lwn.net

[$] GNOME development updates from GUADEC

A project as large as GNOME consists of enough constituent parts
that it can be a challenge just to keep up with the latest
developments of the various applications, libraries, and
infrastructure efforts. GUADEC 2014 in Strasbourg provided a number
of opportunities to get up speed on the various moving
pieces. Of course, it is impossible to catch everything at a
multi-track event, but there were still quite a few updates worth mentioning.

Security advisories for Wednesday

CentOS has updated qemu-kvm (C6:
code execution).

Debian has updated cacti (multiple vulnerabilities).

openSUSE has updated gpgme (13.1,
12.3: code execution) and wireshark (13.1: multiple vulnerabilities).

Oracle has updated qemu-kvm (OL6:
multiple vulnerabilities).

Red Hat has updated

[$] The 2014 Kernel Summit

<img
src="http://lwn.net/images/conf/2014/ks/LinusTorvalds-sm.jpg" width=150 height=188
alt="[Linus Torvalds]" title="Linus Torvalds" hspace=3 vspace=3
align="right">

The 2014 Kernel Summit was held on August 18-20 in Chicago, IL, USA.
Reports from the first day's session are now available to LWN subscribers.
Topics covered range from I/O memory management units to the stable and
linux-next trees, to performance regressions and code review. Click below
(subscribers only) for access to the full set of articles.
<br clear="all">

Linux Kernel Git Repositories Add 2-Factor Authentication (Linux.com)

Linux.com takes
a look
at using 2-factor authentication for commit access to kernel
git repositories. "Having the technology available is one thing, but how to incorporate it into the kernel development process -- in a way that doesn't make developers' lives painful and unbearable? When we asked them, it became abundantly clear that nobody wanted to type in 6-digit codes every time they needed to do a git remote operation.

Security advisories for Tuesday

CentOS has updated nss-util (C7:
incorrect wildcard certificate handling), nss-softokn (C7: incorrect wildcard
certificate handling), and nss (C7: incorrect wildcard certificate handling).

Fedora has updated kernel (F19:
multiple vulnerabilities) and samba (F19: remote code execution/privilege escalation).

Oracle has updated

Coghlan: Why Python 4.0 won't be like Python 3.0

Python core developer Nick Coghlan seeks
to dispel worries
that an eventual Python 4.0 release will be as
disruptive as 3.0 was. "Why mention this point? Because this switch
to 'Unicode by default' is the most disruptive of the backwards
incompatible changes in Python 3 and unlike the others (which were more
language specific), it is one small part of a much larger industry wide
change in how text data is represented and manipulated.

An md/raid6 data corruption bug

Neil Brown, the MD maintainer, has sent out an alert for a bug which, in
fairly abnormal conditions, can lead to data loss on an MD-hosted RAID6
array. "There is no risk to an optimal array or a singly-degraded
array. There is also no risk on a doubly-degraded array which is not
recovering a device or is not receiving write requests." RAID6
users will likely want to apply the patch, though, which is likely to show
up in the next stable kernel update from distributors.

The Linux Foundation Technical Advisory Board election

The election for half of the members of the Linux Foundation's Technical
Advisory board will be held 8:00PM, August 20, at the Kernel
Summit/LinuxCon joint reception. As of this writing, there are fewer
candidates than open positions. Anybody interested in serving on the TAB
is encouraged to make their interest known prior to the election time and,
if possible, attend the election.

Monday's security updates

Debian has updated xen
(multiple vulnerabilities).

Fedora has updated 389-ds-base (F20: information
disclosure), iodine (F19; F20: authentication bypass), kernel (F20: multiple vulnerabilities),
krfb (F19; F20: denial of service),

Kernel prepatch 3.17-rc1

Linus has released 3.17-rc1 and closed the
merge window for this release. He had suggested that the merge window
could be extended, but that's not how things turned out. "I'm going
to be on a plane much of tomorrow, and am not really supportive of
last-minute pull requests during the merge window anyway, so I'm closing
the merge window one day early, and 3.17-rc1 is out there now."

Syndicate content