Welcome to LWN.net
LWN.net is a reader-supported news site dedicated to producing the best coverage from within the Linux and free software development communities. See the LWN FAQ for more information, and please consider subscribing to gain full access and support our activities.
[$] The trouble with the new uretprobes
A "uretprobe" is a dynamic, user-space tracepoint injected by the kernel into a running process; this document tersely describes their use. Among other things, uretprobes are used by the perf utility to time function calls. The 6.11 kernel saw a significant change to uretprobes that improved their performance, but that change is also creating trouble for some users. The best way to solve the problem is not entirely clear.
[$] The first part of the 6.14 merge window
As of this writing, just over 4,300 non-merge changesets have been pulled into the mainline repository for the 6.14 release. Many of the pull requests this time around include remarks saying that activity has been relatively low this time around, presumably due to the holidays. So those 4,300 changesets are probably closer to the merge-window halfway point than usual. Much of the work merged thus far looks more like incremental improvements than major new initiatives, but there still have been a number of interesting changes in the mix.
[$] LWN.net Weekly Edition for January 23, 2025
Posted Jan 23, 2025 0:01 UTC (Thu)The LWN.net Weekly Edition for January 23, 2025 is available.
Inside this week's LWN.net Weekly Edition
- Front: Rsync vulnerability; Going mouseless; Commit IDs; 6.13 Development statistics; Python string formating; Python None-aware operators.
- Briefs: Kernel 6.13; Dillo 3.2.0; GDB 16.1; OpenVox; Wine 10.0; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] A revamped Python string-formatting proposal
The proposal to add a more general facility for string formatting to Python, which we looked at in August 2024, has changed a great deal since, so it merits another look. The changes take multiple forms: a new title for PEP 750 ("Template Strings"), a different mechanism for creating and using templates, a new Template type to hold them, and several additional authors for the PEP. Meanwhile, one controversial part of the original proposal, lazy evaluation of the interpolated values, has been changed so that it requires an explicit opt-in (via lambda); template strings are a generalization of f-strings and lazy evaluation was seen by some as a potentially confusing departure from their behavior.
[$] A mouseless tale: trying for a keyboard-driven desktop
The computer mouse is a wonderful invention, but for the past few months I've been working to use mine as little as possible for productivity and ergonomic reasons. It should not be surprising that there are quite a few open-source applications, utilities, and configuration options that are either designed to or incidentally assist in creating a keyboard-driven desktop. This includes tiling window management with PaperWM, the Vimium browser extension, Input Remapper, and more.
[$] A look at the recent rsync vulnerability
On January 14, Nick Tait announced the discovery of six vulnerabilities in rsync, the popular file-synchronization tool. While software vulnerabilities are not uncommon, the most serious one he announced allows for remote code execution on servers that run rsyncd — and possibly other configurations. The bug itself is fairly simple, but this event provides a nice opportunity to dig into it, show why it is so serious, and consider ways the open-source community can prevent such mistakes in the future.
[$] Development statistics for 6.13
The 6.13 development cycle ended on January 19 with the release of the 6.13 kernel. This cycle was, on its surface, one of the slowest we have seen in some time; the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.13 page can be consulted for a refresher on all it contains. Here, instead, we will take our usual look at where all of those changes came from.
[$] Reviving None-aware operators for Python
The idea of adding None-aware operators to Python has sprung up once again. These would make traversing structures with None values in them easier, by short-circuiting lookups when a None is encountered. Almost exactly a year ago, LWN covered the previous attempt to bring the operators to Python, but there have been periodic discussions stretching back to 2015 and possibly before. This time Noah Kim has taken up the cause. After some debate, he eventually settled on redrafting the existing PEP to have a more limited scope, which might finally see it move past the cycle of debate, resurrection, and abandonment that it has been stuck in for most of the last decade.
[$] The many names of commit 55039832f98c
The kernel is, on its face, a single large development project, but internally it is better viewed as 100 or so semi-independent projects all crammed into one big tent. Within those projects, there is a fair amount of latitude about how changes are managed, and some subsystems are using that freedom in the search for more efficient ways of working. In the end, though, all of these sub-projects have to work together and interface with kernel-wide efforts, including the stable-release and CVE-assignment processes. For some time, there has been friction between the direct rendering (DRM, or graphics) subsystem and the stable maintainers; that friction recently burst into view in a way that shows some of the limitations of how the kernel community manages patches.
LWN.net Weekly Edition for January 16, 2025
Posted Jan 16, 2025 3:51 UTC (Thu)The LWN.net Weekly Edition for January 16, 2025 is available.
Inside this week's LWN.net Weekly Edition
- Front: Chimera Linux; Vim; Page-table hardening; Modifying system calls; Ghostty 1.0; TuxFamily.
- Briefs: rsync vulnerabilities; Linux Mint 22.1; Git v2.48.0; Libvirt v11.0.0; Rust 1.84.0; RIP Helen Borrie, Paolo Mantegazza, and Bill Gianopoulos; SFC lawsuit; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
Four new stable kernels
Greg Kroah-Hartman has released the 6.12.11, 6.6.74, 6.1.127, and 5.15.177 stable kernels. They all contain important fixes, as is the usual case.
Security updates for Thursday
Security updates have been issued by AlmaLinux (redis:6), Debian (frr and git-lfs), Fedora (SDL2_sound and webkit2gtk4.0), Gentoo (firefox, GPL Ghostscript, libgsf, libuv, PHP, Qt, QtWebEngine, and Yubico pam-u2f), Mageia (chromium-browser-stable), SUSE (helmfile, nvidia-modprobe, qt6-webengine, ruby3.4-rubygem-actioncable-8.0-8.0.1-1.1, ruby3.4-rubygem-actionpack-8.0-8.0.1-1.1, ruby3.4-rubygem-actiontext-8.0-8.0.1-1.1, ruby3.4-rubygem-actionview-8.0-8.0.1-1.1, ruby3.4-rubygem-activejob-8.0-8.0.1-1.1, ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1, ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1, ruby3.4-rubygem-rails-8.0-8.0.1-1.1, and ruby3.4-rubygem-railties-8.0-8.0.1-1.1), and Ubuntu (bluez, openjpeg2, and python-django).
Zero-trust builds for FreeBSD
The FreeBSD Foundation has announced that it has undertaken a project to deliver zero-trust builds commissioned by the Sovereign Tech Agency (STA).
The Zero-Trust Build project is scheduled from Jan-Aug 2025 and centers on the FreeBSD build process, and in particular, release building. The primary goal of this work is to enable the entire release process to run without requiring root access, and that build artifacts build reproducibly – that is, that a third party can build bit-for-bit identical artifacts.
Additionally, the project aims to enhance build process documentation, ensuring that release building is straightforward and does not require specialized knowledge. The work is targeted for completion prior to the release of FreeBSD 15.0.
The Foundation says that updates should not impact users of FreeBSD release images, but it may have an impact on developers basing projects or products on FreeBSD that make modifications to its release process.
Puppet fork OpenVox makes first release
The Vox Pupuli project has
announced the first release of OpenVox, a
"soft-fork
" of the Puppet
automation framework. The intention to fork was announced
in December 2024.
OpenVox 8.11 is functionally equivalent to Puppet and should be a drop-in replacement. Be aware, of course, that even though you can type the same commands, use all the same modules and extensions, and configure the same settings, OpenVox is not yet tested to the same standard that Puppet is. [...]
Please don't use these packages on critical production infrastructures yet, unless you're comfortable with troubleshooting and reporting back on the silly errors we've made while rebranding and rebuilding.
Wine 10.0 released
Version
10.0 of the Wine Windows compatibility layer is out. "This release
represents a year of development effort and over 6,000 individual
changes
". Those changes include full support for the Arm64EC
architecture, better high-DPI display support, Wayland enabled by default,
and more.
Security updates for Wednesday
Security updates have been issued by Debian (snapcast), Fedora (python-jinja2), Mageia (rsync), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, gh, kernel, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, nvidia-open-driver-G06-signed, and pam_u2f), and Ubuntu (linux-oem-6.11 and vim).
Stable kernel 6.6.73
The series of singleton stable kernel updates continues with 6.6.73, which reverts three changes that were causing problems for users of the overlayfs filesystem.
Security updates for Tuesday
Security updates have been issued by AlmaLinux (grafana), Debian (libebml, poco, redis, sympa, tiff, and ucf), Fedora (rsync), Mageia (dcmtk, git, proftpd, and raptor2), Red Hat (grafana, iperf3, kernel, microcode_ctl, and redis), SUSE (chromium, dhcp, git, libqt5-qtwebkit, and pam_u2f), and Ubuntu (python3.10, python3.8 and python3.12).
Dillo 3.2.0 released
Version 3.2.0 of the Dillo web browser has been released about a month after its 25th anniversary. Notable new features in 3.2.0 include SVG support for math formulas, optional support for WebP images, and more.
Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, ipa, and NetworkManager), Debian (389-ds-base, busybox, libreoffice, rsync, ruby2.7, tomcat10, and tryton-server), Fedora (chromium and stb), Mageia (openafs and vim), Oracle (.NET 8.0 and .NET 9.0), SUSE (amazon-ssm-agent, chromedriver, git, golang-github-prometheus-prometheus, govulncheck-vulndb, grafana, hplip, pam_u2f, perl-Compress-Raw-Zlib, perl-IO-Compress, redis, redis7, rsync, and velociraptor), and Ubuntu (libpodofo and linux-xilinx-zynqmp).