|
|
LWN.net
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
CodePlex.com donates $25,000 to Mercurial project
Microsoft's CodePlex foundation has announced
the donation of $25,000 to support the development of the Mercurial source
code management system. "While Team Foundation Server is still the
most used version control system on CodePlex, our users are clearly
benefiting from having access to Mercurial for their open source
projects. The CodePlex team is happy to be able to offer our community of
more than 17,000 projects a choice. With Mercurial as an important feature
of CodePlex, we are excited to be making this donation to help support the
Mercurial project."
|
Thunderbird 3.1.3 and 3.0.7 security updates now available
Mozilla has released Thunderbird 3.1.3 and Thunderbird 3.0.7 with security
and stability updates. See the release notes for details (3.1.3
and 3.0.7).
|
[$] Looking at Fedora 14 and Ubuntu 10.10
Watching Ubuntu and Fedora development is something like watching episodes
of Iron Chef: Given roughly the same ingredients and the same
amount of time, the two projects produce vastly different dishes. The
Fedora 14 and Ubuntu 10.10 release cycle is particularly pronounced in this
regard, with Ubuntu's focus largely on refining improvements from 10.04 and
Fedora introducing major changes to the infrastructure. Subscribers can
click below for the full story from this week's Distributions page.
|
Security advisories for Tuesday
Debian has updated quagga (denial of
service).
Gentoo has updated maildrop
(privilege escalation) and sudo (privilege
escalation).
openSUSE has updated xorg-x11-server
(privilege escalation).
Red Hat has updated sudo (privilege
escalation), kernel (RHEL 4, RHEL 4.7: privilege escalation),
and rpm (RHEL 4, RHEL 5: privilege escalation).
Ubuntu has updated sudo (privilege
escalation).
|
[$] LC Brazil: Consumers, experts, or admins?
Your editor had the good fortune to be able to attend the first LinuxCon
Brazil event, held in São Paulo. There were a number of interesting
talks to be seen, presented by speakers from Brazil and far beyond. This
article will cover three in particular (by Jane Silber, Vinod Kutty, and
Jon 'Maddog' Hall) which were interesting as a result
of the very different views they gave on how Linux users work with their
systems.
|
Cairo 1.10.0 available
The 1.10.0 release of the Cairo graphics library has finally been released.
"One of the more interesting departures for cairo for this release is
the inclusion of a tracing utility, cairo-trace. cairo-trace generates a
human-readable, replayable, compact representation of the sequences of
drawing commands made by an application. This can be used to inspecting
applications to understand issues and as a means for profiling real-world
usage of cairo." The profiling feature has evidently been used to
improve performance in a number of areas. There is also improved printing
support, better 16-bit buffer support, and better use of hardware
acceleration.
|
Graesslin: Driver dilemma in KDE workspaces 4.5
Martin Graesslin looks
at problems with the interaction between KWin and some graphics drivers.
"Now that I have explained all our checks we did to ensure a smooth
user experience, I want to explain how it could happen that there are
regressions in 4.5. In 4.5 we introduced two new features which require
OpenGL Shaders: the blur effect and the lanczos filter. Both are not hard
requirements. Blur effect can easily be turned off by disabling the effect
and the lanczos filter is controlled by the general effect level settings
which is also used for Plasma and Oxygen animations. Both new features
check for the required extensions and get only activated iff the driver
claims support for it. So everything should be fine, shouldn't it?
Apparently not when it comes to the free graphics drivers (please note and
remember: we do not see such problems with the proprietary NVIDIA
driver!)." (Thanks to Jos Poortvliet)
|
Monday's security updates
Debian has updated smbind (sql
injection).
Fedora has updated pam_mount (F13, F12:
arbitrary code execution), libhx (F13, F12:
arbitrary code execution), F13: python
(multiple vulnerabilities), and F12:
sblim-sfcb (arbitrary code execution).
Mandriva has updated lvm2 (privilege
escalation).
Pardus has updated phpmyadmin
(cross-site scripting) and mysql (multiple
vulnerabilities).
|
Systemd Test Day on Tuesday 2010/09/07
Fedora will be holding
a Systemd test day on September 7, 2010. "This
week's Test Day, which will take place on Tuesday 2010/09/07 rather than the more usual Thursday, is on systemd, so it's a very important one! It will also serve at least two functions: as usual, the testing will help us to improve the code so that if it does go into the final Fedora 14 release it will work as well as possible, but the Fedora steering committee will also be using the results of the Test Day to help inform their final decision as to whether to go ahead with systemd for the Beta and final release, or whether to revert to upstart. So there's a lot riding on this Test Day."
|
GDB 7.2 released
Version 7.2 of the GDB debugger is out. New features include support for
the D language, some C++ improvements, better Python support, better
tracepoint support, and more; see the announcement for the details.
|
MWR Labs: Assessing the Tux Strength
The MWR Labs group at MWR Info Security is running a series of articles
comparing Linux distributions from a security point of view. Part
1: user space memory protection looks at protection against memory
corruption attacks, while
Part 2 - into the kernel examines kernel security settings. "The
notable exceptions in the results are Fedora and Ubuntu. Both distributions
do not allow the ability to write code to a certain memory region and then
execute it. This can be observed from the results of the first five
tests. Fedora goes one step further and also prevents the bss, data and
heap sections from being marked as executable using the 'mprotect' system
call. It should be noted that there would still be numerous other memory
regions where an attacker could upload their code and then use the
'mprotect' function to mark it as executable."
|
Stable kernel 2.4.37.10
The 2.4 kernel lives - for a little while longer, at least. Willy Tarreau
has just released the 2.4.37.10 update,
with a small set of important fixes. This might just be the last update in
this series, unless some sort of important fix comes in. "If nothing
happens before September 2011, it's possible that there won't be any
2.4.37.11 at all. By that time, the 2.6 kernel will have been available for
almost 8 years, this should have been enough for anyone to have a look at
it. Users now have one year to migrate or to report critical bugs. I think
that's an honest deal." See the announcement for the full
description of his planned policy.
|
GNU/Linux powers state-of-the-art hearing aid research
64 Studio Ltd. has created a Linux distribution for HörTech gGmbH to
aid in research on hearing impairment and augmentation technology.
"64 Studio was commissioned by HörTech to create a GNU/Linux
real-time audio distribution, code-named Mahalia, optimized for the Lenovo
Thinkpad X200 notebook. Giso Grimm of the Carl von Ossietzky-Universität
Oldenburg explained: "We prefer to use ready-to-use Linux audio
distributions over patching the kernel ourselves, since our expertise is in
signal processing, not kernel development. When we were faced with the fact
that our then favourite audio distribution failed to deliver stable
real-time kernels for several releases, we asked 64 Studio to tailor us a
customized distribution with a working real-time kernel that matched our
specific needs and ran stable on the selected hardware.""
|
Ubuntu 10.10 Beta (Maverick Meerkat) Released
Ubuntu 10.10 (Maverick Meerkat) beta is available for testing. The Ubuntu
10.10 family of Kubuntu, Xubuntu, Edubuntu, Ubuntu Studio, and Mythbuntu,
have also reached beta status. Maverick Meerkat is scheduled for a final
release on October 10, 2010.
|
Security advisories for Friday
Debian has updated barnowl (denial
of service).
Fedora has updated rekonq (F13, F12:
cross-site scripting), sssd (F13, F12: authentication bypass), wireshark
(F13, F12:
multiple vulnerabilities), and F12: kernel
(privilege escalation).
Gentoo has updated wxgtk (arbitrary
code execution).
Mandriva has updated wget (code
execution).
Pardus has updated openssl (denial
of service) and flashplugin (multiple
vulnerabilities).
Red Hat has updated kernel
(privilege escalation).
SUSE has updated kernel (multiple
vulnerabilities).
|
|
