Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 5 hours 20 min ago

Fedora Developer Announces New Partition Manager (Linux Magazine)

Tuesday 9th of September 2014 07:38:44 PM
Linux Magazine takes a look at blivet-gui, a partition tool built from storage and configuration management tools used in Fedora’s Anaconda installer. "According to the developer, the Linux community needs a new partition tool because of all the new storage technologies that have appeared over the last few years. Traditional tools such as GParted no longer support the full range of Linux filesystem and storage options."

Tuesday's security advisories

Tuesday 9th of September 2014 04:07:39 PM

CentOS has updated jakarta-commons-httpclient (C7; C6; C5: SSL server spoofing).

Debian has updated file (multiple vulnerabilities).

Mageia has updated gtk+3.0 (MG4: screen lock bypass).

openSUSE has updated firefox (13.1, 12.3: multiple vulnerabilities) and thunderbird (13.1, 12.3: multiple vulnerabilities).

Oracle has updated jakarta-commons-httpclient (OL7; OL6; OL5: SSL server spoofing).

Red Hat has updated jakarta-commons-httpclient (RHEL5,6,7: SSL server spoofing).

Scientific Linux has updated jakarta-commons-httpclient (SL5,6: SSL server spoofing).

Ubuntu has updated nss (code execution) and qemu, qemu-kvm (multiple vulnerabilities).

FSF and Debian join forces to help free software users find the hardware they need

Monday 8th of September 2014 07:54:14 PM
The Free Software Foundation and the Debian Project have announced cooperation to expand and enhance h-node, a database to help users learn and share information about computers that work with free software operating systems. "While other databases list hardware that is technically compatible with GNU/Linux, h-node lists hardware as compatible only if it does not require any proprietary software or firmware. Information about hardware that flunks this test is also included, so users know what to avoid. The database lists individual components, like WiFi and video cards, as well as complete notebook systems." Compatibility information comes from users testing on FSF endorsed free software distributions. The FSF has acknowledged that Debian qualifies as a free software distribution as long as only the main repository is enabled.

Security advisories for Monday

Monday 8th of September 2014 04:13:56 PM

Fedora has updated squid (F20: denial of service).

Mageia has updated procmail (code execution).

openSUSE has updated enigmail (13.1, 12.3: information leak).

Red Hat has updated nss (RHEL4 ELCS: code execution).

Ubuntu has updated cups (privilege escalation) and eglibc (10.04: regression in previous update).

Kernel prepatch 3.17-rc4

Monday 8th of September 2014 02:36:33 PM
The 3.17-rc4 prepatch is out. "For a short while there, this week was really nice and calm, but that was mostly because the 'linux-foundation.org' entry fell off the DNS universe, and my mailbox got very quiet for a few hours. The rest of the week looked pretty normal."

Glibc 2.20 released

Monday 8th of September 2014 01:07:55 PM
Version 2.20 of the GNU C Library is now available. Significant changes include support for file-private POSIX locks, removal of support for the _BSD_SOURCE and _SVID_SOURCE feature test macros (see this article for more information), various performance improvements, and more.

The OpenSSL security policy

Monday 8th of September 2014 12:21:29 PM
The OpenSSL project has posted a policy document describing how it intends to respond to security incidents. "There are actually not a large number of serious vulnerabilities in OpenSSL which make it worth spending significant time keeping our own list of vendors we trust, or signing framework agreements, or dealing with changes, and policing the policy. This is a significant amount of effort per issue that is better spent on other things."

Linus 3.17-rc4

Monday 8th of September 2014 11:55:54 AM

Video from the GNU Tools Cauldron

Saturday 6th of September 2014 12:01:22 PM
Videos from the 2014 GNU Tools Cauldron (July 18-20, Cambridge, UK) have now been posted. Topics covered vary from ABI compatibility checking, GCC/LLVM collaboration, and just-in-time compilation to performance testing and debugging issues.

Stable kernels 3.16.2, 3.14.18, and 3.10.54

Saturday 6th of September 2014 01:45:29 AM
Greg Kroah-Hartman has announced the latest batch of stable kernels: 3.16.2, 3.14.18, and 3.10.54. As usual, these new kernels contain fixes throughout the tree; users of these series should upgrade.

Call for organizers: 2015 Linux Plumbers Conference

Friday 5th of September 2014 06:22:07 PM
Each year, the Linux Foundation's Technical Advisory Board seeks an organizing committee for the annual Linux Plumbers Conference. That process has now begun for the 2015 event, which will be held during the week of August 17-21 in Seattle, Washington, alongside the LinuxCon North America event. This is your chance to put your stamp on one of our community's most important gatherings.

Friday's security updates

Friday 5th of September 2014 03:15:52 PM

Debian has updated procmail (code execution).

Mageia has updated firefox, thunderbird (multiple vulnerabilities), graphicsmagick (denial of service), libgcrypt (key extraction), libtorrent-rasterbar (information leak), net-snmp (denial of service), php (multiple vulnerabilities), ppp (privilege escalation), python-django (multiple vulnerabilities), and squid (denial of service).

Mandriva has updated apache (BS1: access restriction bypass), glibc (BS1: multiple vulnerabilities), libgcrypt (BS1: key extraction), ppp (BS1: privilege escalation), python-django (BS1: multiple vulnerabilities), and squid (BS1: multiple vulnerabilities).

Oracle has updated firefox (O5; O7: multiple vulnerabilities) and kernel (O5, denial of service; O5, unspecified vulnerabilities).

Scientific Linux has updated firefox (multiple vulnerabilities), kernel (SL5: denial of service), squid (multiple vulnerabilities), and thunderbird (multiple vulnerabilities).

Slackware has updated mozilla-firefox (multiple vulnerabilities), mozilla-thunderbird (multiple vulnerabilities), and php (multiple vulnerabilities).

Ubuntu has updated procmail (10.04, 12.04, 14.04: code execution).

LLVM 3.5 released

Friday 5th of September 2014 12:15:32 PM
Version 3.5 of the LLVM compiler system is out. There is support for a number of new architecture versions and more. "Clang makes a considerable jump forward as well, including new warnings and better support for new standards: in addition to full support for the recently completed C++’14 standard, it includes initial support for 'C++1z' features. Additionally, it now supports generating “remarks” to indicate when optimizations like vectorization and inlining occur, allowing you to tune your programs more effectively." See the release notes for more information.

[$] LWN.net Weekly Edition for September 5, 2014

Friday 5th of September 2014 12:35:26 AM
The LWN.net Weekly Edition for September 5, 2014 is available.

Thursday's security advisories

Thursday 4th of September 2014 02:54:01 PM

CentOS has updated xulrunner (C7: two vulnerabilities), firefox (C7; C6; C5: two vulnerabilities), httpcomponents-client (C7: SSL server spoofing), kernel (C5: denial of service), squid (C6; C5: two denial of service flaws, one from 2013), squid (C7: denial of service), and thunderbird (C6; C5: two vulnerabilities).

Gentoo has updated dhcpcd (denial of service) and mysql (many vulnerabilities, mostly unspecified, some from 2013).

Oracle has updated firefox (OL6: two vulnerabilities), httpcomponents-client (OL7: SSL server spoofing), squid (OL6; OL5: two denial of service flaws, one from 2013), squid (OL7: denial of service), and thunderbird (OL6: two vulnerabilities).

Red Hat has updated firefox (two vulnerabilities), httpcomponents-client (RHEL7: SSL server spoofing), kernel (RHEL5: denial of service), squid (RHEL5&6: two denial of service flaws, one from 2013), squid (RHEL7: denial of service), and thunderbird (RHEL5&6: two vulnerabilities).

Ubuntu has updated gnupg (12.04, 10.04: key disclosure) and libgcrypt11 (14.04, 12.04, 10.04: key disclosure).

[$] LuneOS tries to keep webOS alive

Wednesday 3rd of September 2014 10:23:35 PM
Even the most dedicated watchers of mobile operating systems may have been surprised recently when a distribution called "LuneOS" announced its first release (code-named "Affogato"). LuneOS, it turns out, is a version of webOS, a mobile operating system originally created by Palm. WebOS has had a bit of a troubled history, but it still has a dedicated following of users and developers. LuneOS is another attempt to turn webOS into a useful system for those users. The effort is a noble one, but the LuneOS developers have a lot of ground to cover yet.

Security advisories for Wednesday

Wednesday 3rd of September 2014 05:03:01 PM

Debian has updated iceweasel (multiple vulnerabilities) and php-cas (security constraints bypass).

Mandriva has updated busybox (denial of service/possible code execution) and php (multiple vulnerabilities).

openSUSE has updated enigmail (11.4: information leak).

Red Hat has updated devtoolset-2-axis (RHDT2: incorrect certificate validation), glibc (RHEL5.6, 5.9, 6.2, 6.4: code execution), openstack-keystone (RHEL OSP5.0 for RHEL7; RHEL OSP5.0 for RHEL6: multiple vulnerabilities), and openstack-neutron (RHEL OSP5.0 for RHEL7; RHEL OSP5.0 for RHEL6: denial of service).

SUSE has updated apache2 (SLES11 SP2; SLES11 SP1; SLES10: multiple vulnerabilities).

Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), firefox (14.04, 12.04: multiple vulnerabilities), kernel (14.04; 12.04; 10.04: multiple vulnerabilities), libreoffice (14.04: command injection), linux-lts-trusty (12.04: multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), lua5.1 (14.04, 12.04: code execution), and oxide-qt (14.04: multiple vulnerabilities).

Django 1.7 released

Wednesday 3rd of September 2014 11:07:41 AM
Version 1.7 of the Django web framework has been released. New features include a mechanism for migrating between database schemas, a separation of applications from models, a new system checking framework, and more; see the release notes for details.

Firefox 32

Tuesday 2nd of September 2014 07:33:46 PM
Firefox 32 has been released. This version adds a new HTTP cache for improved performance and crash recovery, public key pinning support has been enabled, and much more. See the release notes for details.

[$] Supporting filesystems in persistent memory

Tuesday 2nd of September 2014 07:12:10 PM
For a few years now, we have been told that upcoming non-volatile memory (NVM) devices are going to change how we use our systems. These devices provide large amounts (possibly terabytes) of memory that is persistent and that can be accessed at RAM speeds. Just what we will do with so much persistent memory is not entirely clear, but it is starting to come into focus. It seems that we'll run ordinary filesystems on it — but those filesystems will have to be tweaked to allow users to get full performance from NVM.

Click below (subscribers only) for the full article from this week's Kernel Page.

More in Tux Machines

Leftovers: Gaming

Leftovers: Software

today's howtos

ACPI, kernels and contracts with firmware

This ends up being a pain in the neck in the x86 world, but it could be much worse. Way back in 2008 I wrote something about why the Linux kernel reports itself to firmware as "Windows" but refuses to identify itself as Linux. The short version is that "Linux" doesn't actually identify the behaviour of the kernel in a meaningful way. "Linux" doesn't tell you whether the kernel can deal with buffers being passed when the spec says it should be a package. "Linux" doesn't tell you whether the OS knows how to deal with an HPET. "Linux" doesn't tell you whether the OS can reinitialise graphics hardware. Read more