5 év 3 hónap óta
The
5.6.2 stable kernel has been released
with some important fixes, including one for the 5.6 wireless regression. Users should upgrade.
ris
5 év 3 hónap óta
Security updates have been issued by Arch Linux (chromium, kernel, linux-hardened, linux-lts, and pam-krb5), Debian (haproxy, libplist, and python-bleach), Fedora (tomcat), Gentoo (ghostscript-gpl, haproxy, ledger, qtwebengine, and virtualbox), Red Hat (haproxy, nodejs:12, qemu-kvm-rhev, and rh-haproxy18-haproxy), SUSE (memcached and qemu), and Ubuntu (apport).
ris
5 év 3 hónap óta
LineageOS 17.1 is out.
This release of the Android-based distribution once known as CyanogenMod
includes a rebase onto the Android 10 release of the Android Open Source
Project, improved theme support, support for
on-screen fingerprint sensors, the ability to use biometric sensors to
control access to apps, and more. "On the whole, we feel that the
17.1 branch has reached feature and stability parity with 16.0 and is ready
for initial release. With 17.1 being the most recent and most actively
developed branch, on April 1st, 2020 it will begin receiving nightly builds
and 16.0 will be moved to weekly builds."
corbet
5 év 3 hónap óta
The LWN.net Weekly Edition for April 2, 2020 is available.
corbet
5 év 3 hónap óta
Python string objects are immutable, so changing the value of a string
requires that a new string object be created with the new value. That is
fairly well-understood within the community, but there are some
"anti-patterns" that arise; it is pretty common for new users to build up a
longer string by repeatedly concatenating to the end of the "same" string.
The performance penalty for doing that could be avoided by switching to a
type that is geared toward incremental updates, but Python 3 has
already optimized the penalty away for regular strings. A recent thread on the python-ideas
mailing list explored this topic some.
jake
5 év 3 hónap óta
The LXD system container and virtual manager, LXC container runtime, and
LXCFS FUSE filesystem projects have released version 4.0 LTS. LTS versions
of these intertwined projects are released every 2 years and receive 5
years of security and bugfix support.
ris
5 év 3 hónap óta
The annual Debian project leader (DPL) election is well underway at this point;
voting begins in early April and the outcome will be known after the polls
close on April 18. Outgoing DPL Sam Hartman
posted a lengthy
"non-platform" in the run-up to the election, which detailed the highs and
lows of his term, perhaps providing something of a roadmap, complete with
pitfalls, for potential candidates—Hartman is not running again this
time. When the nomination period completed,
three people
put their hats
into the ring: Jonathan Carter, Sruthi Chandran, and Brian Gupta.
Their platforms have been posted and there have been several threads on the
debian-vote mailing list with questions for the candidates; it seems like a
good time to look in on the race.
jake
5 év 3 hónap óta
Ars Technica
reports
on the recently disclosed OpenWrt package verification vulnerability. The
headline may be a bit overwrought, though. "These code-execution
exploits are limited in their scope because adversaries must either be in a
position to conduct a man-in-the-middle attack or tamper with the DNS
server that a device uses to find the update on the Internet. That means
routers on a network that has no malicious users and using a legitimate DNS
server are safe from attack." It also assumes that people actually
update their routers, which seems unlikely in most cases in the real world.
corbet
5 év 3 hónap óta
Stable kernels
5.6.1,
5.5.14, and
5.4.29 have been released with the usual set
of important fixes. Users should upgrade.
ris
5 év 3 hónap óta
Security updates have been issued by Debian (apng2gif, gst-plugins-bad0.10, and libpam-krb5), Fedora (coturn, libarchive, and phpMyAdmin), Mageia (chromium-browser-stable, nghttp2, php, phpmyadmin, sympa, and vim), openSUSE (GraphicsMagick, ldns, phpMyAdmin, python-mysql-connector-python, python-nltk, and tor), Red Hat (advancecomp, avahi, bash, bind, bluez, buildah, chromium-browser, cups, curl, docker, dovecot, doxygen, dpdk, evolution, expat, file, gettext, GNOME, httpd, idm:DL1, ImageMagick, kernel, kernel-rt, lftp, libosinfo, libqb, libreoffice, libsndfile, libxml2, mailman, mariadb, mod_auth_mellon, mutt, nbdkit, net-snmp, nss-softokn, okular, php, podman, polkit, poppler and evince, procps-ng, python, python-twisted-web, python3, qemu-kvm, qemu-kvm-ma, qt, rsyslog, samba, skopeo, squid, systemd, taglib, texlive, unzip, virt:8.1, wireshark, and zziplib), Slackware (gnutls and httpd), and SUSE (glibc, icu, kernel, and mariadb).
ris
5 év 3 hónap óta
The Free Software Foundation is
focusing
on the shortage of medical equipment and using 3D printers to make
more. "That's why we're looking into what we can make with our
in-office Respects Your Freedom (RYF)-certified 3D printers, and we're
talking to the brand new Mass General Brigham Center for COVID Innovation
so they can direct our efforts. We're also gathering resources for our
"HACKERS and HOSPITALS" plan at the
LibrePlanet wiki page, and if you have expertise, 3D printers, or supplies to contribute, please contact Michael via sysadmin@fsf.org. If you do not have the means to produce medical gear and you still want to help, research can be done from anywhere with only a computer and an Internet connection. Add any projects that are freely licensed working towards helping with COVID-19 to the wiki!"
ris
5 év 3 hónap óta
The Mozilla Open Source Support Program (MOSS) has
launched
a COVID-19 Solutions Fund, which will provide awards of up to $50,000 each
to open source technology projects which are responding to the COVID-19
pandemic in some way. "As part of the COVID-19 Solutions Fund, we will accept applications that are hardware (e.g., an open source ventilator), software (e.g., a platform that connects hospitals with people who have 3D printers who can print parts for that open source ventilator), as well as software that solves for secondary effects of COVID-19 (e.g., a browser plugin that combats COVID related misinformation)."
ris
5 év 3 hónap óta
Security updates have been issued by Debian (tinyproxy), Fedora (okular), Gentoo (ffmpeg, libxls, and qemu), openSUSE (GraphicsMagick), Red Hat (qemu-kvm-rhev), SUSE (cloud-init and spamassassin), and Ubuntu (bluez, libpam-krb5, linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3,linux-raspi2, linux-raspi2-5.3, and Timeshift).
ris
5 év 3 hónap óta
OpenBSD developer Ted Unangst
looks
for lessons in a set of recent vulnerabilities in that system.
"Even OpenBSD is subject to compromise for the sake of practicality,
which is how some legacy designs stick around. So the lesson perhaps is to
really stick with the principles that work, and not just when
convenient. But not always an easy choice to make."
corbet
5 év 3 hónap óta
When the 5.6 kernel was
released on
March 29, 12,665 non-merge changesets had been accepted from 1,712
developers, making this a fairly typical development cycle in a number of
ways. As per longstanding LWN tradition, what follows is a look at where
those changesets came from and who supported the work that created them.
This may have been an ordinary cycle, but there are still a couple of
differences worth noting.
corbet
5 év 3 hónap óta
Back in February, LWN
reported on the
process of gathering requirements for a Git forge system. That process
then went relatively quiet until March 28, when the posting of
a
"CPE Weekly" news summary included, under "other updates", a note that
the decision has been made. It appears that the project will be pushed
toward a not-fully-free version of the GitLab offering. It is fair to say
that this decision — or how it was presented — was not met with universal
acclaim in the Fedora community; see
this
response from Neal Gompa for more.
corbet
5 év 3 hónap óta
The Debian community has announced a one-week, online "biohackathon" as a
focused effort to improve the available free biomedical tools.
"Most tasks do not require any knowledge of biology or medicine, and all
types of contributions are welcome: bug triage, testing, documentation,
CI, translations, packaging, and code contributions."
corbet
5 év 3 hónap óta
Security updates have been issued by Debian (php-horde-form and tika), Fedora (dcraw and libmodsecurity), Gentoo (libidn2 and screen), openSUSE (cloud-init, cni, cni-plugins, conmon, fuse-overlayfs, podman, opera, phpMyAdmin, python-mysql-connector-python, ruby2.5, strongswan, and tor), Oracle (ipmitool), Scientific Linux (ipmitool), SUSE (spamassassin and tomcat), and Ubuntu (twisted and webkit2gtk).
ris
5 év 3 hónap óta
Linus has
released the 5.6 kernel.
Some of the headline features in this release include
Arm EOPD support,
time namespaces,
the BPF dispatcher and batched BPF map operations (both described in this article),
the openat2() system call,
the WireGuard virtual private network
implementation,
the flow queue PIE packet
scheduler,
nearly complete year-2038 support,
many new io_uring features,
the pidfd_getfd() system call,
the ZoneFS filesystem,
the ability to implement TCP
congestion-control algorithms in BPF,
the dma-buf heaps subsystem,
and the removal of the /dev/random
blocking pool.
See the LWN merge-window summaries (part 1 and part 2) and the (under construction) KernelNewbies 5.6 page
for more details.
corbet
5 év 3 hónap óta
In recent years, the kernel has (finally) upped its game when it comes to
hardening. It is rather harder to compromise a running kernel than it used
to be. But "rather harder" is relative: attackers still manage to find
ways to exploit kernel bugs. One piece of information that can be helpful
to attackers is the location of the kernel stack;
this
patch set from Kees Cook and Elena Reshetova may soon make that
information harder to come by and nearly useless in any case.
corbet
Ellenőrizve
17 perc 59 másodperc ago
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Feliratkozás a következőre: Linux Weekly News hírcsatorna