| |||||||||||||
Welcome to LWN.netHeadlines for May 23, 2013Security updates for Thursday
[Security] Posted May 2, 2013 15:20 UTC (Thu) by jake
openSUSE has updated icedtea-web (12.1: two vulnerabilities). Ubuntu has updated kernel (12.04: multiple vulnerabilities), OMAP4 kernel (12.04: multiple vulnerabilities), Quantal HWE kernel (12.04: multiple vulnerabilities), kernel (12.10: multiple vulnerabilities), and OMAP4 kernel (12.10: multiple vulnerabilities).
Adobe CFF rasterizer contributed to FreeType
[Development] Posted May 2, 2013 14:25 UTC (Thu) by corbet
The Google Open Source Blog announces the contribution of Adobe's Compact Font Format rasterizer to the FreeType project. "CFF fonts are capable of very high quality display but the technology places the burden for this display quality on the text rasterizer instead of on the font as is done in TrueType. The new Adobe CFF engine brings that high quality rasterizer support to FreeType." More information can also be found in Adobe's announcement.
LWN.net Weekly Edition for May 2, 2013
Posted May 2, 2013 1:42 UTC (Thu)The LWN.net Weekly Edition for May 2, 2013 is available. Inside this week's LWN.net Weekly Edition
OpenBSD 5.3 released
[Distributions] Posted May 1, 2013 19:42 UTC (Wed) by ris
OpenBSD 5.3 has been released. The release announcement (click below) contains a lengthy list of new features and improvements.
The SFC aims to create better non-profit accounting software
[Announcements] Posted May 1, 2013 18:43 UTC (Wed) by corbet
The Software Freedom Conservancy has announced a campaign to raise money and hire a developer to produce a useful, free-software accounting system aimed at the needs of non-profit organizations. "Indeed, Conservancy reached out into the broader fiscal sponsorship community beyond the FLOSS NPO community and discovered that many larger fiscal sponsors — even those willing to use proprietary components — have cobbled together their own unique systems, idiosyncratically tailored to their specific environments. Thus, good, well-designed, and reusable accounting software for non-profit fiscal sponsorship is not just missing in the software freedom community; it's missing altogether." The goal is to raise $75,000 for the first year's worth of work.
New stable kernels
[Kernel] Posted May 1, 2013 18:24 UTC (Wed) by ris
Greg KH has released a new set of stable kernels; 3.8.11, 3.4.43, and 3.0.76. As usual, these releases contain many important fixes.
Go and Rust — objects without class
[Development] Posted May 1, 2013 18:06 UTC (Wed) by jake
Since the advent of object-oriented programming languages around the time of Smalltalk in the 1970s, inheritance has been a mainstay of the object-oriented vision. It is therefore a little surprising that both "Go" and "Rust" — two relatively new languages which support object-oriented programming — manage to avoid mentioning it. In this subscriber-only article, Neil Brown looks at how this classic object-oriented concept has evolved in two recent languages.
Security advisories for Wednesday
[Security] Posted May 1, 2013 17:04 UTC (Wed) by ris
Fedora has updated pdns-recursor (F18; F17: ghost domain name resolving flaw).
Mozilla: Protecting our brand from a global spyware provider
[Security] Posted May 1, 2013 13:50 UTC (Wed) by corbet
The Mozilla blog reports that Mozilla is using its trademarks to back up a cease-and-desist letter to Gamma International, the maker of the infamous FinFisher surveillance system. "We cannot abide a software company using our name to disguise online surveillance tools that can be – and in several cases actually have been – used by Gamma’s customers to violate citizens’ human rights and online privacy."
LFCS: The value of FOSS fiscal sponsorship
[Front] Posted Apr 30, 2013 19:21 UTC (Tue) by jake
Click below (subscribers only) for the full report by Martin Michlmayr.
Open Build Service version 2.4 released
[Development] Posted Apr 30, 2013 19:03 UTC (Tue) by ris
Open Build Service (OBS) 2.4 has been released. "With OBS 2.4 it is now possible to build packages in the PKGBUILD format used for instance by the popular Arch Linux distribution. This is the third package format, after RPM and DEB, supported by the OBS which makes it feasible to build and ship software for all the major Linux distributions that use a binary package format. Another popular demand for build servers these days is the support for signing individual files (bootloader, driver etc.) inside packages with a cryptographic key to support standards like UEFI secure boot. In version 2.4 the OBS sign daemon has been extend to handle this security feature. And with the rise of App-Stores as means to distribute software to end users this OBS release brings support for the cross-distribution application metadata standard AppStream."
Security updates for Tuesday
[Security] Posted Apr 30, 2013 16:45 UTC (Tue) by ris
Debian has updated strongswan (authentication bypass). Fedora has updated mediawiki (F18; F17: multiple vulnerabilities) and qemu (host file disclosure). Mandriva has updated apache-mod_security (file disclosure, denial of service), krb5 (ES 5.0; BS 1.0: denial of service), and clamav (multiple vulnerabilities). openSUSE has updated curl (cookie information disclosure) and libxml2 (use after free).
Wayland development plans posted
[Development] Posted Apr 30, 2013 15:05 UTC (Tue) by corbet
Wayland developer Kristian Høgsberg has sent out a message detailing his plans for Wayland 1.2 and beyond. "What I'd like to do is to release a new major version every quarter. So we'll be aiming for 1.2 end of June, 1.3 end of September and so on. The motivation for this is that we have a lot of new features and new protocol in the works and a time-based release schedule is a good way to flush out those features. Instead of dragging out a release while waiting for a feature to become ready, we release on a regular schedule to make sure the features that did land get released on time." See the full text for details on the desired features for the 1.2 release.
Three Outreach Program for Women kernel internships available
[Kernel] Posted Apr 29, 2013 19:15 UTC (Mon) by corbet
The Linux Foundation has announced that it will be supporting three kernel internships for the upcoming Outreach Program for Women cycle. "The official deadline for applying to OPW is May 1st. However, the kernel project joined late, so that deadline is flexible. Please fill out your initial application, and then update by May 17th with your initial patch." Acceptance in the program brings a $5000 stipend plus $500 in travel funding.
Security advisories for Monday
[Security] Posted Apr 29, 2013 17:57 UTC (Mon) by ris
Fedora has updated haproxy (F18; F17: code execution), php-twig-Twig (F18; F17: file disclosure), and kernel (F18: multiple vulnerabilities). Mandriva has updated util-linux (information disclosure) and fuse (denial of service).
Output redirection vulnerabilities in recent kernels
[Kernel] Posted Apr 29, 2013 14:55 UTC (Mon) by corbet
Andy Lutomirski has posted a description of a set of security vulnerabilities fixed in recent stable updates. One is a fairly severe user namespace vulnerability that appeared in the 3.8 kernel; another dates back to 2.6.36. Exploit code is included.
The 3.9 kernel is out
[Kernel] Posted Apr 29, 2013 3:08 UTC (Mon) by corbet
Linus has announced the release of the 3.9 kernel. "Anyway. Whatever the reason, this week has been very quiet, which makes me much more comfortable doing the final 3.9 release, so I guess the last -rc8 ended up working. Because not only aren't there very many commits here, even the ones that made it really are tiny and not pretty obscure and not very interesting." Headline features in 3.9 include KVM virtualization on the ARM architecture, the near-completion of user namespace support, PowerClamp support, the dm-cache device mapper target, RAID5/6 support in the Btrfs filesystem, and more. The KernelNewbies 3.9 page will have details eventually, but is very much a work in progress as of this writing.
GDB 7.6 released
[Development] Posted Apr 28, 2013 18:58 UTC (Sun) by corbet
Version 7.6 of the GDB debugger is out. New features include 64-bit ARM support, an update of the C++ ABI to the GNU v3 version (" This has been the default for GCC since November 2000"), some Python scripting improvements, a number of new options, and more.
New stable kernels
[Kernel] Posted Apr 26, 2013 16:54 UTC (Fri) by n8willis
A fresh batch of new stable kernels is now available. Greg Kroah-Hartman has released 3.8.9, 3.4.42, and 3.0.75, while Ben Hutchings has released 3.2.44. Each release includes the usual battery of important fixes and updates. UPDATE: Greg Kroah-Hartman has subsequently released 3.8.10, which fixes a build error in 3.8.9 when compiling with user namespaces enabled.
Friday's security updates
[Security] Posted Apr 26, 2013 15:06 UTC (Fri) by n8willis
CentOS has updated mysql (C6; multiple vulnerabilities). Fedora has updated qemu (F18; host file disclosure). Mandriva has updated curl (session hijacking) and subversion (ES5, BS1; multiple vulnerabilities). openSUSE has updated icedtea-web (multiple vulnerabilities). Oracle has updated mysql (multiple vulnerabilities). Red Hat has updated mysql (multiple vulnerabilities). Scientific Linux has updated mysql (SL6; multiple vulnerabilities). Ubuntu has updated mysql (multiple vulnerabilities).
|
|||||||||||||
![[Tony Sebro]](/images/2013/lfcs-sebro-sm.jpg)
As open source becomes more popular and mature, questions of
formalizing the governance and corporate structures of projects are
becoming of increasing importance, as can been seen by the rising
visibility of various
FOSS foundations. At the