LWN.net

Security updates have been issued by Debian (mosquitto), Fedora (gnutls, kernel, libtasn1, microcode_ctl, openssh, python3.10, python3.11, and python3.9), Red Hat (bind, bind9.16, buildah, container-tools:rhel8, podman, and redis:6), Slackware (libxml2), SUSE (dcmtk, google-osconfig-agent, java-17-openj9, kubernetes1.30-apiserver, kubernetes1.31-apiserver, openssh, and ruby3.4-rubygem-grpc), and Ubuntu (linux, linux-lowlatency and linux-aws, linux-azure, linux-gcp, linux-oracle, linux-raspi, linux-realtime).

Inside this week's LWN.net Weekly Edition:

Mark Surman, president of the Mozilla Corporation, has announcedleadership updates for Mozilla. This includes a Mozilla LeadershipCouncil made up of executives from each Mozilla organization, and newboard chairs for the not-for-profit Mozilla Foundation, theMozilla Corporation, and Mozilla.ai. The announcement alsoindicates a desire to further "diversify" Mozilla's focus:

Steven Rostedt recently posteda patch set that could help improve the performance of certain user-spaceapplications by giving the scheduler more context about when they are safe tointerrupt. The patch set lets programs request a small grace windowbefore they can be interrupted so that they can relinquish any locks, decreasing theamount of time that other threads have to spend waiting. Rostedt sharedperformance numbers suggesting that the patch might cut the amount of time spentacquiring locks in half for some programs - although, since his test wasspecifically tuned for this case, real-world projects should expect a somewhatless dramatic improvement. The change received some pushback from schedulermaintainer Peter Zijlstra, who objected to the patch set's approach.

Version25.0.0 of the Mesa graphics library has been released. "The flashiest addition is probably the support for Vulkan 1.4 by Anv (Intel),Asahi (Apple), Lavapipe (software), NVK (NVIDIA), PanVK (Mali), RADV (AMD),and Turnip (Qualcomm).Users can expect the usual flurry of improvements across all drivers andcomponents."

Many of us enjoy uninterrupted access to mobile networks. However, inremote areas or during emergencies, that connectivity may not always beavailable. For such scenarios, Meshtastic offers a decentralizedwireless mesh network with open-source firmware that runs on affordable,low-power devices.At FOSDEM 2025, the Meshtasticproject was represented by one of its core developers, Thomas Gottgens, whogave a talk, "Meshtastic- off-grid communication for everyone", in the Radio developerroom (devroom).

The Fedora Project has announcedtwo milestones in its journey to supporting the RISC-V architecture: adedicated RISC-V Koji build system instance is live in the Fedora datacenter, and Fedora41-based images are now available for RISC-V. It is also possibleto run Fedora RISC-V images using QEMU for those without supportedhardware.

Debian Developer Thomas Lange has written a blog postin the attempt to help users find the right Debian image for theirsystems.

Security updates have been issued by AlmaLinux (gcc-toolset-14-gcc, nodejs:18, and nodejs:22), Fedora (bootc), Gentoo (OpenSSH), Oracle (doxygen, libxml2, mingw-glib2, and NetworkManager), Red Hat (bind, bind9.16, bind9.18, kernel, kernel-rt, mysql, and mysql:8.0), Slackware (openssh), SUSE (buildah, emacs, glibc, google-osconfig-agent, grub2, java-11-openj9, kernel, netty, netty-tcnative, openssh, openvswitch, podman, and ucode-intel), and Ubuntu (atril, libsndfile, libtasn1-6, openssh, python-virtualenv, and symfony).

Pi-hole v6 has been released. Thelatest version of the popular ad-blocking software sports a redesigneduser interface, has support for subscribing to allowlists, and bringsa new REST API and embedded web server. Its Docker/OCI image is nowbased on Alpine Linuxrather than Debian to reduce imagesize. See the announcement for guidance on upgrading existing Pi-holeinstallations.

The Reproducible-openSUSE project has announcedthat it has created a usable version of openSUSE with 100% reproduciblepackages.

Kernel developers have been working to convert various internal interfaces tousefolios; while this process has been progressing, there is still theoccasional regression introduced by the change. In December2024, it wasdiscovered that installing aFlatpak application could trigger a filesystem bug inthe kernel that would cause the software to read incorrect data from the disk.The problem was quickly fixed - only for an another problem caused by the foliorewrite to pop up in the same kernel subsystem. This was discovered by an ArchLinux user, who noticed that selecting files in a Flatpak application wascausing kernel crashes. Now both bugs are fixed, but there may be more bugs to find.

The 6.12.15 stable kernel update has beenfast-tracked to release. It seems that its predecessor contains aregression in the XFS filesystem that can lead to kernel crashes.

Security updates have been issued by Debian (gnutls28, openssh, and pam-pkcs11), Mageia (microcode and python-cryptography), Oracle (nodejs:18, nodejs:20, and rsync), Red Hat (gcc, nodejs:20, and nodejs:22), SUSE (emacs, kernel, openvswitch, and ucode-intel), and Ubuntu (Docker).

It is a standard practice to use milestones to reflect on theachievements of a project, such as the anniversary of its firstrelease or first commit. Usually, these are observed at five andtenyear increments; the tenth anniversary of the 1.0 release, or 25years since from the first public announcement, etc. LennartPoettering, however, took a different approach at FOSDEM2025 with a keynotecommemorating 14 years of systemd,and a brief look ahead at his goals and systemd's challenges for the future.

Greg Kroah-Hartman has released three more stable kernels:6.13.3,6.12.14, and6.6.78.There was a bit of confusion that resulted in the patch forCVE 2025-21687getting applied twice - but that doesn't result in any problems for users of thekernel, just a bit of extra noise in the CVE database, so Kroah-Hartman hasdecided to leave the releases as-is instead of rushing another point release.

Security updates have been issued by AlmaLinux (container-tools:rhel8, gcc, libxml2, nodejs:18, and nodejs:20), Debian (freerdp2, golang-glog, trafficserver, and tryton-client), Fedora (chromium, krb5, libheif, microcode_ctl, nginx, nginx-mod-fancyindex, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, and webkitgtk), Mageia (ffmpeg, golang, postgresql13 and postgresql15, and python-zipp), Oracle (container-tools:ol8, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, kernel, libxml2, and nodejs:20), Red Hat (gcc, idm:DL1, and ipa), SUSE (buildah, chromium, glibc, kernel, kernel-firmware-all-20250206, libecpg6, postgresql15, python, python3, python311, and ruby3.4-rubygem-rack), and Ubuntu (intel-microcode).

The 6.14-rc3 kernel prepatch is out fortesting; the announcement, for unknown reasons, went only to thelinux-btrfs list.

There are many challenges involved with running a web site like LWN. Someof them, such as finding the courage to write for people who know moreabout the subject matter than we do, simply come with the territory we havechosen. But others show up as an unwelcome surprise; the ongoing task offending off bots determined to scrape the entire Internet to (seemingly)feed into the insatiable meat grinder of AI training is certainly one ofthose. Readers have, at times, expressed curiosity about that fight andhow we are handling it; read on for a description of a modern-day plague.

Memcached is a memory-baseddata-caching daemon that has a long history. More than twenty years after its first publicrelease, Memcached strives to remain relevant in a vastly changedcomputing landscape, balancing new features with a commitment to the originalprinciples that separate it from newer alternatives like Redis and Hazelcast.

Security updates have been issued by AlmaLinux (doxygen, gcc-toolset-13-gcc, gcc-toolset-14-gcc, kernel, and libxml2), Debian (chromium, postgresql-13, and webkit2gtk), Fedora (krb5, openssl, and python3.13), Mageia (ark, ofono, and perl-Net-OAuth, perl-Crypt-URandom, perl-Module-Build), Oracle (firefox, gcc, gcc-toolset-14-gcc, kernel, openssl, tbb, and thunderbird), Red Hat (libxml2), SUSE (chromium, golang-github-prometheus-prometheus, grafana, kernel, kernel-firmware-ath10k-20250206, kernel-firmware-bnx2-20250206, kernel-firmware-brcm-20250206, kernel-firmware-chelsio-20250206, kernel-firmware-dpaa2-20250206, kernel-firmware-mwifiex-20250206, kernel-firmware-platform-20250206, kernel-firmware-realtek-20250206, kernel-firmware-serial-20250206, kernel-firmware-ueagle-20250206, libtasn1, python312, qemu, SUSE Manager Client Tools, SUSE Manager Client Tools MU 5.0.3, and ucode-intel-20250211), and Ubuntu (activemq and libsndfile).

The Asahi Linux project, which is working to support Linux on Applesilicon, has announced theresignation of Hector "marcan" Martin as its lead, and his replacement by aseven-person committee. "Today's news is bittersweet. We are gratefulto marcan for kicking off this project and tirelessly working on it thesepast years. Our community will miss him. Still, with your support, theproject has a bright future to come". Martin has explained his reasonsfor leaving at length in thisblog post.

The openSUSE project has announcedthat future installations of the Tumbleweed rolling distribution will useSELinux for mandatory access control rather than AppArmor. Existinginstallations will not be migrated, and AppArmor will continue to bemaintained for Tumbleweed. The openSUSE Leap15 distribution is not changing.

Huge pages can increase the performance of many programs, but they can alsohave unfortunate performance impacts of their own. Over the last fewyears, multi-size transparent huge pages (mTHPs) have increasingly beenseen as a happy medium that bring the benefits of huge pages at a lower cost.The system cannot benefit from mTHPs, though, if it does not create them;two developers have independently posted patches to enable the creation ofmTHPs in the background.

Security updates have been issued by AlmaLinux (doxygen and openssl), Debian (dcmtk and webkit2gtk), Fedora (chromium, clevis-pin-tpm2, envision, fido-device-onboard, gotify-desktop, keylime-agent-rust, keyring-ima-signer, libkrun, python3.10, python3.11, python3.14, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-openssl, rust-openssl-sys, rust-pore, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sqv, rust-sevctl, rust-snphost, rust-tealdeer, rustup, and s390utils), Mageia (ffmpeg, php-tcpdf, python-tornado, and subversion), Red Hat (openssl and python-jinja2), SUSE (crun, glibc, kernel, libngtcp2-16, libtasn1, netty, ovmf, podman, python, and python3), and Ubuntu (ansible, digikam, linux-aws, linux-aws-5.15, linux-azure-6.8, and ruby2.7).

Inside this week's LWN.net Weekly Edition:

The Codeberg development forge hasrecently been subject to sustained attacks resulting in, among otherthings, abusive email being sent to the site's users. The organization hasnow put up adescription and a defiant response:

While large language models and the expensive hardware they require are allthe rage now, other areas of artificial intelligence work within much moreconstrained hardware environments. At FOSDEM2025, Jon Nordby presentedhis open-source machine-learning inference engine for microcontrollers,named emlearn. The projectalso boasts bindings for MicroPython,thus making machine-learning applications even more accessible.

Security updates have been issued by AlmaLinux (firefox, kernel, kernel-rt, tbb, and thunderbird), Debian (bind9, cacti, pam-pkcs11, and ruby2.7), Fedora (bind, bind-dyndb-ldap, chromium, crun, and java-21-openjdk), Mageia (calibre, nginx, python-ansible-core, python-jinja2, python-pip, python-setuptools, python-twisted, and python-waitress), Red Hat (doxygen, firefox, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, tbb, and thunderbird), SUSE (go1.24, govulncheck-vulndb, java-1_8_0-openj9, kernel, openssl-3, ovmf, python3-numpy, python311, python36, qemu, and skopeo), and Ubuntu (bluez and openssl).

Most Linux systems depend on a suite of core utilities that the GNU Project started development ondecades ago and are, of course, written in C. At FOSDEM2025, Sylvestre Ledrumade the case in hismain stage talk that modern systems require safer, moremaintainable tools. Over the past few years, Ledru has led the chargeof rewriting the GNUCore Utilities (coreutils) in Rust, as the MIT-licensed uutils project. The goal is tooffer what he said are more secure, and more performant drop-inreplacements for the tools Linux users depend on. At FOSDEM, Ledruannounced that the uutils project is setting its sights evenhigher.

High-performance networking is a highly tuned activity; the amount of timeavailable to deal with each packet may be measured in nanoseconds, so caremust be taken to avoid anything that might slow the process down.Recently, there has been a fair amount of attention given to a patch setmerged for 6.13 that, it is claimed, can improve processing efficiency(and, thus, power savings)in data centers by as much as 30%. The change itself, contributed by JoeDamato and Martin Karsten, is a relatively small tweak to existingoptimization techniques; it shows just how much care is needed to optimizea high-bandwidth server.

Version 6.3 ofthe Plasma desktop has been released.

The 6.6.77 stable kernel update has beenreleased; it contains a single fix for a User Mode Linux build problem.

Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim).

Miguel Ojeda gavea keynote atFOSDEM2025 about the history of theRust-for-Linuxproject, and the current attitude of people in the kernel community toward theexperiment. Unlike hisusual talks, this talk didn't focus so much on the currentstate of the project, but rather on discussing historyand predictions for the future. He ended up presenting quotes from more than 30people involved in kernel development about what they thought of the project andexpected going forward.

Version1.4.0 of Arti, the Tor Project's next-generationTor client written in Rust, has been released. Notable improvements inthis release include a new RPCinterface, and preparatory work toward service-side onion servicedenial-of-service resistance. The release is dedicated to the memory of Jeremy Bobbio,better known by many as "Lunar". For full details on the release, seethe changelog.

Miguel Ojeda has announcedthe posting of anew document describing policies around the use of Rust in the Linuxkernel.

Security updates have been issued by AlmaLinux (buildah, bzip2, galera and mariadb, keepalived, kernel, kernel-rt, mariadb:10.11, mingw-glib2, and podman), Debian (ark, firefox-esr, kernel, sssd, and thunderbird), Fedora (abseil-cpp, clevis-pin-tpm2, dbus-parsec, envision, fido-device-onboard, firefox, golang-github-nvidia-container-toolkit, gotify-desktop, jpegxl, keylime-agent-rust, keyring-ima-signer, libkrun, php-phpseclib, python-cryptography, python3-docs, python3.12, python3.13, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-crypto-auditing-agent, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-oo7-cli, rust-openssl, rust-openssl-sys, rust-pore, rust-routinator, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-sqv, rust-sevctl, rust-snphost, rust-tealdeer, rustup, s390utils, stalld, and vaultwarden), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk, libtasn1, mariadb, nodejs, qtbase5 & qtbase6, rootcerts, nss & firefox, thunderbird, and xrdp), Red Hat (buildah, doxygen, podman, and thunderbird), Slackware (gnutls and openssl), SUSE (bind, chromedriver, crypto-policies, krb5, firefox, flannel, go1.22, go1.23, go1.23-1.23.6-1.1, go1.24-1.24rc3-1.1, openssl-1_1, openssl-3, python311-cryptography-vectors, python311-numba, python39, rsync, tomcat, and trivy), and Ubuntu (openrefine and rsync).

The second 6.14 kernel prepatch is out fortesting.

The6.13.2,6.12.13, and6.6.76stable kernels have been released; each contains another set of importantfixes.

The BPF verifier is charged with thechallenging task of ensuring that a BPF program is safe for the kernel torun before that program is loaded. Among many other concerns, the verifiermust ensure that any kfuncs (kernel functions that have been exported toBPF programs) are called with the correct parameters and from the rightcontext. The "context" part of that enforcement is showing its age in waysthat are hurting performance; Juntong Deng has been working oninfrastructure to provide finer-grained control over when a kfunc can becalled.

Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc).

Jonathan Bryce has announced two open community meetings to hearinput on the topic of the OpenInfraFoundation migrating to the Linux Foundation. Brycewrote that the OpenInfra board has carefully evaluated its options,and sees joining the Linux Foundation as the best way forward.Like the Linux Foundation, the OpenInfra Foundation is 501(c)(6)nonprofit. According to the FAQ,OpenInfra "is in great health, financially and otherwise" witha growth in membership of about 15% in the last year. However, itsneeds in 2025 are different than when it was founded as the OpenStackFoundation in 2012.

Version 25.2 of the LibreOffice productivity suite is out. Changes includethe ability to remove all personal information from any document, supportfor ODF version1.4, a number of accessibility improvements, and more;see therelease notes for details.

Version24.10.0 of the OpenWrt router-oriented distribution has been released.Changes include an update to the 6.6 kernel, use of access control lists onlarger systems, multipath TCP support, better WiFi6 support, thebeginning of WiFi7 support, and more.

Open source is often described as a "gift economy"-anecosystem where contributors are motivated by a desire to make theworld a better place. That is, sometimes, true. However, JamesBottomley used his maintrack slot at FOSDEM 2025,on February1, to make the case that it is better to bank on theselfish motivations of individuals to drive community success than torely on their altruism.

Security updates have been issued by Debian (asterisk and chromium), Fedora (FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, and SimGear), Mageia (bind, chromium-browser-stable, python-django, and vim), Oracle (buildah, bzip2, firefox, keepalived, mariadb:10.11, and podman), Slackware (curl, mariadb, and mozilla), SUSE (cargo-audit-advisory-db-20250204 and python311-scikit-learn), and Ubuntu (ckeditor, krb5, and ruby2.7).

Inside this week's LWN.net Weekly Edition:

The Servo Rust-based renderingengine project has publishedan article summarizing its progress in2024, and plans for thefuture:

Over the past year or so, LWN has added a number of useful newfeatures for our subscribers to enhance the experience of reading andcommenting on our content. Those features are of little use, however,to readers who do not know about them. It has been more than a decadesince we last provided atour of the site-it seems that another is inorder. Walk this way for a look at the LWN kernel source database (KSDB),enhanced commenting features, EPUB downloads, and more.