By corbet An anonymous reader has pointed out that Mandriva is
currently being liquidated (page in French). The company brought in
€553,000 in 2013, but that is seemingly not enough to keep it going in
2015. It is a sad end for a company that has been pursuing the desktop
Linux dream since 1998.
By corbet The fifth 4.1 prepatch is out for testing.
“So we’re on schedule for a normal 4.1 release, if it wasn’t for the
fact that the timing looks like the next merge window would hit our yearly
family vacation. So we’ll see how that turns out, I might end up delaying
the release just to avoid that (or just delay opening the merge
By corbet There have been two bugs causing filesystem corruption in the news
recently. One of them, a bug in ext4, has gotten the bulk of the
attention, despite the fact that it is an old bug that is hard to trigger.
The other, however, is recent and able to cause data loss on
filesystems installed on a RAID 0 array. Both are interesting
examples of how things can go wrong, and, thus, merit a closer look.
At his blog, Bastien Nocera announces
the 1.0 release of iio-sensor-proxy,
a framework for accessing the various environmental sensors (e.g.,
accelerometer, magnetometer, proximity, or ambient-light sensors) built
in to recent laptops. The proxy is a daemon that listens to the
Industrial I/O (IIO) subsystem and provides access to the sensor
readings over D-Bus. As of right now, support for ambient-light
sensors and accelerometers is working; other sensor types are in
development. The current API is based on those used by Android and
iOS, but may be expanded in the future. “For future versions,
we’ll want to export the raw accelerometer readings, so that
applications, including games, can make use of them, which might bring
up security issues. SDL, Firefox, WebKit could all do with being
adapted, in the near future.“
Arch Linux has updated chromium (multiple vulnerabilities).
Debian has updated chromium-browser (multiple vulnerabilities), fuse (privilege escalation), and ntfs-3g (privilege escalation).
SUSE has updated KVM (SLES11
SP1: multiple vulnerabilities),
SUSE Manager Server 1.7 (SLE11 SP2: multiple vulnerabilities), and Xen (SLE11 SP3: multiple vulnerabilities).
Ubuntu has updated apport
(two privilege escalation vulnerabilities), fuse (privilege escalation), ntfs-3g (privilege escalation), oxide-qt (14.04, 14.10, 15.04: multiple vulnerabilities), and python-dbusmock (14.04, 14.10, 15.04:
By jake The announcement of Clear Containers (which guest author Arjan van de Ven described in an LWN article from this week) seems to have sparked some interesting work on QEMU that resulted in qboot: “a minimal x86 firmware that runs on QEMU and, together with
a slimmed-down QEMU configuration, boots a virtual machine in 40
milliseconds on an Ivy Bridge Core i7 processor.” Paolo Bonzini announced the project (code is available at git://github.com/bonzini/qboot.git), which is quite new: “The first commit to qboot is more or less 24 hours old, so there is
definitely more work to do, in particular to extract ACPI tables from
QEMU and present them to the guest. This is probably another day of
work or so, and it will enable multiprocessor guests with little or no
impact on the boot times. SMBIOS information is also available from QEMU.”
Debian has updated libmodule-signature-perl (multiple vulnerabilities).
Debian-LTS has updated dnsmasq
Fedora has updated wordpress (F21; F20:
Oracle has updated docker (OL7; OL6: multiple vulnerabilities).
Red Hat has updated java-1.5.0-ibm (RHEL5&6: multiple vulnerabilities, one from 2005)
and java-1.7.1-ibm (RHEL6&7: multiple vulnerabilities, one
SUSE has updated gstreamer-0_10-plugins-bad (SLE11SP3: code
execution) and xen (SLE12: multiple vulnerabilities).
By corbet The LWN.net Weekly Edition for May 21, 2015 is available.
Debian has updated icedove
(multiple vulnerabilities), proftpd-dfsg
(unauthenticated copying of files), and zendframework (multiple vulnerabilities).
Fedora has updated dovecot (F21; F20:
denial of service), firefox (F20: multiple
vulnerabilities), libtasn1 (F21: denial of
service), php-ZendFramework2 (F21;
F20: CRLF injection), and thunderbird (F20: multiple vulnerabilities).
Ubuntu has updated kernel (14.10; 14.04;
12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple
vulnerabilities), linux-lts-utopic (14.04:
multiple vulnerabilities), and linux-ti-omap4 (12.04: two vulnerabilities).
By corbet The PostgreSQL development community is working toward the 9.5 release,
currently planned for the third quarter of this year. Development activity
is at peak levels as the planned feature freeze for this release approaches.
While this activity is resulting in the merging of some interesting
functionality, including the long-awaited “upsert” feature,
it is also
revealing some fault lines within the community. The fact that PostgreSQL
lacks the review resources needed to keep up with its natural rate of
change has been understood for years; many other projects suffer from the
same problem. But the pressures on PostgreSQL seem to be becoming more
acute, leading to concerns about fairness in the community and the
durability of the project’s cherished reputation for high-quality software.