Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 24 perc 50 másodperc
The Software Freedom Conservancy (SFC) has put out an analysis of the recently announced plans of Canonical to provide and support ZFS as part of Ubuntu 16.04. There are some license-compatibility questions within the community, but Canonical believes that it is within its rights to distribute the CDDLv1-licensed zfs.ko kernel module with the GPLv2-licensed kernel. SFC, however, disagrees: "We are sympathetic to Canonical's frustration in this desire to easily support more features for their users. However, as set out below, we have concluded that their distribution of zfs.ko violates the GPL. We have written this statement to answer, from the point of view of many key Linux copyright holders, the community questions that we've seen on this matter. Specifically, we provide our detailed analysis of the incompatibility between CDDLv1 and GPLv2 — and its potential impact on the trajectory of free software development — below. However, our conclusion is simple: Conservancy and the Linux copyright holders in the GPL Compliance Project for Linux Developers believe that distribution of ZFS binaries is a GPL violation and infringes Linux's copyright. We are also concerned that it may infringe Oracle's copyrights in ZFS. As such, we again ask Oracle to respect community norms against license proliferation and simply relicense its copyrights in ZFS under a GPLv2-compatible license."
Debian has updated icedove (multiple vulnerabilities).
Mageia has updated libssh (insecure sessions).
Oracle has updated openssh (OL5: denial of service from 2010).
SUSE has updated firefox (SLE11SP4: denial of service).
Ubuntu has updated ca-certificates (15.10, 14.04, 12.04: 1024-bit RSA key removal), glib-networking (15.10, 14.04, 12.04: update for certificate changes), gnutls (14.04, 12.04: update for certificate changes), and openssl (14.04, 12.04: update for certificate changes).
The LWN.net Weekly Edition for February 25, 2016 is available.
One of the more entertaining presentations at this year's DevConf.cz was by Dan Walsh, Red Hat's head of container engineering. He presented on one of the core conflicts in the Linux container world: systemd versus the Docker daemon. This is far from a new issue; it has been brewing since Ubuntu adopted systemd, and CoreOS introduced Rocket, a container system built around systemd.
Subscribers can click below for a look at the talk by guest author Josh Berkus.
Arch Linux has updated libssh (insecure ssh sessions).
Fedora has updated botan (F23: three vulnerabilities), code-editor (F23: three vulnerabilities), gdl (F22: out-of-bounds read flaw), GraphicsMagick (F22: out-of-bounds read flaw), monotone (F23: three vulnerabilities), octave (F22: out-of-bounds read flaw), postgresql (F23: denial of service), qca (F23: three vulnerabilities), qt-creator (F23: three vulnerabilities), vdr-skinenigmang (F22: out-of-bounds read flaw), vdr-skinnopacity (F22: out-of-bounds read flaw), and vdr-tvguide (F22: out-of-bounds read flaw).
openSUSE has updated firefox (13.1: same-origin restriction bypass).
Red Hat has updated rh-ror41 (RHSCL: multiple vulnerabilities).
The Red Hat developer blog looks at what's coming in version 6 of the GNU Compiler Collection. "The x86/x86_64 is a segmented memory architecture, yet GCC has largely ignored this aspect of the Intel architecture and relied on implicit segment registers. Low level code such as the Linux kernel & glibc often have to be aware of the segmented architecture and have traditionally resorted to asm statements to use explicit segment registers for memory accesses. Starting with GCC 6, variables may be declared as being relative to a particular segment. Explicit segment registers will then be used to access those variables in memory." The GCC 6 release can be expected sometime around April.
Debian has updated libssh2 (insecure ssh sessions).
Mageia has updated 389-ds-base (denial of service).
Red Hat has updated chromium-browser (RHEL6: code execution).
Ubuntu has updated cpio (two vulnerabilities), kernel (15.10; 14.04; 12.04: multiple vulnerabilities), libssh (two vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), linux-lts-utopic (14.04: three vulnerabilities), linux-lts-vivid (14.04: multiple vulnerabilities), linux-lts-wily (14.04: multiple vulnerabilities), linux-raspi2 (15.10: multiple vulnerabilities), linux-ti-omap4 (12.04: denial of service), oxide-qt (15.10, 14.04: code execution), and nss (12.04: regression in previous update).
Dan Kaminsky looks at the Glibc DNS bug (CVE-2015-7547). "We’ve investigated the DNS lookup path, which requires the glibc exploit to survive traversing one of the millions of DNS caches dotted across the Internet. We’ve found that it is neither trivial to squeeze the glibc flaw through common name servers, nor is it trivial to prove such a feat is impossible. The vast majority of potentially affected systems require this attack path to function, and we just don’t know yet if it can. Our belief is that we’re likely to end up with attacks that work sometimes, and we’re probably going to end up hardening DNS caches against them with intent rather than accident. We’re likely not going to apply network level DNS length limits because that breaks things in catastrophic and hard to predict ways."
Fedora has updated graphite2 (F23: multiple vulnerabilities), kscreenlocker (F23; F22: restriction bypass), mariadb (F23: multiple vulnerabilities), nettle (F22: improper cryptographic calculations), ntp (F22: multiple vulnerabilities), php-horde-horde (F23; F22: cross-site scripting), poco (F23; F22: SSL server spoofing), python-pillow (F22: denial of service), qemu (F23: multiple vulnerabilities), and thunderbird (F23: multiple vulnerabilities).
openSUSE has updated chromium (13.1: multiple vulnerabilities), chromium (13.1: code execution), erlang (13.2: man-in-the-middle attack), ffmpeg (Leap42.1: denial of service), obs-service-download_files, (Leap42.1, 13.2: code injection), postgresql93 (Leap42.1, 13.2: multiple vulnerabilities, one from 2007), qemu (Leap42.1: two vulnerabilities), chromium (SPH for SLE12; Leap42.1, 13.2: code execution), kernel (13.2: two vulnerabilities), and xdelta3 (13.2; 13.1: code execution).
SUSE has updated postgresql93 (SLE12: multiple vulnerabilities, one from 2007).
Version 2.23 of the GNU C Library (glibc) has been released. The headline feature this time around seems to be Unicode 8.0.0 support; there are a number of API changes, performance improvements and security fixes as well.
The Linux Mint blog announces that the project's web site was compromised and made to point to a backdoored version of the distribution. "As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition. If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either. Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th."
Update: it appears that the Linux Mint forums were compromised too; users should assume that their passwords have been exposed.
The 4.5-rc5 kernel prepatch is out, one day ahead of the usual schedule. "Things continue to look normal, and things have been fairly calm. Yes, the VM THP cleanup seems to still be problematic on s390, but other than that I don't see anything particularly worrisome."
Greg Kroah-Hartman has announced the release of stable kernels 4.3.6 and 3.10.97. Both contain important updates throughout the tree. In addition, 4.3.6 is the last release for the now end-of-life 4.3 kernel branch; users will need to migrate to the 4.4 series.
Version 4.7 of the Ardour digital-audio workstation has been released. The update includes two key new features: a dialog that displays detailed spectral and waveform analysis for exported files, and substantially improved support for Mackie Control brand hardware control consoles. Many other improvements are listed in the announcement, including preliminary support for importing work from ProTools 10 and 11.
Debian has updated cpio (denial of service).
Debian-LTS has updated libmatroska (code execution).
Scientific Linux has updated thunderbird (SL 5,6,7: multiple vulnerabilities).
Ubuntu has updated oxide-qt (14.04, 15.10: multiple vulnerabilities).
Dustin Kirkland justifies Ubuntu's plans to ship the ZFS filesystem kernel module. "And zfs.ko, as a self-contained file system module, is clearly not a derivative work of the Linux kernel but rather quite obviously a derivative work of OpenZFS and OpenSolaris. Equivalent exceptions have existed for many years, for various other stand alone, self-contained, non-GPL and even proprietary (hi, nvidia.ko) kernel modules."
The Linux Foundation has announced the Zephyr Project, which is aimed at building a real-time operating system (RTOS) for the Internet of Things (IoT). "Modularity and security are key considerations when building systems for embedded IoT devices. The Zephyr Project prioritizes these features by providing the freedom to use the RTOS as is or to tailor a solution. The project’s focus on security includes plans for a dedicated security working group and a delegated security maintainer. Broad communications and networking support is also addressed and will initially include Bluetooth, Bluetooth Low Energy and IEEE 802.15.4, with plans to expand communications and networking support over time." The Zephyr Kernel v1.0.0 Release Notes provide more details.
Arch Linux has updated lib32-glibc (multiple vulnerabilities).
Debian has updated libreoffice (two code execution flaws).
Fedora has updated hamster-time-tracker (F23: two denial of service flaws).
Mageia has updated cacti (authentication bypass), claws-mail (two vulnerabilities), cpio (code execution), eog (code execution from 2013), eom (code execution from 2013), gambas3 (code execution from 2013), gnome-photos (code execution from 2013), graphite2/firefox (multiple vulnerabilities), gtk+2.0 (code execution from 2013), libgcrypt (key leak), libxmp (multiple vulnerabilities), nginx (three vulnerabilities), pinpoint (code execution from 2013), python-pillow (two code execution flaws), thunar (code execution from 2013), and thunderbird (multiple vulnerabilities).
Ubuntu has updated nss (15.10, 14.04, 12.04: cryptographic weakness).
The LWN.net Weekly Edition for February 18, 2016 is available.
HUP napi hírlevél
Legfrissebb HUP képek
Használsz Steam-et Linuxon?
Igen, felraktam, megnéztem, de még nem installáltam belőle játékot
Igen, installáltam is már belőle játékot (ingyen)
Igen, vettem is már benne játékot (pénzért (is))
Nem, de talán majd később felrakom
Nem, mert nem érdekel a Steam
Nem, mert nem érdekelnek a játékok Linuxon
Csak az eredmény érdekel / Nem használok Linuxot / Nem tudom miről van szó
Összes szavazat: 372