Syndicate content
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Updated: 2 hours 5 min ago

OpenSSL speeds up development to avoid being “slow-moving and insular” (Ars Technica)

Thursday 3rd of July 2014 04:49:37 PM
Ars Technica reports on the OpenSSL project's new roadmap that describes a number of problems with the project and its code along with plans to address them. "The project has numerous problems, the roadmap says. These include a backlog of bug reports, incomplete and incorrect documentation, code complexity that causes maintenance problems, inconsistent coding style, a lack of code review, and having no clear release plan, platform strategy, or security strategy. The plan is to fix all these problems. For example, bug reports should receive 'an initial response within four working days.' That goal can be met now, the roadmap says, but others will take longer. Defining a clear coding standard for the project is expected to take about three months. 'Review[ing] and revis[ing] the public API with a view to reducing complexity' will take about a year."

Schaller: Wayland in Fedora update

Thursday 3rd of July 2014 03:13:08 PM
Christian Schaller has posted an update on Fedora's transition to the Wayland display manager. "So the summary is that while we expect to have a version of Wayland in Fedora Workstation 21 that will be able to run a fully functional desktop, there are some missing pieces we now know that will not make it. Which means that since we want to ship at least one Fedora release with a feature complete Wayland as an option before making it default, that means that Fedora Workstation 23 is the earliest Wayland can be the default."

Security updates for Thursday

Thursday 3rd of July 2014 02:22:02 PM

Debian has updated dbus (three denial of service flaws).

Fedora has updated libreoffice (F19: code execution), lzo (F20: denial of service/possible code execution), and seamonkey (F20; F19: multiple vulnerabilities).

openSUSE has updated gpg2 (13.1, 12.3: denial of service) and memcached (13.1, 12.3: multiple vulnerabilities, one from 2011).

Ubuntu has updated nspr (code execution).

[$] LWN.net Weekly Edition for July 3, 2014

Thursday 3rd of July 2014 12:35:22 AM
The LWN.net Weekly Edition for July 3, 2014 is available.

Where KDE is going - Part 2 (KDE.news)

Wednesday 2nd of July 2014 05:45:36 PM
Jos Poortvliet continues his coverage of the KDE community's present and future. This segment looks at KDE governance and the role of KDE e.V. and the Community Working Group. "In the last 8 years or so, KDE e.V. has been the major driver behind increasing the number of developer sprints and has created the Fiduciary Licensing Agreement which allows it to re-license KDE code when needed, while protecting developers’ interests. The Code of Conduct originated with KDE e.V., as did our Community Working Group which helps deal with communication issues in the community."

Wednesday's security advisory

Wednesday 2nd of July 2014 03:53:43 PM
Today's lone security advisory is from Red Hat for tomcat (RHEL7: multiple vulnerabilities).

[$] Control groups, part 1: On the history of process grouping

Tuesday 1st of July 2014 06:13:21 PM
LWN is proud to launch an extended series of articles on control groups by guest author Neil Brown. Neil starts off by saying: "As synthesizing a deep understanding is, I find, much more noble than synthesizing a personal agenda, and as having a discerning audience is an excellent motivation for thorough research, these articles are intended to help me and, hopefully, other readers to develop the deep understanding necessary to truly enjoy an informed debate on Linux control groups." The first installment looks at the distant history of process grouping; click below (subscribers only) for the full text.

Nelson: The new 501(c)(3) and the future of free software in the United States

Tuesday 1st of July 2014 05:44:52 PM
Jim Nelson looks at why the Yorba Foundation was denied 501(c)(3) tax-exempt status, and what that means for other free software projects. "Last year there was a bit of a dust-up—a scandal to some, a distraction to others, depending on their politics—when many right-wing nonprofit organizations in the United States began complaining they were being unfairly targeted by the IRS. Media inquiries determined IRS examiners were given “BOLOs” (Be On The Lookout) for certain keywords in 501(c) applications, including “Open Source Software”." (Thanks to Paul Wise)

Stable kernel updates

Tuesday 1st of July 2014 03:53:35 PM
Stable kernels 3.15.3, 3.14.10, 3.10.46, and 3.4.96 have been released. All contain important fixes throughout the tree.

Tuesday's security updates

Tuesday 1st of July 2014 03:43:42 PM

Fedora has updated gnupg2 (F19: denial of service) and kdelibs (F20: information disclosure).

Gentoo has updated openfire (multiple vulnerabilities, two from 2009) and openldap (multiple vulnerabilities, one from 2009).

openSUSE has updated freerdp (13.1, 12.3: two vulnerabilities), kernel (12.3: multiple vulnerabilities), libreoffice (13.1: unexpected VBA macro execution), samba (13.1; 12.3: multiple vulnerabilities), seamonkey (13.1, 12.3: multiple vulnerabilities), thunderbird (13.1, 12.3: multiple vulnerabilities), and xalan-j2 (13.1, 12.3: information disclosure/code execution).

Security advisories for Monday

Monday 30th of June 2014 05:30:36 PM

Debian has updated cacti (multiple vulnerabilities) and libemail-address-perl (denial of service).

Fedora has updated gnupg2 (F20: denial of service), kernel (F20: multiple vulnerabilities), php (F20: multiple vulnerabilities), python (F20: missing boundary check), and zabbix (F20; F19: local file inclusion).

Gentoo has updated icedtea-bin (multiple vulnerabilities, some from 2009), kdelibs (multiple vulnerabilities, some from 2011), and wireshark (multiple vulnerabilities).

Kernel prepatch 3.16-rc3

Monday 30th of June 2014 12:19:35 PM
Linus has released the third 3.16 prepatch. "We're back on a Sunday release schedule, and things are looking reasonably normal."

Day: In praise of Jim Hall

Friday 27th of June 2014 11:31:35 PM

At his blog, Allan Day points GNOME users and developers to some new usability research about GNOME 3.10 and 3.12 conducted by Jim Hall, a graduate student at the University of Minnesota. Day has started filing a number of bug reports based on Hall's findings, including problems with Nautilus bookmarking and confusion over the purpose of the GNOME Software application. The full data set is not yet available online, but Hall is scheduled to present it at GUADEC in July.

Friday's security updates

Friday 27th of June 2014 03:50:55 PM

Debian has updated gnupg2 (denial of service).

Fedora has updated gnupg (F20: denial of service), python-simplejson (F20: information disclosure), sos (F19; F20; password disclosure, and tor (F19; F20: information disclosure).

Gentoo has updated asterisk (multiple vulnerabilities), django (multiple vulnerabilities), konqueror (multiple vulnerabilities), libav (multiple vulnerabilities), polkit, Spice-Gtk, systemd, HPLIP, libvirt (privilege escalation), spice-gtk (privilege escalation), and sudo (privilege escalation).

Mageia has updated ctdb (M3, M4: insecure temporary files), gnupg, gnupg2 (M3, M4: denial of service), iodine (M3, M4: authentication bypass), and phpmyadmin (M3, M4: cross-site scripting).

Red Hat has updated kernel (RHEL 5.6; RHEL 6.2: multiple vulnerabilities).

Ubuntu has updated gnupg, gnupg2 (denial of service), kernel (12.04; 13.10: multiple vulnerabilities), linux-lts-quantal (multiple vulnerabilities), linux-lts-saucy (multiple vulnerabilities), linux-lts-trusty (multiple vulnerabilities), linux-ti-omap4 (12.04: multiple vulnerabilities), and samba (multiple vulnerabilities).