Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 24 perc 7 másodperc

Kernel prepatch 3.16-rc6

h, 2014-07-21 13:55
The 3.16-rc6 release is out, and Linus is starting to think that things are still too active. "Anyway, rc6 still isn't all *that* big, so I'm not exactly worried, but I am getting to the point where I'm going to start calling people names and shouting at you if you send me stuff that isn't appropriate for the late rc releases. Which is not to say that people did: while rc6 is bigger than I wished for, I don't think there's too much obviously frivolous in there. But I'll be keeping an eye out, and I'll be starting to get grumpy (or grumpiER) if I notice that people aren't being serious about trying to calm things down."
Kategóriák: Linux

Four new kernel releases

p, 2014-07-18 20:13

Greg Kroah-Hartman has released four new stable kernels: 3.15.6, 3.14.13, 3.10.49, and 3.4.99; each contains important updates and fixes.

Kategóriák: Linux

Friday's security updates

p, 2014-07-18 17:34

Debian has updated fail2ban (multiple vulnerabilities), openjdk-6 (multiple vulnerabilities), and polarssl (denial of service).

Red Hat has updated java-1.7.0-oracle (multiple vulnerabilities) and kernel (RHEL6: multiple vulnerabilities).

Ubuntu has updated liblwp-protocol-https-perl (14.04: information leak).

Kategóriák: Linux

Changes on the openSUSE board

p, 2014-07-18 16:15
OpenSUSE board chair Vincent Untz has announced that he will be stepping down from the position to free time for other priorities. "I'm stepping down with regrets because these two years as chairman have been totally awesome, and I would love to keep contributing to the project that way. But I know I won't have enough time to dedicate to being a chairman in the months to come, and I'm a strong believer that board members (including the chairman) should be active in their role. Having motivation is extremely important, of course, but free time is simply essential." SUSE has chosen Richard Brown as Vincent's successor.
Kategóriák: Linux

Faults in Linux 2.6

cs, 2014-07-17 22:36
Six researchers (including Julia Lawall of the Coccinelle project) have just released a paper [PDF] (abstract) that looks at the faults in the 2.6 kernel. "In August 2011, Linux entered its third decade. Ten years before, Chou et al. published a study of faults found by applying a static analyzer to Linux versions 1.0 through 2.4.1. A major result of their work was that the drivers directory contained up to 7 times more of certain kinds of faults than other directories. This result inspired numerous efforts on improving the reliability of driver code. Today, Linux is used in a wider range of environments, provides a wider range of services, and has adopted a new development and release model. What has been the impact of these changes on code quality? To answer this question, we have transported Chou et al.'s experiments to all versions of Linux 2.6; released between 2003 and 2011. We find that Linux has more than doubled in size during this period, but the number of faults per line of code has been decreasing. Moreover, the fault rate of drivers is now below that of other directories, such as arch. These results can guide further development and research efforts for the decade to come. To allow updating these results as Linux evolves, we define our experimental protocol and make our checkers available." (Thanks to Asger Alstrup Palm.)
Kategóriák: Linux

The state of accessibility in Linux and open source software (Opensource.com)

cs, 2014-07-17 22:18
Over at Opensource.com, Rikki Endsley interviews Spencer Hunley, who will be giving a talk on accessibility at LinuxCon NA in August. Hunley also spoke at last year's LinuxCon NA and, shortly after that, helped form the Universal Tux Google+ community to work on accessibility in Linux. "Built-in, easy to use and understand accessibility support is hard to find in many distributions. Can you tell me the key combination to activate that support in Ubuntu? How about any other distro? The fact is that although it's there, it may not be easy to locate and/or use. When addressing this, focusing on independence is vital. No one wants to have to call upon someone else to help them install a new OS, or to utilize an application. This is especially true for people with disabilities; the learning curve can be nearly impossible, which leaves little in the way of choice in the FOSS world, depending on your abilities."
Kategóriák: Linux

X.Org server 1.16.0 released

cs, 2014-07-17 18:44
Keith Packard has announced the release of the 1.16.0 X.Org server with many new features, including Glamor (GL-based 2D X acceleration) integration, XWayland, systemd integration, Glamor for the Xephyr nested X server, and support for non-PCI devices. In addition, "thousands of compiler warnings were eliminated from the code base. "For the first time in several releases, we've added substantial amounts of code to the server, only 2/3 of which was the glamor code base: 604 files changed, 34449 insertions(+), 7024 deletions(-)"
Kategóriák: Linux

Security advisories for Thursday

cs, 2014-07-17 17:57

Debian has updated davfs2 (privilege escalation).

Fedora has updated lz4 (F20; F19: denial of service/possible code execution), python (F19: information leak), and python3 (F19: information leak).

Gentoo has updated gnupg (denial of service) and xen (many vulnerabilities).

openSUSE has updated flash-player (11.4: multiple vulnerabilities).

Oracle has updated java-1.7.0-openjdk (OL6; OL5: multiple vulnerabilities).

Red Hat has updated openstack-neutron (OSP4.0: two vulnerabilities).

SUSE has updated firefox (SLE10SP4, SLE10SP3: multiple vulnerabilities), kernel (SLE11SP3; SLE11SP3; SLE11SP3; SLERTE11SP3; SLERTE11SP3: many vulnerabilities, including one from 2012), and lzo (SLE11SP3: denial of service/possible code execution).

Ubuntu has updated EC2 kernel (10.04: three vulnerabilities), kernel (14.04; 13.10; 12.04; 10.04: multiple vulnerabilities), linux-lts-quantal (12.04: multiple vulnerabilities), linux-lts-raring (12.04: multiple vulnerabilities), linux-lts-saucy (12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), and mysql-5.5 (14.04, 12.04: unidentified vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for July 17, 2014

cs, 2014-07-17 03:00
The LWN.net Weekly Edition for July 17, 2014 is available.
Kategóriák: Linux

[$] Genealogy research with Gramps

sze, 2014-07-16 19:40

Genealogy is a fairly popular pursuit, and those wishing to use open-source software in their hobby have their choice cut-out for them—Gramps is the only complete, actively-developed free-software solution. The project was started in 2001 and initially known as GRAMPS; the first stable release was in 2004. The latest, version 4.1.0 ("Name go in book") was released on June 18.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-07-16 18:17

CentOS has updated java-1.7.0-openjdk (C7; C6; C5: multiple vulnerabilities).

Fedora has updated libXfont (F20: multiple vulnerabilities).

openSUSE has updated flash-player (13.1, 12.3: multiple vulnerabilities).

Red Hat has updated java-1.7.0-openjdk (RHEL6&7; RHEL5: multiple vulnerabilities).

Scientific Linux has updated java-1.7.0-openjdk (SL6; SL5: multiple vulnerabilities).

SUSE has updated struts (code execution).

Ubuntu has updated file (14.04, 13.10, 12.04, 10.04: multiple vulnerabilities), libav (13.10, 12.04: code execution), miniupnpc (14.04, 13.10, 12.04: denial of service), and transmission (14.04, 13.10, 12.04: code execution).

Kategóriák: Linux

2014 Linux Security Summit schedule published

sze, 2014-07-16 01:56
James Morris has a blog post announcing that the schedule for this year's Linux Security Summit (LSS) is now available. It starts with a keynote from James Bottomley of Parallels, then there are seven refereed talks, as well as other sessions: "Discussion session topics include Trusted Kernel Lock-down Patch Series, led by Kees Cook; and EXT4 Encryption, led by Michael Halcrow & Ted Ts’o. There’ll be kernel security subsystem updates from the SELinux, AppArmor, Smack, and Integrity maintainers. The break-out sessions are open format and a good opportunity to collaborate face-to-face on outstanding or emerging issues." LSS will be held August 18-19 in Chicago, overlapping the first two days of the Kernel Summit and it is followed by LinuxCon North America; all are being held in the same location.
Kategóriák: Linux

OpenSSL fork LibreSSL is declared “unsafe for Linux” (Ars Technica)

sze, 2014-07-16 00:25
Ars Technica reports that a security researcher has found what he calls a "catastrophic failure" in the Linux version of LibreSSL. "The failure results in cases where the same 16-bit PID is used to designate two or more processes. Linux ensures that a process can never have the same ID as the child process it spawned, but it remains possible for a process to have the same PID as its grandparent process. The condition appears to be an edge case, but it's one that may be possible if the Linux fork_rand program forks enough times to produce identical PIDs. OpenSSL, the open-source program LibreSSL aims to replace, has ways to recover from such cases. LibreSSL does not, at least not on Linux."

Update: This issue has been fixed in LibreSSL 2.0.2.

Kategóriák: Linux

KDE Plasma 5.0

k, 2014-07-15 18:12
KDE has announced the release of Plasma 5.0. "Plasma 5.0 introduces a new major version of KDE's workspace offering. The new Breeze artwork concept introduces cleaner visuals and improved readability. Central work-flows have been streamlined, while well-known overarching interaction patterns are left intact. Plasma 5.0 improves support for high-DPI displays and ships a converged shell, able to switch between user experiences for different target devices. Changes under the hood include the migration to a new, fully hardware-accelerated graphics stack centered around an OpenGL(ES) scenegraph. Plasma is built using Qt 5 and Frameworks 5."
Kategóriák: Linux

Tuesday's security updates

k, 2014-07-15 17:37

Red Hat has updated ror40-rubygem-activerecord (RHSC1: SQL injection) and ruby193-rubygem-activerecord (RHSC1: SQL injection).

SUSE has updated flash-player (SLED11SP3: multiple vulnerabilities).

Kategóriák: Linux

Google's "Project Zero"

k, 2014-07-15 15:29
Google's newly announced Project Zero is focused on making the net as a whole safer from attackers. "We're not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers. We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment." Their policy of only reporting bugs to the vendor looks like it could result in the burying of inconvenient vulnerabilities, but presumably they have thought about that.
Kategóriák: Linux

[$] Filesystem notification, part 2: A deeper investigation of inotify

k, 2014-07-15 01:20
In the first article in this series, we briefly looked at the original Linux filesystem notification API, dnotify, and noted a number of its limitations. We then turned our attention to its successor, inotify, and saw how the design of the newer API addressed various problems with the dnotify API while providing a number of other benefits as well. At first glance, inotify seems to provide a complete solution for the task of creating an application that reliably monitors the state of a filesystem. However, we are about to see that this isn't quite the case.

Subscribers can check out the next article in guest author Michael Kerrisk's series by clicking below.

Kategóriák: Linux

Justin Miller on how Mapbox runs like an open source project (Opensource.com)

h, 2014-07-14 21:01
Opensource.com has been running a series of interviews with OSCON speakers. In this article Justin Miller, a developer at Mapbox, talks with Michael Harrison.

[Michael] Mapbox is "running a business like you would run an open source project." Can you elaborate on what that means?

[Justin] This is the meat of my talk, but basically, the organization is flat and open. People join in on projects based on interest and available time, or start their own projects based on an idea and the ability to convince a couple coworkers that it's a worthwhile effort. If you have an idea for improvement, talk is cheap and putting in the code to demonstrate its potential is preferred. It's a very exciting way to choose direction and participation and lets everyone engage based on their interests and skill set. And nearly everything we write, anything that's easily reusable by someone else, is completely open source.

Kategóriák: Linux

Security advisories for Monday

h, 2014-07-14 18:32

Fedora has updated claws-mail (F20: code execution), claws-mail-plugins (F20: code execution), docker-io (F20; F19: privilege escalation), openstack-nova (F20: privilege escalation), and pnp4nagios (F20; F19: cross-site scripting).

openSUSE has updated python (13.1, 12.3: missing boundary check).

Slackware has updated php (multiple vulnerabilities).

Kategóriák: Linux

Kernel prepatch 3.16-rc5

h, 2014-07-14 15:56
Linus has sent out the 3.16-rc5 prepatch. "Things are looking normal, and as usual, I _wish_ there was a bit less churn going on since it's getting fairly late in the rc cycle, but honestly, it's not like there is anything that really raises any eyebrows here."
Kategóriák: Linux