Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 12 perc 5 másodperc
The CentOS project has made its reputation by doing one thing very well: repackaging the Red Hat Enterprise Linux (RHEL) distribution into a freely distributable form. For users who are able to do without the support services offered by Red Hat, CentOS has been an invaluable resource. It is perhaps not surprising that CentOS users worry about the future of this distribution; they are getting a lot for free and many of them know that such situations are not always sustainable. For CentOS, keeping its user base depends on maintaining a certain level of trust so that users know it will continue to be available, stable, and free. The discussion around a proposal on version numbers shows just how easy that trust could be to lose.
Linux.conf.au 2015 will be held January 12-16 in Auckland, New Zealand. The call for papers has just gone out; submissions will be accepted through July 13.
Firefox 30 is available. This version enables faster access to social, bookmark, and history sidebars, support for GStreamer 1.0, and an array of enhancements and bug fixes. More details can be found in the release notes.
Debian has updated dovecot (denial of service).
Fedora has updated check-mk (F20; F19: file disclosure), cifs-utils (F19: code execution), cups-filters (F19: command execution), gnutls (F19: code execution), libgadu (F19: code execution), libpng (F19: denial of service), libtasn1 (F19: multiple vulnerabilities), libtiff (F19: code execution), mediawiki (F20; F19: don't parse usernames as wikitext), mingw-curl (F20; F19: multiple vulnerabilities), mingw-freetype (F20; F19: two vulnerabilities), mingw-gnutls (F20; F19: code execution), mingw-icu (F20; F19: denial of service), mingw-libgcrypt (F19: information leak), mingw-libjpeg-turbo (F20; F19: information leak), mingw-libpng (F19: multiple vulnerabilities), mingw-libtiff (F20; F19: multiple vulnerabilities), mingw-pixman (F20; F19: denial of service), mingw-readline (F20; F19: insecure temporary files), openssh (F19: two vulnerabilities), qemu (F20: multiple vulnerabilities), and qt3 (F20; F19: denial of service).
Gentoo has updated adobe-flash (multiple vulnerabilities).
Mandriva has updated curl (multiple vulnerabilities), file (denial of service), gnutls (BS 1.0; ES 5.0: code execution), libcap-ng (privilege escalation), libtasn1 (multiple vulnerabilities), openssl (ES 5.0; BS 1.0: multiple vulnerabilities), otrs (cross-site scripting), php (denial of service), python-django (ES 5.0; BS 1.0: multiple vulnerabilities), and squid (denial of service).
Slackware has updated php (multiple vulnerabilities).
Red Hat has sent out a suitably buzzword-laden press release announcing the availability of Red Hat Enterprise Linux 7. "Bare metal servers, virtual machines, Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) are converging to form a robust, powerful datacenter environment to meet constantly changing business needs. Answering the heterogeneous realities of modern enterprise IT, Red Hat Enterprise Linux 7 offers a cohesive, unified foundation that enables customers to balance modern demands while reaping the benefits of computing innovation, like Linux Containers and big data, across physical systems, virtual machines and the cloud – the open hybrid cloud."
Bradley Kuhn tells free software projects that they need not worry about contributor license agreements. "Thus, I encourage those considering a CLA to look past the 'nice assurances we'd like to have — all things being equal' and focus on the 'what legal assurances our FLOSS project actually needs to assure its thrives'. I've spent years doing that analysis; I've concluded quite simply: in this regard, all a project and its legal home actually need is a clear statement and/or assent from the contributor that they offer the contribution under the project's known FLOSS license."
The GNOME Foundation is governed by a seven-member board of directors who are elected annually. The just-completed vote had eleven people vying for those seats. Unless there is a challenge to the voting process, the new board members are: Sriram Ramkrishna, Ekaterina Gerasimova, Karen Sandler, Andrea Veri, Jeff Fortin, Tobias Mueller, and Marina Zhurakhinskaya. We looked at the question of corporate involvement in GNOME as one of the election issues being discussed in last week's edition.
Version 1.0 of the Docker application containerization system has been announced. It includes a number of new features; it is also the first version that the developers are willing to put forward as being production-ready. "Second, this milestone signifies Docker’s coming into its own as an open platform for distribution apps. In particular, the community’s use of Docker in such a wide variety of use-cases and apps in every phase of the application lifecycle confirms this. So from today you’ll hear us talk about Docker as a platform, its components being Docker Engine, the container runtime and packaging tool, and Docker Hub, a cloud-based service for collaboration, content, and workflow automation."
The CyanogenMod 11.0 M7 release is now available. Changes this time around include an overhaul of the theme chooser, a new calculator app, incorporation of ffmpeg for wider media format support, and more. "To get ahead of the inevitable questions, this release is based on Android 4.4.2. The 4.4.3 source has been merged into CM for nightlies, but given the source code was only made available last week, we chose not to rush the new code into the stable branch."
Debian has updated dpkg (two file modification via path traversal flaws).
Slackware has updated mozilla-firefox (multiple vulnerabilities).
Linus has released the 3.15 kernel after one week of overlapping development with the 3.16 merge window. Headline features in 3.15 include some significant memory management improvements, the renameat2() system call, file-private POSIX locks, a new device mapper target called dm-era, faster resume from suspend, and more.
Linus also noted that, while overlapping the 3.16 merge window with the final 3.15 stabilization worked well enough, he is not necessarily inclined to do it every time. "I also don't think it was such a wonderful experience that I'd want to necessarily do the overlap every time, without a good specific reason for doing so. It was kind of nice being productive during the last week or rc (which is usually quite boring and dead), but I think it might be a distraction when people should be worrying about the stability of the rc."
Greg Kroah-Hartman has released the latest batch of stable kernels: 3.14.6, 3.10.42, and 3.4.92. As usual, each contains fixes all over the tree and users of those kernel series should upgrade.
Libre Graphics World has an interview with Alexandre Gauthier (the developer behind the open-source video compositor Natron) as well as an overview of the most recent release. Gauthier addresses the at times controversial decision to build an interface similar to that of proprietary applications that also support the OpenFX plugin standard: "when you implement an application which will be used by professionals who potentially have a lot of background in the usage of such software, you want to make sure you don't break all their habits, otherwise they won't bother. When you have an entire keyboard layout in mind and you need to switch to another, this is a lot of pain. When you have to spend afternoons just to find how to configure the same plug-in but on another application this can be very frustrating." Among other topics, the interview also delves into the complex history behind Natron and other OpenFX applications.
CentOS has updated openssl (C5: man-in-the-middle attack).
Mageia has updated emacs (M3, M4: multiple vulnerabilities), file (M3, M4: multiple vulnerabilities), libcap-ng (M3, M4: privilege escalation), mediawiki (M3, M4: cross-site scripting), openssl (M3, M4: multiple vulnerabilities), tor (M3, M4: information disclosure), and wordpress (M3, M4: multiple vulnerabilities).
Ubuntu has updated EC2 kernel (10.04: multiple vulnerabilities), kernel (10.04; 13.10; 12.04; 14.04: multiple vulnerabilities), linux-lts-quantal (12.04: privilege escalation), linux-lts-raring (12.04: multiple vulnerabilities), linux-lts-saucy (12.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).
On his blog, GNOME contributor Allan Day writes about a redesign of the GNOME 3 notification mechanisms. It includes a new Message Tray design as well as reworking the lock-screen notifications and the notification banners themselves. "The final goal is one that was at the core of the original design, and which is central to the design of GNOME 3 as a whole: that is, to be noticable and useful without being distracting. Wherever possible with GNOME 3, we have tried to produce a distraction-free experience which helps you concentrate on the task in hand. This requires a fine balancing act, which can be tricky to get right. With the new designs, we want to change that balance slightly, by making notifications a bit more noticable and by providing more effective reminders, but we still want to retain the emphasis on avoiding distraction."
Debian has updated kernel (three vulnerabilities), libav (multiple unspecified vulnerabilities), openssl (multiple vulnerabilities), python-bottle (security mechanism bypass), and python-gnupg (shell command injection).
Mageia has updated chkrootkit (privilege escalation).
Red Hat has updated kernel (RHEL6: three vulnerabilities), openssl (Extended lifecycle support products; RHEL5: man-in-the-middle attack; RHEL6: multiple vulnerabilities including one from 2010), and openssl097a and openssl098e (man-in-the-middle attack).
SUSE has updated gnutls (SLE11SP3: multiple vulnerabilities).
Ubuntu has updated openssl (multiple vulnerabilities).
The OpenSSL project has disclosed another set of vulnerabilities, including one that could enable man-in-the-middle attacks and one that could maybe lead to code execution. Expect updates from distributors soon. For the curious, Masashi Kikuchi, the discoverer of the MITM vulnerability, has posted the story of how it was found.
The LWN.net Weekly Edition for June 5, 2014 is available.
The eighth annual PostgreSQL developer conference, known as PGCon, concluded on May 24th in Ottawa, Canada. This event has stretched into five days of meetings, talks, and discussions for 230 members of the PostgreSQL core community, which consists both of contributors and database administrators. PGCon serves to focus the whole PostgreSQL development community on deciding what's going to be in next year's PostgreSQL release as well as on showing off new features that contributors have developed. This year's conference included meetings of the main PostgreSQL team as well as for the Postgres-XC team, a keynote by Dr. Richard Hipp, and new code to put VODKA in your database.
Subscribers can click below for the full report from guest author Josh Berkus.
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Legfrissebb HUP dokumentumok
Van-e hiteled és / vagy megtakarításod?
Van, hitelem is és megtakarításom is - a megtakarítás a több
Van, hitelem is és megtakarításom is - a hitel a több
Nincs hitelem és van megtakarításom
Van hitelem és nincs megtakarításom
Nincs se hitelem, se megtakarításom
Egyéb / nem nyilatkozom / csak az eredmény érdekel stb.
Összes szavazat: 456