LWN.net

Greg Kroah-Hartman has announced the release of the 6.15.3, 6.12.34, and 6.6.94 stable kernels. Each contains arelatively large number of important fixes throughout the kernel tree.

Security updates have been issued by AlmaLinux (gvisor-tap-vsock), Debian (activemq and chromium), Fedora (kea, python-django4.2, python-django5, python-setuptools, and rust-git-interactive-rebase-tool), Oracle (ipa and kernel), Red Hat (buildah, container-tools:rhel8, containernetworking-plugins, git-lfs, go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, gvisor-tap-vsock, podman, and skopeo), Slackware (libblockdev and xorg), SUSE (gdm, gstreamer-plugins-base, ignition, kernel, pam, redis, s390-tools, screen, systemd, and xorg-x11-server), and Ubuntu (godot, golang-1.22, libblockdev, node-express, pam, samba, and udisks2).

Inside this week's LWN.net Weekly Edition:

The POSIXrealtime model, which is implemented in the Linux kernel, can ensurethat a realtime process obtains the CPU time it needs to get its job done.It can be less effective, though, when there are multiple realtimeprocesses competing for the available CPU resources. The hierarchicalconstant bandwidth server patch series, posted by Yuri Andriaccio withwork by Luca Abeni, Alessio Balsini, and Andrea Parri, is a modification tothe Linux scheduler intended to make it possible to configure systems withmultiple realtime tasks in a deterministic and correct manner.

The Lustre filesystem has a longhistory, some of which intersects with Linux. It was added to the stagingtree in 2013, but was bounced out ofstaging in 2018, due to a lack of progress and a development modelthat was incompatible with the kernel's. Lustre may be working its wayback into the kernel, though. In a filesystem-track session atthe 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit(LSFMM+BPF), Timothy Day and James Simmons led a discussion on how to getLustre into the mainline.

The KDE Project has announced thePlasma 6.4 release. New features include more flexible tilingfeatures, improvements to the Spectacle screen capture utility, anumber of accessibility enhancements, and much more. See the changelogfor a complete list of new features, enhancements, and bug fixes.

Security updates have been issued by Debian (gst-plugins-bad1.0, konsole, and libblockdev), Oracle (buildah, containernetworking-plugins, gimp, git-lfs, gvisor-tap-vsock, kernel, libvpx, podman, and skopeo), Red Hat (apache-commons-beanutils and thunderbird), Slackware (xorg), SUSE (gdm, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus, govulncheck-vulndb, grafana, kernel, Multi-Linux Manager, Multi-Linux Manager Client Tools, openssl-3, pam, python-cryptography, python-requests, python-setuptools, python3-requests, SUSE Manager Server, systemd, ucode-intel, xorg-x11-server, and xwayland), and Ubuntu (dwarfutils, mujs, node-katex, xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, and xorg-server, xwayland).

The fundamental concept of checkpoint/restore is elegant: capture aprocess's state and resurrect it later, perhaps elsewhere. Checkpointingmeticulously records a process's memory, open files, CPU state, and more into asnapshot. Restoration then reconstructs the process from this state. Thisestablished technique faces new challenges with GPU-accelerated applications,where low-latency restoration is crucial forfaulttolerance, live migration, andfast startups. Recently, the restore process for AMD GPUs has been redesigned toeliminate substantial bottlenecks.

Accessibility features and the work that goes into developing those featuresoften tend to be overlooked and are poorly understood by all but the people who actuallydepend on such features. At Fedora's annual developer conference, Flock, Luka Tyrychtr sought toimprove understanding and raise awareness about accessibility with his session on accessibilitybarriers and screen-reader functionality in GNOME. His talk provided rare insightinto the world of using and developing open-source software for visually-impairedusers-including landing important accessibility improvements inthe latest GNOME release.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, buildah, containernetworking-plugins, firefox, gstreamer1-plugins-bad-free, libsoup3, podman, skopeo, sqlite, thunderbird, unbound, valkey, varnish, and xz), Debian (webkit2gtk), Fedora (fido-device-onboard, python-django4.2, rust-git-interactive-rebase-tool, and thunderbird), Red Hat (libsoup), Slackware (libxml2), SUSE (java-11-openjdk, kernel, and wireshark), and Ubuntu (c3p0, dojo, python-django, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, and requests).

The Kubernetes project has announcedthat it will be losing its "special status" with the Slack communication platform and will bedowngraded to the free tier in a matter of days:

Version2.50.0 of the Git source-code management system has been releasedwith a long list of new user features, performance improvements, andbug fixes. See the announcement and thisGitHub blog post for details.

At the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit(LSFMM+BPF), Anna Schumaker led a discussion about implementing the NFSv4.2 WRITE_SAMEcommand in both the NFS client and server. WRITE_SAME ismeant to write large amounts of identical data (e.g. zeroes) to the serverwithout actually needing to transfer all of it over the wire. In her topicproposal, Schumaker wondered whether other filesystems needed thefunctionality, so that it should be implemented at the virtual filesystem(VFS) layer, or whether it should simply be handled as an NFS-specific ioctl().

Security updates have been issued by AlmaLinux (.NET 8.0 and .NET 9.0), Arch Linux (curl, ghostscript, go, konsole, python-django, roundcubemail, and samba), Fedora (aerc, chromium, golang-x-perf, libkrun, python3.11, python3.12, rust-kbs-types, rust-sev, rust-sevctl, valkey, and wireshark), Gentoo (Konsole and sysstat), Oracle (.NET 9.0), Red Hat (bootc, grub2, keylime-agent-rust, python3.12-cryptography, rpm-ostree, rust-bootupd, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (apache2-mod_auth_openidc, docker, grub2, java-1_8_0-openj9, kernel, less, python-Django, screen, and sqlite3), and Ubuntu (cifs-utils and modsecurity-apache).

Linus Torvalds has released 6.16-rc2,which is "admittedlyeven smaller than usual", though rc2 is not uncommonly one of the smallerrelease candidates.

The open-source mobile app OrganicMaps is used by millions of people on both the Android and iOSplatforms. In addition to featuring offline maps (generated from OpenStreetMap cartography) andturn-by-turn navigation, it also promises its users greater privacythan proprietary options. However, controversial decisions taken by theproject's leaders, feelings of disenfranchisement among contributors, andeven accusations of embezzlement have precipitated a divide in thecommunity, leading to a new fork called CoMaps.

The Radicle peer-to-peer codecollaboration project has released RadicleDesktop: a graphical interface designed to simplify more complexparts of using Radicle such as issue management and patch reviews.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, glibc, kernel, and mod_security), Fedora (chromium, gh, mingw-icu, nginx-mod-modsecurity, python3.10, python3.9, thunderbird, valkey, and yarnpkg), Oracle (.NET 8.0, .NET 9.0, glibc, grafana-pcp, kernel, libxml2, mod_security, nodejs:20, and thunderbird), SUSE (audiofile, helm, kubernetes-old, kubernetes1.23, kubernetes1.24, libcryptopp, postgresql15, thunderbird, and valkey), and Ubuntu (linux-nvidia-tegra-igx).

The last year has been a rocky one for the WordPress community. MattMullenweg-WordPress co-founder andCEO of WordPress hosting company Automattic-started a messy public spat withWPEngine in September andhas proceeded to use his control of the project's WordPress.orginfrastructure as weapons against the company, with the communitycaught in the crossfire. It is not surprising, then, that onJune6 a group of WordPress community participants announced theFederatedand Independent Repositories Package Manager (FAIR.pm) project. Itis designed to be a decentralized alternative to WordPress.org with agoal of building "public digital infrastructure that is bothresilient and fair".

The Python Software Foundation blog is carrying aset of detailed summaries from the 2025 Python Language Summit:

Version10.0 of the Rocky Linux distribution has been released. As withthe AlmaLinux 10.0release, Rocky Linux 10.0 is based on Red Hat Enterprise Linux (RHEL)10. See therelease notes for details.

Writeback for filesystems is the process of flushing the "dirty" (written)data in the page cache to storage. At the 2025 Linux Storage,Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Anuj Gupta led acombined storage and filesystem session on some work that has been doneto parallelize the writeback process. Some of the performance problemsthat have been seen with the existing single-threaded writeback came up ina session at last year's summit, where theidea of doing writeback in parallel was discussed.

Security updates have been issued by AlmaLinux (kernel), Debian (chromium, gst-plugins-bad1.0, node-tar-fs, and ublock-origin), Gentoo (Emacs, File-Find-Rule, GStreamer, GStreamer Plugins, GTK+ 3, LibreOffice, Node.js, OpenImageIO, Python, PyPy, Qt, X.Org X server, XWayland, and YAML-LibYAML), Mageia (mariadb and roundcubemail), Red Hat (go-toolset:rhel8, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, libxml2, libxslt, mod_security, nodejs:20, and perl-FCGI:0.78), Slackware (mozilla), SUSE (docker, docker-compose, iputils, kernel, libsoup, open-vm-tools, rabbitmq-server, rabbitmq-server313, wget, and yelp), and Ubuntu (libsoup2.4 and webkit2gtk).

Inside this week's LWN.net Weekly Edition:

Smatch is a GPL-licensedstatic-analysis tool for C that has a lot of specialized checks for the kernel. Smatchhas been used in the kernel for more than 20 years; DanCarpenter, its primary author, decided last year that some details of its plugin systemwere due for a rewrite. He spoke at Linaro Connect 2025 about his work onSmatch, the changes to its implementation, and how those changes enabled him to easilyadd additional checks for locking bugs in the kernel.

The "Local Mess" GitHubrepository is dedicated to the disclosure of an Android trackingexploit used by (at least) Meta and Yandex.

Security updates have been issued by AlmaLinux (glibc, grafana, kernel-rt, libjpeg-turbo, libxslt, and thunderbird), Debian (curl), Fedora (dtk6core, dtk6gui, dtk6log, dtk6widget, fcitx5-qt, gammaray, kddockwidgets, kwin, LabPlot, libqtxdg, nheko, plasma-integration, python-pyqt6, python-pyside6, qt-creator, roundcubemail, zeal, and a large number of qt6 packages), Oracle (firefox, glibc, grafana, kernel, libxslt, perl-FCGI, python3.12-cryptography, thunderbird, and zlib), SUSE (glib2, libjxl, libsoup2, nbdkit, nodejs22, perl-Crypt-OpenSSL-RSA, perl-YAML-LibYAML, python3, tomcat, and transfig), and Ubuntu (dotnet8, dotnet9 and samba).

Jean Baptiste Lallement, a member of Canonical's desktop team, hasannouncedthat Ubuntu will drop support for GNOME on X11 in the 25.10("Questing Quokka") release set for October. GNOME plans to removeX11 support in GNOME49, which is scheduled for September, soUbuntu is looking to be proactive:

The iov_iter interface is used todescribe and iterate through buffers in the kernel. David Howells led a combined storage andfilesystem session at the 2025 Linux Storage,Filesystem, Memory Management, and BPF Summit (LSFMM+BPF) to discuss waysto improve iov_iter. His topicproposal listed a few different ideas including replacing someiov_iter types and possibly allowing mixed types in chains of iov_iterentries; he would like to make the interface itself and the uses of iov_iter inthe kernel better.

The Linux kernel famously scales from the smallest of systems to massiveservers with thousands of CPUs. It was not always that way, though; theinitial version of the kernel could only manage a single processor. Thatlimitation was lifted, obviously, but single-processor machines have alwaysbeen treated specially in the scheduler. That longstanding situation maysoon come to an end, though, if this patchseries from Ingo Molnar makes it upstream.

The Open Invention Network (OIN) is celebratingits 20th anniversary.

The6.15.2,6.14.11, and6.12.33stable kernel updates have been released; each contains a relatively smallset of important fixes.Note that this is the end of the line for the 6.14.x updates; GregKroah-Hartman explains the timing of this move:

Security updates have been issued by Debian (python-django), Fedora (krb5), Mageia (cockpit, golang, kernel, and kernel-linus), SUSE (augeas, go1.23, go1.24, iputils, libwebp, transfig, and xen), and Ubuntu (amd64-microcode, apport, linux-azure, linux-azure, linux-azure-4.15, linux-azure-fips, linux-raspi, systemd, and tomcat).

The 6.16 merge windowclosed on June 8, asexpected, containing 12,899 non-merge commits. This isslightly more than the 6.15 merge window, but well in line with expectations.7,353 of those were merged afterthe summary of the first half of the mergewindow was written. More detailed statistics can be found inthe LWN kernel source database.

At Flock,Fedora's annual developer conference, held in Prague from June5to June8, two members of the Fedoradocumentation team, Petr Boko and Peter Boy, led asession on the state of Fedora documentation. The pair covered abrief history of the project's documentation since the days of FedoraCore1,challenges the documentation team faces, as well as plans to improve Fedora'sdocumentation by enticing more people to contribute.

The FreeBSD Foundationhas announceda reportfor work completed in April to improve FreeBSD support forlaptops. This includes installer updates, improved suspend/resumebehavior, as well as progress on aport of Linux6.7 and 6.8 graphics drivers to drm-kmod. Aroadmapfor the FreeBSD laptop work is also available.

Security updates have been issued by AlmaLinux (golang, nodejs22, thunderbird, and varnish), Debian (gimp, modsecurity-apache, python-tornado, and roundcube), Fedora (chromium, coreutils, fcgi, ghostscript, krb5, libvpx, mingw-gstreamer1-plugins-bad-free, mingw-libsoup, mod_security, and samba), Mageia (php-adodb, systemd, and tomcat), Red Hat (buildah, firefox, glibc, grafana, kernel, libsoup, libxslt, mod_security, perl-FCGI, podman, python-tornado, and skopeo), Slackware (libvpx), and SUSE (helm-mirror, iputils, and libraw).

Linus has released 6.16-rc1 and closed themerge window for this release.

Nyxt is an unusual webbrowser that tries to answer the question, "what if Emacs was agood web browser?". Nyxt is not an Emacs package, but a fullweb browser written in Common Lisp and available under the BSDthree-clause license. Its target audience is developers who want abrowser that is keyboard-driven and extensible; Nyxt is also developedfor Linux first, rather than Linux being an afterthought or just asliver of its audience. The philosophy (as described in its FAQ)behind the project is that users should be able to customize all ofthe browser's functionality.

The Netdev0x19 conference was held in Zagreb, Croatia from March10through March13. The organizers announcedtoday that the videos and slides for all sessions are nowonline. Topics from the conference include IRQ suspension, the futureof SO_TIMESTAMPING, remote TCP connection offloading, andmore.

The 6.16 kernel will include a number of changes to how the kernel handlesthe processing of core dumps for crashed processes. Christian Brauner explainedhis reasons for doing this work as: "Because I'm a clown and also I hadit with all the CVEs because we provide a **** API for userspace". Thehandling of core dumps has indeed been a constant source ofvulnerabilities; with luck, the 6.16 work will result in rather fewer ofthem in the future.

Security updates have been issued by AlmaLinux (go-toolset:rhel8, golang, nodejs:20, nodejs:22, openssh, and python36:3.6), Debian (edk2, libfile-find-rule-perl, and webkit2gtk), Fedora (emacs, libvpx, perl-FCGI, and seamonkey), Mageia (cifs-utils), Red Hat (containernetworking-plugins, go-toolset:rhel8, golang, gvisor-tap-vsock, krb5, mod_auth_openidc:2.3, protobuf, and thunderbird), Slackware (seamonkey), SUSE (gimp, gnutls, haproxy, opensaml, openssh, openvpn, python-cryptography, python-tornado, python311-nh3, and python311-selenium), and Ubuntu (gst-plugins-bad1.0 and linux-fips).

In a combined storage and filesystem session at the 2025 Linux Storage,Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Keith Busch leda discussion about zero-copy operations for the Filesystemin Userspace (FUSE) subsystem. The session was proposedby his colleague, David Wei, who could not make it to the summit, so Buschfilled in, though he noted that "I do not really know FUSE sowell". The idea is to eliminate data copies in the data path to andfrom the FUSE server in user space.

The European Union'sCyber Resilience Act (CRA) has caused a stir in thesoftware-development world. Thanks to advocacy by the Eclipse Foundation, OpenSource Initiative, Linux Foundation, Mozilla, and others, open-source softwareprojects generally have minimal requirements under the CRA- but nothing to do with law is ever quiteso simple. Marta Rybczyska spoke at Linaro Connect 2025 about the impact of theCRA on the open-source ecosystem, with an emphasis on the importance ofunderstanding a project's role under the CRA. She later participated in a paneldiscussion with Joakim Bech, Kate Stewart, and Mike Bursell about how the CRAwould impact embedded open-source development.

Version3.0 of the privacy-centric, open-source mobile operating systemhas been released. Notable changes in this release include improvedprivacy tools, a "find my device" feature, and more. LWN looked at /e/OS inMarch.

One of the more obscure features provided by Unix-domain sockets is theability to pass a file descriptor from one process to another. Thisfeature is often used to provide access to a specific file or networkconnection to a process running in a relatively unprivileged context. Butwhat if the recipient doesn't want a new file descriptor? A featureadded for the 6.16 release makes it possible to refuse that offer.

Security updates have been issued by Debian (chromium and mariadb-10.5), Oracle (firefox, ghostscript, git, go-toolset:ol8, golang, kernel, krb5, mingw-freetype and spice-client-win, nodejs:20, nodejs:22, perl-CPAN, python36:3.6, rsync, varnish, and varnish:6), Red Hat (firefox, thunderbird, and webkit2gtk3), Slackware (curl and python3), SUSE (apache-commons-beanutils, apache2-mod_security2, avahi, buildkit, ca-certificates-mozilla, cloud-regionsrv-client, cloud-regionsrv-client, python-toml, containerd, containerized-data-importer, cups, curl, dnsmasq, docker, elemental-operator, elemental-toolkit, expat, firefox, freetype2, gdk-pixbuf, git, glib2, glibc, gnuplot, gnutls, gpg2, gstreamer, gstreamer-plugins-base, gtk3, haproxy, helm, java-17-openjdk, java-1_8_0-openjdk, keepalived, kernel, kernel-firmware, krb5, kubevirt, less, libarchive, libcryptopp, libdb-4_8, libndp, libpcap, libsoup, libtasn1, libvirt, libX11, libxml2, libxslt, Mesa, mozilla-nss, nghttp2, nvidia-open-driver-G06-signed, opensc, openssh, openssl-3, openssl-3, libpulp, ulp-macros, orc, pam, pam_pkcs11, pam_u2f, patch, pcp, pcr-oracle, shim, perl-Crypt-OpenSSL-RSA, podman, postgresql16, procps, protobuf, python-dnspython, python-Jinja2, python-requests, python-setuptools, python-tornado6, python-urllib3, python311, python311, python-rpm-macros, qemu, rsync, runc, rust-keylime, selinux-policy, sevctl, skopeo, sssd, SUSE Manager Client Tools, systemd, thunderbird, tiff, tpm2.0-tools, tpm2-0-tss, u-boot, ucode-intel, unbound, util-linux, vim, wget, and wpa_supplicant), and Ubuntu (linux-nvidia, python-django, twitter-bootstrap3, twitter-bootstrap4, and wireshark).

Inside this week's LWN.net Weekly Edition:

Peer-to-peer DMA (P2PDMA) has been part ofthe kernel since the 4.20 release in 2018;it provides a framework that allows devices to transfer data between themselvesdirectly, without using system RAM for the transfer. At the 2025 LinuxStorage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), StephenBates led a combined storage, filesystems, and memory-management session ondevice-initiated I/O, which is perhaps what P2PDMA is evolving toward. Twoyears ago, he led a session on P2PDMA at thesummit; this year's session was a brief update on P2PDMA with a lookat where it may be heading.

Outgoing Fedora Project Leader Matthew Miller has posted an updateon Fedora's high-level plan through 2028: