Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 28 perc 46 másodperc
The Python 2.7.9 release is out. The 2.7 series is in deep maintenance mode, but this update still includes a new SSL module (taken from Python 3.4) and validation of SSL certificates by default. This release also adds the ensurepip module, making the "pip" package manager available in all installations.
The GNU Emacs project is debating the idea of changing the format in which its official documentation is written and maintained. Proposing the change is Eric S. Raymond, who argues that the Texinfo format currently used is archaic and constitutes a barrier to entry. His proposal has its supporters—including Richard Stallman—but plenty of other project members contend that whatever shortcomings the Emacs documentation may have, replacing Texinfo as Raymond suggests is not the fix.
Funding projects in the "free and open" world is a perennial problem. "Crowdfunding" using Kickstarter and other platforms has helped to alleviate some funding issues for some projects, but it is a model that targets one-time goals, not sustained development. Snowdrift.coop, which is an organization aimed at providing long-term funding for free and open projects, has—somewhat ironically—announced a crowdfunding campaign to launch itself.
Click below (subscribers only) for the full article.
Mageia has updated flash-player-plugin (multiple vulnerabilities), graphviz (format string vulnerability), iceape (multiple vulnerabilities), nodejs (multiple vulnerabilities), openafs (multiple vulnerabilities), php-pear-HTML_AJAX (code execution), and util-linux (command injection).
Ubuntu has updated bind9 (denial of service) and xorg-server, xorg-server-lts-trusty (14.10, 14.04, 12.04: multiple vulnerabilities), xorg-server, xorg-server-lts-trusty (14.10.14.04.12.04: incomplete fixes in previous update).
Version 5.4 of the Qt toolkit is now available. It provides better interaction with web-based content, improved graphics, Bluetooth Low Energy support, and a lot more, including a licensing change: "As announced earlier, the open-source version for Qt 5.4 is also made available under the LGPLv3 license. The new licensing option allows us at The Qt Company to introduce more value-add components for the whole Qt ecosystem without making compromises on the business side. It also helps to protect 3rd party developers’ freedom from consumer device lock-down and prevents Tivoization as well as other misuse."
The X.Org developers have released an advisory warning of a large set of vulnerabilities in the server, some of which date back to the X11R1 release in 1987. "How critical these vulnerabilities are to any given installation depends on whether they run an X server with root privileges or reduced privileges; whether they run X servers exposed to network clients or limited to local connections; and whether or not they allow use of the affected protocol extensions, especially the GLX extension."
The Turla trojan malware has been found to run on Linux, reports The Register. "[Kaspersky researcher Kurt] Baumgartner said the module written in C and C++ was hardened against reverse-engineering through the use of stripped symbol information and hidden network communications, adding it could not be discovered using Netstat. It contained attack capabilities which did not require root privileges including arbitrary remote command execution, incoming packet interception and remote management."
Mark Shuttleworth has announced the availability of "Ubuntu Core," a version of the distribution that takes a different approach to package management. "This is in a sense the biggest break with tradition in 10 years of Ubuntu, because Ubuntu Core doesn’t use debs or apt-get. We call it 'snappy' because that’s the new bullet-proof mechanism for app delivery and system updates; it’s completely different to the traditional package-based Ubuntu server and desktop. The snappy system keeps each part of Ubuntu in a separate, read-only file, and does the same for each application. That way, developers can deliver everything they need to be confident their app will work exactly as they intend, and we can take steps to keep the various apps isolated from one another, and ensure that updates are always perfect. Of course, that means that apt-get won’t work, but that’s OK since developers can reuse debs to make their snappy apps, and the core system is exactly the same as any other Ubuntu system – server or desktop."
SUSE has updated OpenVPN (SLE11 SP3: denial of service).
Ubuntu has updated graphviz (format string vulnerability).
The Fedora 21 distribution release is now available, in three different flavors (cloud, server, and workstation). "Fedora 21 is a game-changer for the Fedora Project, and we think you're going to be very pleased with the results." See the announcement for the highlights found in each of the released spins.
Paul Kocialkowski shares his experience with porting Replicant to the LG Optimus Black. "Every once in a while, an unexpected combination of circumstances ends up enabling us to do something pretty awesome. This is the story of one of those times. About a year ago, a member of the Replicant community started evaluating a few targets from CyanogenMod and noticed some interesting ones. After some early research, he picked a device: the LG Optimus Black (P970), bought one and started porting Replicant to it. After a few encouraging results, he was left facing issues he couldn't overcome and decided to give up with the port. As the device could still be an interesting target for Replicant, we decided to buy the phone from him so that I could pick up the work where he stalled." (Thanks to Paul Wise)
The Software Freedom Law Center has filed an interesting brief with the U.S. Supreme Court on whether the Court should review the Federal Circuit court decision stating that Android violates Oracle's copyrights by shipping some Java headers. The SFLC disagrees with the Circuit court decision, but, interestingly, still argues that the Supreme Court should not look at the case. "Given that the parties are agreed that Petitioner has the right to royalty-free use of all the material at issue under GNU GPL, and it is in addition entitled to claim that its use was licensed at all relevant times, there is no public interest in the adjudication a controversy which remains merely theoretical if not factually moot."
FontForge is the most feature-rich free-software application for building and editing font files, but that is a niche that, regrettably, attracted relatively few developers over the project's lifespan. The situation has improved considerably in the last two years, however, and the latest release introduces several significant improvements. The new features include some expansion and enhancement to the editing tools, which will appeal to existing FontForge users, but they also include other changes that may be more significant in making FontForge appealing to new users.
Fedora has updated arm-none-eabi-binutils-cs (F20; F19: multiple vulnerabilities), avr-binutils (F20; F19: multiple vulnerabilities), firefox (F19: multiple vulnerabilities), flac (F20: multiple vulnerabilities), graphviz (F20; F19: format string vulnerability), hivex (F20; F19: invalid hive files), kwebkitpart (F20; F19: code execution), libksba (F20; F19: denial of service), nrpe (F19: code execution), readline (F19: insecure temporary files), and thunderbird (F19: multiple vulnerabilities).
openSUSE has updated apache2-mod_wsgi (13.1, 12.3: privilege escalation), docker (13.2: privilege escalation), firefox (13.2, 13.1, 12.3: multiple vulnerabilities), flac (13.2, 13.1, 12.3: multiple vulnerabilities), icecast (13.2; 13.1, 12.3: information leak/privilege escalation), openvpn (13.2, 13.1, 12.3: denial of service), and ruby19 (13.1, 12.3: two vulnerabilities).
Scientific Linux has updated kernel (SL5: restriction bypass).
Linus has released the 3.18 kernel. "I'd love to say that we've figured out the problem that plagues 3.17 for a couple of people, but we haven't. At the same time, there's absolutely no point in having everybody else twiddling their thumbs when a couple of people are actively trying to bisect an older issue, so holding up the release just didn't make sense." Highlights in this release include the bpf() system call, some significant networking performance improvements, dozens of new drivers, thousands of fixes, and more.
The 3.17.5 stable kernel has been released with a comment saying "No one should use it"; instead, the immediately following 3.17.6, containing an important patch reversion, should be used. Also available are 3.14.26 and 3.10.62.
Software Freedom Conservancy (SFC), the US-based non-profit organization that sponsors around 30 separate FOSS projects, has announced a "Supporter" program. The program allows individuals to make a recurring donation to SFC's general operating fund, akin to the individual membership-style programs also offered by the Free Software Foundation, Software In The Public Interest, and various other non-profits in the community. As always, individuals can also make donations directly to SFC member projects.
CentOS has updated kernel (C5: privilege escalation).
Red Hat has updated kernel (RHEL5: privilege escalation).
Ubuntu has updated MAAS (12.04, 14.04, 14.10: privilege escalation).
Peter Hutterer describes a new mechanism aimed at providing consistent acceleration behavior across mice. "For us, useless and unpredictable is bad, especially in the use-case of everyday desktops. To work around that, libinput 0.7 now incorporates the physical resolution into pointer acceleration. And to do that we need a database, which will be provided by udev as of systemd 218 (unreleased at the time of writing). This database incorporates the various devices and their physical resolution, together with their sampling rate. udev sets the resolution as the MOUSE_DPI property that we can read in libinput and use as reference point in the pointer accel code." The developers are looking for help to populate this new database.
The CentOS project has announced the availability of the first in a series of monthly rolling releases. "CentOS Linux rolling builds are point in time snapshot media rebuild from original release time, to include all updates pushed to mirror.centos.org's repositories. This includes all security, bugfix, enhancement and general updates for CentOS Linux. Machines installed from this media will have all these updates pre-included and will look no different when compared with machines installed with older media that have been yum updated to the same point in time."
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Kivándorolnál másik országba? Ha igen miért?
Igen, az anyagiak miatt.
Igen, a jobb karrier lehetőségek miatt.
Igen, a gyermekeim jobb jövője érdekében (pl. oktatás, nyelvtanulás).
Igen, az általánosan jobb hangulat miatt (jobb egészségügy, vidámabb néplélek stb.)
Igen, egyebek miatt (leírom).
Összes szavazat: 515