Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 6 hours 44 min ago

Supreme Court won’t weigh in on Oracle-Google API copyright battle (Ars Technica)

8 hours 22 min ago
Ars Technica reports that the US Supreme Court rejected Google's appeal of the Google-Oracle API copyright dispute. "Despite the high court's inaction on the case, the Google-Oracle legal flap is far from resolved. That's because the appeals court sent the case back to the lower courts to determine whether Google's use of the code in Android—which it no longer uses—constitutes a "fair use." Oracle is seeking $1 billion in damages. "This is not the end of the road for this case—the Federal Circuit decision explicitly left open the possibility that the kinds of uses Google made were permissible under copyright's fair use doctrine," said Charles Duan, the director of Public Knowledge's patent reform project." (Thanks to Martin Michlmayr)

[$] News and updates from DockerCon 2015

9 hours 44 min ago

DockerCon on June 22 and 23 was a much bigger affair than CoreOSFest or ContainerCamp was. DockerCon rented out the San Francisco Marriott for the event; the keynote ballroom seats 2000. That's a pretty dramatic change from the first DockerCon last year, with roughly 500 attendees; it shows the huge growth of interest in Linux containers. Or maybe, given that it's Silicon Valley, what you're seeing is the magnetic power of $95 million in round-C funding.

Subscribers can click below for a report from DockerCon by guest author Josh Berkus.

Security advisories for Wednesday

12 hours 16 min ago

Debian has updated jackrabbit (information leak).

Debian-LTS has updated libcrypto++ (information disclosure), libmodule-signature-perl (multiple vulnerabilities), and ruby1.9.1 (denial of service).

Fedora has updated abrt (F21: multiple vulnerabilities), cups-x2go (F22: multiple vulnerabilities), elfutils (F22: hardening fixes), gnome-abrt (F21: multiple vulnerabilities), kernel (F21: denial of service), libreport (F21: multiple vulnerabilities), pam (F22: denial of service), and rubygem-activesupport (F22; F21: two vulnerabilities).

Mageia has updated apache-mod_jk (MG4: information disclosure), drupal (MG4,5: multiple vulnerabilities), libvpx (MG4,5: denial of service), p7zip (MG4,5: directory traversal), postgresql (MG4: multiple vulnerabilities), and python-tornado (MG4: side-channel attack).

openSUSE has updated p7zip (13.2, 13.1: directory traversal).

Oracle has updated openssl (OL5: multiple vulnerabilities).

Scientific Linux has updated openssl (SL5: multiple vulnerabilities).

Linux Foundation Announces R Consortium

Tuesday 30th of June 2015 05:34:06 PM
The Linux Foundation has announced the R Consortium. "The R language is used by statisticians, analysts and data scientists to unlock value from data. It is a free and open source programming language for statistical computing and provides an interactive environment for data analysis, modeling and visualization. The R Consortium will complement the work of the R Foundation, a nonprofit organization based in Austria that maintains the language. The R Consortium will focus on user outreach and other projects designed to assist the R user and developer communities. Founding companies and organizations of the R Consortium include The R Foundation, Platinum members Microsoft and RStudio; Gold member TIBCO Software Inc.; and Silver members Alteryx, Google, HP, Mango Solutions, Ketchum Trading and Oracle."

Tuesday's security advisories

Tuesday 30th of June 2015 05:13:21 PM

CentOS has updated postgresql (C7; C6: multiple vulnerabilities) and xerces-c (C7: denial of service).

Debian has updated unattended-upgrades (authentication bypass).

Debian-LTS has updated aptdaemon (information leak), hostapd (denial of service), jqueryui (cross-site scripting), and shibboleth-sp2 (denial of service).

Fedora has updated chicken (F22; F21: out-of-bounds read), openvas-cli (F21: sql injection), openvas-libraries (F21: sql injection), openvas-manager (F21: sql injection), openvas-scanner (F21: sql injection), php-htmLawed (F22; F21: multiple vulnerabilities), postgresql (F21: multiple vulnerabilities), python-jwt (F22; F21: token verification bypass), rubygem-jquery-rails (F22; F21: CSRF vulnerability), and rubygem-web-console (F22: code execution).

Oracle has updated postgresql (OL7; OL6: multiple vulnerabilities) and xerces-c (OL7: denial of service).

Red Hat has updated kernel (RHEL6.5: two vulnerabilities), openssl (RHEL5: multiple vulnerabilities), postgresql (RHEL6,7: multiple vulnerabilities), postgresql92-postgresql (RHSCL2: multiple vulnerabilities), rh-postgresql94-postgresql (RHSCL2: multiple vulnerabilities), and xerces-c (RHEL7: denial of service).

Scientific Linux has updated nss (SL6,7: cipher-downgrade attacks), postgresql (SL6,7: multiple vulnerabilities), and xerces-c (SL7: denial of service).

SUSE has updated java-1_6_0-ibm (SLEM12: multiple vulnerabilities).

Ubuntu has updated oxide-qt (15.04, 14.10, 14.04: multiple vulnerabilities) and unattended-upgrades (15.04, 14.10, 14.04, 12.04: authentication bypass).

Amazon's new TLS implementation

Tuesday 30th of June 2015 01:25:25 PM
Amazon has announced the release of a new TLS library called "s2n" under the Apache license. "s2n is a library that has been designed to be small, fast, with simplicity as a priority. s2n avoids implementing rarely used options and extensions, and today is just more than 6,000 lines of code. As a result of this, we’ve found that it is easier to review s2n; we have already completed three external security evaluations and penetration tests on s2n, a practice we will be continuing."

Stable kernel updates

Monday 29th of June 2015 11:07:18 PM
Four new stable kernels are available; 4.1.1, 4.0.7, 3.14.46, and 3.10.82. All contain important fixes.

Security updates for Monday

Monday 29th of June 2015 03:57:11 PM

Debian has updated libcrypto++ (information disclosure).

Debian-LTS has updated cacti (multiple vulnerabilities), libwmf (denial of service), and t1utils (code execution).

Fedora has updated kernel (F22: denial of service).

openSUSE has updated roundcubemail (13.2: two vulnerabilities).

Scientific Linux has updated kvm (SL5: code execution).

SUSE has updated java-1_7_0-ibm (SLE11SP3: multiple vulnerabilities) and Xen (SLES11SP2; SLES11SP1: multiple vulnerabilities).

Valve: Introducing SteamOS "brewmaster"

Friday 26th of June 2015 09:17:17 PM

Valve has announced the first preview release of its forthcoming SteamOS update. The new release is based on Debian 8.1 with long-term support kernel 3.18; there are downloadable builds linked to in the announcement for both UEFI and legacy BIOS systems. There appear to be few user-visible differences between the new release and the current SteamOS so far, though; the announcement notes: "Although there are a lot of changes under the covers, the overall functionality and experience of brewmaster is the same as alchemist."

Friday's security updates

Friday 26th of June 2015 03:14:03 PM

CentOS has updated kvm (C5: code execution).

Debian-LTS has updated librack-ruby (denial of service) and libwmf (multiple vulnerabilities).

openSUSE has updated flash-player (13.1, 13.2: code execution), chromium (13.1, 13.2: multiple vulnerabilities), and openssl (13.1, 13.2: multiple vulnerabilities).

Oracle has updated kvm (O5: code execution) and nss (O6; O7: cipher-downgrade attacks).

Red Hat has updated kernel (RHEL5: privilege escalation) and kvm (RHEL5: code execution).

Scientific Linux has updated kernel (SL7: multiple vulnerabilities) and mailman (SL7: code execution).

SUSE has updated compat-openssl098 (SLE12: multiple vulnerabilities), KVM (SLE11 SP3: multiple vulnerabilities), and openssl (SLE12: multiple vulnerabilities).

Ardour 4.1 released

Thursday 25th of June 2015 11:51:37 PM
Version 4.1 of the Ardour digital audio workstation software has been released. There are some new features in the release including input gain control, support for capture-only and playback-only devices, a real "Save As" option (with the old option being renamed to "Snapshot (& switch to new version)"), and allowing plugins to be reordered and meter positions to change without adding a click into the audio. There are also lots of user interface changes, including better High-DPI support. "This release contains several new features, both internally and in the user interface, and a slew of bug fixes worthy of your attention. Encouragingly, we also have one of our longest ever contributor lists for this release. We had hoped to be on a roughly monthly release cycle after the release of 4.0, but collaborations with other organizations delayed 4.1 by nearly a month."

Joint Statement from the UCC and KC

Thursday 25th of June 2015 10:34:18 PM
The Ubuntu Community Council (UCC) and Kubuntu Council (KC) have issued a joint statement regarding the conflict between Jonathan Riddell and the UCC. "We have mutually agreed that KDE is important to Ubuntu, and the Kubuntu Council believes that Ubuntu is important to the KDE community as well. Therefore we have a basis to work together on putting out a lovely Wily release. We recognize that there are honest and strong feelings about both the things that led up to the current controversy and the way that resolution of it was handled. Despite that, we would all like to move forward as best we can for the betterment of the Ubuntu project, including Kubuntu." LWN covered the controversy in late May.

Thursday's security updates

Thursday 25th of June 2015 03:05:28 PM

CentOS has updated nss (C7; C6: cipher downgrade) and nss-util (C7; C6: cipher downgrade).

Debian has updated cacti (three vulnerabilities).

Fedora has updated xen (F20: multiple vulnerabilities).

Oracle has updated kernel 2.6.39 (OL6; OL5: two vulnerabilities), kernel 3.8.13 (OL7; OL6: two vulnerabilities), and kernel 2.6.32 (OL6; OL5: two vulnerabilities)

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), flash-plugin (RHEL5&6: code execution), nss (RHEL6&7: cipher downgrade), php55-php (RHSC2: multiple vulnerabilities), and rh-php56-php (RHSC2: multiple vulnerabilities).

Scientific Linux has updated libreswan (SL7: denial of service) and php (SL7: multiple vulnerabilities).

SUSE has updated IBM Java (SLE10SP4: multiple vulnerabilities) and Java (SLE11SP2: multiple vulnerabilities).

Ubuntu has updated python2.7, python3.2, python3.4 (14.10, 14.04, 12.04: multiple vulnerabilities, some from 2013), tomcat6 (12.04: three vulnerabilities), and tomcat7 (15.04, 14.10, 14.04: multiple vulnerabilities).

[$] LWN.net Weekly Edition for June 25, 2015

Thursday 25th of June 2015 12:40:59 AM
The LWN.net Weekly Edition for June 25, 2015 is available.

[$] A report from PGCon 2015

Wednesday 24th of June 2015 05:14:26 PM
PGCon 2015, the PostgreSQL international developer conference, took place in Ottawa, Canada from June 16 to 20. This PGCon involved a change in format from prior editions, with a "developer unconference" in the two days before the main conference program. Both the conference and the unconference covered a wide range of topics, many of them related to horizontal or vertical scaling, or to new PostgreSQL features.

Subscribers can click below for a report from the conference from guest author Josh Berkus.

Security updates for Wednesday

Wednesday 24th of June 2015 04:58:08 PM

Arch Linux has updated flashplugin (code execution).

CentOS has updated kernel (C7: multiple vulnerabilities), libreswan (C7: denial of service), mailman (C7: path traversal attack), and php (C7: multiple vulnerabilities).

Debian has updated wireshark (denial of service).

Debian-LTS has updated zendframework (regression in previous update).

Fedora has updated curl (F22: information disclosure), libwmf (F21: code execution), openssl (F21: multiple vulnerabilities), and xen (F22; F21: multiple vulnerabilities).

Mageia has updated flash-player-plugin (multiple vulnerabilities).

openSUSE has updated cacti (13.2, 13.1: SQL injection), curl (13.2, 13.1: information disclosure), and libwmf (13.2; 13.1: code execution).

Oracle has updated kernel (OL7: multiple vulnerabilities), libreswan (OL7: denial of service), mailman (OL7: path traversal attack), and php (OL7: multiple vulnerabilities).

SUSE has updated flash-player (SLED12: code execution).

Red Hat Announces Winners of Women in Open Source Awards

Tuesday 23rd of June 2015 10:19:01 PM
Red Hat has announced the winners of its Women in Open Source Awards. The Academic Award goes to Kesha Shah, a student at Dhirubhai Ambani Institute of Information and Communication Technology, and the Community Award goes to Sarah Sharp, embedded software architect at Intel. Opensource.com has interviews with both women.

Kesha Shah: "Last year, I was a mentor in Season of KDE and GCI again, with BRLCAD and KDE. Now, I am currently working on testing automation of Ushahidi with Systers, an Anita Borg community, as a part of GSoC. During my journey, I had seen several of my peers enter the domain, succeed, and fail in equal measure. So, I took up the challenge of mentoring newbies. One of my biggest achievements is that I have personally guided about 20-22 newbies into the world of open source through mentoring programs like GCI, SoK, Learn IT girls, and through conducting hands-on workshops and enlightening talks on open source. Those efforts converted them to regular contributors."

Sarah Sharp: "My second proudest moment is the very first round when the Linux kernel participated in the Outreach Program for Women (now called Outreachy). A lot of kernel maintainers complained about how newcomers would send them mangled patches, and grump about how the newcomers should really just RTFM and look at our patch submission guidelines. Of course, it turned out the manual was lacking or out of date, and there were a lot of steps to set up tools for Linux kernel development, so I spent a week and created a step-by-step tutorial. It was really gratifying to see those first applicants go through my tutorial and send well-formed patches. I've loved watching those interns move onto bigger projects, and even get hired to work on the Linux kernel, and I'm really proud I was able to help people get involved in Linux kernel development."

Stable kernel updates

Tuesday 23rd of June 2015 06:08:24 PM
Greg Kroah-Hartman has released stable kernels 4.0.6, 3.14.45, and 3.10.81. All of them contain important fixes throughout the tree.

Tuesday's security advisories

Tuesday 23rd of June 2015 05:10:29 PM

Arch Linux has updated curl (information disclosure).

Debian-LTS has updated postgresql-8.4 (denial of service).

Fedora has updated xorg-x11-server (F22: permission bypass).

Gentoo has updated chromium (multiple vulnerabilities) and gnutls (denial of service).

Red Hat has updated kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7; RHEMRG2.5: multiple vulnerabilities), libreswan (RHEL7: denial of service), mailman (RHEL7: path traversal attack), and php (RHEL7: multiple vulnerabilities).

SUSE has updated e2fsprogs (SLE11SP4: code execution).

Ubuntu has updated kernel (14.10; 14.04; 12.04: regression in previous update), linux-ti-omap4 (12.04: regression in previous update), linux-lts-trusty (12.04: regression in previous update), linux-lts-utopic (14.04: regression in previous update), and patch (14.10, 14.04, 12.04: multiple vulnerabilities).

The Open Container Project

Monday 22nd of June 2015 07:01:01 PM
The Open Container Project has announced its existence. "Housed under the Linux Foundation, the OCP’s mission is to enable users and companies to continue to innovate and develop container-based solutions, with confidence that their pre-existing development efforts will be protected and without industry fragmentation. As part of this initiative, Docker will donate the code for its software container format and its runtime, as well as the associated specifications. The leadership of the Application Container spec (“appc”) initiative, including founding member CoreOS, will also be bringing their technical leadership and support to OCP."

More in Tux Machines

Turning Windows users into Linux users with MakuluLinux Aero

Slick, sleek, and fast and very Windows-like ... this is a distro that could get your users on the path of OS righteousness Read more

Open Source Education Begins at an Early Age

Open source software (OSS) is becoming a standard in the technology market, and much of today’s youth will find themselves using open source in their future educational and professional endeavors. But to do so, this younger generation will first need to develop the skills that will allow them to build, create and explore OSS technology effectively down the road. This calls for education in open source. Read more

Debian-Based OpenMediaVault 2.1 NAS Solution Adds WiFi and VLAN Support

Volker Theile, project leader of the Debian-based OpenMediaVault NAS (Network-attached Storage) distribution, was more than happy to inform us about the immediate availability for download of OpenMediaVault 2.1. Read more

Arch Linux 2015.07.01 Is Now Available for Download

Being July 1 and all that, that time has come for a new Arch Linux build to surface the Web. Arch Linux 2015.07.01 has been released earlier, and you can download it right now! Read more