Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 23 perc 11 másodperc
The Document Foundation's project Document Liberation looks at its progress during the past year. "During 2014, members of the project released a new framework library, called librevenge, which contains all the document interfaces and helper types, in order to simplify the dependency chain. In addition, they started a new library for importing Adobe PageMaker documents, libpagemaker, written as part of Google Summer of Code 2014 by Anurag Kanungo. Existing libraries have also been extended with the addition of more formats, like libwps with the addition of Microsoft Works Spreadsheet and Database by Laurent Alonso. He is now working on adding support for Lotus 1-2-3, which is one of the most famous legacy applications for personal computers. Laurent has also added support for more than twenty legacy Mac formats to libmwaw."
Greg KH has released stable kernels 3.19.4, 3.14.38, and 3.10.74. All of them contain the usual set of important fixes.
Arch Linux has updated icecast (denial of service).
CentOS has updated xorg-x11-server (C6: information leak).
Debian has updated chrony (multiple vulnerabilities), das-watchdog (privilege escalation), libdbd-firebird-perl (buffer overflow), libtasn1-3 (denial of service), libx11 (code execution), ntp (two vulnerabilities), and wesnoth-1.10 (information leak).
Fedora has updated arj (F20: multiple vulnerabilities), ca-certificates (F21; F20: certificate update), ImageMagick (F21: multiple vulnerabilities), libxml2 (F20: denial of service), openldap (F21: denial of service), qemu (F21: multiple vulnerabilities), varnish (F21: heap buffer overflow), and xen (F21; F20: multiple vulnerabilities).
Mandriva has updated batik (MBS1,2: information leak).
Red Hat has updated openssl (RHEL5: multiple vulnerabilities).
Scientific Linux has updated openssl (SL5: multiple vulnerabilities).
Jan Hubička has posted a lengthy discussion of the optimization improvements found in the upcoming GCC 5.0 release. "Identical code folding is a new pass (contributed by Martin Liška, SUSE) looking for functions with the same code and variables with the same constructors. If some are found, one copy is removed and replaced one by an alias to another where possible. This is especially important for C++ code bases that tend to contain duplicated functions as a result of template instantiations."
Linus has released the 4.0 kernel right on schedule. "Feature-wise, 4.0 doesn't have all that much special. Much have been made of the new kernel patching infrastructure, but realistically, that not only wasn't the reason for the version number change, we've had much bigger changes in other versions. So this is very much a 'solid code progress' release." Beyond the (incomplete) live-patching mechanism, this release includes the removal of the remap_file_pages() system call, improved persistent memory support, the lazytime mount option, and the kernel address sanitizer.
Aaron Turon has posted a lengthy introduction to concurrency in the Rust programming language. "Every data type knows whether it can safely be sent between or accessed by multiple threads, and Rust enforces this safe usage; there are no data races, even for lock-free data structures. Thread safety isn't just documentation; it's law."
Arch Linux has updated mediawiki (multiple vulnerabilities).
CentOS has updated xorg-x11-server (C7: information leak/denial of service).
Debian has updated dpkg (integrity-verification bypass).
Mageia has updated batik (M4: information leak), chromium-browser-stable (M4: multiple vulnerabilities), jakarta-taglibs-standard (M4: code execution), less (M4: information leak), mediawiki (M4: multiple vulnerabilities), openldap (M4: denial of service), qt-creator (M4: key-verification failure), suricata (M4: denial of service), and xerces-c (M4: denial of service).
Scientific Linux has updated krb5 (SL6: multiple vulnerabilities).
SUSE has updated libXfont (SLE12: multiple vulnerabilities).
Ubuntu has updated dpkg (integrity-verification bypass).
As was discussed in this LWN article, the X.Org Foundation recently held an election to choose four board members and decide whether to change the organization's by-laws to enable it to become a member of Software in the Public Interest (SPI). The results are now available. The board members elected are Peter Hutterer, Martin Peres, Rob Clark, and Daniel Vetter. The measure to change the by-laws did not pass, though, despite receiving only two "no" votes, because the required two-thirds majority was not reached.
The Linux Foundation (LF) has announced that it will serve as host of the Let's Encrypt project, as well as the Internet Security Research Group (ISRG). Let's Encrypt is the free, automated SSL/TLS certificate authority that was announced in November 2014 by the Electronic Frontier Foundation (EFF) to provide TLS certificates for every domain on the web. ISRG is the non-profit organization created to spearhead efforts like Let's Encrypt (which, as of now, is ISRG's only public project). In the LF announcement, executive director Jim Zemlin notes that "by hosting this important encryption project in a neutral forum we can accelerate the work towards a free, automated and easy security certification process that benefits millions of people around the world."
Arch Linux has updated chrony (denial of service).
CentOS has updated krb5 (C6: multiple vulnerabilities).
Fedora has updated drupal7-webform (F20; F21: unspecified vulnerability), firefox (F21: multiple vulnerabilities), powerpc-utils-python (F20; F21: code execution), and xterm (F20; F21: denial of service).
Mandriva has updated java-1.8.0-openjdk (BS2: multiple vulnerabilities).
Red Hat has updated krb5 (RHEL6: multiple vulnerabilities).
Ubuntu has updated kernel (12.04; 14.04; 14.10: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).
The LWN.net Weekly Edition for April 9, 2015 is available.
Arch Linux has updated ntp (two vulnerabilities).
CentOS has updated kernel (C5: multiple vulnerabilities).
Debian has updated libxml2 (denial of service).
openSUSE has updated Chromium (13.2, 13.1: two vulnerabilities), libgit2 (13.2, 13.1: code execution), firefox, thunderbird (13.2, 13.1: multiple vulnerabilities), php5 (13.2, 13.1: multiple vulnerabilities), potrace (13.2, 13.1: denial of service), quassel (13.2, 13.1: denial of service), and subversion (13.2, 13.1: multiple vulnerabilities).
Red Hat has updated kernel (RHEL5: multiple vulnerabilities), novnc (RHEL OSP6.0: VNC session hijacking), openstack-nova (RHEL OSP6.0: cross-site websocket hijack attack), openstack-packstack (RHEL OSP6.0: root command execution), and installer (RHEL OSP6.0: root command execution).
Scientific Linux has updated kernel (C5: multiple vulnerabilities).
SUSE has updated xorg-x11-libs (SLE11 SP3: privilege escalation).
From the OpenStack community comes the sad announcement of the passing of Chris Yeoh, a longtime free-software developer. "Chris was humble, helpful and honest. The OpenStack and broader Open Source communities are poorer for his passing." Those with memories of Chris are encouraged to contribute them to a collection being put together for his daughter.
The freedreno project was started by Rob Clark to create a free-software driver for the Adreno family of GPUs, which are used by the Qualcomm Snapdragon system-on-chip (SoC) family. He presented a status report on the project, along with some history and future plans, at the Embedded Linux Conference, which was held in San Jose, CA, March 23-25.
Click below (subscribers only) for the full report from ELC 2015.
Threat Post takes a look at two TrueCrypt forks, VeraCrypt and CipherShed. Although TrueCrypt development was discontinued last year, the code underwent a two phase audit and passed with a relatively clean bill of health. "VeraCrypt and CipherShed have addressed many of the shortcomings identified not only by the audit, but by others who have scrutinized the TrueCrypt code in recent years. VeraCrypt’s [Mounir] Idrassi, for example, said he replaced TrueCrypt’s lone support of the RIPEMD-160 algorithm with SHA-256 support for system encryption. He said VeraCrypt has also tried to simplify the build process, especially for Linux and Mac OS X systems, so that other less common configurations could be used." The results of the audit of TrueCrypt are available in PDF format; phase 1 was completed in February 2014, and phase 2 was completed March 2015.
Arch Linux has updated tor (denial of service).
Gentoo has updated firefox (multiple vulnerabilities).
Red Hat has updated kernel (RHEL6.5: multiple vulnerabilities).
Linus has released 4.0-rc7 after a delay of a couple of days for the holiday. "But it's still pretty small, and things are on track for 4.0 next weekend. There's a tiny chance that I'll decide to delay 4.0 by a week just because I'm traveling the week after, and I might want to avoid opening the merge window. We'll see how I feel about it next weekend."
Linux Australia has reported a breach on the Conference Management (Zookeepr) hosting server. This server hosted the conference systems for linux.conf.au 2013, 2014 and 2015, and for PyCon Australia 2013 and 2014. "The database dumps which occurred during the breach include information provided during conference registration - First and Last Names, physical and email addresses, and any phone contact details provided, as well as a hashed version of the user password. As Zookeepr uses a third party credit card payment gateway for credit card processing, the database dumps do not contain any credit card or banking details."
Fedora has updated firefox (F20: multiple vulnerabilities), freeipa (F21: two vulnerabilities), glpi (F21; F20: privilege escalation), lasso (F21; F20: denial of service), mingw-libzip (F21; F20: code execution), mingw-qt5-qtbase (F21; F20: denial of service), mingw-qt5-qtdeclarative (F21; F20: denial of service), mingw-qt5-qtgraphicaleffects (F21; F20: denial of service), mingw-qt5-qtimageformats (F21; F20: denial of service), mingw-qt5-qtlocation (F21; F20: denial of service), mingw-qt5-qtmultimedia (F21; F20: denial of service), mingw-qt5-qtquick1 (F21; F20: denial of service), mingw-qt5-qtscript (F21; F20: denial of service), mingw-qt5-qtsensors (F21; F20: denial of service), mingw-qt5-qtsvg (F21; F20: denial of service), mingw-qt5-qttools (F21; F20: denial of service), mingw-qt5-qttranslations (F21; F20: denial of service), mingw-qt5-qtwebkit (F21; F20: denial of service), mingw-qt5-qtwinextras (F21; F20: denial of service), moodle (F21; F20: multiple vulnerabilities), osc (F21; F20: command injection), patch (F20: multiple vulnerabilities), PyYAML (F21; F20: denial of service), rt (F21: multiple vulnerabilities), slapi-nis (F21: multiple vulnerabilities), thunderbird (F21: multiple vulnerabilities), and tor (F21; F20: denial of service).
Red Hat has updated chromium-browser (RHEL6: two vulnerabilities).
Linux.com talks with Linus Torvalds about the development of Git. "Just to pick an example: the concept of 'merging' was generally considered to be something really quite painful and hard in most SCM's. You'd plan your merges, because they were big deals. That's not acceptable to me, since I commonly do tens of merges a day when in the merge window, and even then, the biggest overhead shouldn't be the merge itself, it should be testing the result. The 'git' part of the merge is just a couple of seconds, it should take me much longer just to write the merge explanation message."
HUP napi hírlevél
Legfrissebb HUP képek
Hol chateteltek manapság?
Gmail (hangout, gchat)
Összes szavazat: 382