Welcome to LWN.net

• Previous 20 items

[Distributions] Posted Oct 2, 2013 6:21 UTC (Wed) by corbet

Developers at Canonical have concluded that the Mir desktop server (or, more specifically, the XMir layer) will not be ready in time to be shipped as the default configuration in the 13.10 release — though they do still plan to go with Mir for Ubuntu Touch. "More specifically, the multi-monitor support in XMir is working, but not to the extent we'd like to see it for all of our users. The core of Mir is working reliable, but with XMir being a key component for our 13.10 goals, we didn't want to compromise overall Ubuntu quality by shipping it."

Full Story (comments: 51)

[Development] Posted Oct 1, 2013 23:44 UTC (Tue) by jake

On his blog, Boudewijn Rempt has an interesting walk down memory lane about the history of the Krita digital painting program. It started its life in 1998 as a Qt wrapper around GIMP, called "kimp", though the first real Krita code came from a KOffice application called KImage, which changed to KImageShop, Krayon, and, finally, in 2002, Krita (Swedish for crayon). His account has controversies, flame wars, development setbacks, and more, resulting in the high-quality application that we have today. "I didn't know C++ back then, but neither was I a novice programmer. I'd been earning the daily bread for me and my family for about ten years, first as an Oracle PL/SQL developer, then Visual Basic, then Java. I had written and gotten published a book on Python and Qt, so I knew Qt as well. I had no experience with graphics, though... In October 2003 it was not possible to paint with Krita: all tools except for the layer move tool had been disabled. The paint tool was the first thing I worked on, and I was very proud when I had a tool that could place squares on the canvas -- and the size of the squares was sensitive to the tablet pressure!"

Comments (8 posted)

[Kernel] Posted Oct 1, 2013 21:26 UTC (Tue) by ris

Greg KH has released stable kernels 3.11.3, 3.10.14, 3.4.64, and 3.0.98. All contain important fixes.

Comments (none posted)

[Kernel] Posted Oct 1, 2013 17:02 UTC (Tue) by corbet

NUMA balancing was a topic of fierce debate through much of 2012; that discussion culminated with the merging of Mel Gorman's NUMA balancing infrastructure patch set into the 3.8 kernel. Those patches provided the basic structure upon which a NUMA balancing solution could be built, but did not attempt to solve the problem in a comprehensive way. Since then, one might be forgiven for thinking that the developers involved have lost interest; not much NUMA-related code has found its way into the mainline. But, as can be seen in Mel's basic scheduler support for NUMA balancing patch set, which weighs in at 63 individual changesets, quite a bit of work has been happening in this area.

Full Story (comments: 13)

[Security] Posted Oct 1, 2013 16:50 UTC (Tue) by ris

Fedora has updated kernel (F19: off by one error), libvirt (F18: multiple vulnerabilities), and xpdf (F18; F19: code execution).

openSUSE has updated glibc (12.3: multiple vulnerabilities) and icedtea-web (12.x; 11.4: code execution).

Red Hat has updated ccid (RHEL5: code execution), kernel (RHEL5: denial of service), php53 (RHEL5: multiple vulnerabilities), samba3x (RHEL5: multiple vulnerabilities), sssd (RHEL5: file modification), sudo (RHEL5: privilege escalation), and xinetd (RHEL5: service disclosure flaw).

Ubuntu has updated EC2 kernel (10.04 LTS: multiple vulnerabilities), hplip (12.10; 12.04 LTS; 10.04 LTS: multiple vulnerabilities), kernel (10.04 LTS: multiple vulnerabilities), libkdcraw (12.04 LTS: denial of service), python2.6 (10.04 LTS: man in the middle attack), python2.7 (13.04; 12.10; 12.04 LTS: multiple vulnerabilities), python3.2 (12.10; 12.04 LTS: multiple vulnerabilities), txt2man (13.04; 12.10; 12.04 LTS: file overwrite), and vino (13.04; 12.10; 12.04 LTS: denial of service).

Comments (none posted)

[Distributions] Posted Sep 30, 2013 22:47 UTC (Mon) by ris

The FreeBSD Release Engineering Team has announced the availability of FreeBSD 9.2. This release features some ZFS filesystem enhancements along with various updated packages. The release notes contain the details.

Comments (1 posted)

[Distributions] Posted Sep 30, 2013 18:54 UTC (Mon) by ris

The NetBSD Project has announced NetBSD 6.1.2 and NetBSD 6.0.3. Both releases contain fixes deemed important for security or stability reasons. More information can be found in the release notes.

Comments (1 posted)

[Security] Posted Sep 30, 2013 16:22 UTC (Mon) by ris

Debian has updated linux-2.6 (multiple vulnerabilities) and proftpd-dfsg (denial of service).

Fedora has updated chicken (F19: code execution), filezilla (F18: multiple vulnerabilities), firefox (F18: multiple vulnerabilities), glibc (F19: multiple vulnerabilities), livecd-tools (F18: improper handling of passwords), python-djblets (F19: multiple vulnerabilities), ReviewBoard (F19: multiple vulnerabilities), seamonkey (F19: multiple vulnerabilities), wireshark (F19: multiple vulnerabilities), xulrunner (F18: multiple vulnerabilities), and zabbix (F19: man-in-the-middle attacks).

Gentoo has updated firefox (multiple vulnerabilities) and xen (multiple vulnerabilities).

Mandriva has updated davfs2 (privilege escalation).

openSUSE has updated Mozilla (11.4: multiple vulnerabilities).

Oracle has updated kernel: OL5: multiple vulnerabilities).

Slackware has updated seamonkey (multiple vulnerabilities).

SUSE has updated firefox (SLE11 SP3: multiple vulnerabilities).

Comments (none posted)

[Kernel] Posted Sep 30, 2013 5:27 UTC (Mon) by corbet

The 3.12-rc3 prepatch is out. Linus says: "On the whole, nothing really appears very scary. Go forth and test."

Comments (none posted)

[Distributions] Posted Sep 28, 2013 10:56 UTC (Sat) by corbet

The GNU project is celebrating its 30th anniversary with the releases of GNU Mach 1.4 ("This new release bundles bug fixes and enhancements done since the release of version 1.3, eleven years ago; really too many (both years and improvements) to list them individually"), GNU MIG 1.4 (MIG being the Mach interface generator), and version 0.5 of the GNU Hurd kernel ("This new release bundles bug fixes and enhancements done since the release of version 0.2, 16 years ago"). The Hurd is still 32-bit on x86 only, but a 64-bit port is said to be in the works.

Comments (22 posted)

[Security] Posted Sep 27, 2013 15:36 UTC (Fri) by n8willis

CentOS has updated kernel (multiple vulnerabilities).

Debian has updated davfs2 (privilege escalation).

Fedora has updated nas (F18, F19: multiple vulnerabilities), spice-gtk (F19: privilege escalation), and wordpress (F18: multiple vulnerabilities).

Gentoo has updated dropbear (multiple vulnerabilities), klibc (code execution), and squid (multiple vulnerabilities).

Mandriva has updated polkit (privilege escalation).

openSUSE has updated gpg2 (information disclosure), firefox (multiple vulnerabilities), python-django (denial of service), seamonkey (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and xulrunner17 (multiple vulnerabilities).

Red Hat has updated kernel (multiple vulnerabilities).

Scientific Linux has updated kernel (SL5; multiple vulnerabilities).

Ubuntu has updated kernel (12.04, 12.10, 13.04: multiple vulnerabilities), linux-lts-quantal (multiple vulnerabilities), linux-lts-raring (multiple vulnerabilities), and linux-ti-omap4 (12.04, 12.10, 13.04: multiple vulnerabilities).

Comments (none posted)

[Announcements] Posted Sep 27, 2013 12:09 UTC (Fri) by corbet

Richard Stallman launched the GNU project on September 27, 1983 — thirty years ago. "GNU will be able to run Unix programs, but will not be identical to Unix. We will make all improvements that are convenient, based on our experience with other operating systems. In particular, we plan to have longer filenames, file version numbers, a crashproof file system, filename completion perhaps, terminal-independent display support, and eventually a Lisp-based window system through which several Lisp programs and ordinary Unix programs can share a screen. Both C and Lisp will be available as system programming languages. We will have network software based on MIT's chaosnet protocol, far superior to UUCP. We may also have something compatible with UUCP." Some of the details may not have come out as envisioned, but the big idea has held up well.

Comments (123 posted)

[Development] Posted Sep 27, 2013 7:55 UTC (Fri) by corbet

Version 0.8 of the Rust language has been announced. "This was another very active release cycle that continued the trend toward refining the standard library while making minor adjustments to the language. In this release the `for` keyword has been changed to work with `Iterator` types, the runtime and task scheduler was rewritten, a new experimental I/O subsystem was added, and we added a new family of string formatting macros, `format!`, that will eventually replace `fmt!`."

Comments (9 posted)

[Kernel] Posted Sep 27, 2013 7:50 UTC (Fri) by corbet

The 3.11.2, 3.10.13, 3.4.63, and 3.0.97 stable kernel updates are all available; each contains the usual set of important fixes.

Comments (none posted)

[Development] Posted Sep 26, 2013 21:06 UTC (Thu) by n8willis

Peter Liljenberg has developed an add-on for Firefox that copies linked metadata to the clipboard in addition to the "copied" object itself. The initial demonstration of this technique required a specially-crafted page with RDFs metadata linked in, and thus may not seem immediately useful. However, Liljenberg has now implemented a more straightforward use case: copying and pasting an image with attribution data automatically preserved. "The friction for using a shared image is reduced when you don’t have to remember to also write an attribution. The attribution can embed the metadata, so that if someone copies the image from your page, they can also get an attribution created automatically when they paste it into their page."

Comments (5 posted)

[Security] Posted Sep 26, 2013 14:05 UTC (Thu) by n8willis

Debian has updated libvirt (denial of service).

Fedora has updated lightdm (F18; information disclosure), rtkit (F19; privilege escalation), and wordpress (F19; multiple vulnerabilities).

Gentoo has updated libvirt (multiple vulnerabilities), monkeyd (multiple vulnerabilities), and tpp (code execution).

Mandriva has updated kernel (multiple vulnerabilities).

Red Hat has updated openstack-keystone (incorrect token revocation).

Comments (none posted)

[Development] Posted Sep 26, 2013 7:36 UTC (Thu) by corbet

Version 2.1.0 ("Rincewind") of the VLC media player is out. "With a new audio core, hardware decoding and encoding, port to mobile platforms, preparation for Ultra-HD video and a special care to support more formats, it is a major upgrade for VLC. Rincewind fixes around a thousand bugs, in more than 7000 commits from 140 volunteers."

Full Story (comments: 9)

Posted Sep 26, 2013 0:51 UTC (Thu)

The LWN.net Weekly Edition for September 26, 2013 is available.

Inside this week's LWN.net Weekly Edition

• Front: Free drivers for ARM graphics; A gathering of kernel developers; A SPDX case study
• Security: Encouraging a wider view; New vulnerabilities in chromium, kernel, policykit, tiff, ...
• Kernel: Split PMD locks; A perf ABI fix.
• Distributions: Fedora 20 takes shape; openSUSE, SteamOS, Tails.
• Development: OpenGL debugging; Lightning 2.6; GStreamer 1.2; GNOME 3.10; ...
• Announcements: Studio Storti joins TDF, events.

Read more

[Development] Posted Sep 25, 2013 19:23 UTC (Wed) by ris

The GNOME Project has announced the release of GNOME 3.10. Many components in this release have initial support for Wayland. See the release notes for details.

Full Story (comments: 104)

[Security] Posted Sep 25, 2013 16:50 UTC (Wed) by ris

CentOS has updated rtkit (C6: authorization bypass).

Debian has updated pyopenssl (certificate spoofing).

Fedora has updated python-django (F19: multiple vulnerabilities) and python-django14 (F19: multiple vulnerabilities).

Gentoo has updated chromium (multiple vulnerabilities), libzrtpcpp (multiple vulnerabilities), moinmoin (multiple vulnerabilities), and proftpd (multiple vulnerabilities).

Mageia has updated libtiff (multiple vulnerabilities), perl-Crypt-DSA (improperly secure randomness), and polarssl (multiple vulnerabilities).

Mandriva has updated glpi (multiple vulnerabilities) and perl-Crypt-DSA (improperly secure randomness).

openSUSE has updated subversion (11.4: privilege escalation), tiff (11.4: multiple code execution flaws), and wireshark (11.4: multiple vulnerabilities).

Oracle has updated rtkit (OL6: authorization bypass).

Red Hat has updated puppet (RHOS3: multiple vulnerabilities), rtkit (RHEL6: authorization bypass), and ruby193-puppet (RHOS3: multiple vulnerabilities).

Scientific Linux has updated rtkit (SL6: authorization bypass).

Ubuntu has updated python-django (multiple vulnerabilities) and samba (denial of service).

Comments (none posted)

• Next 20 items