One would assume that most LWN readers stopped running network-accessible
telnet services some number of decades ago. For the rest of you,
this security advisory from
Simon Josefsson is worthy of note:
The telnetd server invokes /usr/bin/login (normally running as
root) passing the value of the USER environment variable received
from the client as the last parameter.
If the client supplies a carefully crafted USER environment value
being the string "-f root", and passes the telnet(1) -a or --login
parameter to send this USER environment to the server, the client
will be automatically logged in as root bypassing normal
authentication processes.
Mozilla has announced
a repository with Firefox
Nightly channel packages for RPM-based Linux distributions such as CentOS
Stream, Fedora, and openSUSE. Mozilla has provided a Debian repository
since 2023.
Note that this repository only includes the nightly builds of The
firefox-nightly package. Mozilla is not providing stable
builds as RPMs at this time. However, the package will not conflict
with a distribution's regular firefox package; both packages
can be installed at the same time for those who wish to test the
nightly builds. See the blog post for instructions on setting up the
repository.
Version:next-20260120 (linux-next)
Released:2026-01-20
LWN has had a number of articles on immutable distributions,
such as Bluefin and
Bazzite, in recent years. These distributions have taken a variety of approaches, including
using
rpm-ostree, filesystem snapshots, and
bootable container (bootc) images. But those
approaches, especially the latter, lead to extra complexity for a user
attempting to install new software, instead of just
using the existing package manager.
AshOS (Any Snapshot Hierarchical OS) is an experimental AGPL-3-licensed
"meta-distribution" that tried a different approach more in line with
traditional package management. Although the project is no longer updated,
it remains usable, and can still shed some light on a potential alternate path for users
worried about adopting bootc-based approaches.
Security updates have been issued by AlmaLinux (gpsd-minimal, jmc, kernel, kernel-rt, and net-snmp), Debian (apache-log4j2 and dcmtk), Fedora (exim, gpsd, mysql8.0, mysql8.4, python-biopython, and rust-lru), Mageia (firefox, nss and thunderbird), Oracle (container-tools:rhel8, gpsd-minimal, jmc, kernel, net-snmp, and uek-kernel), Red Hat (net-snmp), SUSE (chromium, go, harfbuzz-devel, kernel, libsoup, rust1.91, rust1.92, and thunderbird), and Ubuntu (apache2, avahi, and python-urllib3).
CentOS as a group is a community of open source contributors and users which started in 2003 and has been sponsored by Red Hat since 2014. CentOS Linux versions up to CentOS Linux 8 are 100% compatible rebuilds of Red Hat Enterprise Linux, in full compliance with Red Hat's redistribution requirements. In 2020 it was announced CentOS Linux is being discontinued and replaced with CentOS Stream, a developer-focused distribution which acts as a middle-stream between Fedora and Red Hat Enterprise Linux.
Version:next-20260119 (linux-next)
Released:2026-01-19
OzLabs is a collection of Australian
free-software developers that was, for most of its history, associated with
IBM. Members of OzLabs have included Hugh Blemings, Michael Ellerman, Ben
Herrenschmidt, Greg Lehey, Paul Mackerras, Martin Pool, Stephen Rothwell,
Rusty Russell, and Andrew Tridgell, among others. The
OzLabs "about" page notes that, as
of January 2026, the last remaining OzLabs members have departed IBM.
"This brought to a close the Ozlabs association with IBM". Thus
ends a quarter-century of development history.
(Thanks to Jon Masters).
4MLinux is a miniature Linux distribution focusing on four capabilities: maintenance (as a system rescue live CD), multimedia (for playing video DVDs and other multimedia files), miniserver (using the inetd daemon), and mystery (providing several small Linux games). The distribution includes support for booting on UEFI-enabled machines.
PostgreSQL contributor Robert Haas has published
a blog post that breaks down code contributions to PostgreSQL in
2025.
I calculate that, in 2025, there were 266 people who were the
principal author of at least one PostgreSQL commit. 66% of the new
lines of code where contributed by one of 26 people, and 90% of the
lines of new code were contributed by one of 67 people.
Contributions to the project seem to be on the upswing; in his analysis
of development in 2024, there were 229 people who were the primary
authors of a commit, and 66% of new lines of code were contributed by
one of 18 people. The raw
data is also available.
The
io_uring
subsystem is more than an asynchronous I/O interface for Linux; it is,
for all practical purposes, an independent system-call API. It has enabled
high-performance applications, but it also brings challenges for code built
around classic, Unix-style system calls. For example, the
seccomp()
sandboxing mechanism does not work with it, causing applications using
seccomp() to disable io_uring outright. Io_uring maintainer Jens
Axboe is seeking to improve that situation with a rapidly evolving patch
series adding a new restrictive mechanism to that subsystem.
Version
11.0 of the Wine Windows compatibility layer is out. "This
release represents a year of development effort, around 6,300
individual changes, and more than 600 bug fixes." The most notable
changes in this release are support for the NTSync Linux kernel module
(when available), and the completion of the Windows 32-bit on Windows 64-bit (WoW64) architecture that was announced as experimental in Wine 9.0.
Greg Kroah-Hartman has released the
5.15.198, and
5.10.248 stable kernels. As usual, each
contains important fixes throughout the tree; users are advised to
upgrade.
Security updates have been issued by AlmaLinux (cups, libpq, libsoup3, podman, and postgresql16), Debian (ffmpeg, gpsd, python-urllib3, and thunderbird), Fedora (chromium, foomuuri, forgejo, freerdp, harfbuzz, libtpms, musescore, python-biopython, and python3.12), Mageia (gimp, libpng, nodejs, and python-urllib3), and SUSE (alloy, avahi, bind, chromedriver, chromium, cpp-httplib, docker, erlang, fluidsynth, freerdp, go-sendxmpp, govulncheck-vulndb, kernel, libwireshark19, NetworkManager-applet-l2tp, python, python311-virtualenv, thunderbird, and zk).
deepin (formerly, Deepin, Linux Deepin, Hiweed GNU/Linux) is a Debian-based distribution (it was Ubuntu-based until version 15 released in late 2015) that aims to provide an elegant, user-friendly and reliable operating system. It does not only include the best the open source world has to offer, but it has also created its own desktop environment called DDE or Deepin Desktop Environment which is based on the Qt 5 toolkit. Deepin focuses much of its attention on intuitive design. Its home-grown applications, like Deepin Software Centre, DMusic and DPlayer are tailored to the average user. Being easy to install and use, deepin can be a good Windows alternative for office and home use.
MX Linux, a desktop-oriented Linux distribution based on Debian's "Stable" branch, is a cooperative venture between the antiX and former MEPIS Linux communities. Using Xfce as the default desktop (with separate KDE Plasma and Fluxbox editions also available), it is a mid-weight operating system designed to combine an elegant and efficient desktop with simple configuration, high stability, solid performance and medium-sized footprint.
HackerOS is a live Linux distribution based on Debian's "Testing" branch and designed for regular users, gamers and cybersecurity enthusiasts. Some of its features include an optimised XanMod Linux kernel for faster boot times and reduced resource usage, out-of-the-box support for NVIDIA graphics cards, and a collection of cybersecurity tools, such as enhanced firewalls and intrusion detection software. The distribution uses the KDE Plasma desktop.
Linus has released
6.19-rc6 for testing.
"So we finally ended up with a slightly bigger rc than usual for this
stage in the release cycle, but it's not _that_ big, and things still seem
quite stable and civilized."
Pages
