Linux Weekly News
Apertis v2024 released
Apertis relies on the Debian Free Software Guidelines to ensure all software shipped is open source or, in limited cases, at least freely distributable. However, for some customers this is not enough to be able to adopt OSS solutions as in their evaluations some provisions in common licenses like the GPL-3 are at odds with regulatory constraints they are subject to. Apertis does not set to solve this decades-long debate, and instead its goal is to increase the adoption of modern, maintained OSS solutions in markets where this has historically been a challenge. To enable this, Apertis supports avoiding the use of any software under some licenses (like the [GPL v3.0 license family) on target images, while still making them fully available for development and for customers that do not share those licensing concerns. To avoid these licenses, Apertis uses more modern alternatives instead of relying on outdated and unmaintained pre-GPL-3 versions. For instance, coreutils and findutils (GPL-3+) are replaced in Apertis by rust-coreutils and rust-findutils.
Let's Encrypt sets date for ending OCSP support
In July, Let's Encrypt announced it was ending support "as soon as possible" for the Online Certificate Status Protocol (OCSP) in favor of Certificate Revocation Lists (CRLs) due to privacy concerns. The organization has now announced that it has set a timeline, and will be turning off its OCSP responders on August 6, 2025. There is additional action required for Let's Encrypt users who use the OCSP Must Staple Extension:
As of January 30, 2025, issuance requests that include the OCSP Must Staple extension will fail, unless the requesting account has previously issued a certificate containing the OCSP Must Staple extension.
As of May 7, all issuance requests that include the OCSP Must Staple extension will fail, including renewals. Please change your ACME client configuration to not request the extension.
‘Tis the Season for COSMIC Alpha 4! (System76 Blog)
System76 has announced the fourth alpha release of its Rust-based COSMIC desktop. New features in this version include the ability to set default applications, region and language settings, a new Accessibility applet, as well as support for variable refresh rate (VRR) in the cosmic-comp compositor and the display settings tool. See the blog post for a full list of fixes and performance improvements. LWN covered the first alpha release in August.
[$] Debian opens a can of username worms
It has long been said that naming things is one of the hard things to do in computer science. That may be so, but it pales in comparison to the challenge of handling usernames properly in applications. This is especially true when multiple applications are involved, and they are all supposed to agree on what characters are, and are not, allowed. The Debian project is facing that problem right now, as two user-creation utilities disagreed about which names are allowable. A plan is in place to sort this out before the release of Debian 13 ("trixie") sometime next year.
Mozilla's new branding strategy
We teamed up with global branding powerhouse Jones Knowles Ritchie (JKR) to revamp our brand and revitalize our intentions across our entire ecosystem. At the heart of this transformation is making sure people know Mozilla for its broader impact, as well as Firefox. Our new brand strategy and expression embody our role as a leader in digital rights and innovation, putting people over profits through privacy-preserving products, open-source developer tools, and community-building efforts.
Stable kernels 6.12.2, 6.11.11, and 4.19.325
You can verify it yourself by cloning the vulns.git repo at git.kernel.org and running: ./scripts/strak v4.19.325 Note, this does NOT count the hardware CVEs which kernel.org does not track, and many are sill unfixed in this kernel branch.
Security updates for Thursday
[$] LWN.net Weekly Edition for December 5, 2024
Fedora moves towards Forgejo (Fedora Magazine)
Fedora Project Leader Matthew Miller reports that the project's search to replace Pagure as its git forge is almost complete, with the Fedora Council strongly in favor of Forgejo:
The Council, currently, has a clear preference for Forgejo. This is a big decision and we don't want it to feel rushed. Therefore, we're opening this up one last time to everyone's comments. After two weeks, we'll take our formal vote — and then get on with the work!LWN looked at Forgejo in February.
Walleij: New ARM32 Security Features in v6.10
PAN is an abbreviation for the somewhat grammatically incorrect Privileged Access Never. [...]
For modern ARM32 systems with large memories configured to use LPAE nothing like PAN was available: this version of the MMU simply did not implement a PAN option.
As of the patch originally developed by Catalin Marinas, we deploy a scheme that will use the fact that LPAE has two separate translation table base registers (TTBR:s): one for userspace (TTBR0) and one for kernelspace (TTBR1).
[$] The return of RWF_UNCACHED
Hurl 6.0.0 released
Version 6.0.0 of the Hurl command-line tool has been released. Hurl is curl-powered utility that runs HTTP requests and tests defined in a plain-text Hurl file. Notable features in this release include the ability to generate dynamic values with functions, shorter syntax, and an option to export Hurl files to a list of curl commands. See the release notes for a full list of changes and downloads.
Security updates for Wednesday
[$] Rust's incremental compiler architecture
The traditional structure of a compiler forms a pipeline — parsing, type-checking, optimization, and code-generation, usually in that order. But modern programming languages have requirements that are ill-suited to such a design. Increasingly, compilers are moving toward other designs in order to support incremental compilation and low-latency responses for uses like integration into IDEs. Rust has, for the last eight years, been pursuing a particularly unusual design; in that time compile times have substantially improved, but there's still more work to be done.
Security updates for Tuesday
NixOS 24.11 released
NixOS is already known as the most up to date distribution while also being the distribution with the most packages. This release saw 8141 new packages and 20975 updated packages in Nixpkgs. We also removed 3970 packages in an effort to keep the package set maintainable and secure.
Security updates for Monday
[$] The rest of the 6.13 merge window
Kernel prepatch 6.13-rc1
Rust 1.83.0 released
This release includes several large extensions to what code running in const contexts can do. This refers to all code that the compiler has to evaluate at compile-time: the initial value of const and static items, array lengths, enum discriminant values, const generic arguments, and functions callable from such contexts (const fn).
There are also quite a few new stabilized APIs.