LWN.net

The kernel is, on its face, a single large development project, butinternally it is better viewed as 100 or so semi-independent projects allcrammed into one big tent. Within those projects, there is a fair amountof latitude about how changes are managed, and some subsystems are usingthat freedom in the search for more efficient ways of working. In the end,though, all of these sub-projects have to work together and interface withkernel-wide efforts, including the stable-release and CVE-assignmentprocesses. For some time, there has been friction between the directrendering (DRM, or graphics) subsystem and the stable maintainers; thatfriction recently burst into view in a way that shows some of thelimitations of how the kernel community manages patches.

Security updates have been issued by AlmaLinux (fence-agents, raptor2, and rsync), Debian (chromium), Fedora (rsync and seamonkey), Mageia (openjpeg2), Red Hat (tuned), Slackware (git), SUSE (dcmtk, dnsmasq, govulncheck-vulndb, libQtWebKit4, libraptor-devel, opera, python311-Pillow, python311-translate-toolkit, rsync, and SDL2_sound-devel), and Ubuntu (linux-raspi-5.4, neomutt, and python2.7).

Inside this week's LWN.net Weekly Edition:

The Ghostty terminal emulatorproject has generated a surprising amount of interest, even beforecode was released to the public. This is in part due to the highprofile of its creator, HashiCorp founderMitchell Hashimoto. Its development was conducted behind closed doorsfor beta testing, until version1.0 was releasedon December 26 under the MITlicense. While far from finished, Ghostty is ready for day-to-dayuse and might be of interest to those who spend significant amounts oftime at the command line.

Version11.0.0 of the libvirt virtualizationAPI has been released. Notable changes in this release includethe ability to export virtiofs filesystems inread-only mode, the addition of support for vlan tagging and trunkingof network interfaces with the network, qemu, and lxc drivers, as wellas a number of bug fixes.

We have just now received word of the passingof Helen Borrie, a longtime contributor to the Firebird relationaldatabase project.

Linux Mint version22.1, a long-term-support (LTS) release with support until 2029, is nowavailable. Notable changes in this release include a transition to Aptkit for backgroundpackage management tasks, Captain to installDebian packages, and a new default theme with improved Waylandcompatibility. See the release notes forknown issues.

Nick Taitannounced on theoss-security mailing list thatrsync, the widely used file transfer program, had a number of serious vulnerabilities.Users can mitigate all six vulnerabilities by upgrading toversion 3.4.0, which was released on January 14. While all users should upgrade, servers that use rsyncd areespecially impacted:

Security updates have been issued by Arch Linux (rsync), Debian (rsync), Fedora (perl-Net-OAuth and redis), Red Hat (ipa, raptor2, rsync, and tuned), Slackware (rsync), SUSE (apache2-mod_jk, git, kernel, rclone, rsync, and webkit2gtk3), and Ubuntu (git, linux-azure-5.4, pdns, pdns-recursor, python-django, rlottie, and rsync).

The Mastodon project has announcedthat founder Eugen Rochko will be transferring "key Mastodonecosystem and platform components (including name and copyrights,among other assets)" to a new non-profit organization:

TuxFamily is aFrench free-software-hosting service that has been in operation since1999. It is a non-profit that accepts "any projectreleased under a free license", whether that is a software licenseor a free-content license, such as CC-BY-SA. It is also,unfortunately, slowly dying due to hardware failures and lack ofinterest. For example, the site's download servers are currentlyoffline with no plan to restore them.

The ptrace()system call allows a suitably privileged process to modify another in alarge number of ways. Among other things, ptrace() can interceptsystem calls and make changes to them, but such operations can be fiddlyand architecture-dependent. This patch series fromDmitry Levin seeks to improve that situation by adding a newptrace() operation to make changes to another process's systemcalls in an architecture-independent manner.

Security updates have been issued by AlmaLinux (kernel, NetworkManager, and thunderbird), Fedora (golang-github-aws-sdk-2, golang-github-aws-smithy, golang-github-ncw-swift-2, rclone, and thunderbird), Mageia (ceph, firefox, and thunderbird), Oracle (kernel, NetworkManager, and thunderbird), Red Hat (fence-agents and raptor2), SUSE (dpdk, firefox, frr, grafana, operator-sdk, perl-Module-ScanDeps, proftpd, python311-mistune, redis, thunderbird, valkey, and yq), and Ubuntu (hplip and webkit2gtk).

Hans de Goede has posted anupdate about his work to support IPU6 cameras on Fedora andsubmitting fixes upstream.

Chimera Linux is a new distributiondesigned to be "simple, transparent, and easy to pick up". Thedistribution is built from scratch, andrecently announced its first beta release. While the documentation andinstallation process are both a bit rough, the project already provides ausable desktop with plenty of useful software - one built primarily ontools adopted from BSD.

The blog of the SeaMonkeyproject, which develops an all-in-one internet application suite basedon Mozilla code, has reported the sad news of the suddenpassing of Bill Gianopoulos ("WG9s")on January 6 (obituary). He was a core developer andrelease engineer for the project.

Security updates have been issued by AlmaLinux (dpdk, firefox, iperf3, thunderbird, and webkit2gtk3), Debian (firefox-esr, gnuchess, node-mocha, openafs, python-django, and thunderbird), Fedora (libxmp, python-jinja2, suricata, thunderbird, and xen), Mageia (avahi, libjxl, opencontainers-runc, radare2, rizin, and tinyproxy), Oracle (cups, dpdk, firefox, iperf3, kernel, thunderbird, and webkit2gtk3), SUSE (apptainer, chromedriver, dnsmasq, govulncheck-vulndb, gstreamer, gstreamer-plugins-base, gstreamer-plugins-good, logback, and python311-slixmpp), and Ubuntu (libxmltok, linux-realtime, roundcube, and snapd).

Linus has released 6.13-rc7 for testing."So unless something odd happens the upcoming week, I expect to releasea final 6.13 next week as per the normal schedule". Read the fullannouncement for your details on how to get a free guitar pedal assembledby Linus himself.

Version2.48.0 of the Git source-code management system has beenreleased. There is a long list of incremental improvements and bugfixes; see the announcement and the highlightsblog from GitHub for details.

We have just now received word of thepassing of Paolo Mantegazza, the driving force behind the Real Time Application Interface projectand a key figure in the development of realtime Linux.

The death of Bram Moolenaar, Vimfounder and benevolent dictator for life (BDFL), in 2023 sent a shockthrough the community, and raised concern about the future of theproject. At VimConf 2024 inNovember, current Vim maintainer Christian Brabandt delivered akeynote on "the new Vim project" that detailed how thecommunity has reorganized itself to continue maintaining Vim and whatthe future looks like.

Automattic has announcedthat it is reallocating its resources away from contributing to theWordPress project as a response to the WPEngine lawsuit:

After yesterday's stable kernel releases, ChrisClayton reported a build problem with 6.6.70, which prompted Greg Kroah-Hartmanto release 6.6.71 to fix it.

Security updates have been issued by Fedora (chromium and mingw-poppler), Red Hat (dpdk, thunderbird, and webkit2gtk3), SUSE (firefox, govulncheck-vulndb, gstreamer, gstreamer-plugins-base, gstreamer-plugins-good, libmfx, openjpeg2, python310, python312, python39, tomcat, and webkit2gtk3), and Ubuntu (golang-golang-x-net).

Version1.84.0 of the Rust language has been released. Changes includeimproved version selection for dependencies in Cargo, the beginning of themigration to a new trait solver, and some updated pointer-provenance APIs.

The Software Freedom Conservancy is reportingthat AVM has released the full source and installation scripts for itsrouters in response to a lawsuit, filed by Sebastian Steck, based on LesserGNU Public License rights.

Attacks on the kernel can take many forms; one popular exploitation path isto find a way to overwrite some memory with attacker-supplied data. If theright memory can be targeted, one well-targeted stray write is all that isneeded to take control of the system. Since the system's page tablesregulate access to memory, they are an attractive target for this type ofattack. This patch set from Kevin Brodsky is an attempt to protect page tables (and,eventually, other data structures) using the "memory protection keys"feature provided by a number of CPU architectures.

The 6.12.9, 6.6.70, 6.1.124, 5.15.176, 5.10.233, and 5.4.289 stable kernels have been released.As usual, they contain important fixes all over the kernel tree.

Security updates have been issued by AlmaLinux (cups, kernel, and kernel-rt), Debian (chromium, firefox-esr, and webkit2gtk), Fedora (curl, firefox, gimp, mupdf, openjpeg2, and valkey), Red Hat (389-ds-base, cups, firefox, iperf3, kernel, kernel-rt, libreswan, python3.11-urllib3, thunderbird, and webkit2gtk3), Slackware (firefox, seamonkey, and thunderbird), SUSE (apptainer, firefox-esr, libopenjp2-7, libruby3_4-3_4, openjpeg2, and tomcat10), and Ubuntu (firefox, linux-azure, linux-azure, linux-azure-4.15, linux-azure, linux-azure-6.8, linux-azure, linux-intel-iotg-5.15, linux-azure-5.15, python2.7, thunderbird, and xfpt).

Inside this week's LWN.net Weekly Edition:

TheSequoia OpenPGP library has been in development for some time. LWNcovered the library in 2020. Now the project'scommand-line interface hasbeen released. The sq tool offers apromising alternative to the venerableGNU Privacy Guard (GPG) tool - albeit one with adifferent interface, set of terminology, and approach to the web oftrust. Several distributions are making increasing use of the toolbehind the scenes.

The Tor Project has published areview of major milestones from 2024, including merging withthe Tails project, work to enable human-friendly .onionaddresses, and the launch of WebTunnel:

The pkgsrc developers haveannounced the 2024Q4 branch of the pkgsrc cross-platformpackaging system. It is the default package manager for NetBSD, SmartOS, and is available forLinux as well. This marks the 85th quarterly release of pkgsrc:

Security updates have been issued by Fedora (firefox, mupdf, and php-tcpdf), SUSE (etcd, file-roller, gtk3, kernel, python-django-ckeditor, rubygem-json-jwt, and tomcat10), and Ubuntu (ffmpeg, HTMLDOC, linux-aws, linux-raspi, linux-gke, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, and tinyproxy).

Kernel networking maintainer Jakub Kicinski reviews progress inthe networking subsystem in 2024.

Gentoo Linux has published a projectretrospective that looks at the major improvements and news from2024, the Gentoo Foundation's finances, and contributions to Gentoo bythe numbers.

In the past, LWN had a tradition of publishing a timeline ofnotable events from the previous year in early January. We thought wemight try reviving that tradition in 2025 to see if our readers findit useful. While we have covered these events as theyhappened, it's interesting to see how much has taken place in just12 months.

Version 134.0 of the Firefox browser has been released. Changes include support for touchpad hold gestures on Linux, a refreshed layout for the New Tab page for users in the US and Canada, and improved support for debugging web extensions.

Security updates have been issued by AlmaLinux (python-requests), Oracle (python-requests), SUSE (python-Jinja2 and rizin), and Ubuntu (ceph, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-lts-xenial, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi, linux-aws, linux-kvm, linux-hwe-6.8, linux-intel-iotg, linux-oem-6.11, linux-raspi-5.4, and salt).

During EmacsConf2024, whichwas held online in early December2024, Ramin Honary gave a talk about ProjectGypsum, which is his effort to rewrite Emacs in Scheme. Unlike most other Emacs clones,which simply replicate the key bindings, Gypsum is also implementing EmacsLisp (or Elisp). Honary is initially targeting Guile, which is animplementation of Scheme, but wants to make the code portableto any implementation of R7RS Scheme.

From the Ubuntu Discourse instance comes thesad news that longtime Debian and Ubuntu contributor Steve Langasek haspassed away.

Security updates have been issued by Fedora (ofono and webkitgtk), Mageia (ruby and virtualbox & kmod-virtualbox), Red Hat (oci-seccomp-bpf-hook and runc), SUSE (corepack22, dpdk, libpoppler-cpp1, pcp, python-Jinja2, and sysstat), and Ubuntu (tinyproxy).

Linus has released 6.13-rc6 for testing.

ThePony programming language is dedicated toexploring how to make high-performanceactor-based systems. Started in 2014,the language's most notable feature is probablyreference capabilities, a system of pointer annotations that gives the developerfine manual control over how data is shared between actors, while simultaneouslyensuring that Pony programs don't have data races. The language is not likely toovertake other more popular programming languages, but its ideas could be useful forother languages or frameworks struggling with concurrent data access.

Security updates have been issued by Debian (linux-6.1), Fedora (iwd and libell), Red Hat (python-requests), and SUSE (velero).

We are reliably informed by the calendar that yet another year has begun.That can only mean one thing: the time has come to go out on a limb with aseries of ill-advised predictions that are almost certainly not howthe year will actually go. We have to try; it's traditional, after all.Read on for our view of what's coming and how it may play out.

Greg Kroah-Hartman has announced the release of the 6.12.8, 6.6.69, and 6.1.123 stable kernels. They containimportant fixes throughout the kernel tree, as usual.

Security updates have been issued by Red Hat (container-tools:rhel8) and SUSE (liboqs, oqs-provider and python-Jinja2).

While some people are focused on new and trendy languages, Jose Marchesihas, instead, gifted the world with a GCC frontend for the Algol 68 language.

Security updates have been issued by Debian (python-django and python-tornado), Fedora (libxml2), and Red Hat (python-virtualenv and python36:3.6).