Welcome to LWN.net

• Previous 20 items

[Distributions] Posted May 23, 2013 14:26 UTC (Thu) by corbet

The Qt Blog introduces "Boot to Qt", which is "a light-weight UI stack for embedded linux, based on the Qt Framework - Boot to Qt is built on an Android kernel/baselayer and offers an elegant means of developing beautiful and performant embedded devices." Access is invitation-only currently; a release is forecast for sometime around the end of the year.

Comments (17 posted)

[Security] Posted May 23, 2013 13:57 UTC (Thu) by corbet

Debian has updated request-tracker4 (eight CVE numbers), and the kfreebsd kernel (code execution).

Fedora has updated python-virtualenv (F17, F18: temporary file and information disclosure vulnerabilities), krb5 (F17, "UDP ping-pong vulnerability" from 2002), and nginx (F18: denial of service and information disclosure).

openSUSE has updated samba (CIFS share attribute verification failure).

Oracle has updated kernel (EL5: denial of service).

Red Hat has updated java-1.5.0-ibm (RHEL5-6: 16 "unspecified" vulnerabilities).

Comments (none posted)

Posted May 23, 2013 0:40 UTC (Thu)

The LWN.net Weekly Edition for May 23, 2013 is available.

Inside this week's LWN.net Weekly Edition

• Front: Google's draft VP8 patent license; Moodle 2.5.
• Security: DeadDrop and Strongbox; New vulnerabilities in kernel, openswan, openvpn, thunderbird, ...
• Kernel: Ktap; Low-latency Ethernet device polling; An unexpected perf feature.
• Distributions: Empty symlinks and full POSIX compliance; Debian GNU/Hurd, Mageia, NetBSD, Pidora, ...
• Development: An "enum" for Python 3; Python and implicit string concatenation; QEMU 1.5.0; Blender for 3D printing; ...
• Announcements: Ten years of Groklaw, Sony opens up the Xperia Tablet Z, events...

Read more

[Announcements] Posted May 22, 2013 20:35 UTC (Wed) by corbet

Google has announced that it will be phasing out the file download feature for projects hosted on Google Code. "Downloads were implemented by Project Hosting on Google Code to enable open source projects to make their files available for public download. Unfortunately, downloads have become a source of abuse with a significant increase in incidents recently. Due to this increasing misuse of the service and a desire to keep our community safe and secure, we are deprecating downloads."

Comments (41 posted)

[Announcements] Posted May 22, 2013 19:58 UTC (Wed) by corbet

GigaOM asserts that Google will be taking over the desktop (regardless of the underlying operating system) with its Chrome browser. "For many Chrome is just a browser. For others who use a Chromebox or Chromebook, like myself, it’s my full-time operating system. The general consensus is that Chrome OS, the platform used on these devices, can only browse the web and run either extensions and web apps; something any browser can do. Simply put, the general consensus is wrong and the signs are everywhere."

Comments (21 posted)

[Announcements] Posted May 22, 2013 19:15 UTC (Wed) by corbet

The Electronic Frontier Foundation has sent out a release about how the US state of Vermont is going on the offensive against patent trolls. "Not content to strike back against a single troll, Vermont is also poised to pass a bill dealing with the problem as a whole. The Vermont House and Senate recently passed a bill to combat 'bad faith assertions of patent infringement'. And the latest word is that Vermont's governor is about to sign it into law."

Comments (11 posted)

[Development] Posted May 22, 2013 18:18 UTC (Wed) by jake

Designing an enumeration type (i.e. "enum") for a language may seem like a straightforward exercise, but the recently "completed" discussions over Python's PEP 435 show that it has a few wrinkles. The discussion spanned several long threads in two mailing lists (python-ideas, python-devel) going back to January in this particular iteration, but the idea is far older than that. Subscribers can click below for the full article from this week's edition.

Full Story (comments: 23)

[Security] Posted May 22, 2013 16:51 UTC (Wed) by ris

CentOS has updated kernel (C5: denial of service).

Fedora has updated gallery3 (F18; F17: cross-site scripting) and openstack-keystone (F18: multiple vulnerabilities).

Mandriva has updated krb5 (UDP ping-pong flaw in kpasswd).

Red Hat has updated kernel (RHEL5: denial of service).

Scientific Linux has updated kernel (SL5: denial of service).

SUSE has updated java-1_6_0-openjdk (multiple vulnerabilities) and kernel (privilege escalation).

Ubuntu has updated libtiff (two vulnerabilities).

Comments (none posted)

[Distributions] Posted May 22, 2013 2:36 UTC (Wed) by jake

While it is not an official Debian release, the Debian GNU/Hurd team has announced the release of Debian GNU/Hurd 2013. GNU Hurd is a Unix-style kernel based on the Mach microkernel and Debian GNU/Hurd makes much of the Debian system available atop that kernel.

Comments (35 posted)

[Kernel] Posted May 21, 2013 22:10 UTC (Tue) by jake

Local privilege escalations seem to be regularly found in the Linux kernel these days, but they usually aren't quite so old—more than two years since the release of 2.6.37—or backported into even earlier kernels. But CVE-2013-2094 is just that kind of bug, with a now-public exploit that apparently dates back to 2010.

Click below (subscribers only) for LWN's look at this vulnerability.

Full Story (comments: 56)

[Development] Posted May 21, 2013 16:17 UTC (Tue) by corbet

Version 1.5.0 of the QEMU hardware emulator is out. "This release was developed in a little more than 90 days by over 130 unique authors averaging 20 commits a day. This represents a year-to-year growth of over 38 percent making it the most active release in QEMU history." Some of the new features include KVM-on-ARM support, a native GTK+ user interface, and lots of hardware support and performance improvements. See the change log for lots of details.

Full Story (comments: 9)

[Security] Posted May 21, 2013 15:45 UTC (Tue) by ris

Fedora has updated tomcat (F18; F17: information disclosure) and krb5 (F18: UDP ping-pong flaw in kpasswd).

openSUSE has updated tiff (12.2; 12.1: buffer overflows) and clamav (12.2; 12.1: multiple vulnerabilities).

Red Hat has updated kernel-rt (multiple vulnerabilities) and kernel (RHEL 6.2 EUS; RHEL 6.1 EUS: privilege escalation).

Slackware has updated kernel (privilege escalation).

Comments (none posted)

[Kernel] Posted May 21, 2013 13:32 UTC (Tue) by corbet

A new kernel tracing tool called "ktap" has made its first release. "KTAP have different design principles from Linux mainstream dynamic tracing language in that it's based on bytecode, so it doesn't depend upon GCC, doesn't require compiling a kernel module, safe to use in production environment, fulfilling the embedded ecosystem's tracing needs." It's in an early state; the project is looking for testers and contributors.

Comments (10 posted)

[Kernel] Posted May 20, 2013 22:09 UTC (Mon) by corbet

The second 3.10 kernel prepatch is out for testing. "For being an -rc2, it's not unreasonably sized, but I did take a few pulls that I wouldn't have taken later in the rc series. So it's not exactly small either. We've got arch updates (PPC, MIPS, PA-RISC), we've got driver fixes (net, gpu, target, xen), and we've got filesystem updates (btrfs, ext4 and cepth - rbd)."

Comments (none posted)

[Security] Posted May 20, 2013 16:32 UTC (Mon) by ris

Fedora has updated mediawiki (F18; F17: multiple vulnerabilities) and libtiff (F17: buffer overflows).

Mageia has updated kernel (multiple vulnerabilities), kernel-linus (multiple vulnerabilities), kernel-tmb (multiple vulnerabilities), kernel-rt (multiple vulnerabilities), and kernel-vserver (multiple vulnerabilities).

openSUSE has updated telepathy-idle (certificate validation error) and gnutls (plaintext recovery).

SUSE has updated acroread (multiple vulnerabilities), and oracle-update (SM 1.7; SM 1.2: multiple vulnerabilities).

Comments (none posted)

[Kernel] Posted May 19, 2013 20:16 UTC (Sun) by jake

Greg Kroah-Hartman has announced the release of the 3.9.3, 3.4.46, and 3.0.79 stable kernels. As always, they contain important fixes throughout the tree, so users should upgrade.

Comments (none posted)

[Distributions] Posted May 19, 2013 19:49 UTC (Sun) by ris

The NetBSD Project has announced NetBSD 6.1, the first feature update of the NetBSD 6 release branch. "It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements." See the changelog for details.

Comments (41 posted)

[Distributions] Posted May 19, 2013 13:42 UTC (Sun) by corbet

The much-delayed Mageia 3 release is out. "We dedicate this release to the memory of Eugeni Dodonov, our friend, our colleague and a great inspiration to those he left behind. We miss his brilliance, his courtesy and his dedication." Changes include an RPM upgrade, the 3.8 kernel, availability of GRUB2 (but GRUB is still the default bootloader), and more. See the release notes for lots of details.

Comments (6 posted)

[Development] Posted May 19, 2013 13:37 UTC (Sun) by corbet

The Perl 5.18.0 release is out. "Perl v5.18.0 represents approximately 12 months of development since Perl v5.16.0 and contains approximately 400,000 lines of changes across 2,100 files from 113 authors." See this perldelta page for details on what has changed.

Full Story (comments: 1)

[Announcements] Posted May 17, 2013 20:06 UTC (Fri) by corbet

Sony has announced the availability of an Android Open Source Project distribution for its Xperia Tablet Z device. "For all you developers out there, of course this means you can now access the software and contribute to this project. And this is all before the tablet is even available in the US. A special thanks to our Sony Mobile team for helping us create the package early and a huge thanks to the Android developer community for all your support. We can’t wait to see what you’ll do with the code." Source is available on GitHub.

Comments (26 posted)

• Next 20 items