LWN.net

Version 3.0 of the Offpunk offline-first, command-line web, Gemini, and Gopher browser has been released. Notable changes in this release include integration of the unmerdify library to "remove cruft" from web sites, the xkcdpunk standalone tool for viewing xkcd comics in the terminal, and a cookies command to enable browsing web sites (such as LWN.net) while being logged in.

Something wonderful happened on the road leading to 3.0: Offpunk became a true cooperative effort. Offpunk 3.0 is probably the first release that contains code I didn't review line-by-line. Unmerdify (by Vincent Jousse), all the translation infrastructure (by the always-present JMCS), and the community packaging effort are areas for which I barely touched the code.

So, before anything else, I want to thank all the people involved for sharing their energy and motivation. I'm very grateful for every contribution the project received. I'm also really happy to see "old names" replying from time to time on the mailing list. It makes me feel like there's an emerging Offpunk community where everybody can contribute at their own pace.

There were a lot of changes between 2.8 and 3.0, which probably means some new bugs and some regressions. We count on you, yes, you!, to report them and make 3.1 a lot more stable. It's as easy at typing "bugreport" in offpunk!

See the "Installing Offpunk" page to get started.

Sean Whitton has announced that Debian's tag2upload service is now out of beta and ready for use by Debian developers and maintainers.

During the beta we encountered only a few significant bugs. Now that we've fixed those, our rate of successful uploads is hovering around 95%. Failures are almost always due to packaging inconsistencies that older workflows don't detect, and therefore only need fixing once per package.

We don't think you need explicit approval from your co-maintainers anymore. Your upload workflows can be different to your teammates. They can be using dput, dgit or tag2upload.

LWN covered tag2upload in July 2024.

Security updates have been issued by AlmaLinux (fontforge, kernel, and osbuild-composer), Debian (debian-security-support, sudo, wireshark, xrdp, and zabbix), Fedora (bind, bind-dyndb-ldap, chromium, k9s, libgit2, mingw-glib2, node-exporter, open-vm-tools, plantuml, xorgxrdp, and xrdp), Oracle (fence-agents, image-builder, kernel, libsoup3, and osbuild-composer), Red Hat (image-builder and osbuild-composer), Slackware (openssl and p11), SUSE (chromium, cockpit-354, cockpit-machines, cockpit-machines-346, cockpit-packages, cockpit-podman, cockpit-subscriptions, govulncheck-vulndb, kubernetes-old, libsnmp45-32bit, libxml2, localsearch, micropython, opencloud-server, python-django, python-djangorestframework, python-maturin, python311-Django, python311-wheel, python315, sqlite3, and xrdp), and Ubuntu (linux-fips, linux-aws-fips, linux-gcp-fips and python-pip).

Linus has released the 6.19 kernel. "No big surprises anywhere last week, so 6.19 is out as expected - just as the US prepares to come to a complete standstill later today watching the latest batch of televised commercials."

The most significant changes in 6.19 include initial support for Intel's linear address-space separation feature, support for Arm Memory system resource Partitioning And Monitoring, the listns() system call, a reworked restartable-sequences implementation, support for large block sizes in the ext4 filesystem, some networking changes for improved memory safety, the live update orchestrator, and much more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.19 page for details.

For those wanting more machine learning in the kernel, Viacheslav Dubeyko has posted a new in-kernel library for that purpose.

What is the goal of using ML models in Linux kernel? The main goal is to employ ML models for elaboration of a logic of particular Linux kernel subsystem based on processing data or/and an efficient subsystem configuration based on internal state of subsystem. As a result, it needs: (1) collect data for training, (2) execute ML model training phase, (3) test trained ML model, (4) use ML model for executing the inference phase. The ML model inference can be used for recommendation of Linux kernel subsystem configuration or/and for injecting a synthesized subsystem logic into kernel space (for example, eBPF logic).

It is rigorously undocumented and there are no real users, so it's not entirely clear what the purpose is, but there are undoubtedly interesting things that could be done with it.

Greg Kroah-Hartman has released the 6.18.9, 6.12.69, 6.6.123, 6.1.162, 5.15.199, and 5.10.249 stable kernels. As always, each contains important fixes throughout the tree; users are advised to upgrade.

The Ardour digital-audio-workstation (DAW) project has announced the release of version 9.0.

This is a major release for the project, seeing several substantive new features that users have asked for over a long period of time. Region FX, clip recording, a touch-sensitive GUI, pianoroll windows, clip editing and more, not to mention dozens of bug fixes, new MIDI binding maps, improved GUI performance on macOS (for most) ...

We expect to get feedback on some of the major new features in this release, and plan to take that into account as we improve and refine them and the rest of Ardour going forward. We have no doubt that there will be both delight and disappointment with certain things - rather than assume that we don't know what we're doing, please leave us feedback on the forums so that Ardour gets better over time. Those of you new to our clip launching implementation might care to read up on the differences with Ableton Live.

In the coming weeks, we'll begin to sketch out what we have planned next for Ardour, in addition to responding to the feedback we get on this 9.0 release.

Control-flow integrity (CFI) is a set of techniques that make it more difficult for attackers to hijack indirect jumps to exploit a system. The Linux kernel has supported forward-edge CFI (which protects indirect function calls) since 2020, with the most recent implementation of the feature introduced in 2022. That version avoids the overhead introduced by the earlier approach by using a compiler flag (-fsanitize=kcfi) that is present in Clang but not in GCC. Now, Kees Cook has a patch set adding that support to GCC that looks likely to land in GCC 17.

The Linux From Scratch (LFS) project provides step-by-step instructions on building a customized Linux system entirely from source. Historically, the project has provided separate System V and systemd editions, which gave users a choice of init systems. Bruce Dubbs has announced the project will no longer produce the System V version:

There are two reasons for this decision. The first reason is workload. No one working on LFS is paid. We rely completely on volunteers. In LFS there are 88 packages. In BLFS there are over 1000. The volume of changes from upstream is overwhelming the editors. In this release cycle that started on the 1st of September until now, there have been 70 commits to LFS and 1155 commits to BLFS (and counting). When making package updates, many packages need to be checked for both System V and systemd. When preparing for release, all packages need to be checked for each init system.

The second reason for dropping System V is that packages like GNOME and soon KDE's Plasma are building in requirements that require capabilities in systemd that are not in System V. This could potentially be worked around with another init system like OpenRC, but beyond the transition process it still does not address the ongoing workload problem.

[...] As a personal note, I do not like this decision. To me LFS is about learning how a system works. Understanding the boot process is a big part of that. systemd is about 1678 "C" files plus many data files. System V is "22" C files plus about 50 short bash scripts and data files. Yes, systemd provides a lot of capabilities, but we will be losing some things I consider important.

The next version, 13.0, is expected in March and will only focus on systemd.

Security updates have been issued by AlmaLinux (freerdp, kernel, python3, and python3.12-wheel), Debian (alsa-lib, chromium, openjdk-25, phpunit, tomcat10, tomcat11, and tomcat9), Fedora (openqa, pgadmin4, phpunit10, phpunit11, phpunit12, phpunit8, phpunit9, and yarnpkg), Mageia (python-django), SUSE (alloy, cups, dpdk, expat, glib2, java-1_8_0-ibm, java-1_8_0-openj9, java-25-openjdk, kernel, libpainter0, libsoup, libxml2, openssl-3, python-filelock, python-wheel, python312-Django6, thunderbird, traefik2, udisks2, wireshark, and xen), and Ubuntu (glib2.0, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, python3.14, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4, and tracker-miners).

The first installment in this series introduced several data structures in the kernel's swap subsystem and described work to replace some of those with a new "swap table" structure. The work did not stop there, though; there is more modernization of the swap subsystem queued for an upcoming development cycle, and even more for multiple kernel releases after that. Once that work is done, the swap subsystem will be both simpler and faster than it is now.

Security updates have been issued by AlmaLinux (brotli, curl, kernel, python-wheel, and python3.12), Debian (containerd), Fedora (gnupg2, pgadmin4, phpunit10, phpunit11, phpunit12, phpunit8, phpunit9, and yarnpkg), Mageia (expat), Oracle (qemu-kvm and util-linux), Red Hat (kernel, kernel-rt, opentelemetry-collector, and python3.12-wheel), SUSE (abseil-cpp, dpdk, freerdp, glib2, ImageMagick, java-11-openj9, java-17-openj9, java-1_8_0-ibm, java-1_8_0-openj9, java-1_8_0-openjdk, java-21-openj9, kernel, libsoup, libsoup-3_0-0, openssl-3, patch, python-Django, rekor, rizin, udisks2, and xrdp), and Ubuntu (gh, linux, linux-aws, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-gcp, linux-oem-6.17, linux-oracle, linux-raspi, linux-realtime, linux, linux-gke, linux-gkeop, linux-hwe-6.8, linux-oracle, linux-oracle-6.8, linux-raspi, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-realtime, linux-intel-iot-realtime, and linux-realtime, linux-realtime-6.8, linux-raspi-realtime).

Inside this week's LWN.net Weekly Edition:

• Front: Sigil; Eurydice; Sub-schedulers for sched_ext; Swap table; Futex robust lists; Tyr.
• Briefs: openSUSE governance; Git 2.53.0; LibreOffice 26.2; Open Source Award; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The robust futex kernel API is a way for a user-space program to ensure that the locks it holds are properly cleaned up when it exits. But the API suffers from a number of different problems, as André Almeida described in a session in the "Gaming on Linux" microconference at the 2025 Linux Plumbers Conference in Tokyo. He had some ideas for a new API that would solve many of those problems, which he wanted to discuss with attendees; there is a difficult-to-trigger race condition that he wanted to talk about too.

Creating an ebook in EPUB format is easy, for certain values of "easy". All one really needs is a text editor, a few command-line utilities; also needed is a working knowledge of XHTML, CSS, along with an understanding of the format's structure and required boilerplate. Creating a well-formatted and attractive ebook is a bit harder. However, it can be made easier with an application custom-made for the purpose. Sigil is an EPUB editor that provides the tooling authors and publishers may be looking for.