| |||||||||||||
Welcome to LWN.netHeadlines for October 8, 2013NetBSD 6.1.2 and NetBSD 6.0.3 released
[Distributions] Posted Sep 30, 2013 18:54 UTC (Mon) by ris
The NetBSD Project has announced NetBSD 6.1.2 and NetBSD 6.0.3. Both releases contain fixes deemed important for security or stability reasons. More information can be found in the release notes.
Security advisories for Monday
[Security] Posted Sep 30, 2013 16:22 UTC (Mon) by ris
Debian has updated linux-2.6 (multiple vulnerabilities) and proftpd-dfsg (denial of service). Fedora has updated chicken (F19: code execution), filezilla (F18: multiple vulnerabilities), firefox (F18: multiple vulnerabilities), glibc (F19: multiple vulnerabilities), livecd-tools (F18: improper handling of passwords), python-djblets (F19: multiple vulnerabilities), ReviewBoard (F19: multiple vulnerabilities), seamonkey (F19: multiple vulnerabilities), wireshark (F19: multiple vulnerabilities), xulrunner (F18: multiple vulnerabilities), and zabbix (F19: man-in-the-middle attacks). Gentoo has updated firefox (multiple vulnerabilities) and xen (multiple vulnerabilities). Mandriva has updated davfs2 (privilege escalation). openSUSE has updated Mozilla (11.4: multiple vulnerabilities). Oracle has updated kernel: OL5: multiple vulnerabilities). Slackware has updated seamonkey (multiple vulnerabilities). SUSE has updated firefox (SLE11 SP3: multiple vulnerabilities).
Kernel prepatch 3.12-rc3
[Kernel] Posted Sep 30, 2013 5:27 UTC (Mon) by corbet
The 3.12-rc3 prepatch is out. Linus says: "On the whole, nothing really appears very scary. Go forth and test."
New GNU Hurd, Mach, and MIG releases
[Distributions] Posted Sep 28, 2013 10:56 UTC (Sat) by corbet
The GNU project is celebrating its 30th anniversary with the releases of GNU Mach 1.4 ("This new release bundles bug fixes and enhancements done since the release of version 1.3, eleven years ago; really too many (both years and improvements) to list them individually"), GNU MIG 1.4 (MIG being the Mach interface generator), and version 0.5 of the GNU Hurd kernel ("This new release bundles bug fixes and enhancements done since the release of version 0.2, 16 years ago"). The Hurd is still 32-bit on x86 only, but a 64-bit port is said to be in the works.
Friday's security updates
[Security] Posted Sep 27, 2013 15:36 UTC (Fri) by n8willis
CentOS has updated kernel (multiple vulnerabilities). Debian has updated davfs2 (privilege escalation). Fedora has updated nas (F18, F19: multiple vulnerabilities), spice-gtk (F19: privilege escalation), and wordpress (F18: multiple vulnerabilities). Gentoo has updated dropbear (multiple vulnerabilities), klibc (code execution), and squid (multiple vulnerabilities). Mandriva has updated polkit (privilege escalation). openSUSE has updated gpg2 (information disclosure), firefox (multiple vulnerabilities), python-django (denial of service), seamonkey (multiple vulnerabilities), thunderbird (multiple vulnerabilities), and xulrunner17 (multiple vulnerabilities). Red Hat has updated kernel (multiple vulnerabilities). Scientific Linux has updated kernel (SL5; multiple vulnerabilities). Ubuntu has updated kernel (12.04, 12.10, 13.04: multiple vulnerabilities), linux-lts-quantal (multiple vulnerabilities), linux-lts-raring (multiple vulnerabilities), and linux-ti-omap4 (12.04, 12.10, 13.04: multiple vulnerabilities).
30 years of GNU
[Announcements] Posted Sep 27, 2013 12:09 UTC (Fri) by corbet
Richard Stallman launched the GNU project on September 27, 1983 — thirty years ago. "GNU will be able to run Unix programs, but will not be identical to Unix. We will make all improvements that are convenient, based on our experience with other operating systems. In particular, we plan to have longer filenames, file version numbers, a crashproof file system, filename completion perhaps, terminal-independent display support, and eventually a Lisp-based window system through which several Lisp programs and ordinary Unix programs can share a screen. Both C and Lisp will be available as system programming languages. We will have network software based on MIT's chaosnet protocol, far superior to UUCP. We may also have something compatible with UUCP." Some of the details may not have come out as envisioned, but the big idea has held up well.
Rust 0.8 released
[Development] Posted Sep 27, 2013 7:55 UTC (Fri) by corbet
Version 0.8 of the Rust language has been announced. "This was another very active release cycle that continued the trend toward refining the standard library while making minor adjustments to the language. In this release the `for` keyword has been changed to work with `Iterator` types, the runtime and task scheduler was rewritten, a new experimental I/O subsystem was added, and we added a new family of string formatting macros, `format!`, that will eventually replace `fmt!`."
Stable kernel updates
[Kernel] Posted Sep 27, 2013 7:50 UTC (Fri) by corbet
The 3.11.2, 3.10.13, 3.4.63, and 3.0.97 stable kernel updates are all available; each contains the usual set of important fixes.
Pasting images with automatic attribution
[Development] Posted Sep 26, 2013 21:06 UTC (Thu) by n8willis
Peter Liljenberg has developed an add-on for Firefox that copies linked metadata to the clipboard in addition to the "copied" object itself. The initial demonstration of this technique required a specially-crafted page with RDFs metadata linked in, and thus may not seem immediately useful. However, Liljenberg has now implemented a more straightforward use case: copying and pasting an image with attribution data automatically preserved. "The friction for using a shared image is reduced when you don’t have to remember to also write an attribution. The attribution can embed the metadata, so that if someone copies the image from your page, they can also get an attribution created automatically when they paste it into their page."
Thursday's security updates
[Security] Posted Sep 26, 2013 14:05 UTC (Thu) by n8willis
Debian has updated libvirt (denial of service). Fedora has updated lightdm (F18; information disclosure), rtkit (F19; privilege escalation), and wordpress (F19; multiple vulnerabilities). Gentoo has updated libvirt (multiple vulnerabilities), monkeyd (multiple vulnerabilities), and tpp (code execution). Mandriva has updated kernel (multiple vulnerabilities). Red Hat has updated openstack-keystone (incorrect token revocation).
VLC media player 2.1.0 released
[Development] Posted Sep 26, 2013 7:36 UTC (Thu) by corbet
Version 2.1.0 ("Rincewind") of the VLC media player is out. "With a new audio core, hardware decoding and encoding, port to mobile platforms, preparation for Ultra-HD video and a special care to support more formats, it is a major upgrade for VLC. Rincewind fixes around a thousand bugs, in more than 7000 commits from 140 volunteers."
LWN.net Weekly Edition for September 26, 2013
Posted Sep 26, 2013 0:51 UTC (Thu)The LWN.net Weekly Edition for September 26, 2013 is available. Inside this week's LWN.net Weekly Edition
GNOME 3.10 Released
[Development] Posted Sep 25, 2013 19:23 UTC (Wed) by ris
The GNOME Project has announced the release of GNOME 3.10. Many components in this release have initial support for Wayland. See the release notes for details.
Security advisories for Wednesday
[Security] Posted Sep 25, 2013 16:50 UTC (Wed) by ris
CentOS has updated rtkit (C6: authorization bypass). Debian has updated pyopenssl (certificate spoofing). Fedora has updated python-django (F19: multiple vulnerabilities) and python-django14 (F19: multiple vulnerabilities). Gentoo has updated chromium (multiple vulnerabilities), libzrtpcpp (multiple vulnerabilities), moinmoin (multiple vulnerabilities), and proftpd (multiple vulnerabilities). Mageia has updated libtiff (multiple vulnerabilities), perl-Crypt-DSA (improperly secure randomness), and polarssl (multiple vulnerabilities). Mandriva has updated glpi (multiple vulnerabilities) and perl-Crypt-DSA (improperly secure randomness). openSUSE has updated subversion (11.4: privilege escalation), tiff (11.4: multiple code execution flaws), and wireshark (11.4: multiple vulnerabilities). Oracle has updated rtkit (OL6: authorization bypass). Red Hat has updated puppet (RHOS3: multiple vulnerabilities), rtkit (RHEL6: authorization bypass), and ruby193-puppet (RHOS3: multiple vulnerabilities). Scientific Linux has updated rtkit (SL6: authorization bypass). Ubuntu has updated python-django (multiple vulnerabilities) and samba (denial of service).
GStreamer 1.2 released
[Development] Posted Sep 25, 2013 1:00 UTC (Wed) by n8willis
Version 1.2 of the GStreamer multimedia framework has been released. Packages for GStreamer Core and GStreamer Plugins are available. The 1.2 release is API- and ABI-backwards-compatible with GStreamer 1.0, however there are several new features introduced. Several new plugins are included, including support for DASH adaptive streaming, JPEG2000 images, VP9 and Daala video, and decoding-only support for WebP. There is also a new command-line playback tool called gst-play-1.0 (designed for testing purposes), as well as numerous bugfixes and improvements.
A perf ABI fix
[Kernel] Posted Sep 24, 2013 18:14 UTC (Tue) by corbet
It is often said that the kernel developers are committed to avoiding ABI breaks at almost any cost. But ABI problems can, at times, be hard to avoid. Some have argued that the perf events interface is particularly subject to incompatible ABI changes because the perf tool is part of the kernel tree itself; since perf can evolve with the kernel, there is a possibility that developers might not even notice a break. So the recent discovery of a perf ABI issue is worth looking at as an example of how compatibility problems are handled in that code.
Tuesday's security updates
[Security] Posted Sep 24, 2013 16:07 UTC (Tue) by ris
Debian has updated icedove (multiple vulnerabilities). Fedora has updated proftpd (F18; F19: denial of service). Gentoo has updated apache (multiple vulnerabilities) and subversion (multiple vulnerabilities). openSUSE has updated tiff (multiple vulnerabilities) and wireshark (multiple vulnerabilities). Ubuntu has updated libraw (denial of service) and pyopenssl (certificate spoofing).
NVIDIA to provide documentation for Nouveau
[Kernel] Posted Sep 24, 2013 7:12 UTC (Tue) by corbet
Nouveau is the reverse-engineered driver for NVIDIA GPUs; it has been developed for a number of years with no assistance from NVIDIA. Now, though, an NVIDIA developer has surfaced on the Nouveau list with an offer to help: "NVIDIA is releasing public documentation on certain aspects of our GPUs, with the intent to address areas that impact the out-of-the-box usability of NVIDIA GPUs with Nouveau. We intend to provide more documentation over time, and guidance in additional areas as we are able." This would appear to be a big step in the right direction.
Kernel prepatch 3.12-rc2
[Kernel] Posted Sep 24, 2013 7:01 UTC (Tue) by corbet
The second 3.12 kernel prepatch is out. Linus said: "Things have been fairly quiet, probably because lots of people were traveling for LinuxCon and Linux Plumbers conference last week. So nothing very exciting stands out. It's mainly driver updates/fixes (gpu drivers stand out, but there's networking too, and smaller stuff all over). Apart from drivers there's arch updates (tile/arm/mips) and some filesystem noise (mainly btrfs)."
Valve launches SteamOS
[Distributions] Posted Sep 23, 2013 17:39 UTC (Mon) by corbet
Valve has announced the launch of a new gaming-oriented operating system. "As we’ve been working on bringing Steam to the living room, we’ve come to the conclusion that the environment best suited to delivering value to customers is an operating system built around Steam itself. SteamOS combines the rock-solid architecture of Linux with a gaming experience built for the big screen. It will be available soon as a free stand-alone operating system for living room machines." There is little in the way of details available at this time.
|
|||||||||||||