LWN.net

The Arch Linux project has posted anupdate about recent serviceoutages that have affected its infrastructure:

The restartable sequences feature, whichwas added to the 4.18 kernel in 2018, exists to enable better performancein certain types of threaded applications. While there are users forrestartable sequences, they tend to be relatively specialized code; this isnot a tool that most application developers reach for. Over time, though,the use of restartable sequences has grown, and it looks to grow further asthe feature is tied to new capabilities provided by the kernel. Asrestartable sequences become less of a niche feature, though, some problemshave turned up; fixing one of them may involve an ABI change visible inuser space.

Security updates have been issued by AlmaLinux (libarchive, mingw-sqlite, pki-deps:10.6, and tomcat), Debian (chromium and firefox-esr), Fedora (python3.6 and suricata), Oracle (go-toolset:rhel8, kernel, libarchive, mingw-sqlite, tomcat, and xterm), Red Hat (kernel), Slackware (mozilla), SUSE (aws-efs-utils, docker-machine-driver-kvm2, nova, pluto, polaris, and python310), and Ubuntu (ceph, gcc-10, gcc-11, gcc-12, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-hwe-6.14, linux-oem-6.14, linux-ibm, linux-intel-iotg, linux-oracle, linux-raspi, linux-iot, poppler, and tiff).

Inside this week's LWN.net Weekly Edition:

The Zig project hasannounced version 0.15.1 of the language. The release, much like thelast one, includes incremental progress toward the goal of completely dropping LLVM and improving compile time, as well as a handful of breaking changes as the language team wrestles with past API design. The biggest change this time around is to the standard library Reader and Writer interfaces, which have been completely rearranged in the name of performance and reducing unneeded copies.

Tobias Heider has writtenan article that explains changes that are coming for Ubuntu's genericArm64 desktop ISO images in the 25.10 release. The current solution,Heider says, depends on GRUB features that are unavailable in secureboot mode and require adding device-specific logic to multiplepackages. The new solution, called stubble,is derived from systemd-stub:

Greg Kroah-Hartman has announced the release of the 6.16.2, 6.15.11, and 6.12.43 stable kernels. He notes thatthis is the last release in the 6.15.y series, and recommends thatusers move to the 6.16.y kernel branch at this time.

Ken Jin welcomed EuroPython2025 attendees tohis talk entitled "Building a new tail-calling interpreter for Python", butnoted that the title really should be: "Measuring the performance ofcompilers and interpreters is really hard". Jin's efforts to switch the CPython interpreter to use tail calls,which can be optimized as regular jumps,initially seemed to produce an almost miraculous performance improvement.As his modified title suggests, the actual improvementwas rather smaller; there is still some performance improvement andthere are other benefits from the change.

Version25.8 of the LibreOffice open-source office suite has beenreleased. Notable changes include several new functions in the Calcspreadsheet application, ability to export to the PDF 2.0 format, better PowerPoint font compatibility with Impress, and significantperformance improvements. For a full list of changes, see the releasenotes on the Document Foundation wiki.

After more than two years of development, the Debian Project has released its new stable version, Debian13 ("trixie"). The release comes with the usual bounty ofupgraded packages and more than 14,000 new packages; it also debuts Advanced Package Tool(APT)3.0 as the default package manager and makes 64-bitRISC-V a supported architecture. There are few surprises with trixie,which is exactly what many Linux users are hoping for-a freeoperating system that just works as expected.

Security updates have been issued by Debian (webkit2gtk), Fedora (firefox and libarchive), Red Hat (python3.11-setuptools and python3.12-setuptools), Slackware (mozilla), SUSE (apache2-mod_security2, cairo-devel, cflow, docker, glibc, go1.25, govulncheck-vulndb, gstreamer-0_10-plugins-base, jq, kernel, libarchive, libssh, libxslt, openbao, python-urllib3, systemd, and xz), and Ubuntu (apache2, libssh, libxml2, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle-5.15, linux-realtime, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux, linux-aws, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-realtime, linux-aws-fips, linux-fips, linux-gcp-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-ibm-6.8, tomcat10, and webkit2gtk).

The Python Package Index (PyPI) has announced that it is nowchecking for expired domains to try to prevent domain-resurrectionattacks. In this type of attack, a malicious user buys an expireddomain and uses it to take over an account by resetting the passwordassociated with the email used with PyPI. Since June, PyPI hasunverified more than 1,800 email addresses after their associateddomains entered expiration phases.

Version142.0 of the firefox browser has been released. Changes include a newlink preview feature (with optional "AI-generated key points"), anda "flexible exception list" for the stricttracking protection feature that allows relaxing specific protectionson sites that otherwise will not work properly.

Statically typed programming languages can help catch mismatches between the kinds ofvalues a program is intended to manipulate, and the values it actually manipulates.While there have been many bytes spent on discussions of whether this is worththe effort, some programming language designers believe that the type checkingin current languagesdoes not go far enough.Koka, anexperimental functional programming language, extends its type systemwith aneffect system that tracks the side-effects a program will have in thecourse of producing a value.

Security updates have been issued by AlmaLinux (golang, openjpeg2, toolbox, and xterm), Debian (libxslt, mbedtls, openjdk-17, and webkit2gtk), Fedora (apptainer, mingw-gstreamer1, mingw-gstreamer1-plugins-bad-free, mingw-gstreamer1-plugins-base, mingw-gstreamer1-plugins-good, rust-h2, and uv), Oracle (golang, kernel, and openjpeg2), Red Hat (kernel and xterm), SUSE (389-ds, cairo, container-suseconnect, kernel, lua51-luajit, postgresql13, and trivy), and Ubuntu (linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime and openldap).

The JetBrains blog presents theresults of the eighth annual Python Developers Survey, carried out inpartnership with the Python Software Foundation.

The Git distributed version-controlsystem has released version 2.51, with "506 non-merge commits sincev2.50.1, contributed by 91 people, 21 of which are new faces". Itbrings multiple new features, some of which are highlighted in a poston the GitHub blog. It includes some performance improvements for multi-pack indexes(MIDXs), a way to import and export stash entries so they can be migratedmore easily, and smaller pack files:

Rebooting a computer ordinarily brings an abrupt end to any state built upby the old system; the new kernel starts from scratch. There are, however,people who would like to be able to reboot their systems withoutdisrupting the workloads running therein. Various developers are currentlypartway through the project of adding this capability, in the form of"kexec handover" and the "live update orchestrator", to the kernel.

Security updates have been issued by AlmaLinux (go-toolset:rhel8, kernel, and kernel-rt), Fedora (chromium), Oracle (libxml2), Red Hat (go-toolset:rhel8, golang, kernel, kernel-rt, openjpeg2, rsync, and tigervnc), and SUSE (apache-commons-lang3, chromedriver, fractal, framework_tool, go1.23-openssl, go1.24-openssl, grub2, gstreamer-devtools, gstreamer-plugins-rs, jasper, libavif, lighttpd, nginx, podman, postgresql13, postgresql14, postgresql15, postgresql16, python311-pypdf, ruby2.5, rust-keylime, tiff, tomcat, tomcat10, and tomcat11).

The second 6.17 kernel prepatch is out fortesting. "So it's been a very calm week, and this is one of the smallerrc2 releases we've had lately. I'm definitely not complaining, since I'vebeen jetlagged much of the week, but I have this suspicion that it justmeans that next week will see more noise."

Mitchell Hashimoto has written a blogpost about "fully embracing the GObject type system" with arewrite of the GTK version of Ghostty:

Greg Kroah-Hartman has announced the release of the6.16.1,6.15.10,6.12.42,6.6.102, and6.1.148 stable kernels. Get them while they'rehot!

The purpose of the FilesystemHierarchy Standard (FHS) is to provide a specification forfilesystem layout; it specifies the location for files and directorieson a Linux system to simplify application development for multipledistributions. In its heyday it had some success at this, but thestandard has been frozen in time since 2015, and much has changedsince then. There is a slow-moving effortto revive the FHS and create a FHS4.0, but a recent discussionamong Fedora developers also raised the possibility of standardizingon the suggestions in systemd's file-hierarchydocumentation, which has now been added to the Linux Userspace API(UAPI) Group's specifications.

Security updates have been issued by AlmaLinux (kernel and webkit2gtk3), Debian (aide and postgresql-13), Fedora (libtiff, mupdf, and pandoc), SUSE (cairo, chromium, gstreamer-plugins-base, ImageMagick, iputils, kubernetes1.23, kubernetes1.26, matrix-synapse, Mesa, pgadmin4, python3, qemu, and rz-pm), and Ubuntu (aide).

One might imagine that managing a page full of zeroes would be a relativelystraightforward task; there is, after all, no data of note that must bepreserved there. The management of the huge zero folio in the kernel,though, shows that life is often not as simple as it seems. Tradeoffsbetween conflicting objectives have driven the design of this corefunctionality in different directions over the years, but much of theassociated complexity may be about to go away.

Security updates have been issued by AlmaLinux (kernel, python3.11-setuptools, thunderbird, and toolbox), Debian (chromium), Fedora (open62541 and perl-Authen-SASL), Oracle (git, kernel, konsole, and webkit2gtk3), SUSE (framework-inputmodule-control and poppler), and Ubuntu (apache2, mysql-8.0, mysql-8.4, node-qs, request-tracker5, and ruby-sidekiq).

Inside this week's LWN.net Weekly Edition:

NGINX has announcedthe preview release of the nginx-acmemodule, which adds native support to NGINX for the AutomaticCertificate Management Environment (ACME) protocol:

Version 1.25 of Go hasbeen released. Notable changes include support for generating debuginformation in the DWARF5 format,"container awareness"when setting the maximum number of CPUs to be used, and a new testing/synctestpackage with support for testing concurrent code. See the release notes for a comprehensivelist of changes in 1.25.

Version2.0 of Syncthing, acontinuous file synchronization utility, has been released. Notablechanges in 2.0 include multiple connections for synchronizing metadataand file data, a new logging format, as well as a switch from LevelDBto SQLite for Syncthing's backend. This the first release in the 2.0series, and the release notes advise users to "expect some roughedges and keep a sense of adventure".

The Indico event-management tool hasbeen in development at CERN for twodecades at this point. The MIT-licensed web application helps organizeconferences, meetings, workshops, and so on; it runs on Python and uses the Flask web framework. Two software engineers on the project, DominicHollis and Tomas Roun, came to EuroPython2025 in Prague to talk aboutIndico, its history, and some metrics about its community. There is a bit of aconnection between Indico and the conference: in 2006 and 2007,the tool was used to manage EuroPython.

Security updates have been issued by Debian (apache2, kernel, linux-6.1, openjdk-17, and pgpool2), Fedora (glib2, matrix-synapse, openjpeg, python3-docs, and python3.13), Oracle (gdk-pixbuf2, glibc, java-1.8.0-openjdk, kernel, libxml2, python-requests, python3.11-setuptools, and thunderbird), SUSE (amber-cli, apache-commons-lang3, eclipse-jgit, go1.23, go1.24, govulncheck-vulndb, grub2, icinga2, kubernetes1.23, libgcrypt, python3, python313, sccache, slurm, tiff, and webkit2gtk3), and Ubuntu (linux-oracle).

BPF programs are loaded directly into the kernel.Even though the verifier protects the kernel from certain kinds ofmisbehavior in BPF programs, some people are still justifiably concerned aboutadding unsigned code to their kernel. A fully correct BPF program can still beused to expose sensitive data, for example.To remedy this, Blaise Boscaccy and KP Singhhave both shared patch sets that add ways to verify cryptographicsignatures of BPF programs, allowing users to configure their kernels to loadonly pre-approved BPF programs. This work follows on from thediscussion at theLinux Storage, Filesystem, Memory-Management, and BPF Summit (LSFMM+BPF)in April and Boscaccy'searlier proposal of a Linux Security Module (LSM) to accomplish the same goal.There arestill some fundamental disagreements over the best approach to signing BPFprograms, however.

The Arch Linux project isespecially well-known in the Linux community for two things: itsrolling-release model and the quality of the documentation in the ArchWiki. Nomatter which Linux distribution one uses, the odds are that eventuallythe ArchWiki's documentation will prove useful. The Debian projectrecognized this and has sought to improve its own documentation gameby inviting ArchWiki maintainers Jakub Klinkovsky and VladimirLavallade to DebConf25 inBrest, France, to speak about how Arch manages its wiki. The talk hasalready borne fruit with the launch of an effort to revamp the Debianwiki.

Version 1.3.0 ofthe Radicle distributed software forge system has been released. Changesthis time around include canonicalreferences, a new radicle-protocol crate, better log rotation,and more. (LWN looked at Radicle in 2024).

Security updates have been issued by AlmaLinux (kernel, kernel-rt, and python-requests), Debian (ca-certificates-java), Fedora (chromium, clash-meta, mingw-python3, openjpeg, php-adodb, and toolbox), Mageia (kernel and kernel-linus), SUSE (chromium, ImageMagick, libgcrypt, libssh, libxml2, opensc, postgresql14, and postgresql16), and Ubuntu (dnsmasq, linux-gcp-6.8, linux-raspi, linux-oracle-6.14, and openjdk-17).

Debian's GNU/Hurdteam has announcedthe release of Debian GNU/Hurd2025:

Richard Hughes, creator and maintainer of the Linux Vendor Firmware Service (LVFS), haswritten a blogpost about the sustainabilityplan he has put together for the service. He is calling for thevendors that use the service to help fund its development and maintenancegoing forward.

StarDict is aGPLv3-licensed cross-platform dictionary application. It includes dictionariesfor a number of languages, and has a rich plugin ecosystem. It also has aglaring security problem: while running on X11, using Debian's default configuration,it will send a user's text selections over unencrypted HTTP to two remote servers.

The 6.17-rc1 prepatch was released byLinus Torvalds on August10; the 6.17 merge window is now closed.There were 11,404 non-merge changesets pulled into the mainline this timearound, a little over 7,000 of which came in after the first-half merge-window summary waswritten. As one would expect, quite a few changes and new features wereincluded in that work.

Security updates have been issued by AlmaLinux (jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base and libxml2), Debian (distro-info-data, gnutls28, modsecurity-crs, and node-tmp), Fedora (chromium, incus, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, varnish, and xen), Red Hat (kernel, kernel-rt, and rhc), and SUSE (chromedriver, ffmpeg-4, go1.23, go1.24, go1.25, govulncheck-vulndb, himmelblau, iperf, keylime-ima-policy, net-tools, sqlite3, texmaker, tomcat, and zabbix).

Linus has released 6.17-rc1 and closed themerge window for this development cycle.

The Debian Project has released its latest stable version, Debian13("trixie"), which will be supported through 2030. This releaseincludes GNOME48, KDEPlasma6.3, Xfce4.20,Linux6.12, GCC14.2, Python3.13, andsystemd257.

CalyxOS is an Android distribution thatclaims a focus on privacy and security. So when anannouncement from the project begins by saying "we want to assureyou that we have no reason to believe the security of CalyxOS and itssigning keys have been compromised", chances are that good things arenot happening.In this case, it would appear that Nicholas Merrill, one of the founders ofthe project, has left for unclear reasons, and CalyxOS is responding bypausing all releases - and security updates - while its release process,signing keys, and security protocols are reworked. The result will be noupdates for "four to six months". The project is recommending thatits users "should uninstall the OS" and wait for an all-clearsignal. CalyxOS may have its work cut out for it when the time comes totry to convince those users to come back.

Debugging in Python is not like it is for some other languages, as there isno way to attach a debugger to a running program to try to diagnose itsills. Pablo Galindo Salgado noticed that when he started programming inPython ten years ago or so; it bugged him enough that he helped fill the hole. The results will be delivered in October with Python3.14.At EuroPython2025, hegave a characteristically fast-paced and humorous look at debugging andwhat will soon be possible for Python debugging-while comparing it all tomedical diagnosis.

Security updates have been issued by AlmaLinux (gdk-pixbuf2, glibc, kernel, kernel-rt, libxml2, and opentelemetry-collector), Fedora (firefox, mingw-opencv, moby-engine, varnish, webkitgtk, xen, and yarnpkg), Oracle (firefox, gdk-pixbuf2, glibc, kernel, libblockdev, libxml2, python-requests, python3.12-setuptools, and qt5-qt3d), Red Hat (libxml2, pcs, and sudo), and SUSE (agama, chromium, dpkg, ghostscript, iperf, kubo, libIex-3_3-32, libpoppler-cpp2, libsoup, libtiff-devel-32bit, nginx, python-urllib3, ruby2.5, tgt, traefik, and traefik2).

By some appearances, at least, the kernel community has been relativelyinsulated from the onslaught of AI-driven software-development tools.There has not been a flood of vibe-coded memory-management patches - yet.But kernel development is, in the end, software development, and thesetools threaten to change many aspects of how software development is done.In a world where companies are actively pushing their developers to usethese tools, it is not surprising that the topic is increasingly prominentin kernel circles as well. There are currently a number of ongoingdiscussions about how tools based on large language models (LLMs) fit intothe kernel-development community.

The release of Rust 1.89 has beenannounced. Changes this time includesupport for inferring the length of certain arrays, lint messages suggesting how to clarify potentially confusing uses of lifetime elision in function signatures, and improvements to the C ABI. Thefull changelog is also available.

Security updates have been issued by AlmaLinux (glibc, kernel, libxml2, python-requests, and python-setuptools), Debian (chromium), Fedora (chromium, firefox, gdk-pixbuf2, iputils, libsoup3, libssh, perl, perl-Devel-Cover, perl-PAR-Packer, polymake, and poppler), Gentoo (Composer and Spreadsheet-ParseExcel), Oracle (glibc, kernel, libxml2, python-setuptools, sqlite, and virt:rhel and virt-devel:rhel), Red Hat (libxml2), SUSE (grub2, libarchive, libgcrypt, and python311), and Ubuntu (cifs-utils and poppler).

Inside this week's LWN.net Weekly Edition: