Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 13 perc 15 másodperc
Fedora has updated deluge (F20: deluge-web is vulnerable to POODLE), mokutil (F20; F19: multiple vulnerabilities), Pound (F20: multiple vulnerabilities), shim-signed (F20; F19: multiple vulnerabilities), and tnftp (F20: command execution).
openSUSE has updated ImageMagick (13.2, 13.1, 12.3: multiple vulnerabilities), konversation (13.2: information disclosure), libserf (13.2, 13.1, 12.3: man-in-the-middle attack), pidgin (13.2: multiple vulnerabilities), and sssd (13.2: restriction bypass).
SUSE has updated spacewalk-branding (SUSE Manager1.7: clarify CVE audit).
Microsoft has announced that the .NET core code is now available under an open-source (MIT) license. "As a .NET developer you were able to build & run code on more than just Windows for a while now, including Linux, MacOS, iOs and Android. The challenge is that the Windows implementation has one code base while Mono has a complete separate code base. The Mono community was essentially forced to re-implement .NET because no open source implementation was available." Amusingly, the code has been placed on GitHub; the announcement notes that code located there gets far more contributions than code on Microsoft's own "CodePlex" site.
Your editor recently acquired a laptop with a high-DPI screen. This acquisition was partially justified, of course, as an opportunity to investigate the state of Linux support of high-DPI screens; it turns out that, while quite a bit of progress has been made, this problem has not yet been fully solved. Click below (subscribers only) for the full report.
In response to the recent ownCloud troubles, Martin Pitt has put together a proposal allowing for the removal of problematic packages from the Ubuntu repositories in the future. "In rare cases, an universe package becomes actively detrimental in stable releases: If it is unmaintained in Ubuntu and has unfixed security issues or got broken because of changing network protocols/APIs, it is better to stop offering it in Ubuntu altogether rather than continuing to encourage users to install it." Comments are requested.
Red Hat has announced the availability of the first public beta of Red Hat Enterprise Linux 7 Atomic Host. "Red Hat Enterprise Linux 7 Atomic Host Beta provides a streamlined host platform that is optimized to run application containers. The software components included in Red Hat Enterprise Linux 7 Atomic Host Beta, as well as the default system tunings, have been designed to enhance the performance, scalability and security of containers, giving you the optimal platform on which to deploy and run application containers."
Fedora has updated firefox (F19: multiple vulnerabilities).
openSUSE has updated claws-mail (13.2: man-in-the-middle attack), php5 (13.2: three vulnerabilities), quassel (13.2, 13.1, 12.3: information disclosure), tnftp (13.2, 13.1: command execution), wget (13.2, 13.1, 12.3: symlink attack), and zeromq (13.1, 12.3: man-in-the-middle attack).
GroupOn, a sort of Internet sales discount coupon company has recently announced a point-of-sale tablet called "Gnome". The GNOME Foundation, by virtue of having used that name since the 1990's and having trademarked it in 2006, objects strongly to what it sees as a blatant infringement of its trademark. The organization is scrambling to file its opposition to GroupOn's new trademark filings, but that takes work — and money. So there is now a fund-raising effort in the works to help make this opposition happen. "Help us raise the funds to fight back and most of all call public attention to this terrible behavior by Groupon. Help us make sure that when people hear about GNOME software they learn about freedom and not proprietary software. Our counsel has advised us that we will need $80,000 to oppose the registration of the first set of 10 applications. If we are able to defend the mark without spending this amount, we will use the remaining funds to bolster and improve GNOME."
Update: according to Engadget, GroupOn says it wants to work things out, all the way to picking a new product name if necessary.
Another update: The GNOME Foundation reports that Groupon will abandon its pending trademarks and proceed with a name change.
Mitchell Baker celebrates Firefox's 10th anniversary. "The answer is: yes, Firefox did win in the desktop era. We changed the fundamental landscape by bringing a new experience and a new view of the world to hundreds of millions of people. However, there is still essential work to do as the Web still faces real threats today — and likely will again in the future. Here are details on what’s happening as part of the 10th anniversary of Firefox."
Michael Meeks looks at OpenGL rendering in LibreOffice. "Image scaling is another area where we currently suffer; with several open bugs - first one complains about performance, and then when you lower rendering quality to get performance, another bug complains about rendering quality. Doing high quality image interpolation of large images takes time, even when threaded. People love to whack large, high-DPI images into their documents and presentations. By moving all of the image interpolation work to the GPU we should be able to have our cake: pretty scaled images, and also eat it quickly: with fast rendering."
Debian has updated kfreebsd-9 (multiple vulnerabilities).
Fedora has updated claws-mail (F20: man-in-the-middle attack), claws-mail-plugins (F20: man-in-the-middle attack), curl (F20: information leak), libetpan (F20: man-in-the-middle attack), php-ZendFramework2 (F19: multiple vulnerabilities), pidgin (F20: multiple vulnerabilities), python (F20: script execution), python3 (F20: two vulnerabilities), qemu (F20: multiple vulnerabilities), and zarafa (F20; F19: multiple vulnerabilities).
Gentoo has updated php (multiple vulnerabilities).
Mozilla has announced the first release of a version of the Firefox browser aimed at web developers. "Ten years ago, we built Firefox for early adopters and developers to give them more choice and control. Firefox integrated WebAPIs and Add-ons to enable people to get the most out of the Web. Now we’re giving developers the whole browser as a hard-hat area, allowing us to bring front and center the features most relevant to them. Having a dedicated developer browser means we can tailor the browsing experience to what developers do every day."
The 3.18-rc4 prepatch is out for test. "Hey, things are finally calming down. In fact, it looked *really* calm until yesterday, at which point some people clearly realized 'hey, I should push my stuff to Linus so that it makes it into -rc4', and then a third of all changes came in the last day, but despite that, rc4 finally looks like things are falling into place, and we'll get to stabilize this release after all."
The Free Software Foundation (FSF) and the Software Freedom Conservancy (SFC) have announced a new site called Copyleft.org that will play host to "useful information, tutorial material, and new policy ideas regarding all forms of copyleft licensing." The most prominent content at present is a comprehensive guide to the concept of copyleft and copyleft licenses. The announcement notes that the content is viable, among other things, as training material. "As the author, primary interpreter, and ultimate authority on the GPL, the FSF is in a unique position to provide insights into understanding free software licensing. While the guide as a living text will not automatically reflect official FSF positions, the FSF has already approved and published one version for use at its Seminar on GPL Enforcement and Legal Ethics in March 2014."
At her blog, Akkana Peck has announced a new GIMP plugin called "Saver" that is intended to replace the default Save/Export functionality introduced with the GIMP 2.8 release. GIMP 2.8 famously separated "Save"and "Export" into two separate functions, with "Save" only able to write out images to GIMP's native, multi-layer XCF format. As Peck notes, that change "has been a matter of much controversy. It's been over two years now, and people are still complaining on the gimp-users list." The new plugin is an attempt to perform the "expected" action in each circumstance. "I've been using Saver for nearly all my saving for the past year. If I'm just making a quick edit of a JPEG camera image, Ctrl-S overwrites it without questioning me. If I'm editing an elaborate multi-layer GIMP project, Ctrl-S overwrites the .xcf.gz. If I'm planning to export that image for the web, I Ctrl-Shift-S to bring up the Saver As... dialog, make sure the main filename is .xcf.gz, set a name (ending in .jpg) for the exported copy; and from then on, Ctrl-S will save both the XCF and the JPG copy.
Here's a PC World article on the old, insecure version of ownCloud shipped in Ubuntu 14.04 — and the difficulties in getting it updated or removed.
Ubuntu’s developers initially balked at this. Why, this isn’t the way the system works! The package is now locked-in for the stable release and shouldn’t have any major changes, even though it’s a fundamentally insecure piece of server software. Actually removing it would be highly unusual. They proposed that ownCloud should take over maintenance of the ownCloud packages in Ubuntu and keep them up-to-date. At the very least, it was ownCloud’s job to create an empty package and go through the bureaucratic process to push it out.
The writing is a little breathless, but there is a valid issue here; the software found in the more remote corners of distribution repositories may not be particularly well maintained.
CentOS has updated php (C5: multiple vulnerabilities).
Fedora has updated hostapd (F19; F20: command execution), Pound (F19: multiple vulnerabilities), python-rhsm (F19; F20: protocol downgrade), seamonkey (F19: multiple vulnerabilities), subscription-manager (F20: protocol downgrade), webkitgtk3 (F19: protocol downgrade), wss4j (F20: authentication spoofing), and xml-security (F20: denial of service).
Oracle has updated php (O5: multiple vulnerabilities).
Debian has updated libxml-security-java (xml signature spoofing from 2013).
Ubuntu has updated libreoffice (14.10, 14.04: code execution).
Version 2.1.0 of the GNU Privacy Guard has been released; this is the first release in the new "modern" branch. Changes include elliptic curve cryptography support, better keyserver pool handling, the creation of revocation certificates by default, the removal of support for PGP2 keys, and more.
HUP napi hírlevél
Legfrissebb HUP videók
Legfrissebb Linux játékvideók
Legfrissebb HUP képek
Háztartásomban ... darab TV készülék található.
Csak az eredmény érdekel.
Összes szavazat: 818