All posts by jzb

[$] Asciinema: making movies at the command-line

Post Syndicated from jzb original https://lwn.net/Articles/1053355/

In open-source circles there are many situations, such as bug
reports, demos, and tutorials, when one might want to provide a
play-by-play of a session in one’s terminal. The asciinema project provides a set of
tools to do just that. Its tools let users record, edit, and share
terminal sessions in a text-based format that has quite a few
advantages compared to making and sharing videos of terminal sessions. For
example, it is easy to use, offers the ability to search text from
recorded sessions, and allows users to copy and paste directly from
the recording.

Security updates for Monday

Post Syndicated from jzb original https://lwn.net/Articles/1053820/

Security updates have been issued by Debian (chromium and sogo), Fedora (chromium, foomuuri, libpng, libsodium, mariadb10.11, musescore, nginx, python-pdfminer, python-urllib3, python3.12, seamonkey, wasmedge, and wget2), Mageia (curl, libpcap, sodium, wget2, and zlib), Slackware (lcms2), SUSE (chromedriver, chromium, noopenh264, coredns, curl, dcmtk, fontforge, gdk-pixbuf-loader-libheif, gimp, kernel, libheif, libpng16, libsoup-2_4-1, libvirt, mariadb, php8, poppler, python-filelock, python-tornado6, python311-aiohttp, qemu, sssd, and traefik), and Ubuntu (libheif, libtasn1-6, linux-azure-nvidia, linux-kvm, linux-raspi, linux-raspi-realtime, and php7.2, php7.4, php8.1, php8.3, php8.4).

Security updates for Friday

Post Syndicated from jzb original https://lwn.net/Articles/1053492/

Security updates have been issued by Debian (pdfminer and vlc), Red Hat (kernel, kernel-rt, and microcode_ctl), Slackware (libtasn1), SUSE (apptainer, curl, ImageMagick, libpcap, libvirt, libwget4, php8, podman, python311-cbor2, qemu, and rsync), and Ubuntu (gnupg, gnupg2, gpsd, libsodium, and python-tornado).

Gentoo looks back on 2025

Post Syndicated from jzb original https://lwn.net/Articles/1053289/

Gentoo Linux has published a 2025
project retrospective
that looks at how the community has evolved,
changes to the distribution, infrastructure, and finances for the
Gentoo Foundation.

Gentoo currently consists of 31663 ebuilds for 19174 different
packages. For amd64 (x86-64), there are 89 GBytes of binary packages
available on the mirrors. Gentoo each week builds 154 distinct installation stages for
different processor architectures and system configurations, with an
overwhelming part of these fully up-to-date.

The number of commits to the main ::gentoo
repository has remained at an overall high level in 2025, with a
slight decrease from 123942 to 112927. The number of commits by
external contributors was 9396, now across 377 unique external
authors.

Security updates for Thursday

Post Syndicated from jzb original https://lwn.net/Articles/1053277/

Security updates have been issued by AlmaLinux (gcc-toolset-14-binutils, gcc-toolset-15-binutils, httpd, kernel, libpng, mariadb, mingw-libpng, poppler, python3.12, and ruby:3.3), Debian (foomuuri and libsodium), Fedora (python-pdfminer and wget2), Oracle (audiofile, bind, gcc-toolset-15-binutils, libpng, mariadb, mariadb10.11, mariadb:10.11, mariadb:10.5, mingw-libpng, poppler, and python3.12), Red Hat (git-lfs, kernel, libpng, libpq, mariadb:10.3, osbuild-composer, postgresql, postgresql:13, and postgresql:15), Slackware (curl), SUSE (c-ares-devel, capstone, curl, gpsd, ImageMagick, libpcap, log4j, python311-filelock, and python314), and Ubuntu (libcaca, libxslt, and net-snmp).

European Commission issues call for evidence on open source

Post Syndicated from jzb original https://lwn.net/Articles/1053107/

The European Commission has opened
a “call
for evidence
” to help shape its European Open Digital Ecosystem
Strategy. The commission is looking to reduce its dependence on
software from non-EU countries:

The EU faces a significant problem of dependence on non-EU countries
in the digital sphere. This reduces users’ choice, hampers EU
companies’ competitiveness and can raise supply chain security issues
as it makes it difficult to control our digital infrastructure (both
physical and software components), potentially creating
vulnerabilities including in critical sectors. In the last few years,
it has been widely acknowledged that open source – which is a public
good to be freely used, modified, and redistributed – has the strong
potential to underpin a diverse portfolio of high-quality and secure
digital solutions that are valid alternatives to proprietary ones. By
doing so, it increases user agency, helps regain control and boost the
resilience of our digital infrastructure.

The feedback period runs until midnight (Brussels time)
February 3, 2026. The commission seeks input from all interested
stakeholders, “in particular the European open-source community
(including individual contributors, open-source companies and
foundations), public administrations, specialised business sectors,
the ICT industry, academia and research institutions
“.

Security updates for Wednesday

Post Syndicated from jzb original https://lwn.net/Articles/1053057/

Security updates have been issued by AlmaLinux (resource-agents, ruby:3.3, thunderbird, and xorg-x11-server), Fedora (libpcap), Red Hat (brotli), Slackware (libsodium), SUSE (dcmtk, govulncheck-vulndb, libpcap, mozjs60, qemu, rsync, and usbmuxd), and Ubuntu (glib2.0 and linux-raspi, linux-raspi-5.4).

Security updates for Tuesday

Post Syndicated from jzb original https://lwn.net/Articles/1052955/

Security updates have been issued by AlmaLinux (kernel, ruby, and thunderbird), Debian (libsodium and ruby-rmagick), Fedora (gnupg2 and proxychains-ng), Oracle (gcc-toolset-14-binutils, rsync, tar, and thunderbird), Red Hat (buildah, mariadb, mariadb10.11, podman, and tar), SUSE (alloy, apache2, buildah, erlang26, glib2, ImageMagick, kernel, libsoup, pgadmin4, python-tornado6, python3, python312, python313, qemu, webkit2gtk3, and xen), and Ubuntu (webkit2gtk).

Security updates for Monday

Post Syndicated from jzb original https://lwn.net/Articles/1052795/

Security updates have been issued by AlmaLinux (tar), Debian (curl and gimp), Fedora (doctl, gitleaks, gnupg2, grpcurl, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, and usd), Mageia (cups), Red Hat (container-tools:rhel8, go-toolset:rhel8, grafana, and skopeo), and SUSE (dirmngr, fluidsynth, gnu-recutils, libmatio-devel, python311-marshmallow, python312-Django6, rsync, and thunderbird).

Shadow-utils 4.19.0 released

Post Syndicated from jzb original https://lwn.net/Articles/1052435/

Version
4.19.0
of the shadow-utils
project has been released. Notable changes in this release include
disallowing
some usernames that were previously accepted
with the
--badname option, and removing
support for escaped newlines
in configuration files. Possibly more
interesting is the announcement that the project is deprecating a
number of programs, hashing algorithms, and the ability to
periodically expire passwords:

Scientific research shows that periodic password expiration
leads to predictable password patterns, and that even in a
theoretical scenario where that wouldn’t happen the gains in
security are mathematically negligible (paper
link
).

Modern security standards, such as NIST SP 800-63B-4 in the USA,
prohibit periodic password expiration. […]

To align with these, we’re deprecating the ability to
periodically expire passwords. The specifics and long-term
roadmap are currently being discussed, and we invite feedback
from users, particularly from those in regulated environments.
See #1432.

The release announcement notes that the features will remain
functional “for a significant period” to minimize
disruption.