LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, January 29th, 2014

    Time Event
    1:40p
    Stable kernels 3.13.1 and 3.4.78
    The 3.13.1 and 3.4.78 stable kernel updates have been
    released. As usual, each contains a big set of important fixes.
    3:30p
    [$] Python, SSL/TLS certificates and default validation
    Since the beginning of time—Python time anyway—there has been no checking of SSL/TLS certificates in Python's standard library; neither the urllib nor the urllib2 library performs this checking. As a result, when a Python client connects to a site using HTTPS, any certificate can be offered by the server and the connection will be established. That is probably not what most Python programmers expect, but the documentation does warn those who read it. There are alternatives, of course, but not in the standard library—until now. Python 3.4 makes things a lot better but still does no verification by default, which is a major concern to some Python developers.

    Click below (subscribers only) for the full article.

    4:51p
    Security advisories for Wednesday

    CentOS has updated libvirt (C6: denial of service).

    Fedora has updated cxxtools (F20: denial of service), libreswan (F20; F19: denial of service), and libXfont (F19: privilege escalation).

    Gentoo has updated digest-base (code execution from 2011).

    Oracle has updated libvirt (OL6: denial of service).

    Red Hat has updated kernel-rt (multiple vulnerabilities) and libvirt (RHEL6: denial of service).

    Scientific Linux has updated libvirt (SL6: denial of service).

    Slackware has updated bind (denial of service) and mozilla-nss (information disclosure).

    SUSE has updated puppet (ruby file execution).

    6:57p
    [$] GCC, LLVM, and compiler plugins

    GCC, the GNU Compiler Collection, is a cornerstone of the GNU project and the larger free-software community that has grown up around it. Recently a debate sprang up on the GCC mailing list over the question of whether GCC ought to deliberately adopt a development approach more like that of rival compiler LLVM. Precisely which aspects of LLVM's approach were desirable for adoption depends on who one asked, but the main argument was that LLVM seems to be attracting more users. The GCC project, however, contends that LLVM's perceived popularity is due largely to its accommodation of proprietary extensions—which is something that GCC supporters consider decidedly contrary to their core objectives.

    9:32p
    Linux Plumbers Conference call for refereed-track presentations
    The 2014 Linux Plumbers conference will be held October 15 to 17 in
    Düsseldorf, Germany; the call for presentations in the refereed track has
    just gone out. "Refereed track presentations are similar to traditional presentations,
    but preferably involve significant face-to-face discussion and debate.
    These presentations should focus on some specific issue in the "plumbing"
    in the Linux system, where example Linux-plumbing components include core
    kernel subsystems, core libraries, windowing systems, management tools,
    device support, media creation/playback, and so on.    "

    << Previous Day 2014/01/29
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org