Language Selection

English French German Italian Portuguese Spanish

LWN

Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 1 hour 46 min ago

GNU Hurd 0.6 released

Thursday 16th of April 2015 09:19:21 PM
It has been roughly a year and a half since the last release of the GNU Hurd operating system, so it may be of interest to some readers that GNU Hurd 0.6 has been released along with GNU Mach 1.5 (the microkernel that Hurd runs on) and GNU MIG 1.5 (the Mach Interface Generator, which generates code to handle remote procedure calls). New features include procfs and random translators; cleanups and stylistic fixes, some of which came from static analysis; message dispatching improvements; integer hashing performance improvements; a split of the init server into a startup server and an init program based on System V init; and more. "GNU Hurd runs on 32-bit x86 machines. A version running on 64-bit x86 (x86_64) machines is in progress. Volunteers interested in ports to other architectures are sought; please contact us (see below) if you'd like to help. To compile the Hurd, you need a toolchain configured to target i?86-gnu; you cannot use a toolchain targeting GNU/Linux. Also note that you cannot run the Hurd "in isolation": you'll need to add further components such as the GNU Mach microkernel and the GNU C Library (glibc), to turn it into a runnable system."

Boyer: Fedora 22 and Kernel 4.0

Thursday 16th of April 2015 08:13:34 PM
On his blog, Josh Boyer looks at the choice of the 4.0 kernel for Fedora 22. While the underpinnings of the live kernel patching feature have been merged, even when it is fully operational it is probably not something that Fedora (and perhaps other distributions) will use often (or at all). "In reality, we might not ever really leverage the live patching functionality in Fedora itself. It is understandable that people want to patch their kernel without rebooting, but the mechanism is mostly targeted at small bugfixes and security patches. You cannot, for example, live patch from version 4.0 to 4.1. Given that the Fedora kernel rebases both from stable kernel (e.g. 3.19.2 to 3.19.3) and major release kernels over the lifetime of a Fedora release, we don't have much opportunity to build the live patches."

Security updates for Thursday

Thursday 16th of April 2015 03:01:42 PM

Debian has updated gst-plugins-bad0.10 (code execution), inspircd (code execution from 2012), movabletype-opensource (code execution), and ppp (denial of service).

Debian-LTS has updated ruby1.9.1 (three vulnerabilities).

Mageia has updated java-1.7.0-openjdk (multiple vulnerabilities), mono (three SSL/TLS vulnerabilities), and python-dulwich (two code execution flaws).

openSUSE has updated flash-player (11.4: 45 vulnerabilities) and rubygem-rest-client (13.2, 13.1: plaintext password logging).

Oracle has updated java-1.6.0-openjdk (OL5: unspecified vulnerabilities) and java-1.7.0-openjdk (OL5: unspecified vulnerabilities).

Red Hat has updated chromium-browser (RHEL6: multiple vulnerabilities), java-1.6.0-openjdk (RHEL5,6&7: multiple vulnerabilities), java-1.7.0-openjdk (RHEL5; RHEL6&7: multiple vulnerabilities), and java-1.8.0-openjdk (RHEL6&7: multiple vulnerabilities).

Scientific Linux has updated java-1.6.0-openjdk (SL5,6&7: multiple vulnerabilities), java-1.7.0-openjdk (SL5; SL6&7: multiple vulnerabilities), and java-1.8.0-openjdk (SL6&7: multiple vulnerabilities).

SUSE has updated flash-player (SLE11SP3: 22 vulnerabilities).

[$] LWN.net Weekly Edition for April 16, 2015

Thursday 16th of April 2015 12:48:48 AM
The LWN.net Weekly Edition for April 16, 2015 is available.

[$] Plotting tools for networks, part I

Wednesday 15th of April 2015 09:50:12 PM

In the first two installments in this series on plotting tools (which covered gnuplot and matplotlib), we introduced tools for creating plots and graphs, and used the terms interchangeably to refer to the typical scientific plot relating one set of quantities to another. In this article we use the term "graph" in its mathematical, graph-theory context, meaning a set of nodes connected by edges. There is a strong family resemblance among graph-theory graphs, flowcharts, and network diagrams—so much so that some of the same tools can be coerced into creating all of them. We will now survey several mature free-software systems for building these types of visualizations. At least one of these tools will likely be useful if you are ever in need of an automated way to diagram source-code interdependencies, make an organizational chart, visualize a computer network, or organize a sports tournament. We will start with a graphical charting tool and a flexible graphing system that can easily be called by other programs.


Security advisories for Wednesday

Wednesday 15th of April 2015 04:42:27 PM

CentOS has updated java-1.6.0-openjdk (C7; C6; C5: multiple vulnerabilities), java-1.7.0-openjdk (C7; C6; C5: multiple vulnerabilities), and java-1.8.0-openjdk (C7; C6: multiple vulnerabilities).

Debian-LTS has updated libvncserver (multiple vulnerabilities) and libx11 (code execution).

Mageia has updated arj (multiple vulnerabilities), asterisk (SSL server spoofing), flash-player-plugin (multiple vulnerabilities), glusterfs (denial of service), librsync (file checksum collision), ntp (two vulnerabilities), qemu (denial of service), quassel (denial of service), shibboleth-sp (denial of service), socat (denial of service), tor (denial of service), and wesnoth (information leak).

Oracle has updated java-1.6.0-openjdk (OL6: multiple vulnerabilities), java-1.7.0-openjdk (OL6: multiple vulnerabilities), and java-1.8.0-openjdk (OL6: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL5,6 Supplementary: multiple vulnerabilities).

SUSE has updated Adobe Flash Player (SLEWE12, SLED12: multiple vulnerabilities).

Debian project leader election results

Wednesday 15th of April 2015 01:14:21 PM
This year's Debian project election leader election has concluded, with Neil McGovern winning by a conclusive margin.

[$] Report from the Python Language Summit

Tuesday 14th of April 2015 10:25:22 PM
The first half of our report from the Python Language Summit is now available. Subscribers can click below to access reports from five sessions held before lunch covering topics like the atomicity of Python operations, making Python 3 more attractive to developers, PyParallel, infrastructure for Python development, and Python 3 adoption. We will be adding more reports to this page as they become available.

OIN Expands the Linux System Definition

Tuesday 14th of April 2015 07:05:00 PM
Open Invention Network (OIN) has announced that it has updated its Linux System patent non-aggression coverage. "For this update, 115 new packages will be added to the Linux System, out of almost 800 proposed by various parties. Key additions are the reference implementations of the popular Go and Lua programming languages, Nginx, Openshift, and development tools like CMake and Maven. This update will represent an increase of approximately 5% of the total number of packages covered in the Linux System, a reflection of the incremental and disciplined nature of the update process."

KDE Ships Plasma 5.3 Beta

Tuesday 14th of April 2015 06:51:38 PM
A beta version of Plasma 5.3 has been released. This release features enhanced power management, better Bluetooth capabilities, improved Plasma widgets, a tech preview of Plasma Media Center, big steps towards Wayland support, and lots of bug fixes.

Tuesday's security updates

Tuesday 14th of April 2015 03:41:55 PM

Arch Linux has updated ruby (man-in-the-middle attack).

CentOS has updated openssl (C5: multiple vulnerabilities).

Debian-LTS has updated ia32-libs (multiple vulnerabilities).

Oracle has updated openssl (OL5: multiple vulnerabilities).

Red Hat has updated kernel (RHEL6.4: privilege escalation).

Scientific Linux has updated xorg-x11-server (SL7, SL6: information leak/denial of service).

Ubuntu has updated apport (14.10, 14.04: privilege escalation), libx11, libxrender (14.10, 14.04, 12.04: code execution), and ntp (14.10, 14.04, 12.04: multiple vulnerabilities).

The Document Liberation, one year after

Monday 13th of April 2015 07:35:38 PM
The Document Foundation's project Document Liberation looks at its progress during the past year. "During 2014, members of the project released a new framework library, called librevenge, which contains all the document interfaces and helper types, in order to simplify the dependency chain. In addition, they started a new library for importing Adobe PageMaker documents, libpagemaker, written as part of Google Summer of Code 2014 by Anurag Kanungo. Existing libraries have also been extended with the addition of more formats, like libwps with the addition of Microsoft Works Spreadsheet and Database by Laurent Alonso. He is now working on adding support for Lotus 1-2-3, which is one of the most famous legacy applications for personal computers. Laurent has also added support for more than twenty legacy Mac formats to libmwaw."

Stable kernel updates

Monday 13th of April 2015 06:05:32 PM
Greg KH has released stable kernels 3.19.4, 3.14.38, and 3.10.74. All of them contain the usual set of important fixes.

Security advisories for Monday

Monday 13th of April 2015 05:06:48 PM

Arch Linux has updated icecast (denial of service).

CentOS has updated xorg-x11-server (C6: information leak).

Debian has updated chrony (multiple vulnerabilities), das-watchdog (privilege escalation), libdbd-firebird-perl (buffer overflow), libtasn1-3 (denial of service), libx11 (code execution), ntp (two vulnerabilities), and wesnoth-1.10 (information leak).

Debian-LTS has updated chrony (multiple vulnerabilities), das-watchdog (privilege escalation), libtasn1-3 (denial of service), and ntp (two vulnerabilities).

Fedora has updated arj (F20: multiple vulnerabilities), ca-certificates (F21; F20: certificate update), ImageMagick (F21: multiple vulnerabilities), libxml2 (F20: denial of service), openldap (F21: denial of service), qemu (F21: multiple vulnerabilities), varnish (F21: heap buffer overflow), and xen (F21; F20: multiple vulnerabilities).

Gentoo has updated apache (multiple vulnerabilities), mysql (multiple unspecified vulnerabilities), sudo (information disclosure), and xen (multiple vulnerabilities).

Mandriva has updated batik (MBS1,2: information leak).

openSUSE has updated kernel (13.2; 13.1: multiple vulnerabilities) and tor (13.2, 13.1: denial of service).

Red Hat has updated openssl (RHEL5: multiple vulnerabilities).

Scientific Linux has updated openssl (SL5: multiple vulnerabilities).

SUSE has updated firefox (SLES12; SLED12: multiple vulnerabilities).

Hubička: Link time and inter-procedural optimization improvements in GCC 5

Monday 13th of April 2015 12:08:16 PM
Jan Hubička has posted a lengthy discussion of the optimization improvements found in the upcoming GCC 5.0 release. "Identical code folding is a new pass (contributed by Martin Liška, SUSE) looking for functions with the same code and variables with the same constructors. If some are found, one copy is removed and replaced one by an alias to another where possible. This is especially important for C++ code bases that tend to contain duplicated functions as a result of template instantiations."

The 4.0 kernel has been released

Monday 13th of April 2015 07:32:11 AM
Linus has released the 4.0 kernel right on schedule. "Feature-wise, 4.0 doesn't have all that much special. Much have been made of the new kernel patching infrastructure, but realistically, that not only wasn't the reason for the version number change, we've had much bigger changes in other versions. So this is very much a 'solid code progress' release." Beyond the (incomplete) live-patching mechanism, this release includes the removal of the remap_file_pages() system call, improved persistent memory support, the lazytime mount option, and the kernel address sanitizer.

Turon: Fearless Concurrency with Rust

Friday 10th of April 2015 05:54:38 PM
Aaron Turon has posted a lengthy introduction to concurrency in the Rust programming language. "Every data type knows whether it can safely be sent between or accessed by multiple threads, and Rust enforces this safe usage; there are no data races, even for lock-free data structures. Thread safety isn't just documentation; it's law."

Friday's security updates

Friday 10th of April 2015 03:07:06 PM

Arch Linux has updated mediawiki (multiple vulnerabilities).

CentOS has updated xorg-x11-server (C7: information leak/denial of service).

Debian has updated dpkg (integrity-verification bypass).

Fedora has updated arj (F21: multiple vulnerabilities), echoping (F20; F21: multiple vulnerabilities), and python-dulwich (F20; F21: code execution).

Mageia has updated batik (M4: information leak), chromium-browser-stable (M4: multiple vulnerabilities), jakarta-taglibs-standard (M4: code execution), less (M4: information leak), mediawiki (M4: multiple vulnerabilities), openldap (M4: denial of service), qt-creator (M4: key-verification failure), suricata (M4: denial of service), and xerces-c (M4: denial of service).

Mandriva has updated arj (BS1: multiple vulnerabilities), less (BS1,2: information leak), mediawiki (BS1: multiple vulnerabilities), and ntp (BS1,2: multiple vulnerabilities).

Oracle has updated xorg-x11-server (O6; O7: information leak/denial of service).

Red Hat has updated qemu-kvm-rhev (RHEL OSP: privilege escalation) and xorg-x11-server (RHEL6,7: information leak/denial of service).

Scientific Linux has updated krb5 (SL6: multiple vulnerabilities).

SUSE has updated libXfont (SLE12: multiple vulnerabilities).

Ubuntu has updated dpkg (integrity-verification bypass).

X.org election results

Friday 10th of April 2015 11:38:27 AM
As was discussed in this LWN article, the X.Org Foundation recently held an election to choose four board members and decide whether to change the organization's by-laws to enable it to become a member of Software in the Public Interest (SPI). The results are now available. The board members elected are Peter Hutterer, Martin Peres, Rob Clark, and Daniel Vetter. The measure to change the by-laws did not pass, though, despite receiving only two "no" votes, because the required two-thirds majority was not reached.

Linux Foundation to host Let's Encrypt

Thursday 9th of April 2015 11:44:10 PM

The Linux Foundation (LF) has announced that it will serve as host of the Let's Encrypt project, as well as the Internet Security Research Group (ISRG). Let's Encrypt is the free, automated SSL/TLS certificate authority that was announced in November 2014 by the Electronic Frontier Foundation (EFF) to provide TLS certificates for every domain on the web. ISRG is the non-profit organization created to spearhead efforts like Let's Encrypt (which, as of now, is ISRG's only public project). In the LF announcement, executive director Jim Zemlin notes that "by hosting this important encryption project in a neutral forum we can accelerate the work towards a free, automated and easy security certification process that benefits millions of people around the world."

More in Tux Machines

Leftovers: Gaming

Leftovers: KDE Software

  • Wayland & Other Tasks Being Worked On For KDE Plasma 5.4
    Now that KDE Plasma 5.3 was released this week, KDE developers are starting to plan out and work on the new material intended for KDE Plasma 5.4.
  • Interview with Wolthera
    My name is Wolthera, I am 25, studied Game Design and currently studying Humanities, because I want to become a better game designer, and I hope to make games in the future as a job. I also draw comics, though nothing has been published yet. [...] After I played a lot with MyPaint, I heard from people that Krita 2.4 was the shit. When I went to the website at the time (which is the one before the one before the current) it just looked alien and strange, and worse: there was no Windows version, so I couldn’t even try it out. So I spent a few more years having fun with MyPaint alone, but eventually I got tired of its brush engine and wanted to try something more rough. When I checked Krita again, it had two things: a new, considerably more coherent website (the one before this one) and a Windows build. Around that time it was still super unstable and it didn’t work with my tablet. But MyPaint also had tablet problems, so I had no qualms about dual booting to Linux and trying it out there.
  • GSoC with KDE
    So, my project is titled: Better Tooling for Baloo. Let me begin by explaining what Baloo is. According to its wiki page it is "Baloo is a metadata and search framework by KDE." What exactly does it mean? Baloo is responsible for providing full text search capabilities to KDE applications. It doesn't end there it also provides searching on basis of metadata of various types of files. To acomplish this it indexes file contents and metadata using various plugins ,called extractors, to handle different types of files. It then exposes the data it has indexed with the help of various API's. So thats a very high level view of how it works. Now, my project, as the title states will provide better tools for Baloo. These tools will mainly be:

Open Source Neutrino 32-bit Miniature Arduino Zero (video)

Arduino makers, developers and hobbyists that have been searching for a development board that is smaller than the Arduino Zero, are sure to be interested in the Neutrino that has been created by Rabid Prototypes. Read more Also: KADE miniConsole+ Open Source Retro Game Controller Connector (video)