Post Syndicated from jzb original https://lwn.net/Articles/1036569/

Cary Coutant has announced
a draft for version 4.3 of the
Executable and Linking Format (ELF) object file format. The
specification was formerly part of the Unix System
V Release 4 (SVR4) gABI document:

The last published gABI documents were the Fourth Edition and a draft
of Edition 4.1, both published in March 1997. The ELF portions of the
document were updated several times between 1998 and 2015, published
online […]

I’ve published the last draft from 2015 as Version 4.2, and collected
the several changes since then, along with new e_machine values, as
Version 4.3.

The source for the draft is on GitHub in reStructuredText
format, and Coutant has collected the mailing list discussions for
changes in 4.3 as GitHub
issues. Thanks to Jose E. Marchesi for the tip.

Post Syndicated from jzb original https://lwn.net/Articles/1036567/

Security updates have been issued by AlmaLinux (httpd, kernel, and kernel-rt), Debian (python-eventlet and python-h2), Mageia (aide, gnutls, tomcat, and vim), Oracle (httpd, mod_http2, postgresql:15, python3.11, python3.12, python3.9, and udisks2), Red Hat (kernel, postgresql, postgresql:12, and postgresql:15), SUSE (dcmtk, jupyter-bqplot-jupyterlab, kured, libudisks2-0, munge, python-eventlet, python-future, python311-eventlet, rekor, traefik2, and ucode-intel), and Ubuntu (linux-aws, linux-azure-5.15, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-nvidia,
linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi, linux-gke, linux-ibm-5.15, linux-kvm, and protobuf).

Post Syndicated from jzb original https://lwn.net/Articles/1035491/

As a rule, if a package is shipped with a Debian release, users can
count on it being available, and updated, for the entire
life of the release. If package foo is included in the stable
release—currently Debian 13
(“trixie”)—a user can
reasonably expect that it will continue to be available with security
backports as long as that release is supported, though it may not be
included in Debian 14 (“forky”). However, it is likely that the
Guix package manager will soon
be removed from the repositories for Debian 13 and
Debian 12 (“bookworm”, also called oldstable).

Post Syndicated from jzb original https://lwn.net/Articles/1028275/

The next release of systemd has been percolating for an unusually
long time. Systemd releases are usually about six months apart, but
v257 came out in
December 2024, and v258 just now seems to be nearing the finish
line; the third release candidate for v258 was published on
August 20 (release
notes). Now is a good time to dig in and take a look at some of
the new features, enhancements, and removals coming soon to
systemd. These include new workload-management features, a concept for
multiple home-directory environments, and the final, once-and-for-all
removal of support for control
groups version 1.

Post Syndicated from jzb original https://lwn.net/Articles/1035537/

Attendees at EuroPython had the chance to preview part of
Python: The Documentary during a
keynote panel. The full film, created by CultRepo, is now available on YouTube:

This is the story of the world’s most beloved programming language:
Python. What began as a side project in Amsterdam during the 1990s
became the software powering artificial intelligence, data science and
some of the world’s biggest companies. But Python’s future wasn’t
certain; at one point it almost disappeared.

This 90-minute documentary features Guido van Rossum, Travis
Oliphant, Barry Warsaw, and many more, and they tell the story of
Python’s rise, its community-driven evolution, the conflicts that
almost tore it apart, and the language’s impact on… well…
everything.

The video
of the keynote is also available.

Post Syndicated from jzb original https://lwn.net/Articles/1035512/

Greg Kroah-Hartman has announced the release of the 6.16.4, 6.12.44, 6.6.103, 6.1.149, 5.15.190, 5.10.241, and 5.4.297 stable Linux kernels. Each one
contains important fixes.

Post Syndicated from jzb original https://lwn.net/Articles/1035332/

Alyssa Rosenzweig has written a blog post
about her work to help ship a “great driver” for the Apple M1
GPU that supports OpenGL, Vulkan, and enables gaming with Proton.

We’ve succeeded beyond my dreams. The challenges I chased, I have
tackled. The drivers are fully upstream in Mesa. Performance isn’t too
bad. With the Vulkan on Apple myth busted, conformant Vulkan is now
coming to macOS via LunarG’s
KosmicKrisp project building on my work.

Satisfied, I am now stepping away from the Apple ecosystem. My
friends in the Asahi Linux orbit will carry the torch from here.

Rosenzweig indicates her next project will be working on Intel’s
X^e-HPG graphics architecture. LWN covered her talk on Apple
M1/M2 GPU drivers in October 2024.

Post Syndicated from jzb original https://lwn.net/Articles/1034560/

The Extensible
Stylesheet Language Transformations (XSLT) language is used by web
browsers to style XML content to make it easily readable; XSLT is part of the
HTML living
standard that is maintained by the Web Hypertext Application Technology
Working Group (WHATWG). Only a small fraction of web sites serve
content that requires web browsers to support XSLT, in part because
major browser implementations have neglected the technology over the past 25
years. Now, it seems, they would like to rid themselves of it
entirely. A plan
to disable XSLT in Blink (Chrome’s rendering engine) and a pull request by
a Google Chrome developer to remove mentions of the specification from
the HTML standard have been met with opposition, but arguments in
favor of XSLT have proven ineffective.

Post Syndicated from jzb original https://lwn.net/Articles/1035321/

The GhostBSD project has released version 25.02 of the
FreeBSD-based desktop operating system. This release brings GhostBSD
up to date with FreeBSD 14.3,
includes enhancements for the Software Station package management
application, and introduces an “OS X-like” desktop environment
based on GNUstep called Gershwin:

This early preview includes:

• GNUstep-based desktop environment with familiar OS X-style
  interface
• Seamless integration with GhostBSD tools through wrappers for
  installer, Software Station, Backup Station, and Update Station
• Support for running non-GNUstep applications alongside GNUstep
  apps
• Several included GNUstep applications to get you started

LWN covered GhostBSD
in June 2024.

Post Syndicated from jzb original https://lwn.net/Articles/1035307/

Security updates have been issued by Debian (node-cipher-base), Fedora (keylime-agent-rust and libtiff), Oracle (aide, kernel, mod_http2, pam, pki-deps:10.6, python-cryptography, python3, python3.12, and thunderbird), SUSE (cheat, ffmpeg, firebird, govulncheck-vulndb, postgresql17, tomcat, tomcat10, tomcat11, ucode-intel-20250812, and v2ray-core), and Ubuntu (binutils, gst-plugins-base1.0, gst-plugins-good1.0, and linux-raspi-realtime).

Post Syndicated from jzb original https://lwn.net/Articles/1034959/

The PyCon team has announced
that all PyCon US 2025 recordings are now available on its
YouTube channel.

We had an amazing and diverse group of community members join us for
PyCon US 2025, attending from 58 different countries! By the numbers,
we welcomed a total attendance of 2,225 Pythonistas to the David
L. Lawrence Convention Center. We couldn’t be more grateful for all
who supported the Python ecosystem and helped make PyCon US 2025 a
huge success.

See the LWN
conference index for coverage of some of the talks from
PyCon US 2025.

Post Syndicated from jzb original https://lwn.net/Articles/1034716/

The Arch Linux project has posted an
update about recent service
outages that have affected its infrastructure:

The Arch Linux Project is currently experiencing an ongoing denial
of service attack that primarily impacts our main webpage, the Arch
User Repository (AUR), and the Forums.

We are aware of the problems that this creates for our end users
and will continue to actively work with our hosting provider to
mitigate the attack. We are also evaluating DDoS protection providers
while carefully considering factors including cost, security, and
ethical standards.

The post contains information on workarounds to use during the
service disruption, and notes that Arch is not sharing technical
details about the attack or mitigation while the attack is still
ongoing.

Post Syndicated from jzb original https://lwn.net/Articles/1034579/

Tobias Heider has written
an article that explains changes that are coming for Ubuntu’s generic
Arm64 desktop ISO images in the 25.10 release. The current solution,
Heider says, depends on GRUB features that are unavailable in secure
boot mode and require adding device-specific logic to multiple
packages. The new solution, called stubble,
is derived from systemd-stub:

A bundled stubble image contains stubble itself, a Linux kernel, a
HWID lookup table to map devices to device trees and multiple device
trees. When grub loads this “kernel”, stubble executes first, reads
the SMBIOS table to generate HWIDs, looks for a match in the embeeded
lookup table and loads a matching device tree before passing control
to the actual Linux kernel.

The elegance in this approach lies in how it interacts with the
rest of the system. Integrating stubble happens entirely at build time
in the kernel package. The stubble package is a build dependency for
the kernel. After building the kernel itself, we bundle it with
stubble and our DTBs and ship the combined binary instead. The
resulting stubble + kernel + dtb bundle can be loaded by grub like any
other Ubuntu kernel. No further changes in grub or other packages are
necessary to make it work.

Post Syndicated from jzb original https://lwn.net/Articles/1034567/

Greg Kroah-Hartman has announced the release of the 6.16.2, 6.15.11, and 6.12.43 stable kernels. He notes that
this is the last release in the 6.15.y series, and recommends that
users move to the 6.16.y kernel branch at this time.

Post Syndicated from jzb original https://lwn.net/Articles/1034558/

Version
25.8 of the LibreOffice open-source office suite has been
released. Notable changes include several new functions in the Calc
spreadsheet application, ability to export to the PDF 2.0 format,
better PowerPoint font compatibility with Impress, and significant
performance improvements. For a full list of changes, see the release
notes on the Document Foundation wiki.

Post Syndicated from jzb original https://lwn.net/Articles/1033474/

After more than two years of development, the Debian Project has released its new stable version, Debian 13 (“trixie”). The release comes with the usual bounty of
upgraded packages and more than 14,000 new packages; it also debuts Advanced Package Tool
(APT) 3.0 as the default package manager and makes 64-bit
RISC-V a supported architecture. There are few surprises with trixie,
which is exactly what many Linux users are hoping for—a free
operating system that just works as expected.

Post Syndicated from jzb original https://lwn.net/Articles/1034546/

Security updates have been issued by Debian (webkit2gtk), Fedora (firefox and libarchive), Red Hat (python3.11-setuptools and python3.12-setuptools), Slackware (mozilla), SUSE (apache2-mod_security2, cairo-devel, cflow, docker, glibc, go1.25, govulncheck-vulndb, gstreamer-0_10-plugins-base, jq, kernel, libarchive, libssh, libxslt, openbao, python-urllib3, systemd, and xz), and Ubuntu (apache2, libssh, libxml2, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop,
linux-hwe-5.15, linux-ibm-5.15, linux-intel-iot-realtime,
linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15,
linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx,
linux-oracle-5.15, linux-realtime, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-lowlatency, linux-lowlatency-hwe-6.8,
linux-realtime, linux-aws-fips, linux-fips, linux-gcp-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-ibm-6.8, tomcat10, and webkit2gtk).

Post Syndicated from jzb original https://lwn.net/Articles/1034450/

The Python Package Index (PyPI) has announced that it is now
checking for expired domains to try to prevent domain-resurrection
attacks. In this type of attack, a malicious user buys an expired
domain and uses it to take over an account by resetting the password
associated with the email used with PyPI. Since June, PyPI has
unverified more than 1,800 email addresses after their associated
domains entered expiration phases.

After an initial bulk check period that took place in April 2025,
PyPI will check daily for any domains in use for status changes, and
update its internal database with the most recent status.

If a domain registration enters the redemption period, that’s an
indicator to PyPI that the previously verified email destinations may
not be trusted, and will un-verify a previously-verified email
address. PyPI will not issue a password reset request to addresses
that have become unverified.

PyPI recommends that users add a second verified email address
“from another notable domain (e.g. Gmail)” to their account, if
they do not have one already.

Post Syndicated from jzb original https://lwn.net/Articles/1033954/

Mitchell Hashimoto has written a blog
post about “fully embracing the GObject type system” with a
rewrite of the GTK version of Ghostty:

In addition to memory management [improvements], we can now more
easily create custom GTK widgets. This let us fully embrace modern GTK
UI technologies such as Blueprint. For example, here is our terminal
window Blueprint file. This has already led to more easily introducing
GUI features like a new GTK titlebar tabs option, an animated border
on bell, etc.

The rewrite is now the default if one builds Ghostty from source,
and will be included in the 1.2 release that is expected in the next
few weeks. LWN covered
Ghostty in January.

Post Syndicated from jzb original https://lwn.net/Articles/1032947/

The purpose of the Filesystem
Hierarchy Standard (FHS) is to provide a specification for
filesystem layout; it specifies the location for files and directories
on a Linux system to simplify application development for multiple
distributions. In its heyday it had some success at this, but the
standard has been frozen in time since 2015, and much has changed
since then. There is a slow-moving effort
to revive the FHS and create a FHS 4.0, but a recent discussion
among Fedora developers also raised the possibility of standardizing
on the suggestions in systemd’s file-hierarchy
documentation, which has now been added to the Linux Userspace API
(UAPI) Group’s specifications.