Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 8 perc 45 másodperc

OpenSUSE board election suspended

sze, 2017-01-25 17:09
The election to pick two members of the openSUSE board has been suspended due to "technical problems". The problems do indeed appear to be technical in nature, with at least some voters being presented strange and confusing ballots. The election was restarted on the 21st in an unsuccessful attempt to fix the problems; now it is on indefinite hold. The current board will continue to serve, possibly deferring any major decisions, until the issue is resolved.
Kategóriák: Linux

OpenSUSE board election suspended

sze, 2017-01-25 17:09
The election to pick two members of the openSUSE board has been suspended due to "technical problems". The problems do indeed appear to be technical in nature, with at least some voters being presented strange and confusing ballots. The election was restarted on the 21st in an unsuccessful attempt to fix the problems; now it is on indefinite hold. The current board will continue to serve, possibly deferring any major decisions, until the issue is resolved.
Kategóriák: Linux

Wine 2.0 released

k, 2017-01-24 23:22
Version 2.0 of the Wine Windows emulation system has been released. "This release represents over a year of development effort and around 6,600 individual changes. The main highlights are the support for Microsoft Office 2013, and the 64-bit support on macOS."
Kategóriák: Linux

Wine 2.0 released

k, 2017-01-24 23:22
Version 2.0 of the Wine Windows emulation system has been released. "This release represents over a year of development effort and around 6,600 individual changes. The main highlights are the support for Microsoft Office 2013, and the 64-bit support on macOS."
Kategóriák: Linux

Firefox 51.0

k, 2017-01-24 22:04
Mozilla has released Firefox 51.0. This version adds support for FLAC playback and WebGL 2, along with many improvements and security fixes. See the release notes for details.
Kategóriák: Linux

Firefox 51.0

k, 2017-01-24 22:04
Mozilla has released Firefox 51.0. This version adds support for FLAC playback and WebGL 2, along with many improvements and security fixes. See the release notes for details.
Kategóriák: Linux

[$] Package managers all the way down

k, 2017-01-24 22:02
Package managers are at the core of Linux distributions, but they are currently engulfed in a wave of changes and it's not clear how things will end up. Kristoffer Grönlund started his 2017 linux.conf.au talk on the subject by putting up a slide saying that "everything is terrible awesome". There are a number of frustrations that result from the current state of package management, but that frustration may well lead to better things in the future.
Kategóriák: Linux

[$] Package managers all the way down

k, 2017-01-24 22:02
Package managers are at the core of Linux distributions, but they are currently engulfed in a wave of changes and it's not clear how things will end up. Kristoffer Grönlund started his 2017 linux.conf.au talk on the subject by putting up a slide saying that "everything is terrible awesome". There are a number of frustrations that result from the current state of package management, but that frustration may well lead to better things in the future.
Kategóriák: Linux

Security updates for Tuesday

k, 2017-01-24 19:32

Debian-LTS has updated hesiod (two vulnerabilities) and tiff (multiple vulnerabilities).

Fedora has updated gd (F25; F24: two denial of service flaws) and kernel (F25; F24: privilege escalation).

Gentoo has updated adodb (two vulnerabilities), firejail (three vulnerabilities), icu (three vulnerabilities), libraw (two vulnerabilities from 2015), libwebp (integer overflows), and t1lib (multiple vulnerabilities from 2011).

openSUSE has updated python3-sleekxmpp (42.2: two vulnerabilities) and virtualbox (42.2: multiple unspecified vulnerabilities).

Red Hat has updated mysql (RHEL6: three vulnerabilities), squid (RHEL7: information leak), and squid34 (RHEL6: information leak).

Scientific Linux has updated java-1.8.0-openjdk (SL6,7: multiple vulnerabilities), mysql (SL6: three vulnerabilities), squid (SL7: information leak), and squid34 (SL6: information leak).

Slackware has updated firefox (multiple vulnerabilities).

Ubuntu has updated pcsc-lite (privilege escalation) and tomcat6, tomcat7, tomcat8 (multiple vulnerabilities).

Kategóriák: Linux

Security updates for Tuesday

k, 2017-01-24 19:32

Debian-LTS has updated hesiod (two vulnerabilities) and tiff (multiple vulnerabilities).

Fedora has updated gd (F25; F24: two denial of service flaws) and kernel (F25; F24: privilege escalation).

Gentoo has updated adodb (two vulnerabilities), firejail (three vulnerabilities), icu (three vulnerabilities), libraw (two vulnerabilities from 2015), libwebp (integer overflows), and t1lib (multiple vulnerabilities from 2011).

openSUSE has updated python3-sleekxmpp (42.2: two vulnerabilities) and virtualbox (42.2: multiple unspecified vulnerabilities).

Red Hat has updated mysql (RHEL6: three vulnerabilities), squid (RHEL7: information leak), and squid34 (RHEL6: information leak).

Scientific Linux has updated java-1.8.0-openjdk (SL6,7: multiple vulnerabilities), mysql (SL6: three vulnerabilities), squid (SL7: information leak), and squid34 (SL6: information leak).

Slackware has updated firefox (multiple vulnerabilities).

Ubuntu has updated pcsc-lite (privilege escalation) and tomcat6, tomcat7, tomcat8 (multiple vulnerabilities).

Kategóriák: Linux

Systemd v228 local root exploit

k, 2017-01-24 19:00
Sebastian Krahmer has reported that systemd v228 is vulnerable to a trivial local root exploit that was silently fixed a year ago. It is believed that it mostly affects v228, but he recommends that distributions check to ensure they have the fix. No CVE was requested by the project so the SUSE security team requested one and it was assigned CVE-2016-10156. "The analysis says that is a 'possible DoS', but its a local root exploit indeed. Mode 07777 also contains the suid bit, so files created by touch() are world writable suids, root owned. Such as /var/lib/systemd/timers/stamp-fstrim.timer thats found on a non-nosuid mount."
Kategóriák: Linux

Systemd v228 local root exploit

k, 2017-01-24 19:00
Sebastian Krahmer has reported that systemd v228 is vulnerable to a trivial local root exploit that was silently fixed a year ago. It is believed that it mostly affects v228, but he recommends that distributions check to ensure they have the fix. No CVE was requested by the project so the SUSE security team requested one and it was assigned CVE-2016-10156. "The analysis says that is a 'possible DoS', but its a local root exploit indeed. Mode 07777 also contains the suid bit, so files created by touch() are world writable suids, root owned. Such as /var/lib/systemd/timers/stamp-fstrim.timer thats found on a non-nosuid mount."
Kategóriák: Linux

Lineage OS Update & Build Prep

h, 2017-01-23 23:48
Lineage OS, the successor to CyanogenMod, is gearing up to make weekly builds available for a number of Marshmallow and Nougat capable devices. "Additionally, our Download Portal, Install stats page (yep, that’s 50k+ unofficial installs already!) and Wiki are all live. Notably, all three of these sites (and this blog) are open sourced - you can contribute to them via our Gerrit instance! Bear with us if these sites look bare at the moment, they will grow with content and design as we continue marching forward."
Kategóriák: Linux

Lineage OS Update & Build Prep

h, 2017-01-23 23:48
Lineage OS, the successor to CyanogenMod, is gearing up to make weekly builds available for a number of Marshmallow and Nougat capable devices. "Additionally, our Download Portal, Install stats page (yep, that’s 50k+ unofficial installs already!) and Wiki are all live. Notably, all three of these sites (and this blog) are open sourced - you can contribute to them via our Gerrit instance! Bear with us if these sites look bare at the moment, they will grow with content and design as we continue marching forward."
Kategóriák: Linux

Qt 5.8 released

h, 2017-01-23 23:16
Version 5.8 of the Qt graphics toolkit is out. "Qt 5.8 is a rather large release, containing quite a large set of new functionality." That functionality includes a new configuration system that makes it easy to build cut-down versions of Qt, full support for the Wayland compositor, experimental text-to-speech support, and more.
Kategóriák: Linux

Security advisories for Monday

h, 2017-01-23 19:25

CentOS has updated java-1.8.0-openjdk (C7; C6: multiple vulnerabilities).

Debian has updated libphp-swiftmailer (code execution), mariadb-10.0 (multiple mostly unspecified vulnerabilities), and openjpeg2 (multiple vulnerabilities).

Debian-LTS has updated groovy (code execution) and opus (code execution).

Fedora has updated docker-latest (F24: privilege escalation), ed (F25: denial of service), groovy (F25: code execution), libnl3 (F25; F24: privilege escalation), opus (F25; F24: code execution), qemu (F25: multiple vulnerabilities), squid (F25: two vulnerabilities), and webkitgtk4 (F25; F24: multiple vulnerabilities).

Gentoo has updated DBD-mysql (multiple vulnerabilities), dcraw (denial of service from 2015), DirectFB (two vulnerabilities from 2014), libupnp (two vulnerabilities), lua (code execution from 2014), ppp (denial of service from 2015), qemu (multiple vulnerabilities), quagga (two vulnerabilities), and zlib (multiple vulnerabilities).

Mageia has updated libpng, libpng12 (NULL dereference bug).

openSUSE has updated perl-DBD-mysql (42.2, 42.1: three vulnerabilities) and xtrabackup (42.2; 42.1: information disclosure).

Oracle has updated java-1.8.0-openjdk (OL7; OL6: multiple vulnerabilities).

SUSE has updated gstreamer-0_10-plugins-good (SLE12-SP1; SLE11-SP4: multiple vulnerabilities).

Kategóriák: Linux

[$] Consider the maintainer

h, 2017-01-23 19:06
The free software community tends to focus its spotlight on developers and users while paying rather less attention to the maintainers that keep our projects going. Nadia Eghbal spent a year and a half studying how the community works, and has concluded that we have a problem with maintainership; her 2017 linux.conf.au keynote was dedicated to explaining the problem and how we might want to deal with it. But first, she talked about lobsters.
Kategóriák: Linux

Videos from linux.conf.au 2017

h, 2017-01-23 01:18
The linux.conf.au 2017 organizers have put up videos of the talks in near-record time. There's a lot of good stuff there, some of which will be written up for LWN in the near future.
Kategóriák: Linux

Kernel prepatch 4.10-rc5

v, 2017-01-22 23:37
Linus has released the 4.10-rc5 kernel prepatch for testing, noting that "everything looks nominal". He also changed the codename from the short-lived "Roaring Lionus" to "Anniversary Edition".
Kategóriák: Linux

Clasen: Debugging a Flatpak application

szo, 2017-01-21 00:13
Matthias Clasen looks at how to debug an application built into a Flatpak. Since the runtime environment for a Flatpak application is quite different than normal, even running GDB requires taking some different steps. "Now for the last trick: I was complaining about stacktraces without symbols at the beginning. In rpm-based distributions, the debug symbols are split off into debuginfo packages. Flatpak does something similar and splits all the debug information of runtimes and apps into separate ”runtime extensions”, which by convention have .Debug appended to their name. So the debug info for org.gnome.Recipes is in the org.gnome.Recipes.Debug extension. When you use the –devel option, flatpak automatically includes the Debug extensions for the application and runtime, if they are available. So, for the most useful stacktraces, make sure that you have the Debug extensions for the apps and runtimes in question installed."
Kategóriák: Linux