Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 29 min ago

Linus 3.17-rc4

Monday 8th of September 2014 11:55:54 AM

Video from the GNU Tools Cauldron

Saturday 6th of September 2014 12:01:22 PM
Videos from the 2014 GNU Tools Cauldron (July 18-20, Cambridge, UK) have now been posted. Topics covered vary from ABI compatibility checking, GCC/LLVM collaboration, and just-in-time compilation to performance testing and debugging issues.

Stable kernels 3.16.2, 3.14.18, and 3.10.54

Saturday 6th of September 2014 01:45:29 AM
Greg Kroah-Hartman has announced the latest batch of stable kernels: 3.16.2, 3.14.18, and 3.10.54. As usual, these new kernels contain fixes throughout the tree; users of these series should upgrade.

Call for organizers: 2015 Linux Plumbers Conference

Friday 5th of September 2014 06:22:07 PM
Each year, the Linux Foundation's Technical Advisory Board seeks an organizing committee for the annual Linux Plumbers Conference. That process has now begun for the 2015 event, which will be held during the week of August 17-21 in Seattle, Washington, alongside the LinuxCon North America event. This is your chance to put your stamp on one of our community's most important gatherings.

Friday's security updates

Friday 5th of September 2014 03:15:52 PM

Debian has updated procmail (code execution).

Mageia has updated firefox, thunderbird (multiple vulnerabilities), graphicsmagick (denial of service), libgcrypt (key extraction), libtorrent-rasterbar (information leak), net-snmp (denial of service), php (multiple vulnerabilities), ppp (privilege escalation), python-django (multiple vulnerabilities), and squid (denial of service).

Mandriva has updated apache (BS1: access restriction bypass), glibc (BS1: multiple vulnerabilities), libgcrypt (BS1: key extraction), ppp (BS1: privilege escalation), python-django (BS1: multiple vulnerabilities), and squid (BS1: multiple vulnerabilities).

Oracle has updated firefox (O5; O7: multiple vulnerabilities) and kernel (O5, denial of service; O5, unspecified vulnerabilities).

Scientific Linux has updated firefox (multiple vulnerabilities), kernel (SL5: denial of service), squid (multiple vulnerabilities), and thunderbird (multiple vulnerabilities).

Slackware has updated mozilla-firefox (multiple vulnerabilities), mozilla-thunderbird (multiple vulnerabilities), and php (multiple vulnerabilities).

Ubuntu has updated procmail (10.04, 12.04, 14.04: code execution).

LLVM 3.5 released

Friday 5th of September 2014 12:15:32 PM
Version 3.5 of the LLVM compiler system is out. There is support for a number of new architecture versions and more. "Clang makes a considerable jump forward as well, including new warnings and better support for new standards: in addition to full support for the recently completed C++’14 standard, it includes initial support for 'C++1z' features. Additionally, it now supports generating “remarks” to indicate when optimizations like vectorization and inlining occur, allowing you to tune your programs more effectively." See the release notes for more information.

[$] LWN.net Weekly Edition for September 5, 2014

Friday 5th of September 2014 12:35:26 AM
The LWN.net Weekly Edition for September 5, 2014 is available.

Thursday's security advisories

Thursday 4th of September 2014 02:54:01 PM

CentOS has updated xulrunner (C7: two vulnerabilities), firefox (C7; C6; C5: two vulnerabilities), httpcomponents-client (C7: SSL server spoofing), kernel (C5: denial of service), squid (C6; C5: two denial of service flaws, one from 2013), squid (C7: denial of service), and thunderbird (C6; C5: two vulnerabilities).

Gentoo has updated dhcpcd (denial of service) and mysql (many vulnerabilities, mostly unspecified, some from 2013).

Oracle has updated firefox (OL6: two vulnerabilities), httpcomponents-client (OL7: SSL server spoofing), squid (OL6; OL5: two denial of service flaws, one from 2013), squid (OL7: denial of service), and thunderbird (OL6: two vulnerabilities).

Red Hat has updated firefox (two vulnerabilities), httpcomponents-client (RHEL7: SSL server spoofing), kernel (RHEL5: denial of service), squid (RHEL5&6: two denial of service flaws, one from 2013), squid (RHEL7: denial of service), and thunderbird (RHEL5&6: two vulnerabilities).

Ubuntu has updated gnupg (12.04, 10.04: key disclosure) and libgcrypt11 (14.04, 12.04, 10.04: key disclosure).

[$] LuneOS tries to keep webOS alive

Wednesday 3rd of September 2014 10:23:35 PM
Even the most dedicated watchers of mobile operating systems may have been surprised recently when a distribution called "LuneOS" announced its first release (code-named "Affogato"). LuneOS, it turns out, is a version of webOS, a mobile operating system originally created by Palm. WebOS has had a bit of a troubled history, but it still has a dedicated following of users and developers. LuneOS is another attempt to turn webOS into a useful system for those users. The effort is a noble one, but the LuneOS developers have a lot of ground to cover yet.

Security advisories for Wednesday

Wednesday 3rd of September 2014 05:03:01 PM

Debian has updated iceweasel (multiple vulnerabilities) and php-cas (security constraints bypass).

Mandriva has updated busybox (denial of service/possible code execution) and php (multiple vulnerabilities).

openSUSE has updated enigmail (11.4: information leak).

Red Hat has updated devtoolset-2-axis (RHDT2: incorrect certificate validation), glibc (RHEL5.6, 5.9, 6.2, 6.4: code execution), openstack-keystone (RHEL OSP5.0 for RHEL7; RHEL OSP5.0 for RHEL6: multiple vulnerabilities), and openstack-neutron (RHEL OSP5.0 for RHEL7; RHEL OSP5.0 for RHEL6: denial of service).

SUSE has updated apache2 (SLES11 SP2; SLES11 SP1; SLES10: multiple vulnerabilities).

Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), firefox (14.04, 12.04: multiple vulnerabilities), kernel (14.04; 12.04; 10.04: multiple vulnerabilities), libreoffice (14.04: command injection), linux-lts-trusty (12.04: multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), lua5.1 (14.04, 12.04: code execution), and oxide-qt (14.04: multiple vulnerabilities).

Django 1.7 released

Wednesday 3rd of September 2014 11:07:41 AM
Version 1.7 of the Django web framework has been released. New features include a mechanism for migrating between database schemas, a separation of applications from models, a new system checking framework, and more; see the release notes for details.

Firefox 32

Tuesday 2nd of September 2014 07:33:46 PM
Firefox 32 has been released. This version adds a new HTTP cache for improved performance and crash recovery, public key pinning support has been enabled, and much more. See the release notes for details.

[$] Supporting filesystems in persistent memory

Tuesday 2nd of September 2014 07:12:10 PM
For a few years now, we have been told that upcoming non-volatile memory (NVM) devices are going to change how we use our systems. These devices provide large amounts (possibly terabytes) of memory that is persistent and that can be accessed at RAM speeds. Just what we will do with so much persistent memory is not entirely clear, but it is starting to come into focus. It seems that we'll run ordinary filesystems on it — but those filesystems will have to be tweaked to allow users to get full performance from NVM.

Click below (subscribers only) for the full article from this week's Kernel Page.

The GNOME Foundation's 2013 annual report

Tuesday 2nd of September 2014 07:11:28 PM
The GNOME Foundation has put out its annual report for 2013 as a 24-page PDF file. "As you will see when you read this annual report, there have been a lot of great things that have happened for the GNOME Foundation during this period. Two new companies joined our advisory board, the Linux Foundation and Private Internet Access. The work funded by our accessibility campaign was completed and we ran a successful campaign for privacy. During this period, there was a fantastic Board of Directors, a dedicated Engagement team (who worked so hard to put this report together), and the conference teams (GNOME.Asia, GUADEC and the Montreal Summit) knocked it out of the park. Most importantly, we’ve had an influx of contributors, more so than I’ve seen in some time."

Tuesday's security updates

Tuesday 2nd of September 2014 06:16:57 PM

CentOS has updated glibc (C7; C6; C5: two vulnerabilities).

Debian has updated lua5.1 (code execution), lua5.2 (code execution), and openjdk-7 (regression in previous update).

Fedora has updated cas-client (F20: security constraints bypass), distcc (F20; F19: denial of service/possible code execution), gvfs (F20: file overwrite and device key access), httpcomponents-client (F20; F19: SSL server spoofing), ifuse (F20: file overwrite and device key access), kernel (F20: privilege escalation), libgpod (F20: file overwrite and device key access), libimobiledevice (F20: file overwrite and device key access), libplist (F20: file overwrite and device key access), libusbmuxd (F20: file overwrite and device key access), php (F20; F19: multiple vulnerabilities), pixman (F19: denial of service), ppp (F19: privilege escalation), smack (F20: man-in-the-middle attack), springframework-security (F20; F19: access control restrictions bypass), upower (F20: file overwrite and device key access), usbmuxd (F20: file overwrite and device key access), and zarafa (F20; F19: multiple vulnerabilities).

Gentoo has updated chromium (multiple vulnerabilities), jinja (privilege escalation), net-snmp (multiple vulnerabilities), nrpe (code execution), openoffice-bin (multiple vulnerabilities), postgresql-server (multiple vulnerabilities), qemu (multiple vulnerabilities), stunnel (private key leak), and wireshark (multiple vulnerabilities).

Mageia has updated blender (denial of service/possible code execution) and distcc (denial of service/possible code execution).

Mandriva has updated bugzilla (BS1.0: cross-site request forgery), catfish (BS1.0: privilege escalation), dhcpcd (BS1.0: denial of service), file (BS1.0: denial of service), gpgme (BS1.0: code execution), jakarta-commons-httpclient (BS1.0: SSL server spoofing), krb5 (BS1.0: multiple vulnerabilities), libvncserver (BS1.0: denial of service/possible code execution), phpmyadmin (BS1.0: multiple vulnerabilities), python-imaging (BS1.0: denial of service), serf (BS1.0: information leak), and subversion (BS1.0: information leak).

Oracle has updated glibc (OL7; OL6; OL5: two vulnerabilities).

Red Hat has updated glibc (RHEL5,6,7: two vulnerabilities).

Scientific Linux has updated glibc (SL5,6: two vulnerabilities).

The first LuneOS release

Tuesday 2nd of September 2014 01:10:57 PM
LuneOS is the new name for the mobile system once known as webOS; the first release is available for brave testers now. "The main focus of LuneOS is to provide an operating system which is driven by the community and continues what we love(d) about webOS. We’re not trying to reach feature comparison with Android or iOS but rather building a system to satisfy basic needs in the mobile environment." The Nexus 4 and HP TouchPad appear to be the best devices for those wanting to try LuneOS out on real hardware.

Clarification: LuneOS is not really a direct successor to webOS; it, instead, can be thought of as a sort of fork of the Open webOS project (managed by LG) focused on porting the system to other devices.

Poettering: Revisiting how we put together Linux systems

Monday 1st of September 2014 11:58:26 AM
Lennart Poettering has posted a lengthy writeup of a plan put together by the "systemd cabal" (his words) to rework Linux software distribution. It is based heavily on namespaces and Btrfs snapshots. "Now, with the name-spacing concepts we introduced above, we can actually relatively freely mix and match apps and OSes, or develop against specific frameworks in specific versions on any operating system. It doesn't matter if you booted your ArchLinux instance, or your Fedora one, you can execute both LibreOffice and Firefox just fine, because at execution time they get matched up with the right runtime, and all of them are available from all the operating systems you installed. You get the precise runtime that the upstream vendor of Firefox/LibreOffice did their testing with. It doesn't matter anymore which distribution you run, and which distribution the vendor prefers."

Kernel prepatch 3.17-rc3

Monday 1st of September 2014 11:50:30 AM
The 3.17 development cycle continues with the release of 3.17-rc3. "As expected, it is larger than rc2, since people are clearly getting back from their Kernel Summit travels etc. But happily, it's not *much* larger than rc2 was, and there's nothing particularly odd going on, so I'm going to just ignore the whole 'it's summer' argument, and hope that things are just going that well."

Yahoo to stop development on YUI library

Friday 29th of August 2014 09:31:09 PM

Yahoo has announced its decision to halt the development of Yahoo User Interface library (YUI), its open-source JavaScript library for writing HTML application interfaces. In the announcement, the company cites the rise in popularity of Node.JS, which has changed how developers build HTML applications, as have recent changes in package management and web application frameworks. "The consequence of this evolution in web technologies is that large JavaScript libraries, such as YUI, have been receiving less attention from the community. Many developers today look at large JavaScript libraries as walled gardens they don’t want to be locked into. As a result, the number of YUI issues and pull requests we’ve received in the past couple of years has slowly reduced to a trickle. Most core YUI modules do not have active maintainers, relying instead on a slow stream of occasional patches from external contributors. Few reviewers still have the time to ensure that the patches submitted are reviewed quickly and thoroughly." Nevertheless, it seems, YUI will be maintained for the foreseeable future, receiving critical fixes as they arise.

Friday's security updates

Friday 29th of August 2014 03:25:07 PM

Debian has updated squid3 (denial of service).

Fedora has updated glibc (F20: multiple vulnerabilities), GraphicsMagick (F20: code execution), gtk3 (F20: screen lock bypass), perl-Plack (F19; F20: information disclosure), phpMyAdmin (F19: multiple vulnerabilities), and subversion (F19; F20: credentials leak).

Gentoo has updated apache (multiple vulnerabilities), file (denial of service), libgcrypt (key extraction), libtasn1 (multiple vulnerabilities), and php (multiple vulnerabilities).

SUSE has updated MySQL (SLES/SLED 11: multiple vulnerabilities).

Ubuntu has updated eglibc (10.o4, 12.04, 14.04: denial of service).

More in Tux Machines

Cinnamon 2.4 to Feature New Theme Selection and Options for Linux Mint 17.1

Cinnamon is the default desktop environment in Linux Mint and it's built by the same developers who are making the Linux distro. It stands to reason that the best implementation for Cinnamon will be on Linux Mint. It's also the place that integrates the latest updates for Cinnamon as soon as they are made available. Usually, the latest iterations of Cinnamon are integrated quickly in Mint, but the developers are also working on an updated Linux Mint version, 17.1. The new Cinnamon 2.4 DE might arrive there by default and not in Linux Mint 17. Read more

Knoppix 7.4.1 Is Now Available For Download

Knoppix developers have released a major version of their operating system Knoppix 7.4.1 based on the usual picks from Debian stable (wheezy) and newer Desktop packages from Debian/testing and Debian/unstable (jessie). According to the official release note, this distro version uses kernel 3.16.2 and xorg 7.7 (core 1.16.0) for supporting current computer hardware. Read more

First Tizen phone now expected in India

Samsung’s postponed Tizen Linux-based smartphone is now heading for a launch in India by the end of the year, reports India’s Economic Times. Everybody, it seems, wants a piece of the Indian smartphone market. The latest company with plans to jump headlong into South Asia is Samsung, which aims to ship a Tizen Linux-based smartphone in India after the Diwali festival in November, according to the Economic Times (ET). Read more

GNOME: 3.14 almost there

Speaking of gedit, after the major changes of 3.12, 3.14 has been a cycle focused on stabilization and polishing. Overall the revised user interface got mostly positve feedback.. I for one, as a heavy gedit user, adapted to the new UI without problems. 3.14 will have a few incremental changes, that among other things try to address some of the issues pointed out by Jim Hall’s usability study presented at GUADEC: “Open” will be a single button removing the dichotomy between the open dialog and recent files and providing quick search among recent files. “Save” now uses a text label since it turns out a lot of people did not grok the icon (and no, I am not going back to the floppy image!) and the view menu has been reorganized and now uses a popover. With regard to the “Open” button, we know things are not perfect yet, search among recent is great, but when the “cache misses”, going through a double step is painful… we already have a few ideas on how to improve that next cycle, but for now I can vividly recommend to try the “quickopen” plugin, one of the hidden gems of gedit, which already provides some of the things we would like to integrate in the next iteration. Read more