All posts by jzb

[$] Responses to gpg.fail

Post Syndicated from jzb original https://lwn.net/Articles/1054220/

At the 39th
Chaos Communication Congress
(39C3) in December, researchers Lexi
Groves (“49016”) and Liam Wachter said that they had discovered a
number of flaws in popular implementations of OpenPGP email-encryption standard. They also released an
accompanying web site, gpg.fail, with
descriptions of the discoveries. Most of those
presented were found in GNU Privacy
Guard
(GPG), though the pair also discussed problems in age,
Minisign, Sequoia, and the OpenPGP
standard
(RFC 9580) itself. The discoveries have spurred some interesting
discussions and as well as responses from GPG and Sequoia
developers.

Security updates for Wednesday

Post Syndicated from jzb original https://lwn.net/Articles/1055322/

Security updates have been issued by AlmaLinux (brotli and container-tools:rhel8), Debian (python-keystonemiddleware and python3.9), Fedora (cef, freerdp, golang-github-tetratelabs-wazero, and libpcap), Oracle (brotli, gpsd, kernel, and transfig), Red Hat (freerdp, golang, java-11-openjdk with Extended Lifecycle Support, libpng, libssh, mingw-libpng, and runc), SUSE (abseil-cpp, alloy, apache2, bind, cpp-httplib, curl, erlang, firefox, gpg2, grafana, haproxy, hauler, hawk2, libblkid-devel, libpng16, libraylib550, python-keystonemiddleware-doc, python-uv, python-weasyprint, squid, and tomcat), and Ubuntu (crawl and iperf3).

Mozilla introduces Firefox Nightly RPM package repository

Post Syndicated from jzb original https://lwn.net/Articles/1055191/

Mozilla has announced
a repository with Firefox
Nightly channel
packages for RPM-based Linux distributions such as CentOS
Stream, Fedora, and openSUSE. Mozilla has provided a Debian repository
since 2023.

Note that this repository only includes the nightly builds of The
firefox-nightly package. Mozilla is not providing stable
builds as RPMs at this time. However, the package will not conflict
with a distribution’s regular firefox package; both packages
can be installed at the same time for those who wish to test the
nightly builds. See the blog post for instructions on setting up the
repository.

Security updates for Tuesday

Post Syndicated from jzb original https://lwn.net/Articles/1055152/

Security updates have been issued by AlmaLinux (gpsd-minimal, jmc, kernel, kernel-rt, and net-snmp), Debian (apache-log4j2 and dcmtk), Fedora (exim, gpsd, mysql8.0, mysql8.4, python-biopython, and rust-lru), Mageia (firefox, nss and thunderbird), Oracle (container-tools:rhel8, gpsd-minimal, jmc, kernel, net-snmp, and uek-kernel), Red Hat (net-snmp), SUSE (chromium, go, harfbuzz-devel, kernel, libsoup, rust1.91, rust1.92, and thunderbird), and Ubuntu (apache2, avahi, and python-urllib3).

Haas: Who contributed to PostgreSQL development in 2025?

Post Syndicated from jzb original https://lwn.net/Articles/1055033/

PostgreSQL contributor Robert Haas has published
a blog post that breaks down code contributions to PostgreSQL in
2025.

I calculate that, in 2025, there were 266 people who were the
principal author of at least one PostgreSQL commit. 66% of the new
lines of code where contributed by one of 26 people, and 90% of the
lines of new code were contributed by one of 67 people.

Contributions to the project seem to be on the upswing; in his analysis
of development in 2024
, there were 229 people who were the primary
authors of a commit, and 66% of new lines of code were contributed by
one of 18 people. The raw
data
is also available.

Wine 11.0 released

Post Syndicated from jzb original https://lwn.net/Articles/1055001/

Version
11.0
of the Wine Windows compatibility layer is out. “This
release represents a year of development effort, around 6,300
individual changes, and more than 600 bug fixes.
” The most notable
changes in this release are support for the NTSync Linux kernel module
(when available), and the completion of the Windows 32-bit on Windows 64-bit (WoW64) architecture that was announced as experimental in Wine 9.0.

Security updates for Monday

Post Syndicated from jzb original https://lwn.net/Articles/1054992/

Security updates have been issued by AlmaLinux (cups, libpq, libsoup3, podman, and postgresql16), Debian (ffmpeg, gpsd, python-urllib3, and thunderbird), Fedora (chromium, foomuuri, forgejo, freerdp, harfbuzz, libtpms, musescore, python-biopython, and python3.12), Mageia (gimp, libpng, nodejs, and python-urllib3), and SUSE (alloy, avahi, bind, chromedriver, chromium, cpp-httplib, docker, erlang, fluidsynth, freerdp, go-sendxmpp, govulncheck-vulndb, kernel, libwireshark19, NetworkManager-applet-l2tp, python, python311-virtualenv, thunderbird, and zk).

Security updates for Friday

Post Syndicated from jzb original https://lwn.net/Articles/1054683/

Security updates have been issued by AlmaLinux (gnupg2), Debian (firefox-esr), Oracle (cups, gnupg2, libpq, net-snmp, postgresql, postgresql:15, postgresql:16, transfig, and vsftpd), Red Hat (firefox), SUSE (apache2, curl, firefox, gpg2, hawk2, libcryptopp-devel, openCryptoki, python310, python311-urllib3, rke2, squid, and tomcat), and Ubuntu (cpp-httplib, git, python-apt, and simgear).

Running Debian on the OpenWrt One (Collabora Blog)

Post Syndicated from jzb original https://lwn.net/Articles/1054519/

Sjoerd Simons has published
a blog post
about running Debian on the OpenWrt One
router hardware:

With openwrt-one-debian, you can now install and run a full Debian
system leveraging the OpenWrt One’s NVMe storage, enabling everything
from custom services and containers to development tools and
lightweight server workloads, all on open hardware.

This project provides a rust-based flasher to install Debian on the
OpenWrt One, opening the door to standard Debian tooling, packages,
and workflows. For developers and power users, it transforms the
OpenWrt One from a network appliance into a compact, general-purpose
Linux system.

See the GitHub
repository
for the code and latest build. LWN reviewed the device in
November 2024, and covered Denver
Gingerich’s talk at SCALE 22x about
the making of the router in March 2025.

A note for MXroute users

Post Syndicated from jzb original https://lwn.net/Articles/1054410/

We have recently noticed that email from LWN.net seems to be
blocked by MXroute. Unfortunately, the company also does not seem to
have a way for non-customers to report problems in mail delivery, so
we have no good way to get ourselves unblocked.

As a result, readers who have subscribed to an LWN mailing list
from a domain hosted with MXroute will probably not receive our
mailings. We have not yet unsubscribed addresses that are being
blocked by MXroute, but will soon if the problem persists. Please
accept our apologies for the inconvenience; it is unfortunate that it
is becoming so difficult to send legitimate email as a small
business.

Security updates for Thursday

Post Syndicated from jzb original https://lwn.net/Articles/1054408/

Security updates have been issued by Debian (chromium, gnupg2, and mongo-c-driver), Fedora (firefox, gpsd, linux-firmware, and seamonkey), Mageia (net-snmp), Oracle (kernel, podman, postgresql16, postgresql:13, postgresql:15, postgresql:16, and uek-kernel), Red Hat (libpq, net-snmp, and transfig), Slackware (libpng and mozilla), SUSE (avahi, bluez, capstone, curl, dpdk, firefox, firefox-esr, fluidsynth, glib2, kernel, kernel-devel, libmicrohttpd, libpcap, libpng16, libsoup, libsoup-3_0-0, libtasn1, libvirt, mcphost, openvswitch, ovmf, podman, poppler, python-tornado6, python311, qemu, rsync, and valkey), and Ubuntu (erlang, klibc, libpng1.6, and ruby-rack).

[$] LWN.net Weekly Edition for January 15, 2026

Post Syndicated from jzb original https://lwn.net/Articles/1053201/

Inside this week’s LWN.net Weekly Edition:

  • Front: SFC v. VIZIO; GPLv2 requirements; Debian and GTK 2; OpenZL; kernel scheduler QoS; Rust concurrent data access; Asciinema.
  • Briefs: OpenSSL and Python; LSFMM+BPF 2026; Fedora elections; Gentoo retrospective; EU lawmaking; Git data model; Firefox 147; Radicle 1.6.0; Quotes; …
  • Announcements: Newsletters, conferences, security updates, patches, and more.

[$] Debian discusses removing GTK 2 for forky

Post Syndicated from jzb original https://lwn.net/Articles/1051006/

The Debian GNOME team would like to remove the GTK 2 graphics
toolkit, which has been unmaintained upstream for more than five
years, and ship Debian 14 (“forky”) without it. As one might
expect, however, there are those who would like to find a way to keep
it. Despite its age and declared obsolescence, quite a few Debian
packages still depend on GTK 2. Many of those applications are
unlikely to be updated, and users are not eager to give them
up. Discussion about how to handle this is ongoing; it seems likely
that Debian developers will find some way to continue supporting
applications that require GTK 2, but users may have to look
outside official Debian repositories.

Security updates for Wednesday

Post Syndicated from jzb original https://lwn.net/Articles/1054167/

Security updates have been issued by AlmaLinux (sssd), Debian (linux-6.1 and python-parsl), Fedora (chezmoi, complyctl, composer, and firefox), Oracle (kernel), Red Hat (buildah, libpq, podman, postgresql, postgresql16, postgresql:13, postgresql:15, and postgresql:16), SUSE (avahi, curl, ffmpeg-4, ffmpeg-7, firefox, istioctl, k6, kubelogin, libmicrohttpd, libpcap-devel, libpng16, libtasn1-6-32bit, matio, ovmf, python-tornado6, python311-Authlib, and teleport), and Ubuntu (angular.js, python-urllib3, and webkit2gtk).

Firefox 147 released

Post Syndicated from jzb original https://lwn.net/Articles/1053995/

Version
147.0
of the Firefox web browser has been released. Notable
changes in this release include support for the XDG Base
Directory specification
, enabling local
network access restrictions
for users with enhanced
tracking protection
(ETP) set to “Strict”, and a fix that improves
Firefox’s rendering with GNOME on fractionally scaled
displays. Firefox 147 also includes a number of security
fixes
, including several sandbox-escape vulnerabilities.

Security updates for Tuesday

Post Syndicated from jzb original https://lwn.net/Articles/1053988/

Security updates have been issued by AlmaLinux (mariadb10.11, mariadb:10.11, mariadb:10.3, mariadb:10.5, and tar), Debian (net-snmp), Fedora (coturn, NetworkManager-l2tp, openssh, and tuxanci), Mageia (libtasn1), Oracle (buildah, cups, httpd, kernel, libpq, libsoup, libsoup3, mariadb:10.11, mariadb:10.3, openssl, and podman), SUSE (cpp-httplib, ImageMagick, libtasn1, python-cbor2, util-linux, valkey, and wget2), and Ubuntu (google-guest-agent, linux-iot, and python-urllib3).