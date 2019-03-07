Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers: Haiku, Events, LibreOffice and More Openwashing

Submitted by Roy Schestowitz on Thursday 11th of June 2020 10:10:04 PM Filed under
OSS
  • Haiku R1/beta2 has been released!

    After almost 2 years since R1/beta1, Haiku R1/beta2 has been released. See “Release Notes” for the release notes, “Press contact", for press inquiries … and “Get Haiku!” to skip all that and just download the release (or upgrade to it from an existing install!)

  • Linux Plumbers Conference: Scheduler Microconference Accepted into 2020 Linux Plumbers Conference

    We are pleased to announce that the Scheduler Microconference has been accepted into the 2020 Linux Plumbers Conference!

    The scheduler is an important functionality of the Linux kernel as it decides what gets to run, when and for how long. With different topologies and workloads this is no easy task to give the user the best experience possible. During the Scheduler microconference at LPC last year, we started the work to make SCHED_DEADLINE safe for kthreads and improving load balancing. This year, we continue working on core scheduling, unifying the interface for TurboSched and task latency nice, and continue the discussion on proxy execution.

  • State of the Source Summit

    The Open Source Initiative's mission is to educate about and advocate for the benefits of open source software and to build bridges among different constituencies in the open source community. The State of the Source serves the OSI's mission and our community, with a focus on understanding, implementing, and improving the state of open source software. Below you will find four tracks, themes that should drive each track's sessions, and even a few examples of topics that might help you develop your presentation.

    [...]

    The State of the Source will be a global event and provides tremendous opportunities to directly engage with the open source software community and support the work of the Open Source Initiative. We hope you will join us in our efforts to create broader awareness, increase understanding, and address issues to help educate and build bridges between open source software communities.

  • Please participate in a survey on our web presence

    Since LibreOffice will become 10 years old in September, we believe it’s time to rethink our web presence. That’s primarily the home page https://www.libreoffice.org – but also all the various services that we established in the past for an effective and convenient ecosystem. We would like to hear your opinion,

  • Page-content-bottom vertical relation in Writer

    Users sometimes want to specify the vertical position of their shapes in text documents in a way that is relative from the bottom of the page content area. Also, this improves consistency, specifying a position that is relative from the top of the page content area is already possible.

    Alternatively, it is possible to have the same calculated position when positioning from the top of the page content area. The downside of this approach is that the position changes when the page height changes. So if the user intention is to position a shape 2 cm above the bottom of the page content area and the page height changes, the shape has to be manually re-positioned. This manual re-positioning is not needed with the new page-content-bottom vertical relation.

  • Uber Announces Neuropod, an Open Source Deep Learning Tool

    Uber has announced Neuropod, an open source abstraction layer that offers a uniform interface from which to run deep learning (DL) models.

    Uber’s Advanced Technologies Group (ATG) leverages deep learning in the development of their self-driving technology. In a recent blog post, Vivek Panyam said, “Using deep learning, we can build and train models to handle tasks such as processing sensor input, identifying objects, and predicting where those objects might go.”

»

More in Tux Machines

Coffee Lake Refresh micro-ATX SBC and embedded PC support Linux

Premio unveiled a Linux-ready, $316 “CT-MCL01” micro-ATX board with Intel 9th and 8th Gen CPUs and 4x PCIe Gen3 slots. The announcement follows a recent “RCO-6100” embedded PC based on the same Coffee Lake Refresh chips. Premio has announced several industrial-focused embedded products built around Intel’s 9th and 8th Gen Coffee Lake processors. Yesterday, the City of Industry, Calif. firm, which was formerly an educational computer company called Premio PC, announced a CT-MCL01 micro-ATX board. We will also take a look at Premio’s compact RCO-6100 embedded PC, which was announced back at Embedded World, but is still listed as “coming soon.” Both products are equipped with an LGA1151 socket and Intel’s Q370 chipset. Read more

Games: SteamVR, Humble Codemasters Bundle 2020 and More

  • Valve adds OpenXR support to SteamVR in 'Developer Preview'

    This is quite exciting for the future of Virtual Reality, as Valve as now properly given their backing to the OpenXR standard and added support into SteamVR. What is OpenXR? Overseen by The Khronos Group, who also oversee the OpenGL / Vulkan APIs, it's a royalty-free, open standard that provides high-performance access to Augmented Reality (AR) and Virtual Reality (VR). This way, developers can begin to target OpenXR and have it run cross-platform for XR (AR/VR). Standards like it are important so developers don't have to rewrite code to target each company going their own way with XR.

  • The Humble Codemasters Bundle 2020 is now live

    Here's an interesting game bundle for racing game enthusiasts. The Humble Codemasters Bundle 2020 is now live with a number of good games. Some of them support Linux, some do not, so I've put those that do in bold for you to make it easier to identify at a glance if you're interested in what it offers.

  • Steam Play's Proton 5.0-9 Brings Fix For Games Requiring EA Origin Client

    Following last week's big Proton 5.0-8 release, Valve and CodeWeavers have just released Proton 5.0-9 as a quick bug fix release. The most prominent change with Proton 5.0-9 is a fix for games that require EA's Origin client to operate. The second change is a fix for Final Fantasy XII: The Zodiac Age. That's it as far as the listed changes for Proton 5.0-9. Then again, it came just days after the huge -8 update with the newer VKD3D and DXVK code, many game fixes, support for the latest Steam SDKs, various performance improvements, and a lot more.

  • Whateverland: Prologue mixes a point & click adventure with turn-based strategy

    There seems to be a lot of unique genre blending going on lately. Whateverland: Prologue, the intro / demo to a much bigger game blends a point and click adventure with a 'turn-based strategy sports simulator'. Sounds pretty weird right? Whateverland: Prologue released on Steam yesterday with Linux support and the developer has confirmed that the full game will also appear on Linux too. It's developed by Caligari Games, the same crew behind 2019's The Great Perhaps, which also has Linux support.

GnuTLS and adns security buxfixes

  • Antoine Beaupré: CVE-2020-13777 GnuTLS audit: be scared

    You are reading this correctly: supposedly encrypted TLS connections made with affected GnuTLS releases are vulnerable to passive cleartext recovery attack (and active for 1.3, but who uses that anyways). That is extremely bad. It's pretty close to just switching everyone to HTTP instead of HTTPS, more or less. I would have a lot more to say about the security of GnuTLS in particular -- and security in general -- but I am mostly concerned about patching holes in the roof right now, so this article is not about that.

  • adns 1.5.2, adns 1.6.0 - SECURITY FIXES
    -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

It is with mixed feelings that I announce the release of adns 1.5.2
and adns 1.6.0.

adns is a DNS resolver library for C (and C++) programs, and a
collection of useful DNS lookup utilities.  The C library, and the
command line utilities, provide a convenient interface.  adns is
capable of doing DNS lookups in an asynchronous, event-driven,
fashion.

For more information about adns, please see one of:
  https://www.chiark.greenend.org.uk/~ian/adns/
  https://www.gnu.org/software/adns/

These are security bugfix releases.  All users should upgrade ASAP.

1.5.2 has precisely the security fixes; it does not contain supporting
tests or other noncritical bugfixes.

1.6.0 contains everything in 1.5.2 plus some additional build fixes,
tests for the bugfixes, etc., and minor new features
(forwards-compatible in API, ABI and CLI).

It will be evident from the CVEs (and the commit timestamps in the git
repository) that this release has taken an entirely unreasonbly long
time to prepare.  I can only apologise.

You can download adns as a tarball, or from the git repository which
contains signed git tags.


d8dc389e19dcf4d091ea54d41e83745ade0f04ccabc3452ce4dbca4bf8aa2a7d  
adns-1.5.2.tar.gz
2cfa0b229ad4b2792e7bf97f2bb924d97af38b8fbdcd854cb5e92863152f334a  
adns-1.5.2.tar.gz.sig
fb427265a981e033d1548f2b117cc021073dc8be2eaf2c45fd64ab7b00ed20de  
adns-1.6.0.tar.gz
50e33a021a786b6cba1d2aaf339482a5d52ccd1983f02adc9018b917f2e5cd54  
adns-1.6.0.tar.gz.sig


adns (1.6.0)

  Bugfixes:
  * adnshost: Support --reverse in -f mode input stream
  * timeout robustness against clock skew: track query start time and
    duration.  Clock instability may now only cause spurious timeouts
    rather than indefinite hangs or even assertion failures.

  New features:
  * adnshost: Offer ability to set adns checkc flags
  * adnslogres: Honour --checkc-freq (if it comes first)
  * adnsresfilter: Honour --checkc-freq and --checkc-entex
  * time handling: Support use of CLOCK_MONOTONIC via an init flag.
  * adns_str* etc.: Improve robustness; more allowable inputs values.

  Build system improvements:
  * clean targets: Delete $(TARGETS) too!
  * Remove all m4 output files from the distributed source tree.
  * Support DESTDIR=/some/absolute/path on `make install'.
  * Provide autogen.sh.
  * Rerun autoheader and autoconf (2.69).

  Internal changes:
  * adnshost: adh-opts.c: Whitespace adjustments to option table

  Tests:
  * New tests for fixes in 1.5.3.
  * Fixes to test harness to avoid false positives during fuzzing.
  * Other changes to support use with AFL.
  * Many supporting improvements and refactorings.
  * Fix skipped tests ($$ reference in Makefile)



adns (1.5.2)

  * Important security fixes:
     CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
        Vulnerable applications: all adns callers.
        Exploitable by: the local recursive resolver.
        Likely worst case: Remote code execution.
     CVE-2017-9106:
        Vulnerable applications: those that make SOA queries.
        Exploitable by: upstream DNS data sources.
        Likely worst case: DoS (crash of the adns-using application)
     CVE-2017-9107:
        Vulnerable applications: those that use adns_qf_quoteok_query.
        Exploitable by: sources of query domain names.
        Likely worst case: DoS (crash of the adns-using application)
     CVE-2017-9108:
        Vulnerable applications: adnshost.
        Exploitable by: code responsible for framing the input.
        Likely worst case: DoS (adnshost crashes at EOF).
    All found by AFL 2.35b.  Thanks to the University of Cambridge
    Department of Applied Mathematics for computing facilities.

  Bugfixes:
  * Do not include spurious external symbol `data' (fixes GCC10 build).
  * If server sends TC flag over TCP, bail rather than retrying.
  * Do not crash on certain strange resolv.conf contents.
  * Fix various crashes if a global system failure occurs, or
    adns_finish is called with outstanding queries.
  * Correct a parsing error message very slightly.
  * DNS packet parsing: Slight fix when packet is truncated.
  * Fix ABI compatibility in string conversion of certain RR types.
  * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.

  Portability fix:
  * common.make.in: add -Wno-unused-value.  Fixes build with GCC9.

  Internal changes:
  * Additional comments describing some internal code restrions.
  * Robustness assert() against malfunctioning write() system call.
  • GNU's "adns" DNS Resolver Library Hit By An Array Of Security Issues

    For those making use of GNU's "adns" asynchronous DNS client library, important security updates are out today. This DNS resolver library is out with version adns 1.5.2 in shipping these pressing security fixes as well as adns 1.6.0 as a new feature release incorporating these important fixes as well as new improvements that accumulated over the past three years. There are four CVEs from 2017 for adns that pertain to remote code execution possibilities. Additionally, there are another three CVEs (also from 2017) relating to possible denial of service via potential crashes.

Latest Linux Magazine (Paywall)

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6