Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 28 perc 46 másodperc

Python 2.7.9 released

sze, 2014-12-10 23:56
The Python 2.7.9 release is out. The 2.7 series is in deep maintenance mode, but this update still includes a new SSL module (taken from Python 3.4) and validation of SSL certificates by default. This release also adds the ensurepip module, making the "pip" package manager available in all installations.
Kategóriák: Linux

[$] Emacs and changing documentation formats

sze, 2014-12-10 23:52

The GNU Emacs project is debating the idea of changing the format in which its official documentation is written and maintained. Proposing the change is Eric S. Raymond, who argues that the Texinfo format currently used is archaic and constitutes a barrier to entry. His proposal has its supporters—including Richard Stallman—but plenty of other project members contend that whatever shortcomings the Emacs documentation may have, replacing Texinfo as Raymond suggests is not the fix.

Kategóriák: Linux

[$] Snowdrift.coop: Funding for free projects

sze, 2014-12-10 21:20
Funding projects in the "free and open" world is a perennial problem. "Crowdfunding" using Kickstarter and other platforms has helped to alleviate some funding issues for some projects, but it is a model that targets one-time goals, not sustained development. Snowdrift.coop, which is an organization aimed at providing long-term funding for free and open projects, has—somewhat ironically—announced a crowdfunding campaign to launch itself.

Click below (subscribers only) for the full article.

Kategóriák: Linux

Security advisories for Wednesday

sze, 2014-12-10 18:58

CentOS has updated kernel (C7: multiple vulnerabilities) and rpm (C7; C6; C5: code execution).

Mageia has updated flash-player-plugin (multiple vulnerabilities), graphviz (format string vulnerability), iceape (multiple vulnerabilities), nodejs (multiple vulnerabilities), openafs (multiple vulnerabilities), php-pear-HTML_AJAX (code execution), and util-linux (command injection).

Oracle has updated kernel (OL7: multiple vulnerabilities) and rpm (OL7; OL6; OL5: code execution).

Red Hat has updated httpd24-httpd (RHSCL: two vulnerabilities), kernel (RHEL7: multiple vulnerabilities), and rpm (RHEL7; RHEL5,6; EUS products: code execution).

Scientific Linux has updated rpm (SL7; SL5,6: code execution).

Ubuntu has updated bind9 (denial of service) and xorg-server, xorg-server-lts-trusty (14.10, 14.04, 12.04: multiple vulnerabilities), xorg-server, xorg-server-lts-trusty (14.10.14.04.12.04: incomplete fixes in previous update).

Kategóriák: Linux

Qt 5.4 released

sze, 2014-12-10 14:37
Version 5.4 of the Qt toolkit is now available. It provides better interaction with web-based content, improved graphics, Bluetooth Low Energy support, and a lot more, including a licensing change: "As announced earlier, the open-source version for Qt 5.4 is also made available under the LGPLv3 license. The new licensing option allows us at The Qt Company to introduce more value-add components for the whole Qt ecosystem without making compromises on the business side. It also helps to protect 3rd party developers’ freedom from consumer device lock-down and prevents Tivoization as well as other misuse."
Kategóriák: Linux

An extensive set of X.org vulnerabilities

k, 2014-12-09 20:12
The X.Org developers have released an advisory warning of a large set of vulnerabilities in the server, some of which date back to the X11R1 release in 1987. "How critical these vulnerabilities are to any given installation depends on whether they run an X server with root privileges or reduced privileges; whether they run X servers exposed to network clients or limited to local connections; and whether or not they allow use of the affected protocol extensions, especially the GLX extension."
Kategóriák: Linux

Linux software nasty slithers out of online watering holes (The Register)

k, 2014-12-09 19:30
The Turla trojan malware has been found to run on Linux, reports The Register. "[Kaspersky researcher Kurt] Baumgartner said the module written in C and C++ was hardened against reverse-engineering through the use of stripped symbol information and hidden network communications, adding it could not be discovered using Netstat. It contained attack capabilities which did not require root privileges including arbitrary remote command execution, incoming packet interception and remote management."
Kategóriák: Linux

"Ubuntu Core" announced

k, 2014-12-09 18:14
Mark Shuttleworth has announced the availability of "Ubuntu Core," a version of the distribution that takes a different approach to package management. "This is in a sense the biggest break with tradition in 10 years of Ubuntu, because Ubuntu Core doesn’t use debs or apt-get. We call it 'snappy' because that’s the new bullet-proof mechanism for app delivery and system updates; it’s completely different to the traditional package-based Ubuntu server and desktop. The snappy system keeps each part of Ubuntu in a separate, read-only file, and does the same for each application. That way, developers can deliver everything they need to be confident their app will work exactly as they intend, and we can take steps to keep the various apps isolated from one another, and ensure that updates are always perfect. Of course, that means that apt-get won’t work, but that’s OK since developers can reuse debs to make their snappy apps, and the core system is exactly the same as any other Ubuntu system – server or desktop."
Kategóriák: Linux

Tuesday's security updates

k, 2014-12-09 17:49

Debian has updated bind9 (denial of service) and kernel (multiple vulnerabilities).

Gentoo has updated dovecot (denial of service), libvirt (multiple vulnerabilities), nfs-utils (information disclosure), and qemu (multiple vulnerabilities).

SUSE has updated OpenVPN (SLE11 SP3: denial of service).

Ubuntu has updated graphviz (format string vulnerability).

Kategóriák: Linux

Fedora 21 released

k, 2014-12-09 16:30
The Fedora 21 distribution release is now available, in three different flavors (cloud, server, and workstation). "Fedora 21 is a game-changer for the Fedora Project, and we think you're going to be very pleased with the results." See the announcement for the highlights found in each of the released spins.
Kategóriák: Linux

Kocialkowski: A hacker's journey: freeing a phone from the ground up, first part

h, 2014-12-08 20:55
Paul Kocialkowski shares his experience with porting Replicant to the LG Optimus Black. "Every once in a while, an unexpected combination of circumstances ends up enabling us to do something pretty awesome. This is the story of one of those times. About a year ago, a member of the Replicant community started evaluating a few targets from CyanogenMod and noticed some interesting ones. After some early research, he picked a device: the LG Optimus Black (P970), bought one and started porting Replicant to it. After a few encouraging results, he was left facing issues he couldn't overcome and decided to give up with the port. As the device could still be an interesting target for Replicant, we decided to buy the phone from him so that I could pick up the work where he stalled." (Thanks to Paul Wise)
Kategóriák: Linux

The SFLC's intervention in Google v. Oracle

h, 2014-12-08 20:07
The Software Freedom Law Center has filed an interesting brief with the U.S. Supreme Court on whether the Court should review the Federal Circuit court decision stating that Android violates Oracle's copyrights by shipping some Java headers. The SFLC disagrees with the Circuit court decision, but, interestingly, still argues that the Supreme Court should not look at the case. "Given that the parties are agreed that Petitioner has the right to royalty-free use of all the material at issue under GNU GPL, and it is in addition entitled to claim that its use was licensed at all relevant times, there is no public interest in the adjudication a controversy which remains merely theoretical if not factually moot."
Kategóriák: Linux

[$] A quick look at the new FontForge release

h, 2014-12-08 19:07

FontForge is the most feature-rich free-software application for building and editing font files, but that is a niche that, regrettably, attracted relatively few developers over the project's lifespan. The situation has improved considerably in the last two years, however, and the latest release introduces several significant improvements. The new features include some expansion and enhancement to the editing tools, which will appeal to existing FontForge users, but they also include other changes that may be more significant in making FontForge appealing to new users.


Kategóriák: Linux

Security advisories for Monday

h, 2014-12-08 19:02

Debian has updated getmail4 (multiple vulnerabilities) and icedove (multiple vulnerabilities).

Fedora has updated arm-none-eabi-binutils-cs (F20; F19: multiple vulnerabilities), avr-binutils (F20; F19: multiple vulnerabilities), firefox (F19: multiple vulnerabilities), flac (F20: multiple vulnerabilities), graphviz (F20; F19: format string vulnerability), hivex (F20; F19: invalid hive files), kwebkitpart (F20; F19: code execution), libksba (F20; F19: denial of service), nrpe (F19: code execution), readline (F19: insecure temporary files), and thunderbird (F19: multiple vulnerabilities).

Mageia has updated apache-mod_wsgi (privilege escalation), jasper (code execution), and openvpn (denial of service).

openSUSE has updated apache2-mod_wsgi (13.1, 12.3: privilege escalation), docker (13.2: privilege escalation), firefox (13.2, 13.1, 12.3: multiple vulnerabilities), flac (13.2, 13.1, 12.3: multiple vulnerabilities), icecast (13.2; 13.1, 12.3: information leak/privilege escalation), openvpn (13.2, 13.1, 12.3: denial of service), and ruby19 (13.1, 12.3: two vulnerabilities).

Oracle has updated docker (OL7; OL6: privilege escalation).

Scientific Linux has updated kernel (SL5: restriction bypass).

SUSE has updated clamav (SLE11 SP3; SLES11 SP1,2: multiple vulnerabilities).

Ubuntu has updated ghostscript (10.04: code execution) and jasper (14.10, 14.04, 12.04: code execution).

Kategóriák: Linux

The 3.18 kernel has been released

h, 2014-12-08 05:17
Linus has released the 3.18 kernel. "I'd love to say that we've figured out the problem that plagues 3.17 for a couple of people, but we haven't. At the same time, there's absolutely no point in having everybody else twiddling their thumbs when a couple of people are actively trying to bisect an older issue, so holding up the release just didn't make sense." Highlights in this release include the bpf() system call, some significant networking performance improvements, dozens of new drivers, thousands of fixes, and more.
Kategóriák: Linux

Some stable kernel updates

v, 2014-12-07 21:27
The 3.17.5 stable kernel has been released with a comment saying "No one should use it"; instead, the immediately following 3.17.6, containing an important patch reversion, should be used. Also available are 3.14.26 and 3.10.62.
Kategóriák: Linux

Software Freedom Conservancy launches supporter program

p, 2014-12-05 20:48

Software Freedom Conservancy (SFC), the US-based non-profit organization that sponsors around 30 separate FOSS projects, has announced a "Supporter" program. The program allows individuals to make a recurring donation to SFC's general operating fund, akin to the individual membership-style programs also offered by the Free Software Foundation, Software In The Public Interest, and various other non-profits in the community. As always, individuals can also make donations directly to SFC member projects.

Kategóriák: Linux

Friday's security updates

p, 2014-12-05 17:44

CentOS has updated kernel (C5: privilege escalation).

Mageia has updated mutt (M4: denial of service), yaml, perl-YAML-LibYAML (M4: denial of service), phpmyadmin (M4: denial of service), and tcpdump (M4: code execution).

openSUSE has updated clamav (12.3, 13.1, 13.2: multiple vulnerabilities), flash-player: code execution), and phpMyAdmin (12.3, 13.1, 13.2: multiple vulnerabilities).

Oracle has updated kernel (O5: privilege escalation; O6; O7: multiple vulnerabilities).

Red Hat has updated kernel (RHEL5: privilege escalation).

Ubuntu has updated MAAS (12.04, 14.04, 14.10: privilege escalation).

Kategóriák: Linux

Hutterer: pointer acceleration in libinput - building a DPI database for mice

p, 2014-12-05 15:54
Peter Hutterer describes a new mechanism aimed at providing consistent acceleration behavior across mice. "For us, useless and unpredictable is bad, especially in the use-case of everyday desktops. To work around that, libinput 0.7 now incorporates the physical resolution into pointer acceleration. And to do that we need a database, which will be provided by udev as of systemd 218 (unreleased at the time of writing). This database incorporates the various devices and their physical resolution, together with their sampling rate. udev sets the resolution as the MOUSE_DPI property that we can read in libinput and use as reference point in the pointer accel code." The developers are looking for help to populate this new database.
Kategóriák: Linux

The first CentOS Linux Rolling media release

p, 2014-12-05 15:23
The CentOS project has announced the availability of the first in a series of monthly rolling releases. "CentOS Linux rolling builds are point in time snapshot media rebuild from original release time, to include all updates pushed to mirror.centos.org's repositories. This includes all security, bugfix, enhancement and general updates for CentOS Linux. Machines installed from this media will have all these updates pre-included and will look no different when compared with machines installed with older media that have been yum updated to the same point in time."
Kategóriák: Linux