lwn.net

Greg Kroah-Hartman has announced the release of the 6.16.4, 6.12.44, 6.6.103, 6.1.149, 5.15.190, 5.10.241, and 5.4.297 stable Linux kernels. Each one contains important fixes.

The GNOME project, which recently celebrated its 28th birthday, has never had a formal technical governance; progress has been driven by individuals and groups that advocated for—and worked toward—a particular goal in an ad hoc fashion. Longtime GNOME contributor Emmanuele Bassi would like to see that change by adding cross-project teams and a steering committee for the project; to that end, he gave a talk (YouTube video) at GUADEC 2025 in late July on his idea to establish some technical governance for the project. He also put together a blog post with his notes from the talk. The audience reaction was favorable, so he has followed up on the GNOME discussion forum with an RFC on governance to try to move the effort along.

Security updates have been issued by AlmaLinux (aide, firefox, kernel, and mod_http2), Debian (chromium and unbound), Fedora (mod_auth_openidc), Oracle (fence-agents and kernel), SUSE (ignition, jetty-minimal, kernel, libmozjs-128-0, matrix-synapse, postgresql13, postgresql15, postgresql16, and postgresql17), and Ubuntu (kernel).

Inside this week's LWN.net Weekly Edition:

• Front: Groklaw takeover; CRL cache sharing; browsers and XSLT; Microdot; restartable sequences; shadow-stack control
• Briefs: Android restrictions; Arch services; GhostBSD 25.02; FFmpeg 8.0; PyCon videos; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Alyssa Rosenzweig has written a blog post about her work to help ship a "great driver" for the Apple M1 GPU that supports OpenGL, Vulkan, and enables gaming with Proton.

We've succeeded beyond my dreams. The challenges I chased, I have tackled. The drivers are fully upstream in Mesa. Performance isn't too bad. With the Vulkan on Apple myth busted, conformant Vulkan is now coming to macOS via LunarG's KosmicKrisp project building on my work.

Satisfied, I am now stepping away from the Apple ecosystem. My friends in the Asahi Linux orbit will carry the torch from here.

Rosenzweig indicates her next project will be working on Intel's Xe-HPG graphics architecture. LWN covered her talk on Apple M1/M2 GPU drivers in October 2024.

The Extensible Stylesheet Language Transformations (XSLT) language is used by web browsers to style XML content to make it easily readable; XSLT is part of the HTML living standard that is maintained by the Web Hypertext Application Technology Working Group (WHATWG). Only a small fraction of web sites serve content that requires web browsers to support XSLT, in part because major browser implementations have neglected the technology over the past 25 years. Now, it seems, they would like to rid themselves of it entirely. A plan to disable XSLT in Blink (Chrome's rendering engine) and a pull request by a Google Chrome developer to remove mentions of the specification from the HTML standard have been met with opposition, but arguments in favor of XSLT have proven ineffective.

The GhostBSD project has released version 25.02 of the FreeBSD-based desktop operating system. This release brings GhostBSD up to date with FreeBSD 14.3, includes enhancements for the Software Station package management application, and introduces an "OS X-like" desktop environment based on GNUstep called Gershwin:

This early preview includes:

• GNUstep-based desktop environment with familiar OS X-style interface
• Seamless integration with GhostBSD tools through wrappers for installer, Software Station, Backup Station, and Update Station
• Support for running non-GNUstep applications alongside GNUstep apps
• Several included GNUstep applications to get you started

LWN covered GhostBSD in June 2024.

The Internet is a wonderful thing; it allows anybody to look up information of interest. Included in all of that is the history of the free-software development community; how we got to where we are says a lot about why things are the way they are and what might come next. So the takeover of Groklaw rings a loud alarm; we have been reminded that history stored on the Internet is an ephemeral thing and cannot be expected to remain available forever.

Security updates have been issued by Debian (node-cipher-base), Fedora (keylime-agent-rust and libtiff), Oracle (aide, kernel, mod_http2, pam, pki-deps:10.6, python-cryptography, python3, python3.12, and thunderbird), SUSE (cheat, ffmpeg, firebird, govulncheck-vulndb, postgresql17, tomcat, tomcat10, tomcat11, ucode-intel-20250812, and v2ray-core), and Ubuntu (binutils, gst-plugins-base1.0, gst-plugins-good1.0, and linux-raspi-realtime).

Shadow stacks are a control-flow-integrity feature designed to defend against exploits that manipulate a thread's call stack. The kernel first gained support for hardware-implemented shadow stacks, for the x86 architecture, in the 6.6 release; 64-bit Arm support followed in 6.13. This feature does not give user space much control over the allocation of shadow stacks for new threads, though; a patch series from Mark Brown may, after many attempts, finally be about to change that situation.

Security updates have been issued by Debian (ffmpeg, firebird3.0, and luajit), Fedora (chromium, python3-docs, and python3.13), Oracle (aide, firefox, glibc, libxml2, and tomcat), Red Hat (aide, git, kernel, kernel-rt, libarchive, pam, python-cryptography, python3, python3.12, and webkit2gtk3), SUSE (cmake3, ffmpeg-4, kernel, kubernetes1.18, libqt4, minikube, net-tools, pam, postgresql16, proftpd, python-urllib3, python311, python312, python36, tomcat10, tomcat11, and webkit2gtk3), and Ubuntu (nginx).

Google has announced a new set of restrictions on the ability of users to install apps on their own devices:

Starting next year, Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices. This creates crucial accountability, making it much harder for malicious actors to quickly distribute another harmful app after we take the first one down. Think of it like an ID check at the airport, which confirms a traveler's identity but is separate from the security screening of their bags; we will be confirming who the developer is, not reviewing the content of their app or where it came from.