2 év 6 hónap óta
A lot of digital ink has been expended in recounting the ongoing
Python packaging saga, which is now in its fourth installment
(earlier articles:
landscape survey,
visions and unification, and
pip-conda convergence). Most of that
covered conversations that
took place in November and the discussion largely settled down over the
holidays, but it picked up again with a
packaging-strategy
thread that started in early January. That thread was based on the
results
of a user survey about packaging that was meant to help guide the
Python Packaging Authority (PyPA)
and other interested developers, but the guidance provided was somewhat
ambiguous—leading to lots more discussion.
jake
2 év 6 hónap óta
The nccgroup blog is carrying
a
four-part series by Domen Puncer Kugler on how vulnerabilities can make
their way into device drivers written in Rust.
In other words, the CONFIG_INIT_STACK_ALL_ZERO build
option does nothing for Rust code! Developers must be cautious to
avoid shooting themselves in the foot when porting a driver from C
to Rust, especially if they previously relied on this config option
to mitigate this class of vulnerability. It seems that kernel info
leaks and KASLR bypasses might be here to stay, at least, for a
little while longer.
corbet
2 év 6 hónap óta
Security updates have been issued by Debian (heimdal, openssl, shim, and xorg-server), Oracle (kernel and thunderbird), Red Hat (git, libksba, samba, and tigervnc), Scientific Linux (thunderbird), Slackware (openssl and xorg), SUSE (EternalTerminal, openssl-1_0_0, openssl-1_1, openssl-3, openssl1, polkit, and sssd), and Ubuntu (git, grunt, heimdal, openssl, openssl1.0, and xorg-server, xorg-server-hwe-18.04, xwayland).
corbet
2 év 6 hónap óta
NKI
2 év 6 hónap óta
Hot on the heels of
syspatches for OpenBSD 7.1 and 7.2,
Brent Cook (bcook@)
announced
the release of versions 3.5.4 and 3.6.2 of
LibreSSL:
We have released LibreSSL 3.5.4 and 3.6.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
Read more…
2 év 6 hónap óta
Okay just a short status update.
radv H264/H265 decode:
The radv h264/h265 support has been merged to mesa main branch. It is still behind RADV_PERFTEST=video_decode flag, and should work for basics from VI/GFX8+. It still has not passed all the CTS tests.
anv H264 decode:
The anv h264 decode support has been merged to mesa main branch. It has been tested from Skylake up to DG2. It has no enable flag, just make sure to build with h264dec video-codec support. It passes all current CTS tests.
hasvk H264 decode:
I ported the anv h264 decoder to hasvk the vulkan driver for Ivybridge/Haswell. This in a draft MR (HASVK H264). I haven't given this much testing yet, it has worked in the past. I'll get to testing it before trying to get it merged.
radv AV1 decode:
I created an MR for spec discussion (radv av1). I've also cleaned up the radv AV1 decode code.
anv AV1 decode:
I've started on anv AV1 decode support for DG2. I've gotten one very simple frame to decode. I will attempt to do more. I think filmgrain is not going to be supported in the short term. I'll fill in more details on this when it's working better. I think there are a few things that might need to be changed in the AV1 decoder provisional spec for Intel, there are some derived values that ffmpeg knows that it would be nice to not derive again, and there are also some hw limits around tiles and command buffers that will need to be figured out.
2 év 6 hónap óta
The
Flatpak package format promises to
bring "the future of apps on Linux", but a Linux distribution like
Fedora already provides packages in its native format—and built
to its specifications. Flatpaks that come from upstream projects may or
may not follow the packaging guidelines, philosophy, and practices so they
exist in their own world, separate from the packages that come directly
from Fedora. But
those worlds have
collided to a certain extent over the
past year to two. Recently, a
packager announced their plans to stop packaging the
Bottles tool, used for running
Windows programs in Wine-based containers on Linux, in favor of
recommending that Fedora users install the upstream Flatpak.
jake
2 év 6 hónap óta
Security updates have been issued by Debian (graphite-web, openjdk-11, webkit2gtk, wpewebkit, and xorg-server), Mageia (advancecomp, apache, dojo, git, java/timezone, libtiff, libxpm, netatalk, nodejs-minimist, opusfile, python-django, python-future, python-mechanize, ruby-sinatra, sofia-sip, thunderbird, and tigervnc), Oracle (git and thunderbird), Red Hat (git, libksba, rh-git227-git, rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon, and thunderbird), SUSE (apache2, nginx, php8-pear, redis, rubygem-activesupport-5_1, rubygem-rack, sssd, xorg-x11-server, and xwayland), and Ubuntu (tmux).
corbet
2 év 6 hónap óta
jake
2 év 6 hónap óta
Computer-aided design (CAD) software is expensive to develop, which is a
good
reason to appreciate the existing free and open-source alternatives to some
of the big names
in the industry. This article takes a bird's-eye view at free
and open-source software for 2D drafting and 3D parametric solid modeling,
its progress over the years, as well as wins and ongoing challenges.
corbet
2 év 6 hónap óta
Security updates have been issued by Debian (libhtml-stripscripts-perl), Fedora (binwalk, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, kernel, sudo, and syncthing), SUSE (syslog-ng), and Ubuntu (editorconfig-core, firefox, pam, and thunderbird).
jake
2 év 6 hónap óta
NKI
2 év 6 hónap óta
Újabb kritikus sérülékenységekkel bővült az amerikai kiberbiztonsági ügynökség (Cybersecurity and Infrastructure Security Agency – CISA) által vezetett ismert sérülékenységek listája. Az egyik ilyen aktívan kihasznált sérülékenység a CVE-2022-21587 számon nyomon követett hiba, ami (CVSS pontszám: 9,8) az Oracle E-Business Suite-ot érinti. Ez egy olyan vállalati alkalmazáskészlet, ami lehetővé teszi a szervezetek számára az olyan folyamatok […]
The post Oracle és SugarCRM sérülékenységek aktív kihasználásáról figyelmeztet a CISA first appeared on Nemzeti Kibervédelmi Intézet.
NKI
2 év 6 hónap óta
A Dashlane bejelentette, hogy elérhetővé teszi GitHubon, a Creative Commons Attribution-NonCommercial 4.0 licence alatt az Android és iOS alkalmazásainak forráskódját. A népszerű előfizetés-alapú jelszókezelő és digitális pénztárca alkalmazások kínáló cég úgy döntött, hogy kiadja mobilalkalmazásainak forráskódjait, hogy átláthatóbbá tegye működésüket és segítse az együttműködésen alapuló, nyitottabb fejlesztést. A cég elmondása szerint arra törekednek, hogy az […]
The post Nyílt forráskódúvá váltak a Dashlane jelszókezelő Android és iOS alkalmazásai first appeared on Nemzeti Kibervédelmi Intézet.
NKI
2 év 6 hónap óta
The
6.2-rc7 kernel prepatch is out for
testing.
So the 6.2 rc releases are continuing to be fairly small and
controlled, to the point where normally I'd just say that this is
the last rc. But since I've stated multiple times that I'll do an
rc8 due to the holiday start of the release, that's what I'll do.
corbet
2 év 6 hónap óta
Of all the attacks on cryptographic code, timing attacks may be among the
most insidious. An algorithm that appears to be coded correctly, perhaps
even with a formal proof of its correctness, may be undermined by
information leaked as the result of data-dependent timing differences.
Both Arm and Intel have introduced modes that are intended to help defend
against timing attacks, but the extent to which those modes should be used
in the kernel is still under discussion.
corbet
2 év 6 hónap óta
Security updates have been issued by Fedora (chromium and vim), Slackware (openssh), and Ubuntu (lrzip and tiff).
jake
2 év 6 hónap óta
Version 7.5 of the
LibreOffice Community edition is
now available. LibreOffice is, of course, the FOSS desktop office suite; version 7.5 brings new features to multiple parts of the tool, including major improvements to dark mode, better PDF exports, improved bookmarks in Writer, data tables for charts in Calc, better interoperability with Microsoft Office, and lots more.
Check out the
release notes for further information.
LibreOffice 7.5 Community's new features have been developed by 144
contributors: 63% of code commits are from the 47 developers employed by
three companies sitting in TDF's Advisory Board - Collabora, Red Hat and
allotropia - or other organizations, 12% are from 6 developers at The
Document Foundation, and the remaining 25% are from 91 individual
volunteers.
Other 112 volunteers - representing hundreds of other people providing
translations - have committed localizations in 158 languages. LibreOffice
7.5 Community is released in 120 different language versions, more than any
other free or proprietary software, and as such can be used in the native
language (L1) by over 5.4 billion people worldwide. In addition, over 2.3
billion people speak one of those 120 languages as their second language
(L2).
jake
2 év 6 hónap óta
OpenSSH 9.2 was released on 2023-02-02. It is available from the
mirrors listed at
https://www.openssh.com/.
As should be of no surprise to undeadly readers, OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Read more…
2 év 6 hónap óta
Faith Ekstrand
begins
an exploration of using the Rust language to write Vulkan graphics
drivers.
Whenever a Vulkan object is created or destroyed, the parent object
is passed to both the create and destroy functions. This ensures
that the lifetime of the child object is contained within the
lifetime of the parent object. In Rust terms, this means it's safe
for the child object to contain a non-mutable reference to the
parent object. Vulkan also defines which entrypoint parameters must
be externally synchronized by the client. Externally synchronized
objects follow the same rules as mutable references in Rust.
corbet