Security updates for Thursday
[Security] Posted May 2, 2013 15:20 UTC (Thu) by jake
openSUSE has updated icedtea-web
(12.1: two vulnerabilities).
Ubuntu has updated kernel (12.04:
multiple vulnerabilities), OMAP4 kernel
(12.04: multiple vulnerabilities), Quantal HWE
kernel (12.04: multiple vulnerabilities), kernel (12.10: multiple vulnerabilities), and
OMAP4 kernel (12.10: multiple vulnerabilities).
Comments (none posted)
Adobe CFF rasterizer contributed to FreeType
[Development] Posted May 2, 2013 14:25 UTC (Thu) by corbet
The Google Open Source Blog announces
the contribution of Adobe's Compact Font Format rasterizer to the FreeType
project. "CFF fonts are capable of very high quality display but the
technology places the burden for this display quality on the text
rasterizer instead of on the font as is done in TrueType. The new Adobe CFF
engine brings that high quality rasterizer support to FreeType."
More information can also be found in Adobe's
announcement.
Comments (14 posted)
LWN.net Weekly Edition for May 2, 2013
Posted May 2, 2013 1:42 UTC (Thu)
The LWN.net Weekly Edition for May 2, 2013 is available.
Inside this week's LWN.net Weekly Edition
- Front: Outreach Program for Women; Google Test Automation Conference; The value of FOSS fiscal sponsorship.
- Security: Code authenticity checking; New vulnerabilities in clamav, kernel, qemu, strongswan, ...
- Kernel: What's coming in 3.10, part 1; Wait/wound mutexes; LSFMM coverage complete.
- Distributions: x32 ABI support by distributions; DragonFly, OpenBSD, Ubuntu, ...
- Development: Go and Rust; GDB 7.6; Open Build Service 2.4; OpenShot fundraising update; ...
- Announcements: SFC to create accounting software, FSF certifies ThinkPenguin, events.
Read more
OpenBSD 5.3 released
[Distributions] Posted May 1, 2013 19:42 UTC (Wed) by ris
OpenBSD 5.3 has been released. The release announcement (click below)
contains a lengthy list of new features and improvements.
Full Story (comments: 8)
The SFC aims to create better non-profit accounting software
[Announcements] Posted May 1, 2013 18:43 UTC (Wed) by corbet
The Software Freedom Conservancy has announced a campaign to raise
money and hire a developer to produce a useful, free-software accounting
system aimed at the needs of non-profit organizations. "Indeed,
Conservancy reached out into the broader fiscal sponsorship community
beyond the FLOSS NPO community and discovered that many larger fiscal
sponsors — even those willing to use proprietary components — have cobbled
together their own unique systems, idiosyncratically tailored to their
specific environments. Thus, good, well-designed, and reusable accounting
software for non-profit fiscal sponsorship is not just missing in the
software freedom community; it's missing altogether." The goal is
to raise $75,000 for the first year's worth of work.
Comments (8 posted)
New stable kernels
[Kernel] Posted May 1, 2013 18:24 UTC (Wed) by ris
Greg KH has released a new set of stable kernels; 3.8.11, 3.4.43, and 3.0.76. As usual, these releases contain many
important fixes.
Comments (none posted)
Go and Rust — objects without class
[Development] Posted May 1, 2013 18:06 UTC (Wed) by jake
Since the advent of object-oriented programming languages around the
time of Smalltalk in the 1970s, inheritance has been a mainstay of the
object-oriented vision. It is therefore a little surprising that both
"Go" and "Rust" — two relatively new
languages which support
object-oriented programming — manage to avoid mentioning it.
In this subscriber-only article, Neil Brown looks at how this classic
object-oriented concept has evolved in two recent languages.
Full Story (comments: 31)
Security advisories for Wednesday
[Security] Posted May 1, 2013 17:04 UTC (Wed) by ris
Fedora has updated pdns-recursor (F18; F17:
ghost domain name resolving flaw).
Comments (none posted)
Mozilla: Protecting our brand from a global spyware provider
[Security] Posted May 1, 2013 13:50 UTC (Wed) by corbet
The Mozilla blog reports
that Mozilla is using its trademarks to back up a cease-and-desist letter to
Gamma International, the maker of the infamous FinFisher surveillance
system. "We cannot abide a software company using our name to
disguise online surveillance tools that can be – and in several cases
actually have been – used by Gamma’s customers to violate citizens’ human
rights and online privacy."
Comments (1 posted)
LFCS: The value of FOSS fiscal sponsorship
[Front] Posted Apr 30, 2013 19:21 UTC (Tue) by jake
As open source becomes more popular and mature, questions of
formalizing the governance and corporate structures of projects are
becoming of increasing importance, as can been seen by the rising
visibility of various
FOSS foundations. At the Linux Foundation Collaboration Summit in San
Francisco, Tony Sebro shared his insights about the value that fiscal
sponsors bring as umbrella organizations for FOSS projects. Sebro is the General Counsel of Software Freedom Conservancy, which is
the home
of about 30 free and
open source projects, including Samba, Git, and BusyBox.
Click below (subscribers only) for the full report by Martin Michlmayr.
Full Story (comments: 8)
Open Build Service version 2.4 released
[Development] Posted Apr 30, 2013 19:03 UTC (Tue) by ris
Open Build Service (OBS) 2.4 has been released. "With OBS 2.4 it is now possible to build packages in the PKGBUILD format used for instance by the popular Arch Linux distribution. This is the third package format, after RPM and DEB, supported by the OBS which makes it feasible to build and ship software for all the major Linux distributions that use a binary package format. Another popular demand for build servers these days is the support for signing individual files (bootloader, driver etc.) inside packages with a cryptographic key to support standards like UEFI secure boot. In version 2.4 the OBS sign daemon has been extend to handle this security feature. And with the rise of App-Stores as means to distribute software to end users this OBS release brings support for the cross-distribution application metadata standard AppStream."
Comments (10 posted)
Security updates for Tuesday
[Security] Posted Apr 30, 2013 16:45 UTC (Tue) by ris
Debian has updated strongswan
(authentication bypass).
Fedora has updated mediawiki (F18; F17:
multiple vulnerabilities) and qemu (host
file disclosure).
Mandriva has updated apache-mod_security (file disclosure, denial
of service), krb5 (ES 5.0;
BS 1.0: denial of service), and clamav (multiple vulnerabilities).
openSUSE has updated curl (cookie
information disclosure) and libxml2 (use
after free).
Comments (none posted)
Wayland development plans posted
[Development] Posted Apr 30, 2013 15:05 UTC (Tue) by corbet
Wayland developer Kristian Høgsberg has sent out a message detailing his
plans for Wayland 1.2 and beyond. "What I'd like to do is to release a new major version
every quarter. So we'll be aiming for 1.2 end of June, 1.3 end of
September and so on. The motivation for this is that we have a lot of
new features and new protocol in the works and a time-based release
schedule is a good way to flush out those features. Instead of
dragging out a release while waiting for a feature to become ready, we
release on a regular schedule to make sure the features that did land
get released on time." See the full text for details on the desired
features for the 1.2 release.
Full Story (comments: 1)
Three Outreach Program for Women kernel internships available
[Kernel] Posted Apr 29, 2013 19:15 UTC (Mon) by corbet
The Linux Foundation has announced
that it will be supporting three kernel internships for the upcoming
Outreach Program for Women cycle. "The official deadline for
applying to OPW is May 1st. However, the kernel project joined late, so
that deadline is flexible. Please fill out your initial application, and
then update by May 17th with your initial patch." Acceptance in the
program brings a $5000 stipend plus $500 in travel funding.
Comments (1 posted)
Security advisories for Monday
[Security] Posted Apr 29, 2013 17:57 UTC (Mon) by ris
Fedora has updated haproxy (F18; F17: code
execution), php-twig-Twig (F18; F17: file disclosure), and kernel (F18: multiple vulnerabilities).
Mandriva has updated util-linux
(information disclosure) and fuse (denial
of service).
Comments (none posted)
Output redirection vulnerabilities in recent kernels
[Kernel] Posted Apr 29, 2013 14:55 UTC (Mon) by corbet
Andy Lutomirski has posted a description of a set of security
vulnerabilities fixed in recent stable updates. One is a fairly severe
user namespace vulnerability that appeared in the 3.8 kernel; another dates
back to 2.6.36. Exploit code is included.
Full Story (comments: 12)
The 3.9 kernel is out
[Kernel] Posted Apr 29, 2013 3:08 UTC (Mon) by corbet
Linus has announced the release of the 3.9
kernel. "Anyway. Whatever the reason, this week has been very quiet, which
makes me much more comfortable doing the final 3.9 release, so I guess
the last -rc8 ended up working. Because not only aren't there very
many commits here, even the ones that made it really are tiny and not
pretty obscure and not very interesting."
Headline features in 3.9 include KVM virtualization on the ARM
architecture, the near-completion of user
namespace support, PowerClamp support,
the dm-cache device mapper target, RAID5/6
support in the Btrfs filesystem, and more. The KernelNewbies 3.9 page will
have details eventually, but is very much a work in progress as of this
writing.
Comments (9 posted)
GDB 7.6 released
[Development] Posted Apr 28, 2013 18:58 UTC (Sun) by corbet
Version 7.6 of the GDB debugger is out. New features include 64-bit ARM
support, an update of the C++ ABI to the GNU v3 version (" This has
been the default for GCC since November 2000"), some Python
scripting improvements, a number of new options, and more.
Full Story (comments: none)
New stable kernels
[Kernel] Posted Apr 26, 2013 16:54 UTC (Fri) by n8willis
A fresh batch of new stable kernels is now available. Greg
Kroah-Hartman has released 3.8.9, 3.4.42, and 3.0.75, while Ben Hutchings has released
3.2.44. Each release includes the usual
battery of important fixes and updates.
UPDATE: Greg Kroah-Hartman has subsequently released 3.8.10, which fixes a build error in 3.8.9 when compiling with user namespaces enabled.
Comments (1 posted)
Friday's security updates
[Security] Posted Apr 26, 2013 15:06 UTC (Fri) by n8willis
CentOS has updated mysql (C6;
multiple vulnerabilities).
Fedora has updated qemu (F18;
host file disclosure).
Mandriva has updated curl
(session hijacking) and subversion (ES5, BS1;
multiple vulnerabilities).
openSUSE has updated icedtea-web (multiple vulnerabilities).
Oracle has updated mysql
(multiple vulnerabilities).
Red Hat has updated mysql
(multiple vulnerabilities).
Scientific Linux has updated mysql (SL6; multiple vulnerabilities).
Ubuntu has updated mysql (multiple vulnerabilities).
Comments (none posted)