Népszerű fórum témák
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 2 hét 4 nap
The Free Software Foundation and the GNU Project are asking for nominations for the 19th annual Free Software Awards. The Award for the Advancement of Free Software will be presented to "an individual who has made a great contribution to the progress and development of free software, through activities that accord with the spirit of free software" and the Award for Projects of Social Benefit will be presented to "the project or team responsible for applying free software, or the ideas of the free software movement, in a project that intentionally and significantly benefits society in other aspects of life." The deadline for nominations is November 6.
Debian has updated icedove (multiple vulnerabilities).
Fedora has updated c-ares (F23: code execution), irssi (F24; F23: three vulnerabilities), mujs (F24; F23: two vulnerabilities), nodejs (F24: improper validation), python-django (F24; F23: cross-site request forgery), and zathura-pdf-mupdf (F24; F23: two vulnerabilities).
Ubuntu has updated kernel (16.04; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.04: multiple vulnerabilities), and linux-snapdragon (16.04: multiple vulnerabilities).
FreeBSD 11.0 has been released. This version features new architecture support, performance improvements, toolchain enhancements, and support for contemporary wireless chipsets. See the release notes for more information.
Fortune covers a ruling [PDF] by the U.S. Court of Appeals for the Federal Circuit that invalidates three patents asserted against anti-virus companies Symantec and Trend Micro. "The most important part of the decision, which has created a stir among the patent bar, is a concurrence by Circuit Judge Haldane Mayer. In striking down a key claim from U.S. Patent 5987610, which claims a monopoly on using anti-virus tools within a phone network, Mayer says it is time to acknowledge that a famous Supreme Court 2014 decision known as “Alice” basically ended software patents altogether."
Debian has updated php5 (multiple vulnerabilities).
Debian-LTS has updated mat (information leak).
Fedora has updated libdwarf (F24: two vulnerabilities), libXfixes (F24: integer overflow), libXi (F24: insufficient validation), libXrandr (F24: insufficient validation), libXrender (F24: insufficient validation), libXtst (F24: insufficient validation), libXv (F24: insufficient validation), libXvMC (F24: insufficient validation), mingw-c-ares (F24; F23: code execution), mingw-openjpeg2 (F24; F23: denial of service), openjpeg2 (F23: denial of service), php-ZendFramework (F24; F23: SQL injection), and python-pillow (F24: memory disclosure).
Mageia has updated graphicsmagick (multiple vulnerabilities).
The Debian project can be accused of many things, but jumping too quickly on leading-edge technology is not one of them. That can be seen in, among other things, the fact that there is still not a version of the distribution that supports the UEFI secure boot mechanism. But, as Ben Hutchings explained during his 2016 Kernel Recipes talk, such support is in the works, and it will be implemented in a uniquely Debian-like manner.
Version 7.12 of the GDB debugger is out. The biggest changes this time around appear to be support for the Andes NDS32 architecture and the ability to debug programs written in the Rust language.
The Free Software Foundation's Defective By Design campaign reports that Tim Berners-Lee decided not to exercise his power to extend the development timeline for the Encrypted Media Extensions (EME) Web technology standard. "Berners-Lee made his surprising decision on Tuesday, as explained in an email announcement by W3C representative Philippe Le Hégaret. Instead of granting a time extension — as he has already done once — Berners-Lee delegated the decision to the W3C's general decision-making body, the Advisory Committee. The Advisory Committee includes diverse entities from universities to companies to nonprofits, and it is divided as to whether EME should be part of Web standards. It is entirely possible that the Advisory Committee will reject the time extension and terminate EME development, marking an important victory for the free Web."
Greg Kroah-Hartman has released stable kernels 4.8.1, 4.7.7, and 4.4.24. All contain important fixes.
Fedora has updated mongodb (F24: information leak).
Mageia has updated thunderbird (code execution).
SUSE has updated compat-openssl098 (SLE12-SP1: multiple vulnerabilities), nodejs4 (SLEM12: multiple vulnerabilities), openssl1 (SLES11-SECURITY: multiple vulnerabilities), and xen (SLE12-SP1: multiple vulnerabilities).
Ubuntu has updated oxide-qt (16.04, 14.04: multiple vulnerabilities).
Rich Salz and Tim Hudson started off their LinuxCon Europe 2016 talk by stating that April 3, 2014 shall forever be known as the "re-key the Internet date." That, of course, was the day that the Heartbleed vulnerability in the OpenSSL library was disclosed. A lot has happened with OpenSSL since that day, to the point that, Salz said, this should be the last talk he gives that ever mentions that particular vulnerability. In the last two years, the project has recovered from Heartbleed and is now more vital than ever before.
On the GTK+ Development Blog, Emmanuele Bassi looks at some statistics on the development of GTK+ 3.22 and GLib contributions during the same cycle (that resulted in GLib 2.50.0). He looks at which developers contributed the most change sets and changed lines of code, as well as how many change sets and hackers there are for each component by company affiliation. "During the 3.22 development cycle, GLib saw a total of 14119 lines added, 2031 removed, for a net gain of 12088 lines [...] GTK+, instead, saw a total of 46581 lines added, 19163 removed, for a net gain of 27418 lines". Those numbers do not include the translation work that was done for 3.22.
Fedora has updated c-ares (F24: code execution).
Scientific Linux has updated kernel (SL6: two vulnerabilities).
Ubuntu has updated ntp (16.04, 14.04, 12.04: multiple vulnerabilities, many from 2015).
The LWN.net Weekly Edition for October 6, 2016 is available.
There's a new release of FontForge available. "This release introduces a new icon set, new functionality for custom icon selection graphics, support for GlyphOrderAndAliasDB files, and support for Unicode 9.0."
CentOS has updated kernel (C6: two vulnerabilities).
Debian-LTS has updated libav (multiple vulnerabilities).
openSUSE has updated flex, at, libbonobo, netpbm, openslp, sgmltool, virtuoso (Leap42.1: buffer overflow), mariadb (Leap42.1: SQL injection/privilege escalation), and php5 (Leap42.1: multiple vulnerabilities).
Oracle has updated kernel (OL6: three vulnerabilities).
Scientific Linux has updated thunderbird (SL5,6,7: multiple vulnerabilities).
Ubuntu has updated php5, php7.0 (multiple vulnerabilities).
The Mozilla Open Source Support (MOSS) program has awarded $300,000 to four projects this quarter. "On the Foundational Technology track, we awarded $100,000 to Redash, a tool for building visualizations of data for better decision-making within organizations, and $50,000 to Review Board, software for doing web-based source code review. Both of these pieces of software are in heavy use at Mozilla. We also awarded $100,000 to Kea, the successor to the venerable ISC DHCP codebase, which deals with allocation of IP addresses on a network. Mozilla uses ISC DHCP, which makes funding its replacement a natural move even though we haven’t deployed it yet. On the Mission Partners track, we awarded $56,000 to Speech Rule Engine, a code library which converts mathematical markup into vocalised form (speech) for the sight-impaired, allowing them to fully appreciate mathematical and scientific content on the web." (Thanks to Paul Wise)
KDE has released Plasma 5.8. "This marks the point where the developers and designers are happy to recommend Plasma for the widest possible audience be they enterprise or non-techy home users. If you tried a KDE desktop previously and have moved away, now is the time to re-assess, Plasma is simple by default, powerful when needed." Plasma 5.8 is KDE's first Long Term Support release. The changelog has the details.
The Mageia project remembers Thomas Spuhler who died in September. "Thomas had been contributing to Mageia, and Mandriva before that, since 2009 as a packager, and much earlier already partaking in email discussions and bug reports. His packaging interests were mostly web and server-related components, for which his contributions were invaluable. He had to step back from his Mageia responsibilities in early August due to his health condition."
Debian has updated libdbd-mysql-perl (denial of service).
Mageia has updated bind (denial of service), chromium-browser-stable (multiple vulnerabilities), freerdp (denial of service), libcryptopp (information disclosure), and python-django (cross-site request forgery).
Red Hat has updated thunderbird (RHEL5,6,7: code execution).
HUP napi hírlevél