Post Syndicated from jzb original https://lwn.net/Articles/1003200/

Version
5.0.0 of the darktable
photography workflow application has been released. Major changes in
this release include user-interface/user-experience (UI/UX)
improvements, speed improvements for bulk operations, and the addition
of a inter-script-communication event to allow a running
script to send messages to another running script. LWN last looked at darktable in
2022.

Post Syndicated from jzb original https://lwn.net/Articles/1003048/

Version 2024.12 of the Debian-based Grml live Linux system for system administrators has been released. Grml 2024.12 uses packages from the upcoming Debian 13 (“trixie”) release. It drops support for 32-bit x86 PCs and gains support for 64-bit ARM CPUs. See the release notes for a full list of changes and new features.

Post Syndicated from jzb original https://lwn.net/Articles/1003019/

Security updates have been issued by Debian (chromium and gunicorn), Fedora (jupyterlab), Oracle (bluez, containernetworking-plugins, edk2:20220126gitbb1bba3d77, edk2:20240524, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, libsndfile, libsndfile:1.0.31, mpg123, mpg123:1.32.9, pam, python3.11-urllib3, skopeo, tuned, and unbound:1.16.2), SUSE (avahi, docker, emacs, govulncheck-vulndb, haproxy, kernel, libmozjs-128-0, python-grpcio, python310-xhtml2pdf, sudo, and tailscale), and Ubuntu (dpdk, linux-hwe-5.15, and linux-iot).

Post Syndicated from jzb original https://lwn.net/Articles/1002903/

Security updates have been issued by AlmaLinux (bluez, edk2:20220126gitbb1bba3d77, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, kernel-rt, mpg123, php:8.2, python3.11-urllib3, and tuned), Fedora (ColPack, glibc, golang-github-chainguard-dev-git-urls, golang-github-task, icecat, python-nbdime, python3.13, and python3.14), Mageia (kernel, kmod-xtables-addons, kmod-virtualbox, dwarves and kernel-linus), Red Hat (gstreamer1-plugins-base and gstreamer1-plugins-good), SUSE (curl, emacs, git-bug, glib2, helm, kernel, and traefik2), and Ubuntu (gst-plugins-base1.0, gst-plugins-good1.0, gstreamer1.0, libvpx, linux-gcp, phpunit, and yara).

Post Syndicated from jzb original https://lwn.net/Articles/1002450/

The Fedora Engineering Steering Council (FESCo) has made a series of
missteps in deciding to revoke a longtime Fedora contributor’s provenpackager
status. FESCo made the decision during a closed session, based on private
complaints. It then publicly announced its decision, including the
contributor’s name, while only supplying a vague account of the
contributor’s actions. This has left the Fedora community with more
questions than answers, and raised a number of complaints about the
transparency of FESCo’s process. In addition, the sequence of events has
sparked discussions about package ownership, as well as when and how it’s
appropriate to push changes to packages that a developer doesn’t own.

Post Syndicated from jzb original https://lwn.net/Articles/1002703/

Security updates have been issued by AlmaLinux (libsndfile, php:7.4, python3.11, python3.12, and python36:3.6), Debian (dpdk), Mageia (curl and socat), Oracle (firefox and tuned), Red Hat (bluez, containernetworking-plugins, edk2, edk2:20220126gitbb1bba3d77, edk2:20240524, expat, gstreamer1-plugins-base, gstreamer1-plugins-base and gstreamer1-plugins-good, gstreamer1-plugins-good, kernel, libsndfile, libsndfile:1.0.31, mpg123, mpg123:1.32.9, pam, python3.11-urllib3, skopeo, tuned, unbound, and unbound:1.16.2), SUSE (cloudflared, curl, docker, firefox, gstreamer-plugins-good, kernel, libmozjs-115-0, libmozjs-128-0, libmozjs-78-0, libsoup, ovmf, python-urllib3_1, subversion, thunderbird, and traefik), and Ubuntu (editorconfig-core, libspring-java, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke,
linux-gkeop, linux-ibm, linux-nvidia, linux-nvidia-6.8,
linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8,
linux-raspi, linux, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-ibm,
linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15,
linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-raspi, linux, linux-lowlatency, linux-oracle, linux-aws, linux-aws-5.15, linux-aws, linux-aws-5.4, linux-bluefield, linux-oracle, linux-oracle-5.4, and linux-oem-6.11).

Post Syndicated from jzb original https://lwn.net/Articles/1002546/

Fedora Magazine reports
that the Fedora Asahi Remix 41 for Apple Silicon is now available:

In addition to all the exciting improvements brought by Fedora Linux
41, Fedora Asahi Remix 41 provides x86/x86-64
emulation integration including support for AAA
games to Apple Silicon. The game support is based on the new
conformant Vulkan
1.4 driver. It also continues to provide extensive device support,
including high quality audio out of the box.

LWN covered a talk
from the X.org Developers Conference (XDC) by Alyssa Rosenzweig on the
status of Asahi’s GPU drivers in October.

Post Syndicated from jzb original https://lwn.net/Articles/1001783/

Since we last looked
at the WordPress
dispute, WP Engine has sought
a preliminary injunction against Automattic and its founder Matt Mullenweg to
restore its access to WordPress.org, and more. The judge
in the case granted a preliminary injunction on December 10. The case
is, of course, of interest to users and developers working with
WordPress—but it may also have implications for other
open-source projects well beyond the WordPress community.

Post Syndicated from jzb original https://lwn.net/Articles/1002411/

The Sequoia PGP project has announced
version 1.0 of the sq command-line tool for managing OpenPGP
encryption and signatures. It also provides a decentralized public
key infrastructure (PKI), and key management facilities. This is
the first stable release since development began on the project in
2017.

sq‘s PKI is probably its most notable feature, and the one we invested
the most time in. The PKI is used to authenticate certificates, and
messages. Authentication is necessary to ensure that you are
encrypting to the person you think you are, and to identify who really
authored a message; without authentication, encryption and
verification are much weaker.

Post Syndicated from jzb original https://lwn.net/Articles/1002044/

The CentOS Project has announced
the general availability of CentOS Stream 10. See the release notes for information
on new features, changes, and removed software. The Extra Packages for
Enterprise Linux (EPEL) 10 repository is also available,
and will be adding minor version repositories:

For the EPEL 9 release, we started building packages about six months
before the RHEL 9 release by using CentOS Stream 9 as the initial
build environment. For EPEL 10, we’re expanding on that approach and
doing the same thing for each minor version of RHEL 10. We will have
separate DNF repositories for each minor version of RHEL 10, including
CentOS Stream 10 as the leading minor version. Packages built for one
minor version will carry forward to the next minor version. You can
find more details about this structure in our branching documentation.

LWN covered
Stream 10 and EPEL 10 on December 11.

Post Syndicated from jzb original https://lwn.net/Articles/1001930/

Version
1.32 (dubbed “Penelope”) of Kubernetes has been released with 13
major features graduating to Stable status, 12 entering Beta, and 19
entering Alpha.

If Kubernetes is Ancient Greek for “pilot”, in this release we start
from that origin and reflect on the last 10 years of Kubernetes and
our accomplishments: each release cycle is a journey, and just like
Penelope, in “The Odyssey”, weaved for 10 years — each night removing
parts of what she had done during the day — so does each release add
new features and removes others, albeit here with a much clearer
purpose of constantly improving Kubernetes.

Post Syndicated from jzb original https://lwn.net/Articles/1001909/

The Python Package Index (PyPI) Blog has an analysis
of the compromise of
the ultralytics
project, and what PyPI has learned from this event:

PyPI staff and volunteers do their best to remove malware, but
because the service is open to anyone looking to publish software
there is an unfortunately high amount of abuse. Thankfully most of
this abuse does not have the same widespread impact as a targeted
attack on an already widely-used project.

Mike Fiedler, the PyPI Safety and Security Engineer is working on
new systems for reducing the time that malware is available to be
installed on PyPI, through APIs
that security researchers can automatically send reports to and
new “quarantine”
release status to prevent harm while a human investigates the
situation. Expect more in this space in 2025!

Post Syndicated from jzb original https://lwn.net/Articles/986792/

The Red
Hat Enterprise Linux (RHEL) 10 beta was released in mid-November
and, if all goes according to plan, CentOS Stream 10
should be released before the end of the year. While nothing is etched
in stone just yet, it is a good time for anyone using or targeting
RHEL (and its clones) to start taking a look at how Stream 10,
and the corresponding EPEL
repository, is shaping up. This is not only important to RHEL and
Stream users, but anyone deploying and supporting software on
enterprise Linux (EL) derivatives like AlmaLinux, Oracle Linux,
and Rocky Linux as well.

Post Syndicated from jzb original https://lwn.net/Articles/1001732/

Greg Kroah-Hartman has released version 6.6.65 of the kernel:

This release only fixes a build regression for openrisc, and a runtime
regression for domU guests. If you don’t have problems with them, no
need to upgrade.

Post Syndicated from jzb original https://lwn.net/Articles/1001728/

Security updates have been issued by Debian (proftpd-dfsg and smarty3), Fedora (python3.14), Gentoo (Distrobox, eza, idna, libvirt, and OpenSC), Red Hat (container-tools:rhel8 and edk2), SUSE (avahi, curl, libsoup2, lxd, nodejs20, python-Django, python310-Django4, python312, squid, and webkit2gtk3), and Ubuntu (expat, intel-microcode, linux, linux-aws, linux-kvm, linux-lts-xenial, and shiro).

Post Syndicated from jzb original https://lwn.net/Articles/1001634/

Fedora Project Leader (FPL) Matthew Miller writes that he will soon be hanging up the FPL hat:

Stay tuned for a job posting from Red Hat, and details about all
that. I’m hoping we can hire someone awesome early in 2025, and make
the official handover on the release of auspiciously-numbered Fedora
Linux 42.

I’m not going to leave Fedora, though. As I said above, although it
might not always feel like it from the outside, Red Hat support for
Fedora is stronger than ever, and I plan on helping that grow even
more. I’m stepping into a full-time management role in the Community
Linux Engineering organization, so Fedora will still be part of my day
job, just in a different way.

Post Syndicated from jzb original https://lwn.net/Articles/1000941/

In July, Let’s Encrypt announced it was ending
support “as soon as possible” for the Online
Certificate Status Protocol (OCSP) in favor of Certificate
Revocation Lists (CRLs) due to privacy concerns. The organization
has now announced
that it has set a timeline, and will be turning off its OCSP
responders on August 6, 2025. There is additional action required
for Let’s Encrypt users who use the OCSP Must Staple Extension:

As of January 30, 2025, issuance requests that include the OCSP
Must Staple extension will fail, unless the requesting account has
previously issued a certificate containing the OCSP Must Staple
extension.

As of May 7, all issuance requests that include the OCSP Must
Staple extension will fail, including renewals. Please change your
ACME client configuration to not request the extension.

Post Syndicated from jzb original https://lwn.net/Articles/1000927/

System76 has announced the
fourth alpha release of its Rust-based COSMIC desktop. New features
in this version include the ability to set default applications,
region and language settings, a new Accessibility applet, as well as
support for
variable refresh rate (VRR) in the cosmic-comp compositor and the
display settings tool. See the blog post for a full list of fixes and
performance improvements. LWN covered the first alpha
release in August.

Post Syndicated from jzb original https://lwn.net/Articles/1000485/

It has long been said that naming things
is one of the hard things to do in computer science. That may be
so, but it pales in comparison to the challenge of handling
usernames properly in applications. This is especially true when multiple
applications are involved, and they are all supposed to agree on what
characters are, and are not, allowed. The Debian project is facing
that problem right now, as two user-creation utilities disagreed about
which names are allowable. A plan is in place to sort this out
before the release of Debian 13 (“trixie”) sometime next year.

Post Syndicated from jzb original https://lwn.net/Articles/1000751/

Fedora Project Leader Matthew Miller reports
that the project’s search to replace Pagure as its git forge is
almost complete, with the Fedora Council strongly in favor of Forgejo:

The Council, currently, has a clear preference for Forgejo. This is a
big decision and we don’t want it to feel rushed. Therefore, we’re
opening this up one last time to everyone’s comments. After two weeks,
we’ll take our formal vote — and then get on with the work!

LWN looked at
Forgejo in February.