Linux Weekly News

Tartalom átvétel is a comprehensive source of news and opinions from and about the Linux community. This is the main feed, listing all articles which are posted to the site front page.
Frissült: 10 perc 29 másodperc

Stable kernel updates

sze, 2015-02-11 19:29
Greg KH has released another batch of stable kernels: 3.18.7, 3.14.33, and 3.10.69. All contain the usual set of important updates.
Kategóriák: Linux

Security advisories for Wednesday

sze, 2015-02-11 19:22

CentOS has updated kernel (C5: denial of service) and subversion (C7; C6: multiple vulnerabilities).

Debian has updated ruby1.8 (denial of service).

openSUSE has updated krb5 (13.2: multiple vulnerabilities) and xen (13.2: multiple vulnerabilities).

Oracle has updated subversion (OL7; OL6: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6 Supplementary: multiple vulnerabilities), kernel (RHEL5: denial of service), and subversion (RHEL7; RHEL6: multiple vulnerabilities).

Scientific Linux has updated kernel (SL5: denial of service), shim (SL7: multiple vulnerabilities), and subversion (SL6: two vulnerabilities).

Ubuntu has updated krb5 (multiple vulnerabilities) and oxide-qt (14.10, 14.04: multiple vulnerabilities).

Kategóriák: Linux

GCC 5 in Fedora (Red Hat developer blog)

k, 2015-02-10 21:02
Last week the Red Hat developer blog looked at some changes coming with GCC5. This week's article covers how those changes will be handled in Fedora. "One consequence of this decision will be that Fedora 22 and Fedora 23 will both have GCC 5, but they’ll be fundamentally different. The C++ library ( will be compatible between F22 and F23 (in fact, it will be almost exactly the same, modulo some extra patches from upstream that might be pulled into the later F23 build). The difference will be all the other DSOs that link to it. That’s important for Fedora developers to note. Specifically, FESCo’s decision means the C++ standard library headers installed by the libstdc++-devel RPM will have a different default value for the _GLIBCXX_USE_CXX11_ABI macro (0 in F22 and 1 in F23) but the library will be largely the same in F22 and F23, because that library contains all the symbol definitions for both the old ABI and the new ABI, so that the same library works for both cases."
Kategóriák: Linux

Tuesday's security updates

k, 2015-02-10 19:08

Debian has updated ruby1.9.1 (multiple vulnerabilities) and unrtf (code execution).

Mageia has updated clamav (heap overflow), moodle (information disclosure), and polarssl (code execution).

Mandriva has updated cabextract (denial of service), clamav (heap overflow), glibc (code execution), otrs (privilege escalation), and zarafa (denial of service).

openSUSE has updated curl (13.2, 13.1: two vulnerabilities), grep (13.2: heap buffer overrun), llvm (13.1: insecure temporary files), openvas-manager (13.2: sql injection), and rsync (13.2, 13.1: code execution).

Ubuntu has updated binutils (multiple vulnerabilities) and ntp (two vulnerabilities).

Kategóriák: Linux

ownCloud Server 8 released

h, 2015-02-09 22:03
Version 8 of the ownCloud server is available. "This new release brings improved sharing and collaboration between clouds and introduces faster ways of getting at your files with favorites and improved search." See the feature page for details.
Kategóriák: Linux

Security advisories for Monday

h, 2015-02-09 20:38

Debian has updated liblivemedia (code execution), libxml2 (regression/incomplete fix in previous update), and ntp (incomplete fix in previous update).

Debian-LTS has updated krb5 (multiple vulnerabilities), libxml2 (regression/incomplete fix in previous update), ntp (multiple vulnerabilities), sympa (information disclosure), unzip (two vulnerabilities), and wpasupplicant (command execution).

Fedora has updated e2fsprogs (F21: code execution), jasper (F21; F20: two vulnerabilities), kernel (F20: two vulnerabilities), mantis (F21; F20: multiple vulnerabilities), maradns (F20: security hardening), postgresql (F21: multiple vulnerabilities), and websvn (F21; F20: information disclosure).

Gentoo has updated adobe-flash (multiple vulnerabilities), antiword (denial of service), bind (denial of service), libav (multiple vulnerabilities), libevent (code execution), mediawiki (multiple vulnerabilities), nginx (information disclosure), and tcpdump (multiple vulnerabilities).

Mageia has updated flash-player-plugin (multiple vulnerabilities).

openSUSE has updated flash-player (13.2, 13.1; 11.4: multiple vulnerabilities), privoxy (13.2, 13.1: multiple vulnerabilities), unzip (13.2, 13.1: code execution), virtualbox (13.2, 13.1: multiple vulnerabilities), and vorbis-tools (13.2, 13.1: denial of service).

Red Hat has updated flash-plugin (RHEL5,6: multiple vulnerabilities).

SUSE has updated flash-player (SLE12: multiple vulnerabilities) and flash-player, flash-player-gnome, flash-player-kde4 (SLE11 SP3: multiple vulnerabilities).

Kategóriák: Linux

The 3.19 kernel has been released

h, 2015-02-09 15:13
Linus has released the 3.19 kernel, saying "while I was tempted a couple of times to do an rc8, there really wasn't any reason for it." Significant changes in 3.19 include support for the Altera Nios II processor architecture, device tree overlay support, the ability to attach eBPF programs to sockets, disk scrubbing and replacement for RAID 5 and 6 in the Btrfs filesystem, the execveat() system call, and much more.
Kategóriák: Linux

GNU C library version 2.21 released

szo, 2015-02-07 17:35
Version 2.21 of the GNU C library is available. This release includes a lot of bug fixes, a wide range of architecture-specific performance and functionality improvements, and a new semaphore implementation. "Previous custom assembly implementations of semaphore were difficult to reason about or ensure that they were safe. The new version of semaphore supports machines with 64-bit or 32-bit atomic operations."
Kategóriák: Linux

Linux Plumbers Conference call for proposals

p, 2015-02-06 23:58
The calls for proposals (CFPs) for Linux Plumbers Conference microconferences and refereed track presentations are now up. The conference will be held August 19-21 in Seattle, WA, co-located (and overlapping one day) with LinuxCon North America.
Kategóriák: Linux

The first Tizen smartphone isn’t an “Android killer”—it’s a bad Android clone (ars technica)

p, 2015-02-06 22:44
Here's an extensive review of Samsung's first Tizen-based phone on ars technica. They are not overly impressed. "New OSes always have problems, usually with app selection and hardware availability, but they're supposed to make up for their ecosystem problems by bringing something new to the table. Windows Phone had a new interface style. Blackberry 10 devices have a small but vocal built-in fanbase, well-made hardware with physical keyboards, and lots of enterprise experience. But Tizen doesn't have any stand-out aspect. It's all the negatives of a new OS without any of the positives."
Kategóriák: Linux

A new batch of stable kernels

p, 2015-02-06 21:07

Greg Kroah-Hartman has released stable kernels 3.10.68, 3.14.32, and 3.18.6, each with important fixes and updates throughout the tree.

Kategóriák: Linux

Friday's security updates

p, 2015-02-06 17:59

CentOS has updated mariadb (C7: multiple vulnerabilities).

Debian has updated ntp (multiple vulnerabilities) and postgresql-9.1 (multiple vulnerabilities).

Fedora has updated kernel (F21: multiple vulnerabilities) and php (F20; F21: multiple vulnerabilities).

Gentoo has updated mpg123 (code execution).

Mageia has updated cabextract (M4: denial of service), hexchat (M4: SSL spoofing), vlc (M4: multiple vulnerabilities), vorbis-tools (M4: denial of service), and zarafa (M4: denial of service).

Mandriva has updated aircrack-ng (BS1: multiple vulnerabilities), binutils (BS1: multiple vulnerabilities), bugzilla (BS1: command injection), busybox (BS1: arbitrary module loading), jasper (BS1: multiple vulnerabilities), java-1.7.0-openjdk (BS1: multiple vulnerabilities), libvirt (BS1: information leak), php (BS1: multiple vulnerabilities), python-django (BS1: multiple vulnerabilities), and vorbis-tools (BS1: denial of service).

openSUSE has updated libvirt (13.1, 13.2: access control bypass) and xen (13.1: multiple vulnerabilities).

Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.6.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm (RHEL5: multiple vulnerabilities), and java-1.7.1-ibm (RHEL6,7: multiple vulnerabilities).

Kategóriák: Linux

The end of CrunchBang Linux

p, 2015-02-06 16:36
The developer of the CrunchBang Linux distribution has announced that the project has come to an end. "That said, when progress happens, some things get left behind, and for me, CrunchBang is something that I need to leave behind. I’m leaving it behind because I honestly believe that it no longer holds any value, and whilst I could hold on to it for sentimental reasons, I don’t believe that would be in the best interest of its users, who would benefit from using vanilla Debian."
Kategóriák: Linux

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

p, 2015-02-06 01:28
A lot of attention has been paid to this ProPublica article describing Werner Koch's difficulties getting funding for his GnuPG work. But do note the update: "After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations have also poured into Werner Koch's website donation page to the tune of nearly $50,000 so far."
Kategóriák: Linux

GCC5 and the C++11 ABI (Red Hat developer blog)

p, 2015-02-06 00:43
A post at the Red Hat developer blog looks at some of the changes that are coming with GCC5. Support for the C++11 standard means that some standard library classes need to change their ABI, notably std::basic_string and std::list. The post looks at how the change has been handled and what programmers need to do to deal with the changes. "The last time G++ went through an ABI change, back in the 3.x period, we changed the soname of libstdc++, which was widely regarded as a mistake. Changing the soname caused a lot of pain but is not sufficient to deal with changes in symbol ABIs: if you load multiple shared objects that depend on different versions of the library, you can still get clashes between different versions of the same symbol. So the plan for this ABI change has been to leave the soname (and the existing binary interface) alone, and express the new ABI using different mangled names."
Kategóriák: Linux

Thursday's security advisories

cs, 2015-02-05 18:09

Fedora has updated maradns (F21: denial of service) and patch (F21: two vulnerabilities).

Ubuntu has updated file (three vulnerabilities) and python-django (12.04, 10.04: regression in previous security fix).

Kategóriák: Linux

[$] Weekly Edition for February 5, 2015

cs, 2015-02-05 03:49
The Weekly Edition for February 5, 2015 is available.
Kategóriák: Linux

Results from Fedora's FESCo election

sze, 2015-02-04 22:27
The Fedora project has announced the results from this year's election for members of its engineering steering committee (FESCo). The winning candidates are Kevin Fenzi, Adam Jackson, Tomas Hozza, Parag Nemade, and Debarshi Ray.
Kategóriák: Linux

OPW becomes Outreachy

sze, 2015-02-04 21:27
The effort formerly known as the FOSS Outreach Program for Women has just been rebranded as Outreachy and moved under the Software Freedom Conservancy's organizational umbrella. "The upcoming round of internships is open to women (cis and trans), trans men, genderqueer people, and all participants of the Ascend Project regardless of gender. We are planning to expand the program to more participants from underrepresented backgrounds in the future."
Kategóriák: Linux

[$] A look at Inkscape 0.91

sze, 2015-02-04 21:20

The Inkscape project released version 0.91 at the end of January, a release culminating more than four years of development. The new release incorporates a lengthy list of improvements from that time period: new tools, performance enhancements, and fixes to several longstanding bugs. Just as importantly, though, it also lays the groundwork for a 1.0 release that will signify an important milestone: full SVG 1.1 support. Over the years, though, Inkscape has evolved to be more than just an SVG editor—as version 0.91 demonstrates.

Kategóriák: Linux