All posts by jake

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/922337/

Security updates have been issued by Debian (libhtml-stripscripts-perl), Fedora (binwalk, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, kernel, sudo, and syncthing), SUSE (syslog-ng), and Ubuntu (editorconfig-core, firefox, pam, and thunderbird).

The Document Foundation announces LibreOffice 7.5 Community

Post Syndicated from jake original https://lwn.net/Articles/922051/

Version 7.5 of the LibreOffice Community edition is now available. LibreOffice is, of course, the FOSS desktop office suite; version 7.5 brings new features to multiple parts of the tool, including major improvements to dark mode, better PDF exports, improved bookmarks in Writer, data tables for charts in Calc, better interoperability with Microsoft Office, and lots more.
Check out the release notes for further information.

LibreOffice 7.5 Community’s new features have been developed by 144
contributors: 63% of code commits are from the 47 developers employed by
three companies sitting in TDF’s Advisory Board – Collabora, Red Hat and
allotropia – or other organizations, 12% are from 6 developers at The
Document Foundation, and the remaining 25% are from 91 individual
volunteers.

Other 112 volunteers – representing hundreds of other people providing
translations – have committed localizations in 158 languages. LibreOffice
7.5 Community is released in 120 different language versions, more than any
other free or proprietary software, and as such can be used in the native
language (L1) by over 5.4 billion people worldwide. In addition, over 2.3
billion people speak one of those 120 languages as their second language
(L2).

[$] Convergence in the pip and conda worlds?

Post Syndicated from jake original https://lwn.net/Articles/921097/

The discussions about the world of Python packaging and the
problems caused by its disparate tools and incompatible ecosystems are
still ongoing. Last week, we looked at the
beginnings of the conversation
in mid-November, as the discussion
turned toward a possible convergence between two of the major
package-management players: pip and conda. There are numerous
barriers to bringing the two closer together, inertia not least, but the
advantages for users of both, as well as new users to come, could be
substantial.

[$] Using low-cost wireless sensors in the unlicensed bands

Post Syndicated from jake original https://lwn.net/Articles/921497/

When it comes to home automation, people often end up with devices
supporting the Zigbee or Z-Wave protocols, but those devices are
relatively expensive. When I was looking for a way to keep an eye on the
temperature at home a few years ago, I bought a bunch of cheap
temperature and humidity sensors emitting radio signals in the unlicensed
ISM (Industrial, Scientific, and Medical) frequency bands instead. Thanks to rtl_433 and, more recently, rtl_433_ESP and OpenMQTTGateway,
I was able to integrate their measurements easily into my home-automation
system.

Maintainer confidential: Opportunities and challenges of the ubiquitous but under-resourced Yocto Project (Linux.com)

Post Syndicated from jake original https://lwn.net/Articles/921646/

Over at Linux.com, Yocto Project architect Richard Purdie writes about various kinds of problems that the project is experiencing, some of which stem from its success and growth. It is a story that will likely resonate with other open-source projects.

Our scale also means patch requirements are more demanding now. Once, when the number of people using the project was small, the impact of breaking things was also more limited, allowing a little more freedom in development. Now, if we accept a change commit and something breaks, it becomes an instant emergency, and I’m generally expected to resolve it. When patches come from trusted sources, help will often be available to address the regressions as part of an unwritten bond between developers and maintainers. This can intimidate new contributors; they can also find our testing requirements too difficult.

We did have tooling to help new contributors—and also the maintainers—by spotting simple, easily detected errors in incoming patches. This service would test and then reply to patches on the mailing list with pointers on how to fix the patches, freeing maintainer time and helping newcomers. Sadly, such tools require maintenance, and we lost the people who knew how to look after this component, so it stopped working. We formed plans to bring it back and make the maintenance easier, but we’ve struggled to find anyone with the time to do it. I’ve wondered if I should personally try to do it; however, I just can’t spend the chunk of time needed on one thing like that, as I would neglect too many other things for too long.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/921620/

Security updates have been issued by Debian (curl, dojo, git, lemonldap-ng, libapache-session-browseable-perl, libapache-session-ldap-perl, libzen, node-object-path, openjdk-11, sofia-sip, tiff, tor, and varnish), Fedora (libgit2, open62541, pgadmin4, rubygem-git, rust-bat, rust-cargo-c, rust-git-delta, rust-gitui, rust-libgit2-sys, rust-libgit2-sys0.12, rust-pore, rust-pretty-git-prompt, rust-rd-agent, rust-rd-hashd, rust-resctl-bench, rust-resctl-demo, rust-silver, and rust-tokei), Scientific Linux (thunderbird), SUSE (ffmpeg, krb5, nginx, python39-setuptools, sssd, systemd, tiff, and virtualbox), and Ubuntu (linux-azure, linux-azure-5.4, linux-raspi2, linux-azure-fde, and mysql-5.7, mysql-8.0).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/921477/

Security updates have been issued by Debian (bind9, chromium, and modsecurity-apache), Fedora (libgit2, mediawiki, and redis), Oracle (go-toolset:ol8, java-1.8.0-openjdk, systemd, and thunderbird), Red Hat (java-1.8.0-openjdk and redhat-ds:12), SUSE (apache2, bluez, chromium, ffmpeg-4, glib2, haproxy, kernel, libXpm, podman, python-py, python-setuptools, samba, xen, xrdp, and xterm), and Ubuntu (samba).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/921345/

Security updates have been issued by Debian (git), Fedora (libXpm and redis), Oracle (bind, firefox, grub2, java-1.8.0-openjdk, java-11-openjdk, kernel, libtasn1, libXpm, and sssd), Red Hat (thunderbird), SUSE (freeradius-server, kernel, libzypp-plugin-appdata, python-certifi, and xen), and Ubuntu (bind9, krb5, linux-raspi, linux-raspi-5.4, and privoxy).

[$] X clients and byte swapping

Post Syndicated from jake original https://lwn.net/Articles/921196/

While there are still systems with both byte orders,
little-endian has
largely “won” the battle at this point since the vast majority of today’s
systems store data with the least-significant byte first (at the lowest
address). But when the X11 protocol was developed in the 1980s, there were
lots of systems of each byte order, so the X protocol allowed either order
and the server (display side) would swap the bytes to its byte order as
needed. Over time,
the code for swapping data in the messages, which was written in a
more-trusting era, has bit-rotted so that it is now a
largely untested attack surface that is nearly always unused. Peter
Hutterer has been doing some work to stop using that code by default, both
in upstream
X.org code and in downstream Fedora.

[$] Python packaging, visions, and unification

Post Syndicated from jake original https://lwn.net/Articles/920832/

The Python community is currently struggling with a longtime difficulty in
its ecosystem: how to develop, package, distribute, and maintain libraries
and applications. The current situation is sub-optimal in several
dimensions due, at least in part, to the existence of multiple,
non-interoperable mechanisms and tools to handle some of those needs. Last
week, we had an overview of Python
packaging
as a prelude to starting to dig into the discussions. In
this installment, we start to look at the kinds of problems that exist—and
the barriers to solving them.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/920829/

Security updates have been issued by Debian (powerline-gitstatus, tiff, and trafficserver), Fedora (dotnet6.0, firefox, git, kernel, libXpm, rust, sudo, upx, and yarnpkg), Mageia (kernel and kernel-linus), Red Hat (firefox, java-11-openjdk, and sudo), Slackware (mozilla and seamonkey), SUSE (cacti, cacti-spine, samba, and tor), and Ubuntu (firefox, php7.2, php7.4, php8.1, and python-setuptools, setuptools).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/920646/

Security updates have been issued by Debian (lava and libitext5-java), Oracle (java-11-openjdk, java-17-openjdk, and libreoffice), SUSE (firefox, git, mozilla-nss, postgresql-jdbc, and sudo), and Ubuntu (git, linux-aws-5.4, linux-gkeop, linux-hwe-5.4, linux-oracle, linux-snapdragon, linux-azure, linux-gkeop, linux-intel-iotg, linux-lowlatency,
linux-lowlatency-hwe-5.15, linux-oracle-5.15, and linux-bluefield).

[$] Changing Fedora’s shutdown timeouts

Post Syndicated from jake original https://lwn.net/Articles/920333/

On today’s Fedora systems, a reboot cycle—for a kernel update,
say—is normally a fairly quick affair, but that is not always true. The
system will
wait for services to shut down cleanly and will wait for up to two minutes
before killing a service and moving on. A recent proposal to change the
default timeout to 15 seconds, while still allowing some services to
require more time, ran into more opposition than was perhaps anticipated.
Not everyone was comfortable shortening the timeout period, though the
decision has now been made to reduce it, but not as far as was proposed.

[$] A survey of the Python packaging landscape

Post Syndicated from jake original https://lwn.net/Articles/920132/

Over the past several months, there have been wide-ranging discussions in
the Python community about difficulties users have with installing packages
for the language. There is a bewildering array of options for
package-installation tools and Python distributions focused on particular use
cases (e.g. scientific computing); many of those options do not
interoperate well—or at all—so they step on each others’ toes.
The discussions have focused on where solutions might be found to make it
easier on users, but lots of history and entrenched use cases need to be
overcome in order to get there—or even to make progress in that direction.

Security updates for Monday

Post Syndicated from jake original https://lwn.net/Articles/920120/

Security updates have been issued by Debian (chromium, lava, libapreq2, net-snmp, node-minimatch, and openvswitch), Fedora (jpegoptim, kernel, kernel-headers, kernel-tools, and python2.7), Mageia (ctags, ffmpeg, minetest, python-gitpython, w3m, and xrdp), Oracle (kernel), Red Hat (dpdk and libxml2), Slackware (netatalk), SUSE (apptainer, chromium, libheimdal, python-wheel, python310-setuptools, and SDL2), and Ubuntu (linux-aws, linux-gcp-4.15, maven, and net-snmp).

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/919907/

Security updates have been issued by Fedora (cacti, cacti-spine, mbedtls, postgresql-jdbc, and rust), Oracle (.NET 6.0, dbus, expat, grub2, kernel, kernel-container, libtasn1, libtiff, sqlite, and usbguard), Red Hat (rh-postgresql10-postgresql), SUSE (php7), and Ubuntu (heimdal, linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi,, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-5.4, linux-hwe, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4,, linux, linux-aws, linux-kvm, linux-lts-xenial, and vim).