No Mir by default in Ubuntu 13.10
[Distributions] Posted Oct 2, 2013 6:21 UTC (Wed) by corbet
Developers at Canonical have concluded that the Mir desktop server (or,
more specifically, the XMir layer) will not be ready in time to be shipped
as the default configuration in the 13.10 release — though they do still
plan to go with Mir for Ubuntu Touch. "More specifically, the
multi-monitor support in XMir is working, but not to the extent we'd like
to see it for all of our users. The core of Mir is working reliable, but
with XMir being a key component for our 13.10 goals, we didn't want to
compromise overall Ubuntu quality by shipping it."
Full Story (comments: 51)
Rempt: Ten years of working on Krita
[Development] Posted Oct 1, 2013 23:44 UTC (Tue) by jake
On his blog, Boudewijn Rempt has an interesting walk down memory lane about the history of the Krita digital painting program. It started its life in 1998 as a Qt wrapper around GIMP, called "kimp", though the first real Krita code came from a KOffice application called KImage, which changed to KImageShop, Krayon, and, finally, in 2002, Krita (Swedish for crayon). His account has controversies, flame wars, development setbacks, and more, resulting in the high-quality application that we have today.
"I didn't know C++ back then, but neither was I a novice programmer. I'd been earning the daily bread for me and my family for about ten years, first as an Oracle PL/SQL developer, then Visual Basic, then Java. I had written and gotten published a book on Python and Qt, so I knew Qt as well. I had no experience with graphics, though...
In October 2003 it was not possible to paint with Krita: all tools except for the layer move tool had been disabled. The paint tool was the first thing I worked on, and I was very proud when I had a tool that could place squares on the canvas -- and the size of the squares was sensitive to the tablet pressure!"
Comments (8 posted)
Stable kernel updates
[Kernel] Posted Oct 1, 2013 21:26 UTC (Tue) by ris
Greg KH has released stable kernels 3.11.3,
3.10.14, 3.4.64, and 3.0.98. All contain important fixes.
Comments (none posted)
[$] NUMA scheduling progress
[Kernel] Posted Oct 1, 2013 17:02 UTC (Tue) by corbet
NUMA balancing was a topic of fierce debate through much of 2012; that
discussion culminated with the merging of Mel Gorman's NUMA balancing
infrastructure patch set into the 3.8 kernel. Those patches provided the
basic structure upon which a NUMA balancing solution could be built, but
did not attempt to solve the problem in a comprehensive way. Since then,
one might be
forgiven for thinking that the developers involved have lost interest; not
much NUMA-related code has found its way into the mainline. But, as can be
seen in Mel's basic scheduler support for NUMA
balancing patch set, which weighs in at 63 individual changesets, quite
a bit of work has been happening in this area.
Full Story (comments: 13)
Tuesday's security updates
[Security] Posted Oct 1, 2013 16:50 UTC (Tue) by ris
Fedora has updated kernel (F19:
off by one error), libvirt (F18: multiple vulnerabilities), and xpdf (F18; F19: code execution).
openSUSE has updated glibc (12.3:
multiple vulnerabilities) and icedtea-web (12.x; 11.4: code execution).
Red Hat has updated ccid (RHEL5:
code execution), kernel (RHEL5: denial of
service), php53 (RHEL5: multiple
vulnerabilities), samba3x (RHEL5: multiple
vulnerabilities), sssd (RHEL5: file
modification), sudo (RHEL5: privilege
escalation), and xinetd (RHEL5: service disclosure flaw).
Ubuntu has updated EC2 kernel
(10.04 LTS: multiple vulnerabilities), hplip (12.10; 12.04 LTS; 10.04 LTS:
multiple vulnerabilities), kernel
(10.04 LTS: multiple vulnerabilities), libkdcraw (12.04 LTS: denial of service), python2.6 (10.04 LTS: man in the middle
attack), python2.7 (13.04; 12.10;
12.04 LTS: multiple vulnerabilities), python3.2 (12.10; 12.04 LTS: multiple
vulnerabilities), txt2man (13.04; 12.10;
12.04 LTS: file overwrite), and vino
(13.04; 12.10; 12.04 LTS: denial of service).
Comments (none posted)
FreeBSD 9.2 released
[Distributions] Posted Sep 30, 2013 22:47 UTC (Mon) by ris
The FreeBSD Release Engineering Team has announced the
availability of FreeBSD 9.2. This release features some ZFS filesystem
enhancements along with various updated packages. The release notes
contain the details.
Comments (1 posted)
NetBSD 6.1.2 and NetBSD 6.0.3 released
[Distributions] Posted Sep 30, 2013 18:54 UTC (Mon) by ris
The NetBSD Project has announced
NetBSD 6.1.2 and NetBSD 6.0.3. Both releases contain fixes deemed important
for security or stability reasons. More information can be found in the release
notes.
Comments (1 posted)
Security advisories for Monday
[Security] Posted Sep 30, 2013 16:22 UTC (Mon) by ris
Debian has updated linux-2.6 (multiple vulnerabilities) and proftpd-dfsg (denial of service).
Fedora has updated chicken (F19:
code execution), filezilla (F18: multiple
vulnerabilities), firefox (F18: multiple
vulnerabilities), glibc (F19: multiple
vulnerabilities), livecd-tools (F18:
improper handling of passwords), python-djblets (F19: multiple
vulnerabilities), ReviewBoard (F19:
multiple vulnerabilities), seamonkey (F19:
multiple vulnerabilities), wireshark (F19:
multiple vulnerabilities), xulrunner (F18:
multiple vulnerabilities), and zabbix (F19:
man-in-the-middle attacks).
Gentoo has updated firefox
(multiple vulnerabilities) and xen
(multiple vulnerabilities).
Mandriva has updated davfs2 (privilege escalation).
openSUSE has updated Mozilla
(11.4: multiple vulnerabilities).
Oracle has updated kernel: OL5: multiple vulnerabilities).
Slackware has updated seamonkey (multiple vulnerabilities).
SUSE has updated firefox
(SLE11 SP3: multiple vulnerabilities).
Comments (none posted)
Kernel prepatch 3.12-rc3
[Kernel] Posted Sep 30, 2013 5:27 UTC (Mon) by corbet
The 3.12-rc3 prepatch is out. Linus says:
"On the whole, nothing really appears very scary. Go forth and
test."
Comments (none posted)
New GNU Hurd, Mach, and MIG releases
[Distributions] Posted Sep 28, 2013 10:56 UTC (Sat) by corbet
The GNU project is celebrating its 30th anniversary with the releases of GNU Mach 1.4 ("This new release bundles
bug fixes and enhancements done since the release of version 1.3, eleven
years ago; really too many (both years and improvements) to list them
individually"), GNU MIG 1.4 (MIG
being the Mach interface generator), and version 0.5 of the GNU Hurd kernel
("This new release bundles bug fixes and enhancements done since the
release of version 0.2, 16 years ago").
The Hurd is still 32-bit on x86 only, but a 64-bit port is said to be in
the works.
Comments (22 posted)
Friday's security updates
[Security] Posted Sep 27, 2013 15:36 UTC (Fri) by n8willis
CentOS has updated kernel
(multiple vulnerabilities).
Debian has updated davfs2
(privilege escalation).
Fedora has updated nas (F18, F19:
multiple vulnerabilities), spice-gtk
(F19: privilege escalation), and wordpress (F18: multiple vulnerabilities).
Gentoo has updated dropbear
(multiple vulnerabilities), klibc
(code execution), and squid (multiple vulnerabilities).
Mandriva has updated polkit
(privilege escalation).
openSUSE has updated gpg2
(information disclosure), firefox
(multiple vulnerabilities), python-django (denial of service), seamonkey (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and xulrunner17 (multiple vulnerabilities).
Red Hat has updated kernel (multiple vulnerabilities).
Scientific Linux has updated kernel (SL5; multiple vulnerabilities).
Ubuntu has updated kernel (12.04, 12.10, 13.04: multiple vulnerabilities), linux-lts-quantal (multiple
vulnerabilities), linux-lts-raring
(multiple vulnerabilities), and linux-ti-omap4 (12.04, 12.10, 13.04: multiple vulnerabilities).
Comments (none posted)
30 years of GNU
[Announcements] Posted Sep 27, 2013 12:09 UTC (Fri) by corbet
Richard Stallman launched the GNU
project on September 27, 1983 — thirty years ago. "GNU will
be able to run Unix programs, but will not be identical to Unix. We will
make all improvements that are convenient, based on our experience with
other operating systems. In particular, we plan to have longer filenames,
file version numbers, a crashproof file system, filename completion
perhaps, terminal-independent display support, and eventually a Lisp-based
window system through which several Lisp programs and ordinary Unix
programs can share a screen. Both C and Lisp will be available as system
programming languages. We will have network software based on MIT's
chaosnet protocol, far superior to UUCP. We may also have something
compatible with UUCP." Some of the details may not have come out as
envisioned, but the big idea has held up well.
Comments (123 posted)
Rust 0.8 released
[Development] Posted Sep 27, 2013 7:55 UTC (Fri) by corbet
Version 0.8 of the Rust language has been announced.
"This was another very active release cycle that continued the trend
toward refining the standard library while making minor adjustments to the
language. In this release the `for` keyword has been changed to work with
`Iterator` types, the runtime and task scheduler was rewritten, a new
experimental I/O subsystem was added, and we added a new family of string
formatting macros, `format!`, that will eventually replace `fmt!`."
Comments (9 posted)
Stable kernel updates
[Kernel] Posted Sep 27, 2013 7:50 UTC (Fri) by corbet
The 3.11.2,
3.10.13,
3.4.63, and
3.0.97 stable kernel updates are all
available; each contains the usual set of important fixes.
Comments (none posted)
Pasting images with automatic attribution
[Development] Posted Sep 26, 2013 21:06 UTC (Thu) by n8willis
Peter Liljenberg has developed an add-on for Firefox that copies linked metadata to the clipboard in addition to the "copied" object itself. The initial demonstration of this technique required a specially-crafted page with RDFs metadata linked in, and thus may not seem immediately useful. However, Liljenberg has now implemented a more straightforward use case: copying and pasting an image with attribution data automatically preserved. "The friction for using a shared image is reduced when you don’t have to remember to also write an attribution. The attribution can embed the metadata, so that if someone copies the image from your page, they can also get an attribution created automatically when they paste it into their page."
Comments (5 posted)
Thursday's security updates
[Security] Posted Sep 26, 2013 14:05 UTC (Thu) by n8willis
Debian has updated libvirt
(denial of service).
Fedora has updated lightdm
(F18; information disclosure), rtkit
(F19; privilege escalation), and wordpress (F19; multiple vulnerabilities).
Gentoo has updated libvirt
(multiple vulnerabilities), monkeyd
(multiple vulnerabilities), and tpp
(code execution).
Mandriva has updated kernel (multiple vulnerabilities).
Red Hat has updated openstack-keystone (incorrect token
revocation).
Comments (none posted)
VLC media player 2.1.0 released
[Development] Posted Sep 26, 2013 7:36 UTC (Thu) by corbet
Version 2.1.0 ("Rincewind") of the VLC media player is out. "With a
new audio core, hardware decoding and encoding, port to mobile platforms,
preparation for Ultra-HD video and a special care to support more formats,
it is a major upgrade for VLC. Rincewind fixes around a thousand bugs, in
more than 7000 commits from 140 volunteers."
Full Story (comments: 9)
LWN.net Weekly Edition for September 26, 2013
Posted Sep 26, 2013 0:51 UTC (Thu)
The LWN.net Weekly Edition for September 26, 2013 is available.
Inside this week's LWN.net Weekly Edition
- Front: Free drivers for ARM graphics; A gathering of kernel developers; A SPDX case study
- Security: Encouraging a wider view; New vulnerabilities in chromium, kernel, policykit, tiff, ...
- Kernel: Split PMD locks; A perf ABI fix.
- Distributions: Fedora 20 takes shape; openSUSE, SteamOS, Tails.
- Development: OpenGL debugging; Lightning 2.6; GStreamer 1.2; GNOME 3.10; ...
- Announcements: Studio Storti joins TDF, events.
Read more
GNOME 3.10 Released
[Development] Posted Sep 25, 2013 19:23 UTC (Wed) by ris
The GNOME Project has announced the release of GNOME 3.10. Many components
in this release have initial support for Wayland. See the release notes
for details.
Full Story (comments: 104)
Security advisories for Wednesday
[Security] Posted Sep 25, 2013 16:50 UTC (Wed) by ris
CentOS has updated rtkit (C6: authorization bypass).
Debian has updated pyopenssl (certificate spoofing).
Fedora has updated python-django
(F19: multiple vulnerabilities) and python-django14 (F19: multiple vulnerabilities).
Gentoo has updated chromium
(multiple vulnerabilities), libzrtpcpp
(multiple vulnerabilities), moinmoin
(multiple vulnerabilities), and proftpd
(multiple vulnerabilities).
Mageia has updated libtiff
(multiple vulnerabilities), perl-Crypt-DSA
(improperly secure randomness), and polarssl (multiple vulnerabilities).
Mandriva has updated glpi
(multiple vulnerabilities) and perl-Crypt-DSA (improperly secure randomness).
openSUSE has updated subversion
(11.4: privilege escalation), tiff (11.4:
multiple code execution flaws), and wireshark (11.4: multiple vulnerabilities).
Oracle has updated rtkit (OL6: authorization bypass).
Red Hat has updated puppet
(RHOS3: multiple vulnerabilities), rtkit
(RHEL6: authorization bypass), and ruby193-puppet (RHOS3: multiple vulnerabilities).
Scientific Linux has updated rtkit (SL6: authorization bypass).
Ubuntu has updated python-django
(multiple vulnerabilities) and samba (denial of service).
Comments (none posted)