Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 28 perc 1 másodperc

Poettering: The new sd-bus API of systemd

p, 2015-06-19 23:40
Lennart Poettering writes about the sd-bus library with substantial digressions into how D-Bus works in general. "We believe the result of our work delivers our goals quite nicely: the library is fun to use, supports kdbus and sockets as back-end, is relatively minimal, and the performance is substantially better than both libdbus and GDBus."
Kategóriák: Linux

Announcing the Code Climate platform

p, 2015-06-19 23:24
Code Climate has announced the open-source release of its static-analysis platform. "We’re releasing the static analysis engines that power the new Code Climate Platform, and going forward, all of our static analysis code will be published under Open Source licenses. Code Climate has always provided free analysis to Open Source projects, and this continues to deepen our commitment to, and participation in, the OSS community."
Kategóriák: Linux

Bacon: Rebasing Ubuntu on Android?

p, 2015-06-19 23:21

At his blog, former Ubuntu Community Manager Jono Bacon speculates on whether or not the Ubuntu Phone project should rebase its software stack on Android. Bacon prefaces the post with a note that it is "designed purely for some intellectual fun and discussion. I am not proposing we actually do this, nor advocating for this." The central argument is that new mobile platforms invariably expend hundreds of thousands of dollars attracting well-known app vendors to the new stack. Supporting Android apps would let Ubuntu focus efforts on the user interface, scopes, and other components. "I know there has been a reluctance to support Android apps on Ubuntu as it devalues the Ubuntu app ecosystem and people would just use Android apps, but I honestly think some kind of middle-ground is needed to get into the game, otherwise I worry we won’t even make it to the subs bench no matter how awesome our technology is." Note that, whatever one makes of the idea, Bacon is speaking only about the Ubuntu Phone stack; the post does touch on how such a rebase would interfere with Ubuntu's plans for a converged software stack.

Kategóriák: Linux

Friday's security updates

p, 2015-06-19 16:45

Debian has updated cinder (file disclosure) and drupal7 (multiple vulnerabilities).

Fedora has updated mbedtls (F21: multiple vulnerabilities) and python-django14 (F20: cross-site scripting).

Mageia has updated cups (M4: multiple vulnerabilities), ffmpeg (M4: multiple vulnerabilities), openssl (M4: multiple vulnerabilities), and redis (M4: code execution).

SUSE has updated IBM Java (SLES10 SP4; SLE11: multiple vulnerabilities).

Kategóriák: Linux

The launch of WebAssembly

cs, 2015-06-18 16:51
Luke Wagner of Mozilla has announced the existence of the WebAssembly project. The purpose is to define a low-level language to run in web browsers; it will then serve as a compilation target for higher-level languages. Developers from most of the major browser engines are working on the project. "For existing Emscripten/asm.js users, targeting WebAssembly will be as easy as flipping a flag. Thus, it is natural to view WebAssembly as the next evolutionary step of asm.js (a step many have requested and anticipated)."
Kategóriák: Linux

Security updates for Thursday

cs, 2015-06-18 16:13

CentOS has updated cups (C7; C6: three vulnerabilities).

Debian has updated kernel (three vulnerabilities).

Debian-LTS has updated linux-2.6 (multiple vulnerabilities going back to 2011) and openssl (multiple vulnerabilities).

Fedora has updated mbedtls (F20: code execution), python-requests (F21: cookie stealing), and python-urllib3 (F21: proper openssl support).

openSUSE has updated busybox (13.2, 13.1: code execution) and strongswan (13.2, 13.1: information disclosure).

Oracle has updated cups (OL7; OL6: three vulnerabilities).

Red Hat has updated cups (RHEL6&7: three vulnerabilities).

Scientific Linux has updated cups (SL6&7: three vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for June 18, 2015

cs, 2015-06-18 03:51
The LWN.net Weekly Edition for June 18, 2015 is available.
Kategóriák: Linux

[$] Micro Python on the pyboard

sze, 2015-06-17 21:39
A 2013 Kickstarter project brought us Micro Python, which is a version of Python 3 for microcontrollers, along with the pyboard to run it on. Micro Python is a complete rewrite of the interpreter that avoids some of the CPython (the canonical Python interpreter written in C) implementation details that don't work well on microcontrollers. I recently got my hands on a pyboard and decided to give it—and Micro Python—a try.
Kategóriák: Linux

Cool new features coming to Blender 2.75 (Opensource.com)

sze, 2015-06-17 21:36
Opensource.com takes a look at the upcoming release of Blender 2.75. "One of the biggest features merged into Blender this go-round were from the multiview branch. In short, Blender now fully supports the ability to create stereoscopic 3D images. With the increased pervasiveness of 3D films and televisions—not to mention VR headsets in gaming—a lot of people are interested in generating images that play nice in this format. And now Blender can."
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-06-17 18:14

Debian-LTS has updated linux-2.6 (multiple vulnerabilities).

Red Hat has updated kernel (RHEL5.9: privilege escalation).

SUSE has updated java-1_7_0-ibm (SLE12: multiple vulnerabilities).

Ubuntu has updated aptdaemon (15.04, 14.10, 14.04, 12.04: information leak), devscripts (14.10, 14.04, 12.04: directory traversal), and wpa, wpasupplicant (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

[$] Leap-second issues, 2015 edition

sze, 2015-06-17 17:15
The leap second is an occasional ritual wherein Coordinated Universal Time (UTC) is held back for one second to account for the slowing of the Earth's rotation. The last leap second happened on June 30, 2012; the next is scheduled for June 30 of this year. Leap seconds are thus infrequent events. One might easily imagine that infrequent events involving time discontinuities would be likely to expose software problems, and, sure enough, the 2012 leap second had its share of issues. The 2015 leap second looks to be a calmer affair, but it appears that it will not be entirely problem-free.
Kategóriák: Linux

Tuesday's security advisories

k, 2015-06-16 18:02

CentOS has updated abrt (C7: multiple vulnerabilities), openssl (C7; C6: multiple vulnerabilities), and wpa_supplicant (C7: two vulnerabilities).

Debian has updated p7zip (directory traversal).

Oracle has updated openssl (OL7; OL6: multiple vulnerabilities).

Red Hat has updated openssl (RHEL6,7: multiple vulnerabilities).

Scientific Linux has updated openssl (SL6,7: multiple vulnerabilities).

SUSE has updated kernel (SLE12: multiple vulnerabilities).

Ubuntu has updated kernel (15.04; 14.10; 14.04; 12.04: privilege escalation), linux-lts-trusty (12.04: privilege escalation), linux-lts-utopic (14.04: privilege escalation), linux-lts-vivid (14.04: privilege escalation), and linux-ti-omap4 (12.04: privilege escalation).

Kategóriák: Linux

Best practices to build bridges between tech teams (Opensource.com)

k, 2015-06-16 01:16
Opensource.com has an interview with Robyn Bergeron about her current position as Operations Advocate at Elastic, and past roles (such as Fedora Project Leader). "The ELK stack (that's Elasticsearch, Logstash, and Kibana), being incredibly flexible and adaptable to many use cases, appeals to both operations folks and developers—but my love for it really has grown from seeing how fantastically it has allowed folks working in ops to not just start more rapidly identifying that "something broke," but also to be able to visually identify the patterns that lead to those broken things. Getting to a point where you're not just on fire all the time fixing technology, and instead fixing the processes that lead to fires, or implementing ways to proactively avoid fires, is not just redeeming, but frees up time to do other things besides firefighting. People love breaking that loop, and it's fabulous being an advocate for something that is literally making people's work-life balance and general happiness levels better. I've been in those fires. It's not fun. It makes me happy to see users feeling awesome."
Kategóriák: Linux

Security updates for Monday

h, 2015-06-15 18:58

Debian has updated libav (two vulnerabilities), openssl (multiple vulnerabilities), qemu (multiple vulnerabilities), qemu-kvm (two vulnerabilities), sqlite3 (denial of service), and xen (multiple vulnerabilities).

Debian-LTS has updated p7zip (directory traversal).

Fedora has updated armacycles-ad (F22; F21; F20: multiple vulnerabilities), filezilla (F22: multiple vulnerabilities), fuse (F20: privilege escalation), libreswan (F20: denial of service), nss (F20: cipher-downgrade attacks), nss-softokn (F20: cipher-downgrade attacks), nss-util (F20: cipher-downgrade attacks), ntfs-3g (F20: privilege escalation), and xen (F22; F21: multiple vulnerabilities).

openSUSE has updated flash-player (11.4: multiple vulnerabilities), coreutils (13.2: memory handling error), cups (13.2, 13.1: three vulnerabilities), dpkg (13.2, 13.1: integrity-verification bypass), and php5 (13.2, 13.1: information disclosure).

Kategóriák: Linux

Kernel prepatch 4.1-rc8

h, 2015-06-15 16:27
As promised, the 4.1-rc8 kernel prepatch is out. "So I'm on vacation, but time doesn't stop for that, and it's Sunday, so time for a hopefully final rc."
Kategóriák: Linux

TeX Live 2015 is available

szo, 2015-06-13 00:12

The 2015 edition of the TeX Live software distribution, the "easy way to get up and running with the TeX document production system," has been released. DVDs are in production for members of the TeX Users Group (TUG), though many will probably prefer the downloadable release. The changes included in this edition include the merging of several LaTeX fixes from external packages into LaTeX itself, JPEG Exif support in pdfTeX, and image-handling fixes in XeTeX.

Kategóriák: Linux

MATE 1.10 released

p, 2015-06-12 21:48

Version 1.10 of the MATE Desktop has been released. Perhaps the most notable new feature is that all MATE components can now be built with GTK+2 or GTK+3, although GTK+3 support is still labeled "experimental." Also new in this update are ePub support in the Atril document viewer and a new audio-mixing library named libmatemixer.

Kategóriák: Linux

Friday's security updates

p, 2015-06-12 17:21

Arch Linux has updated openssl (multiple vulnerabilities).

Debian-LTS has updated imagemagick (multiple vulnerabilities) and strongswan (information disclosure).

Fedora has updated qemu (F22: denial of service).

openSUSE has updated flash-player (13.1, 13.2: multiple vulnerabilities), python-setuptools (13.1: non-secure SSL hostname matching), and tidy (13.1, 13.2: buffer overflow).

Oracle has updated wpa_supplicant (O7: multiple vulnerabilities).

Red Hat has updated wpa_supplicant (RHEL7: multiple vulnerabilities).

Scientific Linux has updated wpa_supplicant (SL7: multiple vulnerabilities).

Slackware has updated openssl (multiple vulnerabilities) and php (S14: multiple vulnerabilities).

SUSE has updated cups (SLE12: multiple vulnerabilities), cups154 (SLE12: multiple vulnerabilities), flash-player (SLE12: multiple vulnerabilities), and xen (SLE11 SP3; SLE12: multiple vulnerabilities).

Ubuntu has updated openssl (multiple vulnerabilities).

Kategóriák: Linux

The hidden costs of embargoes (Red Hat Security Blog)

p, 2015-06-12 05:12
Over at the Red Hat Security Blog, Kurt Seifried looks at the costs of security embargoes. Keeping the information about security vulnerabilities quiet until distributions can coordinate their releases of a fix for it seems like it makes a lot of sense, but there are hidden costs to that. "Patch creation with an embargoed issue means only the researcher and upstream participating. The end result of this is often patches that are incomplete and do not fully address the issue. This happened with the Bash Shellshock issue (CVE-2014-6271) where the initial patch, and even subsequent patches, were incomplete resulting in several more CVEs (CVE-2014-6277, CVE-2014-6278, CVE-2014-7169). For a somewhat complete listing of such examples simply search the CVE database for 'because of an incomplete fix for'."
Kategóriák: Linux

Security advisories for Thursday

cs, 2015-06-11 17:37

CentOS has updated kernel (C6: multiple vulnerabilities) and qemu-kvm (C6: code execution).

Debian-LTS has updated wireshark (WCP dissector crash).

Fedora has updated cabal-install (F22: force digest authentication), freecad (F22: code execution), fusionforge (F22; F21: code execution), haskell-platform (F22: force digest authentication), less (F21: information leak), libreswan (F22; F21: denial of service), python-tornado (F21: TLS side-channel attack), and thermostat (F21: code execution).

openSUSE has updated proftpd (13.2, 13.1: two vulnerabilities, one from 2013), wpa_supplicant (13.2, 13.1: three vulnerabilities), and zeromq (13.2, 13.1: protocol downgrade).

Oracle has updated qemu-kvm (OL6: code execution) and kernel (OL6; OL5: three vulnerabilities).

Red Hat has updated qemu-kvm (RHEL6: code execution) and qemu-kvm-rhev (RHEL6OSP: code execution).

Scientific Linux has updated abrt (SL7: multiple vulnerabilities) and qemu-kvm (SL6: code execution).

Ubuntu has updated kernel (15.04; 14.10; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-utopic (14.04: two vulnerabilities), linux-lts-vivid (14.04: three vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).

Kategóriák: Linux