Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 28 min 22 sec ago

Wayland and Weston 1.6.0 released

Friday 19th of September 2014 04:35:27 PM
The version 1.6.0 releases of the Wayland display manager and Weston compositor are available. Wayland improvements include better error handling and an improved self-testing infrastructure. On the Weston side, they have made a number of xdg-shell protocol changes ("Yes, we broke it again since 1.5.0"), some keyboard repeat improvements, a switch to libinput by default, and more.

Friday's security advisories

Friday 19th of September 2014 04:12:23 PM

Debian has updated apt (regression in previous security update).

Fedora has updated apache-poi (F20: two XML handling flaws), asterisk (F20; F19: denial of service), haproxy (F20: unspecified vulnerabilities), kernel (F20: three vulnerabilities), pdns-recursor (F20; F19: denial of service), polkit-qt (F20; F19: authorization bypass), and ReviewBoard (F19: two vulnerabilities).

openSUSE has updated lua (code execution) and squid (denial of service).

Simply Secure announces itself

Thursday 18th of September 2014 05:07:13 PM
A new organization to "make security easy and fun" has announced itself in a blog post entitled "Why Hello, World!". Simply Secure is targeting the usability of security solutions: "If privacy and security aren’t easy and intuitive, they don’t work. Usability is key." The organization was started by Google and Dropbox; it also has the Open Technology Fund as one of its partners. "To build trust and ensure quality outcomes, one core component of our work will be public audits of interfaces and code. This will help validate the security and usability claims of the efforts we support. More generally, we aim to take a page from the open-source community and make as much of our work transparent and widely-accessible as possible. This means that as we get into the nitty-gritty of learning how to build collaborations around usably secure software, we will share our developing methodologies and expertise publicly. Over time, this will build a body of community resources that will allow all projects in this space to become more usable and more secure."

Thursday's security advisories

Thursday 18th of September 2014 01:28:14 PM

Debian has updated icedove (two vulnerabilities) and libav (multiple unspecified vulnerabilities).

openSUSE has updated curl (13.1, 12.3: two cookie-handling vulnerabilities).

Oracle has updated automake (OL5: code execution from 2012), bind97 (OL5: three vulnerabilities, two from 2013), conga (OL5: multiple vulnerabilities some going back to 2012), krb5 (OL5: code execution), krb5 (OL5: multiple vulnerabilities, two from 2013), and nss, nspr (multiple vulnerabilities, one from 2013).

SUSE has updated squid3 (SLE11SP3: denial of service).

[$] LWN.net Weekly Edition for September 18, 2014

Wednesday 17th of September 2014 11:58:04 PM
The LWN.net Weekly Edition for September 18, 2014 is available.

Some stable kernel updates

Wednesday 17th of September 2014 09:30:49 PM
Greg Kroah-Hartman has made some progress on the stable patch backlog with the release of 3.16.3, 3.14.19, and 3.10.55.

[$] X and SteamOS

Wednesday 17th of September 2014 05:48:52 PM
In a talk entitled "SteamOS Magic", longtime X developer Keith Packard looked at the new Linux "distribution" and the effort to turn the Linux desktop into a gaming console. It turns out that, with a fairly small amount of code, Steam and SteamOS creator, Valve, was able to take the existing X-based desktop and turn it into a "living-room experience".

Click below (subscribers only) for the full report from LinuxCon North America.

Security advisories for Wednesday

Wednesday 17th of September 2014 04:12:50 PM

Debian has updated apt (multiple vulnerabilities) and dbus (multiple vulnerabilities).

Red Hat has updated krb5 (RHEL5: code execution).

SUSE has updated procmail (SLE11 SP3: code execution) and kernel (SLES11 SP1: multiple vulnerabilities).

Ubuntu has updated apt (multiple vulnerabilities), libav (12.04: code execution), and openjdk-7 (14.04: updates for arm64 and ppc64el).

Garrett: ACPI, kernels and contracts with firmware

Wednesday 17th of September 2014 12:18:15 PM
Matthew Garrett writes about the challenges faced by the developers working on ACPI-based ARM systems. "Somebody is going to need to take responsibility for tracking ACPI behaviour and incrementing the exported interface whenever it changes, and we need to know who that's going to be before any of these systems start shipping. The alternative is a sea of ARM devices that only run specific kernel versions, which is exactly the scenario that ACPI was supposed to be fixing."

[$] OpenSSL's new security policy

Wednesday 17th of September 2014 09:07:44 AM

The OpenSSL project is widely known due to its broad adoption as the SSL/TLS library of choice for open-source software—though, in April, it also became widely known because of a particularly vicious security vulnerability. To a large degree, the project weathered the storm, but the project has also undertaken some changes in the wake of the incident. The most recent is the adoption of a public security policy describing how issues of various kinds will be dealt with.

openSUSE statement on the recent Merger announcement

Tuesday 16th of September 2014 11:31:41 PM
SUSE's parent entity, the Attachmate Group has entered into an agreement to merge with Micro Focus, prompting some to wonder about how that might affect openSUSE. SUSE's President and General Manager, Nils Brauckmann has contacted the openSUSE Board with a reassuring message. "Business as Usual: There are no changes planned for the SUSE business structure and leadership."

SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn (The Register)

Tuesday 16th of September 2014 05:48:23 PM
The Register reports that SUSE Linux owner Attachmate Group is being purchased by Micro Focus International. "Micro Focus is taking Attachmate Group in exchange for 86.60 million shares, in a deal described as a merger. The combined companies will create a “leading global infrastructure software company” with revenue of $1.4bn, Micro Focus said. The deal is expected to close in November."

New MINIX release for x86 and ARM is BSD compatible

Tuesday 16th of September 2014 05:36:59 PM
Andrew Tanenbaum has announced the release of MINIX 3.3.0, a major new release of the OS. "It is based on a tiny (13 KLoC) microkernel with the operating system running as a set of protected user-mode processes. Each device driver is also a separate process. If a driver fails, it is automatically and transparently restarted without rebooting and without applications even noticing, making the system self-healing. In addition to the x86, the ARM Cortex A8 is now supported, with ports to the BeagleBoard and BeagleBone available. Finally, the entire userland has been redone to make it NetBSD compatible, with thousands of NetBSDpackages available out of the box."

Tuesday's security updates

Tuesday 16th of September 2014 03:59:27 PM

CentOS has updated axis (C6; C5: SSL hostname verification bypass).

openSUSE has updated php5 (13.1, 12.3: multiple vulnerabilities), ppp (13.1, 12.3: privilege escalation), python-django (13.1, 12.3: multiple vulnerabilities), and flash-player (11.4: multiple vulnerabilities).

Oracle has updated axis (OL6; OL5: SSL hostname verification bypass).

Red Hat has updated automake (RHEL5: code execution), bind97 (RHEL5: denial of service), conga (RHEL5: multiple vulnerabilities), krb5 (RHEL5: multiple vulnerabilities), and nss, nspr (RHEL5: multiple vulnerabilities).

Scientific Linux has updated axis (SL5&6: SSL hostname verification bypass).

SUSE has updated glibc (SLES10 SP3; SLES11 SP2: multiple vulnerabilities).

Ubuntu has updated python-django (multiple vulnerabilities).

The road to Rust 1.0

Tuesday 16th of September 2014 01:04:41 PM
The Rust Programming Language Blog has an article describing recent changes to the language and what remains to be done for the eventual 1.0 release. "The key to all these changes has been a focus on the core concepts of ownership and borrowing. Initially, we introduced ownership as a means of transferring data safely and efficiently between tasks, but over time we have realized that the same mechanism allows us to move all sorts of things out of the language and into libraries. The resulting design is not only simpler to learn, but it is also much 'closer to the metal' than we ever thought possible before. All Rust language constructs have a very direct mapping to machine operations, and Rust has no required runtime or external dependencies."

RPM 4.12.0 released

Tuesday 16th of September 2014 12:48:38 PM
Version 4.12.0 of the RPM package manager is out. New features include weak dependencies ("suggests," "recommends," "supplements," and "enhances" tags), a new rpm2archive utility to turn a package into a tar archive, lots of internal improvements, the removal of the "collections" feature, and, for those who think it is wise, the ability to put files larger than 4GB into a package.

Intel's Edison Brings Yocto Linux to Wearables (Linux.com)

Monday 15th of September 2014 11:04:54 PM
Linux.com takes a look at Intel's Edison computing module. "Linux-based platforms for wearables include Android Wear, Samsung's Tizen SDK for Wearables, and now Intel's Yocto Linux and Intel Atom-based Edison computing module. The Edison was released last week in conjunction with the Intel Developer Forum. Prior to the formal launch, some 70 Intel Edison beta units have been seeded, forming the basis for about 40 Edison-based projects, says Intel."

Freenode server compromised

Monday 15th of September 2014 07:48:18 PM
The freenode infrastructure team found a server issue that indicated that an IRC server may have been compromised. "We immediately started an investigation to map the extent of the problem and located similar issues with several other machines and have taken those offline. For now, since network traffic may have been sniffed, we recommend that everyone change their NickServ password as a precaution." (Thanks to Paul Wise)

Security advisories for Monday

Monday 15th of September 2014 04:59:10 PM

Fedora has updated curl (F20: two cookie-handling vulnerabilities), GraphicsMagick (F19: code execution), libreoffice (F20: file disclosure), and procmail (F20: code execution).

Mageia has updated dump (denial of service/possible code execution), glibc (two vulnerabilities), libgadu (missing ssl certificate validation), mariadb (code execution), and moodle (two vulnerabilities).

openSUSE has updated LibreOffice (13.1, 12.3: two vulnerabilities).

Red Hat has updated axis (RHEL5&6: SSL hostname verification bypass), python-django-horizon (RHEL OSP4.0: multiple vulnerabilities), and qemu-kvm-rhev (RHEL OSP4&5, RHEL6: code execution).

SUSE has updated firefox (SLES11 SP1: multiple vulnerabilities), flash-player (SLED11 SP3: multiple vulnerabilities), and glibc (SLE11 SP3: code execution).

Ubuntu has updated curl (two cookie-handling vulnerabilities).

LedgerSMB 1.4.0 released

Monday 15th of September 2014 02:43:19 PM
Version 1.4.0 of the LedgerSMB accounting system is out. It features a new contact management subsystem, a reworked report generation subsystem, better integration with other business applications, and more. The announcement left out download information; those who are interested can find the software at ledgersmb.org.

More in Tux Machines

Native Netflix, Ts'o on Systemd, and Fedora 21 Alpha a Go

In today's Linux news OMG!Ubuntu! is reporting that Netflix is coming to Linux, this time natively. Jack Germain reviews Opera 12.16. Steven J. Vaughan-Nichols talks to Theodore Ts'o about systemd. A preview of new Kmail show radical redesign. And finally today, Fedora 21 Alpha was approved for release! Read more

Ubuntu gets closer to debut in Meizu MX4 phone

The Ubuntu project announced a stable build for Ubuntu Touch phones, a week after Meizu tipped an Ubuntu version of the Meizu MX4 phone due in December. The Ubuntu for Phones team at the Canonical’s Ubuntu Project announced the arrival of the first image from the Ubuntu-rtm (release to manufacturing) distribution for phones. The announcement followed last week’s tease from Meizu, saying a version of the Android-based Meizu MX4 was on schedule for shipping with Ubuntu in December. Read more

Android L Will Keep Your Secrets Safer

Hard on the heels of increased security measures in Apple's newly released iOS 8, Google this week confirmed that encryption will be turned on by default in the next release of Android. Android has offered encryption for more than three years, and keys are not stored off the device, so they can't be shared with law enforcement, Google said. In the next Android release, encryption will be enabled by default. Read more

WHAT THE GNOME RELEASE TEAM IS DOING

At the release team BoF at this years Guadec, I said I would write a blog post about the whats and hows and ifs of release team work. I’m a little late with this, but here it is: a glimpse into the life of a GNOME release team member. We are in the end phase of the development cycle, when the release team work is really kicking into high gear. Read more