Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 18 min 23 sec ago

New open source dependency manager on the scene (Opensource.com)

Friday 23rd of January 2015 11:38:21 PM

At Opensource.com, Jordi Mon introduces the biicode project, an open-source dependency-management system for C and C++ applications that is akin to Ruby Gems or the Python Package Index. It is a challenging goal, he says, "because there are approximately 4 million C/C++ developers, and both languages represent up to almost 20% of the world's code." The project was started as a proprietary service, and only recently transitioned into an open-source project.

Friday's security updates

Friday 23rd of January 2015 03:35:34 PM

CentOS has updated jasper (C6: multiple vulnerabilities).

openSUSE has updated dbus-1 (13.1, 13.2: multiple vulnerabilities), elfutils (13.1, 13.2: directory traversal), flash-player (13.1, 13.2: memory randomization circumvention), otrs (13.1, 13.2: authentication bypass), roundcubemail (13.2: cross-site request forgery), strongswan (13.1, 13.2: denial of service), and wireshark (13.1, 13.2: multiple vulnerabilities).

Oracle has updated jasper (O6; O7: multiple vulnerabilities).

Red Hat has updated jasper (RHEL6,7: multiple vulnerabilities), java-1.7.0-oracle (multiple vulnerabilities), and java-1.8.0-oracle (RHEL6: multiple vulnerabilities).

Scientific Linux has updated jasper (SL6,7: multiple vulnerabilities).

SUSE has updated flash-player (memory randomization circumvention) and rpm (SLE12: multiple vulnerabilities).

Ubuntu has updated elfutils (directory traversal), mysql-5.5 (12.04, 14.04, 14.10): multiple vulnerabilities, and samba (14.04, 14.10: privilege escalation).

A two-part series on LXC networking (Flockport Labs)

Thursday 22nd of January 2015 11:13:24 PM
Flockport Labs has a two-part "LXC networking superguide" that covers a bunch of LXC networking concepts, as well as practical ideas on connecting containers (Part1 and Part 2). Part 1 starts with an introduction to LXC networking, then moves into extending layer 2 to remote hosts using a layer 3 tunnel. Part 2 looks at using LXC containers as routers. "We are going to create a bridge on 2 remote hosts over their public IPs and connect the bridges with Ethernet over GRE or L2tpv3 so containers connecting to these bridges are on the same layer 2 network. We will first show you how to do this with Ethernet over GRE and then L2tpv3. The main difference is Ethernet over GRE is less well known while L2tpv3 is more widely used for l2 extension and uses UDP, and thus could be more flexible."

Thursday's security advisories

Thursday 22nd of January 2015 03:23:01 PM

Fedora has updated binutils (F21: two vulnerabilities), cross-binutils (F21; F20: multiple vulnerabilities), exiv2 (F21: denial of service), libsndfile (F21: code execution), and python-pillow (F21: denial of service).

Mageia has updated freeciv (code execution).

Oracle has updated java-1.7.0-openjdk (OL5: multiple vulnerabilities).

Red Hat has updated java-1.7.0-openjdk (RHEL6&7; RHEL5: multiple vulnerabilities), java-1.8.0-openjdk (RHEL6: multiple vulnerabilities), kernel (RHEL6.5: multiple vulnerabilities), and openssl (RHEL6&7: multiple vulnerabilities).

[$] LWN.net Weekly Edition for January 22, 2015

Thursday 22nd of January 2015 01:40:06 AM
The LWN.net Weekly Edition for January 22, 2015 is available.

Security advisories for Wednesday

Wednesday 21st of January 2015 06:19:22 PM

CentOS has updated java-1.7.0-openjdk (C7; C6; C5: multiple vulnerabilities), java-1.8.0-openjdk (C6: multiple vulnerabilities), and openssl (C7; C6: multiple vulnerabilities).

Debian has updated privoxy (use after free) and sympa (information disclosure).

Fedora has updated elfutils (F20: directory traversal), gd (F20: memory leak), libsndfile (F20: multiple vulnerabilities), and openssl (F20: multiple vulnerabilities).

Oracle has updated java-1.7.0-openjdk (OL7; OL6: multiple vulnerabilities), java-1.8.0-openjdk (OL6: multiple vulnerabilities), and openssl (OL7; OL6: multiple vulnerabilities).

Scientific Linux has updated java-1.7.0-openjdk (SL6,7; SL5: multiple vulnerabilities), java-1.8.0-openjdk (SL6: multiple vulnerabilities), and openssl (SL6,7: multiple vulnerabilities).

Slackware has updated samba (privilege escalation).

SUSE has updated bind (SLE12: denial of service).

Cory Doctorow Rejoins EFF to Eradicate DRM Everywhere

Tuesday 20th of January 2015 10:52:31 PM
The Electronic Frontier Foundation has announced that Cory Doctorow has rejoined the organization "to battle the pervasive use of dangerous digital rights management (DRM) technologies that threaten users' security and privacy, distort markets, confiscate public rights, and undermine innovation."

Shuttleworth: Smart things powered by snappy Ubuntu Core on ARM and x86

Tuesday 20th of January 2015 10:05:44 PM
Mark Shuttleworth takes a look at Ubuntu and the Internet of Things. "Ubuntu is right at the heart of the “internet thing” revolution, and so we are in a good position to raise the bar for security and consistency across the whole ecosystem. Ubuntu is already pervasive on devices – you’ve probably seen lots of “Ubuntu in the wild” stories, from self-driving cars to space programs and robots and the occasional airport display. I’m excited that we can help underpin the next wave of innovation while also thoughtful about the responsibility that entails. So today we’re launching snappy Ubuntu Core on a wide range of boards, chips and chipsets, because the snappy system and Ubuntu Core are perfect for distributed, connected devices that need security updates for the OS and applications but also need to be completely reliable and self-healing. Snappy is much better than package dependencies for robust, distributed devices."

Tuesday's security updates

Tuesday 20th of January 2015 06:00:57 PM

Debian has updated icedove (multiple vulnerabilities).

Debian-LTS has updated tomcat6 (exception on empty XML attributes).

Mageia has updated binutils (multiple vulnerabilities), coreutils (code execution), elfutils (directory traversal), file (denial of service), iceape (multiple vulnerabilities), moodle (multiple vulnerabilities), and otrs (privilege escalation).

SUSE has updated libpng16 (SLE12: two vulnerabilities).

Ubuntu has updated thunderbird (14.10, 14.04, 12.04: multiple vulnerabilities).

PSF 2014 Year in Review

Monday 19th of January 2015 09:08:33 PM
The Python Software Foundation begins a review of 2014. "2014 was an eventful year for the Python community, and so we thought a brief rundown of highlights from last year should put us all in the right frame of mind to make 2015 an equally, or even more, productive year. There was so much activity in 2014, that it will take the next couple of blog posts to cover it all, so today's post will focus on membership growth, PSF funding, and conferences."

Linux.conf.au 2015 videos

Monday 19th of January 2015 09:07:39 PM
Videos from linux.conf.au 2015 have been posted to YouTube.

Kernel prepatch 3.19-rc5

Monday 19th of January 2015 05:59:02 PM
On January 18, Linus Torvalds released the fifth prepatch for Linux 3.19. Things are not calming down quite the way he would like and rc5 is larger than rc4, but: "That said, it's not like there is anything particularly scary in here. The arm64 vm bug that I mentioned as pending in the rc4 notes got fixed within a day of that previous rc release, and the rest looks pretty standard. Mostly drivers (networking, usb, scsi target, block layer, mmc, tty etc), but also arch updates (arm, x86, s390 and some tiny powerpc fixes), some filesystem updates (fuse and nfs), tracing fixes, and some perf tooling fixes."

Security advisories for Monday

Monday 19th of January 2015 05:37:21 PM

Debian has updated lsyncd (command injection) and xdg-utils (command execution).

Debian-LTS has updated ia32-libs (multiple vulnerabilities).

Fedora has updated elfutils (F21: directory traversal), gd (F21: denial of service), libhtp (F21; F20: denial of service), thunderbird (F21: multiple vulnerabilities), and xen (F21; F20: denial of service).

Mageia has updated firefox, thunderbird (multiple vulnerabilities) and python-django, python-django14 (multiple vulnerabilities).

Mandriva has updated kernel (multiple vulnerabilities).

openSUSE has updated firefox (13.2; 13.1: multiple vulnerabilities), openstack-dashboard (13.1: multiple vulnerabilities), and vsftpd (13.2, 13.1: unspecified vulnerability).

Slackware has updated freetype (code execution), firefox (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and seamonkey (multiple vulnerabilities).

SUSE has updated firefox (SLE12: multiple vulnerabilities).

Ubuntu has updated libevent (14.10, 14.04, 12.04, 10.04: denial of service), libssh (14.10, 14.04, 12.04: denial of service), and rpm (14.10, 14.04, 12.04: code execution).

Taylor: gnome-battery-bench

Friday 16th of January 2015 10:36:36 PM
On his blog, Owen Taylor introduces gnome-battery-bench, which is a tool to measure power usage that should help lengthen battery life on Linux systems. It can smooth out the somewhat jumpy numbers reported by powertop and provide graphical feedback of parameters like power usage and estimated battery life remaining. "gnome-battery-bench is designed as a graphical application because I want to encourage people to explore with it and find out interactively what is using power on their system. And graphing is also useful so that the user can see when something is going wrong with the measurement; sometimes batteries will report data that jumps around. But there’s also a command line version that can be used for automatic scripting of benchmarks. I decided to use recorded sequences of events for a couple of reasons: first, it’s easy for anybody to create new test sequences – you just run the gnome-battery-bench command line tool in record mode and do what you want to test. Second, playing back event sequences at a low level simulates user interaction very accurately. There is little CPU overhead, and as far as the desktop is concerned it’s exactly like user input."

Stable kernels 3.18.3, 3.14.29, and 3.10.65

Friday 16th of January 2015 06:45:54 PM
Greg Kroah-Hartman has released the 3.18.3, 3.14.29, and 3.10.65 stable kernels. As usual, there are fixes in various places throughout the tree and users should upgrade.

Friday's security updates

Friday 16th of January 2015 03:23:10 PM

Debian has updated rpm (two code execution flaws).

Debian-LTS has updated curl (HTTP request injection).

openSUSE has updated flash-player (13.2, 13.1: multiple vulnerabilities), flashplayer (11.4: multiple vulnerabilities), and util-linux (13.2, 13.1: code execution).

SUSE has updated flash-player (SLE11SP3; SLE12: multiple vulnerabilities) and kernel (SLE12: multiple vulnerabilities, one from 2013).

[$] Eben Moglen returns to LCA

Thursday 15th of January 2015 09:08:24 PM
One of the defining moments of LCA 2005 was Eben Moglen's keynote, which was mostly focused on the dangers that software patents presented to our community. Ten years later, Eben returned to LCA for another keynote address. While he had some things to say about software patents, it is clear that Eben thinks that the largest threats to our community — and our freedom in general — come from elsewhere.

Varda: Sandstorm raises $1.3M seed; paying forward crowdfunds

Thursday 15th of January 2015 07:48:29 PM
On the Sandstorm blog, co-founder and CEO Kenton Varda gives an update on the funding and plans for the company behind the open-source Sandstorm personal cloud platform. We looked at the project back in June. "In fact, we are now arguably more aligned with the community than before. Whereas previously there had been a lot of pressure on us to focus on our subscription-based managed hosting option as a way to get revenue, our immediate goal now is just to develop and prove the platform. That means that self-hosted users are just as important to us as paying subscribers. To that end, the first thing we have done with our new money is to hire Asheesh Laroia, a long-time self-hosting and Free Software enthusiast, whose main focus will be improving Sandstorm’s self-hosting experience. To be clear, everything you need to run your own Sandstorm server will always be free and open source, still developed in the open."

Security advisories for Thursday

Thursday 15th of January 2015 05:01:49 PM

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities), thunderbird (C6; C5: three vulnerabilities), and xulrunner (C7: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities) and kernel (multiple vulnerabilities, including one from 2013).

Debian-LTS has updated unrtf (two code execution flaws).

Fedora has updated firefox (F21; F20: multiple vulnerabilities), kde-runtime (F21: kwallet crypto botch from 2013), and owasp-esapi-java (F21; F20: crypto botch from 2013).

Mageia has updated flash-player-plugin (multiple vulnerabilities) and python-pip (denial of service).

Mandriva has updated libsndfile (code execution), libvirt (denial of service), mpfr (code execution), and untrf (denial of service).

Oracle has updated firefox (OL5: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL5&6: multiple vulnerabilities).

SUSE has updated kernel (SLERTE11SP3: multiple vulnerabilities, some from 2012 and 2013) and xorg-x11-server (SLE11SP3: multiple vulnerabilities).

Ubuntu has updated coreutils (14.04, 12.04, 10.04: two vulnerabilities, one from 2009), curl (HTTP request injection), firefox (14.10, 14.04, 12.04: multiple vulnerabilities), gparted (12.04: code execution), GTK+ (14.04: lock screen bypass), unzip (three code execution flaws), and ubufox (14.10, 14.04, 12.04: multiple vulnerabilities).

[$] LWN.net Weekly Edition for January 15, 2015

Thursday 15th of January 2015 01:24:07 AM
The LWN.net Weekly Edition for January 15, 2015 is available.

More in Tux Machines

today's leftovers

Ninja Blocks prepares to begin shipping, announces major Ubuntu IoT deal

Ninja Blocks has begun shipping the Ninja Sphere and announced it has signed up as a key partner for Canonical’s Ubuntu Core embedded device operating system, as it opens its first office in the US. The startup launched in 2012, when it was selected to participate the Startmate accelerator program, and also smashed a Kickstarter campaign for its first product, which was also called Ninja Blocks. Read more

Netrunner 14.1 – Main Edition (Frontier)

The “14.1” indicates an updated and polished release of Netrunner 14 LTS on the same underlying base. Since 14.1 is using the same base “trusty” like Netrunner 14, there is no need for users of 14 to migrate: Simply updating from the shared backports ppa of the Frontier release cycle should give the same result, while keeping customizations in place. Read more

Wayland 1.6.1 & Weston 1.6.1 Released

Bryce Harrington, the former Canonical employee part of Ubuntu's X/Mir team turned Samsung open-source employee, has issued the first maintenance update for Wayland 1.6. Wayland 1.6.1 and the reference compositor Weston 1.6.1 were released on Friday night by Harrington. The Wayland 1.6.1 stable update has just over a dozen changes and they're mostly tiny bug-fixes/corrections but there is also improved handling for some error situations between servers and clients. The brief Wayland 1.6.1 release announcement can be read on the Wayland mailing list. Read more