Post Syndicated from jake original https://lwn.net/Articles/958124/
Security updates have been issued by Debian (kernel, linux-5.10, php-phpseclib, php-phpseclib3, and phpseclib), Fedora (openssh and tinyxml), Gentoo (FreeRDP and Prometheus SNMP Exporter), Mageia (packages), Red Hat (openssl), SUSE (gstreamer-plugins-rs and python-django-grappelli), and Ubuntu (dotnet6, dotnet7, dotnet8, openssh, and xerces-c).
Post Syndicated from jake original https://lwn.net/Articles/958029/
Security updates have been issued by Debian (chromium), Fedora (chromium, python-paramiko, tigervnc, and xorg-x11-server), Oracle (ipa, libxml2, python-urllib3, python3, and squid), Red Hat (.NET 6.0, .NET 7.0, .NET 8.0, container-tools:4.0, fence-agents, frr, gnutls, idm:DL1, ipa, kernel, kernel-rt, libarchive, libxml2, nss, openssl, pixman, python-urllib3, python3, tigervnc, tomcat, and virt:rhel and virt-devel:rhel modules), SUSE (gstreamer-plugins-bad), and Ubuntu (firefox, Go, linux-aws, linux-gcp-5.15, linux-intel-iotg-5.15, linux-iot, linux-oem-6.1, and twisted).
Post Syndicated from jake original https://lwn.net/Articles/957316/
As part of my quest to master Emacs, which
is sort of a sub-quest on the way toward learning more about Lisp, I have
spent a fair amount of time discovering various corners of the Emacs
world. One of those is the famous “Org
mode” that is used for a wide variety of organizational tasks within
the editor—and not just Emacs, but for Vim and others too.
Org mode can be
used for to-do lists, notes with interconnections between them, literate
programming, web sites, and more. Now my quests are growing quests of
their own and digging into Org mode is one of those.
Post Syndicated from jake original https://lwn.net/Articles/957219/
A new release
for any project with a fix for a 12-year old CVE is going to stand
out pretty
obviously; a recent release has a fix of that nature, but the trail of CVE-2012-5639 is
rather elusive. The Apache
OpenOffice project made its 4.1.15
release with fixes for four CVEs, including one for
CVE-2012-5639 (“Loading internal / external resources without
warning”), on December 22. But nearly everything about that CVE
seems rather murky, and it is difficult to get a clear picture of what,
exactly, was done in OpenOffice to address the problem.
Post Syndicated from jake original https://lwn.net/Articles/957148/
Greg Kroah-Hartman has announced the release of the 5.4.266, 4.19.304, and 4.14.335 stable kernels. They contain
important fixes throughout the kernel tree.
Post Syndicated from jake original https://lwn.net/Articles/957146/
Security updates have been issued by Debian (exim4), Fedora (chromium, perl-Spreadsheet-ParseExcel, python-aiohttp, python-pysqueezebox, and tinyxml), Gentoo (Apache Batik, Eclipse Mosquitto, firefox, R, Synapse, and util-linux), Mageia (libssh2 and putty), Red Hat (squid), SUSE (libxkbcommon), and Ubuntu (gnutls28).
Post Syndicated from jake original https://lwn.net/Articles/957005/
Security updates have been issued by Debian (asterisk, chromium, exim4, netatalk, and tomcat9), Fedora (chromium), Gentoo (BlueZ, c-ares, CUPS filters, RDoc, and WebKitGTK+), Oracle (firefox, squid:4, thunderbird, and tigervnc), SUSE (python-aiohttp and python-paramiko), and Ubuntu (linux-intel-iotg).
Post Syndicated from jake original https://lwn.net/Articles/956862/
The saga of the None-aware (or null-coalescing) operators for Python
continues. We last looked in on the topic
a little over a year ago and noted that either adoption or a clear
rejection of the idea might help tamp down its regular recurrence. That
has not happened, so, predictably, it was raised again—and does not look
any closer to resolution this time around.
Post Syndicated from jake original https://lwn.net/Articles/956855/
Security updates have been issued by Oracle (firefox, gstreamer1-plugins-bad-free, thunderbird, tigervnc, and xorg-x11-server), Red Hat (squid:4), SUSE (exim, libcryptopp, and proftpd), and Ubuntu (openssh and sqlite3).
Post Syndicated from jake original https://lwn.net/Articles/956533/
Normally, when a new vulnerability is discovered and releases are
coordinated with those affected, the announcement is done at
a convenient time—not generally right before the end-of-year holidays, for
example. The SMTP
Smuggling vulnerability has taken a different path, however, with its
announcement landing on December 18. That may well have been
unpleasant for some administrators that had not yet updated, but it was
particularly problematic for
some projects that had not been made aware of the vulnerability at
all—though it was known to affect several open-source mailers.
Post Syndicated from jake original https://lwn.net/Articles/956699/
On his blog,
Luc Lenôtre introduces
Maestro, “a Unix-like kernel and operating system written from
“. Maestro is intended to be
scratch in Rust
“lightweight and compatible-enough with Linux to be usable in everyday
“. The project began, in C, back in 2018, but switched over to
life
Rust after a year-and-a-half. The current status:
Maestro is a monolithic kernel, supporting only the x86 (in 32 bits)
architecture for now.At the time of writing, 135 out of 437 Linux system calls
(roughly 31%) are
more or less implemented. The project has 48 800 lines of code
across 615
files (all repositories combined, counted using the cloc command).
There is a Hacker
News discussion of the project as well.
Post Syndicated from jake original https://lwn.net/Articles/956524/
Greg Kroah-Hartman has announced the release of the 6.6.9 and 6.1.70 stable kernels. As usual, they contain
important fixes throughout the kernel tree.
Post Syndicated from jake original https://lwn.net/Articles/956522/
Version 1.6.0 of the Scribus
desktop-publishing application has been released. The
list of new features is rather long and includes a user interface overhaul,
improvements for HiDPI screens, new scripting commands, lots of
typographical improvements and features, a new picture browser for
graphical asset management, support for more gradient types, and much more.
Scribus 1.6.0 is the long awaited release in the next stable series,
replacing 1.4.8 and development versions in the 1.5.x series. This version
has been in development for some years and contains thousands of
enhancements and fixes across all areas of the program. It has more
features, is faster, and is more stable.
Post Syndicated from jake original https://lwn.net/Articles/956521/
Security updates have been issued by Debian (ansible, asterisk, cjson, firefox-esr, kernel, libde265, libreoffice, libspreadsheet-parseexcel-perl, php-guzzlehttp-psr7, thunderbird, tinyxml, and xerces-c), Fedora (podman-tui, proftpd, python-asyncssh, squid, and xerces-c), Mageia (libssh and proftpd), and SUSE (deepin-compressor, gnutls, gstreamer, libreoffice, opera, proftpd, and python-pip).
Post Syndicated from jake original https://lwn.net/Articles/956456/
The Julia programming language project has released Julia v1.10. It is mainly a performance release, with only two new language features mentioned in the release notes: “JuliaSyntax.jl is now used as the default parser, providing better diagnostics and faster parsing.
” and the addition of two Unicode symbols for use as binary operators: “⥺ (U+297A, \leftarrowsubset) and ⥷ (U+2977, \leftarrowless)
“. Package-loading time has been improved further and the mark phase of garbage collection has been parallelized, among other improvements.
Post Syndicated from jake original https://lwn.net/Articles/955708/
Displaying an application’s graphical output onto the screen requires
compositing and
mode setting that are correctly synchronized among the various pieces,
with low overhead.
In this second and final article in the series, we will look at
those pieces of the Linux graphics stack. In the first installment, we
followed the path of graphics from the application, through Mesa, while
using the
memory-management features of the kernel’s Direct
Rendering Manager (DRM) subsystem.
We ended up with an application’s graphics data stored in an output buffer,
so now
it’s time to display the image to the user.
Post Syndicated from jake original https://lwn.net/Articles/956257/
Security updates have been issued by Debian (haproxy, libssh, and nodejs), Fedora (filezilla and minizip-ng), Gentoo (Git, libssh, and OpenSSH), and SUSE (gstreamer, postfix, webkit2gtk3, and zabbix).
Post Syndicated from jake original https://lwn.net/Articles/956156/
Security updates have been issued by Debian (curl, openssh, osslsigncode, and putty), Fedora (chromium, filezilla, libfilezilla, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, opensc, thunderbird, unrealircd, and xorg-x11-server-Xwayland), Gentoo (Ceph, FFmpeg, Flatpak, Gitea, and SABnzbd), Mageia (chromium-browser-stable), Slackware (kernel and postfix), and SUSE (cppcheck, distribution, gstreamer-plugins-bad, jbigkit, and ppp).
Post Syndicated from jake original https://lwn.net/Articles/956115/
As is the tradition for the Ruby programming language, December 25 is the date for new major releases; this year, Ruby 3.3.0 was released. It comes with a new parser called “Prism” that is “both a C library that will be used internally by CRuby and a Ruby gem that can be used by any tooling which needs to parse Ruby code
“. The release also has many performance improvements, especially in the YJIT (Yet another Ruby JIT) just-in-time compiler. Ruby 3.3 adds a new Ruby-based JIT, RJIT, that targets x86_64, which is available for experimental purposes. There are lots of other improvements and new features described in the announcement.
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.