Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 4 hours 14 min ago

[$] Scalar typing in the PHP world

Friday 13th of February 2015 11:07:10 PM
When one thinks about the PHP language, terms like "strong typing" and "strict checking" do not normally come to mind. But, as the project works toward its next major release (to be called PHP 7), it has become embroiled in a fierce debate over the proposed addition of some simple typing features to the language. To some, PHP is growing up into a safer, better-defined language, while others see the changes as possibly destroying the character of a historically freewheeling language.

Click below (subscribers only) for the full article.

Help Linus decide what to call the next kernel

Friday 13th of February 2015 06:08:26 PM
Do you have an opinion on whether the next kernel release should be called 3.20 or 4.0? Linus is currently running a poll on Google+ to get a sense for what people would prefer. "So - continue with v3.20, because bigger numbers are sexy, or just move to v4.0 and reset the numbers to something smaller?" As of this writing, the 4.0 option appears to be winning.

Friday's security updates

Friday 13th of February 2015 03:29:58 PM

openSUSE has updated clamav (13.1, 13.2: multiple vulnerabilities), roundcubemail (13.1, 13.2: cross-site scripting), and tcpdump (13.1, 13.2: multiple vulnerabilities).

SUSE has updated ntp (SLES/SLED12: multiple vulnerabilities).

Ubuntu has updated clamav (10.04: code execution).

Linux for Astronomers (Linux Journal)

Thursday 12th of February 2015 10:15:50 PM
Over at Linux Journal, Joey Bernard looks at Distro Astro, which is a Linux distribution for astronomy. It collects programs of interest to those running telescopes and planetariums, including various image collection and processing applications. "After aiming your telescope, you need to collect some images or do some astrophotography. While you can do some of this with software like KStars, you have software specifically designed to do image capture. Some, like wxAstroCapture, are specifically written for use in astronomy. With it, you can set up automatic guiding and batch image collection. You then can go have a nice hot cup of coffee while your telescope collects your data. To help you keep track of all of these observations, you can use the Observation Manager, a logging program to maintain your records."

Security advisories for Thursday

Thursday 12th of February 2015 03:42:42 PM

Debian has updated dbus (denial of service) and xorg-server (information leak/denial of service).

Debian-LTS has updated postgresql-8.4 (multiple vulnerabilities).

Mageia has updated chromium-browser-stable (multiple vulnerabilities), e2fsprogs (code execution), hivex (privilege escalation), ntp (two vulnerabilities), owasp-esapi-java (crypto botch from 2013), perl-Gtk2 (code execution), and xdg-utils (code execution).

Mandriva has updated e2fsprogs (code execution), elfutils (privilege escalation), ntp (two vulnerabilities), perl-Gtk2 (code execution), and postgresql (multiple vulnerabilities).

openSUSE has updated jython (13.2, 13.1: code execution from 2013).

Oracle has updated kernel (OL5: two vulnerabilities) and kernel (OL5: unspecified vulnerabilities).

Scientific Linux has updated subversion (SL7: three vulnerabilities).

SUSE has updated krb5 (SLE11SP3: multiple vulnerabilities) and ntp (SLE11SP3: multiple vulnerabilities).

Ubuntu has updated postgresql-8.4, postgresql-9.1, postgresql-9.3, postgresql-9.4 (multiple vulnerabilities).

LWN.net Weekly Edition for February 12, 2015

Thursday 12th of February 2015 02:34:02 AM
The LWN.net Weekly Edition for February 12, 2015 is available.

Matrix: a new specification for federated realtime chat

Wednesday 11th of February 2015 09:38:13 PM
The free-software community has frequently advocated the development of new decentralized, federated network services—for example, promoting XMPP as an alternative to AOL Instant Messenger, StatusNet as an alternative to Twitter, or Diaspora as an alternative to Facebook. The recently launched Matrix project takes on a different service: IRC-like multi-user chat.

Stable kernel updates

Wednesday 11th of February 2015 05:29:03 PM
Greg KH has released another batch of stable kernels: 3.18.7, 3.14.33, and 3.10.69. All contain the usual set of important updates.

Security advisories for Wednesday

Wednesday 11th of February 2015 05:22:40 PM

CentOS has updated kernel (C5: denial of service) and subversion (C7; C6: multiple vulnerabilities).

Debian has updated ruby1.8 (denial of service).

openSUSE has updated krb5 (13.2: multiple vulnerabilities) and xen (13.2: multiple vulnerabilities).

Oracle has updated subversion (OL7; OL6: multiple vulnerabilities).

Red Hat has updated chromium-browser (RHEL6 Supplementary: multiple vulnerabilities), kernel (RHEL5: denial of service), and subversion (RHEL7; RHEL6: multiple vulnerabilities).

Scientific Linux has updated kernel (SL5: denial of service), shim (SL7: multiple vulnerabilities), and subversion (SL6: two vulnerabilities).

Ubuntu has updated krb5 (multiple vulnerabilities) and oxide-qt (14.10, 14.04: multiple vulnerabilities).

GCC 5 in Fedora (Red Hat developer blog)

Tuesday 10th of February 2015 07:02:42 PM
Last week the Red Hat developer blog looked at some changes coming with GCC5. This week's article covers how those changes will be handled in Fedora. "One consequence of this decision will be that Fedora 22 and Fedora 23 will both have GCC 5, but they’ll be fundamentally different. The C++ library (libstdc++.so) will be compatible between F22 and F23 (in fact, it will be almost exactly the same, modulo some extra patches from upstream that might be pulled into the later F23 build). The difference will be all the other DSOs that link to it. That’s important for Fedora developers to note. Specifically, FESCo’s decision means the C++ standard library headers installed by the libstdc++-devel RPM will have a different default value for the _GLIBCXX_USE_CXX11_ABI macro (0 in F22 and 1 in F23) but the libstdc++.so library will be largely the same in F22 and F23, because that library contains all the symbol definitions for both the old ABI and the new ABI, so that the same library works for both cases."

Tuesday's security updates

Tuesday 10th of February 2015 05:08:00 PM

Debian has updated ruby1.9.1 (multiple vulnerabilities) and unrtf (code execution).

Mageia has updated clamav (heap overflow), moodle (information disclosure), and polarssl (code execution).

Mandriva has updated cabextract (denial of service), clamav (heap overflow), glibc (code execution), otrs (privilege escalation), and zarafa (denial of service).

openSUSE has updated curl (13.2, 13.1: two vulnerabilities), grep (13.2: heap buffer overrun), llvm (13.1: insecure temporary files), openvas-manager (13.2: sql injection), and rsync (13.2, 13.1: code execution).

Ubuntu has updated binutils (multiple vulnerabilities) and ntp (two vulnerabilities).

ownCloud Server 8 released

Monday 9th of February 2015 08:03:45 PM
Version 8 of the ownCloud server is available. "This new release brings improved sharing and collaboration between clouds and introduces faster ways of getting at your files with favorites and improved search." See the feature page for details.

Security advisories for Monday

Monday 9th of February 2015 06:38:42 PM

Debian has updated liblivemedia (code execution), libxml2 (regression/incomplete fix in previous update), and ntp (incomplete fix in previous update).

Debian-LTS has updated krb5 (multiple vulnerabilities), libxml2 (regression/incomplete fix in previous update), ntp (multiple vulnerabilities), sympa (information disclosure), unzip (two vulnerabilities), and wpasupplicant (command execution).

Fedora has updated e2fsprogs (F21: code execution), jasper (F21; F20: two vulnerabilities), kernel (F20: two vulnerabilities), mantis (F21; F20: multiple vulnerabilities), maradns (F20: security hardening), postgresql (F21: multiple vulnerabilities), and websvn (F21; F20: information disclosure).

Gentoo has updated adobe-flash (multiple vulnerabilities), antiword (denial of service), bind (denial of service), libav (multiple vulnerabilities), libevent (code execution), mediawiki (multiple vulnerabilities), nginx (information disclosure), and tcpdump (multiple vulnerabilities).

Mageia has updated flash-player-plugin (multiple vulnerabilities).

openSUSE has updated flash-player (13.2, 13.1; 11.4: multiple vulnerabilities), privoxy (13.2, 13.1: multiple vulnerabilities), unzip (13.2, 13.1: code execution), virtualbox (13.2, 13.1: multiple vulnerabilities), and vorbis-tools (13.2, 13.1: denial of service).

Red Hat has updated flash-plugin (RHEL5,6: multiple vulnerabilities).

SUSE has updated flash-player (SLE12: multiple vulnerabilities) and flash-player, flash-player-gnome, flash-player-kde4 (SLE11 SP3: multiple vulnerabilities).

The 3.19 kernel has been released

Monday 9th of February 2015 01:13:35 PM
Linus has released the 3.19 kernel, saying "while I was tempted a couple of times to do an rc8, there really wasn't any reason for it." Significant changes in 3.19 include support for the Altera Nios II processor architecture, device tree overlay support, the ability to attach eBPF programs to sockets, disk scrubbing and replacement for RAID 5 and 6 in the Btrfs filesystem, the execveat() system call, and much more.

GNU C library version 2.21 released

Saturday 7th of February 2015 03:35:59 PM
Version 2.21 of the GNU C library is available. This release includes a lot of bug fixes, a wide range of architecture-specific performance and functionality improvements, and a new semaphore implementation. "Previous custom assembly implementations of semaphore were difficult to reason about or ensure that they were safe. The new version of semaphore supports machines with 64-bit or 32-bit atomic operations."

Linux Plumbers Conference call for proposals

Friday 6th of February 2015 09:58:55 PM
The calls for proposals (CFPs) for Linux Plumbers Conference microconferences and refereed track presentations are now up. The conference will be held August 19-21 in Seattle, WA, co-located (and overlapping one day) with LinuxCon North America.

The first Tizen smartphone isn’t an “Android killer”—it’s a bad Android clone (ars technica)

Friday 6th of February 2015 08:44:11 PM
Here's an extensive review of Samsung's first Tizen-based phone on ars technica. They are not overly impressed. "New OSes always have problems, usually with app selection and hardware availability, but they're supposed to make up for their ecosystem problems by bringing something new to the table. Windows Phone had a new interface style. Blackberry 10 devices have a small but vocal built-in fanbase, well-made hardware with physical keyboards, and lots of enterprise experience. But Tizen doesn't have any stand-out aspect. It's all the negatives of a new OS without any of the positives."

A new batch of stable kernels

Friday 6th of February 2015 07:07:20 PM

Greg Kroah-Hartman has released stable kernels 3.10.68, 3.14.32, and 3.18.6, each with important fixes and updates throughout the tree.

Friday's security updates

Friday 6th of February 2015 03:59:26 PM

CentOS has updated mariadb (C7: multiple vulnerabilities).

Debian has updated ntp (multiple vulnerabilities) and postgresql-9.1 (multiple vulnerabilities).

Fedora has updated kernel (F21: multiple vulnerabilities) and php (F20; F21: multiple vulnerabilities).

Gentoo has updated mpg123 (code execution).

Mageia has updated cabextract (M4: denial of service), hexchat (M4: SSL spoofing), vlc (M4: multiple vulnerabilities), vorbis-tools (M4: denial of service), and zarafa (M4: denial of service).

Mandriva has updated aircrack-ng (BS1: multiple vulnerabilities), binutils (BS1: multiple vulnerabilities), bugzilla (BS1: command injection), busybox (BS1: arbitrary module loading), jasper (BS1: multiple vulnerabilities), java-1.7.0-openjdk (BS1: multiple vulnerabilities), libvirt (BS1: information leak), php (BS1: multiple vulnerabilities), python-django (BS1: multiple vulnerabilities), and vorbis-tools (BS1: denial of service).

openSUSE has updated libvirt (13.1, 13.2: access control bypass) and xen (13.1: multiple vulnerabilities).

Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.6.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm (RHEL5: multiple vulnerabilities), and java-1.7.1-ibm (RHEL6,7: multiple vulnerabilities).

The end of CrunchBang Linux

Friday 6th of February 2015 02:36:59 PM
The developer of the CrunchBang Linux distribution has announced that the project has come to an end. "That said, when progress happens, some things get left behind, and for me, CrunchBang is something that I need to leave behind. I’m leaving it behind because I honestly believe that it no longer holds any value, and whilst I could hold on to it for sentimental reasons, I don’t believe that would be in the best interest of its users, who would benefit from using vanilla Debian."

More in Tux Machines

SteamOS A Linux Distribution For Gaming


Picture

SteamOS is a Debian Linux kernel-based operating system in development by Valve Corporation designed to be the primary operating system for the Steam Machine game consoles. It was initially released on December 13, 2013, alongside the start of end-user beta testing of Steam Machines.
 

Read At LinuxAndUbuntu

KDE Applications 14.12.3 Officially Released

KDE Applications 14.12 has been released by its makers, and it’s a regular maintenance update. It comes with a ton of bug fixes and will be soon available in various repositories. Read more

Understanding The Linux Kernel's BPF In-Kernel Virtual Machine

BPF continues marching forward as a universal, in-kernel virtual machine for the Linux kernel. The Berkeley Packet Filter was originally designed for network packet filtering but has since been extended as eBPF to support other non-network subsystems via the bpf syscall. Here's some more details on this in-kernel virtual machine. Alexei Starovoitov presented at last month's Linux Foundation Collaboration Summit in Santa Rosa about BPF as an in-kernel virtual machine. The slides have been published for those wishing to learn more about its state and capabilities. Read more

Calligra 2.9.0 is Out

Packages for the release of KDE's document suite Calligra 2.9 are available for Kubuntu 14.10. You can get it from the Kubuntu Backports PPA. They are also in our development version Vivid. Read more