Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 5 perc 51 másodperc
The 3.14-rc1 prepatch is out, and the merge window is closed for this development cycle. Everybody hoping for a π-oriented codename for this release will be disappointed: "I realize that as a number, 3.14 looks familiar to people, and I had naming requests related to that. But that's simply not how the nonsense kernel names work. You can console yourself with the fact that the name doesn't actually show up anywhere, and nobody really cares. So any pi-related name you make up will be *quite* as relevant as the one in the main Makefile, so don't get depressed." Instead, this kernel is named "Shuffling zombie juror."
Version 4 of the Mageia distribution is out. "There is a wide choice of desktop environments and languages, along with a variety of new and updated packages." See the release notes for details.
Stephen Kelly has written a blog post describing his recent experience documenting type-erased container features in Qt5—a project he undertook to serve as a defensive patent publication. Defensive publications serve as documentation of prior art in the event that someone attempts to patent the ideas described, but many corners of the community are still getting the hang of the process involved. Kelly's effort required iterations to "extend the description of the method, make the description less-specific to C++ and particular operations on containers, add a diagram, and show how the prose of the description relates to the reference implementation," among other changes. "We are learning more about creating such publications in the process of doing them, and the results will grow better with time," he says. "A rule of thumb is that if an implementation of a method in Qt is worth blogging about or talking about at a conference, it is probably worth of a defensive patent publication."
Debian has updated curl (information disclosure).
Ubuntu has updated kernel (13.10: privilege escalation), libotr (12.04: information disclosure), libvirt (12.04, 12.10, 13.10: multiple vulnerabilities), linux-lts-raring (privilege escalation), linux-lts-saucy (privilege escalation), and qemu, qemu-kvm (12.04, 12.10, 13.10: multiple vulnerabilities).
After some confusing communications (example) the folks at SUSE have come clean on a change for the openSUSE distribution: paid SUSE staff will no longer work on creating openSUSE releases. It is claimed that the amount of work going into openSUSE is not decreasing, it is just being put into other areas. Meanwhile, the community is trying to figure out how to "release without full time paid worker bees". The current plan seems to be to put out 13.2 in November, with SUSE still providing security support thereafter.
Update: see also this note from Greg Freemyer. "The openSUSE team @ suse therefore has decided to take a 8-month period to push away from day-to-day issues and instead focus on the improvements needed in [the Open Build Service] and openQA to handle the requirements caused by the success of OBS."
The "feature-focused" OpenSSH 6.5 release is available. Changes include new ciphers and key types, a new private key format, and more. "Add support for key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange method is the default when both the client and server support it."
Gentoo has updated bind (multiple vulnerabilities).
Oracle has updated kernel (O5: denial of service).
Red Hat has updated kernel (RHEL5: denial of service).
Scientific Linux has updated kernel (SL5: denial of service).
The LibreOffice 4.2 release is out. "LibreOffice 4.2 features a large number of performance and interoperability improvements targeted to users of all kinds, but particularly appealing for power and enterprise users. In addition, it is better integrated with Microsoft Windows." See this article from last October for more information on what the LibreOffice project has been working on.
The LWN.net Weekly Edition for January 30, 2014 is available.
The 2014 Linux Plumbers conference will be held October 15 to 17 in Düsseldorf, Germany; the call for presentations in the refereed track has just gone out. "Refereed track presentations are similar to traditional presentations, but preferably involve significant face-to-face discussion and debate. These presentations should focus on some specific issue in the "plumbing" in the Linux system, where example Linux-plumbing components include core kernel subsystems, core libraries, windowing systems, management tools, device support, media creation/playback, and so on."
GCC, the GNU Compiler Collection, is a cornerstone of the GNU project and the larger free-software community that has grown up around it. Recently a debate sprang up on the GCC mailing list over the question of whether GCC ought to deliberately adopt a development approach more like that of rival compiler LLVM. Precisely which aspects of LLVM's approach were desirable for adoption depends on who one asked, but the main argument was that LLVM seems to be attracting more users. The GCC project, however, contends that LLVM's perceived popularity is due largely to its accommodation of proprietary extensions—which is something that GCC supporters consider decidedly contrary to their core objectives.
CentOS has updated libvirt (C6: denial of service).
Gentoo has updated digest-base (code execution from 2011).
Oracle has updated libvirt (OL6: denial of service).
Scientific Linux has updated libvirt (SL6: denial of service).
SUSE has updated puppet (ruby file execution).
Since the beginning of time—Python time anyway—there has been no checking of SSL/TLS certificates in Python's standard library; neither the urllib nor the urllib2 library performs this checking. As a result, when a Python client connects to a site using HTTPS, any certificate can be offered by the server and the connection will be established. That is probably not what most Python programmers expect, but the documentation does warn those who read it. There are alternatives, of course, but not in the standard library—until now. Python 3.4 makes things a lot better but still does no verification by default, which is a major concern to some Python developers.
Click below (subscribers only) for the full article.
The 3.13.1 and 3.4.78 stable kernel updates have been released. As usual, each contains a big set of important fixes.
The vote called for by Debian technical committee chair Bdale Garbee has reached its conclusion: the winning option is "further discussion required." The vote was torpedoed by the lack of language saying that the result could be overridden by a simple majority vote by the community on a general resolution. Committee members are working on a new vote now that will have such language, but which will still lack much of the detailed language found in early draft ballots. Stay tuned.
Fedora has updated mingw-openssl (F20: multiple vulnerabilities).
openSUSE has updated ack (13.1: code execution), hplip (11.4: file overwrites), pixman (11.4: denial of service), tor (13.1, 12.3: poor random number generation), and clamav (11.4: multiple vulnerabilities).
Red Hat has updated java-1.6.0-openjdk (RHEL5&6: multiple vulnerabilities).
Scientific Linux has updated java-1.6.0-openjdk (SL5&6: multiple vulnerabilities).
Ubuntu has updated munin (13.10, 12.10, 12.04 LTS: denial of service).
Mel Gorman, chair of the 2014 Linux Storage, Filesystem, and Memory Management Summit notes that the CFP deadline is approaching and that the event is shaping up nicely. "I am pleased to note that there are a number of new people sending in attend and topic mails. The long-term health of the community depends on new people getting involved and breaking through any perceived barrier to entry. At least, it has been the case for some time that there is more work to do in the memory manager than there are people available to do it. It helps to know that there are new people on the way." Anybody wanting to attend who has not yet sent in a proposal should not delay much further.
Gentoo has updated cedet (privilege escalation from 2012), exim (multiple vulnerabilities, some from 2010), oracle-jdk-bin (multiple vulnerabilities from 2011 to 2014), texmacs (privilege escalation from 2010), tomboy (code execution from 2010), and vips (privilege escalation from 2010).
Mageia has updated flash-player-plugin (multiple vulnerabilities), graphviz (multiple vulnerabilities), lightdm-gtk-greeter (denial of service), perl-Proc-Daemon (writes pidfile with mode 666), and python-jinja2 (code execution).
SUSE has updated oracle-update (multiple unspecified vulnerabilities).
Debian Technical Committee chair Bdale Garbee has put out a call for votes on a ballot intended to move the discussion on init systems forward. Rather than vote on the ballot that had been under discussion, though, he is asking a simpler question that, he hopes, will yield a useful answer. "I propose we take the simplest possible 'next step'. Let's vote just on the question of what the default init system for Linux architectures should be in jessie. Once we have an answer to this question, it seems to me that we would be 'over the hump' and more likely to be able to re-focus our attention on all the secondary questions, like what our transition plan should be, whether we should try to dictate a default for non-Linux architectures, how and to what extent alternate init systems should be supported, and so forth. Most importantly, we could start *collaborating* again... which is something I fervently wish for!"
IT Services Hungary
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
Nyúltál-e már bele nem általatok fejlesztett open source szoftverbe az elmúlt 2 évben?
Nem, mert soha nem kellett / megkerültem a problémát / nem érdekel / nem értek hozzá
Nem, mert féltem attól hogy elrontom a security upgrade-et
Igen, és visszaküldtem a patchet, be is vették
Igen, és azóta kénytelen vagyok minden release esetén újrapatchelni
Igen, és azóta nem frissítettem
Összes szavazat: 49