 (privilege escalation) and tomcat8 (privilege escalation).

Debian-LTS has updated mysql-5.5 (privilege escalation).

Fedora has updated curl (F24: code execution).

Mageia has updated cracklib (code execution), dropbear (three code execution flaws), jasper (two vulnerabilities from 2015), krb5 (denial of service), lcms2 (information leak), mediawiki (multiple vulnerabilities), openvpn (information leak), perl-DBD-mysql (two code execution flaws from 2014 and 2015), and perl-XSLoader (code execution).

openSUSE has updated opera (42.1: multiple vulnerabilities) and tiff (42.1: multiple vulnerabilities, three from 2015).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities).

Scientific Linux has updated kernel (SL7: three vulnerabilities).

Slackware has updated curl (code execution).

Kategóriák: Linux

Hutterer: Synaptics pointer acceleration

p, 2016-09-16 13:57
For this week's development horror story, it would be hard to do better than Peter Hutterer's quest to figure out how pointer acceleration works in the Synaptics driver. "Also a disclaimer: the last time some serious work was done on acceleration was in 2008/2009. A lot of things have changed since and since the server is effectively un-testable, we ended up with the mess below that seems to make little sense. It probably made sense 8 years ago and given that most or all of the patches have my signed-off-by it must've made sense to me back then. But now we live in the glorious future and holy cow it's awful and confusing."
Kategóriák: Linux

Linux 4.7.4 and 4.4.21

cs, 2016-09-15 18:45

Stable kernels 4.7.4 and 4.4.21 have been released. As is normal, they contain fixes throughout the kernel tree and users of those series should upgrade.

Kategóriák: Linux

Security updates for Thursday

cs, 2016-09-15 18:40

Arch Linux has updated flashplugin (many vulnerabilities), lib32-flashplugin (many vulnerabilities), and mariadb (two vulnerabilities).

Debian has updated chromium-browser (multiple vulnerabilities) and mailman (cross-site request forgery).

Debian-LTS has updated autotrace (code execution), tomcat6 (privilege escalation), and tomcat7 (privilege escalation).

Fedora has updated GraphicsMagick (F24: multiple vulnerabilities).

openSUSE has updated chromium (42.1; 13.2; SPH for SLE12: multiple vulnerabilities), flash-player (13.2: multiple vulnerabilities), perl (42.1: multiple vulnerabilities, one from 2015), and virtualbox (13.2: two unspecified vulnerabilities).

Oracle has updated kernel (OL7: two vulnerabilities).

Red Hat has updated kernel (RHEL7: three vulnerabilities) and kernel-rt (RHEL7; RHEL6: three vulnerabilities).

SUSE has updated flash-player (SLE12: many vulnerabilities).

Ubuntu has updated oxide-qt (16.04, 14.04: multiple vulnerabilities) and python-imaging (12.04: three vulnerabilities, one from 2014).

Kategóriák: Linux

[$] LWN.net Weekly Edition for September 15, 2016

cs, 2016-09-15 01:22
The LWN.net Weekly Edition for September 15, 2016 is available.
Kategóriák: Linux

[$] Backports and long-term stable kernels

sze, 2016-09-14 22:26
One of the longest running debates in the kernel community has to do with the backporting of patches from newer kernels to older ones. Substantial effort goes into these backports, with the resulting kernels appearing in everything from enterprise distributions to mobile devices. A recent resurgence of this debate on the Kernel Summit discussion list led to no new conclusions, but it does show how the debate has shifted over time.
Kategóriák: Linux

Kügler: LTS releases align neatly for Plasma 5.8

sze, 2016-09-14 19:07
Sebastian Kügler reports that Plasma 5.8 will be the first LTS release of the Plasma 5 series. "One great thing of this release is that it aligns support time-frames across the whole stack from the desktop through Qt and underlying operating systems. This makes Plasma 5.8 very attractive for users need to that rely on the stability of their computers." Plasma 5.8 will receive at least 18 months of bugfix and security support from upstream KDE.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2016-09-14 17:26

Arch Linux has updated libtorrent-rasterbar (denial of service) and powerdns (denial of service).

Debian has updated mysql-5.5 (SQL injection/privilege escalation).

Fedora has updated gnupg (F23: flawed random number generation), gnutls (F24; F23: certificate verification vulnerability), openjpeg2 (F24: denial of service), thunderbird (F24: unspecified vulnerabilities), and xen (F24: three vulnerabilities).

openSUSE has updated mysql-connector-java (Leap42.1: information disclosure).

Red Hat has updated flash-plugin (RHEL5,6: multiple vulnerabilities).

Slackware has updated mariadb (SQL injection/privilege escalation).

Ubuntu has updated mysql-5.5, mysql-5.7 (SQL injection/privilege escalation) and webkit2gtk (16.04: multiple vulnerabilities).

Kategóriák: Linux

Apache NetBeans Incubator Proposal

k, 2016-09-13 20:39
Geertjan Wielenga posted a proposal to the Apache incubator list to adopt NetBeans, an open source development environment, tooling platform, and application framework. "NetBeans has been run by Oracle, with the majority of code contributions coming from Oracle. The specific reason for moving to Apache is to expand the diversity of contributors and to increase the level of meritocracy in NetBeans. Apache NetBeans will be actively seeking new contributors and will welcome them warmly and provide a friendly and productive environment for purposes of providing a development environment, tooling environment, and application framework." (Thanks to Stephen Kitt)
Kategóriák: Linux

Tuesday's security updates

k, 2016-09-13 17:31

Debian-LTS has updated libphp-adodb (SQL injection).

openSUSE has updated Chromium (13.2: multiple vulnerabilities).

Oracle has updated libarchive (OL7; OL6: file overwrite) and ntp (OL7; OL6: denial of service from 2013).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), libarchive (RHEL7; RHEL6: multiple vulnerabilities), Red Hat OpenShift Enterprise 3.1 (file overwrite), Red Hat OpenShift Enterprise 3.2 (file overwrite), rh-ror41-rubygem-actionview (RHSCL: cross-site scripting), rh-ror42 (RHSCL: two vulnerabilities), ror40-rubygem-actionpack (RHSCL: cross-site scripting), and ruby193-rubygem-actionpack (RHSCL: cross-site scripting).

Scientific Linux has updated libarchive (SL7; SL6: multiple vulnerabilities).

Ubuntu has updated openjdk-6 (12.04: multiple vulnerabilities).

Kategóriák: Linux

Tridgell: ArduPilot and DroneCode

k, 2016-09-13 14:31
Andrew "Tridge" Tridgell writes about the ArduPilot project's withdrawal from the Dronecode group. "Unfortunately DroneCode has a built-in flaw. The structure and bylaws of DroneCode are built around exceptional power for the Platinum members, giving them extraordinary control over the future of DroneCode. [...] Just how great a flaw that is has been shown by the actions of the Platinum members over the last two months. Due to their overwhelming desire to be able to make a proprietary autopilot stack the Platinum members staged what can only be called a coup. They removed all top level open source projects from DroneCode, leaving only their own nominees in the Technical Steering Committee. They passed a resolution requiring that all projects hand over control of all trademarks, accounts and domains to their control."
Kategóriák: Linux

Vim 8.0 released

h, 2016-09-12 18:42
The Vim editor project is celebrating its 8.0 release. "This the first major Vim release in ten years. There are interesting new features, many small improvements and lots of bug fixes." New features include asynchronous I/O, jobs, a package system, GTK+ 3 support, and more.
Kategóriák: Linux

Stable kernel update - 3.14 eol

h, 2016-09-12 17:52
Greg KH has released stable kernel 3.14.79. This is the last update in the 3.14.x series. "Please use 4.4 if you want a LTS kernel that will last for another year, or even better yet, just use the normal stable releases as those will always contain the latest fixes and updates."
Kategóriák: Linux

Security advisories for Monday

h, 2016-09-12 17:03

Arch Linux has updated file-roller (file deletion), graphicsmagick (denial of service), and tomcat8 (redirect HTTP traffic).

Debian has updated openjpeg2 (multiple vulnerabilities) and pdns (multiple denial of service flaws).

Debian-LTS has updated libarchive (two vulnerabilities), qemu (directory/path traversal), and qemu-kvm (directory/path traversal).

Fedora has updated chromium (F24: multiple vulnerabilities), elog (F24; F23: unauthorized posts), phpMyAdmin (F23: multiple vulnerabilities), python-jwcrypto (F24; F23: information disclosure), and slock (F24; F23: screen locking bypass).

openSUSE has updated libtorrent-rasterbar (Leap42.1: denial of service), kernel (Leap42.1: multiple vulnerabilities), and wget (13.2: race condition).

Slackware has updated gnutls (denial of service).

SUSE has updated java-1_7_0-ibm (SOSC5, SMP2.1, SM2.1, SLES11-SP2,3: three vulnerabilities).

Kategóriák: Linux

Kernel prepatch 4.8-rc6

h, 2016-09-12 13:42
Linus has released the 4.8-rc6 kernel prepatch. "I still haven't decided whether we're going to do an rc8, but I guess I don't have to decide yet. Nothing looks particularly bad, and it will depend on how rc7 looks."
Kategóriák: Linux

Abbott: Success with Interns

szo, 2016-09-10 00:16

Laura Abbott marks the end of the latest round of open-source internships at Outreachy with a blog post reflecting on "what makes an internship successful," especially as seen in the kernel team's internships. Among Abbott's lessons: "Choose your tasks carefully. Tasks with a specific goal but multiple ways to solve are best. Too open ended tasks can be frustrating for all involved but there should be some chance for decision making. Just giving a list of tasks and exactly how they should be completed isn't good for learning. Give your intern a chance to propose a solution and then review it together." Also: "Speaking of review, code review is a skill. Model how to respond to code review comments. Encourage interns to practice reviewing others code and ask questions as well." That is just a sampling; in total, Abbott lists well over a dozen take-aways from the experience, all worth reading.

Kategóriák: Linux

Friday's security updates

p, 2016-09-09 15:26

Arch Linux has updated wordpress (multiple vulnerabilities).

Debian has updated inspircd (user impersonation) and xen (multiple vulnerabilities).

Debian-LTS has updated curl (certificate reuse) and xen (multiple vulnerabilities).

openSUSE has updated fontconfig (Leap 42.1: privilege escalation), gdk-pixbuf (13.2, Leap 42.1: denial of service), krb5 (Leap 42.1: denial of service), mariadb (Leap 42.1: multiple vulnerabilities), ocaml (Leap 42.1: information leak), tiff (13.2: multiple vulnerabilities), and wget (Leap 42.1: multiple vulnerabilities).

Slackware has updated php (14.0, 14.1, 14.2: multiple vulnerabilities).

Ubuntu has updated file-roller (14.04, 16.04: file deletion) and imlib2 (12.04, 14.04, 16.04: multiple vulnerabilities).

Kategóriák: Linux

LWN.net Weekly Edition for September 9, 2016

p, 2016-09-09 01:08
The LWN.net Weekly Edition for September 9, 2016 is available.
Kategóriák: Linux