Népszerű fórum témák
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 3 hét 1 nap
The schism between two Arduino companies (that we covered in March 2015) has apparently been settled. The poster child for the open hardware movement is now under one company "Arduino Holding" and a new not-for-profit Arduino Foundation has been started. "Massimo Banzi, Co-Founder of Arduino LLC, commented, 'Today is one of the best days in Arduino history. This allows us to start a new course for Arduino made of constructive dialogue and disruptive innovation in the education, Makers and IoT fields. The Arduino Foundation will allow us to champion the core values of the Arduino Community within the open-source ecosystem and to make our commitment to open-source stronger than ever. This is really a new beginning for Arduino!'" (Thanks to Paul Wise.)
Debian-LTS has updated ruby-activerecord-3.2 (access restriction bypass).
Fedora has updated bash (F24: code execution), bind (F24: denial of service), community-mysql (F23: unspecified), nodejs-tough-cookie (F23: denial of service), openjpeg2 (F24: denial of service), openssh (F24: null pointer dereference), pdns (F23: denial of service), and systemd (F24: denial of service).
Scientific Linux has updated python-twisted-web (SL7&6: HTTP proxy redirect).
Slackware has updated thunderbird (unspecified).
Ubuntu has updated pillow (14.04: regression in previous security update).
Linus Torvalds has announced the availability of the 4.8 kernel: "So the last week was really quiet, which maybe means that I could probably just have skipped rc8 after all. Oh well, no real harm done." Some of the headline changes in this release include support for transparent huge pages in the tmpfs filesystem, a new formatted documentation subsystem and a number of documentation changes to match, a new timeout subsystem that should address the latency problems experienced by its predecessor, continued work on the express data path for high-performance network routing, build-system improvements allowing the use of GCC plugins, the hardened usercopy security work, and much more. The KernelNewbies 4.8 page is still under construction as of this writing, but should contain lots of details in the near future.
In a world full of fancy development tools and sites, the kernel project's dependence on email and mailing lists can seem quaintly dated, if not positively prehistoric. But, as Greg Kroah-Hartman pointed out in a Kernel Recipes talk titled "Patches carved into stone tablets", there are some good reasons for the kernel community's choices. Rather than being a holdover from an older era, email remains the best way to manage a project as large as the kernel.
Debian has updated wordpress (multiple vulnerabilities).
Red Hat has updated python-twisted-web (RHEL7&6: HTTP proxy redirect).
Greg Kroah-Hartman has released the 4.7.6 and 4.4.23 stable kernels with the usual set of important fixes.
Fedora has updated vfrnav (F24: unspecified).
Version 3.2 of the Qubes OS distribution is available. "This is an incremental improvement over the 3.1 version that we released earlier this year. A lot of work went into making this release more polished, more stable and easier to use than our previous releases." Changes include a new management infrastructure, the ability to assign individual USB devices to virtual machines and a switch to the Xfce4 desktop. See the release notes for details.
The PostgreSQL 9.6 release is available. "This release will allow users to both scale up and scale out high performance database workloads. New features include parallel query, synchronous replication improvements, phrase search, and improvements to performance and usability, as well as many more features." See the announcement text and the release notes for more information.
The LWN.net Weekly Edition for September 29, 2016 is available.
Ana Guerrero Lopez sadly reports that Kristoffer H. Rose died on September 17. "Kristoffer was a Debian contributor from the very early days of the project, and the upstream author of several packages that are still in the Debian archive nowadays, such as the LaTeX package Xy-pic and FlexML. On his return to the project after several years' absence, many of us had the pleasure of meeting Kristoffer during DebConf15 in Heidelberg. The Debian Project honours his good work and strong dedication to Debian and Free Software. Kristoffer's broad technical knowledge and his ability to share that knowledge with others will be missed. The contributions of Kristoffer will not be forgotten, and the high standards of his work will continue to serve as an inspiration to others."
Debian has updated bind9 (two denial of service flaws).
Mageia has updated autotrace (code execution), firefox/rootcerts/nss (multiple vulnerabilities), gnutls (certificate verification bypass), graphicsmagick (multiple vulnerabilities), pdns (three denial of service flaws), thunderbird (multiple vulnerabilities), wget (two vulnerabilities), and zookeeper (buffer overflow).
Slackware has updated bind (denial of service).
SUSE has updated bind (SLE12-SP1; SLES12; SOSC5, SMP2.1, SM2.1, SLE11-SP4: denial of service), mariadb (SLE12-SP1; SLES12: SQL injection/privilege escalation), openssl (SLE12-SP1: multiple vulnerabilities), and php5 (SLESDK12-SP1, SLEM12: multiple vulnerabilities).
Ari Jaaksi and David Bryant posted a note to the B2G (Boot to Gecko) OS community looking at the end of Firefox OS development and at what happens to the code base going forward. "In the spring and summer of 2016 the Connected Devices team dug deeper into opportunities for Firefox OS. They concluded that Firefox OS TV was a project to be run by our commercial partner and not a project to be led by Mozilla. Further, Firefox OS was determined to not be sufficiently useful for ongoing Connected Devices work to justify the effort to maintain it. This meant that development of the Firefox OS stack was no longer a part of Connected Devices, or Mozilla at all. Firefox OS 2.6 would be the last release from Mozilla. Today we are announcing the next phase in that evolution. While work at Mozilla on Firefox OS has ceased, we very much need to continue to evolve the underlying code that comprises Gecko, our web platform engine, as part of the ongoing development of Firefox. In order to evolve quickly and enable substantial new architectural changes in Gecko, Mozilla’s Platform Engineering organization needs to remove all B2G-related code from mozilla-central. This certainly has consequences for B2G OS. For the community to continue working on B2G OS they will have to maintain a code base that includes a full version of Gecko, so will need to fork Gecko and proceed with development on their own, separate branch." (Thanks to Paul Wise)
Arch Linux has updated gnutls (certificate verification bypass), lib32-gnutls (certificate verification bypass), lib32-openssl (multiple vulnerabilities), openssl (multiple vulnerabilities), and wireshark-cli (multiple vulnerabilities).
Debian-LTS has updated firefox-esr (multiple vulnerabilities).
Fedora has updated community-mysql (F24: SQL injection/privilege escalation).
Red Hat has updated openssl (RHEL6,7: multiple vulnerabilities).
Slackware has updated openssl (denial of service).
SUSE has updated openssl (SLES12: multiple vulnerabilities).
Ubuntu has updated python-django (cross-site request forgery).
Some time ago, we published a pair of articles about systemd programming that extolled the value of providing high-quality unit files in upstream packages. The hope was that all distributions would use them and that problems could be fixed centrally rather than each distribution fixing its own problems independently. Now, 30 months later, it seems like a good time to see how well that worked out for nfs-utils, the focus of much of that discussion. Did distributors benefit from upstream unit files, and what sort of problems were encountered?
KDE e.V. introduces the KDE Advisory Board. "One of the core goals of the Advisory Board is to provide KDE with insights into the needs of the various organizations that surround us. We are very aware that we need the ability to combine our efforts for greater impact and the only way we can do that is by adopting a more diverse view from outside of our organization on topics that are relevant to us. This will allow all of us to benefit from one another's experience."
Mageia has updated gdk-pixbuf2.0 (denial of service), golang (denial of service), libarchive (file overwrite), libtorrent-rasterbar (denial of service), php (multiple vulnerabilities), and wireshark (multiple vulnerabilities).
openSUSE has updated curl (Leap42.1: multiple vulnerabilities), flash-player (13.1: multiple vulnerabilities), gd (Leap42.1: multiple vulnerabilities), gtk2 (Leap42.1; 13.2: code execution), firefox, nss (Leap42.1, 13.2: multiple vulnerabilities), samba (Leap42.1: crypto downgrade), thunderbird (13.1: multiple vulnerabilities), tiff (13.1: multiple vulnerabilities), and wpa_supplicant (Leap42.1: multiple vulnerabilities).
Slackware has updated php (multiple vulnerabilities).
Ubuntu has updated openssl (regression in previous update).
This OpenSSL security advisory is notable in that it's the second one in four days; sites that updated after the first one may need to do so again. "This security update addresses issues that were caused by patches included in our previous security update, released on 22nd September 2016. Given the Critical severity of one of these flaws we have chosen to release this advisory immediately to prevent upgrades to the affected version, rather than delaying in order to provide our usual public pre-notification."
The 4.8-rc8 kernel prepatch is out. "Things actually did start to calm down this week, but I didn't get the feeling that there was no point in doing one final rc, so here we are. I expect the final 4.8 release next weekend, unless something really unexpected comes up."
HUP napi hírlevél