Vue lecture

Darktable 5.0.0 released

✇LWN
Par : jzb

Version 5.0.0 of the darktable photography workflow application has been released. Major changes in this release include user-interface/user-experience (UI/UX) improvements, speed improvements for bulk operations, and the addition of a inter-script-communication event to allow a running script to send messages to another running script. LWN last looked at darktable in 2022.

Stenberg: Dropping hyper

✇LWN
Par : corbet
Curl maintainer Daniel Stenberg announces that the curl project will be dropping hyper, its experimental HTTP backend written in Rust, due to lack of developer interest.

While the experiment itself is deemed a failure, I think we learned from it and improved curl in the process. We had to rethink and reassess several implementation details when we aligned HTTP behavior with hyper. libcurl parses and handles HTTP stricter now. Better.

Grml 2024.12 released

✇LWN
Par : jzb

Version 2024.12 of the Debian-based Grml live Linux system for system administrators has been released. Grml 2024.12 uses packages from the upcoming Debian 13 ("trixie") release. It drops support for 32-bit x86 PCs and gains support for 64-bit ARM CPUs. See the release notes for a full list of changes and new features.

[$] Process creation in io_uring

✇LWN
Par : corbet
Back in 2022, Josh Triplett presented a plan to implement a "spawn new process" functionality in the io_uring subsystem. There was a fair amount of interest at the time, but developers got distracted, and the work did not progress. Now, Gabriel Krisman Bertazi has returned with a patch series updating and improving Triplett's work. While interest in this functionality remains, it may still take some time before it is ready for merging into the mainline.

Security updates for Friday

✇LWN
Par : jzb
Security updates have been issued by Debian (chromium and gunicorn), Fedora (jupyterlab), Oracle (bluez, containernetworking-plugins, edk2:20220126gitbb1bba3d77, edk2:20240524, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, libsndfile, libsndfile:1.0.31, mpg123, mpg123:1.32.9, pam, python3.11-urllib3, skopeo, tuned, and unbound:1.16.2), SUSE (avahi, docker, emacs, govulncheck-vulndb, haproxy, kernel, libmozjs-128-0, python-grpcio, python310-xhtml2pdf, sudo, and tailscale), and Ubuntu (dpdk, linux-hwe-5.15, and linux-iot).

Security updates for Thursday

✇LWN
Par : jzb
Security updates have been issued by AlmaLinux (bluez, edk2:20220126gitbb1bba3d77, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, kernel-rt, mpg123, php:8.2, python3.11-urllib3, and tuned), Fedora (ColPack, glibc, golang-github-chainguard-dev-git-urls, golang-github-task, icecat, python-nbdime, python3.13, and python3.14), Mageia (kernel, kmod-xtables-addons, kmod-virtualbox, dwarves and kernel-linus), Red Hat (gstreamer1-plugins-base and gstreamer1-plugins-good), SUSE (curl, emacs, git-bug, glib2, helm, kernel, and traefik2), and Ubuntu (gst-plugins-base1.0, gst-plugins-good1.0, gstreamer1.0, libvpx, linux-gcp, phpunit, and yara).

[$] FESCo provenpackager sanction causes problems

✇LWN
Par : jzb

The Fedora Engineering Steering Council (FESCo) has made a series of missteps in deciding to revoke a longtime Fedora contributor's provenpackager status. FESCo made the decision during a closed session, based on private complaints. It then publicly announced its decision, including the contributor's name, while only supplying a vague account of the contributor's actions. This has left the Fedora community with more questions than answers, and raised a number of complaints about the transparency of FESCo's process. In addition, the sequence of events has sparked discussions about package ownership, as well as when and how it's appropriate to push changes to packages that a developer doesn't own.

Fish shell announces 4.0 beta release

✇LWN
Par : daroc

fish is a shell with a custom language and several affordances not available out of the box in other shells, such as directory-sensitive command completion. Although the project does not normally make beta releases, the newly announced 4.0b1 release will have one in order to ensure that no problems were introduced after a major effort to switch the code base from C++ to Rust.

fish is a smart and user-friendly command line shell with clever features that just work, without needing an advanced degree in bash scriptology. Today we are announcing an open beta, inviting all users to try out the upcoming 4.0 release.

fish 4.0 is a big upgrade. It's got lots of new features to make using the command line easier and more enjoyable, such as more natural key binding and expanded history search. And under the hood, we've rebuilt the foundation in Rust to embrace modern computing.

[$] Emacs code completion can cause compromise

✇LWN
Par : daroc

Emacs has had a few bugs related to accidentally permitting the execution of untrusted code. Unfortunately, it seems as though another bug of that sort has appeared — and may be harder to patch, because the problem comes from the way Emacs handles expansion of Lisp macros in code being analyzed. The vulnerability is only practically exploitable in a non-default configuration, so not every Emacs user has something to worry about. The Emacs developers are reportedly working on a fix, but have not yet shared details about it. In the meantime, every Emacs version since at least 26.1 (released in May 2018) through the current development version is vulnerable.

Security updates for Wednesday

✇LWN
Par : jzb
Security updates have been issued by AlmaLinux (libsndfile, php:7.4, python3.11, python3.12, and python36:3.6), Debian (dpdk), Mageia (curl and socat), Oracle (firefox and tuned), Red Hat (bluez, containernetworking-plugins, edk2, edk2:20220126gitbb1bba3d77, edk2:20240524, expat, gstreamer1-plugins-base, gstreamer1-plugins-base and gstreamer1-plugins-good, gstreamer1-plugins-good, kernel, libsndfile, libsndfile:1.0.31, mpg123, mpg123:1.32.9, pam, python3.11-urllib3, skopeo, tuned, unbound, and unbound:1.16.2), SUSE (cloudflared, curl, docker, firefox, gstreamer-plugins-good, kernel, libmozjs-115-0, libmozjs-128-0, libmozjs-78-0, libsoup, ovmf, python-urllib3_1, subversion, thunderbird, and traefik), and Ubuntu (editorconfig-core, libspring-java, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-raspi, linux, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-raspi, linux, linux-lowlatency, linux-oracle, linux-aws, linux-aws-5.15, linux-aws, linux-aws-5.4, linux-bluefield, linux-oracle, linux-oracle-5.4, and linux-oem-6.11).

Fedora Asahi Remix 41 is now available

✇LWN
Par : jzb

Fedora Magazine reports that the Fedora Asahi Remix 41 for Apple Silicon is now available:

In addition to all the exciting improvements brought by Fedora Linux 41, Fedora Asahi Remix 41 provides x86/x86-64 emulation integration including support for AAA games to Apple Silicon. The game support is based on the new conformant Vulkan 1.4 driver. It also continues to provide extensive device support, including high quality audio out of the box.

LWN covered a talk from the X.org Developers Conference (XDC) by Alyssa Rosenzweig on the status of Asahi's GPU drivers in October.

[$] WP Engine granted preliminary injunction in WordPress case

✇LWN
Par : jzb

Since we last looked at the WordPress dispute, WP Engine has sought a preliminary injunction against Automattic and its founder Matt Mullenweg to restore its access to WordPress.org, and more. The judge in the case granted a preliminary injunction on December 10. The case is, of course, of interest to users and developers working with WordPress—but it may also have implications for other open-source projects well beyond the WordPress community.

Kali Linux 2024.4 released

✇LWN
Par : corbet
Version 2024.4 of the Kali Linux penetration-testing distribution has been released. Changes include a switch to Python 3.12, the removal of i386 kernel support, GNOME 47, and more.

Security updates for Tuesday

✇LWN
Par : corbet
Security updates have been issued by Debian (gstreamer1.0), Fedora (jupyterlab and python-notebook), Oracle (gimp:2.8.22, gstreamer1-plugins-base, gstreamer1-plugins-good, kernel, php:8.2, postgresql, and python3.11), SUSE (aws-iam-authenticator, firefox, installation-images, kernel, libaom, libyuv, libsoup, libsoup2, python-aiohttp, socat, thunderbird, and vim), and Ubuntu (curl, Docker, imagemagick, and kernel).

A sapling matures: meet sq 1.0

✇LWN
Par : jzb

The Sequoia PGP project has announced version 1.0 of the sq command-line tool for managing OpenPGP encryption and signatures. It also provides a decentralized public key infrastructure (PKI), and key management facilities. This is the first stable release since development began on the project in 2017.

sq's PKI is probably its most notable feature, and the one we invested the most time in. The PKI is used to authenticate certificates, and messages. Authentication is necessary to ensure that you are encrypting to the person you think you are, and to identify who really authored a message; without authentication, encryption and verification are much weaker.

[$] Using Guile for Emacs

✇LWN
Par : jake
Emacs is, famously, an editor—perhaps far more—that is extensible using its own variant of the Lisp programming language, Emacs Lisp (or Elisp). This year's edition of EmacsConf, which is an annual "gathering" that has been held online for the past five years, had two separate talks on using a different variant of Lisp, Guile, for Emacs. Both projects would preserve Elisp compatibility, which is a must, but they would use Guile differently. The first talk we will cover was given by Robin Templeton, who described the relaunch of the Guile-Emacs project, which would replace the Elisp in Emacs with a compiler using Guile. A subsequent article will look at the other talk, which is about an Emacs clone written using Guile.

Security updates for Monday

✇LWN
Par : jake
Security updates have been issued by Debian (gst-plugins-base1.0, gstreamer1.0, and libpgjava), Fedora (bpftool, chromium, golang-x-crypto, kernel, kernel-headers, linux-firmware, pytest, python3.10, subversion, and thunderbird), Gentoo (NVIDIA Drivers), Oracle (kernel, perl-App-cpanminus:1.7044, php:7.4, php:8.1, php:8.2, postgresql, python3.11, python3.12, python3.9:3.9.21, python36:3.6, ruby, and ruby:2.5), SUSE (docker-stable, firefox-esr, gstreamer, gstreamer-plugins-base, gstreamer-plugins-good, kernel, python-Django, python312, and socat), and Ubuntu (mpmath).

Kernel prepatch 6.13-rc3

✇LWN
Par : corbet
Linus has released 6.13-rc3 for testing. "Earlier this week it felt to me like things might have already started to quiet down in prep for the holidays, but doing the statistics on rc3 that doesn't actually seem to be the case - this looks very regular both in number of commits and in diff size".
❌