Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 4 perc 22 másodperc

The Linux Foundation Technical Advisory Board election

h, 2014-08-18 22:47
The election for half of the members of the Linux Foundation's Technical Advisory board will be held 8:00PM, August 20, at the Kernel Summit/LinuxCon joint reception. As of this writing, there are fewer candidates than open positions. Anybody interested in serving on the TAB is encouraged to make their interest known prior to the election time and, if possible, attend the election.
Kategóriák: Linux

Monday's security updates

h, 2014-08-18 17:37

Debian has updated xen (multiple vulnerabilities).

Fedora has updated 389-ds-base (F20: information disclosure), iodine (F19; F20: authentication bypass), kernel (F20: multiple vulnerabilities), krfb (F19; F20: denial of service), pixman (F20: denial of service), and tboot (F19; F20: boot chain bypass).

Gentoo has updated libmodplug (multiple vulnerabilities).

Mageia has updated 389-ds-base (information disclosure), dhcpcd (denial of service), flash-player-plugin (multiple vulnerabilities), kernel-linus (M3; M4: multiple vulnerabilities), kernel-tmb (M3; M4: multiple vulnerabilities), and kernel-vserver (multiple vulnerabilities).

openSUSE has updated flash-player (11.4: multiple vulnerabilities).

Red Hat has updated nss, nss-util, nss-softokn (RHEL7: incorrect certificate handling).

SUSE has updated krb5 (code execution).

Ubuntu has updated kernel (14.04: multiple vulnerabilities) and linux-lts-trusty (12.04: multiple vulnerabilities).

Kategóriák: Linux

Kernel prepatch 3.17-rc1

szo, 2014-08-16 21:27
Linus has released 3.17-rc1 and closed the merge window for this release. He had suggested that the merge window could be extended, but that's not how things turned out. "I'm going to be on a plane much of tomorrow, and am not really supportive of last-minute pull requests during the merge window anyway, so I'm closing the merge window one day early, and 3.17-rc1 is out there now."
Kategóriák: Linux

Ten years of OpenStreetMap (O'Reilly Radar)

p, 2014-08-15 23:11

O'Reilly Radar has posted a retrospective look at the OpenStreetMap (OSM) project on the occasion of OSM's ten-year anniversary. Tyler Bell calls the project "the most significant development in the Open Geo Data movement" outside of GPS; noting that before OSM's creation, "map data sources were few, and largely controlled by a small collection of private and governmental players. The scarcity of map data ensured that it remained both expensive and highly restrictive, and no one but the largest navigation companies could use map data." Particularly interesting are the various comparisons between the state of the map in 2007 and today; the project's 1.5 million registered users do not seem to be slowing down, even if today's emphasis has shifted somewhat to less-visible features: "nodes are getting connected and turn restrictions added to facilitate navigation, while addresses are being sourced to help with geocoding and place finding."

Kategóriák: Linux

Friday's security updates

p, 2014-08-15 17:29

Fedora has updated gd (F20: denial of service), httpd (F19: multiple vulnerabilities), krb5 (F20: code execution), python-bottle (F19; F20: remote code execution), tor (F19; F20: traffic confirmation), transmission (F19: code execution), and v8 (F19: denial of service).

Ubuntu has updated serf (12.04, 14.04: information leak) and subversion (12.04, 14.04: multiple vulnerabilities).

Kategóriák: Linux

Riddell: Upstream and Downstream: why packaging takes time

cs, 2014-08-14 19:15
Kubuntu developer Jonathan Riddell looks at packaging all of the pieces of KDE on his blog. His perspective is, of course, Kubuntu-focused, but the comments contain lengthy responses from Fedora and openSUSE KDE packagers, which makes for a good look at the work distributions put into packaging a huge code base like KDE. "Much of what we package are libraries and if one small bit changes in the library, any applications which use that library will crash. This is ABI and the rules for binary [compatibility] in C++ are nuts. Not infrequently someone in KDE will alter a library ABI without realising. So we maintain symbol files to list all the symbols, these can often feel like more trouble than they're worth because they need updated when a new version of GCC produces different symbols or when symbols disappear and on investigation they turn out to be marked private and nobody will be using them anyway, but if you miss a change and apps start crashing as nearly happened in KDE PIM last week then people get grumpy." (Thanks to Robie Basak.)
Kategóriák: Linux

Five new stable kernels

cs, 2014-08-14 18:08
Greg Kroah-Hartman has announced the release of five new stable kernels: 3.16.1, 3.15.10, 3.14.17, 3.10.53, and 3.4.103. As usual, each has important fixes and users should upgrade. In addition, this is the last 3.15.x release, so users should be switching to the 3.16 series.
Kategóriák: Linux

Security advisories for Thursday

cs, 2014-08-14 17:52

CentOS has updated openssl (C7; C6; C5: multiple vulnerabilities).

Debian has updated gpgme1.0 (code execution).

Gentoo has updated adobe-flash (multiple vulnerabilities), catfish (multiple privilege escalations), and libpng (three vulnerabilities, two from 2013).

openSUSE has updated flash-player (13.1, 12.3: multiple vulnerabilities).

Oracle has updated openssl (OL7; OL6; OL5: multiple vulnerabilities).

Red Hat has updated openssl (RHEL6&7; RHEL5: multiple vulnerabilities).

Scientific Linux has updated openssl (SL6; SL5: multiple vulnerabilities).

Kategóriák: Linux

[$] LWN.net Weekly Edition for August 14, 2014

cs, 2014-08-14 03:03
The LWN.net Weekly Edition for August 14, 2014 is available.
Kategóriák: Linux

[$] Lessons from the Novena laptop project

sze, 2014-08-13 19:49

Flock is the annual conference for the Fedora distribution, but, like most free-software events, the program draws on a wide range of projects. At this year's event in Prague, keynote speaker Sean Cross spoke about his work on the Novena laptop project—including some speculation as to why it is succeeding in the demonstrably harsh space of open hardware products. Cross told the audience he hoped to get Fedora running on Novena (which runs Debian only at the moment) over the course of the conference, but he also hoped that the Novena story would be a helpful and informative tale for others undertaking a difficult, large-scale task—such as building a distribution.

Kategóriák: Linux

Wednesday's security updates

sze, 2014-08-13 16:44

Red Hat has updated flash-plugin (multiple vulnerabilities) and openstack-ceilometer (RHEL OpenStack Platform: privilege escalation).

Ubuntu has updated kernel (14.04: denial of service), linux-lts-trusty (12.04: denial of service), and openjdk-6 (10.04, 12.04: multiple vulnerabilities).

Kategóriák: Linux

The Linux Plumbers Conference is almost full

k, 2014-08-12 23:29
The 2014 Linux Plumbers Conference (October 15-17, Düsseldorf, Germany) has sent out an advisory that the registration limit is about to be reached. "We are very rapidly approaching our attendance limit, this year faster than in any past editions of the conference. We expect that the conference general registration will be sold out soon, possibly even within a few days. If you have a vested interest in participating in the discussions, please register now, to guarantee that you will obtain a ticket for the conference."

Also, the conference is seeking submissions for Microconference discussion and BOF topics.

Kategóriák: Linux

SFC and OSI team up to work on tax exemption issues for US organizations

k, 2014-08-12 20:06
The Software Freedom Conservancy (SFC) and Open Source Initiative (OSI) have announced (and here) that they are both founding members of a working group "focused on tax exemption issues for organizations in the United States". The working group will be open to participation by any concerned groups or individuals and will be looking for legal experts to join in. Aaron Williamson, formerly of the Software Freedom Law Center, will be chairing the group. "Recent activity by the Internal Revenue Service in response to applications for tax exempt status have sparked a lot of interest and discussion amongst free and open source software communities. OSI and Conservancy recognize that the IRS's understanding and evaluation of free and open source software can impact both new organizations created to promote the public good as charities (known as 501(c)(3) organizations after the corresponding tax code provision), as well as new organizations formed to forward a common business interest (known as 501(c)(6) organizations)." We looked at the issue in July after the Yorba Foundation's unsuccessful attempt to become a US tax-exempt organization.
Kategóriák: Linux

LPC: An In-Depth Look: Live Kernel Patching Microconference

k, 2014-08-12 19:37
The Linux Plumbers Conference (LPC) has a new blog post looking at the live kernel patching microconference. "There has been a great deal of interest in live kernel patching (see this LWN.net article) over the past few months, with several different approaches proposed, including CRIU+kexec, kGraft, and kpatch, all in addition to ksplice. This microconference will host discussions on required infrastructure (including tracing, checkpoint/restart, kexec, and live patching), along with expositions and comparisons of the various approaches. The purpose, believe it or not, is to work towards a common implementation that everyone can live with." LPC will be held in Düsseldorf, Germany, October 15­­–17, co-located with LinuxCon Europe; the front-page blog for LPC has looks at many of the other microconferences along with other interesting information about the conference.
Kategóriák: Linux

Tuesday's security updates

k, 2014-08-12 16:55

CentOS has updated tomcat6 (C6: two vulnerabilities, one from 2013).

Debian has updated acpi-support (regression in earlier security fix).

Gentoo has updated libssh (key disclosure via bad randomness).

Mageia has updated drupal (denial of service), kdelibs4 (M3: authorization bypass), openssl (multiple vulnerabilities), wireshark (multiple vulnerabilities), and wordpress (multiple vulnerabilities).

Oracle has updated kernel-2.6.32 (OL6; OL5: denial of service), kernel-2.6.39 (OL6; OL5: denial of service), kernel-3.8.13 (OL7; OL6: two vulnerabilities), and tomcat6 (OL6: two vulnerabilities, one from 2013).

Red Hat has updated java-1.7.0-ibm (RHEL5&6: many vulnerabilities), java-1.7.1-ibm (RHEL7: many vulnerabilities), and tomcat6 (RHEL6: two vulnerabilities, one from 2013).

Scientific Linux has updated tomcat6 (SL6: two vulnerabilities, one from 2013).

Ubuntu has updated python-pycadf (14.04: information leak).

Kategóriák: Linux

PyCon 2015: Call for Proposals is open

h, 2014-08-11 23:57
On the Montréal-Python blog, Mathieu Leduc-Hamel has announced that the 2015 PyCon Call for Proposals (CFP) is now open. The conference will be held in Montréal April 8–16, 2015; CFPs will be accepted until September 15. "There are likely 95 talk slots to fill, assuming we keep the usual balance of 30/45 minute slots the same, and we'll have room for 32 tutorials. This makes for some steep competition given the potential to reach over 600 talk proposals, while seeing three to four times as many tutorial proposals as available slots. While proposals will be accepted through September 15, we encourage submissions as early as possible, allowing reviewers more time to assess and provide feedback which may prove beneficial as the various rounds of review begin."
Kategóriák: Linux

Security updates for Monday

h, 2014-08-11 17:39

Debian has updated drupal7 (denial of service), kde4libs (privilege escalation), krb5 (multiple vulnerabilities), libav (multiple vulnerabilities, most from 2011 and 2013), wireshark (multiple vulnerabilities), and wordpress (multiple vulnerabilities).

Fedora has updated drupal7-views (F20; F19: access control bypass), openssl (F20; F19: multiple vulnerabilities), thunderbird (F19: multiple vulnerabilities), and xulrunner (F20: multiple vulnerabilities).

Gentoo has updated freetype (code execution).

Mandriva has updated wireshark (multiple vulnerabilities).

openSUSE has updated chromium (13.1, 12.3: multiple vulnerabilities), elfutils (13.1, 12.3: code execution), exim (13.1, 12.3; 11.4: multiple vulnerabilities going back to 2011), jbigkit (13.1, 12.3: code execution from 2013), kdelibs4 (13.1: privilege escalation), kdirstat (13.1: code execution), kernel (13.1: multiple vulnerabilities), krb5 (13.1, 12.3: multiple vulnerabilities), thunderbird (13.1, 12.3: multiple vulnerabilities), tor (13.1, 12.3: traffic confirmation), and transmission (13.1: code execution).

Slackware has updated openssl (multiple vulnerabilities).

Ubuntu has updated krb5 (14.04, 12.04, 10.04: multiple vulnerabilities going back to 2012) and libav (12.04: multiple vulnerabilities, most from 2011 and 2013).

Kategóriák: Linux

FSF: GNU Radio controls the ISEE-3 spacecraft

p, 2014-08-08 22:51
The Free Software Foundation has put out a press release on the use of free software to recover control of the ISEE-3 spacecraft. "To do this, the group turned to GNU Radio, a free software toolkit for implementing software-defined radios and signal processing systems. Modifying the software to communicate in the 1970s satellite protocol, members of the reboot project were able to gain access to the spacecraft and fire its thrusters in early July, and will soon attempt to move the satellite into an orbit close to Earth."
Kategóriák: Linux

A set of stable kernel updates

p, 2014-08-08 15:28
The 3.15.9, 3.14.16, 3.10.52, and 3.4.102 stable kernel updates are available; each contains the usual set of important fixes. Greg warns that there will only be one more 3.15 update, so 3.15 users should be thinking about moving on.
Kategóriák: Linux

Friday's security updates

p, 2014-08-08 14:51

CentOS has updated 389-ds-base: (C6, C7: information disclosure) and tomcat (C7: XML parser injection).

Fedora has updated ansible (F19, F20: code execution), bugzilla (F19: information disclosure), chicken (F19, F20: denial of service and possible code execution), dpkg (F19: multiple vulnerabilities), kernel (F19: general-principles update to 3.14.15), krb5 (F19, F20: multiple vulnerabilities), mosquitto (F19, F20: unknown vulnerability), openstack-keystone (F20: privilege escalation), pixman (F20: integer underflow), Samba (F20: remote code execution), trafficserver (F20: mysterious vulnerability), v8 (F20: denial of service), and wireshark (F20: more dissector vulnerabilities).

Mageia has updated drupal (multiple vulnerabilities), apache-mod_wsgi (denial of service), and php (three denial-of-service or "unspecified other impact" vulnerabilities).

Mandriva has updated ocsinventory (cross-site scripting), ipython (code execution), and openssl (multiple vulnerabilities).

openSUSE has updated apache (multiple vulnerabilities, with a mod_security filter bypass fix tossed in as well).

Oracle has updated 389-ds-base (OL6, OL7: information disclosure) and tomcat (OL7: XML parser injection).

Red Hat has updated 389-ds-base (RHEL6-7: information disclosure), java-1.5.0-ibm (RLEL5-6: seven "important" vulnerabilities), java-1.6.0-ibm (RHEL5-6: nine "critical" vulnerabilities), and tomcat (RHEL7: XML parser injection).

Scientific Linux has updated 389-ds-base (SL6: information disclosure).

Ubuntu has updated openssl (multiple vulnerabilities).

Kategóriák: Linux