Linux Weekly News

Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim).

Miguel Ojeda gave a keynote at FOSDEM 2025 about the history of the Rust-for-Linux project, and the current attitude of people in the kernel community toward the experiment. Unlike his usual talks, this talk didn't focus so much on the current state of the project, but rather on discussing history and predictions for the future. He ended up presenting quotes from more than 30 people involved in kernel development about what they thought of the project and expected going forward.

Version 1.4.0 of Arti, the Tor Project's next-generation Tor client written in Rust, has been released. Notable improvements in this release include a new RPC interface, and preparatory work toward service-side onion service denial-of-service resistance. The release is dedicated to the memory of Jérémy Bobbio, better known by many as "Lunar". For full details on the release, see the changelog.

Miguel Ojeda has announced the posting of a new document describing policies around the use of Rust in the Linux kernel.

There has been a fair amount of confusion about what the kernel policies around Rust are, who maintains what and so on. This document tries to clarify some of these points with what, to the best of our knowledge, is the current status.

Security updates have been issued by AlmaLinux (buildah, bzip2, galera and mariadb, keepalived, kernel, kernel-rt, mariadb:10.11, mingw-glib2, and podman), Debian (ark, firefox-esr, kernel, sssd, and thunderbird), Fedora (abseil-cpp, clevis-pin-tpm2, dbus-parsec, envision, fido-device-onboard, firefox, golang-github-nvidia-container-toolkit, gotify-desktop, jpegxl, keylime-agent-rust, keyring-ima-signer, libkrun, php-phpseclib, python-cryptography, python3-docs, python3.12, python3.13, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-crypto-auditing-agent, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-oo7-cli, rust-openssl, rust-openssl-sys, rust-pore, rust-routinator, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-sqv, rust-sevctl, rust-snphost, rust-tealdeer, rustup, s390utils, stalld, and vaultwarden), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk, libtasn1, mariadb, nodejs, qtbase5 & qtbase6, rootcerts, nss & firefox, thunderbird, and xrdp), Red Hat (buildah, doxygen, podman, and thunderbird), Slackware (gnutls and openssl), SUSE (bind, chromedriver, crypto-policies, krb5, firefox, flannel, go1.22, go1.23, go1.23-1.23.6-1.1, go1.24-1.24rc3-1.1, openssl-1_1, openssl-3, python311-cryptography-vectors, python311-numba, python39, rsync, tomcat, and trivy), and Ubuntu (openrefine and rsync).

The second 6.14 kernel prepatch is out for testing.

It's Sunday afternoon, and I'm releasing the usual regularly scheduled release candidate while the rest of the US is getting ready for the biggest day in TV commercials interrupted by some kind of lawn bowling tournament.

The 6.13.2, 6.12.13, and 6.6.76 stable kernels have been released; each contains another set of important fixes.

The BPF verifier is charged with the challenging task of ensuring that a BPF program is safe for the kernel to run before that program is loaded. Among many other concerns, the verifier must ensure that any kfuncs (kernel functions that have been exported to BPF programs) are called with the correct parameters and from the right context. The "context" part of that enforcement is showing its age in ways that are hurting performance; Juntong Deng has been working on infrastructure to provide finer-grained control over when a kfunc can be called.

Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc).

Jonathan Bryce has announced two open community meetings to hear input on the topic of the OpenInfra Foundation migrating to the Linux Foundation. Bryce wrote that the OpenInfra board has carefully evaluated its options, and sees joining the Linux Foundation as the best way forward.

Like the Linux Foundation, the OpenInfra Foundation is 501(c)(6) nonprofit. According to the FAQ, OpenInfra "is in great health, financially and otherwise" with a growth in membership of about 15% in the last year. However, its needs in 2025 are different than when it was founded as the OpenStack Foundation in 2012.

While the opportunities ahead for open source to make a positive impact on the world are greater than they have ever been, the challenges are more significant as well, particularly with respect to regulations, licensing and geopolitical tensions that threaten global collaboration.

The meetings will be held on February 11 and February 13 as Zoom calls. The OpenInfra board will schedule a vote after feedback has been collected and draft governance documents have been published.

Version 25.2 of the LibreOffice productivity suite is out. Changes include the ability to remove all personal information from any document, support for ODF version 1.4, a number of accessibility improvements, and more; see the release notes for details.

Version 24.10.0 of the OpenWrt router-oriented distribution has been released. Changes include an update to the 6.6 kernel, use of access control lists on larger systems, multipath TCP support, better WiFi6 support, the beginning of WiFi7 support, and more.

Open source is often described as a "gift economy"—an ecosystem where contributors are motivated by a desire to make the world a better place. That is, sometimes, true. However, James Bottomley used his main track slot at FOSDEM 2025, on February 1, to make the case that it is better to bank on the selfish motivations of individuals to drive community success than to rely on their altruism.

Security updates have been issued by Debian (asterisk and chromium), Fedora (FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, and SimGear), Mageia (bind, chromium-browser-stable, python-django, and vim), Oracle (buildah, bzip2, firefox, keepalived, mariadb:10.11, and podman), Slackware (curl, mariadb, and mozilla), SUSE (cargo-audit-advisory-db-20250204 and python311-scikit-learn), and Ubuntu (ckeditor, krb5, and ruby2.7).

Inside this week's LWN.net Weekly Edition:

• Front: Finding concurrency bugs with sched_ext; Rust abstractions; 6.14 Merge window; Sealed system mappings; OpenSUSE board; Julia; Site tour.
• Briefs: Binutils 2.44; Firefox 135.0; Freedesktop GitLab; GNU C Library 2.41; GTK; Servo; Thunderbird updates; Sanctions; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The Servo Rust-based rendering engine project has published an article summarizing its progress in 2024, and plans for the future:

Servo main dependencies (SpiderMonkey, Stylo and WebRender) have been upgraded, the new layout engine has kept evolving adding support for floats, tables, flexbox, fonts, etc. By the end of 2024 Servo passes 1,515,229 WPT subtests (79%). Many other new features have been under active development: WebGPU, Shadow DOM, ReadableStream, WebXR, ... Servo now supports two new platforms: Android and OpenHarmony. And we have got the first experiments of applications using Servo as a web engine (like Tauri, Blitz, QtWebView, Cuervo, Verso and Moto).

Over the past year or so, LWN has added a number of useful new features for our subscribers to enhance the experience of reading and commenting on our content. Those features are of little use, however, to readers who do not know about them. It has been more than a decade since we last provided a tour of the site—it seems that another is in order. Walk this way for a look at the LWN kernel source database (KSDB), enhanced commenting features, EPUB downloads, and more.

Jake Hillion gave a presentation at FOSDEM about using sched_ext, the BPF scheduling framework that was introduced in kernel version 6.12, to help find elusive concurrency problems. In collaboration with Johannes Bechberger, he has built a scheduler that can reveal theoretically possible but unobserved concurrency bugs in test code in a few minutes. Since their scheduler only relies on mainline kernel features, it can theoretically be applied to any application that runs on Linux — although there are a number of caveats since the project is still in its early days.

Security updates have been issued by Debian (firefox-esr), Fedora (fastd, ovn, and yq), Mageia (libreoffice), Slackware (mozilla), SUSE (google-osconfig-agent, grafana, helm, and rime-schema-all), and Ubuntu (linux-azure, linux-azure-5.4, linux-lowlatency, openjdk-17, openjdk-21, openjdk-23, openjdk-8, and openjdk-lts).

Jeff Xu has been working on a patch set that makes certain mappings in a process's address space impossible to change, sealing them against tampering. This has some potential security benefits — mainly, making sure that someone cannot relocate the vsyscall and vDSO mappings — but some kernel developers haven't been impressed with the patches. While the core functionality (sealing the mappings) is sound, some of the supporting code for enabling and disabling the new feature caused concern by going against the normal design for such things. Reviewers also questioned how this feature would interact with checkpointing and with sandboxing.