Post Syndicated from jzb original https://lwn.net/Articles/1045401/

Version
4.5 of the Mastodon
decentralized social-media platform has been released. Notable
features in this release include quote
posts, native emoji support, as well as enhanced moderation and
blocking features for server administrators. The project also has a post
detailing new features in 4.5 for developers of clients and other
software that interacts with Mastodon.

Post Syndicated from jzb original https://lwn.net/Articles/1045352/

Security updates have been issued by Debian (unbound), Fedora (deepin-qt5integration, deepin-qt5platform-plugins, dtkcore, dtkgui, dtklog, dtkwidget, fcitx-qt5, fcitx5-qt, fontforge, gammaray, golang-github-openprinting-ipp-usb, kddockwidgets, keepassxc, kf5-akonadi-server, kf5-frameworkintegration, kf5-kwayland, plasma-integration, python-qt5, qadwaitadecorations, qt5, qt5-qt3d, qt5-qtbase, qt5-qtcharts, qt5-qtconnectivity, qt5-qtdatavis3d, qt5-qtdeclarative, qt5-qtdoc, qt5-qtgamepad, qt5-qtgraphicaleffects, qt5-qtimageformats, qt5-qtlocation, qt5-qtmultimedia, qt5-qtnetworkauth, qt5-qtquickcontrols, qt5-qtquickcontrols2, qt5-qtremoteobjects, qt5-qtscript, qt5-qtscxml, qt5-qtsensors, qt5-qtserialbus, qt5-qtserialport, qt5-qtspeech, qt5-qtsvg, qt5-qttools, qt5-qttranslations, qt5-qtvirtualkeyboard, qt5-qtwayland, qt5-qtwebchannel, qt5-qtwebengine, qt5-qtwebkit, qt5-qtwebsockets, qt5-qtwebview, qt5-qtx11extras, qt5-qtxmlpatterns, qt5ct, and xorg-x11-server), Mageia (binutils, gstreamer1.0-plugins-bad, libsoup, libsoup3, mediawiki, net-tools, and tigervnc, x11-server, and x11-server-xwayland), Red Hat (tigervnc), SUSE (aws-efs-utils, fetchmail, flake-pilot, ImageMagick, java-1_8_0-ibm, java-1_8_0-openjdk, kernel-devel, kubecolor, OpenSMTPD, sccache, tiff, and zellij), and Ubuntu (linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14,
linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi,
linux-realtime, linux, linux-aws, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8,
linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia,
linux-nvidia-lowlatency, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oracle-6.8, linux-realtime-6.14, poppler, python-django, and various linux-* packages).

Post Syndicated from jzb original https://lwn.net/Articles/1045161/

Mason Freed and Dominik Röttsches have published a document
with a timeline and plans for removing Extensible Stylesheet Language
Transformations (XSLT) from the Chromium project and Chrome
browser:

Chromium has officially deprecated XSLT, including the XSLTProcessor
JavaScript API and the XML stylesheet processing instruction. We
intend to remove support from version 155 (November 17, 2026). The
Firefox and WebKit projects have also indicated plans to remove XSLT
from their browser engines. This document provides some history and
context, explains how we are removing XSLT to make Chrome safer, and
provides a path for migrating before these features are removed from
the browser.

LWN covered the Web
Hypertext Application Technology Working Group (WHATWG) discussion
about XSLT in August.

Post Syndicated from jzb original https://lwn.net/Articles/1045140/

Version
2.3.0 of the Lightweight Qt Desktop Environment (LXQt) has been
released. The highlight of this release is continued improvement in
Wayland support across LXQt components. Rather than offering its own
compositor, the LXQt project takes a modular approach and works with
several Wayland compositors, such as KWin, labwc, and niri.

Post Syndicated from jzb original https://lwn.net/Articles/1042888/

Linux has many security features and tools that have evolved over
the years to address threats as they emerge and security gaps as they
are discovered. Linux security is all, as Lennart Poettering observed at the All Systems Go! conference held
in Berlin, somewhat random and not a “clean”
design. To many observers, that may also appear to be the case for
systemd; however, Poettering said that he does have a vision for how
all of the security-related pieces of systemd are meant to fit
together. He wanted to use his talk to explain “how the individual
security-related parts of systemd actually fit together and why they
exist in the first place“.

Post Syndicated from jzb original https://lwn.net/Articles/1045125/

Version
1.3 of the Open Container Initiative (OCI) Runtime
Specification has been released. The specification covers the
configuration, execution environment, and lifecycle of containers. The
most notable change in 1.3 is the addition of FreeBSD to the
specification, which the FreeBSD Foundation calls
“a watershed moment for FreeBSD“:

The addition of cloud-native container support complements FreeBSD’s
already robust virtualization capabilities, particularly the powerful
FreeBSD jails technology that has been a cornerstone of the operating
system for over two decades. In fact, OCI containers on FreeBSD are
implemented using jails as the underlying isolation mechanism,
bringing together the security and resource management benefits of
jails with the portability and ecosystem advantages of OCI-compliant
containers.

Post Syndicated from jzb original https://lwn.net/Articles/1045124/

Security updates have been issued by Debian (bind9 and gimp), Fedora (chromium, fastapi-cli, fastapi-cloud-cli, gherkin, libnbd, maturin, openapi-python-client, python-annotated-doc, python-cron-converter, python-fastapi, python-inline-snapshot, python-jiter, python-openapi-core, python-platformio, python-pydantic, python-pydantic-core, python-pydantic-extra-types, python-rignore, python-starlette, python-typer, python-typing-inspection, python-uv-build, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-jiter, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-serde_json, rust-speedate, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, and uv), Mageia (golang and libavif), Red Hat (bind9.16, pcs, and qt6-qtsvg), SUSE (colord, ffmpeg, govulncheck-vulndb, jasper, openjpeg, poppler, qatengine, qatlib, runc, sccache, and tiff), and Ubuntu (keystone, libssh, linux-hwe-6.14, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx,
linux-raspi, runc-app, runc-stable, squid, squid3, and unbound).

Post Syndicated from jzb original https://lwn.net/Articles/1044987/

Version
6.18 of the Incus container and virtual-machine management system
has been released. Notable changes in this release include new
configuration keys for providing credentials to systemd, BPF token
delegation, VirtIO support for sound cards, the ability to export ISO
volumes, improvements to the IncusOS command-line utility, and more.

Post Syndicated from jzb original https://lwn.net/Articles/1044949/

Security updates have been issued by Debian (dcmtk, geographiclib, gimp, pure-ftpd, and ruby-rack), Fedora (dotnet9.0), Oracle (expat, kernel, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (git, mariadb:10.5, multiple packages, osbuild-composer, pcs, sssd, and tigervnc), SUSE (kernel and redis), and Ubuntu (google-guest-agent).

Post Syndicated from jzb original https://lwn.net/Articles/1044915/

Version
1.0 of the Capability Hardware Extension to RISC-V for IoT
(CHERIoT) specification has been released. CHERIoT is a
hardware-software system for secure embedded devices, and the
specification provides a full description of the ISA and its intended
use by CHERIoT
RTOS. David Chisnall has written a blog
post about the release that explains its significance as well as plans
for CHERIoT 2.0 and beyond:

The last change that we made to the ISA was in December 2024, so we
are confident that this is a stable release that we can support in
hardware for a long time. This specification was implemented by the
1.0 release of CHERIoT Ibex and by CHERIoT Kudu (which has not yet had
an official release). These two implementations demonstrate that the
ISA scales from three-stage single-issue pipelines to six-stage
dual-issue pipelines, roughly the same range of microarchitectures
supported by Arm’s M profile.

We at SCI have the first of our ICENI chips, which use the CHERIoT
Ibex core, on the way back from the fab now and will be scaling up to
mass production in the new year. I am not allowed to speak for other
folks building CHERIoT silicon, but I expect 2026 to be an exciting
year for the CHERIoT project!

Post Syndicated from jzb original https://lwn.net/Articles/1044763/

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, and webkit2gtk3), Debian (ruby-rack, strongswan, ublock-origin, and wordpress), Fedora (firefox, kea, openapi-python-client, openbao, python-uv-build, qt5-qtbase, ruby, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-backon, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, samba, skopeo, sssd, Thunar, unbound, uv, vgrep, and xorg-x11-server-Xwayland), Mageia (bind, libtiff, sope, and transfig), Oracle (compat-libtiff3, kernel, libtiff, redis, redis:6, and redis:7), Red Hat (kernel, kernel-rt, libssh, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (seamonkey), SUSE (bind, chromedriver, chromium, colord, coreboot-utils, git-bug, ImageMagick, java-11-openj9, java-17-openj9, java-21-openj9, java-25-openj9, kea, libmozjs-115-0, libmozjs-140-0, libssh, libtiff-devel-32bit, nodejs18, ongres-scram, poppler, python311-starlette, rav1e, squid, strongswan, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (linux-gcp-6.14 and linux-hwe-6.8).

Post Syndicated from jzb original https://lwn.net/Articles/1044383/

Michael Hudson-Doyle, a member of Ubuntu’s Foundations team, has announced
the introduction of an “architecture variant” for Ubuntu 25.10:

By making changes to dpkg, apt and Launchpad, we are able to build
multiple versions of a package, each for a different level of the
x86-64 architecture, meaning we can have packages that specifically
target x86-64-v3, for example.

As a result, we’re very excited to share that in Ubuntu 25.10, some
packages are available, on an opt-in basis, in their optimized form
for the more modern x86-64-v3 architecture level.

See the announcement for details on opting in to x86-64-v3
packages.

Post Syndicated from jzb original https://lwn.net/Articles/1044380/

Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, java-17-openjdk, libtiff, redis, and redis:6), Debian (chromium, mediawiki, pypy3, and squid), Fedora (openbao), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, chromium, chrony, expat, haproxy, himmelblau, ImageMagick, iputils, kernel, libssh, libxslt, openssl-3, podman, strongswan, xorg-x11-server, and xwayland), and Ubuntu (kernel, libxml2, libyaml-syck-perl, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-oracle, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, and netty).

Post Syndicated from jzb original https://lwn.net/Articles/1044246/

The Universal Blue
project has announced
the fall update for the Fedora-based Bazzite gaming distribution. This
release brings Bazzite up to Fedora 43, includes support for
additional handheld gaming systems, as well as drivers for a number of
steering wheel devices, and more.

Post Syndicated from jzb original https://lwn.net/Articles/1044222/

Security updates have been issued by AlmaLinux (java-21-openjdk and libtiff), Debian (pdns-recursor and xorg-server), Fedora (bind, bind-dyndb-ldap, dtk6core, dtk6gui, dtk6log, dtk6widget, fcitx5-qt, fluidsynth, gammaray, kddockwidgets, LabPlot, mingw-qt6-qt3d, mingw-qt6-qt5compat, mingw-qt6-qtactiveqt, mingw-qt6-qtbase, mingw-qt6-qtcharts, mingw-qt6-qtdeclarative, mingw-qt6-qtimageformats, mingw-qt6-qtlocation, mingw-qt6-qtmultimedia, mingw-qt6-qtpositioning, mingw-qt6-qtscxml, mingw-qt6-qtsensors, mingw-qt6-qtserialport, mingw-qt6-qtshadertools, mingw-qt6-qtsvg, mingw-qt6-qttools, mingw-qt6-qttranslations, mingw-qt6-qtwebchannel, mingw-qt6-qtwebsockets, nheko, python-pyqt6, qt-creator, qt6, qt6-qt3d, qt6-qt5compat, qt6-qtbase, qt6-qtcharts, qt6-qtcoap, qt6-qtconnectivity, qt6-qtdatavis3d, qt6-qtdeclarative, qt6-qtgrpc, qt6-qthttpserver, qt6-qtimageformats, qt6-qtlanguageserver, qt6-qtlocation, qt6-qtlottie, qt6-qtmqtt, qt6-qtmultimedia, qt6-qtnetworkauth, qt6-qtopcua, qt6-qtpositioning, qt6-qtquick3d, qt6-qtquick3dphysics, qt6-qtquicktimeline, qt6-qtremoteobjects, qt6-qtscxml, qt6-qtsensors, qt6-qtserialbus, qt6-qtserialport, qt6-qtshadertools, qt6-qtspeech, qt6-qtsvg, qt6-qttools, qt6-qttranslations, qt6-qtvirtualkeyboard, qt6-qtwayland, qt6-qtwebchannel, qt6-qtwebengine, qt6-qtwebsockets, qt6-qtwebview, unbound, xorg-x11-server-Xwayland, and zeal), Oracle (kernel and libtiff), Red Hat (redis:6), Slackware (tigervnc and xorg), SUSE (java-21-openjdk, java-25-openjdk, strongswan, and xorg-x11-server), and Ubuntu (amd64-microcode, binutils, and xorg-server, xwayland).

Post Syndicated from jzb original https://lwn.net/Articles/1042980/

Inside this week’s LWN.net Weekly Edition:

• Front: Pixnapping attack; Fil-C; Debian ftpmasters; GoFundMe complaints; Safer user-space access.
• Briefs: Man pages 6.16; Btrfs on AlmaLinux; Fedora Linux 43; ICANN report; PSF grants; Rust Coreutils 0.3.0; Tor Browser 15.0; Quotes; …
• Announcements: Newsletters, conferences, security updates, patches, and more.

Post Syndicated from jzb original https://lwn.net/Articles/1044066/

Alejandro Colomar has announced the release of version 6.16 of the GNU/Linux man pages. This release includes new or rewritten man pages for fsconfig(), fsmount(), and fsopen(), as well as a number of newly documented interfaces in existing man pages. The release is also available as a PDF book.

Post Syndicated from jzb original https://lwn.net/Articles/1044064/

ICANN’s Security and
Stability Advisory Committee (SSAC) has announced
a report
on “the critical role of Free and Open Source Software (FOSS)
within the Domain Name System (DNS)“. The report is aimed at
policymakers and examines recent cybersecurity regulations in the US,
UK, and EU as they apply to FOSS in the DNS system; it includes
findings and guidelines “to strengthen the FOSS ecosystem that is
critical to the secure and stable operation of the Internet“. From
the report’s summary:

This ecosystem depends on a global network of maintainers and
contributors who are often unpaid volunteers. While many are unpaid
volunteers, the DNS space is unique in also relying on a handful of
long-lived maintenance organizations. This creates a model based on
community collaboration rather than the commercial contracts that
define a traditional software supply chain, which introduces unique
risks related to financial sustainability for the maintenance
organizations and maintainer burnout for volunteers.

These unique characteristics mean that regulatory frameworks
designed for proprietary software may not be well-suited for FOSS and
therefore could have severe unintended consequences to the stability
of critical Internet infrastructure.

Thanks to SSAC member Maarten Aertsen for the tip.

Post Syndicated from jzb original https://lwn.net/Articles/1044047/

Version 15.0
of the Tor
Browser has been released:

This is our first stable release based on Firefox ESR 140,
incorporating a year’s worth of changes that have been shipped
upstream in Firefox. As part of this process, we’ve also completed our
annual ESR transition audit, where we reviewed and addressed around
200 Bugzilla issues for changes in Firefox that may negatively affect
the privacy and security of Tor Browser users. Our final reports from
this audit are now available in the tor-browser-spec
repository on our GitLab instance.

This release inherits the vertical tabs feature, unified search
button, as well as other new features and usability improvements in
Firefox that have passed the Tor Project’s audit.

Post Syndicated from jzb original https://lwn.net/Articles/1043364/

Debian’s ftpmaster
team has been responsible for allowing new packages to enter Debian,
removing old packages, and otherwise maintaining Debian’s package
archive for more than two decades. As of October 26, the team is
no more and its duties are being split between two new teams. The Archive
Operations Team will focus on the infrastructure required to
support the Debian
archives, and the DFSG, Licensing & New
Packages Team, which is responsible for reviewing packages
entering the new
queue. In time, this move could speed up processing of new
packages, as well as making the teams more sustainable, but only after
new members are recruited and trained. For now, the same folks are
doing the work but spread across two teams.