Planet GNU

FSF Blogs: Nothing says end of the year like new GNU Press gear!

Fri, 08 Nov 2024 20:38:42 +0000

Just in time for the winter holidays, the GNU Press shop is open!

FSF Blogs: FSF Anniversary Logo Contest

Tue, 05 Nov 2024 21:41:38 +0000

FSF Blogs: Forty years of commitment to software freedom

Tue, 05 Nov 2024 21:40:00 +0000

We're planning a jam-packed anniversary year and we hope you'll join us for the festivities!

FSF Events: Free Software Directory meeting on IRC: Friday, November 8, starting at 12:00 EST (17:00 UTC)

Tue, 05 Nov 2024 14:35:04 +0000

Join the FSF and friends on Friday, November 8 from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.

FSF Blogs: Free Software Supporter -- Issue 199, November 2024

Fri, 01 Nov 2024 21:45:00 +0000

Welcome to the Free Software Supporter, the Free Software Foundation's (FSF) monthly news digest and action update -- being read by you and 231,355 other activists.

FSF Blogs: October GNU Spotlight with Amin Bandali: Seven new GNU releases!

Fri, 01 Nov 2024 21:25:00 +0000

Seven new GNU releases in the last month (as of October 31, 2024):

FSF Events: FSF community meetup in Seattle

Wed, 30 Oct 2024 16:50:04 +0000

FSF Events: Free Software Directory meeting on IRC: Friday, November 1, starting at 12:00 EDT (16:00 UTC)

Tue, 29 Oct 2024 19:43:44 +0000

Join the FSF and friends on Friday, November 1 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

GNUnet News: GNUnet 0.22.2

Mon, 28 Oct 2024 23:00:00 +0000

GNUnet 0.22.2

This is a bugfix release for gnunet 0.22.1. It fixes some regressions and minor bugs.

Parabola GNU/Linux-libre: manual intervention required for local pacman repositories

Thu, 24 Oct 2024 06:11:30 +0000

NOTE: pacman v7 is currently in [libre-testing]; but it will be promoted to libre soon

from arch:

With the release of [version 7.0.0] pacman has added support for downloading packages as a separate user with dropped privileges.

For users with local repos however this might imply that the download user does not have access to the files in question, which can be fixed by assigning the files and folder to the alpm group and ensuring the executable bit (+x) is set on the folders in question.

$ chown :alpm -R /path/to/local/repo

Remember to [merge the .pacnew] files to apply the new default.

Pacman also introduced [a change] to improve checksum stability for git repos that utilize .gitattributes files. This might require a one-time checksum change for PKGBUILDs that use git sources.

www-ru @ Savannah: Разговор о свободных программах в Москве

Wed, 23 Oct 2024 13:17:54 +0000

Компьютеры и сети содействуют нам в борьбе за свободу: они помогают посвятить время и силы важным общественным инициативам, организовывать протесты, защищаться от цензуры.

Но свободны ли наши компьютеры? И свободны ли мы как пользователи?

Обсудим эти вопросы 25 октября в 19:00 в Открытом пространстве с Глебом Ерофеевым — активистом движения за свободные программы и волонтёром проекта "ГНУ", который в 1983 году запустил философ и активист Ричард Столлман.

Команда проекта "ГНУ" занимается разработкой свободного софта и техноэтическим активизмом, чтобы дать пользователям контроль над их компьютерами и искоренить несправедливость, которую приносят в общество собственнические программы.

Адрес: Плетешковский пер., 8с1 (м. "Бауманская").

Участие бесплатно. Приветствуются пожертвования в пользу пространства.

FSF News: FSF is working on freedom in machine learning applications

Tue, 22 Oct 2024 21:40:00 +0000

BOSTON (October 22, 2024) -- The Free Software Foundation (FSF) has announced today that it is working on a statement of criteria for free machine learning applications, which will require the software, as well as the raw training data and associated scripts, to grant users the four freedoms.

FSF News: FSF associate members to assist in review of current board members

Mon, 21 Oct 2024 20:00:00 +0000

parallel @ Savannah: GNU Parallel 20241022 ('Sinwar Nasrallah') released [stable]

Mon, 21 Oct 2024 19:31:05 +0000

GNU Parallel 20241022 ('Sinwar Nasrallah') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

GNU Parallel is one of the most helpful tools I've been using recently, and it's just something like: parallel -j4 'gzip {}' ::: folder/*.csv
-- Milton Pividori @miltondp@twitter

New in this release:

No new features. This is a candidate for a stable release.
Bug fixes and man page updates.

News about GNU Parallel:

Separate arguments with a custom separator in GNU Parallel https://boxofcuriosities.co.uk/post/separate-arguments-with-a-custom-separator-in-gnu-parallel
GNU parallel is underrated https://amontalenti.com/2021/11/10/parallel
Unlocking the Power of Supercomputers: My HPC Adventure with 2800 Cores and GNU Parallel https://augalip.com/2024/03/10/unlocking-the-power-of-supercomputers-my-hpc-adventure-with-2800-cores-and-gnu-parallel/
Converting WebP Images to PNG Using parallel and dwebp https://bytefreaks.net/gnulinux/bash/converting-webp-images-to-png-using-parallel-and-dwebp

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at: http://www.gnu.org/s/parallel/

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
       fetch -o - http://pi.dk/3 ) > install.sh
    $ sha1sum install.sh | grep 883c667e01eed62f975ad28b6d50e22a
    12345678 883c667e 01eed62f 975ad28b 6d50e22a
    $ md5sum install.sh | grep cc21b4c943fd03e93ae1ae49e28573c0
    cc21b4c9 43fd03e9 3ae1ae49 e28573c0
    $ sha512sum install.sh | grep ec113b49a54e705f86d51e784ebced224fdff3f52
    79945d9d 250b42a4 2067bb00 99da012e c113b49a 54e705f8 6d51e784 ebced224
    fdff3f52 ca588d64 e75f6033 61bd543f d631f592 2f87ceb2 ab034149 6df84a35
    $ bash install.sh

Watch the intro video on http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018, https://doi.org/10.5281/zenodo.1146014.

If you like GNU Parallel:

Give a demo at your local user group/team/colleagues
Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
Request or write a review for your favourite blog or magazine
Request or build a package for your favourite distribution (if it is not already there)
Invite me for your next conference

If you use programs that use GNU Parallel for research:

Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

(Have your company) donate to FSF https://my.fsf.org/donate/

About GNU SQL

GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.

GNU Guix: Build User Takeover Vulnerability

Mon, 21 Oct 2024 08:55:36 +0000

A security issue has been identified in guix-daemon which allows for a local user to gain the privileges of any of the build users and subsequently use this to manipulate the output of any build. Your are strongly advised to upgrade your daemon now (see instructions below), especially on multi-user systems.

This exploit requires the ability to start a derivation build and the ability to run arbitrary code with access to the store in the root PID namespace on the machine the build occurs on. As such, this represents an increased risk primarily to multi-user systems and systems using dedicated privilege-separation users for various daemons: without special sandboxing measures, any process of theirs can take advantage of this vulnerability.

Vulnerability

For a very long time, guix-daemon has helpfully made the outputs of failed derivation builds available at the same location they were at in the build container. This has aided greatly especially in situations where test suites require the package to already be installed in order to run, as it allows one to re-run the test suite interactively outside of the container when built with --keep-failed. This transferral of store items from inside the chroot to the real store was implemented with a simple rename, and no modification of the store item or any files it may contain.

If an attacker starts a build of a derivation that creates a binary with the setuid and/or setgid bit in an output directory, then, and the build fails, that binary will be accessible unaltered for anybody on the system. The attacker or a cooperating user can then execute the binary, gain the privileges, and from there use a combination of signals and procfs to freeze a builder, open any file it has open via /proc/$PID/fd, and overwrite it with whatever it wants. This manipulation of builds can happen regardless of which user started the build, so it can work not only for producing compromised outputs for commonly-used programs before anybody else uses them, but also for compromising any builds another user happens to start.

A related vulnerability was also discovered concerning the outputs of successful builds. These were moved - also via rename() - outside of the container prior to having their permissions, ownership, and timestamps canonicalized. This means that there also exists a window of time for a successful build's outputs during which a setuid/setgid binary can be executed.

In general, any time that a build user running a build for some submitter can get a setuid/setgid binary to a place the submitter can execute it, it is possible for the submitter to use it to take over the build user. This situation always occurs when --disable-chroot is passed to guix-daemon. This holds even in the case where there are no dedicated build users, and builds happen under the same user the daemon runs as, as happens during make check in the guix repository. Consequently, if a permissive umask that allows execute permission for untrusted users on directories all the way to a user's guix checkout is used, an attacker can use that user's test-environment daemon to gain control over their user while make check is running.

Mitigation

This security issue has been fixed by two commits. Users should make sure they have updated to the second commit to be protected from this vulnerability. Upgrade instructions are in the following section. If there is a possibility that a failed build has left a setuid/setgid binary lying around in the store by accident, run guix gc to remove all failed build outputs.

The fix was accomplished by sanitizing the permissions of all files in a failed build output prior to moving it to the store, and also by waiting to move successful build outputs to the store until after their permissions had been canonicalized. The sanitizing was done in such a way as to preserve as many non-security-critical properties of failed build outputs as possible to aid in debugging. After applying these two commits, the guix package in Guix was updated so that guix-daemon deployed using it would use the fixed version.

If you are using --disable-chroot, whether with dedicated build users or not, make sure that access to your daemon's socket is restricted to trusted users. This particularly affects anyone running make check and anyone running on GNU/Hurd. The former should either manually remove execute permission for untrusted users on their guix checkout or apply this patch, which restricts access to the test-environment daemon to the user running the tests. The latter should adjust the ownership and permissions of /var/guix/daemon-socket, which can be done for Guix System users using the new socket-directory-{perms,group,user} fields in this patch.

A proof of concept is available at the end of this post. One can run this code with:

guix repl -- setuid-exposure-vuln-check.scm

This will output whether the current guix-daemon being used is vulnerable or not. If it is vulnerable, the last line will contain your system is not vulnerable, otherwise the last line will contain YOUR SYSTEM IS VULNERABLE.

Upgrading

Due to the severity of this security advisory, we strongly recommend all users to upgrade their guix-daemon immediately.

For Guix System, the procedure is to reconfigure the system after a guix pull, either restarting guix-daemon or rebooting. For example:

guix pull
sudo guix system reconfigure /run/current-system/configuration.scm
sudo herd restart guix-daemon

where /run/current-system/configuration.scm is the current system configuration but could, of course, be replaced by a system configuration file of a user's choice.

For Guix running as a package manager on other distributions, one needs to guix pull with sudo, as the guix-daemon runs as root, and restart the guix-daemon service, as documented. For example, on a system using systemd to manage services, run:

sudo --login guix pull
sudo systemctl restart guix-daemon.service

Note that for users with their distro's package of Guix (as opposed to having used the install script) you may need to take other steps or upgrade the Guix package as per other packages on your distro. Please consult the relevant documentation from your distro or contact the package maintainer for additional information or questions.

Conclusion

Even with the sandboxing features of modern kernels, it can be quite challenging to synthesize a situation in which two users on the same system who are determined to cooperate nevertheless cannot. Guix has an especially difficult job because it needs to not only realize such a situation, but also maintain the ability to interact with both users itself, while not allowing them to cooperate through itself in unintended ways. Keeping failed build outputs around for debugging introduced a vulnerability, but finding that vulnerability because of it enabled the discovery of an additional vulnerability that would have existed anyway, and prompted the use of mechanisms for securing access to the guix daemon.

I would like to thank Ludovic Courtès for giving feedback on these vulnerabilities and their fixes — discussion of which led to discovering the vulnerable time window with successful build outputs — and also for helping me to discover that my email server was broken.

Proof of Concept

Below is code to check if your guix-daemon is vulnerable to this exploit. Save this file as setuid-exposure-vuln-check.scm and run following the instructions above, in "Mitigation."

(use-modules (guix)
             (srfi srfi-34))

(define maybe-setuid-file
  ;; Attempt to create a setuid file in the store, with one of the build
  ;; users as its owner.
  (computed-file "maybe-setuid-file"
                 #~(begin
                     (call-with-output-file #$output (const #t))
                     (chmod #$output #o6000)

                     ;; Failing causes guix-daemon to copy the output from
                     ;; its temporary location back to the store.
                     (exit 1))))

(with-store store
  (let* ((drv (run-with-store store
                (lower-object maybe-setuid-file)))
         (out (derivation->output-path drv)))
    (guard (c (#t
               (if (zero? (logand #o6000 (stat:perms (stat out))))
                   (format #t "~a is not setuid: your system is not \
vulnerable.~%"
                           out)
                   (format #t "~a is setuid: YOUR SYSTEM IS VULNERABLE.

Run 'guix gc' to remove that file and upgrade.~%"
                           out))))
      (build-things store (list (derivation-file-name drv))))))

GNU Health: GHCon2024, the GNU Health Conference . Palermo, Italy

Sat, 19 Oct 2024 17:30:49 +0000

Dear community:

We’re excited to announce the IX International GNU Health Conference, that will take place in beautiful Sicily, Italy, at the University of Palermo this December 15th.

Mount Etna rising over suburbs of Catania, Sicily (Wikimedia)

The GNU Health Conference (GHCon) is the annual conference that brings together enthusiasts and developers of GNU Health, the Libre digital health ecosystem. The conference will have thematic sessions, lightning talks and implementation cases to get to know the GNU Health and other Free/Libre software communities from around the world.

We will show the upcoming features of the Health and Hospital Information System, standards, security, privacy, the GNU Health Federation and MyGNUHealth (the Personal Health Record).

GHCon2024 – The IX International GNU Health Conference

The XVII International Workshop on eHealth in Emerging Economies (IWEEE) is about Social Medicine and addressing the reality of the underprivileged around the world. There will be workshops to debate, and share experiences from humanitarian organizations and from those working in field of Social Medicine.

In the evening we will announce and honor the winners of the GNU Health Social Medicine awards.

We are counting on you to get the most out of the conference. Most importantly, we want you to have fun, feel at home, and enjoy being part
of the GNU Health community.

Looking forward to seeing you in Sicily!

Happy Hacking!

GHCon2024 homepage: https://www.gnuhealth.org/ghcon
Registration: https://my.gnusolidario.org/ghcon2024-registration/

You can share the news using the tag #GHCon2024

gnuboot @ Savannah: Nonfree software found in GNU Boot releases again, many distros affected.

Sat, 19 Oct 2024 13:27:22 +0000

The GNU Boot project previously found nonfree microcode in the first
RC1 release (in gnuboot-0.1-rc1_src.tar.xz to be exact).

This was announced in the "GNU Boot December 2023 News"
(https://lists.gnu.org/archive/html/gnuboot-announce/2023-12/msg00000.html). It
was fixed by re-making the affected tarball by hand with the nonfree
software removed and by contacting Canoeboot that had the same issue,
and by bug reporting and proposing patches to fix the issue in Guix as
well (they are still pending as we need to find a reviewer familiar
with Coreboot).

But recently we found a more problematic issue that also affects many
more distributions and all the previous GNU Boot release candidates.

The vboot source code used in Coreboot and in the vboot-utils package
available in many GNU/Linux distributions contains nonfree code in
their test data in tests/futility/data (nonfree microcode, nonfree
BIOS, nonfree Management Engine firmwares, etc).

So we had to re-release all the affected tarballs (like
gnuboot-0.1-rc1_src.tar.xz, gnuboot-0.1-rc2_src.tar.xz, etc).

We made and we improved the process along the way (we now store the
changes in tag inside our git repository and simply regenerate the
tarballs with the build system that is available for a given tag).

We are also in the process of contacting distributions and/or
coordinating with them and we also need help as there are many
distributions to contact.

To do that we started contacting the free GNU/Linux distros
(https://www.gnu.org/distros/free-distros.html) that ship the vboot
source code. We also contacted Replicant that is a free Android distro
that also ships vboot source code.

We also started to contact common distros that require certain
repositories to only have free software (so far we only contacted
Debian as that will help Trisquel fix the issue, but we also need to
contact Fedora for instance). Finding which distro to contact is made
much easier thanks to GNU's review of common distros policies
(https://www.gnu.org/distros/common-distros.html).

We coordinate that work on our bug report system at Savannah,
especially in the bug #66246
(https://savannah.gnu.org/bugs/index.php?66246).

health @ Savannah: GHcon2024, the GNUHealth Conference will be in Palermo, Italy - December 15th

Sat, 19 Oct 2024 08:46:46 +0000

Dear community:

We're excited to announce the IX International GNU Health Conference, that will take place in beautiful Sicily, Italy, at the University of Palermo this December 15th.

The GNU Health Conference (GHCon) is the annual conference that brings together enthusiasts and developers of GNU Health, the Libre digital health ecosystem. The conference will have thematic sessions, lightning talks and implementation cases to get to know the GNU Health and other Free/Libre software communities from around the world.

We will show the upcoming features of the Health and Hospital Information System, standards, security, privacy, the GNU Health Federation and MyGNUHealth (the Personal Health Record)

The XVII International Workshop on eHealth in Emerging Economies (IWEEE) is about Social Medicine and addressing the reality of the underprivileged around the world. There will be workshops to debate, and share experiences from humanitarian organizations and from those working in field of Social Medicine.

In the evening we will announce and honor the winners of the GNU Health Social Medicine awards.

We are counting on you to get the most out of the conference. Most importantly, we want you to have fun, feel at home, and enjoy being part of the GNU Health community.

Happy Hacking!

Homepage: https://www.gnuhealth.org/ghcon

Registration: https://my.gnusolidario.org/ghcon2024-registration/

Follow us in Mastodon (https://mastodon.social/@gnuhealth) for the latest news.

You can share the news using the tag #GHCon2024

libunistring @ Savannah: GNU libunistring-1.3 released

Wed, 16 Oct 2024 18:49:44 +0000

Download from https://ftp.gnu.org/gnu/libunistring/libunistring-1.3.tar.gz

This is a stable release.

New in this release:

The data tables and algorithms have been updated to Unicode version 16.0.0.
New function uc_is_property_modifier_combining_mark and new constant UC_PROPERTY_MODIFIER_COMBINING_MARK.
Fixed a bug in the *printf functions: The %ls and %lc directives could lead to a crash on Solaris and MSVC.

FSF Events: Free Software Directory meeting on IRC: Friday, October 18, starting at 12:00 EDT (16:00 UTC)

Tue, 15 Oct 2024 19:51:31 +0000

Join the FSF and friends on Friday, October 18 from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

Jose E. Marchesi: bugz-mode and a68-mode now in sourcehut

Sat, 12 Oct 2024 00:00:00 +0000

I have decided to start using sourcehut for a few of my projects. The first projects landing there are bugz-mode and a68-mode, two Emacs modes. The first implements a quite efficient and comfortable interface to bugzilla. The second is a programming mode for Algol 68.

Let's see how it goes!

https://git.sr.ht/~jemarch

FSF Events: Executive director Zoë Kooyman speaks on free software being the tech we want at The Tech We Want Online Summit on October 17 at 13:30 UTC

Thu, 10 Oct 2024 18:32:17 +0000

Executive director Zoë Kooyman will be speaking on a panel at The Tech We Want Online Summit on Thursday, October 17 at 13:30 UTC.

GNUnet News: GNUnet 0.22.1

Wed, 09 Oct 2024 22:00:00 +0000

GNUnet 0.22.1

This is a bugfix release for gnunet 0.22.0. It addresses some issues in HELLO URI handling and formatting as well as regressions in the DHT subsystem along with other bug fixes.

FSF News: Free Software Foundation to serve on "artificial intelligence" safety consortium

Wed, 09 Oct 2024 14:05:00 +0000

BOSTON (October 8, 2024) -- The Free Software Foundation (FSF) has announced that it is taking part in the US National Institute of Standards and Technology (NIST)'s consortium on the safety of (so-called) artificial intelligence, particularly with reference to "generative" AI systems. The FSF will ensure the free software perspective is adequately represented in these discussions.

health @ Savannah: Time to take back the Internet

Thu, 26 Sep 2024 18:08:49 +0000

It’s no news. They’re stealing the Internet from us and we must do something about it. What it used to be a fun, collaborative hacking space is now ruled by corporations and narcissistic billionaires. Proprietary centralized social networks have become a space for hate, discrimination and propaganda. The messages that you see are those that they want you to see. Your data is no longer yours. They have become a massive thought control machine. You read what they want you to read and, in the end, you will end up writing and doing what they want you to write and to do. It’s a matter of time and money, and they have both.

These corporate-driven social networks are deceiving. They make us fall into false assumptions in a distorted reality. This delusion hits both individuals and organizations. For instance, in GNU Solidario and GNU Health, we fight for Social Medicine and for the rights of human and non-human animals. When we want to share an event, to make a fundraising campaign or to denounce human or animal rights violations we want the message to reach out as many people as possible. We could think, why not share it with our followers on Twitter / X? Experience has it, corporate social networks have not really made a difference in the outcomes. They will promote or “shadow ban” the message depending on who wrote it. You can guess the results for those who fight against neoliberal capitalism.

Social pressure exists, and is not trivial to overcome. Many fear that leaving proprietary centralized social networks that have been using for years will result in losing the status and contacts they’ve built throughout the years. Again, it’s not really a big deal. And we have great news, there are decentralized, community-driven alternatives! Some of those alternatives are Mastodon, Friendica or Diaspora. Not only social networks, today there is an free software alternative to pretty much any proprietary solution (search engines, scientific programs, multimedia, office suites, databases, games…)

There is a correlation between Free Software, freedom and privacy. The more Free Software, the more freedom and privacy you enjoy. The contrary also applies: Proprietary software is inversely proportional to our freedom, both at individual and collective level. There is no transparency, no privacy, no control, no rights in proprietary applications, networks or clouds.

In the last decades, the tech giants have been busy in a campaign to dismantle the Free Software philosophy and community. The “open source” euphemism is one of them. Richard Stallman (creator of the GNU project and the Free Software Foundation) has been warning us about the dangers of “Open Source”. Free societies are built with free software, not with open source. I know some members in the free software community use both terms interchangeably, but I am convinced using the “Free Software” terms not only delivers software, but also freedom to our society.

Internet is no longer fun or empathetic. It has become a hostile and toxic environment, the medium for corporations and elites that increase concentration of power, social gradient and create very unjust societies. They use our data to control individuals and governments. We certainly don’t want to be part of that.

It is our moral duty to bring back spirit of solidarity that RMS delivered in the late 80’s, and that made possible the GNU movement, the best operating systems, programming languages, web servers and database engines for everyone. The GNU project was the inspiration for projects like GNU Health, helping millions around the globe, delivering freedom and equity in healthcare.

In the end, it is up to us to embrace federated, community driven social networks and free software applications. Millions of individuals, activists, free software projects, NGOs and even the European Union have already joined the Fediverse and Mastodon. It only takes an initial push to break the social pressure to set ourselves and our societies free.

Citing our friends from GNUnet: “You broke the Internet… we’ll build a GNU one”.

Happy hacking!

Follow us in Mastodon: https://mastodon.social/@gnuhealth

Original post: https://my.gnusolidario.org/2024/09/26/time-to-take-back-the-internet/

GNU Health: Time to take back the Internet

Thu, 26 Sep 2024 16:16:39 +0000

These corporate-driven social networks are deceiving. They make us fall into false assumptions in a distorted reality. This delusion hits both individuals and organizations. For instance, in GNU Solidario and GNU Health, we fight for Social Medicine and for the rights of human and non-human animals. When we want to share an event, to make a fundraising campaign or to denounce human or animal rights violations we want the message to reach out as many people as possible. We could think, why not share it with our followers on Twitter / X? Experience has it, corporate social networks have not really made a difference in the outcomes. They will promote or “shadow ban” the message depending on who wrote it. You can guess the results for those who fight against neoliberal capitalism.

“The many branches of the Fediverse” (credits: Axbom)

Social pressure exists, and is not trivial to overcome. Many fear that leaving proprietary centralized social networks that have been using for years will result in losing the status and contacts they’ve built throughout the years. Again, it’s not really a big deal. And we have great news, there are decentralized, community-driven alternatives! Some of those alternatives are Mastodon, Friendica or Diaspora. Not only social networks, today there is an free software alternative to pretty much any proprietary solution (search engines, scientific programs, multimedia, office suites, databases, games…)

The GNU head, symbol of the GNU project

There is a correlation between Free Software, freedom and privacy. The more Free Software, the more freedom and privacy you enjoy. The contrary also applies: Proprietary software is inversely proportional to our freedom, both at individual and collective level. There is no transparency, no privacy, no control, no rights in proprietary applications, networks or clouds.

In the last decades, the tech giants have been busy in a campaign to dismantle the Free Software philosophy and community. The “open source” euphemism is one of them. Richard Stallman (creator of the GNU project and the Free Software Foundation) has been warning us about the dangers of “Open Source”. Free societies are built with free software, not with open source. I know some members in the free software community use both terms interchangeably, but I am convinced using the “Free Software” terms not only delivers software, but also freedom to our society.

Internet is no longer fun or empathetic. It has become a hostile and toxic environment, the medium for corporations and elites that increase concentration of power, social gradient and create very unjust societies. They use our data to control individuals and governments. We certainly don’t want to be part of that.

It is our moral duty to bring back spirit of solidarity that RMS delivered in the late 80’s, and that made possible the GNU movement, the best operating systems, programming languages, web servers and database engines for everyone. The GNU project was the inspiration for projects like GNU Health, helping millions around the globe, delivering freedom and equity in healthcare.

In the end, it is up to us to embrace federated, community driven social networks and free software applications. Millions of individuals, activists, free software projects, NGOs and even the European Union have already joined the Fediverse and Mastodon. It only takes an initial push to break the social pressure to set ourselves and our societies free.

Collage with some members of the GNU Health community around the world

Citing our friends from GNUnet: “You broke the Internetâ€¦ we’ll build a GNU one”.

Happy hacking!

libtool @ Savannah: libtool-2.5.3 released [stable]

Wed, 25 Sep 2024 15:57:03 +0000

Libtoolers!

The Libtool Team is pleased to announce the release of libtool 2.5.3.

GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl, which
hides the complexity of loading dynamic runtime libraries (modules)
behind a consistent, portable interface.

There have been 14 commits by 2 people in the 27 days since 2.5.2.

See the NEWS below for a brief summary. An alpha and two beta releases
of GNU Libtool have been released prior to this stable release. Please
view the NEWS entries for those releases for a more complete summary of
the updates between stable releases 2.4.7 and 2.5.3.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

Bruno Haible (3)
Ileana Dumitrescu (11)

Ileana
[on behalf of the libtool maintainers]
==================================================================

Here is the GNU libtool home page:
    https://gnu.org/s/libtool/

For a summary of changes and contributors, see:
https://git.sv.gnu.org/gitweb/?p=libtool.git;a=shortlog;h=v2.5.3
or run this command from a git-cloned libtool directory:
git shortlog v2.5.2..v2.5.3

Here are the compressed sources:
https://ftpmirror.gnu.org/libtool/libtool-2.5.3.tar.gz   (2.0MB)
https://ftpmirror.gnu.org/libtool/libtool-2.5.3.tar.xz   (1.1MB)

Here are the GPG detached signatures:
https://ftpmirror.gnu.org/libtool/libtool-2.5.3.tar.gz.sig
https://ftpmirror.gnu.org/libtool/libtool-2.5.3.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

f48e2fcdb0b80f97e93366c41fdcd1ea90f2f253 libtool-2.5.3.tar.gz
kyK9j2vISP2j44WJndGTSVcWllKs73FtGdGdJAU6u5U= libtool-2.5.3.tar.gz
f1450b2f652d9acf3b83eee823cad966a149cca4 libtool-2.5.3.tar.xz
iYARIyzFm2s7u+Mhtgq6nbGsEVeKth7Q3wKZRYFGri4= libtool-2.5.3.tar.xz

Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify libtool-2.5.3.tar.gz.sig

The signature should match the fingerprint of the following key:

pub   rsa4096 2021-09-23 [SC]
        FA26 CA78 4BE1 8892 7F22 B99F 6570 EA01 146F 7354
uid   Ileana Dumitrescu <ileanadumi95@protonmail.com>
uid   Ileana Dumitrescu <ileanadumitrescu95@gmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key ileanadumi95@protonmail.com

gpg --recv-keys 6570EA01146F7354

wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=libtool&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify libtool-2.5.3.tar.gz.sig

This release was bootstrapped with the following tools:
Autoconf 2.72e
Automake 1.17
Gnulib v1.0-803-g30417e7f91

NEWS

Noteworthy changes in release 2.5.3 (2024-09-25) [stable]

** New features:

- Add 'aarch64' support to the file magic test, which allows for
    shared libraries to be built with Mingw for aarch64.

** Bug fixes:

- The configure options --with-pic and --without-pic have been renamed
    to --enable-pic and --disable-pic, respectively. The old names
    --with-pic and --without-pic are still supported, though, for
    backward compatibility.

- The configure option --with-aix-soname has been renamed to
    --enable-aix-soname. The old name --with-aix-soname is still
    supported, though, for backward compatibility.

- Fix conflicting warnings about AC_PROG_RANLIB.

- Document situations where -export-symbols does not work.

- Update FSF office address with URL in each file's license block.

- Add checks for aclocal in standalone.at and subproject.at test files
    that report failures in Linux From Scratch and Darwin builds.


Enjoy!

parallel @ Savannah: GNU Parallel 20240922 ('Gold Apollo AR924') released

Mon, 23 Sep 2024 20:49:16 +0000

GNU Parallel 20240922 ('Gold Apollo AR924') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

Recently executed a flawless live data migration of ~2.4pb using GNU parallel for scale and bash scripts.
-- @mechanicker@twitter Dhruva

New in this release:

--fast disables a lot of functionality to speed up running jobs.
Bug fixes and man page updates.

News about GNU Parallel:

Job requiring GNU Parallel knowledge https://www.capgemini.com/ca-en/jobs/Id6D4pEBZ6aB2WPS2aAJ/systems-engineer/

About GNU Parallel

Give a demo at your local user group/team/colleagues
Post the intro videos on Reddit/Diaspora*/forums/blogs/

Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists

Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
Request or write a review for your favourite blog or magazine
Request or build a package for your favourite distribution (if it is

not already there)

Invite me for your next conference

If you use programs that use GNU Parallel for research:

Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

(Have your company) donate to FSF https://my.fsf.org/donate/

About GNU SQL

About GNU Niceload

Gary Benson: Too many git branches?

Fri, 20 Sep 2024 14:43:22 +0000

Do you have too many git branches on the go at once? Here is the command to list them in order of last modification:

git for-each-ref --sort=-committerdate refs/heads

unifont @ Savannah: Unifont 16.0.01 Released

Tue, 10 Sep 2024 16:49:25 +0000

10 September 2024

Unifont 16.0.01 is now available. This is a major release.

From the NEWS file:

* Updates to synchronize Unifont with Unicode 16.0.0 release.

* Many new upper-plane Chinese ideographs added.

* New "make" build dependency on ImageMagick's "convert" program
    to build thumbnail images of the Unicode plane bitmaps.

* unifont-combining-$(VERSION).txt is now included in the
    distribution set to provide spacing information on all
    combining characters.

* Many other minor updates; see ChangeLog for details.

Download this release from GNU server mirrors at:

     https://ftpmirror.gnu.org/unifont/unifont-16.0.01/

or if that fails,

     https://ftp.gnu.org/gnu/unifont/unifont-16.0.01/

or, as a last resort,

     ftp://ftp.gnu.org/gnu/unifont/unifont-16.0.01/

These files are also available on the unifoundry.com website:

     https://unifoundry.com/pub/unifont/unifont-16.0.01/

Font files are in the subdirectory

     https://unifoundry.com/pub/unifont/unifont-16.0.01/font-builds/

A more detailed description of font changes is available at

      https://unifoundry.com/unifont/index.html

and of utility program changes at

      https://unifoundry.com/unifont/unifont-utilities.html

Enjoy!

Paul Hardy

stow @ Savannah: GNU Stow 2.4.1 released

Sun, 08 Sep 2024 22:26:28 +0000

Stow 2.4.1 has been released. This release contains some minor bug-fixes -- specifically, fixing the --dotfiles option to work correctly with ignore lists, allowing options in .stowrc with spaces, and avoiding a spurious warning on Perl >= 5.40. There were also some clean-ups and improvements, mostly internal and not visible to users. Read details of what's new: http://git.savannah.gnu.org/cgit/stow.git/tree/NEWS

texinfo @ Savannah: Texinfo 7.1.1 released

Sat, 07 Sep 2024 19:05:55 +0000

We have released version 7.1.1 of Texinfo, the GNU documentation format. This is a minor bug-fix release.

It's available via a mirror (xz is much smaller than gz, but gz is available too just in case):

http://ftpmirror.gnu.org/texinfo/texinfo-7.1.1.tar.xz
http://ftpmirror.gnu.org/texinfo/texinfo-7.1.1.tar.gz

Please send any comments to bug-texinfo@gnu.org.

Full announcement:

https://lists.gnu.org/archive/html/bug-texinfo/2024-09/msg00041.html

libffcall @ Savannah: GNU libffcall 2.5 is released

Mon, 02 Sep 2024 13:35:19 +0000

libffcall version 2.5 is released.

New in this release:

Added support for the following platforms: (Previously, a build on these platforms failed.)
- loongarch64: Linux with lp64d ABI.
- riscv64: Linux with musl libc.
- hppa: Linux.
- powerpc: FreeBSD, NetBSD.
- powerpc64: FreeBSD.
- powerpc64le: FreeBSD.
- arm: Android.

Fixed support for the following platforms: (Previously, a build on these platforms appeared to succeed but was buggy.)
- ia64: Linux.
- arm64: OpenBSD.

Simplified the environmental requirements (the library no longer allocates a temporary file in /tmp) on the following platforms:
- Linux.
- macOS.
- FreeBSD 13 and newer.
- NetBSD 8 and newer.

libtool @ Savannah: libtool-2.5.2 released [beta]

Thu, 29 Aug 2024 15:11:49 +0000

Libtoolers!

The Libtool Team is pleased to announce the release of libtool 2.5.2, a beta release.

This beta release was not planned, but additional testing of a recent bugfix
was requested for distros to have the chance to test it with mass-rebuilds.

The details of this bugfix can be found here:
    https://debbugs.gnu.org/cgi/bugreport.cgi?bug=71489
The commit for this bugfix can be found here:
    https://git.savannah.gnu.org/cgit/libtool.git/commit/?id=0e1b33332429cd578367bd0ad420c065d5caf0ac

I hope to release the stable in a couple of weeks if testing goes well!

GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl, which
hides the complexity of loading dynamic runtime libraries (modules)
behind a consistent, portable interface.

There have been 9 commits by 4 people in the 35 days since 2.5.1.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

Bruno Haible (1)
Ileana Dumitrescu (6)
Sergey Poznyakoff (1)
Tobias Stoeckmann (1)

Ileana
[on behalf of the libtool maintainers]
==================================================================

Here is the GNU libtool home page:
    https://gnu.org/s/libtool/

For a summary of changes and contributors, see:
https://git.sv.gnu.org/gitweb/?p=libtool.git;a=shortlog;h=v2.5.2
or run this command from a git-cloned libtool directory:
git shortlog v2.5.1..v2.5.2

Here are the compressed sources:
https://alpha.gnu.org/gnu/libtool/libtool-2.5.2.tar.gz   (1.9MB)
https://alpha.gnu.org/gnu/libtool/libtool-2.5.2.tar.xz   (1.0MB)

Here are the GPG detached signatures:
https://alpha.gnu.org/gnu/libtool/libtool-2.5.2.tar.gz.sig
https://alpha.gnu.org/gnu/libtool/libtool-2.5.2.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

e3384dc0099855942f76ef8a97be94edab6f56de libtool-2.5.2.tar.gz
KSdftFsjbW/3IKQz+c1fYeovUsw6ouX4m6V3Jr2lR5M= libtool-2.5.2.tar.gz
71b7333e80b76510f5dbd14db54d311d577bb716 libtool-2.5.2.tar.xz
e2C09MNk6HhRMNNKmP8Hv6mmFywgxdtwirScaRPkgmM= libtool-2.5.2.tar.xz

Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify libtool-2.5.2.tar.gz.sig

The signature should match the fingerprint of the following key:

pub   rsa4096 2021-09-23 [SC]
        FA26 CA78 4BE1 8892 7F22 B99F 6570 EA01 146F 7354
uid   Ileana Dumitrescu <ileanadumi95@protonmail.com>
uid   Ileana Dumitrescu <ileanadumitrescu95@gmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key ileanadumi95@protonmail.com

gpg --recv-keys 6570EA01146F7354

wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=libtool&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify libtool-2.5.2.tar.gz.sig

This release was bootstrapped with the following tools:
Autoconf 2.72e
Automake 1.17
Gnulib v1.0-563-gd3efdd55f3

NEWS

Noteworthy changes in release 2.5.2 (2024-08-29) [beta]

** Bug fixes:

- Use shared objects built in source tree instead of the installed
    versions for more reliable testing.

- Fix test in bug_62343.at for confirmed Cygwin/Mingw32 where the
    incorrect architecture version of a compiler was generating
    object files that could not be linked with a library file.

- Fix typos found with codespell.

** Changes in supported systems or compilers:

- Add support for 32-bit mode on FreeBSD/powerpc64.

Enjoy!

GNU MediaGoblin: MediaGoblin 0.14.0

Thu, 29 Aug 2024 05:00:00 +0000

We're pleased to announce the release of GNU MediaGoblin 0.14.0. See the release notes for full details and upgrading instructions.

Highlights of this release are:

Preliminary support for Docker installation
Preliminary support for OS packaging on GNU Guix
Major configure/build overhaul
Extended configuration documentation

This version has been tested on Debian Bookworm (12), Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04 and Fedora 39.

Thanks go to co-maintainer Olivier Mehani for his major contributions in this release!

To join us and help improve MediaGoblin, please visit our getting involved page.

GNU Taler news: GNU Taler 0.13 released

Wed, 28 Aug 2024 22:00:00 +0000

We are happy to announce the release of GNU Taler v0.13.

GNUnet News: GNUnet 0.22.0

Wed, 28 Aug 2024 22:00:00 +0000

GNUnet 0.22.0 released

We are pleased to announce the release of GNUnet 0.22.0.
GNUnet is an alternative network stack for building secure, decentralized and privacy-preserving distributed applications. Our goal is to replace the old insecure Internet protocol stack. Starting from an application for secure publication of files, it has grown to include all kinds of basic protocol components and applications towards the creation of a GNU internet.

This is a new major release. It breaks protocol compatibility with the 0.21.x versions. Please be aware that Git master is thus henceforth (and has been for a while) INCOMPATIBLE with the 0.21.x GNUnet network, and interactions between old and new peers will result in issues. In terms of usability, users should be aware that there are still a number of known open issues in particular with respect to ease of use, but also some critical privacy issues especially for mobile users. Also, the nascent network is tiny and thus unlikely to provide good anonymity or extensive amounts of interesting information. As a result, the 0.22.0 release is still only suitable for early adopters with some reasonable pain tolerance .

Download links

gnunet-0.22.0.tar.gz ( signature )
gnunet-0.22.0-meson.tar.gz ( signature ) NEW: Test tarball made using the meson build system.
gnunet-gtk-0.22.0.tar.gz ( signature )
gnunet-fuse-0.22.0.tar.gz ( signature )

The GPG key used to sign is: 3D11063C10F98D14BD24D1470B0998EF86F59B6A

Note that due to mirror synchronization, not all links might be functional early after the release. For direct access try http://ftp.gnu.org/gnu/gnunet/

Changes

A detailed list of changes can be found in the git log , the NEWS and the bug tracker . Noteworthy highlights are

transport :
- A new experimental HTTP/3 communicator for peer-to-peer transport communicator.
- New experimental NAT traversal functionality.
util :
- An implementation of Hybrid Public Key Encryption (HPKE) and related KEMs which are now used across the stack.
- An implementation of Elligator used as part of our Diffie-Hellman exchanges and KEMs
hostlist : The bootstrap URL is changed to https://bootstrap.gnunet.org/v22 and https://bootstrap.gnunet.org/latest for the release and development version (git head), respectively.
gnunet-hello : A new CLI to import/export connectivity information (HELLOs) of peers manually.
namestore : Significant zone import performance improvements in preparation for DNS TLD mirror deployments (.se, .nu, etc) .
messenger :
- Implementation of discourse subscriptions for live data streaming in chat rooms.
- New functionality in CLI for the Messenger service to stream data via standard input and output.
Build System :
- Build variant to build a monolithic GNUnet library.
- Cross compile the monolithic library for use on Android devices. An Android prototype can be found in this repository.

Known Issues

There are known major design issues in the CORE subsystems which will need to be addressed in the future to achieve acceptable usability, performance and security.
There are known moderate implementation limitations in CADET that negatively impact performance.
There are known moderate design issues in FS that also impact usability and performance.
There are minor implementation limitations in SET that create unnecessary attack surface for availability.
The RPS subsystem remains experimental.

In addition to this list, you may also want to consult our bug tracker at bugs.gnunet.org which lists about 190 more specific issues.

Thanks

This release was the work of many people. The following people contributed code and were thus easily identified: Christian Grothoff, t3sserakt, TheJackiMonster, Pedram Fardzadeh, Shichao, fence, dvn, nullptrderef and Martin Schanzenbach.

libgnunetchat 0.5.1 released

Additionally there's a minor release of libgnunetchat 0.5.1 which fixes multiple issues to improve overall reliability.

Download links

Noteworthy changes in 0.5.1

Fixes discourses stalling application on exit of its process.
Fixes comparison of egos for proper account management.
Implements automatic Github workflow for builds and testing.
Fixes destruction of contacts and lobbies.
Adjust internal message handling.
Adjust all test cases to run independent of each other.
Add test case for group opening and leaving.

A detailed list of changes can be found in the ChangeLog .

Messenger-GTK 0.10.1

Utilizing latest changes in GNUnet and libgnunetchat, there's a new release of the messenger application bringing live chats which allow streaming your own voice or video with other contacts. This release requires libgnunetchat 0.5.1.

Download links

Noteworthy changes in 0.10.1

Discourses have been added for live voice and video chats with other contacts.
Capturing a specific application or a whole monitor can be selected as video source in a live chat.

Keep in mind the application is still in development. So there may still be major bugs keeping you from getting a reliable connection. But if you encounter such issue, feel free to consult our bug tracker at bugs.gnunet.org .

screen @ Savannah: GNU Screen v.5.0.0 is released

Wed, 28 Aug 2024 21:41:30 +0000

Screen is a full-screen window manager that multiplexes a physical
terminal between several processes, typically interactive shells.

The 5.0.0 release includes the following changes to the previous
release 4.9.1:

Rewritten authentication mechanism
Add escape %T to show current tty for window
Add escape %O to show number of currently open windows
Use wcwdith() instead of UTF-8 hard-coded tables
New commands:

- auth [on|off]
    Provides password protection
- status [top|up|down|bottom] [left|right]
    The status window by default is in bottom-left corner.
    This command can move status messages to any corner of the screen.
- truecolor [on|off]
- multiinput
    Input to multiple windows at the same time

Removed commands:

- time
- debug
- password
- maxwin
- nethack

Fixes:

- Screen buffers ESC keypresses indefinitely
- Crashes after passing through a zmodem transfer
- Fix double -U issue

Release is available for download:
https://ftp.gnu.org/gnu/screen/

Please report any bugs or regressions.
Thanks to everyone who contributed to this release.

Cheers,
Alex

FSF News: Thank you Odile Bénassy for four years of service on the FSF Board of Directors!

Tue, 27 Aug 2024 18:05:00 +0000

BOSTON (August 27, 2024) -- Free Software Foundation (FSF) Board Member Odile Bénassy has stepped down from the Board after four years of service.

GNUnet News: GSoC Work Product: GNUnet over HTTP3

Sat, 24 Aug 2024 22:00:00 +0000

GSoC Work Product: GNUnet over HTTP/3

Goals of the Project.

This project aimed to implement a new communicator for GNUnet's Transport Next Generation (TNG) using the HTTP/3 protocol.

What I did.

We chose ngtcp2 and nghttp3 for their stability and adherence to RFC standards. I began by studying communicator fundamentals and analyzing relevant code examples. I then created a QUIC communicator using libngtcp2, implementing essential communication features. Building on this, I integrated libnghttp3 to support HTTP/3 layer communication. After establishing basic uni-directional communication, I proceeded to implement bi-directional capabilities. With the help and guidance of my mentors, I completed the above work, including the selection and design of message transmission methods and the implementation of code.

The current state.

We have two branches, dev/shichao/http3 for basic communication and dev/shichao/http3bidirect for bi-directional communication. They can pass the basic tests. However, we found that there were occasional failures during the test. We currently assume that this is caused by the test harness not being able to process the received data packets in time.

What's left to do.

There are still many areas that can be improved in the HTTP/3 communicator, such as using CID map instead of IP address map. In addition, in bi-directional communication, the server's sending rate is slightly lower than the client's transmission rate, and this will be optimized in the future. Finally, integrating the Peer Identity into the TLS handshake in order to authenticate the peers is a natural feature to implement.

What code got merged (or not) upstream.

All the code is available upstream in the master branch and will be available with the next release.

Challenges I Encountered.

Initially, I was unfamiliar with the ngtcp2 and nghttp3 libraries. While there were some examples available, I found limited guidance for more advanced usage. Through careful study and experimentation, I gradually gained a deeper understanding of these libraries. But in this process, I have a deeper understanding of QUIC and HTTP/3 protocols, and also improved my coding skills.

parallel @ Savannah: GNU Parallel 20240822 ('Southport') released

Wed, 21 Aug 2024 20:09:13 +0000

GNU Parallel 20240822 ('Southport') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

honestly the coolest software i've ever seen gotta be gnu parallel or
ffmpeg, nothing like them
-- @scootykins scoot

New in this release:

--match Match input source with regexp to set replacement fields.
{:%fmt} Use printf formatting of replacement strings.
Bug fixes and man page updates.

News about GNU Parallel:

Powerful GNU parallel, more than a loop https://www.linkedin.com/pulse/powerful-gnu-parallel-more-than-loop-zhenguo-zhang-18dxc
How To Increase File Transfer Speed Using Parallel Rsync? https://contentbase.com/blog/increase-file-transfer-speed-parallel-rsync/
Converting WebP Images to PNG Using parallel and dwebp https://bytefreaks.net/2024/07/27
Turbocharging the Box CLI with GNU Parallel https://medium.com/box-developer-blog/turbocharging-the-box-cli-with-gnu-parallel-ee44c48811c0

About GNU Parallel

Give a demo at your local user group/team/colleagues
Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
Request or write a review for your favourite blog or magazine
Request or build a package for your favourite distribution (if it is not already there)
Invite me for your next conference

If you use programs that use GNU Parallel for research:

Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

(Have your company) donate to FSF https://my.fsf.org/donate/

About GNU SQL

About GNU Niceload

www-zh-cn @ Savannah: Join us in saying goodbye to our beloved FSF office on August 16!

Fri, 16 Aug 2024 08:15:50 +0000

Dear Translators:

The FSF is officially going remote, so come visit the FSF office one last time. After August 31st, FSF will no longer be residing at the office on 51 Franklin Street.

For the final time, FSF will open the office to everyone who would like to visit the office one last time on Friday, August 16th from 6:00 p.m. - 8:30 p.m. for the move-out party.

You can also leave your words at the member forum:
https://forum.members.fsf.org/t/we-are-closing-down-the-51-franklin-street-office-do-you-have-any-memories-to-share/5614

You can write your own blog as I have done:
https://liberal.codeberg.page/goodbye-51-franklin-street.html

May FSF long live in our mind.

rush @ Savannah: GNU Rush Version 2.4

Fri, 09 Aug 2024 12:37:38 +0000

Version 2.4 of GNU Rush is available for download.

New in this release:

Use getgrouplist(3) call, if available;
Fixes in the rush-po script;
Bugfixes

health @ Savannah: GNU Health Hospital Management patchset 4.4.1 released

Thu, 01 Aug 2024 20:15:53 +0000

Dear community

GNU Health Hospital Management 4.4.1 has been released!

Priority: High

About GNU Health Patchsets
Updating your system with the GNU Health control Center
Installation notes
List of other issues related to this patchset

About GNU Health Patchsets

We provide "patchsets" to stable releases. Patchsets allow applying bug fixes and updates on production systems. Always try to keep your production system up-to-date with the latest patches.

Patches and Patchsets maximize uptime for production systems, and keep your system updated, without the need to do a whole installation.

NOTE: Patchsets are applied on previously installed systems only. For new, fresh installations, download and install the whole tarball (ie, gnuhealth-4.4.1.tar.gz)

Updating your system with the GNU Health control Center

You can do automatic updates on the GNU Health HMIS kernel and modules using the GNU Health control center program.

Please refer to the administration manual section ( https://docs.gnuhealth.org/his/techguide/administration/controlcenter.html )

The GNU Health control center works on standard installations (those done following the installation manual on wikibooks). Don't use it if you use an alternative method or if your distribution does not follow the GNU Health packaging guidelines.

Installation Notes

You must apply previous patchsets before installing this patchset. If your patchset level is 4.4.0, then just follow the general instructions. You can find the patchsets at GNU Health main download site at GNU.org (https://ftp.gnu.org/gnu/health/)

In most cases, GNU Health Control center (gnuhealth-control) takes care of applying the patches for you.

Pre-requisites for upgrade to 4.4.1: None

Now follow the general instructions at
https://docs.gnuhealth.org/his/techguide/administration/controlcenter.html

After applying the patches, make a full update of your GNU Health database as explained in the documentation.

When running "gnuhealth-control" for the first time, you will see the following message: "Please restart now the update with the new control center" Please do so. Restart the process and the update will continue.

Restart the GNU Health server

List of other issues and tasks related to this patchset

Issue #15: readfp on setup.py no longer supported since python 3.12 https://codeberg.org/gnuhealth/his/issues/15
Issue #33: health orthanc: Errors on imaging request when worklist template set on imaging test type https://codeberg.org/gnuhealth/his/issues/33

For detailed information about each issue, you can visit :
https://codeberg.org/gnuhealth/his/issues

For detailed information you can read about Patches and Patchsets

https://docs.gnuhealth.org/his/techguide/administration/patches.html

Happy hacking!

GNU Taler news: GNU Taler 0.12 released

Sun, 28 Jul 2024 22:00:00 +0000

We are happy to announce the release of GNU Taler v0.12.

libtool @ Savannah: libtool-2.5.1 released [beta]

Thu, 25 Jul 2024 15:18:12 +0000

Libtoolers!

The Libtool Team is pleased to announce the release of libtool 2.5.1, a beta release.

GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl, which
hides the complexity of loading dynamic runtime libraries (modules)
behind a consistent, portable interface.

There have been 33 commits by 8 people in the 10 weeks since 2.5.0.

See the NEWS below for a brief summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

Bruno Haible (3)
Ileana Dumitrescu (24)
Julien ÉLIE (1)
Khem Raj (1)
Peter Kokot (1)
Richard Purdie (1)
Vincent Lefevre (1)
trcrsired (1)

Ileana
[on behalf of the libtool maintainers]
==================================================================

Here is the GNU libtool home page:
    https://gnu.org/s/libtool/

For a summary of changes and contributors, see:
https://git.sv.gnu.org/gitweb/?p=libtool.git;a=shortlog;h=v2.5.1
or run this command from a git-cloned libtool directory:
git shortlog v2.5.0..v2.5.1

Here are the compressed sources:
https://alpha.gnu.org/gnu/libtool/libtool-2.5.1.tar.gz   (1.9MB)
https://alpha.gnu.org/gnu/libtool/libtool-2.5.1.tar.xz   (1020KB)

Here are the GPG detached signatures:
https://alpha.gnu.org/gnu/libtool/libtool-2.5.1.tar.gz.sig
https://alpha.gnu.org/gnu/libtool/libtool-2.5.1.tar.xz.sig

Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

5e2f00be5b616b0a6120b2947e562b8448e139b2 libtool-2.5.1.tar.gz
aoPtr9QtTi69wJV5+ZzoKNX5MvFzjeAklcyMKITkMM4= libtool-2.5.1.tar.gz
9f72b896f593c4f81cdd6c20c9d99463663e48a9 libtool-2.5.1.tar.xz
0oDmTIzb8UXXb7kbOyGe2rAb20PLmUAuSsuX0BAGNv0= libtool-2.5.1.tar.xz

Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.

Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:

gpg --verify libtool-2.5.1.tar.gz.sig

The signature should match the fingerprint of the following key:

pub   rsa4096 2021-09-23 [SC]
        FA26 CA78 4BE1 8892 7F22 B99F 6570 EA01 146F 7354
uid   Ileana Dumitrescu <ileanadumi95@protonmail.com>
uid   Ileana Dumitrescu <ileanadumitrescu95@gmail.com>

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.

gpg --locate-external-key ileanadumi95@protonmail.com

gpg --recv-keys 6570EA01146F7354

wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=libtool&download=1' | gpg --import -

As a last resort to find the key, you can try the official GNU
keyring:

wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify libtool-2.5.1.tar.gz.sig

This release was bootstrapped with the following tools:
Autoconf 2.72e
Automake 1.17
Gnulib v1.0-563-gd3efdd55f3

NEWS

Noteworthy changes in release 2.5.1 (2024-07-25) [beta]

** New features:

- Support C++17 compilers in the C++ tests.

- Add sysroot to library path for cross builds.

** Important incompatible changes:

- Autoconf 2.64 is required for libtool.m4 to use AS_VAR_APPEND.

** Bug fixes:

- Fix for uninitialized variable in libtoolize.

- Skip Fortran/C demo tests when using Clang with fsanitize to
    avoid an incompatible ASan runtime.

- Updated documentation for testing.

- Fix failing test to account for program-prefix usage.

- Replaced a deprecated macro to remove warning messages in the
    testsuite logs.

- Fix number of arguments for AC_CHECK_PROG call.

- Fix test failures with no-canonical-prefixes flag by checking
    if the flag is supported first.

- Fix test failures with no-undefined flag by checking host OS
    before appending the flag.

- Skip test when passing CXX flags through libtool to avoid test
    failure on NetBSD.

- Remove texinfo warning for period in node name of pxref.

- Alter syntax in sed command to fix numerous test failures
    on 64-bit windows/cygwin/mingw.

- Fix 'Wstrict-prototypes' warnings.

- Correct DLL Installation Path for mingw multilib builds.

- Fix '--preserve-dup-deps' stripping duplicates.

- Disable chained fixups for macOS, since it is not compatible with
    '-undefined dynamic_lookup'.

** Changes in supported systems or compilers:

- Support additional flang-based compilers, 'flang-new' and 'ftn'.

Enjoy!

Gary Benson: Python atomic counter

Thu, 25 Jul 2024 11:09:09 +0000

Do you need a thread-safe atomic counter in Python? Use itertools.count():

>>> from itertools import count
>>> counter = count()
>>> next(counter)
0
>>> next(counter)
1
>>> next(counter)
2

I found this in the decorator package, labelled Atomic get-and-increment provided by the GIL. So simple! So cool!

FSF News: Let's not celebrate CrowdStrike -- let's point to a better way

Wed, 24 Jul 2024 21:05:00 +0000

GNU Guix: The European Union must keep funding free software

Tue, 23 Jul 2024 17:30:00 +0000

Guix is the fruit of a combination of volunteer work by an amazing number of people, work paid for by employers, but also work sponsored by public institutions. The European Commission’s Next Generation Internet (NGI) calls have been instrumental in that regard. News that NGI funding could vanish came to us as a warning signal.

Since 2020, NGI has supported many free software projects, allowing for significant strides on important topics that would otherwise be hard to fund. As an example, here are some of the NGI grants that directly benefited Guix and related projects:

the full-source bootstrap, which includes groundwork not just in Guix but crucially in Mes and sister projects (blog post);
porting Guix to the RISC-V architecture;
porting GNU Mes and associated projects to RISC-V and AArch64;
porting the full-source bootstrap to the RISC-V architecture;
the Cuirass continuous integration tool (blog post);
the Guile implementation of the Guix build daemon (blog post);
distributed system daemon management with the Shepherd and Goblins, under the aegis of the Spritely Institute (blog post).
a new garbage collector for Guile, the Scheme implementation that Guix builds upon.

Over the years, NGI has more than demonstrated that public financial support for free software development makes a difference. We strongly believe that this support must continue, that it must strengthen the development of innovative software where user autonomy and freedom is a central aspect.

For these reasons, the Guix project joins a growing number of projects and organizations in signing the following open letter to the European Commission.

The open letter below was initially published by petites singularités. English translation provided by OW2.

Open Letter to the European Commission

Since 2020, Next Generation Internet (NGI) programmes, part of European Commission's Horizon programme, fund free software in Europe using a cascade funding mechanism (see for example NLnet's calls). This year, according to the Horizon Europe working draft detailing funding programmes for 2025, we notice that Next Generation Internet is not mentioned any more as part of Cluster 4.

NGI programmes have shown their strength and importance to supporting the European software infrastructure, as a generic funding instrument to fund digital commons and ensure their long-term sustainability. We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure. Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organisations.

Previous Cluster 4 allocated 27 million euros to:

"Human centric Internet aligned with values and principles commonly shared in Europe" ;
"A flourishing internet, based on common building blocks created within NGI, that enables better control of our digital life" ;
"A structured ecosystem of talented contributors driving the creation of new internet commons and the evolution of existing internet commons".

In the name of these challenges, more than 500 projects received NGI funding in the first 5 years, backed by 18 organisations managing these European funding consortia.

NGI contributes to a vast ecosystem, as most of its budget is allocated to fund third parties by the means of open calls, to structure commons that cover the whole Internet scope - from hardware to application, operating systems, digital identities or data traffic supervision. This third-party funding is not renewed in the current program, leaving many projects short on resources for research and innovation in Europe.

Moreover, NGI allows exchanges and collaborations across all the Euro zone countries as well as "widening countries"¹, currently both a success and an ongoing progress, likewise the Erasmus programme before us. NGI also contributes to opening and supporting longer relationships than strict project funding does. It encourages implementing projects funded as pilots, backing collaboration, identification and reuse of common elements across projects, interoperability in identification systems and beyond, and setting up development models that mix diverse scales and types of European funding schemes.

While the USA, China or Russia deploy huge public and private resources to develop software and infrastructure that massively capture private consumer data, the EU can't afford this renunciation. Free and open source software, as supported by NGI since 2020, is by design the opposite of potential vectors for foreign interference. It lets us keep our data local and favors a community-wide economy and know-how, while allowing an international collaboration.

This is all the more essential in the current geopolitical context: the challenge of technological sovereignty is central, and free software allows to address it while acting for peace and sovereignty in the digital world as a whole.

In this perspective, we urge you to claim for preserving the NGI programme as part of the 2025 funding programme.

¹ As defined by Horizon Europe, widening Member States are Bulgaria, Croatia, Cyprus, Czechia, Estonia, Greece, Hungary, Latvia, Lituania, Malta, Poland, Portugal, Romania, Slovakia, and Slovenia. Widening associated countries (under condition of an association agreement) include Albania, Armenia, Bosnia, Feroe Islands, Georgia, Kosovo, Moldavia, Montenegro, Morocco, North Macedonia, Serbia, Tunisia, Turkeye, and Ukraine. Widening overseas regions are Guadeloupe, French Guyana, Martinique, Reunion Island, Mayotte, Saint-Martin, The Azores, Madeira, the Canary Islands.

libc @ Savannah: The GNU C Library version 2.40 is now available

Mon, 22 Jul 2024 14:29:11 +0000

The GNU C Library
=================

The GNU C Library version 2.40 is now available.

The GNU C Library is used as the C library in the GNU system and
in GNU/Linux systems, as well as many other systems that use Linux
as the kernel.

The GNU C Library is primarily designed to be a portable
and high performance C library. It follows all relevant
standards including ISO C11 and POSIX.1-2017. It is also
internationalized and has one of the most complete
internationalization interfaces known.

The GNU C Library webpage is at http://www.gnu.org/software/libc/

Packages for the 2.40 release may be downloaded from:
http://ftpmirror.gnu.org/libc/
http://ftp.gnu.org/gnu/libc/

The mirror list is at http://www.gnu.org/order/ftp.html

Distributions are encouraged to track the release/* branches
corresponding to the releases they are using. The release
branches will be updated with conservative bug fixes and new
features while retaining backwards compatibility.

NEWS for version 2.40
=====================

Major new features:

The <stdbit.h> header type-generic macros have been changed when using

GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
with arbitrary precisions when supported by the target.

The GNU C Library now supports a feature test macro _ISOC23_SOURCE to

enable features from the ISO C23 standard. Only some features from
this standard are supported by the GNU C Library. The older name
_ISOC2X_SOURCE is still supported. Features from C23 are also enabled
by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
-std=gnu23, -std=c2x or -std=gnu2x.

The following ISO C23 function families (introduced in TS

18661-4:2015) are now supported in <math.h>. Each family includes
functions for float, double, long double, _FloatN and _FloatNx, and a
type-generic macro in <tgmath.h>.

- Exponential functions: exp2m1, exp10m1.

- Logarithmic functions: log2p1, log10p1, logp1.

A new tunable, glibc.rtld.enable_secure, can be used to run a program

as if it were a setuid process. This is currently a testing tool to allow
more extensive verification tests for AT_SECURE programs and not meant to
be a security feature.

On Linux, the epoll header was updated to include epoll ioctl definitions

and the related structure added in Linux kernel 6.9.

The fortify functionality has been significantly enhanced for building

programs with clang against the GNU C Library.

Many functions have been added to the vector library for aarch64:

acosh, asinh, atanh, cbrt, cosh, erf, erfc, hypot, pow, sinh, tanh

On x86, memset can now use non-temporal stores to improve the performance

of large writes. This behaviour is controlled by a new tunable
x86_memset_non_temporal_threshold.

Deprecated and removed features, and other changes affecting compatibility:

Architectures which use a 32-bit seconds-since-epoch field in struct

lastlog, struct utmp, struct utmpx (such as i386, powerpc64le, rv32,
rv64, x86-64) switched from a signed to an unsigned type for that
field. This allows these fields to store timestamps beyond the year
2038, until the year 2106. Please note that applications are still
expected to migrate off the interfaces declared in <utmp.h> and
<utmpx.h> (except for login_tty) due to locking and session management
problems.

__rseq_size now denotes the size of the active rseq area (20 bytes

initially), not the size of struct rseq (32 bytes initially).

Security related changes:

The following CVEs were fixed in this release, details of which can be
found in the advisories directory of the release tarball:

GLIBC-SA-2024-0004:
    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
    sequence (CVE-2024-2961)

GLIBC-SA-2024-0005:
    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)

GLIBC-SA-2024-0006:
    nscd: Null pointer crash after notfound response (CVE-2024-33600)

GLIBC-SA-2024-0007:
    nscd: netgroup cache may terminate daemon on memory allocation
    failure (CVE-2024-33601)

GLIBC-SA-2024-0008:
    nscd: netgroup cache assumes NSS callback uses in-buffer strings
    (CVE-2024-33602)

The following bugs were resolved with this release:

[19622] network: Support aliasing with struct sockaddr
[21271] localedata: cv_RU: update translations
[23774] localedata: lv_LV collates Y/y incorrectly
[23865] string: wcsstr is quadratic-time
[25119] localedata: Change Czech weekday names to lowercase
[27777] stdio: fclose does a linear search, takes ages when many FILE*
    are opened
[29770] libc: prctl does not match manual page ABI on powerpc64le-
    linux-gnu
[29845] localedata: Update hr_HR locale currency to €
[30701] time: getutxent misbehaves on 32-bit x86 when _TIME_BITS=64
[31316] build: Fails test misc/tst-dirname "Didn't expect signal from
    child: got `Illegal instruction'" on non SSE CPUs
[31317] dynamic-link: [RISCV] static PIE crashes during self
    relocation
[31325] libc: mips: clone3 is wrong for o32
[31335] math: Compile glibc with -march=x86-64-v3 should disable FMA4
    multi-arch version
[31339] libc: arm32 loader crash after cleanup in 2.36
[31340] manual: A bad sentence in section 22.3.5 (resource.texi)
[31357] dynamic-link: $(objpfx)tst-rtld-list-diagnostics.out rule
    doesn't work with test wrapper
[31370] localedata: wcwidth() does not treat
    DEFAULT_IGNORABLE_CODE_POINTs as zero-width
[31371] dynamic-link: x86-64: APX and Tile registers aren't preserved
    in ld.so trampoline
[31372] dynamic-link: _dl_tlsdesc_dynamic doesn't preserve all caller-
    saved registers
[31383] libc: _FORTIFY_SOURCE=3 and __fortified_attr_access vs size of
    0 and zero size types
[31385] build: sort-makefile-lines.py doesn't check variable with _
    nor with "^# variable"
[31402] libc: clone (NULL, NULL, ...) clobbers %r7 register on
    s390{,x}
[31405] libc: Improve dl_iterate_phdr using _dl_find_object
[31411] localedata: Add Latgalian locale
[31412] build: GCC 6 failed to build i386 glibc on Fedora 39
[31429] build: Glibc failed to build with -march=x86-64-v3
[31468] libc: sigisemptyset returns true when the set contains signals
    larger than 34
[31476] network: Automatic activation of single-request options break
    resolv.conf reloading
[31479] libc: Missing #include <sys/rseq.h> in sched_getcpu.c may
    result in a loss of rseq acceleration
[31501] dynamic-link: _dl_tlsdesc_dynamic_xsavec may clobber %rbx
[31518] manual: documentation: FLT_MAX_10_EXP questionable text, evtl.
    wrong,
[31530] localedata: Locale file for Moksha - mdf_RU
[31553] malloc: elf/tst-decorate-maps fails on ppc64el
[31596] libc: On the llvm-arm32 platform, dlopen("not_exist.so", -1)
    triggers segmentation fault
[31600] math: math: x86 ceill traps when FE_INEXACT is enabled
[31601] math: math: x86 floor traps when FE_INEXACT is enabled
[31603] math: math: x86 trunc traps when FE_INEXACT is enabled
[31612] libc: arc4random fails to fallback to /dev/urandom if
    getrandom is not present
[31629] build: powerpc64: Configuring with "--with-cpu=power10" and
    'CFLAGS=-O2 -mcpu=power9' fails to build glibc
[31640] dynamic-link: POWER10 ld.so crashes in
    elf_machine_load_address with GCC 14
[31661] libc: NPROCESSORS_CONF and NPROCESSORS_ONLN not available in
    getconf
[31676] dynamic-link: Configuring with CC="gcc -march=x86-64-v3"
    --with-rtld-early-cflags=-march=x86-64 results in linker failure
[31677] nscd: nscd: netgroup cache: invalid memcpy under low
    memory/storage conditions
[31678] nscd: nscd: Null pointer dereferences after failed netgroup
    cache insertion
[31679] nscd: nscd: netgroup cache may terminate daemon on memory
    allocation failure
[31680] nscd: nscd: netgroup cache assumes NSS callback uses in-buffer
    strings
[31682] math: [PowerPC] Floating point exception error for math test
    test-ceil-except-2 test-floor-except-2 test-trunc-except-2
[31686] dynamic-link: Stack-based buffer overflow in
    parse_tunables_string
[31695] libc: pidfd_spawn/pidfd_spawnp leak an fd if clone3 succeeds
    but execve fails
[31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work
    with -Wl,--enable-new-dtags
[31730] libc: backtrace_symbols_fd prints different strings than
    backtrace_symbols returns
[31753] build: FAIL: link-static-libc with GCC 6/7/8
[31755] libc: procutils_read_file doesn't start with a leading
    underscore
[31756] libc: write_profiling is only in libc.a
[31757] build: Should XXXf128_do_not_use functions be excluded?
[31759] math: Extra nearbyint symbols in libm.a
[31760] math: Missing math functions
[31764] build: _res_opcodes should be a compat symbol only
[31765] dynamic-link: _dl_mcount_wrapper is exported without prototype
[31766] stdio: IO_stderr _IO_stdin_ _IO_stdout should be compat
    symbols
[31768] string: Extra stpncpy symbol in libc.a
[31770] libc: clone3 is in libc.a
[31774] libc: Missing __isnanf128 in libc.a
[31775] math: Missing exp10 exp10f32x exp10f64 fmod fmodf fmodf32
    fmodf32x fmodf64 in libm.a
[31777] string: Extra memchr strlen symbols in libc.a
[31781] math: Missing math functions in libm.a
[31782] build: Test build failure with recent GCC trunk (x86/tst-cpu-
    features-supports.c:69:3: error: parameter to builtin not valid:
    avx5124fmaps)
[31785] string: loongarch: Extra strnlen symbols in libc.a
[31786] string: powerpc: Extra strchrnul and strncasecmp_l symbols in
    libc.a
[31787] math: powerpc: Extra llrintf, llrintf, llrintf32, and
    llrintf32 symbols in libc.a
[31788] libc: microblaze: Extra cacheflush symbol in libc.a
[31789] libc: powerpc: Extra versionsort symbol in libc.a
[31790] libc: s390: Extra getutent32, getutent32_r, getutid32,
    getutid32_r, getutline32, getutline32_r, getutmp32, getutmpx32,
    getutxent32, getutxid32, getutxline32, pututline32, pututxline32,
    updwtmp32, updwtmpx32 in libc.a
[31797] build: g++ -static requirement should be able to opt-out
[31798] libc: pidfd_getpid.c is miscompiled by GCC 6.4
[31802] time: difftime is pure not const
[31808] time: The supported time_t range is not documented.
[31840] stdio: Memory leak in _IO_new_fdopen (fdopen) on seek failure
[31867] build: "CPU ISA level is lower than required" on SSE2-free
    CPUs
[31876] time: "Date and time" documentation fixes for POSIX.1-2024 etc
[31883] build: ISA level support configure check relies on bashism /
    is otherwise broken for arithmetic
[31892] build: Always install mtrace.
[31917] libc: clang mq_open fortify wrapper does not handle 4 argument
    correctly
[31927] libc: clang open fortify wrapper does not handle argument
    correctly
[31931] time: tzset may fault on very short TZ string
[31934] string: wcsncmp crash on s390x on vlbb instruction
[31963] stdio: Crash in _IO_link_in within __gcov_exit
[31965] dynamic-link: rseq extension mechanism does not work as
    intended
[31980] build: elf/tst-tunables-enable_secure-env fails on ppc

Release Notes
=============

https://sourceware.org/glibc/wiki/Release/2.40

Contributors
============

This release was made possible by the contributions of many people.
The maintainers are grateful to everyone who has contributed
changes or bug reports. These include:

Adam Sampson
Adhemerval Zanella
Alejandro Colomar
Alexandre Ferrieux
Amrita H S
Andreas K. Hüttel
Andreas Schwab
Andrew Pinski
Askar Safin
Aurelien Jarno
Avinal Kumar
Carlos Llamas
Carlos O'Donell
Charles Fol
Christoph Müllner
DJ Delorie
Daniel Cederman
Darius Rad
David Paleino
Dragan Stanojević (Nevidljivi)
Evan Green
Fangrui Song
Flavio Cruz
Florian Weimer
Gabi Falk
H.J. Lu
Jakub Jelinek
Jan Kurik
Joe Damato
Joe Ramsay
Joe Simmons-Talbott
Joe Talbott
John David Anglin
Joseph Myers
Jules Bertholet
Julian Zhu
Junxian Zhu
Konstantin Kharlamov
Luca Boccassi
Maciej W. Rozycki
Manjunath Matti
Mark Wielaard
MayShao-oc
Meng Qinggang
Michael Jeanson
Michel Lind
Mike FABIAN
Mohamed Akram
Noah Goldstein
Palmer Dabbelt
Paul Eggert
Philip Kaludercic
Samuel Dobron
Samuel Thibault
Sayan Paul
Sergey Bugaev
Sergey Kolosov
Siddhesh Poyarekar
Simon Chopin
Stafford Horne
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Wilco Dijkstra
Xi Ruoyao
Xin Wang
Yinyu Cai
YunQiang Su

We would like to call out the following and thank them for their
tireless patch review:

Adhemerval Zanella
Alejandro Colomar
Andreas K. Hüttel
Arjun Shankar
Aurelien Jarno
Bruno Haible
Carlos O'Donell
DJ Delorie
Dmitry V. Levin
Evan Green
Fangrui Song
Florian Weimer
H.J. Lu
Jonathan Wakely
Joseph Myers
Mathieu Desnoyers
Maxim Kuvyrkov
Michael Jeanson
Noah Goldstein
Palmer Dabbelt
Paul Eggert
Paul E. Murphy
Peter Bergner
Philippe Mathieu-Daudé
Sam James
Siddhesh Poyarekar
Simon Chopin
Stefan Liebler
Sunil K Pandey
Szabolcs Nagy
Xi Ruoyao
Zack Weinberg

--
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, releng)
https://wiki.gentoo.org/wiki/User:Dilfridge
https://www.akhuettel.de/

parallel @ Savannah: GNU Parallel 20240722 ('Assange') released [stable]

Sun, 21 Jul 2024 03:01:50 +0000

GNU Parallel 20240722 ('Assange') has been released. It is available for download at: lbry://@GnuParallel:4

Quote of the month:

parallel is frickin great for launching jobs on multiple
machines. Ansible and Jenkins and others may be good too but I was
able to jump right in with parallel.
-- dwhite21787@reddit

New in this release:

No new features. This is a candidate for a stable release.
Bug fixes and man page updates.

News about GNU Parallel:

Scientific Workflows at Scale using GNU Parallel https://web.cvent.com/event/f318e73c-2230-432a-a044-b75625020543/websitePage:afd80266-008e-414b-9f94-2fd9b4dd1924?session=fe79a785-ec60-414c-8d2b-c29208f53d4c&shareLink=true
Use GNU Parallel to render blender movies distributed by a bunch of nodes https://github.com/tfmoraes/blender_gnu_parallel_render
Lessons Learned from Scaling to Multi-Terabyte Datasets https://v2thegreat.com/2024/06/19/lessons-learned-from-scaling-to-multi-terabyte-datasets/
Efisiensi Maksimal: Cara Paralelisasi Perintah di CLI Linux https://medium.com/@nfrozi/efisiensi-maksimal-cara-paralelisasi-perintah-di-cli-linux-f4fda3afe2a0
Introduction to GNU parallel https://datascience.101workbook.org/06-hpc/06-parallel/01-intro-to-gnu-parallel/#gsc.tab=0

About GNU Parallel

Give a demo at your local user group/team/colleagues
Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
Get the merchandise https://gnuparallel.threadless.com/designs/gnu-parallel
Request or write a review for your favourite blog or magazine
Request or build a package for your favourite distribution (if it is not already there)
Invite me for your next conference

If you use programs that use GNU Parallel for research:

Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:

(Have your company) donate to FSF https://my.fsf.org/donate/

About GNU SQL

About GNU Niceload

GNU Taler news: Video interview with Mikolai Gütschow on payments for the Internet of Things

Sat, 20 Jul 2024 22:00:00 +0000

On the occasion of the Point Zero Forum's Innovation Tour, Evgeny Grin has interviewed Mikolai Gütschow who designed and implemented solutions for the payments in the Internet of Things (IoT).

GNUnet News: DHT Technical Specification Milestone 5

Sat, 20 Jul 2024 22:00:00 +0000

DHT Technical Specification Milestone 5

We are happy to announce the completion of milestone 5 for the DHT specification. The general objective is to provide a detailed and comprehensive guide for implementors of the GNUnet DHT "R ⁵ N". As part of this milestone, the specification was updated and interoperability testing conducted. We submitted the draft to the Independent Stream Editor (ISE) who is going to decide if it will be adopted and shepherded through the RFC process.

The current protocol is implemented as part of GNUnet and gnunet-go as announced on the mailing list when the previous implementation milestones were finished .

We again invite any interested party to read the document and provide critical review and feedback. This greatly helps us to improve the protocol and help future implementations. Contact us at the gnunet-developers mailing list .

This work is generously funded by NLnet as part of their NGI Assure fund .

GNU Taler news: Video interview with Özgür Kesim on age-restricted digital cash

Fri, 19 Jul 2024 22:00:00 +0000

On the occasion of the Point Zero Forum's Innovation Tour, Evgeny Grin has interviewed Özgür Kesim who designed and implemented an age restriction mechanism inside the GNU Taler coins.

GNU Taler news: Video interview with Isidor Walliman, creator of the Netzbon regional currency in Basel

Thu, 18 Jul 2024 22:00:00 +0000

On the occasion of the Point Zero Forum's Innovation Tour, Evgeny Grin has interviewed Isidor Wallimann who is introducing GNU Taler for the local currency Netzbon in Basel.

health @ Savannah: MyGNUHealth 2.2.1 released

Wed, 17 Jul 2024 10:10:50 +0000

Dear community

I am happy to announce patchset 2.2.1 for MYGNUHealth, the GNU Health Personal Health Record.

This patchset fixes the following issues:

MyGH crashes when clicking 'Network': https://codeberg.org/gnuhealth/mygnuhealth/issues/34
Include icons of type gif on MANIFEST.in : https://codeberg.org/gnuhealth/mygnuhealth/issues/36

You can download MyGNUHealth source code from the official GNU Savannah (https://ftp.gnu.org/gnu/health/mygnuhealth/). You can also install MyGH from the Python Package Index (PyPI) or from your operating system distribution.

Happy hacking
Luis

tasklist @ Savannah: Cleaning out old jobs

Tue, 16 Jul 2024 14:35:07 +0000

When I opened this Savannah project I imported items from the old GNU tasklist document. 20 years later all of the context has been lost (if there ever was any) so now if anyone asks about these tasks it just leads to frustration on everyone's part.

I therefore deleted the original help wanted entries that date back to 2003. If anyone wants to help the GNU project, the best way to do that is to pick one of the FSF's High-Priority projects:

https://www.fsf.org/campaigns/priority-projects

automake @ Savannah: automake 1.17 released [stable]

Sun, 14 Jul 2024 15:58:32 +0000

Automake 1.17 released. Announcement:
https://lists.gnu.org/archive/html/autotools-announce/2024-07/msg00000.html

gnuastro @ Savannah: Gnuastro 0.23 released

Sat, 13 Jul 2024 23:01:56 +0000

The 23rd release of GNU Astronomy Utilities (Gnuastro) is now available. See the full announcement for all the new features in this release and the many bugs that have been found and fixed: https://lists.gnu.org/archive/html/info-gnuastro/2024-07/msg00001.html

Simon Josefsson: Towards Idempotent Rebuilds?

Tue, 09 Jul 2024 22:16:16 +0000

After rebuilding all added/modified packages in Trisquel, I have been circling around the elephant in the room: 99% of the binary packages in Trisquel comes from Ubuntu, which to a large extent are built from Debian source packages. Is it possible to rebuild the official binary packages identically? Does anyone make an effort to do so? Does anyone care about going through the differences between the official package and a rebuilt version? Reproducible-build.org‘s effort to track reproducibility bugs in Debian (and other systems) is amazing. However as far as I know, they do not confirm or deny that their rebuilds match the official packages. In fact, typically their rebuilds do not match the official packages, even when they say the package is reproducible, which had me surprised at first. To understand why that happens, compare the buildinfo file for the official coreutils 9.1-1 from Debian bookworm with the buildinfo file for reproducible-build.org’s build and you will see that the SHA256 checksum does not match, but still they declare it as a reproducible package. As far as I can tell of the situation, the purpose of their rebuilds are not to say anything about the official binary build, instead the purpose is to offer a QA service to maintainers by performing two builds of a package and declaring success if both builds match.

I have felt that something is lacking, and months have passed and I haven’t found any project that address the problem I am interested in. During my earlier work I created a project called debdistreproduce which performs rebuilds of the difference between two distributions in a GitLab pipeline, and display diffoscope output for further analysis. A couple of days ago I had the idea of rewriting it to perform rebuilds of a single distribution. A new project debdistrebuild was born and today I’m happy to bless it as version 1.0 and to announces the project! Debdistrebuild has rebuilt the top-50 popcon packages from Debian bullseye, bookworm and trixie, on amd64 and arm64, as well as Ubuntu jammy and noble on amd64, see the summary status page for links. This is intended as a proof of concept, to allow people experiment with the concept of doing GitLab-based package rebuilds and analysis. Compare how Guix has the guix challenge command.

Or I should say debdistrebuild has attempted to rebuild those distributions. The number of identically built packages are fairly low, so I didn’t want to waste resources building the rest of the archive until I understand if the differences are due to consequences of my build environment (plain apt-get build-dep followed by dpkg-buildpackage in a fresh container), or due to some real difference. Summarizing the results, debdistrebuild is able to rebuild 34% of Debian bullseye on amd64, 36% of bookworm on amd64, 32% of bookworm on arm64. The results for trixie and Ubuntu are disappointing, below 10%.

So what causes my rebuilds to be different from the official rebuilds? Some are trivial like the classical problem of varying build paths, resulting in a different NT_GNU_BUILD_ID causing a mismatch. Some are a bit strange, like a subtle difference in one of perl’s headers file. Some are due to embedded version numbers from a build dependency. Several of the build logs and diffoscope outputs doesn’t make sense, likely due to bugs in my build scripts, especially for Ubuntu which appears to strip translations and do other build variations that I don’t do. In general, the classes of reproducibility problems are the expected. Some are assembler differences for GnuPG’s gpgv-static, likely triggered by upload of a new version of gcc after the original package was built. There are at least two ways to resolve that problem: either use the same version of build dependencies that were used to produce the original build, or demand that all packages that are affected by a change in another package are rebuilt centrally until there are no more differences.

The current design of debdistrebuild uses the latest version of a build dependency that is available in the distribution. We call this a “idempotent rebuild“. This is usually not how the binary packages were built originally, they are often built against earlier versions of their build dependency. That is the situation for most binary distributions.

Instead of using the latest build dependency version, higher reproducability may be achieved by rebuilding using the same version of the build dependencies that were used during the original build. This requires parsing buildinfo files to find the right version of the build dependency to install. We believe doing so will lead to a higher number of reproducibly built packages. However it begs the question: can we rebuild that earlier version of the build dependency? This circles back to really old versions and bootstrappable builds eventually.

While rebuilding old versions would be interesting on its own, we believe that is less helpful for trusting the latest version and improving a binary distribution: it is challenging to publish a new version of some old package that would fix a reproducibility bug in another package when used as a build dependency, and then rebuild the later packages with the modified earlier version. Those earlier packages were already published, and are part of history. It may be that ultimately it will no longer be possible to rebuild some package, because proper source code is missing (for packages using build dependencies that were never part of a release); hardware to build a package could be missing; or that the source code is no longer publicly distributable.

I argue that getting to 100% idempotent rebuilds is an interesting goal on its own, and to reach it we need to start measure idempotent rebuild status.

One could conceivable imagine a way to rebuild modified versions of earlier packages, and then rebuild later packages using the modified earlier packages as build dependencies, for the purpose of achieving higher level of reproducible rebuilds of the last version, and to reach for bootstrappability. However, it may be still be that this is insufficient to achieve idempotent rebuilds of the last versions. Idempotent rebuilds are different from a reproducible build (where we try to reproduce the build using the same inputs), and also to bootstrappable builds (in which all binaries are ultimately built from source code). Consider a cycle where package X influence the content of package Y, which in turn influence the content of package X. These cycles may involve several packages, and it is conceivable that a cycle could be circular and infinite. It may be difficult to identify these chains, and even more difficult to break them up, but this effort help identify where to start looking for them. Rebuilding packages using the same build dependency versions as were used during the original build, or rebuilding packages using a bootsrappable build process, both seem orthogonal to the idempotent rebuild problem.

Our notion of rebuildability appears thus to be complementary to reproducible-builds.org’s definition and bootstrappable.org’s definition. Each to their own devices, and Happy Hacking!

Addendum about terminology: With “idempotent rebuild” I am talking about a rebuild of the entire operating system, applied to itself. Compare how you build the latest version of the GNU C Compiler: it first builds itself using whatever system compiler is available (often an earlier version of gcc) which we call step 1. Then step 2 is to build a copy of itself using the compiler built in step 1. The final step 3 is to build another copy of itself using the compiler from step 2. Debian, Ubuntu etc are at step 1 in this process right now. The output of step 2 and step 3 ought to be bit-by-bit identical, or something is wrong. The comparison between step 2 and 3 is what I refer to with an idempotent rebuild. Of course, most packages aren’t a compiler that can compile itself. However entire operating systems such as Trisquel, PureOS, Ubuntu or Debian are (hopefully) a self-contained system that ought to be able to rebuild itself to an identical copy. Or something is amiss. The reproducible build and bootstrappable build projects are about improve the quality of step 1. The property I am interested is the identical rebuild and comparison in step 2 and 3. I feel the word “idempotent” describes the property I’m interested in well, but I realize there may be better ways to describe this. Ideas welcome!

Planet GNU

FSF Blogs: Nothing says end of the year like new GNU Press gear!

FSF Blogs: FSF Anniversary Logo Contest

FSF Blogs: Forty years of commitment to software freedom

FSF Events: Free Software Directory meeting on IRC: Friday, November 8, starting at 12:00 EST (17:00 UTC)

FSF Blogs: Free Software Supporter -- Issue 199, November 2024

FSF Blogs: October GNU Spotlight with Amin Bandali: Seven new GNU releases!

FSF Events: FSF community meetup in Seattle

FSF Events: Free Software Directory meeting on IRC: Friday, November 1, starting at 12:00 EDT (16:00 UTC)

GNUnet News: GNUnet 0.22.2

GNUnet 0.22.2

Links

Parabola GNU/Linux-libre: manual intervention required for local pacman repositories

www-ru @ Savannah: Разговор о свободных программах в Москве

FSF News: FSF is working on freedom in machine learning applications

FSF News: FSF associate members to assist in review of current board members

parallel @ Savannah: GNU Parallel 20241022 ('Sinwar Nasrallah') released [stable]

About GNU Parallel

About GNU SQL

About GNU Niceload

GNU Guix: Build User Takeover Vulnerability

Vulnerability

Mitigation

Upgrading

Conclusion

Proof of Concept

GNU Health: GHCon2024, the GNU Health Conference . Palermo, Italy

gnuboot @ Savannah: Nonfree software found in GNU Boot releases again, many distros affected.

health @ Savannah: GHcon2024, the GNUHealth Conference will be in Palermo, Italy - December 15th

libunistring @ Savannah: GNU libunistring-1.3 released

FSF Events: Free Software Directory meeting on IRC: Friday, October 18, starting at 12:00 EDT (16:00 UTC)

Jose E. Marchesi: bugz-mode and a68-mode now in sourcehut

FSF Events: Executive director Zoë Kooyman speaks on free software being the tech we want at The Tech We Want Online Summit on October 17 at 13:30 UTC

GNUnet News: GNUnet 0.22.1

GNUnet 0.22.1

Links

FSF News: Free Software Foundation to serve on "artificial intelligence" safety consortium

health @ Savannah: Time to take back the Internet

GNU Health: Time to take back the Internet

libtool @ Savannah: libtool-2.5.3 released [stable]

parallel @ Savannah: GNU Parallel 20240922 ('Gold Apollo AR924') released

About GNU Parallel

About GNU SQL

About GNU Niceload

Gary Benson: Too many git branches?

unifont @ Savannah: Unifont 16.0.01 Released

stow @ Savannah: GNU Stow 2.4.1 released

texinfo @ Savannah: Texinfo 7.1.1 released

libffcall @ Savannah: GNU libffcall 2.5 is released

libtool @ Savannah: libtool-2.5.2 released [beta]

GNU MediaGoblin: MediaGoblin 0.14.0

GNU Taler news: GNU Taler 0.13 released

GNUnet News: GNUnet 0.22.0

GNUnet 0.22.0 released

Download links

Changes

Known Issues

Thanks

libgnunetchat 0.5.1 released

Download links

Noteworthy changes in 0.5.1

Messenger-GTK 0.10.1

Download links

Noteworthy changes in 0.10.1

screen @ Savannah: GNU Screen v.5.0.0 is released

FSF News: Thank you Odile Bénassy for four years of service on the FSF Board of Directors!

GNUnet News: GSoC Work Product: GNUnet over HTTP3

GSoC Work Product: GNUnet over HTTP/3

Goals of the Project.

What I did.

The current state.

What's left to do.

What code got merged (or not) upstream.

Challenges I Encountered.

parallel @ Savannah: GNU Parallel 20240822 ('Southport') released

About GNU Parallel

About GNU SQL

About GNU Niceload

www-zh-cn @ Savannah: Join us in saying goodbye to our beloved FSF office on August 16!

rush @ Savannah: GNU Rush Version 2.4