Attacks on the kernel can take many forms; one popular exploitation path is to find a way to overwrite some memory with attacker-supplied data. If the right memory can be targeted, one well-targeted stray write is all that is needed to take control of the system. Since the system's page tables regulate access to memory, they are an attractive target for this type of attack. This patch set from Kevin Brodsky is an attempt to protect page tables (and, eventually, other data structures) using the "memory protection keys" feature provided by a number of CPU architectures.

The 6.12.9, 6.6.70, 6.1.124, 5.15.176, 5.10.233, and 5.4.289 stable kernels have been released. As usual, they contain important fixes all over the kernel tree.

Security updates have been issued by AlmaLinux (cups, kernel, and kernel-rt), Debian (chromium, firefox-esr, and webkit2gtk), Fedora (curl, firefox, gimp, mupdf, openjpeg2, and valkey), Red Hat (389-ds-base, cups, firefox, iperf3, kernel, kernel-rt, libreswan, python3.11-urllib3, thunderbird, and webkit2gtk3), Slackware (firefox, seamonkey, and thunderbird), SUSE (apptainer, firefox-esr, libopenjp2-7, libruby3_4-3_4, openjpeg2, and tomcat10), and Ubuntu (firefox, linux-azure, linux-azure, linux-azure-4.15, linux-azure, linux-azure-6.8, linux-azure, linux-intel-iotg-5.15, linux-azure-5.15, python2.7, thunderbird, and xfpt).

Inside this week's LWN.net Weekly Edition:

• Front: What to expect in 2025; Sequoia; Emacs in Scheme; Pony; Homa; 2024 Timeline.
• Briefs: Colliding SHAs; netdev in 2024; Gentoo retrospective; LineageOS 22.1; pkgsrc-2024Q4; RIP Steve Langasek; Firefox 134.0; Algol 68; Ruby 3.4; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The Sequoia OpenPGP library has been in development for some time. LWN covered the library in 2020. Now the project's command-line interface has been released. The sq tool offers a promising alternative to the venerable GNU Privacy Guard (GPG) tool — albeit one with a different interface, set of terminology, and approach to the web of trust. Several distributions are making increasing use of the tool behind the scenes.

The Tor Project has published a review of major milestones from 2024, including merging with the Tails project, work to enable human-friendly .onion addresses, and the launch of WebTunnel:

By mimicking common internet protocols, WebTunnel improves the resilience of the Tor network in regions with heavy censorship. And since its launch earlier this year, we've made sure to prioritize small download sizes for more convenient distribution and simplified the support of uTLS integration further mimicking the characteristics of more widespread browsers. This makes Webtunnel safe for general users because it helps conceal the fact that a tool like Tor is being used.

The pkgsrc developers have announced the 2024Q4 branch of the pkgsrc cross-platform packaging system. It is the default package manager for NetBSD, SmartOS, and is available for Linux as well. This marks the 85th quarterly release of pkgsrc:

Since the pkgsrc-2024Q3 release, 110 packages were added, 1580 packages were updated (with 2399 updates, including language-specific updates: 24 Go, 3 OCaml, 66 Perl, 5 PHP, 626 Python, 282 Ruby, 44 TeX). 33 packages were removed.

Security updates have been issued by Fedora (firefox, mupdf, and php-tcpdf), SUSE (etcd, file-roller, gtk3, kernel, python-django-ckeditor, rubygem-json-jwt, and tomcat10), and Ubuntu (ffmpeg, HTMLDOC, linux-aws, linux-raspi, linux-gke, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, and tinyproxy).

Kernel networking maintainer Jakub Kicinski reviews progress in the networking subsystem in 2024.

Work on relieving the rtnl_lock pressure has continued throughout the year. The rtnl_lock is often mentioned as one of the biggest global locks in the kernel, as it protects all of the network configuration and state. The efforts can be divided into two broad categories – converting read operations to rely on RCU protection or other fine grained locking (v6.9, v6.10), and splitting the lock into per-network namespace locks (preparations for which started in v6.13).

Gentoo Linux has published a project retrospective that looks at the major improvements and news from 2024, the Gentoo Foundation's finances, and contributions to Gentoo by the numbers.

The number of commits to the main ::gentoo repository has remained at an overall high level in 2024, with a 2.4% increase from 121000 to 123942. The number of commits by external contributors has grown strongly from 10708 to 12812, now across 421 unique external authors.

The importance of GURU, our user-curated repository with a trusted user model, as entry point for potential developers, is clearly increasing as well. We have had 7517 commits in 2024, a strong growth from 5045 in 2023. The number of contributors to GURU has increased a lot as well, from 158 in 2023 to 241 in 2024. Please join us there and help packaging the latest and greatest software.

In the past, LWN had a tradition of publishing a timeline of notable events from the previous year in early January. We thought we might try reviving that tradition in 2025 to see if our readers find it useful. While we have covered these events as they happened, it's interesting to see how much has taken place in just 12 months.

Version 134.0 of the Firefox browser has been released. Changes include support for touchpad hold gestures on Linux, a refreshed layout for the New Tab page for users in the US and Canada, and improved support for debugging web extensions.

Security updates have been issued by AlmaLinux (python-requests), Oracle (python-requests), SUSE (python-Jinja2 and rizin), and Ubuntu (ceph, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-lts-xenial, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi, linux-aws, linux-kvm, linux-hwe-6.8, linux-intel-iotg, linux-oem-6.11, linux-raspi-5.4, and salt).

During EmacsConf 2024, which was held online in early December 2024, Ramin Honary gave a talk about Project Gypsum, which is his effort to rewrite Emacs in Scheme. Unlike most other Emacs clones, which simply replicate the key bindings, Gypsum is also implementing Emacs Lisp (or Elisp). Honary is initially targeting Guile, which is an implementation of Scheme, but wants to make the code portable to any implementation of R7RS Scheme.

From the Ubuntu Discourse instance comes the sad news that longtime Debian and Ubuntu contributor Steve Langasek has passed away.

Steve passed away at the dawn of 2025. His time was short but remarkable. He will forever remain an inspiration. Judging by the outpouring of feelings this week, he is equally missed and mourned by colleagues and friends across the open source landscape, in particular in Ubuntu and Debian where he was a great mind, mentor and conscience.

Security updates have been issued by Fedora (ofono and webkitgtk), Mageia (ruby and virtualbox & kmod-virtualbox), Red Hat (oci-seccomp-bpf-hook and runc), SUSE (corepack22, dpdk, libpoppler-cpp1, pcp, python-Jinja2, and sysstat), and Ubuntu (tinyproxy).

Linus has released 6.13-rc6 for testing.

So we had a slight pickup in commits this last week, but as expected and hoped for, things were still pretty quiet. About twice as many commits as the holiday week, but that's still not all that many.

I expect things will start becoming more normal now that people are back from the holidays and are starting to recover and wake up from their food comas.

The Pony programming language is dedicated to exploring how to make high-performance actor-based systems. Started in 2014, the language's most notable feature is probably reference capabilities, a system of pointer annotations that gives the developer fine manual control over how data is shared between actors, while simultaneously ensuring that Pony programs don't have data races. The language is not likely to overtake other more popular programming languages, but its ideas could be useful for other languages or frameworks struggling with concurrent data access.

Security updates have been issued by Debian (linux-6.1), Fedora (iwd and libell), Red Hat (python-requests), and SUSE (velero).

We are reliably informed by the calendar that yet another year has begun. That can only mean one thing: the time has come to go out on a limb with a series of ill-advised predictions that are almost certainly not how the year will actually go. We have to try; it's traditional, after all. Read on for our view of what's coming and how it may play out.