LWN.net

Mozilla has issuedan update to its terms of use (TOU) that were announcedon February26. It has removed a reference in the TOU toMozilla's Acceptable Use Policy "because it seems to be causingmore confusion than clarity", and has revised the TOU "to moreclearly reflect the limited scope of how Mozilla interacts with userdata". The new language says:

One of the many new features packed into the 6.13 kernel release was guardpages, a hardening mechanism that makes it possible to inject zero-accesspages into a process's address space in an efficient way. That featureonly supports anonymous (user-space data) pages, though. To make guardpages more widely useful, Lorenzo Stoakes has put together a patchset enabling the feature for file-backed pages as well; in the process,he examined and resolved a long list of potential problems that extendingthe feature could encounter. One potential problem was not on his list,though.

Security updates have been issued by Debian (ffmpeg, kernel, linux-6.1, mariadb-10.5, proftpd-dfsg, and xorg-server), Fedora (chromium, cutter-re, iniparser, nodejs22, rizin, webkitgtk, wireshark, xen, and xorg-x11-server), Mageia (binutils and ffmpeg), Oracle (emacs and kernel), Red Hat (emacs and webkit2gtk3), SUSE (azure-cli, bsdtar, gnutls, govulncheck-vulndb, libX11, libxkbfile, libxml2, nodejs-electron, openssh8.4, ovmf, phpMyAdmin, python, python-azure-identity, python311-jupyter-server, tiff, trivy, u-boot, and wireshark), and Ubuntu (opennds and Ruby SAML).

The 6.14-rc5 kernel prepatch is out fortesting. "Nothing looks particularly big or worrisome".

Differences of opinion, as well as outright disputes, betweenupstream open-source projects and Linux distribution packagers overpackaging practices are nothing new. It is rarer, though, for thosedisputes to boil over to threats of legal action-but adisagreement between the OpenBroadcaster Software (OBS) Studio project and Fedora packagersreached that point in mid-February. After escalation to a higherauthority, things have been worked out to the satisfaction of the OBSproject, but some lingering questions remain. How Fedora shouldprioritize Flatpak repositories,how to handle conflicts between upstreams and Fedora packagers, andthe mechanics of removing or retiring Flatpaks all remain openquestions.

There is a fair amount of unhappiness on the Internet about the announcementfrom Mozilla about a new "terms ofuse" agreement and an updatedprivacy notice for the Firefox browser.

Security updates have been issued by Debian (emacs, freerdp2, and gst-plugins-good1.0), Fedora (java-17-openjdk, python3.6, and xorg-x11-server-Xwayland), Mageia (radare2), SUSE (libX11, openvswitch3, postgresql13, procps, ruby2.5, webkit2gtk3, and xorg-x11-server), and Ubuntu (git, linux-aws, linux-aws, linux-aws-6.8, linux-aws, linux-oracle, linux-oracle-5.4, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, and linux-oem-6.11).

Paul McKenney has put together a series ofarticles on how to improve one's ability to give a good talk at atechnical conference.

Version 4.0 of the Fishshell has been released. Improvements include a better key-bindingmechanism, the ability to tie abbreviations to a specific command,selective ignoring of commands in the history, some scripting improvements,and more. See therelease notes for details.

Zotero is anopen-source reference management tool designed for collecting,organizing, and citing research materials. It is particularly usefulfor those writing research papers, theses, or books that require abibliography in standard formats like APAStyle, ChicagoStyle, or MLAFormat. Zotero stores bibliographic metadata, annotations, and userdata and integrates with word processors like LibreOffice, MicrosoftWord, and Google Docs to produce in-text citations andbibliographies. The core features of Zotero include metadata extraction,tagging, full-text indexing, and cloud synchronization formulti-device access, and Zotero has a plugin system toallow anyone to expand its capabilities. The most recent majorrelease, Zotero7, addedsupport for reading EPUBs, brought user-interface improvementsincluding a dark mode, performance improvements, and more.

Intel's indirectbranch tracking (IBT) is a hardware-implemented control-flow-integritymechanism that makes it harder for an attacker to gain control of thesystem by way of a corrupted indirect branch. FineIBT is a softwareextension to IBT that is meant to improve its protection. Recently,though, Jennifer Miller reported a novel way to bypassFineIBT by taking advantage of how the kernel's system-call entry point isconstructed. In response, Peter Zijlstra is working on some FineIBTenhancements to close that hole and make IBT more secure in general.

The 6.13.5, 6.12.17, and 6.6.80 stable kernels have been released. Asusual, they contain important fixes all over the kernel tree; users ofthose series should upgrade.

Security updates have been issued by Debian (emacs and openh264), Fedora (rpm-ostree), Mageia (dcmtk, libcap, openssh, and proftpd), Red Hat (emacs, kernel, and pki-servlet-engine), Slackware (emacs), SUSE (chromium, ffmpeg-4, ffmpeg-7, gnutls, libiniparser-devel, procps, socat, vim, xorg-x11-server, and xwayland), and Ubuntu (binutils, libsndfile, libxmltok, and php5).

Inside this week's LWN.net Weekly Edition:

FOSDEM 2025 featured the usual talksabout open-source software, but, as always, the conference also offered theopportunity to discover some more exotic and less software-centrictopics. That's how I learned about the FlowBattery Research Collective (FBRC), which is building what willeventually become an open-source home battery.Daniel Fernandez Pinto represented the collective atFOSDEM with his talk "Buildingan Open-Source Battery for Stationary Storage" in the "Energy: Acceleratingthe Transition through Open Source" developer room (devroom).

The Gentoo Linux project hasannouncedthe availability of qcow2 images for amd64 (x86_64) and arm64(aarch64), and plans to "eventually" offer images for theriscv64 and loongarch64 architectures.

One of the often-requested LWN site features that has languished thelongest on our to-do list is full-text RSS feeds. We are happy to announcethat, finally, there is a set of such feeds available; the full set can beseen on our feeds page. This is asubscriber-only feature, and it works by creating a unique fetch URL foreach user. We will, of course, be counting on our readers to not sharethose URLs.Another feature we have had requests for is to automatically present thesite in dark-mode colors when a reader's browser has been configured toprefer it. That feature, too, is now available. In this case, we had tothink about the interaction between automatic selection and the colorcustomization that the site has long had. The conclusion we reached isthat, if custom colors have been configured for an account, they will winout over the automatic selection. There is a new preference in the customization area to change thisdefault if desired.Both of these features - and the other enhancements we have made recently -were enabled by the support of LWN's subscribers. By making it possible tobring in new staff last year, you created the space to improve the siteexperience while keeping up with the writing. We thank all of you for yoursupport.

Version25.2 of the Armbian Linuxdistribution for single-board computers (SBCs) has been released. Notablechanges in this release include support for many new SBCs, an upgradeto Linux kernel 6.12.x, and more. See the changelogfor a complete list.

TheFaster CPython project has been working to speed up the Python interpreterfor the past several years. Now, Ken Jin, a member of the project, has merged anew set of changes thathave beenbenchmarked as improving performance by 10% for some architectures.The only change is switching from using computed goto statements to usingtail calls as part of the implementation of Python's bytecode interpreter - but that change allowsmodern compilers to generate significantly better code.

Security updates have been issued by Fedora (crun, gnutls, libtasn1, and openssl), Mageia (emacs, gnutls, iniparser, kernel, kmod-virtualbox, kmod-xtables-addons, kernel-linus, krb5, libxml2, and vim), Slackware (tigervnc and xorg), SUSE (libprotobuf-lite28_3_0 and Maven), and Ubuntu (dropbear, kernel, libxml2, linux, linux-lowlatency, linux-lowlatency-hwe-6.8, linux, linux-lts-xenial, linux-aws-5.4 linux-raspi-5.4, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi, ProFTPD, python-virtualenv, rails, and xorg-server, xwayland).

The conversation around the merging of a set of Rust abstractions for thekernel's DMA-mapping layer has mostly settled after Linus Torvalds made it clear that the code would beaccepted. One other consequence of this decision, though, is thatChristoph Hellwig has quietly stepped down from themaintenance of the DMA-mapping code. Marek Szyprowski will be themaintainer of that layer going forward. Hellwig has maintained that codefor many years; his contributions will be missed.

The Linux kernel supports attaching BPF programs to many operations.This is generally safe because the BPF verifier ensuresthat BPF programs can't misuse kernel resources, run indefinitely, or otherwiseescape their boundaries. There is continuing tension, however, between tryingto expand the capabilities of BPF programs and ensuring that the verifier canhandle every edge case. On February14, Juntong Dengshared a proof-of-concept patch set thatadds some run-time checks to BPF to make it possible in the future to interrupta running BPF program.

Security updates have been issued by AlmaLinux (libpq, postgresql:13, postgresql:15, and postgresql:16), Debian (nodejs and php-nesbot-carbon), Mageia (neomutt), Red Hat (python3.11-urllib3 and tuned), SUSE (crun, ovmf, pam_pkcs11, qemu, and webkit2gtk3), and Ubuntu (iniparser, libcap2, linux, linux-hwe, linux, linux-hwe-5.4, linux, linux-lowlatency, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm-5.4, linux-azure, linux-azure-fde, linux-gkeop, linux-nvidia, linux-oracle, linux-azure-5.15, linux-azure-fde-5.15, linux-oracle-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-kvm, linux-lowlatency-hwe-5.15, and linux-xilinx-zynqmp).

Version2.0 of the Aqualunggapless music player has been released. Aqualung supports playback ofa wide range of audio formats, ripping CDs to WAV, FLAC, Ogg Vorbis,or MP3, and subscribing to podcasts via RSS or Atom feeds. The primarychange in this release is the migrationfrom GTK2 to GTK3, and dropping support for custom skins as aresult.

The kernel's slab allocator is responsible for the allocation of small(usually sub-page) chunks of memory. For many workloads, the speed ofobject allocation and freeing is one of the key factors in overallperformance, so it is not surprising that a lot of effort has gone intooptimizing the slab allocator over time. Now that the kernel is down to a single slab allocator, thememory-management developers have free rein to add complexity to it; thelatest move in that direction is the per-CPUsheaves patch set from slab maintainer Vlastimil Babka.

The AlmaLinux project has publisheda request for comments (RFC) on rebuilding Fedora's Extra Packages forEnterprise Linux (EPEL), which provides additional software forRed Hat Enterprise Linux (RHEL) and its derivatives, to support olderx86_64 hardware that is not supported by EPEL10. While this maysound simple on the surface, the proposed rebuild carries a fewpotential risks that the AlmaLinux and EPEL contributors would like toavoid. The AlmaLinuxEngineering Steering Committee (ALESCo) is currently consideringfeedback and will vote on the RFC in March.

The Emacs extensible texteditor (among other things) has made a security release to address twovulnerabilities. Emacs 30.1 has fixes for CVE-2025-1244,which is a shell-command-injection flaw in the man.el man page browser andfor CVE-2024-53920,which is a code-execution vulnerability in the flymakesyntax-checking mode. LWN covered theflymake problems back in December.

Security updates have been issued by AlmaLinux (bind, bind9.18, libpq, mysql, postgresql, postgresql:15, and postgresql:16), Debian (fort-validator, gnutls28, krb5, libxml2, and python-werkzeug), Fedora (chromium, openssh, proftpd, python3.8, vaultwarden, and vim), Oracle (bind, bind9.16, bind9.18, libpq, libsoup, mysql, mysql:8.0, nodejs:18, nodejs:22, postgresql, postgresql:13, postgresql:15, and postgresql:16), Red Hat (mysql, mysql:8.0, and python3), SUSE (chromedriver, dcmtk, grub2, java-1_8_0-ibm, java-23-openjdk, luanti, openssh, postgresql14, postgresql15, postgresql16, postgresql17, proftpd, radare2, and webkit2gtk3), and Ubuntu (intel-microcode, netty, and nginx).

The 6.14-rc4 kernel prepatch is out fortesting. "This continues to be the right kind of 'boring' release:nothing in particular stands out in rc4".

The pytest-mhproject is a plugin that provides a multi-host test framework for thepopular pytestunit-testing framework and test runner. Work on pytest-mhstarted in 2023 to solve a multitude of issues thatcropped up for developers and testers when testing the SSSD project, which is a client forenterprise identity management. I was not happy with the state oftesting of the SSSD project and wanted to create something that wouldincrease test readability, remove duplication, eliminate errors, andprovide multi-host testing capabilities, while having the flexibilityto build a new API around it. Finally, I also wanted something thatcan be used by anyone to test their projects as well.

Greg Kroah-Hartman has released another four stable kernels:6.13.4,6.12.16,6.6.79, and6.1.129. As usual, all users are advised to upgrade.

Security updates have been issued by AlmaLinux (bind, bind9.16, and mysql:8.0), Debian (chromium, djoser, libtasn1-6, and postgresql-13), Fedora (python3.12 and vim), Red Hat (libpq, postgresql, postgresql:13, postgresql:15, and postgresql:16), Slackware (ark), SUSE (brise, chromium, emacs, google-osconfig-agent, grafana, grub2, helm, kernel, openssh, openssl-1_1, ovmf, postgresql13, postgresql14, postgresql15, and postgresql17), and Ubuntu (gnutls28, libtasn1-6, openssl, python3.10, python3.12, python3.8, and webkit2gtk).

At the end of January we ran this articleon the discussions around a set of Rust bindings for the kernel'sDMA-mapping layer. Many pixels have been expended on the topic sinceacross the net, most recently in thissprawling email thread. Linus Torvalds has now madehis feelings known on the topic:

Version1.85.0 of the Rust language has been released. Changes in the releaseinclude support for async closures, some convenience iterators for tuples,and a number of stabilized APIs. The headline feature, though, is thatthis release stabilizes the Rust 2024edition, described as "the largest edition we have released".The 2024edition guide has a detailed listing of all the changes that wereincorporated this time around.

The maximum filesystem block size that the kernel can support has alwaysbeen limited by the host page size for Linux, even if the filesystems couldhandle larger block sizes. The large-block-size (LBS) patches that were mergedfor the 6.12kernel removed this limitation in XFS, thereby decouplingthe page size from the filesystem block size. XFS is the first filesystemto gain this support, with other filesystems likely to add LBS support inthe future. In addition, the LBS patches have been used to get the initial atomic-write support into XFS.

Atomic block writes, which have been discussed here afew times in the past, are block operations that either complete fully ordo not occur at all, ensuring data consistency and preventing partial (or"torn") writes. This means the disk will, at all times, contain either thecomplete new data from the atomic write operation or the complete old datafrom a previous write. It will never have a mix of both the old and the newdata, even if a power failure occurs during an ongoing atomic writeoperation. Atomic writes have been of interest to many Linux users,particularly database developers, as this feature can provide significantperformance improvements.

Security updates have been issued by Debian (mosquitto), Fedora (gnutls, kernel, libtasn1, microcode_ctl, openssh, python3.10, python3.11, and python3.9), Red Hat (bind, bind9.16, buildah, container-tools:rhel8, podman, and redis:6), Slackware (libxml2), SUSE (dcmtk, google-osconfig-agent, java-17-openj9, kubernetes1.30-apiserver, kubernetes1.31-apiserver, openssh, and ruby3.4-rubygem-grpc), and Ubuntu (linux, linux-lowlatency and linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime).

Inside this week's LWN.net Weekly Edition:

Mark Surman, president of the Mozilla Corporation, has announcedleadership updates for Mozilla. This includes a Mozilla LeadershipCouncil made up of executives from each Mozilla organization, and newboard chairs for the not-for-profit Mozilla Foundation, theMozilla Corporation, and Mozilla.ai. The announcement alsoindicates a desire to further "diversify" Mozilla's focus:

Steven Rostedt recently posteda patch set that could help improve the performance of certain user-spaceapplications by giving the scheduler more context about when they are safe tointerrupt. The patch set lets programs request a small grace windowbefore they can be interrupted so that they can relinquish any locks, decreasing theamount of time that other threads have to spend waiting. Rostedt sharedperformance numbers suggesting that the patch might cut the amount of time spentacquiring locks in half for some programs - although, since his test wasspecifically tuned for this case, real-world projects should expect a somewhatless dramatic improvement. The change received some pushback from schedulermaintainer Peter Zijlstra, who objected to the patch set's approach.

Version25.0.0 of the Mesa graphics library has been released. "The flashiest addition is probably the support for Vulkan 1.4 by Anv (Intel),Asahi (Apple), Lavapipe (software), NVK (NVIDIA), PanVK (Mali), RADV (AMD),and Turnip (Qualcomm).Users can expect the usual flurry of improvements across all drivers andcomponents."

Many of us enjoy uninterrupted access to mobile networks. However, inremote areas or during emergencies, that connectivity may not always beavailable. For such scenarios, Meshtastic offers a decentralizedwireless mesh network with open-source firmware that runs on affordable,low-power devices.At FOSDEM 2025, the Meshtasticproject was represented by one of its core developers, Thomas Gottgens, whogave a talk, "Meshtastic- off-grid communication for everyone", in the Radio developerroom (devroom).

The Fedora Project has announcedtwo milestones in its journey to supporting the RISC-V architecture: adedicated RISC-V Koji build system instance is live in the Fedora datacenter, and Fedora41-based images are now available for RISC-V. It is also possibleto run Fedora RISC-V images using QEMU for those without supportedhardware.

Debian Developer Thomas Lange has written a blog postin the attempt to help users find the right Debian image for theirsystems.

Security updates have been issued by AlmaLinux (gcc-toolset-14-gcc, nodejs:18, and nodejs:22), Fedora (bootc), Gentoo (OpenSSH), Oracle (doxygen, libxml2, mingw-glib2, and NetworkManager), Red Hat (bind, bind9.16, bind9.18, kernel, kernel-rt, mysql, and mysql:8.0), Slackware (openssh), SUSE (buildah, emacs, glibc, google-osconfig-agent, grub2, java-11-openj9, kernel, netty, netty-tcnative, openssh, openvswitch, podman, and ucode-intel), and Ubuntu (atril, libsndfile, libtasn1-6, openssh, python-virtualenv, and symfony).

Pi-hole v6 has been released. Thelatest version of the popular ad-blocking software sports a redesigneduser interface, has support for subscribing to allowlists, and bringsa new REST API and embedded web server. Its Docker/OCI image is nowbased on Alpine Linuxrather than Debian to reduce imagesize. See the announcement for guidance on upgrading existing Pi-holeinstallations.

The Reproducible-openSUSE project has announcedthat it has created a usable version of openSUSE with 100% reproduciblepackages.

Kernel developers have been working to convert various internal interfaces tousefolios; while this process has been progressing, there is still theoccasional regression introduced by the change. In December2024, it wasdiscovered that installing aFlatpak application could trigger a filesystem bug inthe kernel that would cause the software to read incorrect data from the disk.The problem was quickly fixed - only for an another problem caused by the foliorewrite to pop up in the same kernel subsystem. This was discovered by an ArchLinux user, who noticed that selecting files in a Flatpak application wascausing kernel crashes. Now both bugs are fixed, but there may be more bugs to find.

The 6.12.15 stable kernel update has beenfast-tracked to release. It seems that its predecessor contains aregression in the XFS filesystem that can lead to kernel crashes.

Security updates have been issued by Debian (gnutls28, openssh, and pam-pkcs11), Mageia (microcode and python-cryptography), Oracle (nodejs:18, nodejs:20, and rsync), Red Hat (gcc, nodejs:20, and nodejs:22), SUSE (emacs, kernel, openvswitch, and ucode-intel), and Ubuntu (Docker).