Népszerű fórum témák
FreeBSD Project News
Linux Weekly News
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 28 perc 1 másodperc
Lennart Poettering writes about the sd-bus library with substantial digressions into how D-Bus works in general. "We believe the result of our work delivers our goals quite nicely: the library is fun to use, supports kdbus and sockets as back-end, is relatively minimal, and the performance is substantially better than both libdbus and GDBus."
Code Climate has announced the open-source release of its static-analysis platform. "We’re releasing the static analysis engines that power the new Code Climate Platform, and going forward, all of our static analysis code will be published under Open Source licenses. Code Climate has always provided free analysis to Open Source projects, and this continues to deepen our commitment to, and participation in, the OSS community."
At his blog, former Ubuntu Community Manager Jono Bacon speculates on whether or not the Ubuntu Phone project should rebase its software stack on Android. Bacon prefaces the post with a note that it is "designed purely for some intellectual fun and discussion. I am not proposing we actually do this, nor advocating for this." The central argument is that new mobile platforms invariably expend hundreds of thousands of dollars attracting well-known app vendors to the new stack. Supporting Android apps would let Ubuntu focus efforts on the user interface, scopes, and other components. "I know there has been a reluctance to support Android apps on Ubuntu as it devalues the Ubuntu app ecosystem and people would just use Android apps, but I honestly think some kind of middle-ground is needed to get into the game, otherwise I worry we won’t even make it to the subs bench no matter how awesome our technology is." Note that, whatever one makes of the idea, Bacon is speaking only about the Ubuntu Phone stack; the post does touch on how such a rebase would interfere with Ubuntu's plans for a converged software stack.
Luke Wagner of Mozilla has announced the existence of the WebAssembly project. The purpose is to define a low-level language to run in web browsers; it will then serve as a compilation target for higher-level languages. Developers from most of the major browser engines are working on the project. "For existing Emscripten/asm.js users, targeting WebAssembly will be as easy as flipping a flag. Thus, it is natural to view WebAssembly as the next evolutionary step of asm.js (a step many have requested and anticipated)."
Debian has updated kernel (three vulnerabilities).
Red Hat has updated cups (RHEL6&7: three vulnerabilities).
Scientific Linux has updated cups (SL6&7: three vulnerabilities).
The LWN.net Weekly Edition for June 18, 2015 is available.
A 2013 Kickstarter project brought us Micro Python, which is a version of Python 3 for microcontrollers, along with the pyboard to run it on. Micro Python is a complete rewrite of the interpreter that avoids some of the CPython (the canonical Python interpreter written in C) implementation details that don't work well on microcontrollers. I recently got my hands on a pyboard and decided to give it—and Micro Python—a try.
Opensource.com takes a look at the upcoming release of Blender 2.75. "One of the biggest features merged into Blender this go-round were from the multiview branch. In short, Blender now fully supports the ability to create stereoscopic 3D images. With the increased pervasiveness of 3D films and televisions—not to mention VR headsets in gaming—a lot of people are interested in generating images that play nice in this format. And now Blender can."
Debian-LTS has updated linux-2.6 (multiple vulnerabilities).
Red Hat has updated kernel (RHEL5.9: privilege escalation).
SUSE has updated java-1_7_0-ibm (SLE12: multiple vulnerabilities).
Ubuntu has updated aptdaemon (15.04, 14.10, 14.04, 12.04: information leak), devscripts (14.10, 14.04, 12.04: directory traversal), and wpa, wpasupplicant (15.04, 14.10, 14.04, 12.04: multiple vulnerabilities).
The leap second is an occasional ritual wherein Coordinated Universal Time (UTC) is held back for one second to account for the slowing of the Earth's rotation. The last leap second happened on June 30, 2012; the next is scheduled for June 30 of this year. Leap seconds are thus infrequent events. One might easily imagine that infrequent events involving time discontinuities would be likely to expose software problems, and, sure enough, the 2012 leap second had its share of issues. The 2015 leap second looks to be a calmer affair, but it appears that it will not be entirely problem-free.
Debian has updated p7zip (directory traversal).
Red Hat has updated openssl (RHEL6,7: multiple vulnerabilities).
Scientific Linux has updated openssl (SL6,7: multiple vulnerabilities).
SUSE has updated kernel (SLE12: multiple vulnerabilities).
Ubuntu has updated kernel (15.04; 14.10; 14.04; 12.04: privilege escalation), linux-lts-trusty (12.04: privilege escalation), linux-lts-utopic (14.04: privilege escalation), linux-lts-vivid (14.04: privilege escalation), and linux-ti-omap4 (12.04: privilege escalation).
Opensource.com has an interview with Robyn Bergeron about her current position as Operations Advocate at Elastic, and past roles (such as Fedora Project Leader). "The ELK stack (that's Elasticsearch, Logstash, and Kibana), being incredibly flexible and adaptable to many use cases, appeals to both operations folks and developers—but my love for it really has grown from seeing how fantastically it has allowed folks working in ops to not just start more rapidly identifying that "something broke," but also to be able to visually identify the patterns that lead to those broken things. Getting to a point where you're not just on fire all the time fixing technology, and instead fixing the processes that lead to fires, or implementing ways to proactively avoid fires, is not just redeeming, but frees up time to do other things besides firefighting. People love breaking that loop, and it's fabulous being an advocate for something that is literally making people's work-life balance and general happiness levels better. I've been in those fires. It's not fun. It makes me happy to see users feeling awesome."
Debian has updated libav (two vulnerabilities), openssl (multiple vulnerabilities), qemu (multiple vulnerabilities), qemu-kvm (two vulnerabilities), sqlite3 (denial of service), and xen (multiple vulnerabilities).
Debian-LTS has updated p7zip (directory traversal).
Fedora has updated armacycles-ad (F22; F21; F20: multiple vulnerabilities), filezilla (F22: multiple vulnerabilities), fuse (F20: privilege escalation), libreswan (F20: denial of service), nss (F20: cipher-downgrade attacks), nss-softokn (F20: cipher-downgrade attacks), nss-util (F20: cipher-downgrade attacks), ntfs-3g (F20: privilege escalation), and xen (F22; F21: multiple vulnerabilities).
openSUSE has updated flash-player (11.4: multiple vulnerabilities), coreutils (13.2: memory handling error), cups (13.2, 13.1: three vulnerabilities), dpkg (13.2, 13.1: integrity-verification bypass), and php5 (13.2, 13.1: information disclosure).
As promised, the 4.1-rc8 kernel prepatch is out. "So I'm on vacation, but time doesn't stop for that, and it's Sunday, so time for a hopefully final rc."
The 2015 edition of the TeX Live software distribution, the "easy way to get up and running with the TeX document production system," has been released. DVDs are in production for members of the TeX Users Group (TUG), though many will probably prefer the downloadable release. The changes included in this edition include the merging of several LaTeX fixes from external packages into LaTeX itself, JPEG Exif support in pdfTeX, and image-handling fixes in XeTeX.
Version 1.10 of the MATE Desktop has been released. Perhaps the most notable new feature is that all MATE components can now be built with GTK+2 or GTK+3, although GTK+3 support is still labeled "experimental." Also new in this update are ePub support in the Atril document viewer and a new audio-mixing library named libmatemixer.
Arch Linux has updated openssl (multiple vulnerabilities).
Fedora has updated qemu (F22: denial of service).
Oracle has updated wpa_supplicant (O7: multiple vulnerabilities).
Red Hat has updated wpa_supplicant (RHEL7: multiple vulnerabilities).
Scientific Linux has updated wpa_supplicant (SL7: multiple vulnerabilities).
SUSE has updated cups (SLE12: multiple vulnerabilities), cups154 (SLE12: multiple vulnerabilities), flash-player (SLE12: multiple vulnerabilities), and xen (SLE11 SP3; SLE12: multiple vulnerabilities).
Ubuntu has updated openssl (multiple vulnerabilities).
Over at the Red Hat Security Blog, Kurt Seifried looks at the costs of security embargoes. Keeping the information about security vulnerabilities quiet until distributions can coordinate their releases of a fix for it seems like it makes a lot of sense, but there are hidden costs to that. "Patch creation with an embargoed issue means only the researcher and upstream participating. The end result of this is often patches that are incomplete and do not fully address the issue. This happened with the Bash Shellshock issue (CVE-2014-6271) where the initial patch, and even subsequent patches, were incomplete resulting in several more CVEs (CVE-2014-6277, CVE-2014-6278, CVE-2014-7169). For a somewhat complete listing of such examples simply search the CVE database for 'because of an incomplete fix for'."
Debian-LTS has updated wireshark (WCP dissector crash).
Fedora has updated cabal-install (F22: force digest authentication), freecad (F22: code execution), fusionforge (F22; F21: code execution), haskell-platform (F22: force digest authentication), less (F21: information leak), libreswan (F22; F21: denial of service), python-tornado (F21: TLS side-channel attack), and thermostat (F21: code execution).
Ubuntu has updated kernel (15.04; 14.10; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-utopic (14.04: two vulnerabilities), linux-lts-vivid (14.04: three vulnerabilities), and linux-ti-omap4 (12.04: multiple vulnerabilities).
HUP napi hírlevél
Legfrissebb HUP képek
Használsz intelligens személyi asszisztenst (Siri, Cortana, Google Now ...)?
Összes szavazat: 518