Security updates for Friday

By jake Security updates have been issued by Arch Linux (linux-hardened), CentOS (sudo), Debian (apache2, c-ares, flatpak, graphite2, and openvpn), Fedora (glibc and thunderbird), Gentoo (graphite2, jbig2dec, libksba, nettle, urbanterror, and vim), openSUSE (go and unrar), Oracle (sudo), SUSE (tomcat), and Ubuntu (openvpn).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

digiKam 5.6.0 is released

By ris The digiKam Team has released
version 5.6.0 of the digiKam Software Collection for photo management. “With this version the HTML gallery and the video slideshow tools are back, database shrinking (e.g. purging stale thumbnails) is also supported on MySQL, grouping items feature has been improved, the support for custom sidecars type-mime have been added, the geolocation bookmarks introduce fixes to be fully functional with bundles, the support for custom sidecars, and of course a lots of bug has been fixed.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Security updates for Thursday

By jake Security updates have been issued by Arch Linux (lxterminal, lxterminal-gtk3, openvpn, and pcmanfm), CentOS (thunderbird), Debian (jython, spip, tomcat7, and tomcat8), openSUSE (openvpn), Oracle (thunderbird), Slackware (openvpn), SUSE (openvpn), and Ubuntu (kernel, linux-lts-trusty, nss, and valgrind).

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] Specifying the kernel ABI

By jake At Open
Source Summit Japan
(OSSJ)—OSS is the new name for LinuxCon,
ContainerCon, and CloudOpen—Sasha Levin gave a talk on the kernel’s
application binary interface (ABI). There is an effort to create a kernel
ABI specification that has its genesis in a
discussion about fuzzers
at the 2016 Linux Plumbers Conference. Since
that time,
some progress on it has been made, so Levin described what the ABI is and the
benefits that would come from having a specification. He also covered
what has been done so far—and the
the extensive work remaining to be done.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

Vranken: The OpenVPN post-audit bug bonanza

By corbet Guido Vranken describes
his efforts
to fuzz-test OpenVPN and the bug reports that resulted.
Most of this issues were found through fuzzing. I hate admitting it,
but my chops in the arcane art of reviewing code manually, acquired through
grueling practice, are dwarfed by the fuzzer in one fell swoop; the
mortal’s mind can only retain and comprehend so much information at a time,
and for programs that perform long cycles of complex, deeply nested
operations it is simply not feasible to expect a human to perform an
encompassing and reliable verification.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail

[$] Memory use in CPython and MicroPython

By jake At PyCon 2017, Kavya Joshi looked
at some of the differences between the Python reference implementation
(known as “CPython”) and
that of MicroPython. In particular,
she described the differences in memory use and handling between the two.
Those differences are
part of
what allows MicroPython to run on the severely memory-constrained
microcontrollers it targets—an environment that could never support CPython.

From: LWN

FacebookTwitterGoogle+LinkedInEvernotePocketGoogle Gmail