Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 10 min 15 sec ago

[$] XFS: There and back ... and there again?

5 hours 24 min ago
In a thought-provoking—and characteristically amusing—talk at the Vault conference, Dave Chinner looked at the history of XFS, its current status, and where the filesystem may be heading. In keeping with the title of the talk (shared by this article), he sees parallels in what drove the original development of XFS and what will be driving new filesystems. Chinner's vision of the future for today's filesystems, and not just of XFS, may be a bit surprising or controversial—possibly both.

Security advisories for Wednesday

6 hours 36 min ago

Arch Linux has updated firefox (multiple vulnerabilities).

CentOS has updated bind (C7: denial of service), firefox (C7: two vulnerabilities), firefox (C6; C5; C7: multiple vulnerabilities), xulrunner (C7: multiple vulnerabilities), flac (C7; C6: two vulnerabilities), freetype (C7: multiple vulnerabilities), ipa (C7: two vulnerabilities), slapi-nis (C7: two vulnerabilities), kernel (C7: two vulnerabilities), libxml2 (C7: denial of service), openssl (C7: multiple vulnerabilities), postgresql (C7: multiple vulnerabilities), setroubleshoot (C7: privilege escalation), thunderbird (C7; C7: multiple vulnerabilities), and unzip (C7: multiple vulnerabilities).

Debian has updated wireshark (multiple vulnerabilities).

Debian-LTS has updated freetype (many vulnerabilities).

Fedora has updated drupal7-entity (F21; F20: cross-site scripting) and php (F20: multiple vulnerabilities).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), owncloud (unspecified vulnerabilities), python-rope (code execution), and tor (denial of service).

Oracle has updated firefox (OL7; OL6: multiple vulnerabilities) and flac (OL7; OL6: two vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), flac (RHEL6,7: two vulnerabilities), and thunderbird (RHEL5,6,7: multiple vulnerabilities).

Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities) and flac (SL6,7: two vulnerabilities).

Ubuntu has updated firefox (14.10, 14.04, 12.04: multiple vulnerabilities), gnupg, gnupg2 (14.10, 14.04, 12.04, 10.04: multiple vulnerabilities), libgcrypt11, libgcrypt20 (14.10, 14.04, 12.04, 10.04: information leak), and tiff (14.10, 14.04, 12.04, 10.04: multiple vulnerabilities).

Firefox 37.0

Tuesday 31st of March 2015 08:24:05 PM
Firefox 37.0 has been released. This release features improved protection against site impersonation via OneCRL centralized certificate revocation, Bing search now uses HTTPS for secure searching, opportunistic encrypting of HTTP traffic where the server supports HTTP/2 AltSvc, and more. See the release notes for details.

Tuesday's security updates

Tuesday 31st of March 2015 04:16:12 PM

Arch Linux has updated musl (code execution).

Debian has updated openldap (multiple vulnerabilities).

Mandriva has updated dokuwiki (MBS1.0: multiple vulnerabilities) and phpmyadmin (MBS1.0: information leak).

openSUSE has updated gd (13.2, 13.1: denial of service) and seamonkey (13.2, 13.1: two vulnerabilities).

Oracle has updated libxml2 (OL7: denial of service) and postgresql (OL7; OL6: multiple vulnerabilities).

SUSE has updated firefox (SLE12: two vulnerabilities).

Ubuntu has updated jakarta-taglibs-standard (14.10, 14.04: code execution).

Kernel prepatch 4.0-rc6

Monday 30th of March 2015 07:43:47 PM
Linus has released 4.0-rc6 right on schedule. "Things are calming down nicely, and there are fixes all over. The NUMA balancing performance regression is fixed, and things are looking up again in general. There were a number of i915 issues and a KVM double-fault thing that meant that for a while there I was pretty sure that this would be a release that will go to rc8, but that may be unnecessary."

Security advisories for Monday

Monday 30th of March 2015 05:39:02 PM

CentOS has updated postgresql (C6: multiple vulnerabilities).

Debian has updated freexl (code execution).

Fedora has updated drupal6 (F21; F20: multiple vulnerabilities), drupal7 (F21; F20: multiple vulnerabilities), libssh2 (F20: information leak), mingw-xerces-c (F21; F20: denial of service), php (F21: multiple vulnerabilities), tcpdump (F21: multiple vulnerabilities), and xerces-c (F21; F20: denial of service).

Gentoo has updated busybox (multiple vulnerabilities).

Mandriva has updated apache-mod_wsgi (MBS2.0: privilege escalation), bash (MBS2.0: multiple vulnerabilities), bind (MBS2.0: denial of service), binutils (MBS2.0: multiple vulnerabilities), clamav (MBS2.0: multiple vulnerabilities), coreutils (MBS1.0, MBS2.0: code execution), ctags (MBS2.0: denial of service), ctdb (MBS2.0: insecure temporary files), dbus (MBS2.0: multiple vulnerabilities), drupal (MBS1.0: multiple vulnerabilities), ejabberd (MBS2.0: incorrectly allows unencrypted connections), erlang (MBS2.0: command injection), ffmpeg (MBS2.0: multiple vulnerabilities), firebird (MBS2.0: denial of service), freerdp (MBS2.0: two vulnerabilities), gcc (MBS2.0: code execution), git (MBS2.0: code execution), glibc (MBS2.0: multiple vulnerabilities), glpi (MBS2.0: multiple vulnerabilities), grub2 (MBS2.0: code execution), gtk+3.0 (MBS2.0: screen lock bypass), icu (MBS2.0: multiple vulnerabilities), ipython (MBS2.0: code execution), jasper (MBS2.0: multiple vulnerabilities), jython (MBS2.0: code execution), libarchive (MBS1.0, MBS2.0: directory traversal), libtiff (MBS1.0: multiple vulnerabilities), libxfont (MBS1.0: multiple vulnerabilities), setup (MBS2.0: information disclosure), tcpdump (MBS1.0: multiple vulnerabilities), and wireshark (MBS1.0: multiple vulnerabilities).

openSUSE has updated freetype2 (13.2, 13.1: many vulnerabilities), gnutls (13.2, 13.1: certificate algorithm consistency checking issue), and rubygem-bundler (13.2, 13.1: installs malicious gem files).

Red Hat has updated kernel-rt (RHE MRG for RHEL6: two vulnerabilities), libxml2 (RHEL7: denial of service), and postgresql (RHEL6, RHEL7: multiple vulnerabilities).

Scientific Linux has updated libxml2 (SL7: denial of service) and postgresql (SL6, SL7: multiple vulnerabilities).

A massive weekend security update pile

Sunday 29th of March 2015 05:14:27 PM
The pile of security updates has gotten deep enough that it makes sense to shove them out now. The biggest pile is seemingly Mandriva catching up on numerous updates for its Mandriva Business Server (MBS) line of products.

Debian has updated batik (unauthorized file access), binutils (code execution), dulwich (code execution), libxfont (privilege escalation), php5 (fix regression from previous update), shibboleth-sp2 (denial of service), and xerces-c (denial of service).

Fedora has updated kernel (F21: code execution), mongodb (F21: denial of service), python-requests (F21: cookie stealing), python-urllib3 (F21: cookie stealing), strongswan (F20, F21: denial of service), and webkitgtk4 (F21: late certificate verification).

Mageia has updated docuwiki (cross-site scripting), drupal (authentication bypass), krb5 (denial of service), python-requests (cookie stealing), setup (incorrect file protections), and wireshark (dissector issues).

Mandriva has updated apache (MBS2: 11 CVEs), apache-mod_security (MBS2: restriction bypass), cifs-utils (MBS2: code execution), cups (MBS2: six CVEs), cups-filters (MBS2: nine CVEs), curl (MBS2: seven CVEs), dovecot (MBS2: denial of service), egroupware (MBS2: code execution), elfutils (MBS2: code execution), emacs (MBS2: symbolic link vulnerability), freetype2 (MBS2: 21 CVEs), gnupg (MBS1, MBS2: five CVEs), gnutls (MBS2: five CVEs), imagemagick (MBS2: five CVEs), jbigkit (MBS2: code execution), json-c (MBS2: denial of service), krb5 (MBS1-2: five CVEs), lcms2 (MBS2: denial of service), libcap-ng (MBS2: privilege escalation), libgd (MBS2: denial of service), libevent (MBS2: code execution), libjpeg (MBS2: code execution), libksba (MBS2: denial of service), liblzo (MBS2: code execution), libpng (MBS2: memory overwrite), libpng12 (MBS2: three 2013 CVEs), libsndfile (MBS2: code execution), libssh (MBS2: information disclosure and denial of service), libssh2 (MBS1, MBS2: MITM vulnerability), libtasn1 (MBS2: denial of service), libtiff (MBS2: six CVEs), libvirt (MBS1, MBS2: denial of service and information leak), libvncserver (MBS2: six CVEs), libxfont (MBS2: six CVEs), libxml2 (MBS2: denial of service), lua (MBS2: code execution), mariadb (MBS2: uncountable unexplained CVEs), mpfr (MBS2: code execution), mutt (MBS2: denial of service), net-snmp (MBS2: denial of service), nginx (MBS2: code execution), nodejs (MBS2: multiple unspecified vulnerabilities), not-yet-commons-ssl (MBS2: MITM vulnerability), ntp (MBS2: six CVEs), openldap (MBS1, MBS2: denial of service), openssh (MBS2: restriction and authentication bypass), openvpn (MBS2: denial of service), patch (MBS2: file overwrite), pcre (MBS2: denial of service), perl (MBS2: denial of service), php (MBS1, MBS2: lots of vulnerabilities), postgresql (MBS2: twelve CVEs), ppp (MBS2: privilege escalation), pulseaudio (MBS2: denial of service), python-django (MBS2: five CVEs), python-pillow (MBS2: five CVEs), python-requests (MBS2: cookie stealing), php-ZendFramework (MBS2: eight CVEs), python (MBS2: seven CVEs), python3 (MBS2: five CVEs), python-lxml (MBS2: code injection), python-numpy (MBS2: temporary file vulnerability), readline (MBS2: symbolic link vulnerability), rsync (MBS2: denial of service), rsyslog (MBS2: denial of service), ruby (MBS2: denial of service), samba (MBS1, MBS2: code execution and more), samba4 (MBS2: code execution), sendmail (MBS2: file descriptor access), serf (MBS2: MITM vulnerability), squid (MBS2: five CVEs), stunnel (MBS2: private key disclosure), subversion (MBS2: five CVEs), sudo (MBS2: file disclosure), tcpdump (MBS2: seven CVEs), tomcat (MBS2: eight CVEs), torque (MBS2: kill arbitrary processes), udisks2 (MBS2: code execution), unzip (MBS2: code execution), util-linux (MBS2: command injection), wpa_supplicant (MBS2: command execution), wget (MBS2: symbolic link vulnerability), x11-server (MBS2: thirteen CVEs), and xlockmore (MBS2: lock bypass).

openSUSE has updated mercurial (command injection).

SUSE has updated firefox (SLES10-11: code execution) and mysql (SLES11: 33 vulnerabilities).

[$] Mailman 3.0 to modernize mailing lists

Friday 27th of March 2015 11:02:28 PM

More than a decade after its last major rewrite, the GNU Mailman mailing list manager project aims to release its 3.0 suite in April, during the sprints following PyCon North America. Mailman 3 is a major rewrite that includes a new user membership system, a REST API, an archiver replacement for Pipermail, and a better web interface for subscriptions and settings — but it carries with it a few new dependencies as well. Brave system administrators can try out the fifth beta version now.

Subscribers can click below for the full story from next week's edition.

Two fresh stable kernels

Friday 27th of March 2015 07:15:10 PM

Hot on the heels of yesterday's 3.19.3 release, Greg Kroah-Hartman has released kernels 3.14.37 and 3.10.73. Each contains a bevy of updates and fixes.

Friday's security updates

Friday 27th of March 2015 04:13:06 PM

CentOS has updated setroubleshoot (C6; C7: privilege escalation).

Debian has updated batik (information leak).

Fedora has updated dokuwiki (F20; F21; F22: access control bypass), drupal7 (F22: multiple vulnerabilities), drupal7-views (F20; F21: multiple vulnerabilities), ettercap (F20; F21: multiple vulnerabilities), mingw-xerces-c (F22: denial of service), nx-libs (F20; F21: multiple vulnerabilities), php (F22: multiple vulnerabilities), and xerces-c (F22: denial of service).

Mandriva has updated cabextract (BS1,2: multiple vulnerabilities), cpio (BS1: multiple vulnerabilities; BS2: directory traversal), e2fsprogs (BS1; BS2: multiple vulnerabilities), and openssl (BS1; BS2: multiple vulnerabilities).

openSUSE has updated libXfont (13.1, 13.2: multiple vulnerabilities), libzip (13.1, 13.2: denial of service), and tcpdump (13.1, 13.2: multiple vulnerabilities).

Oracle has updated ipa and slapi-nis (O7: multiple vulnerabilities), kernel (O7: multiple vulnerabilities), and setroubleshoot (O5; O6; O7: privilege escalation).

Red Hat has updated ipa, slapi-nis (RHEL7: multiple vulnerabilities), kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7: multiple vulnerabilities), and setroubleshoot (RHEL5,6,7: privilege escalation).

Scientific Linux has updated ipa and slapi-nis (SL7:), kernel (SL7: multiple vulnerabilities), and setroubleshoot (SL5,6,7: privilege escalation).

SUSE has updated Xen (SLE12: multiple vulnerabilities).

A new stable kernel release

Thursday 26th of March 2015 08:40:51 PM

Greg Kroah-Hartman has announced the release of the 3.19.3 kernel. A variety of important fixes and updates are included.

Thursday's security updates

Thursday 26th of March 2015 02:03:50 PM

CentOS has updated firefox (C6; C7: multiple vulnerabilities).

openSUSE has updated firefox (13.1,13.2: multiple vulnerabilities).

Oracle has updated firefox (O5: multiple vulnerabilities).

Scientific Linux has updated 389-ds-base (SL7: multiple vulnerabilities), firefox (multiple vulnerabilities), freetype (SL6,7: multiple vulnerabilities), glibc (SL7: multiple vulnerabilities), GNOME Shell (SL7: lock screen bypass), hivex (SL7: privilege escalation), httpd (SL7: multiple vulnerabilities), ipa (SL7: multiple vulnerabilities), kernel (SL7: multiple vulnerabilities), krb5 (SL7: multiple vulnerabilities), libreoffice (SL7: multiple vulnerabilities), libvirt (SL7: multiple vulnerabilities), openssh (SL7: multiple vulnerabilities), openssl (SL6; SL7: multiple vulnerabilities), pcre (SL7: information leak), qemu-kvm (SL7: multiple vulnerabilities), unzip (SL6,7: multiple vulnerabilities), and virt-who (SL7: information leak).

[$] LWN.net Weekly Edition for March 26, 2015

Thursday 26th of March 2015 12:59:55 AM
The LWN.net Weekly Edition for March 26, 2015 is available.

[$] Development activity in LibreOffice and OpenOffice

Wednesday 25th of March 2015 04:55:57 PM
The LibreOffice project was announced with great fanfare in September 2010. Nearly one year later, the OpenOffice.org project (from which LibreOffice was forked) was cut loose from Oracle and found a new home as an Apache project. It is fair to say that the rivalry between the two projects in the time since then has been strong. Predictions that one project or the other would fail have not been borne out, but that does not mean that the two projects are equally successful. A look at the two projects' development communities reveals some interesting differences.

Click below (subscribers only) for the full article.

Security advisories for Wednesday

Wednesday 25th of March 2015 03:46:24 PM

Debian has updated openssl (regression in previous update) and python-django (cross-site scripting).

Debian-LTS has updated gnutls26 (multiple vulnerabilities).

openSUSE has updated less (13.2, 13.1: information leak) and tor (13.2, 13.1: denial of service).

Oracle has updated firefox (OL7; OL6: multiple vulnerabilities).

SUSE has updated firefox (SLE11 SP3: multiple vulnerabilities).

Ubuntu has updated batik (14.10, 14.04, 12.04: information leak) and libarchive (14.10, 14.04, 12.04: directory traversal).

GNOME 3.16 released

Wednesday 25th of March 2015 03:40:18 PM
The GNOME 3.16 release is out. "This is another exciting release for GNOME, and brings many new features and improvements, including redesigned notifications, a new shell theme, new scrollbars, and a refresh for the file manager. 3.16 also includes improvements to the Image Viewer, Music, Photos and Videos. We are also including three new preview apps for the first time: Books, Calendar and Characters." See the release notes for more information.

LibreOffice Online announced

Wednesday 25th of March 2015 02:36:44 PM
The LibreOffice project has announced the accelerated development of a new online offering. "Development of LibreOffice Online started back in 2011, with the availability of a proof of concept of the client front end, based on HTML5 technology. That proof of concept will be developed into a state of the art cloud application, which will become the free alternative to proprietary solutions such as Google Docs and Office 365, and the first to natively support the Open Document Format (ODF) standard." The current effort is supported by IceWarp and Collabora; see this FAQ and Michael Meeks's posting for more information. For those wanting to download it, though, note the "the availability of LibreOffice Online will be communicated at a later stage."

A Turing award for Michael Stonebraker

Wednesday 25th of March 2015 02:30:13 PM
The ACM has announced that the 2014 A. M. Turing award has gone to Michael Stonebraker. Among many other things, he was the original creator of the database management system now known as PostgreSQL.

FSFE: Worldwide more than 50 events about Open Standards

Wednesday 25th of March 2015 01:27:34 AM
The Free Software Foundation Europe has a reminder that Document Freedom Day is happening from March 24 12:00 UTC until March 26 12:00 UTC. "Document Freedom Day is the global campaign for document liberation by local groups throughout the world. So far more than 50 groups registered their events in over 25 countries ranging from Asia, Europa, Africa, to South and North America."

Two microconferences accepted for the Linux Plumbers Conference

Tuesday 24th of March 2015 10:17:45 PM
The 2015 Linux Plumbers Conference (LPC) has announced that two microconferences have been accepted for the event, which will be held August 19-21 in Seattle. The Checkpoint/Restart and Energy-aware scheduling and CPU power management microconferences will be held at LPC. Registration for the conference will open on March 27 and it will be co-located with LinuxCon North America, which will be held August 17-19.

More in Tux Machines

Leftovers: Gaming

  • Launching into Orbit
    We’re excited to announce today the release of a BioWare project that’s unlike anything we’ve done before. Over the past few months, the BioWare Online Services team has been working hard on the next-generation of our online technology platform: Orbit.
  • The Big SuperTuxKart Update Is Almost Ready
    Towards the end of last year a development version of a big new version of SuperTuxKart was released that brought a new OpenGL 3.1+ graphics engine and other improvements. The new SuperTuxKart game looks great (especially for being an open-source game) and is now closer to being officially released with now having an RC version out.
  • Humble Indie Bundle 14 Drops Torchlight 2, Outlast, and Other Awesome Games on Linux
    Following on the footsteps of the fantastic success of the previous Humble Indie Bundle initiatives, the awesome people behind Humble Bundle, Inc. have put together yet another amazing collection of cross-platform games entitled Humble Indie Bundle 14.
  • New Linux Gaming Survey For April
    The new GOL survey for April is now available, so please make sure to fill it in if you have the time.
  • Team Fortress 2 Update Brings Balancing Fixes
    Team Fortress 2 is an online multiplayer game developed by Valve and it's one of the most popular titles on Steam for Linux. A new update has been released for it, and it applies to the Linux version as well.
  • Grass Simulator Fully Released With Linux Support
    April Fools! Wait, this is real? Grass Simulator added Linux support recently, and today they have released the final version.

Android Leftovers

CentOS 7 Update and Red Hat

  • Latest CentOS 7 Update Brings Support for Intel Broadwell, AMD Hawaii, and Btrfs
    The CentOS development team, through Karanbir Singh, announced at the end of March 2015 that a new build for the stable CentOS 7 Linux operating system is available for download and update.
  • CentOS 7.1-1503 Screenshot Tour
  • Red Hat helping you (J)Boss your Big Data
    New product enhancements are designed to help enterprises get more out of their Big Data.
  • JOSE – JSON Object Signing and Encryption
    Federated Identity Management has become very widespread in past years – in addition to enterprise deployments a lot of popular web services allow users to carry their identity over multiple sites. Social networking sites especially are in a good position to drive the federated identity management, as they have both critical mass of users and the incentive to become an identity provider. As the users move away from a single device to using multiple portable devices, there is a constant pressure to make the federated identity protocols simpler (with respect to complexity), more user friendly (especially for developers) and easier to implement (on wide range of devices and platforms).

Linux in the Old Homestead

My darling daughter Mimi, who had installed Debian when she was 9 (with her proud father watching over her shoulder), had been an Ubuntu user for years. We’ll get to why that was OK with her Dad in a minute. Unity, of course, changed everything: She hated it as much as her father did (and does), and she switched to Linux Mint, which she had been using for the last several years. Read more