Introducing GNOME 3.30: “Almería", Great release video, and I'm there, in the photos part :D

I've just setted CI for Gtranslator \o/, CI is great and combinig that with flatpak, it's really easy to generate binary bundle for testing purpose for each MR:

Some love for gtranslator

First step: meson, then flatpak, then remove all deprecated code

danigm boosted

GNOME Podcasts 0.4.5 is out!

@danigm added support for translations and the application is now on damned lies [1] infrastructure!

Initial translations support includes:

* Finish
* Polish
* Turkish
* Spanish
* German
* Galician
* Indonesian
* Korean

There are also a couple of bug fixes in the release along with further polishing of the UX.

Already available from Flathub! [2]


danigm boosted

De hecho, hay muchas formas de atacar un servidor que descomprima archivos tar:

Por ejemplo, se puede atacar una web django que descomprima ficheros tar, metiendo un archivo en el tar con la ruta "../../../../../../../../usr/bin/ls" y sobreescribiría el fichero ls de ese servidor, siempre y cuando se esté ejecutando como root.

Esta es la vulnerabilidad, Así que cuidado al abrir *tar* en cosas hechas con python, si tienes rutas relativas dentro del tar "../" puedes conseguir sobreescribir cualquier archivo.

Un parche enviado en 2014, para evitar un problema de seguridad en tar en python, vuelve a la vida 4 años después:

I've been working on gnome-class to add GIR xml generation. I've something "working":
So write code in rust, this generates glib C-compatible binary lib and that can be called using GIR (gjs, python, etc)

Firmware update for my Lenovo from gnome software

Show more

Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!