Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 27 perc 11 másodperc

Apache SpamAssassin 3.4.0 available

sze, 2014-02-12 17:32
The SpamAssassin 3.4.0 release is out. "This is a major release. It introduces over two years of bug fixes and features since the release of SpamAssassin 3.3.2 on June 16, 2011." Changes include use of the Redis backend for Bayesian data storage, native IPv6 support, and, of course, lots of rule changes.
Kategóriák: Linux

Mozilla To Sell Ads In Firefox Web Browser (AdvertisingAge)

sze, 2014-02-12 05:45
AdvertisingAge is reporting that Mozilla will be selling ads in Firefox. In particular, the "New Tab" page that normally has nine of the most frequently visited sites shown will, for new users, show ads and "pre-packaged content" in the new feature called "Directory Tiles". The Mozilla blog gives a bit more detail: "Some of these tile placements will be from the Mozilla ecosystem, some will be popular websites in a given geographic location, and some will be sponsored content from hand-picked partners to help support Mozilla’s pursuit of our mission. The sponsored tiles will be clearly labeled as such, while still leading to content we think users will enjoy. We are excited about Directory Tiles because it has inherent value to our users, it aligns with our vision of a better Internet through trust and transparency, and it helps Mozilla become more diversified and sustainable as a project."
Kategóriák: Linux

Top 10 legal issues for free software of 2013 (opensource.com)

k, 2014-02-11 23:19
Opensource.com covers some legal issues faced in 2013. Topics include Android patent litigation, license compliance, forks, enforcement, GitHub's license selection policy, good news in the patent wars, FOSS in government and in the private sector, contributor agreements, and collaborations. "On June 14, 2013, the district court of Hamburg found that Fantec violated the obligation in the GPLv2 to provide to its customers the "complete corresponding source code" of the software. Fantec objected that it had been assured by its Chinese supplier that the source code received from the supplier was complete. And Fantec claimed that they had investigated options with third parties for source code analysis and had been informed that such reviews were quite expensive and not completely reliable. The court rejected these excuses."
Kategóriák: Linux

Tuesday's security updates

k, 2014-02-11 20:05

CentOS has updated wget (C6: code execution).

Debian has updated pidgin (multiple vulnerabilities).

Gentoo has updated roundcube (code execution).

Mageia has updated darktable (MG3: denial of service), flite (insecure temporary files), icedtea-web (insecure temporary file use), kernel-linus (MG3: multiple vulnerabilities), kernel-rt (MG3: multiple vulnerabilities), kernel-tmb (MG3: multiple vulnerabilities), kernel-tmb (MG4: privilege escalation), seamonkey (multiple vulnerabilities), and springframework (MG3: denial of service).

Mandriva has updated pidgin (multiple vulnerabilities).

Oracle has updated wget (OL6: code execution).

Red Hat has updated wget (RHEL6: code execution from 2010).

Scientific Linux has updated wget (SL6: code execution).

Ubuntu has updated firefox (multiple vulnerabilities) and libgadu (buffer overflow).

Kategóriák: Linux

The Debian technical committee vote concludes

k, 2014-02-11 17:09
All of the votes are in on the simplified ballot to choose the default init system for the Debian "jessie" release (on Linux). The Condorcet process left systemd and upstart tied with four votes each; committee chair Bdale Garbee has now used his casting vote in favor of systemd. That ends one chapter of the debate, though the chances of this decision being reviewed via a general resolution seem high.
Kategóriák: Linux

[$] Systemd programming part 2: activation and language issues

k, 2014-02-11 01:08
This is the second half of a pair of articles looking at systemd as a programming language for the specification and management of system services. Part 1 was concerned with modularity issues and how services can be configured. This part continues with a look at the various ways to control the activation of services before getting into an overall look at issues with systemd's language. While systemd has been extensively discussed as an init system, there is value in regarding it from a language point of view as well.
Kategóriák: Linux

Russ Allbery's perspective on the Debian technical committee impasse

h, 2014-02-10 22:04
LWN has backed off on moment-to-moment coverage of events in Debian's technical committee because it seems that a moment of relative calm is called for. But a note posted by committee member Russ Allbery on the situation is worth reading in its entirety, despite the fact that it's rather long. "In short, you can certainly disagree with the relative weights of the various features or drawbacks of any of the init systems. But I think at the point at which one goes beyond 'I disagree' to 'and therefore you must be biased,' one has lost the plot. This is a hard decision with a lot of subjective judgement, and reasonable people can arrive at opposite conclusions."
Kategóriák: Linux

Security advisories for Monday

h, 2014-02-10 20:37

Debian has updated iceweasel (multiple vulnerabilities), libcommons-fileupload-java (denial of service), and libspring-java (multiple vulnerabilities).

Fedora has updated chicken (F20: code execution), ghdl (F19; F20: remote denial of service), ikiwiki (F19; F20: javascript code injection), and libyaml (F19; F20: code execution).

Gentoo has updated djvu (code execution), icu (denial of service), links (denial of service), mod_fcgid (code execution), pam_skey (information disclosure), and pulseaudio (denial of service from 2009).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), kernel (MG3: multiple vulnerabilities), kernel (MG4: privilege escalation), mupdf (denial of service), and yaml (code execution).

openSUSE has updated firefox (13.1, 12.3: multiple vulnerabilities), mozilla (11.4: multiple vulnerabilities).

Slackware has updated firefox (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and seamonkey (multiple vulnerabilities).

Kategóriák: Linux

Kernel prepatch 3.14-rc2

h, 2014-02-10 15:57
The 3.14-rc2 prepatch is out; Linus notes that the patch volume has been light, but worries that kernel developers are lurking in the background waiting to dump more stuff on him. "Because I know kernel developers, and they are sneaky. I suspect Davem (to pick somebody not at random) is giggling to himself, waiting for this release message, planning to send me some big-ass pull request tomorrow."
Kategóriák: Linux

Another Debian init system vote called

szo, 2014-02-08 23:28
Debian technical committee chair Bdale Garbee has posted a surprise call for votes on a simplified resolution that would decide the default init system for the upcoming "jessie" release on Linux — and nothing else. "The fundamental problem is that I remain as convinced now as I was when I posted my last CFV that conflating multiple questions in a single ballot is a bad idea. Our voting system works exceptionally well when we're trying to choose between multiple alternatives for a single question. But as others have observed, trying to mix questions into a matrix of alternatives in a single ballot really complicates the process." The ballot is quite similar to his first attempt, but it includes the language allowing the decision to be overridden by a simple majority on a general resolution.

Assuming a sufficient number of members vote something other than "further discussion," this move might actually bring this chapter of this story (which, alas, may have a fair while to go still) to a close.

Kategóriák: Linux

Mozilla announces "Firefox Accounts"

szo, 2014-02-08 01:33

The Mozilla Blog has an announcement about "Firefox Accounts," a new service being rolled out by the browser vendor. The post describes this venture as "as a safe and easy way for you to create an account that enables you to sign in and take your Firefox with you anywhere. With Firefox Accounts, we can better integrate services into your Web experience." The announcement does not shed light on what services will be involved, other than the fact that it will incorporate the existing Firefox Sync. The service is testable on Mozilla's Aurora pre-release builds of Firefox.

Kategóriák: Linux

Friday's security updates

p, 2014-02-07 17:33

Debian has updated libgadu (code execution).

Fedora has updated icedtea-web (F20: multiple vulnerabilities), libpng10 (F19; F20: denial of service), mediawiki (F19; F20: code execution), and thunderbird (F20: multiple vulnerabilities).

Gentoo has updated freeciv (code execution) and stunnel (multiple vulnerabilities).

Mageia has updated firefox, thunderbird (multiple vulnerabilities).

openSUSE has updated bind (11.4; 12.3, 13.1: denial of service), gnumeric (11.4: denial of service), kernel (12.3; 13.1: multiple vulnerabilities), python-apache-libcloud (13.1: information leak), QEMU (12.3, 13.1: privilege escalation), and flash-player (11.4: code execution).

Ubuntu has updated pidgin (multiple vulnerabilities).

Kategóriák: Linux

Jones: The EFI System Partition and the Default Boot Behavior

p, 2014-02-07 00:04
On his blog, Peter Jones writes about the boot process for UEFI, looking at the requirements for EFI System Partitions (ESPs), how the BootOrder variable is used, falling back to removable media, and more. It may be more than you wanted to know about UEFI booting. "There’s nothing truly special about an ESP. It isn’t an ESP because of the GPT GUID and label, nor because of the file system type. Those are how the firmware identifies a partition, and the file system it contains, as candidates to treat as the ESP, when it really needs to find one. The only factor in determining if a partition is the ESP is this: is the firmware attempting to use it as the ESP? At the same time, the requirements for the ESP give us latitude; we know that we can use UEFI’s APIs to find correctly constructed FAT file systems, but there’s no need for those to be the ESP. In fact, even when we create multiple partitions with the ESP’s GUID and label, there’s no requirement that the firmware looks at more than one of them if it needs to find the ESP, and there’s no guarantee as to which one it will pick, either."
Kategóriák: Linux

Ubuntu 12.04.4 LTS released

cs, 2014-02-06 23:46
Ubuntu has released an updated version of its 12.04 long term support (LTS) distribution for the Desktop, Server, Cloud, and Core products: 12.04.4 LTS. In addition, Kubuntu 12.04.4 LTS, Edubuntu 12.04.4 LTS, Xubuntu 12.04.4 LTS, Mythbuntu 12.04.4 LTS, and Ubuntu Studio 12.04.4 LTS have also been released. "As with 12.04.3, 12.04.4 contains an updated kernel and X stack for new installations on x86 architectures. As usual, this point release includes many updates, and updated installation media has been provided so that fewer updates will need to be downloaded after installation. These include security updates and corrections for other high-impact bugs, with a focus on maintaining stability and compatibility with Ubuntu 12.04 LTS."
Kategóriák: Linux

Stable kernels 3.13.2, 3.12.10, 3.10.29, and 3.4.79

cs, 2014-02-06 23:32
Greg Kroah-Hartman has released the 3.13.2, 3.12.10, 3.10.29, and 3.4.79 stable kernels. Users of those kernel series should upgrade.
Kategóriák: Linux

GDB 7.7 released

cs, 2014-02-06 17:49
Version 7.7 of the GDB debugger is out. It features improved Python scripting support, a number of new commands, support for a few new targets, and more.
Kategóriák: Linux

Docker 0.8 released

cs, 2014-02-06 17:35
Version 0.8 of the Docker container-creation system has been announced. This release brings some changes to the development process: "First, this is the first Docker release where features take the backseat to quality: dozens and dozens of bugfixes, performance boosts, stability improvements, code cleanups, extra documentation and improved code coverage – that’s the primary feature in Docker 0.8." The project will also be doing time-based monthly releases going forward. There are still some new features, including a Btrfs storage driver and Mac OS support; see the changelog for details.
Kategóriák: Linux

Security advisories for Thursday

cs, 2014-02-06 17:25

CentOS has updated pidgin (C5; C6: multiple vulnerabilities).

Debian has updated libav (multiple vulnerabilities, one from 2011).

Fedora has updated chrony (F20: distributed denial of service via amplification), firefox (F20: multiple vulnerabilities), mupdf (F19; F20: denial of service), pidgin (F20: multiple vulnerabilities), and xulrunner (F20: multiple vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities).

openSUSE has updated flash-player (12.3, 13.1: multiple vulnerabilities).

Oracle has updated firefox (OL5: multiple vulnerabilities), librsvg2 (OL6: two vulnerabilities), and pidgin (OL6: multiple vulnerabilities).

Red Hat has updated pidgin (multiple vulnerabilities).

Scientific Linux has updated pidgin (multiple vulnerabilities).

Ubuntu has updated perl (10.04, 12.04, 12.10: code execution).

Kategóriák: Linux

[$] LWN.net Weekly Edition for February 6, 2014

cs, 2014-02-06 03:50
The LWN.net Weekly Edition for February 6, 2014 is available.
Kategóriák: Linux

[$] Systemd programming part 1: modularity and configuration

cs, 2014-02-06 01:09
Systemd's positive and negative features have been discussed at length; one of the first positives I personally noticed was seen from my perspective as an upstream package maintainer. As the maintainer of mdadm and still being involved in the maintenance of nfs-utils, one of my frustrations was the lack of control over, or even much visibility into, the way these packages were integrated into the "init" system on each distribution. Systemd has the potential to give back some of that control while still giving flexibility to distributors and administrators; this article (and the one that follows) will look at systemd's programming features to show how that works.
Kategóriák: Linux