Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 11 min ago

Tuesday's security advisories

Tuesday 23rd of June 2015 05:10:29 PM

Arch Linux has updated curl (information disclosure).

Debian-LTS has updated postgresql-8.4 (denial of service).

Fedora has updated xorg-x11-server (F22: permission bypass).

Gentoo has updated chromium (multiple vulnerabilities) and gnutls (denial of service).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7; RHEMRG2.5: multiple vulnerabilities), libreswan (RHEL7: denial of service), mailman (RHEL7: path traversal attack), and php (RHEL7: multiple vulnerabilities).

SUSE has updated e2fsprogs (SLE11SP4: code execution).

Ubuntu has updated kernel (14.10; 14.04; 12.04: regression in previous update), linux-ti-omap4 (12.04: regression in previous update), linux-lts-trusty (12.04: regression in previous update), linux-lts-utopic (14.04: regression in previous update), and patch (14.10, 14.04, 12.04: multiple vulnerabilities).

The Open Container Project

Monday 22nd of June 2015 07:01:01 PM
The Open Container Project has announced its existence. "Housed under the Linux Foundation, the OCP’s mission is to enable users and companies to continue to innovate and develop container-based solutions, with confidence that their pre-existing development efforts will be protected and without industry fragmentation. As part of this initiative, Docker will donate the code for its software container format and its runtime, as well as the associated specifications. The leadership of the Application Container spec (“appc”) initiative, including founding member CoreOS, will also be bringing their technical leadership and support to OCP."

Security advisories for Monday

Monday 22nd of June 2015 05:20:55 PM

Debian has updated pyjwt (accepts arbitrary tokens).

Debian-LTS has updated libclamunrar (double-free error), qemu (code execution), qemu-kvm (code execution), and zendframework (multiple vulnerabilities).

Fedora has updated abrt (F22: multiple vulnerabilities), cups (F22; F21: two vulnerabilities), drupal7-views (F22; F21; F20: access bypass), gnome-abrt (F22: multiple vulnerabilities), kernel (F22; F21: privilege escalation), krb5 (F21: two vulnerabilities), libreport (F22: multiple vulnerabilities), openssl (F22: multiple vulnerabilities), postgresql (F22: multiple vulnerabilities), qemu (F21: denial of service), qpid-cpp (F21: two vulnerabilities), and satyr (F22: multiple vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities) and openssl (multiple vulnerabilities).

openSUSE has updated cgit (13.2, 13.1: code execution), xen (13.2; 13.1: multiple vulnerabilities), and XWayland (13.2: permission bypass).

SUSE has updated IBM Java (SLE11SP3: multiple vulnerabilities).

The long ARM of Linux: Red Hat Enterprise Linux Server for ARM Development Preview (Red Hat Blog)

Monday 22nd of June 2015 04:51:44 PM
In a post on the Red Hat Blog, the company has announced a version of Red Hat Enterprise Linux (RHEL) for ARM development. "Today, we are making the Red Hat Enterprise Linux Server for ARM Development Preview 7.1 available to all current and future members of the Red Hat ARM Partner Early Access Program as well as their end users as an unsupported development platform, providing a common standards-based operating system for existing 64-bit ARM hardware. Beyond this release, we plan to continue collaborating with our partner ISVs and OEMs, end users, and the broader open source community to enhance and refine the platform to ultimately work with the next generation of ARM-based designs." Jon Masters, who is the technical lead for the project, has a lengthy Google+ post about the project and its history over the last 4+ years.

Three projects funded by CII

Monday 22nd of June 2015 02:40:22 PM
The Linux Foundation's Critical Infrastructure Initiative has announced the funding of three projects to the tune of "nearly $500,000." "CII's funds will support a new open source automated testing project, the Reproducible Builds initiative from Debian, and IT security researcher Hanno Boeck's Fuzzing Project. Additionally, The Linux Foundation is announcing Emily Ratliff is joining The Linux Foundation as senior director of infrastructure security for CII. Ratliff is a Linux, system and cloud security expert with more than 20 years' experience. Most recently she worked as a security engineer for AMD and logged nearly 15 years at IBM."

Shuttleworth: Introducing the Fan

Monday 22nd of June 2015 02:12:16 PM
Mark Shuttleworth announces "the Fan", a new mechanism for directing communications between containers. "We recognised that container networking is unusual, and quite unlike true software-defined networking, in that the number of containers you want on each host is probably roughly the same. You want to run a couple hundred containers on each VM. You also don’t (in the docker case) want to live migrate them around, you just kill them and start them again elsewhere. Essentially, what you need is an address multiplier – anywhere you have one interface, it would be handy to have 250 of them instead." See this page for details on how it works.

Mageia 5 released

Monday 22nd of June 2015 01:34:07 PM
The Mageia 5 release is now available. The headline feature in this long-awaited distribution release appears to be UEFI BIOS support, but there's more; see the release notes for details.

The 4.1 kernel is out

Monday 22nd of June 2015 12:47:46 PM
Linus has released the 4.1 kernel. "It's not like the 4.1 release cycle was particularly painful, and let's hope that the extra week of letting it sit makes for a great release. Which wouldn't be a bad thing, considering that 4.1 will also be a LTS release." Headline features in this release include support for encrypted ext4 filesystems, the persistent memory block driver, ACPI support for the ARM64 architecture, and more.

[$] Rebasing openSUSE

Friday 19th of June 2015 09:42:27 PM
The openSUSE project has often struggled with questions of identity: what is the distribution trying to be, and for who? From the 2010 strategy search through to the 2013 development-model discussions and the 2014 release-management questions, openSUSE's developers have tried to find a development approach that is both sustainable and appealing to a wider audience. In 2015, it appears that a partial success has been achieved, but that success is driving a new and controversial change.

Poettering: The new sd-bus API of systemd

Friday 19th of June 2015 09:40:00 PM
Lennart Poettering writes about the sd-bus library with substantial digressions into how D-Bus works in general. "We believe the result of our work delivers our goals quite nicely: the library is fun to use, supports kdbus and sockets as back-end, is relatively minimal, and the performance is substantially better than both libdbus and GDBus."

Announcing the Code Climate platform

Friday 19th of June 2015 09:24:42 PM
Code Climate has announced the open-source release of its static-analysis platform. "We’re releasing the static analysis engines that power the new Code Climate Platform, and going forward, all of our static analysis code will be published under Open Source licenses. Code Climate has always provided free analysis to Open Source projects, and this continues to deepen our commitment to, and participation in, the OSS community."

Bacon: Rebasing Ubuntu on Android?

Friday 19th of June 2015 09:21:11 PM

At his blog, former Ubuntu Community Manager Jono Bacon speculates on whether or not the Ubuntu Phone project should rebase its software stack on Android. Bacon prefaces the post with a note that it is "designed purely for some intellectual fun and discussion. I am not proposing we actually do this, nor advocating for this." The central argument is that new mobile platforms invariably expend hundreds of thousands of dollars attracting well-known app vendors to the new stack. Supporting Android apps would let Ubuntu focus efforts on the user interface, scopes, and other components. "I know there has been a reluctance to support Android apps on Ubuntu as it devalues the Ubuntu app ecosystem and people would just use Android apps, but I honestly think some kind of middle-ground is needed to get into the game, otherwise I worry we won’t even make it to the subs bench no matter how awesome our technology is." Note that, whatever one makes of the idea, Bacon is speaking only about the Ubuntu Phone stack; the post does touch on how such a rebase would interfere with Ubuntu's plans for a converged software stack.

Friday's security updates

Friday 19th of June 2015 02:45:57 PM

Debian has updated cinder (file disclosure) and drupal7 (multiple vulnerabilities).

Fedora has updated mbedtls (F21: multiple vulnerabilities) and python-django14 (F20: cross-site scripting).

Mageia has updated cups (M4: multiple vulnerabilities), ffmpeg (M4: multiple vulnerabilities), openssl (M4: multiple vulnerabilities), and redis (M4: code execution).

SUSE has updated IBM Java (SLES10 SP4; SLE11: multiple vulnerabilities).

The launch of WebAssembly

Thursday 18th of June 2015 02:51:36 PM
Luke Wagner of Mozilla has announced the existence of the WebAssembly project. The purpose is to define a low-level language to run in web browsers; it will then serve as a compilation target for higher-level languages. Developers from most of the major browser engines are working on the project. "For existing Emscripten/asm.js users, targeting WebAssembly will be as easy as flipping a flag. Thus, it is natural to view WebAssembly as the next evolutionary step of asm.js (a step many have requested and anticipated)."

Security updates for Thursday

Thursday 18th of June 2015 02:13:27 PM

CentOS has updated cups (C7; C6: three vulnerabilities).

Debian has updated kernel (three vulnerabilities).

Debian-LTS has updated linux-2.6 (multiple vulnerabilities going back to 2011) and openssl (multiple vulnerabilities).

Fedora has updated mbedtls (F20: code execution), python-requests (F21: cookie stealing), and python-urllib3 (F21: proper openssl support).

openSUSE has updated busybox (13.2, 13.1: code execution) and strongswan (13.2, 13.1: information disclosure).

Oracle has updated cups (OL7; OL6: three vulnerabilities).

Red Hat has updated cups (RHEL6&7: three vulnerabilities).

Scientific Linux has updated cups (SL6&7: three vulnerabilities).

[$] LWN.net Weekly Edition for June 18, 2015

Thursday 18th of June 2015 01:51:57 AM
The LWN.net Weekly Edition for June 18, 2015 is available.

[$] Micro Python on the pyboard

Wednesday 17th of June 2015 07:39:31 PM
A 2013 Kickstarter project brought us Micro Python, which is a version of Python 3 for microcontrollers, along with the pyboard to run it on. Micro Python is a complete rewrite of the interpreter that avoids some of the CPython (the canonical Python interpreter written in C) implementation details that don't work well on microcontrollers. I recently got my hands on a pyboard and decided to give it—and Micro Python—a try.

Cool new features coming to Blender 2.75 (Opensource.com)

Wednesday 17th of June 2015 07:36:57 PM
Opensource.com takes a look at the upcoming release of Blender 2.75. "One of the biggest features merged into Blender this go-round were from the multiview branch. In short, Blender now fully supports the ability to create stereoscopic 3D images. With the increased pervasiveness of 3D films and televisions—not to mention VR headsets in gaming—a lot of people are interested in generating images that play nice in this format. And now Blender can."

Security advisories for Wednesday

Wednesday 17th of June 2015 04:14:38 PM

Debian-LTS has updated linux-2.6 (multiple vulnerabilities).

Red Hat has updated kernel (RHEL5.9: privilege escalation).

SUSE has updated java-1_7_0-ibm (SLE12: multiple vulnerabilities).

Ubuntu has updated aptdaemon (15.04, 14.10, 14.04, 12.04: information leak), devscripts (14.10, 14.04, 12.04: directory traversal), and wpa, wpasupplicant (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).

[$] Leap-second issues, 2015 edition

Wednesday 17th of June 2015 03:15:39 PM
The leap second is an occasional ritual wherein Coordinated Universal Time (UTC) is held back for one second to account for the slowing of the Earth's rotation. The last leap second happened on June 30, 2012; the next is scheduled for June 30 of this year. Leap seconds are thus infrequent events. One might easily imagine that infrequent events involving time discontinuities would be likely to expose software problems, and, sure enough, the 2012 leap second had its share of issues. The 2015 leap second looks to be a calmer affair, but it appears that it will not be entirely problem-free.

More in Tux Machines

Kodi 15.0 Release Candidate 1 Arrives

The first release candidate for Kodi 15 has arrived. Kodi 15 is building up many new features from Android 4K@60Hz support to adaptive seeking support to Android H.265 support to many other updates and additions. Read more

7 stories that make you feel good about open source in 2015 (so far)

One of the great things about open source is its reach beyond just the software we use. Open source isn’t just about taking principled stands, it's about making things better for the world around us. It helps spread new ideas by letting anyone with an interest modify and replicate those ideas in their own communities. In this collection, let’s take a look back at some of the best articles we’ve shared this year about the ways that open source is making an impact on communities and improving the lives of people across the world. Read more

Exclusive interview with Hans de Raad

In my daily life (both personal and professional) I use open source for just about anything, from LibreOffice to Drupal, Kolab, Piwik, Apache, KDE, etc. Being part of the communities of these projects for me is a very special extra dimension that creates a lot of extra motivation and satisfaction. For me, open source isn’t so much of a choice it is simply the standard. Read more

today's leftovers

  • OpenVZ / Virtuozzo 7 Beta First Impressions
    There will eventually be two distinct versions... a free version and a commercial version. So far as I can tell they currently call it Virtuozzo 7 but in a comparison wiki page they use the column names Virtuozzo 7 OpenVZ (V7O) and Virtuozzo 7 Commercial (V7C). The original OpenVZ, which is still considered the stable OpenVZ release at this time based on the EL6-based OpenVZ kernel, appears to be called OpenVZ Legacy.
  • Libdrm 2.4.62 Is An Important Update For Open-Source GPU Drivers
    Libdrm 2.4.62 was released this week as a significant update to this DRM library for interfacing between the kernel DRM drivers and user-space.
  • X.Org Server Lands More Mode-Setting/GLAMOR Improvements, But No Sign Of 1.18
  • KDE Ships KDE Applications 15.04.3
    Today KDE released the second stability update for KDE Applications 15.04. This release contains only bugfixes and translation updates, providing a safe and pleasant update for everyone.
  • Global Shortcuts In KDE Plasma Under Wayland
  • KDE Marks Four Years In Its Process Of Porting To Wayland
  • KDE Plasma 5.3.2 Fixes Shutdown Scripts, Few Dozen Other Bugs
  • Qt 5.5 Officially Released
  • KStars Observers Management patched
    This update is a little break from my current GSoC project so i won’t talk about my progress just yet. I will talk about the current observers management dialog that is currently active in KStars. Basically, an observation session requires observer information like first name, last name and contact. Currently, an observer could be added only from the settings menu so i thought that it would be more intuitive if this functionality was placed in a more appropirate place and a proper GUI was to be implemented for a better user experience.
  • The Kubuntu Podcast Team is on a roll
    Building on their UOS Hangout, the Kubuntu Podcast Team has created their second Hangout, featuring Ovidiu-Florin Bogdan, Aaron Honeycutt, and Rick Timmis, discussing What is Kubuntu?
  • Road so far
  • July Update for KDE Applications 15.04
    Today, the KDE Community is happy to announce the release of KDE Applications 15.04.3. This release contains only bugfixes and translation updates, providing a safe and pleasant update for everyone.
  • KDE ActivityManager in Emacs
    Today I whipped up a small Emacs minor-mode to interface with KDE's ActivityManager system. It's my first minor-mode and it's janky as fuck right now, but I'm going to expand on it to eventually be able to filter, for example, to just buffers that are linked to your current activity, pushing me towards a long-standing goal of mine to create a system which flows with what I'm doing, rather than forcing me in to its workflow.
  • Convergence through Divergence
    This time around, I’m adding a mechanism that allows us to list plugins, applications (and the general “service”) specific for a given form factor. In normal-people-language, that means that I want to make it possible to specify whether an application or plugin should be shown in the user interface of a given device. Let’s look at an example: KMail. KMail has two user interfaces, the desktop version, a traditional fat client offering all the features that an email client could possibly have, and a touch-friendly version that works well on devices such as smart phones and tablets. If both are installed, which should be shown in the user interface, for example the launcher? The answer is, unfortunately: we can’t really tell as there currently is no scheme to derive this information from in a reliable way. With the current functionality that is offered by KDE Frameworks and Plasma, we’d simply list both applications, they’re both installed and there is no metadata that could possibly tell us the difference.
  • smarter status hiding
    In heavily populated IRC channels such as #debian on Freenode, a lot of idle IRC users are joining and leaving every couple of seconds. At the moment, we display a status message for every user in the room which in some cases results in a lot of visual noise.
  • Photos: future plans
    This is the third in my series of blog posts about the latest generation of GNOME application designs. In this post, I’m going to talk about Photos. Out of the applications I’ve covered, this is the one that has the most new design work.
  • West Coast Summit
    This is the last day of the GNOME West Coast Summit, and for the past three days we’ve been working and discussing topics...
  • OpenMandriva Lx 2014.2 "The Scion" Pays Tribute To Mandrake
    With Mandriva having been liquidated (allegedly due to employee lawsuits), OpenMandriva is paying tribute to it -- and its precursor, Mandrake -- with their new point release.
  • Good bye credativ [moving to Red Hat]
  • Hello Red Hat
    In my new position I will be a Solutions Architect – so basically a sales engineer, thus the one talking to the customers on a more technical level, providing details or proof of concepts where they need it.
  • Oracle Linux 6 Administration Professional Certification Now Released
  • Digital education presents new challenges and opportunities for IT
    At Red Hat, our IT organization is working with each of our business partners to help them develop digital strategies and solutions to enable them (and us) to be more effective. We’re investing in the deployment of new communication and collaboration tools in the organization. And we’re trying to better understand the needs of our end users as individuals rather than solely as a part of sales or as a part of marketing. We’re building an internal consulting capability so that we can help our end users be more efficient and effective in their jobs as a community of associates, in addition to being part of a business function.
  • RHEL for SAP HANA now on Amazon Web Services (AWS)
  • Ubuntu Touch OTA-5 Update Will Bring Interesting New Features
    As you may know, Canonical has released the Ubuntu Touch OTA-4 Update and while ago, and now is working at implementing new features for the OTA-5 Update, which should get released in mid-July, if it does not get delayed for some reasons.
  • The 1TB UbuTab Ubuntu Tablet Is A SCAM!
  • How to use PPAs to install bleeding-edge software in Ubuntu and Linux Mint
    Linux users install most of their software directly from a centralized package repository managed by their Linux distribution of choice. This is a convenient, one-stop shop place to get your software—but what if the repository doesn’t have the program you need, or you want a newer version? For Ubuntu and Linux Mint users, that’s where personal package archives come in.
  • Linux Mint 17.2 officially released
    Well, it’s here. Linux Mint 17.2 is now available for download. Currently only the Cinnamon and MATE releases are out and other editions will launch later. For users on 17.0 or 17.1 more announcements will follow next week when the update is made available for those users as an upgrade. It’s not clear yet whether 17.0 users will be able to choose to go to 17.1 or 17.2 or whether 17.2 will be the single destination those users can jump to.
  • Linux Mint 17.2 Officially Released With Cinnamon/MATE Flavors
    Just a few short weeks after the Rafaela 17.2 RCs, Linux Mint 17.2 has been officially released this morning in the form of the Cinnamon and MATE desktop spins.
  • Data Translation Offers Real Time ARM-Based Data Acquisition Module
  • Tough, IP67-sealed box PC runs Linux on Atom
    X-ES unveiled a rugged, sealed embedded PC that runs Linux on an Atom E3800, and offers 4GB of ECC RAM, IP67 protection, M12 ports, and -40 to 70°C support.
  • Firefox 39 Has Been Delayed A Few Days Due To A “Last Minute Stability Issue”
  • Engine Yard's Deis Launches Support for its PaaS
    This year, Engine Yard bought Deis, an open source Platform-as-a-Service project. It provides a PaaS that can rub on public clouds, private clouds, or bare metal. Starting now, Engine Yard will offer its well-known support options to companies that want Deis support.
  • Elastic puts its open-source Big Data search engine in the cloud
    The Netherlands’ Elastic BV is ticking another item off the fairly narrow list of ways to monetize open-source software with the launch of new hosted implementations of its hugely popular free search engine for unstructured data that offer a simpler alternative to manual deployment. The launch couldn’t have come at a more opportune time.
  • Security advisories for Wednesday
  • What We Call Security Isn’t Really Security
    Well, it’s probably no shock to you that the security industry can’t agree on a definition of security. Imagine if the horse industry couldn’t agree on what is a horse. Yes, it’s like that.
  • UH OH: Windows 10 will share your Wi-Fi key with your friends' friends
    Those contacts include their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be teamed with security. If you wander close to a wireless network, and your friend knows the password, and you both have Wi-Fi Sense, you can now log into that network.