Post Syndicated from jzb original https://lwn.net/Articles/1047386/
Security updates have been issued by AlmaLinux (delve and golang), Debian (webkit2gtk), Oracle (expat and thunderbird), Red Hat (kernel), Slackware (openvpn), SUSE (chromium, grub2, and kernel), and Ubuntu (cups-filters, imagemagick, and libcupsfilters).
Post Syndicated from jzb original https://lwn.net/Articles/1047291/
In July, Collabora announced
the Rust-based Tyr
GPU driver for Arm Mali
GPUs. Daniel Almeida has posted an update
on progress with a prototype of the driver running on a Rock 5B board
with the Rockchip RK3588 system-on-chip:
The Tyr prototype has progressed from basic GPU job execution to
running GNOME, Weston, and full-screen 3D games like SuperTuxKart,
demonstrating a functional, high-performance Rust driver that matches
C-driver performance and paves the way for eventual upstream
integration! […]Tyr is not ready to be used as a daily-driver, and it will still
take time to replicate this upstream, although it is now clear that we
will surely get there. And as a mere prototype, it has a lot of
shortcuts that we would not have in an upstream version, even though
it can run on top of an unmodified (i.e., upstream) version of
Mesa.That said, this prototype can serve as an experimental driver and
as a testbed for all the Rust abstraction work taking place
upstream. It will let us experiment with different design decisions
and gather data on what truly contributes to the project’s
objective.
There is also a video on
YouTube of the prototype in action.
Post Syndicated from jzb original https://lwn.net/Articles/1047220/
Security updates have been issued by AlmaLinux (bind, bind9.18, container-tools:rhel8, expat, grub2, haproxy, idm:DL1, kernel, kernel-rt, lasso, libsoup, libssh, libtiff, pcs, podman, python-kdcproxy, qt5-qt3d, redis, redis:7, runc, shadow-utils, sqlite, squid, vim, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), Debian (chromium), Oracle (lasso and postgresql), SUSE (erlang27, ghostscript, grub2, kernel, libIex-3_4-33, python312, and sbctl), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4,
linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4,
linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-aws-6.8, linux-fips, linux-aws-fips, linux-gcp-fips, linux-oracle, and mysql-8.0, mysql-8.4).
Post Syndicated from jzb original https://lwn.net/Articles/1047056/
In mid-October, the Xubuntu
download site was compromised and had directed users to a malicious
zip file instead of the Torrent file that users expected. Elizabeth
K. Joseph has published
a postmortem of the incident, along with plans to avoid such a breach
in the future:
To be perfectly clear: this only impacted our website, and the torrent
links provided there.If you downloaded or opened a file named “Xubuntu-Safe-Download.zip”
from the Xubuntu downloads page during this period, you should assume
it was malicious. We strongly recommend scanning your computer with a
trusted antivirus or anti-malware solution and deleting the file
immediately.Nothing on cdimages.ubuntu.com or any of the other official Ubuntu
repositories was impacted, and our mirrors remained safe as long as
they were also mirroring from official resources.None of the build systems, packages, or other components of Xubuntu
itself were impacted.
Post Syndicated from jzb original https://lwn.net/Articles/1047055/
Recordings from the GStreamer
Conference 2025, held in London in late October, are now
available on the GStreamer Conferences Archive site. Includes the
GStreamer
State of the Union talk by Tim-Philipp Müller, State
of MPEG 2 Transport Stream (MPEG-TS) by Edward Hervey, and many
others.
Post Syndicated from jzb original https://lwn.net/Articles/1047021/
Security updates have been issued by Debian (pdfminer), Fedora (chromium and firefox), Mageia (bubblewrap, flatpak, cups-filters, and thunderbird), Oracle (container-tools:rhel8, kernel, and squid), Red Hat (kernel), Slackware (libarchive), SUSE (gimp, itextpdf, kernel, thunderbird, and unbound), and Ubuntu (lasso).
Post Syndicated from jzb original https://lwn.net/Articles/1046962/
Version
5.0 of the Blender animation system has been released. Notable
improvements include improved color management, HDR capabilities, and
a new storyboarding template. See the release
notes for a lengthy list of new features and changes, and the bugfixes
page for the 588 commits that fixed bugs in Blender 4.5 or older.
Post Syndicated from jzb original https://lwn.net/Articles/1046236/
The Homebrew project is an
open-source package-management system that comes with a repository of
useful packages for Linux and macOS. Even though Linux distributions
have their own package management and repositories, Homebrew is often
used to obtain software that is not available in a distribution’s repository
or to install more current versions of projects than are available
from long-term-support (LTS) distributions. Homebrew 5.0.0,
released on November 12, 2025, expanded Linux support to include
64-bit Arm packages in addition to x86_64, and turned on concurrent
downloads by default to speed up package downloads.
Post Syndicated from jzb original https://lwn.net/Articles/1046891/
Security updates have been issued by Debian (libwebsockets), Fedora (chromium and fvwm3), Mageia (apache, firefox, and postgresql13, postgresql15), Oracle (idm:DL1), Red Hat (bind, bind9.18, firefox, and openssl), SUSE (alloy, ghostscript, and openssl-1_0_0), and Ubuntu (ffmpeg and freeglut).
Post Syndicated from jzb original https://lwn.net/Articles/1046757/
Debian developer Simon Josefsson has announced
the Debian
Libre Live Images project, to allow installing Debian without any
non-free software:
Since the 2022 decision on non-free firmware, the official images
for bookworm and trixie contains non-free software.The Debian Libre Live Images project provides Live ISO images for
Intel/AMD-compatible 64-bit x86 CPUs (amd64) built without any
non-free software, suitable for running and installing Debian. The
images are similar to the Debian Live Images
distributed as Debian
live images.
He does warn that this is a first public release, so there may be
problems. See the current
list of known issues before trying the images out.
Post Syndicated from jzb original https://lwn.net/Articles/1046756/
Security updates have been issued by Debian (gst-plugins-base1.0, lasso, and thunderbird), Fedora (bind9-next, chromium, containerd, fvwm3, luksmeta, opentofu, python-pdfminer, python-uv-build, ruff, rust-get-size-derive2, rust-get-size2, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, suricata, uv, and xmedcon), Mageia (apache-commons-beanutils, apache-commons-fileupload, apache-commons-lang, botan2, python-django, spdlog, stardict, webkit2, and yelp-xsl), Slackware (xpdf), and SUSE (bind, chromedriver, firefox, kernel, libxml2, and openssh).
Post Syndicated from jzb original https://lwn.net/Articles/1046497/
Security updates have been issued by Debian (keystone and lxd), Fedora (docker-buildkit, firefox, gh, gitleaks, lasso, runc, and seamonkey), Mageia (perl-Authen-SASL, perl-Cpanel-JSON-XS, perl-Crypt-OpenSSL-RSA, perl-JSON-XS, python-flask-cors, python-py, python-setuptools, and ruby), Oracle (java-1.8.0-openjdk), SUSE (binutils, cargo-packaging, rust-bindgen, chromium, go-sendxmpp, helm, lasso, libxml2, openssh, openssh8.4, python-Django, python-Scrapy-doc, python311-Brotli, squid, tomcat10, and weblate), and Ubuntu (linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 and linux-xilinx-zynqmp).
Post Syndicated from jzb original https://lwn.net/Articles/1046410/
Greg Kroah-Hartman has announced the release of the 6.17.8 and 6.12.58 stable kernels. Each contains an
important set of fixes. Users are advised to upgrade.
Post Syndicated from jzb original https://lwn.net/Articles/1046376/
The SUSE Security Team has published an in-depth
article on its findings after reviewing a D-Bus service contained
in LightDM
Greeter by KDE (the lightdm-kde-greeter package)
for addition to openSUSE Tumbleweed. The team found a privilege
escalation from the lightdm service user to root, as
well as other attack vectors in the service:
In agreement with upstream, we assigned CVE-2025-62876 to track the
lightdm service user to root privilege escalation aspect described in
this report. The severity of the issue is low, since it only affects
defense-in-depth (if the lightdm service user were compromised) and
the problematic logic can only be reached and exploited if triggered
interactively by a privileged user.
The fixes are contained in the 6.0.4
release of the project.
Post Syndicated from jzb original https://lwn.net/Articles/1046375/
Version
145 of the Thunderbird email client has been released. Notable
changes in this release include enabling DNS over HTTPS, support for
Microsoft Exchange via Exchange Web Services, and quite a few bug
fixes. As of 145, the project is no longer shipping 32-bit binaries
for Linux on x86.
Post Syndicated from jzb original https://lwn.net/Articles/1045923/
Version
9.0.0 of pytest has been released. Notable changes in this release
include the addition of subtests,
native support for TOML configuration files, and a new strict
mode. See the changelog
for a complete list of new features, enhancements, and bug fixes.
Post Syndicated from jzb original https://lwn.net/Articles/1045922/
Security updates have been issued by AlmaLinux (galera and mariadb, kernel, kernel-rt, mingw-libtiff, redis:7, tigervnc, and xorg-x11-server-Xwayland), Fedora (bind, bind-dyndb-ldap, bpfman, chromium, dolphin-emu, dotnet9.0, golang-github-openprinting-ipp-usb, kea, libnbd, luksmeta, python-cloudpickle, python-pydantic, python-pydantic-core, python-uv-build, ruby, ruff, rust-get-size-derive2, rust-get-size2, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, singularity-ce, uv, xen, and xorg-x11-server-Xwayland), Mageia (libxml2, libxslt, opencontainers-runc, and xen), Oracle (bind, galera and mariadb, libsoup, linux-firmware, mariadb:10.5, mingw-libtiff, osbuild-composer, qt5-qt3d, tigervnc, and xorg-x11-server-Xwayland), SUSE (chromium, erlang, google-osconfig-agent, govulncheck-vulndb, java-11-openjdk, java-17-openjdk, java-1_8_0-openj9, opentofu, python-djangorestframework-simplejwt, python311-Django, python315, squid, thunderbird, tiff, tomcat, tomcat11, and xen), and Ubuntu (linux-fips, linux-hwe-6.14, and linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx,
linux-raspi).
Post Syndicated from jzb original https://lwn.net/Articles/1045807/
The KeePassXC project has recently updated its contribution
policy and README
to note its policy around contributions created with generative AI
tools. The project’s use of those tools, such as GitHub Copilot, have
raised a number of questions and concerns, which the project has
responded
to:
There are no AI features inside KeePassXC and there never
will be!The use of Copilot for drafting pull requests is reserved for very
simple and focused tasks with a small handful of changes, such as
simple bugfixes or UI changes. We use it sparingly (mostly because
it’s not very good at complex tasks) and only where we think it offers
a benefit. Copilot is good at helping developers plan complex changes
by reviewing the code base and writing suggestions in markdown, as
well as boilerplate tasks such as test development. Copilot can mess
up, and we catch that in our standard review process (e.g., by
committing a full directory of rubbish, which we identified and
fixed). You can review our copilot instructions. Would we ever let AI
rewrite our crypto stack? No. Would we let it refactor and rewrite
large parts of the application? No. Would we ask it to fix a
regression or add more test cases? Yes, sometimes.
Emphasis in the original. See the full post to learn more about the
project’s processes and pull requests that have been created with AI
assistance.
Post Syndicated from jzb original https://lwn.net/Articles/1042708/
The bootc project allows users to
create a bootable Linux system image using the container tooling that many
developers are already familiar with. It is an evolution of OSTree
(now called libostree), which is used to create Fedora
Silverblue and other image-based distributions. While creating
custom images is still a job for experts, the container technology
simplifies delivering heavily customized images to non-technical
users.
Post Syndicated from jzb original https://lwn.net/Articles/1045612/
Security updates have been issued by AlmaLinux (bind, bind9.16, libsoup, mariadb:10.5, and sssd), Debian (chromium, keystone, and swift), Fedora (apptainer, buildah, chromium, fcitx5, fcitx5-anthy, fcitx5-chewing, fcitx5-chinese-addons, fcitx5-configtool, fcitx5-hangul, fcitx5-kkc, fcitx5-libthai, fcitx5-m17n, fcitx5-qt, fcitx5-rime, fcitx5-sayura, fcitx5-skk, fcitx5-table-extra, fcitx5-unikey, fcitx5-zhuyin, GeographicLib, libime, mbedtls, mingw-poppler, mupen64plus, python-starlette, webkitgtk, and xen), Mageia (dcmtk, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, libvpx, and sqlite3), Oracle (bind, bind9.16, kernel, libsoup, libsoup3, osbuild-composer, qt6-qtsvg, sssd, and valkey), Red Hat (kernel and kernel-rt), SUSE (bind, gpg2, ImageMagick, python-Django, and runc), and Ubuntu (linux-azure, linux-azure-4.15, linux-fips, linux-aws-fips, inux-gcp-fips, linux-gcp, linux-gcp-6.8, linux-gke, linux-intel-iot-realtime, linux-realtime, linux-raspi-5.4, and linux-realtime, linux-realtime-6.8).