| |||||||||||||
Welcome to LWN.netHeadlines for May 22, 2013Kernel prepatch 3.10-rc1
[Kernel] Posted May 12, 2013 1:09 UTC (Sun) by corbet
Linus has announced the 3.10-rc1 kernel prepatch and the closure of the merge window for this development cycle. All told, nearly 12,000 changesets were pulled into the mainline during the merge window, making it the busiest such ever. See this article (subscribers only) for a summary of changes merged since last week's merge window update.
A new set of stable kernel updates
[Kernel] Posted May 11, 2013 22:57 UTC (Sat) by corbet
The 3.9.2, 3.8.13, 3.4.45, and 3.0.78 stable updates are out with the usual collection of important fixes. Greg says: "NOTE, this is the LAST 3.8.y kernel release, please move to the 3.9.y kernel series at this time. It is end-of-life, dead, gone, buried, and put way behind us never to be spoken of again. Seriously, move on, it's just not worth it anymore."
Gawk 4.1.0 released
[Development] Posted May 11, 2013 16:41 UTC (Sat) by corbet
Version 4.1.0 of Gawk (the GNU Awk interpreter) is out. There's lots of new features, including high-precision arithmetic, a completely reworked dynamic extension interface, and more.
Results of the Apache OpenOffice 4.0 Logo Survey
[Development] Posted May 10, 2013 18:30 UTC (Fri) by n8willis
Rob Weir has posted an analysis of the logo contest recently held for Apache OpenOffice. The main blog post showcases the leading vote-getters, but the real meat comes in the detailed report, which breaks down the survey by demographics and examines various ways of interpreting what boils down to a set of individual personal preferences. "With an ordinal interpretation we can look at histograms (counts of scores), at the mode (most frequent response), median (the middle value) and the variation ratio (fraction of scores not in the mode). With an interval interpretation we would assign each point on the scale a numeric value, e.g., 1 for Strongly Dislike to 5 for Strongly Like. Then we could take these scores and calculate means and standard deviations." The logo-selection process now moves to revisions by the leading candidates, aiming for the upcoming 4.0 release.
A proposal for an always-releasable Debian
[Distributions] Posted May 10, 2013 14:33 UTC (Fri) by corbet
Lars Wirzenius and Russ Allbery have posted an essay calling for changes in how the Debian release cycle works; it is mostly aimed at reducing the length of freezes to something close to zero. "The fundamental change is to start keeping our "testing" branch as close to releasable as possible, at all times. For individual projects, this corresponds to keeping the master or trunk branch in version control ready to be released. Practitioners of agile development models, for example, do this quite successfully, by applying continuous integration, automatic testing, and by having a development culture that if there's a severe bug in master, fixing that gets highest priority."
Friday's security updates
[Security] Posted May 10, 2013 14:29 UTC (Fri) by n8willis
Fedora has updated owncloud (multiple vulnerabilities). Mageia has updated mesa (code execution). Oracle has updated hypervkvpd (denial of service). Red Hat has updated hypervkvpd (denial of service) and openstack-keystone (password disclosure). Scientific Linux has updated hypervkvpd (denial of service). Ubuntu has updated gpsd (code execution).
PacketFence 4.0 released
[Development] Posted May 10, 2013 13:36 UTC (Fri) by corbet
PacketFence is a free network access control system — the system that decides whether you get to use the local WiFi network, for example. Version 4.0 is now available. "Packet Fence 4.0 introduces a brand new modern, fast and responsive web administrative interface. It also simplifies the definition of authentication sources in one place and allows dynamic computation of roles. The portal profiles can now be entirely managed from the web interface, simplifying their definitions and eliminating possible configuration mistakes."
Fedora account system (FAS) potential information disclosure
[Distributions] Posted May 9, 2013 22:51 UTC (Thu) by jake
Fedora project leader Robyn Bergeron has announced an information disclosure bug in the Fedora account system that may have exposed certain types of information (hashed passwords, security questions and encrypted answers, etc.) from unapproved members. It has been present since 2008, but could only be exploited by authenticated users, furthermore:
Review of logs has shown no cases where this bug was used in our
production account system, however our staging version was also
vulnerable and we are unable to confirm the information was not
accessed there. Moving forward, additional logging will be added to our
staging infrastructure.
We recommend (but do not require) that all users take this time to change their passwords, update their security questions/answers and review their other account information.
Three Ubuntu releases reach end of life
[Distributions] Posted May 9, 2013 22:32 UTC (Thu) by jake
Three releases of Ubuntu reached their end of life on May 9, 2013, which means they will no longer receive updates of any kind. Users of Ubuntu 8.04 LTS ("Hardy Heron"), Ubuntu 10.04 LTS Desktop ("Lucid Lynx"), and Ubuntu 11.10 ("Oneiric Ocelot") should upgrade.
New Zealand Government Announces That Software Will No Longer Be Patentable (Forbes)
[Announcements] Posted May 9, 2013 21:04 UTC (Thu) by jake
Forbes is reporting that the New Zealand government has banned patents on software. "In doing this, New Zealand is essentially taking the position that existing laws provides enough protection to software as it is; patents only serve to stifle innovation because of the ever-looming threat of being sued by so-called patent troll companies. [...] During its consideration of the bill, the committee received many submissions opposing the granting of patents for computer programs on the grounds it would stifle innovation and restrict competition. Internet New Zealand said [Commerce Minister Craig] Foss' decision to amend the Patents Bill drew to a close 'years of wrangling between software developers, ICT players and multinational heavyweights over the vexed issue of patentability of software'."
PyPy 2.0 released
[Development] Posted May 9, 2013 20:04 UTC (Thu) by corbet
The PyPy 2.0 release is available; PyPy is a performance-oriented reimplementation of the Python 2 interpreter. "This is a stable release that brings a swath of bugfixes, small performance improvements and compatibility fixes. PyPy 2.0 is a big step for us and we hope in the future we'll be able to provide stable releases more often." Headline features include stackless and greenlet support, a new interface to C modules, and more.
Raspberry Pi operating systems: 5 reviewed and rated (Techradar)
[Distributions] Posted May 9, 2013 17:56 UTC (Thu) by jake
Those looking for alternative distributions (or even operating systems) for their Raspberry Pi may want to take a peek at Techradar's review of five choices for the diminutive ARM-based computer. The article looks at Raspbian, Risc OS, Plan 9, Android, and Arch; it evaluates and rates each one on a variety of criteria:
The areas we're looking at are installation, default software, media playback (out-of-the-box), looks and usability, the community behind the OS and their respective attitudes toward software freedom. Basically, the very stuff that makes a Linux user decide on what system to use.
We also want to gauge this from the point of view of someone who's not as familiar with Linux as others are, so they can jump into the project without too much hassle, and not end up leaving it feeling disheartened.
Security updates for Thursday
[Security] Posted May 9, 2013 15:36 UTC (Thu) by jake
Fedora has updated phpmyadmin (F17; F18: two remote code execution flaws). Mageia has updated ffmpeg (multiple vulnerabilities), wordpress (three vulnerabilities), ekiga, opal3, ptlib (denial of service), nrpe (code execution), x11-server (keystroke capture), glibc (two denial of service flaws), and libtiff (two vulnerabilities). Ubuntu has updated telepathy-idle (13.04, 12.10, 12.04: certificate validation botch).
LWN.net Weekly Edition for May 9, 2013
Posted May 9, 2013 1:46 UTC (Thu)The LWN.net Weekly Edition for May 9, 2013 is available. Inside this week's LWN.net Weekly Edition
"Click packages" for Ubuntu
[Distributions] Posted May 8, 2013 19:50 UTC (Wed) by corbet
Ubuntu is considering adopting a new package format for third-party applications that would be simpler for developers to work with. This format would not replace dpkg in the Ubuntu system itself. "So the scope of what I've been considering is purely leaf apps built on a fixed 'base system', which in the case of the initial target of the Ubuntu phone/tablet work would be the run-time part of the Ubuntu SDK."
Stable kernel updates
[Kernel] Posted May 8, 2013 16:32 UTC (Wed) by ris
Greg KH has updated stable kernels 3.9.1, 3.8.12, 3.4.44, and 3.0.77. All of them include important fixes.
Security advisories for Wednesday
[Security] Posted May 8, 2013 16:25 UTC (Wed) by ris
Fedora has updated rubygem-rack (F18; F17: multiple vulnerabilities) and rubygem-rdoc (F18; F17: cross-site scripting). Mandriva has updated glibc (ES 5.0: multiple vulnerabilities) and glibc (BS 1.0: denial of service). SUSE has updated kernel (some SLE 11 SP2 products; other SLE 11 SP2 products: multiple vulnerabilities). Ubuntu has updated openjdk-6 (multiple vulnerabilities).
(Nearly) full tickless operation in 3.10
[Kernel] Posted May 8, 2013 15:47 UTC (Wed) by corbet
On a typical Linux system, each running CPU will be diverted between 100 and 1000 times each second by the periodic timer interrupt. That interrupt is the CPU's cue to reconsider which process should be running, catch up with read-copy-update (RCU) callbacks, and generally handle any necessary housekeeping. This periodic "tick" can be reasonably compared to the infamous big kernel lock (BKL): it is convenient to have around, but it also has an effect on performance that makes developers wish to abolish it. The key difference might be that getting rid of the timer tick has taken rather longer than was required to eliminate the BKL. The 3.10 kernel will take an important step in that direction, though, with the addition of the "full NOHZ" mode — but a lot of limitations still apply.
Garrett: A short introduction to TPMs
[Security] Posted May 7, 2013 20:04 UTC (Tue) by corbet
Matthew Garrett has posted an introduction to the trusted platform module (TPM) chip and what can be done with it. "I've been working on TPMs lately. It turns out that they're moderately awful, but what's significantly more awful is basically all the existing documentation. So here's some of what I've learned, presented in the hope that it saves someone else some amount of misery."
Tuesday's security updates
[Security] Posted May 7, 2013 16:48 UTC (Tue) by ris
Red Hat has updated subscription-manager (man-in-the-middle attack). Ubuntu has updated libxml2 (13.04: code execution) and mesa (12.04 LTS: code execution).
|
|||||||||||||