Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] The many names of commit 55039832f98c
The kernel is, on its face, a single large development project, but internally it is better viewed as 100 or so semi-independent projects all crammed into one big tent. Within those projects, there is a fair amount of latitude about how changes are managed, and some subsystems are using that freedom in the search for more efficient ways of working. In the end, though, all of these sub-projects have to work together and interface with kernel-wide efforts, including the stable-release and CVE-assignment processes. For some time, there has been friction between the direct rendering (DRM, or graphics) subsystem and the stable maintainers; that friction recently burst into view in a way that shows some of the limitations of how the kernel community manages patches.
[$] LWN.net Weekly Edition for January 16, 2025
Posted Jan 16, 2025 3:51 UTC (Thu)The LWN.net Weekly Edition for January 16, 2025 is available.
Inside this week's LWN.net Weekly Edition
- Front: Chimera Linux; Vim; Page-table hardening; Modifying system calls; Ghostty 1.0; TuxFamily.
- Briefs: rsync vulnerabilities; Linux Mint 22.1; Git v2.48.0; Libvirt v11.0.0; Rust 1.84.0; RIP Helen Borrie, Paolo Mantegazza, and Bill Gianopoulos; SFC lawsuit; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] Ghostty 1.0 has been summoned
The Ghostty terminal emulator project has generated a surprising amount of interest, even before code was released to the public. This is in part due to the high profile of its creator, HashiCorp founder Mitchell Hashimoto. Its development was conducted behind closed doors for beta testing, until version 1.0 was released on December 26 under the MIT license. While far from finished, Ghostty is ready for day-to-day use and might be of interest to those who spend significant amounts of time at the command line.
[$] The slow death of TuxFamily
TuxFamily is a
French free-software-hosting service that has been in operation since
1999. It is a non-profit that accepts "any project
released under a free license
", whether that is a software license
or a free-content license, such as CC-BY-SA. It is also,
unfortunately, slowly dying due to hardware failures and lack of
interest. For example, the site's download servers are currently
offline with no plan to restore them.
[$] Modifying another process's system calls
The ptrace() system call allows a suitably privileged process to modify another in a large number of ways. Among other things, ptrace() can intercept system calls and make changes to them, but such operations can be fiddly and architecture-dependent. This patch series from Dmitry Levin seeks to improve that situation by adding a new ptrace() operation to make changes to another process's system calls in an architecture-independent manner.
[$] Chimera Linux works toward a simplified desktop
Chimera Linux is a new distribution
designed to be "simple, transparent, and easy to pick up
". The
distribution is built from scratch, and
recently announced its first beta release. While the documentation and
installation process are both a bit rough, the project already provides a
usable desktop with plenty of useful software — one built primarily on
tools adopted from BSD.
[$] The state of Vim
The death of Bram Moolenaar, Vim
founder and benevolent dictator for life (BDFL), in 2023 sent a shock
through the community, and raised concern about the future of the
project. At VimConf 2024 in
November, current Vim maintainer Christian Brabandt delivered a
keynote on "the new Vim project
" that detailed how the
community has reorganized itself to continue maintaining Vim and what
the future looks like.
[$] Page-table hardening with memory protection keys
Attacks on the kernel can take many forms; one popular exploitation path is to find a way to overwrite some memory with attacker-supplied data. If the right memory can be targeted, one well-targeted stray write is all that is needed to take control of the system. Since the system's page tables regulate access to memory, they are an attractive target for this type of attack. This patch set from Kevin Brodsky is an attempt to protect page tables (and, eventually, other data structures) using the "memory protection keys" feature provided by a number of CPU architectures.
LWN.net Weekly Edition for January 9, 2025
Posted Jan 9, 2025 0:12 UTC (Thu)The LWN.net Weekly Edition for January 9, 2025 is available.
Inside this week's LWN.net Weekly Edition
- Front: What to expect in 2025; Sequoia; Emacs in Scheme; Pony; Homa; 2024 Timeline.
- Briefs: Colliding SHAs; netdev in 2024; Gentoo retrospective; LineageOS 22.1; pkgsrc-2024Q4; RIP Steve Langasek; Firefox 134.0; Algol 68; Ruby 3.4; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
A look at the Sequoia command-line interface
The Sequoia OpenPGP library has been in development for some time. LWN covered the library in 2020. Now the project's command-line interface has been released. The sq tool offers a promising alternative to the venerable GNU Privacy Guard (GPG) tool — albeit one with a different interface, set of terminology, and approach to the web of trust. Several distributions are making increasing use of the tool behind the scenes.
Security updates for Thursday
Security updates have been issued by AlmaLinux (fence-agents, raptor2, and rsync), Debian (chromium), Fedora (rsync and seamonkey), Mageia (openjpeg2), Red Hat (tuned), Slackware (git), SUSE (dcmtk, dnsmasq, govulncheck-vulndb, libQtWebKit4, libraptor-devel, opera, python311-Pillow, python311-translate-toolkit, rsync, and SDL2_sound-devel), and Ubuntu (linux-raspi-5.4, neomutt, and python2.7).
Libvirt v11.0.0 released
Version 11.0.0 of the libvirt virtualization API has been released. Notable changes in this release include the ability to export virtiofs filesystems in read-only mode, the addition of support for vlan tagging and trunking of network interfaces with the network, qemu, and lxc drivers, as well as a number of bug fixes.
RIP Helen Borrie
We have just now received word of the passing of Helen Borrie, a longtime contributor to the Firebird relational database project.
Helen's quiet leadership and dedication left a lasting impact on Firebird and its users. Her efforts helped build not just a powerful database but also a strong, collaborative community. She will be deeply missed by all who knew her and benefited from her work.
She will be greatly missed. (Thanks to Steve Friedl.)
Linux Mint 22.1 released
Linux Mint version 22.1, a long-term-support (LTS) release with support until 2029, is now available. Notable changes in this release include a transition to Aptkit for background package management tasks, Captain to install Debian packages, and a new default theme with improved Wayland compatibility. See the release notes for known issues.
Six vulnerabilities discovered in rsync
Nick Tait announced on the oss-security mailing list that rsync, the widely used file transfer program, had a number of serious vulnerabilities. Users can mitigate all six vulnerabilities by upgrading to version 3.4.0, which was released on January 14. While all users should upgrade, servers that use rsyncd are especially impacted:
In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on.
Security updates for Wednesday
Security updates have been issued by Arch Linux (rsync), Debian (rsync), Fedora (perl-Net-OAuth and redis), Red Hat (ipa, raptor2, rsync, and tuned), Slackware (rsync), SUSE (apache2-mod_jk, git, kernel, rclone, rsync, and webkit2gtk3), and Ubuntu (git, linux-azure-5.4, pdns, pdns-recursor, python-django, rlottie, and rsync).
The people should own the town square (Mastodon Blog)
The Mastodon project has announced
that founder Eugen Rochko will be transferring "key Mastodon
ecosystem and platform components (including name and copyrights,
among other assets)
" to a new non-profit organization:
Practically Mastodon will remain headquartered in and operate from Europe primarily. We will continue day-to-day operations through the Mastodon GmbH for-profit entity, which will become wholly owned by the new European not-for-profit entity. The Mastodon GmbH entity automatically became a for-profit as a result of its charitable status being stripped away in Germany. The existing US-based non-profit entity, the 501(c)(3), will continue to function as a fundraising hub.
[...] We are in the process of a phased transition. First we are establishing a new legal home for Mastodon and transferring ownership and stewardship. We are taking the time to select the appropriate jurisdiction and structure in Europe. Then we will determine which other (subsidiary) legal structures are needed to support operations and sustainability.
Rochko has, naturally, also posted about the transition on Mastodon.social.
Security updates for Tuesday
Security updates have been issued by AlmaLinux (kernel, NetworkManager, and thunderbird), Fedora (golang-github-aws-sdk-2, golang-github-aws-smithy, golang-github-ncw-swift-2, rclone, and thunderbird), Mageia (ceph, firefox, and thunderbird), Oracle (kernel, NetworkManager, and thunderbird), Red Hat (fence-agents and raptor2), SUSE (dpdk, firefox, frr, grafana, operator-sdk, perl-Module-ScanDeps, proftpd, python311-mistune, redis, thunderbird, valkey, and yq), and Ubuntu (hplip and webkit2gtk).
IPU6 camera support status update
Hans de Goede has posted an update about his work to support IPU6 cameras on Fedora and submitting fixes upstream.
The initial IPU6 camera support landed in Fedora 41 only works on a limited set of laptops. The reason for this is that with MIPI cameras every different sensor and glue-chip like IO-expanders needs to be supported separately.
I have been working on making the camera work on more laptop models. After receiving and sending many emails and blog post comments about this I have started filing Fedora bugzilla issues on a per sensor and/or laptop-model basis to be able to properly keep track of all the work.
LWN covered the lack of IPU6 drivers in 2022.
RIP Bill Gianopoulos
The blog of the SeaMonkey project, which develops an all-in-one internet application suite based on Mozilla code, has reported the sad news of the sudden passing of Bill Gianopoulos ("WG9s") on January 6 (obituary). He was a core developer and release engineer for the project.