Linux Weekly News

Tartalom átvétel
LWN.net is a comprehensive source of news and opinions from and about the Linux community. This is the main LWN.net feed, listing all articles which are posted to the site front page.
Frissült: 18 perc 24 másodperc

Security updates for Tuesday

k, 2017-05-30 17:23
Security updates have been issued by Arch Linux (lib32-nss), Debian (bind9, exiv2, fop, imagemagick, libical, libonig, libsndfile, mosquitto, openjdk-7, rzip, strongswan, and tnef), Fedora (git, kernel, lynis, moodle, mupdf, samba, systemd, and webkitgtk4), Mageia (perl-Image-Info and vlc), openSUSE (ffmpeg2, git, java-1_7_0-openjdk, libplist, libsndfile, and samba), Oracle (kernel and samba3x), Red Hat (nss), Scientific Linux (nss), and Ubuntu (imagemagick, juju-core, libtiff, strongswan, and webkit2gtk).
Kategóriák: Linux

Kernel prepatch 4.12-rc3

h, 2017-05-29 16:06
Linus has released the 4.12-rc3 kernel prepatch. "Hey, things continue to look good, and rc3 isn't even very big. I'm hoping there's not another shoe about to drop, but so far this really feels like a nice calm release cycle, despite the size of the merge window."
Kategóriák: Linux

Mailman 3.1.0 released

p, 2017-05-26 23:01
The 3.1.0 release of the Mailman mailing list manager is out. "Two years after the original release of Mailman 3.0, this version contains a huge number of improvements across the entire stack. Many bugs have been fixed and new features added in the Core, Postorius (web u/i), and HyperKitty (archiver). Upgrading from Mailman 2.1 should be better too. We are seeing more production sites adopt Mailman 3, and we've been getting great feedback as these have rolled out. Important: mailman-bundler, our previous recommended way of deploying Mailman 3, has been deprecated. Abhilash Raj is putting the finishing touches on Docker images to deploy everything, and he'll have a further announcement in a week or two." New features include support for Python 3.5 and 3.6, MySQL support, new REST resources and methods, user interface and user experience improvements, and more.
Kategóriák: Linux

Poyarekar: The story of tunables

p, 2017-05-26 21:43
On his blog, Siddhesh Poyarekar looks at tunables in the GNU C library (glibc). The idea for centralizing the handling of tunable parameters in the library started back 2013, but was added to glibc in version 2.25 that was released in February. "Tunables is an internal implementation detail in glibc. It is a way to manage ways in which we allow behaviour in glibc to be modified. As of now the only way to manage glibc is via environment variables and the way to do that was strewn all over the place in the source code. Tunables provide one place to add the tunable parameter with all of the characteristics it would have and then the framework will handle everything from there. The user of that tunable (e.g. malloc for MALLOC_MMAP_THRESHOLD_ or malloc.mmap.threshold in tunables parlance) would then simply access the tunable from the list and do what it wants to do, without bothering about where it came from."
Kategóriák: Linux

[$] What's new in gnuplot 5.2

p, 2017-05-26 18:59
This article is a tour of some of the newest features in the gnuplot plotting utility. Some of these features are already present in the 5.0 release, and some are planned for the next official release, which will be gnuplot 5.2. Highlights in the upcoming release include hypertext labels, more control over axes, a long-awaited ability to add labels to contours, better lighting effects, and more; read on for the details.
Kategóriák: Linux

Security updates for Friday

p, 2017-05-26 17:48
Security updates have been issued by CentOS (kernel), Debian (graphicsmagick, imagemagick, kde4libs, and puppet), Fedora (FlightCrew, kernel, libvncserver, and wordpress), Gentoo (adobe-flash, smb4k, teeworlds, and xen), Mageia (kernel, kernel-linus, kernel-tmb, and perl-CGI-Emulate-PSGI), openSUSE (GraphicsMagick and rpcbind), Oracle (kernel), Red Hat (kernel and kernel-rt), and Scientific Linux (kernel).
Kategóriák: Linux

The Licensing and Compliance Lab interviews AJ Jordon of gplenforced.org (FSF Blog)

p, 2017-05-26 00:56
The Free Software Foundation's blog is carrying an interview with AJ Jordon, who runs the gplenforced.org site to support GPL enforcement efforts and to help other projects indicate their support. "gplenforced.org is a small site I made that has exactly two purposes: host a badge suitable for embedding into a README file on GitLab or something, and provide some text with an easy and friendly explanation of GPL enforcement for that badge to link to. Putting badges in READMEs has been pretty trendy for a while now — people add badges to indicate whether their test suite is passing, their dependencies are up-to-date, and what version is published in language package managers. gplenforced.org capitalizes on that trend to add the maintainer's beliefs about license enforcement, too."
Kategóriák: Linux

Alpine Linux 3.6.0 Released

cs, 2017-05-25 22:35
Alpine Linux 3.6.0 has been released. Alpine is an independent, minimalist distribution that is built around musl libc and busybox to keep it small and resource efficient. This version adds support for 64-bit little-endian POWER machines (ppc64le) and 64-bit IBM z Systems (s390x).
Kategóriák: Linux

Devuan Jessie 1.0.0 stable LTS

cs, 2017-05-25 22:17
The Devuan project set out to create a systemd-less Debian, and now Devuan Jessie 1.0.0 Stable has been released. "There have been no significant bug reports since Devuan Jessie RC2 was announced only three weeks ago and the list of release critical bugs is now empty. So finally Devuan Jessie Stable is ready for release! As promised, this will also be a Long-Term-Support (LTS) release. Our team will participate in providing patches, security updates, and release upgrades beyond the planned lifespan of Debian Jessie."
Kategóriák: Linux

Stable kernel updates

cs, 2017-05-25 19:55
Greg Kroah-Hartman has announced the release of the 4.11.3, 4.9.30, 4.4.70, and 3.18.55 stable kernels. They contain a rather large set of patches all over the tree and users should upgrade.
Kategóriák: Linux

Security updates for Thursday

cs, 2017-05-25 17:32
Security updates have been issued by CentOS (samba and samba4), Mageia (samba), openSUSE (bash and samba), Oracle (samba and samba4), Slackware (samba), SUSE (ghostscript and java-1_7_0-openjdk), and Ubuntu (firefox and samba).
Kategóriák: Linux

[$] LWN.net Weekly Edition for May 25, 2017

cs, 2017-05-25 02:46
The LWN.net Weekly Edition for May 25, 2017 is available.
Kategóriák: Linux

[$] Progress on the Gilectomy

sze, 2017-05-24 22:37

At the 2016 Python Language Summit, Larry Hastings introduced Gilectomy, his project to remove the global interpreter lock (GIL) from CPython. The GIL serializes access to the Python interpreter, so it severely limits the performance of multi-threaded Python programs. At the 2017 summit, Hastings was back to update attendees on the progress he has made and where Gilectomy is headed.

Kategóriák: Linux

[$] The state of bugs.python.org

sze, 2017-05-24 21:27

In a brief session at the 2017 Python Language Summit, Maciej Szulik gave an update on the state and plans for bugs.python.org (bpo). It is the Roundup-based bug tracker for Python; moving to GitHub has not changed that. He described the work that two Google Summer of Code (GSoC) students have done to improve the bug tracker.

Kategóriák: Linux

[$] New CPython workflow issues

sze, 2017-05-24 18:57

As part of a discussion in 2014 about where to host some of the Python repositories, Brett Cannon was delegated the task of determining where they should end up. In early 2016, he decided that Python's code and other repositories (e.g. PEPs) should land at GitHub; at last year's language summit, he gave an overview of where things stood with a few repositories that had made the conversion. Since that time, the CPython repository has made the switch and he wanted to discuss some of the workflow issues surrounding that move at this year's summit.

Kategóriák: Linux

A Samba remote code execution vulnerability

sze, 2017-05-24 18:18
The Samba Team has issued an advisory regarding CVE-2017-7494: "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it." Distributors are already shipping the fix; there's also a workaround in the advisory for those who cannot update immediately.
Kategóriák: Linux

[$] System monitoring with osquery

sze, 2017-05-24 18:17

Your operating system generates a lot of run-time data and statistics that are useful for monitoring system security and performance. How you get this information depends on the operating system you're running. It could be a from report in a fancy GUI, or obtained via a specialized API, or simply text values read from the filesystem in the case of Linux and /proc. However, imagine if you could get this data via an SQL query, and obtain the output as a database table or JSON object. This is exactly what osquery lets you do on Linux, macOS, and Windows.

Kategóriák: Linux

Check Point: Hacked in Translation

sze, 2017-05-24 18:13
Check Point has issued an advisory that a number of video-player applications can be compromised via specially crafted subtitles. "By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years."
Kategóriák: Linux

[$] Python 3.6.x, 3.7.0, and beyond

sze, 2017-05-24 17:50

Ned Deily, release manager for the Python 3.6 and 3.7 series, opened up the 2017 edition of the Python Language Summit with a look at the release process and where things stand. It was an "abbreviated update" to his talk at last year's summit, he said. He looked to the future for 3.6 and 3.7, but also looked a bit beyond those two.

This is the start of LWN's coverage of the language summit; look for more articles over the next week or so.

Kategóriák: Linux

Security updates for Wednesday

sze, 2017-05-24 17:41
Security updates have been issued by CentOS (libtirpc and rpcbind), Debian (libtasn1-3, libtasn1-6, and samba), Fedora (FlightGear, openvpn, and python-fedora), openSUSE (libtirpc and libxslt), Oracle (libtirpc and rpcbind), Red Hat (samba, samba3x, and samba4), Scientific Linux (samba and samba4), SUSE (java-1_7_0-ibm, java-1_7_1-ibm, java-1_8_0-ibm, samba, and tomcat), and Ubuntu (jbig2dec, miniupnpc, rtmpdump, and samba).
Kategóriák: Linux