Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 34 másodperc

Claws Mail 3.10.0 released

k, 2014-05-27 15:09
Version 3.10.0 of the Claws Mail email client is available. New features include improved SSL certificate management, automatic email account configuration, a number of new configuration options, and more.
Kategóriák: Linux

Perl 5.20.0 released

k, 2014-05-27 15:06
The Perl 5.20.0 release is out. "Perl 5.20.0 represents approximately 12 months of development since Perl 5.18.0 and contains approximately 470,000 lines of changes across 2,900 files from 124 authors." Significant changes include subroutine signatures, improved random number generation, a new slice syntax, postfix dereferencing, improved 64-bit support, various performance improvements, and more; see the changelog for lots of details.
Kategóriák: Linux

AOSP Debugging and Performance Analysis course materials available

h, 2014-05-26 23:31
On Google+, Opersys CEO Karim Yaghmour has announced the availability of the course materials (slides and exercises) for the company's Android Open Source Project (AOSP) Debugging and Performance Analysis class. The materials are available under the CC-BY-SA (Attribution-ShareAlike) license. "I've been helping people use Android in all sorts of devices for quite a few years now and one of the top requests I get is for information on how to debug the AOSP's internals. As with many things related to Android's internals, such information has been hard to come by. Until now ... [...] The material is built around the Inforce IFC6410 board because it was one of the only dev boards I could find that actually has both Android running on it while still having full performance counter support in perf --- sidenote, perf support on ARM SoCs, especially in combination with Android, tends to be partial at best."
Kategóriák: Linux

Unsafe cookies leave WordPress accounts open to hijacking, 2-factor bypass (Ars Technica)

h, 2014-05-26 23:14
Ars Technica is reporting on a WordPress bug that allows attackers to use a captured, unencrypted cookie to break into an account. "[Electronic Frontier Foundation staff technologist Yan] Zhu snagged a cookie for her own account the same way a malicious hacker might and then pasted it into a fresh browser profile. When she visited WordPress she was immediately logged in—without having to enter her credentials and even though she had enabled two-factor authentication. She was then able to publish blog posts, read private posts and blog stats, and post comments that were attributed to her account. As if that wasn't enough, she was able to use the cookie to change the e-mail address assigned to the account and, if two-factor authentication wasn't already in place, set up the feature. That means a hacker exploiting the vulnerability could lock out a vulnerable user. When the legitimate user tried to access the account, the attempt would fail, since the one-time passcode would be sent to a number controlled by the attacker. Remarkably, the pilfered cookie will remain valid for three years, even if the victim logs out of the account before then."
Kategóriák: Linux

Monday's security updates

h, 2014-05-26 16:14

Fedora has updated libvirt (F20: information disclosure/denial of service), mutt (F19: code execution), perl-LWP-Protocol-https (F19: SSL certificate verification botch), qt (F19: denial of service), rubygem-actionpack (F20; F19: information leak), and zabbix (F20; F19: access restriction bypass).

Mageia has updated kernel-linus (M3: multiple vulnerabilities), kernel-rt (M3: multiple vulnerabilities), kernel-tmb (M4; M3: multiple vulnerabilities), kernel-vserver (M3: multiple vulnerabilities), and mariadb (multiple unspecified vulnerabilities).

Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), kernel (12.04; 10.04: multiple vulnerabilities), and mod-wsgi (14.04, 13.10, 12.04: two vulnerabilities).

Kategóriák: Linux

Kernel prepatch 3.15-rc7

h, 2014-05-26 14:18
Linus is back on the Sunday schedule with the 3.15-rc7 release. "It's just a few days after -rc6, but as expected, there were some pending stuff for when I got back home, so you should think of this as being the 'normal' release, and rc6 just having been oddly delayed by my travel."
Kategóriák: Linux

Warner: The new Sync protocol

szo, 2014-05-24 00:37

At his blog, Mozilla's Brian Warner describes the revised Firefox Sync protocol that was rolled out with the recent Firefox 29 release, including the design decisions that the project learned from supporting the previous incarnation. In the old system, Mozilla discovered, "users *thought* their email and password would be sufficient to get their data back, but in fact you need access to a device that was already attached to your account. This made it unsuitable for people with a single device, and made it mostly impossible to recover from the all-too-common case of losing your only browser. It also confused people who thought email+password was the standard way to set up a new browser." This eventually led to the new "Firefox Accounts" system, which incorporates two tiers of data protection. Warner also describes various factors of migrating between the old Sync and the new Sync. "If you’re still running FF28, the FF24 ESR (Extended Support Release), or another pre-FF29 browser, you can still use the pairing flow to connect additional old browsers. We’ll support this flow until at least the end of the ESR maintenance period (14-Oct-2014), maybe a bit longer, but eventually we’ll shut down the servers necessary to support the old pairing flow, and pairing will stop working." It sounds like still more features may be in store further down the road.

Kategóriák: Linux

Friday's security updates

p, 2014-05-23 17:11

CentOS has updated mysql55-mysql (C5; C6: multiple vulnerabilities).

Debian has updated torque (code execution).

Gentoo has updated libyaml (code execution).

Mageia has updated chromium-browser-stable (multiple vulnerabilities) and webmin (multiple vulnerabilities).

openSUSE has updated perl-LWP-Protocol-https (12.3, 13.1: certificate verification bypass), libXfont (12.3, 13.1: multiple vulnerabilities), libxml2 (11.4: denial of service), mumble (12.3, 13.1: denial of service), and strongswan (11.4: multiple vulnerabilities).

Oracle has updated mysql55-mysql (O5: multiple vulnerabilities).

Red Hat has updated mysql55-mysql (RHEL5; RHEL6: multiple vulnerabilities).

Scientific Linux has updated mysql55-mysql (SL5: multiple vulnerabilities).

Kategóriák: Linux

EFF: Hacking the Patent System: A Guide to Alternative Patent Licensing for Innovators

cs, 2014-05-22 23:34
The Electronic Frontier Foundation (EFF) has announced a new guide to alternative patent licensing [PDF] that was prepared by Marta Belcher and John Casey, students in the Juelsgaard Intellectual Property & Innovation Clinic at Stanford Law School, in partnership with the EFF, Engine, and the Open Invention Network. It looks at the pros and cons of several defensive patent aggregators as well as various patent pledges. The EFF hopes it will be a "useful starting place for companies trying to navigate the patent landscape".
Kategóriák: Linux

First Set of Microconferences Approved for LPC 2014

cs, 2014-05-22 19:57
The first set of microconferences for the Linux Plumbers Conference (LPC) have been approved. "The LPC 2014 committee has started reviewing and approving this year’s Microconferences Proposals. The approved microconferences so far are Containers, Wayland, Network Virtualization and Security, and Wireless Networking. For details on each of the approved microconferences and the currently pending proposals, please see the LPC 2014 wiki." The first in a series of posts covering the microconferences has also been posted; it looks at the Containers microconference. LPC will be held October 15-17 in Düsseldorf, Germany, co-located with LinuxCon Europe.
Kategóriák: Linux

Security updates for Thursday

cs, 2014-05-22 17:18

CentOS has updated mariadb55-mariadb (multiple unspecified vulnerabilities), ruby193-libyaml (two code execution flaws), and ruby193-rubygem-actionpack (information leak).

Debian has updated libgadu (code execution).

Fedora has updated kernel (F19: multiple vulnerabilities), openssh (F20: two vulnerabilities), perl-LWP-Protocol-https (F20: SSL certificate verification botch), and python-fedora (F19: two vulnerabilities).

openSUSE has updated strongswan (two vulnerabilities).

Red Hat has updated rubygem-openshift-origin-node (RHOSE2.1; RHOSE2.0: code execution).

SUSE has updated Linux kernel (SLE11SP2: many vulnerabilities).

Ubuntu has updated libxalan2-java (13.10, 12.04, 10.04: code execution) and lxml (14.04, 13.10, 12.04: code execution).

Kategóriák: Linux

[$] LWN.net Weekly Edition for May 22, 2014

cs, 2014-05-22 04:26
The LWN.net Weekly Edition for May 22, 2014 is available.
Kategóriák: Linux

Kernel prepatch 3.15-rc6

cs, 2014-05-22 01:30
A bit off his normal schedule, due to chasing fish in the Pacific, Linus Torvalds has released the 3.15-rc6 prepatch. "With rc5 being a couple of days early, and rc6 being several days late, we had almost two weeks in between them. The size of the result is not twice as large, though, hopefully partially because it's getting late in the rc series and things are supposed to be calming down, but presumably also because some submaintainers just didn't send their pull requests because they knew I was off-line. Whatever the reason, things don't look bad." He plans to return to the normal Sunday schedule for rc7, presumably on June 1, which might be the last rc for 3.15.
Kategóriák: Linux

[$] PostgreSQL 9.4 beta: Binary JSON and Data Change Streaming

sze, 2014-05-21 20:09
It's May, which means that it's time for a new PostgreSQL beta release. As with each annual release, PostgreSQL 9.4 has a few dozen new features addressing the various ways people use the database system. While users all have their own favorites among the new features, this article will focus on two features that have received the most attention: the new JSONB type, and Data Change Streaming.

Subscribers can click below for guest author Josh Berkus's look at these two new PostgreSQL features.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-05-21 17:55

Fedora has updated botan (F20; F19: insufficiently random cryptographic base), dpkg (F20: unauthorized file creation), and python-fmn-web (F20; F19: covert redirect).

SUSE has updated Linux kernel (SLERTE11 SP3: privilege escalation) and nagios-nrpe, nagios-nrpe-debuginfo, (SLES11 SP3: code execution).

Ubuntu has updated libgadu (13.10, 12.04 LTS: code execution) and pidgin (14.04 LTS, 13.10, 12.04 LTS: code execution).

Kategóriák: Linux

Bacon: Goodbye Canonical, Hello XPRIZE

sze, 2014-05-21 16:21
Ubuntu Community Manager Jono Bacon has announced that he is leaving that position to become the Senior Director of Community at the XPRIZE Foundation. "Now, I won’t actually be going anywhere. I will still be hanging out on IRC, posting on my social media networks, still responding to email, and will continue to do Bad Voltage and run the Community Leadership Summit. I will continue to be an Ubuntu Member, to use Ubuntu on my desktop and server, and continue to post about and share my thoughts about where Ubuntu is moving forward. I am looking forward in many ways to experiencing the true Ubuntu community experience now I will be on the other side of the garden."
Kategóriák: Linux

Wayland and Weston 1.5.0 released

sze, 2014-05-21 13:24
The 1.5.0 releases of the Wayland display manager and Weston compositor are available. It has been a relatively quiet cycle, especially on the Wayland side, but there are still numerous improvements, including a transition to the new Xwayland server. "The Xwayland code was refactored to be its own X server in the Xorg tree, similar to how Xwin and Xquartz and Xnest work. A lot of the complexity and hacks in the old Xorg based Xwayland was about fighting Xorg trying to be a native display server, discovering input devices and driving the outputs. The goal was to be able to reuse the 2D acceleration code from the various Xorg DDX drivers. With glamor becoming a credible acceleration architecture, we no longer need to jump through those hoops and the new code base is much simpler and cleaner as a result." There is also a change in the maintainer model, with Kristian Høgsberg giving commit privileges to a number of top-level developers.
Kategóriák: Linux

Robyn Bergeron stepping down as Fedora leader

sze, 2014-05-21 12:31
Fedora project leader Robyn Bergeron has announced her intention to step down from the position. "With Fedora 20 well behind us, and Fedora.next on the road ahead, it seems like a natural time to step aside and let new leadership take the reins. Frankly, I shouldn’t even say 'the road ahead' since we’re well-entrenched in the process of establishing the Fedora.next features and processes, and it’s a rather busy time for us all in Fedora-land — but this is precisely why make the transition into new leadership as smooth as possible for the Fedora Project community is so important. It’s a good time for change, and fresh ideas and leadership will be an asset to the community as we go forward, but I also want to make sure it’s not going to distract us from all the very important things we have in the works."
Kategóriák: Linux

TechView: Linus Torvalds, Inventor of Linux (Huffington Post)

k, 2014-05-20 22:25
The Huffington Post has an interview with Linus Torvalds. "I think very few people get to feel like they have actually made a difference, and let me tell you, it's a good feeling to have. I was never very interested in the commercial side, and to me the people and companies who were able to take Linux and use it commercially are the people who did what I simply would never have had the drive to do. And it was needed, and useful, so I'm actually very grateful for the commercial entities: they've allowed me to concentrate on the parts I enjoy."
Kategóriák: Linux

Tuesday's security updates

k, 2014-05-20 18:26

CentOS has updated libxml2 (C6: denial of service).

Debian has updated python-django (multiple vulnerabilities).

Mageia has updated kernel (MG3: multiple vulnerabilities), kernel-linus (MG4: multiple vulnerabilities), kernel-rt (MG4: multiple vulnerabilities), kernel-vserver (MG4: multiple vulnerabilities), moodle (multiple vulnerabilities), and python-django (two vulnerabilities).

Oracle has updated libxml2 (OL6: denial of service).

Red Hat has updated kernel (RHEL6.2 EUS: two vulnerabilities) and mariadb55-mariadb (RHSC1: multiple vulnerabilities).

Kategóriák: Linux