Post Syndicated from jake original https://lwn.net/Articles/1014938/

Security updates have been issued by Debian (php7.4, python-django, and python3.9), Fedora (bluez, iwd, libell, and radare2), Mageia (chromium-browser-stable, mosquitto, tomcat, tomcat packages, and vim), Oracle (firefox, grub2, python3, thunderbird, and webkit2gtk3), Red Hat (fence-agents, php:7.4, and python-jinja2), SUSE (assimp-devel, crane, ffmpeg-4, freetype2, helm, kernel, kured, python-Django, python-Jinja2, python311-Django4, and tomcat), and Ubuntu (alpine, djoser, libxslt, postgresql-9.5, and valkey).

Post Syndicated from jake original https://lwn.net/Articles/1014437/

Security updates have been issued by Debian (opensaml and php8.2), Fedora (chromium, ctk, dcmtk, expat, ffmpeg, firefox, fscrypt, gdcm, InsightToolkit, kitty, libssh2, libxml2, linux-firmware, man2html, nextcloud, OpenImageIO, php, podman-tui, python-django, python-django5, python-gunicorn, python-jinja2, python-spotipy, python3.6, qt6-qtwebengine, thunderbird, tigervnc, vim, vyper, xen, xorg-x11-server, and xorg-x11-server-Xwayland), Mageia (freetype2, ghostscript, and man2html), Oracle (kernel and krb5), Red Hat (grub2, libreoffice, mysql:8.0, pcs, thunderbird, tigervnc, webkit2gtk3, and xorg-x11-server), Slackware (expat, freetype, and php), SUSE (amazon-ssm-agent, chromedriver, ed25519-java, google-cloud-sap-agent, google-guest-agent, govulncheck-vulndb, libexslt0, libzvbi-chains0, php8, restic, rubygem-rack, subversion, tomcat, and tomcat10), and Ubuntu (freetype, resteasy, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).

Post Syndicated from jake original https://lwn.net/Articles/1014043/

Greg Kroah-Hartman has announced the release of the 6.13.7, 6.12.19, 6.6.83, 6.1.131, 5.15.179, 5.10.235, and 5.4.291 stable kernels. They all contain a
relatively large number of important fixes throughout the kernel tree.

Post Syndicated from jake original https://lwn.net/Articles/1014042/

Security updates have been issued by Debian (chromium), Fedora (ffmpeg, qt6-qtwebengine, tigervnc, and xorg-x11-server-Xwayland), Red Hat (fence-agents and libxml2), SUSE (amazon-ssm-agent, ark, chromium, fake-gcs-server, gerbera, google-guest-agent, google-osconfig-agent, grafana, kernel, libtinyxml2-10, podman, python311, python312, restic, ruby3.4-rubygem-rack, and thunderbird), and Ubuntu (jinja2, linux-azure, linux-azure-4.15, linux-lts-xenial, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, netatalk, python3.5, python3.8, rar, unrar-nonfree, and xorg-server, xwayland).

Post Syndicated from jake original https://lwn.net/Articles/1012954/

On February 25, the Python
Software Foundation (PSF), which runs the Python Package Index (PyPI), announced
new terms
of service (ToS) for the repository. That has led to some questions
about the new ToS, and the process of coming up with them. For one thing, the previous terms
of use for the service were shorter and simpler, but there are other
concerns with specific wording in the new agreement.

Post Syndicated from jake original https://lwn.net/Articles/1013209/

Security updates have been issued by Debian (firefox-esr), Fedora (firefox and vim), Red Hat (firefox), Slackware (mozilla), SUSE (firefox, firefox-esr, kernel, and podman), and Ubuntu (gpac, kernel, linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-hwe-5.15, and redis).

Post Syndicated from jake original https://lwn.net/Articles/1012760/

Security updates have been issued by Debian (ffmpeg, kernel, linux-6.1, mariadb-10.5, proftpd-dfsg, and xorg-server), Fedora (chromium, cutter-re, iniparser, nodejs22, rizin, webkitgtk, wireshark, xen, and xorg-x11-server), Mageia (binutils and ffmpeg), Oracle (emacs and kernel), Red Hat (emacs and webkit2gtk3), SUSE (azure-cli, bsdtar, gnutls, govulncheck-vulndb, libX11, libxkbfile, libxml2, nodejs-electron, openssh8.4, ovmf, phpMyAdmin, python, python-azure-identity, python311-jupyter-server, tiff, trivy, u-boot, and wireshark), and Ubuntu (opennds and Ruby SAML).

Post Syndicated from jake original https://lwn.net/Articles/1012189/

The 6.13.5, 6.12.17, and 6.6.80 stable kernels have been released. As
usual, they contain important fixes all over the kernel tree; users of
those series should upgrade.

Post Syndicated from jake original https://lwn.net/Articles/1012187/

Security updates have been issued by Debian (emacs and openh264), Fedora (rpm-ostree), Mageia (dcmtk, libcap, openssh, and proftpd), Red Hat (emacs, kernel, and pki-servlet-engine), Slackware (emacs), SUSE (chromium, ffmpeg-4, ffmpeg-7, gnutls, libiniparser-devel, procps, socat, vim, xorg-x11-server, and xwayland), and Ubuntu (binutils, libsndfile, libxmltok, and php5).

Post Syndicated from jake original https://lwn.net/Articles/1011730/

FOSDEM 2025 featured the usual talks
about open-source software, but, as always, the conference also offered the
opportunity to discover some more exotic and less software-centric
topics. That’s how I learned about the Flow
Battery Research Collective (FBRC), which is building what will
eventually become an open-source home battery.
Daniel Fernández Pinto represented the collective at
FOSDEM with his talk “Building
an Open-Source Battery for Stationary Storage” in the “Energy: Accelerating
the Transition through Open Source” developer room (devroom).

Post Syndicated from jake original https://lwn.net/Articles/1011611/

The Emacs extensible text
editor (among other things) has made a security release to address two
vulnerabilities. Emacs 30.1 has fixes for CVE-2025-1244,
which is a shell-command-injection flaw in the man.el man page browser and
for CVE-2024-53920,
which is a code-execution vulnerability in the flymake
syntax-checking mode. LWN covered the
flymake problems back in December.

Post Syndicated from jake original https://lwn.net/Articles/1011610/

Security updates have been issued by AlmaLinux (bind, bind9.18, libpq, mysql, postgresql, postgresql:15, and postgresql:16), Debian (fort-validator, gnutls28, krb5, libxml2, and python-werkzeug), Fedora (chromium, openssh, proftpd, python3.8, vaultwarden, and vim), Oracle (bind, bind9.16, bind9.18, libpq, libsoup, mysql, mysql:8.0, nodejs:18, nodejs:22, postgresql, postgresql:13, postgresql:15, and postgresql:16), Red Hat (mysql, mysql:8.0, and python3), SUSE (chromedriver, dcmtk, grub2, java-1_8_0-ibm, java-23-openjdk, luanti, openssh, postgresql14, postgresql15, postgresql16, postgresql17, proftpd, radare2, and webkit2gtk3), and Ubuntu (intel-microcode, netty, and nginx).

Post Syndicated from jake original https://lwn.net/Articles/1009548/

The maximum filesystem block size that the kernel can support has always
been limited by the host page size for Linux, even if the filesystems could
handle larger block sizes. The large-block-size (LBS) patches that were merged
for the 6.12 kernel removed this limitation in XFS, thereby decoupling
the page size from the filesystem block size. XFS is the first filesystem
to gain this support, with other filesystems likely to add LBS support in
the future. In addition, the LBS patches have been used to get the initial atomic-write support into XFS.

Post Syndicated from jake original https://lwn.net/Articles/1009782/

Many of us enjoy uninterrupted access to mobile networks. However, in
remote areas or during emergencies, that connectivity may not always be
available. For such scenarios, Meshtastic offers a decentralized
wireless mesh network with open-source firmware that runs on affordable,
low-power devices.
At FOSDEM 2025, the Meshtastic
project was represented by one of its core developers, Thomas Göttgens, who
gave a talk, “Meshtastic
– off-grid communication for everyone“, in the Radio developer
room (devroom).

Post Syndicated from jake original https://lwn.net/Articles/1009450/

Security updates have been issued by AlmaLinux (doxygen and openssl), Debian (dcmtk and webkit2gtk), Fedora (chromium, clevis-pin-tpm2, envision, fido-device-onboard, gotify-desktop, keylime-agent-rust, keyring-ima-signer, libkrun, python3.10, python3.11, python3.14, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-openssl, rust-openssl-sys, rust-pore, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sqv, rust-sevctl, rust-snphost, rust-tealdeer, rustup, and s390utils), Mageia (ffmpeg, php-tcpdf, python-tornado, and subversion), Red Hat (openssl and python-jinja2), SUSE (crun, glibc, kernel, libngtcp2-16, libtasn1, netty, ovmf, podman, python, and python3), and Ubuntu (ansible, digikam, linux-aws, linux-aws-5.15, linux-azure-6.8, and ruby2.7).

Post Syndicated from jake original https://lwn.net/Articles/1009011/

While large language models and the expensive hardware they require are all
the rage now, other areas of artificial intelligence work within much more
constrained hardware environments. At FOSDEM 2025, Jon Nordby presented
his open-source machine-learning inference engine for microcontrollers,
named emlearn. The project
also boasts bindings for MicroPython,
thus making machine-learning applications even more accessible.

Post Syndicated from jake original https://lwn.net/Articles/1008829/

Security updates have been issued by AlmaLinux (buildah, bzip2, galera and mariadb, keepalived, kernel, kernel-rt, mariadb:10.11, mingw-glib2, and podman), Debian (ark, firefox-esr, kernel, sssd, and thunderbird), Fedora (abseil-cpp, clevis-pin-tpm2, dbus-parsec, envision, fido-device-onboard, firefox, golang-github-nvidia-container-toolkit, gotify-desktop, jpegxl, keylime-agent-rust, keyring-ima-signer, libkrun, php-phpseclib, python-cryptography, python3-docs, python3.12, python3.13, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-crypto-auditing-agent, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-oo7-cli, rust-openssl, rust-openssl-sys, rust-pore, rust-routinator, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-sqv, rust-sevctl, rust-snphost, rust-tealdeer, rustup, s390utils, stalld, and vaultwarden), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk, libtasn1, mariadb, nodejs, qtbase5 & qtbase6, rootcerts, nss & firefox, thunderbird, and xrdp), Red Hat (buildah, doxygen, podman, and thunderbird), Slackware (gnutls and openssl), SUSE (bind, chromedriver, crypto-policies, krb5, firefox, flannel, go1.22, go1.23, go1.23-1.23.6-1.1, go1.24-1.24rc3-1.1, openssl-1_1, openssl-3, python311-cryptography-vectors, python311-numba, python39, rsync, tomcat, and trivy), and Ubuntu (openrefine and rsync).

Post Syndicated from jake original https://lwn.net/Articles/1008275/

Security updates have been issued by Debian (asterisk and chromium), Fedora (FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, and SimGear), Mageia (bind, chromium-browser-stable, python-django, and vim), Oracle (buildah, bzip2, firefox, keepalived, mariadb:10.11, and podman), Slackware (curl, mariadb, and mozilla), SUSE (cargo-audit-advisory-db-20250204 and python311-scikit-learn), and Ubuntu (ckeditor, krb5, and ruby2.7).

Post Syndicated from jake original https://lwn.net/Articles/1007646/

Security updates have been issued by AlmaLinux (git-lfs, libsoup, and unbound), Debian (dcmtk, ffmpeg, openjdk-11, pam-u2f, and python-aiohttp), Fedora (buku, chromium, jpegxl, nodejs18, nodejs20, and rust-routinator), Mageia (clamav, kernel, kmod-virtualbox, kmod-xtables-addons & dwarves, and kernel-linus), SUSE (apptainer, bind, buildah, chromedriver, clamav, dovecot24, ignition, kubelogin, libjxl, libQt5Bluetooth5-32bit, orc, owasp-modsecurity-crs, python-pydantic, python311-ipython, and stb), and Ubuntu (linux-azure and netdata).

Post Syndicated from jake original https://lwn.net/Articles/1006117/

Julia, a free, general-purpose
programming language aimed at science, engineering, and related arenas of
technical computing, has steadily improved and widened its scope of
application since its initial public
release in 2012. As part of its 1.11 release from late 2024, Julia made several inroads into areas
outside of its traditional focus, provided its users with advances in
tooling, and has seen several improvements in performance and programmer
convenience.
These recent developments in and
around Julia go a long way to answer several longstanding complaints from
both new and experienced users. We last looked
in on the language one year ago,
for its previous major release, Julia 1.10.