Linux Weekly News

Miguel Ojeda has announced the posting of a new document describing policies around the use of Rust in the Linux kernel.

There has been a fair amount of confusion about what the kernel policies around Rust are, who maintains what and so on. This document tries to clarify some of these points with what, to the best of our knowledge, is the current status.

Security updates have been issued by AlmaLinux (buildah, bzip2, galera and mariadb, keepalived, kernel, kernel-rt, mariadb:10.11, mingw-glib2, and podman), Debian (ark, firefox-esr, kernel, sssd, and thunderbird), Fedora (abseil-cpp, clevis-pin-tpm2, dbus-parsec, envision, fido-device-onboard, firefox, golang-github-nvidia-container-toolkit, gotify-desktop, jpegxl, keylime-agent-rust, keyring-ima-signer, libkrun, php-phpseclib, python-cryptography, python3-docs, python3.12, python3.13, rust-afterburn, rust-cargo-vendor-filterer, rust-coreos-installer, rust-crypto-auditing-agent, rust-eif_build, rust-gst-plugin-reqwest, rust-nu, rust-oo7-cli, rust-openssl, rust-openssl-sys, rust-pore, rust-routinator, rust-rpm-sequoia, rust-sequoia-keyring-linter, rust-sequoia-octopus-librnp, rust-sequoia-policy-config, rust-sequoia-sop, rust-sequoia-sq, rust-sequoia-sqv, rust-sevctl, rust-snphost, rust-tealdeer, rustup, s390utils, stalld, and vaultwarden), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk, libtasn1, mariadb, nodejs, qtbase5 & qtbase6, rootcerts, nss & firefox, thunderbird, and xrdp), Red Hat (buildah, doxygen, podman, and thunderbird), Slackware (gnutls and openssl), SUSE (bind, chromedriver, crypto-policies, krb5, firefox, flannel, go1.22, go1.23, go1.23-1.23.6-1.1, go1.24-1.24rc3-1.1, openssl-1_1, openssl-3, python311-cryptography-vectors, python311-numba, python39, rsync, tomcat, and trivy), and Ubuntu (openrefine and rsync).

The second 6.14 kernel prepatch is out for testing.

It's Sunday afternoon, and I'm releasing the usual regularly scheduled release candidate while the rest of the US is getting ready for the biggest day in TV commercials interrupted by some kind of lawn bowling tournament.

The 6.13.2, 6.12.13, and 6.6.76 stable kernels have been released; each contains another set of important fixes.

The BPF verifier is charged with the challenging task of ensuring that a BPF program is safe for the kernel to run before that program is loaded. Among many other concerns, the verifier must ensure that any kfuncs (kernel functions that have been exported to BPF programs) are called with the correct parameters and from the right context. The "context" part of that enforcement is showing its age in ways that are hurting performance; Juntong Deng has been working on infrastructure to provide finer-grained control over when a kfunc can be called.

Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc).

Jonathan Bryce has announced two open community meetings to hear input on the topic of the OpenInfra Foundation migrating to the Linux Foundation. Bryce wrote that the OpenInfra board has carefully evaluated its options, and sees joining the Linux Foundation as the best way forward.

Like the Linux Foundation, the OpenInfra Foundation is 501(c)(6) nonprofit. According to the FAQ, OpenInfra "is in great health, financially and otherwise" with a growth in membership of about 15% in the last year. However, its needs in 2025 are different than when it was founded as the OpenStack Foundation in 2012.

While the opportunities ahead for open source to make a positive impact on the world are greater than they have ever been, the challenges are more significant as well, particularly with respect to regulations, licensing and geopolitical tensions that threaten global collaboration.

The meetings will be held on February 11 and February 13 as Zoom calls. The OpenInfra board will schedule a vote after feedback has been collected and draft governance documents have been published.

Version 25.2 of the LibreOffice productivity suite is out. Changes include the ability to remove all personal information from any document, support for ODF version 1.4, a number of accessibility improvements, and more; see the release notes for details.

Version 24.10.0 of the OpenWrt router-oriented distribution has been released. Changes include an update to the 6.6 kernel, use of access control lists on larger systems, multipath TCP support, better WiFi6 support, the beginning of WiFi7 support, and more.

Open source is often described as a "gift economy"—an ecosystem where contributors are motivated by a desire to make the world a better place. That is, sometimes, true. However, James Bottomley used his main track slot at FOSDEM 2025, on February 1, to make the case that it is better to bank on the selfish motivations of individuals to drive community success than to rely on their altruism.

Security updates have been issued by Debian (asterisk and chromium), Fedora (FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, and SimGear), Mageia (bind, chromium-browser-stable, python-django, and vim), Oracle (buildah, bzip2, firefox, keepalived, mariadb:10.11, and podman), Slackware (curl, mariadb, and mozilla), SUSE (cargo-audit-advisory-db-20250204 and python311-scikit-learn), and Ubuntu (ckeditor, krb5, and ruby2.7).

Inside this week's LWN.net Weekly Edition:

• Front: Finding concurrency bugs with sched_ext; Rust abstractions; 6.14 Merge window; Sealed system mappings; OpenSUSE board; Julia; Site tour.
• Briefs: Binutils 2.44; Firefox 135.0; Freedesktop GitLab; GNU C Library 2.41; GTK; Servo; Thunderbird updates; Sanctions; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The Servo Rust-based rendering engine project has published an article summarizing its progress in 2024, and plans for the future:

Servo main dependencies (SpiderMonkey, Stylo and WebRender) have been upgraded, the new layout engine has kept evolving adding support for floats, tables, flexbox, fonts, etc. By the end of 2024 Servo passes 1,515,229 WPT subtests (79%). Many other new features have been under active development: WebGPU, Shadow DOM, ReadableStream, WebXR, ... Servo now supports two new platforms: Android and OpenHarmony. And we have got the first experiments of applications using Servo as a web engine (like Tauri, Blitz, QtWebView, Cuervo, Verso and Moto).

Over the past year or so, LWN has added a number of useful new features for our subscribers to enhance the experience of reading and commenting on our content. Those features are of little use, however, to readers who do not know about them. It has been more than a decade since we last provided a tour of the site—it seems that another is in order. Walk this way for a look at the LWN kernel source database (KSDB), enhanced commenting features, EPUB downloads, and more.

Jake Hillion gave a presentation at FOSDEM about using sched_ext, the BPF scheduling framework that was introduced in kernel version 6.12, to help find elusive concurrency problems. In collaboration with Johannes Bechberger, he has built a scheduler that can reveal theoretically possible but unobserved concurrency bugs in test code in a few minutes. Since their scheduler only relies on mainline kernel features, it can theoretically be applied to any application that runs on Linux — although there are a number of caveats since the project is still in its early days.

Security updates have been issued by Debian (firefox-esr), Fedora (fastd, ovn, and yq), Mageia (libreoffice), Slackware (mozilla), SUSE (google-osconfig-agent, grafana, helm, and rime-schema-all), and Ubuntu (linux-azure, linux-azure-5.4, linux-lowlatency, openjdk-17, openjdk-21, openjdk-23, openjdk-8, and openjdk-lts).

Jeff Xu has been working on a patch set that makes certain mappings in a process's address space impossible to change, sealing them against tampering. This has some potential security benefits — mainly, making sure that someone cannot relocate the vsyscall and vDSO mappings — but some kernel developers haven't been impressed with the patches. While the core functionality (sealing the mappings) is sound, some of the supporting code for enabling and disabling the new feature caused concern by going against the normal design for such things. Reviewers also questioned how this feature would interact with checkpointing and with sandboxing.

Version 135.0 of the Firefox web browser has been released. Changes include more languages for the translations feature, increasing roll-out of the credit-card autofill and AI chatbot features, and (perhaps most welcome):

Firefox now includes safeguards to prevent sites from abusing the history API by generating excessive history entries, which can make navigating with the back and forward buttons difficult by cluttering the history. This intervention ensures that such entries, unless interacted with by the user, are skipped when using the back and forward buttons.

Security updates have been issued by Debian (openjdk-17), Fedora (chromium, fastd, ovn, and yq), Mageia (libxml2 and redis), Oracle (gstreamer1-plugins-base, gstreamer1-plugins-good), Red Hat (buildah, bzip2, galera, mariadb, grafana, keepalived, libsoup, mariadb:10.11, mariadb:10.5, mingw-glib2, podman, python-jinja2, and rsync), SUSE (bind, ignition, java-11-openjdk, java-17-openjdk, krb5, libxml2, openssl-1_1, orc, python-asteval, rsync, and xrdp), and Ubuntu (harfbuzz, libndp, libvpx, and opencv).

By the time that Linus Torvalds released 6.14-rc1 and closed the merge window for this development cycle, some 9,307 non-merge changesets had been pulled into the mainline repository — the lowest level of merge-window activity seen in years. There were, nonetheless, a number of interesting changes in the 5,000 commits pulled since the first-half merge-window summary was written.