# Tech News Digest – March 28, 2025

# Tech News Digest - 2025-03-28

> 📢 Put On 2-D Glasses Now

## [$] Making the OpenWrt One
**Category:** Linux  
**Tags:** General  
**Published:** Fri, 28 Mar 2025 16:31:36 +0000  
**TL;DR:** Here is a summary of the text in 2 sentences:

Gingerich, director of compliance at the Software Freedom Conservancy (SFC), gave a keynote speech at SCALE 22x, discussing both a specific router and its larger context. The OpenWrt One router, based on firmware from the OpenWrt project, was highlighted as an example of SFC's work in promoting software freedom and complying with GPL licenses.  
In a keynote on the final day of <a href="https://www.socallinuxexpo.org/scale/22x">SCALE 22x</a>, Denver
Gingerich said that he wanted to talk "<q>a little bit about a router and
also the big picture around that router</q>".  Gingerich is the director of
compliance at the <a href="https://sfconservancy.org/">Software Freedom
Conservancy</a> (SFC), which is the organization behind the <a href="https://openwrt.org/toh/openwrt/one">OpenWrt One</a> router that
LWN <a href="https://lwn.net/Articles/994961/">looked at</a> back in November.  The
router is, of course, based on firmware from the
<a href="https://openwrt.org/start">OpenWrt project</a>, which got its
start because of GPL-enforcement activities and is a member project at the SFC.  
[Read more](https://lwn.net/Articles/1014998/)  

## [$] The first part of the 6.15 merge window
**Category:** Linux  
**Tags:** Linux  
**Published:** Fri, 28 Mar 2025 15:08:17 +0000  
**TL;DR:** Here is a 2-sentence summary:

As of this writing, over 6,600 non-merge changesets have been pulled into the mainline kernel repository for the 6.15 release, indicating that the merge window is well underway. A number of significant changes have already been merged, and this article will summarize the key developments from the first half of the 6.15 merge window.  
As of this writing, 6,653 non-merge changesets have been pulled into the
mainline kernel repository for the 6.15 release.  This merge window is thus
well underway.  A number of significant changes have been merged so far;
read on for our summary of the first half of the 6.15 merge window.  
[Read more](https://lwn.net/Articles/1015414/)  

## Security updates for Friday
**Category:** Linux  
**Tags:** Linux  
**Published:** Fri, 28 Mar 2025 13:10:38 +0000  
**TL;DR:** Here is a 2-sentence summary:

Multiple Linux distributions have released security updates, including Debian (mercurial and opensaml), Fedora (augeas, mingw-libxslt, and nodejs-nodemon), Mageia (chromium-browser-stable), Red Hat (various packages), SUSE (apache-commons-vfs2, python3, and python36), and Ubuntu (ghostscript, linux, and several variants). These updates address various security vulnerabilities, ensuring the continued security and stability of Linux systems.  
Security updates have been issued by <b>Debian</b> (mercurial and opensaml), <b>Fedora</b> (augeas, mingw-libxslt, and nodejs-nodemon), <b>Mageia</b> (chromium-browser-stable), <b>Red Hat</b> (grafana, kernel, kernel-rt, opentelemetry-collector, and podman), <b>SUSE</b> (apache-commons-vfs2, python3, and python36), and <b>Ubuntu</b> (ghostscript, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-gkeop,
 linux-ibm, linux-intel-iotg, linux-lowlatency, linux-lowlatency-hwe-5.15,
 linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-6.11, linux-oracle,
 linux-realtime, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop,
 linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia,
 linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8, linux-aws-5.15, linux-kvm, linux-azure, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oem-6.11, linux-oem-6.8, linux-realtime, smarty, and snakeyaml).  
[Read more](https://lwn.net/Articles/1015718/)  

## Bypassing Ubuntu's user-namespace restrictions
**Category:** Linux  
**Tags:** Linux  
**Published:** Thu, 27 Mar 2025 20:51:14 +0000  
**TL;DR:** Here is a summary of the text in 2 sentences:

Ubuntu 23.10 and 24.04 LTS introduced a feature using AppArmor to restrict access to user namespaces, but Qualys has reported three ways to bypass these restrictions, allowing local users to gain full administrative capabilities within a user namespace. However, Ubuntu has clarified that these bypasses do not constitute security vulnerabilities and are simply demonstrating limitations in the existing protections against unknown Linux kernel vulnerabilities.  
<p>Ubuntu 23.10 and 24.04 LTS introduced a feature using AppArmor to
restrict access to user namespaces. Qualys has <a href="https://www.qualys.com/2025/three-bypasses-of-Ubuntu-unprivileged-user-namespace-restrictions.txt">reported</a>
three ways to bypass AppArmor's restrictions and enable local users to
gain full administrative capabilities within a user namespace. Ubuntu
has followed up with a <a href="https://discourse.ubuntu.com/t/understanding-apparmor-user-namespace-restriction/58007">post</a>
that explains the namespace-restriction feature in detail, and says
these bypasses do not constitute security vulnerabilities.</p>

<blockquote class="bq">
While a superficial observation of the application of user namespaces may indicate privileged (root level) access, this is a fictitious state that is operating as expected, with access control still mapped to the real (root namespace) user's permissions. As such, these bypasses do not enable more access than what the default Linux kernel
unprivileged user namespace feature allows in most Linux
distributions. They do, however, demonstrate limitations that we are
looking to address in order to strengthen existing protections against
as-of-yet-unknown Linux kernel vulnerabilities.
</blockquote>

<p>LWN <a href="https://lwn.net/Articles/971143/">covered</a> Ubuntu 24.04 LTS last May.</p>
<p></p>  
[Read more](https://lwn.net/Articles/1015649/)  

## Rust adopting Ferrocene Language Specification
**Category:** Linux  
**Tags:** General  
**Published:** Thu, 27 Mar 2025 19:38:51 +0000  
**TL;DR:** Here is a 2-sentence summary:

The Rust project has announced that it will adopt the Ferrocene Language Specification (FLS) as part of its ongoing specification efforts. This move aims to remove a barrier to using Rust in safety-critical systems, particularly in organizations that require official language specifications before adoption.  
<p>
One recurring criticism of Rust has been that the language has no official specification. This is a barrier to adoption in some safety-conscious organizations, as well as to writing alternate language implementations. Now, the Rust project has
<a href="https://blog.rust-lang.org/2025/03/26/adopting-the-fls.html">announced</a>
that it will be adopting the 
<a href="https://spec.ferrocene.dev/">
Ferrocene Language Specification</a> (FLS) developed by 
<a href="https://ferrous-systems.com/">Ferrous Systems</a> and maintaining it as part of the core project. While this may not satisfy die-hard standardization-process enthusiasts, it's a step toward removing another barrier to using Rust in safety-critical systems.
</p>

<blockquote class="bq">
It's in that light that we're pleased to announce that we'll be adopting the FLS into the Rust Project as part of our ongoing specification efforts. This adoption is being made possible by the gracious donation of the FLS by Ferrous Systems. We're grateful to them for the work they've done in assembling the FLS, in making it fit for qualification purposes, in promoting its use and the use of Rust generally in safety-critical industries, and now, for working with us to take the next step and to bring the FLS into the Project.
</blockquote>  
[Read more](https://lwn.net/Articles/1015636/)