LWN.net

Version6.20 of the Incus container and virtual-machine management systemhas been released. Notable changes in this release include a newstandalonecommand to add IncusOS servers to a cluster,qcow2-formattedvolumes for clustered LVM, and reverseDNS records in OVN. See the announcement for a full list ofchanges.

Version 17.1 of the GDB debugger is out. Changes include shadow-stacksupport, info threads improvements, a number of Python APIimprovements, and more, including: "Warnings and error messages nowstart with an emoji (warning sign, or cross mark) if supported by the hostcharset. Configurable." See theNEWS file for more information.

Version 4.3.0 of the security-oriented Qubes OS distribution has beenreleased. Changes include more recent distribution templates, preloadeddisposable virtual machines, and the reintroduction of the Qubes WindowsTools set. See therelease notes for more information.

Ian Jackson (along with Sean Whitton) has posted a manifesto and statusupdate to the effect that, since Git repositories have become thepreferred method to distribute source, that is how Debian should bedistributing its source packages.

At OpenSource Summit Japan 2025, Erin McKean talked about the challenges toproducing good project documentation, along with some tooling that can helpguide the process toward success. It is a problem that many projectsstruggle with and one that her employer, Google, gained a lot of experiencewith from its now-concluded Season of Docsinitiative. Through that program, more than 200 case studies ofdocumentation projects were gathered that were mined for common problemsand solutions, which led to the tools and techniques that McKean described.

John Paul Adrian Glaubitz has announcedthat loong64 is now an official architecture for Debian, and will bepart of the Debian14 ("forky") release "if everything goesalong as planned". This is a bit more than two years after the initialbootstrap of the architecture.

Security updates have been issued by Debian (chromium, dropbear, mediawiki, php8.4, python-mechanize, rails, roundcube, usbmuxd, and wordpress), Fedora (cef, chromium, fonttools, gobuster, gosec, mingw-libpng, moby-engine, mqttcli, nextcloud, pgadmin4, python-unicodedata2, uriparser, and util-linux), Mageia (php and webkit2), Oracle (binutils, curl, gcc-toolset-13-binutils, gimp, git-lfs, kernel, openssh, php:8.3, podman, python-kdcproxy, python3.12, python3.9, skopeo, and webkit2gtk3), Red Hat (rsync), Slackware (php), SUSE (alloy, busybox, chromedriver, chromium, coredns-for-k8s, duc, firefox, kernel-devel, libpng16, libruby3_4-3_4, mariadb, netty, php8, python311-tornado6, rsync, taglib, and xen), and Ubuntu (linux-oracle-5.4, linux-raspi, linux-realtime-6.14, and linux-xilinx).

The 6.19-rc2 kernel prepatch is out fortesting. "I obviously expect next week to be even quieter, with peoplebeing distracted by the holidays. So let's all enjoy taking a little break,but maybe break the boredom with some early rc testing?"

The 2025 election for members of the Linux Foundation Technical AdvisoryBoard hasconcluded; the winners are Greg Kroah-Hartman, Steven Rostedt, JuliaLawall, David Hildenbrand, and Ted Ts'o.

The FreeBSD Foundation has a blogpost about the progress it has made in 2025 on the Laptop Support& Usability Project for FreeBSD. The foundation committed$750,000 to the project in 2025 and has made progress on graphicsdrivers, Wi-Fi4 and 5 support, audio improvements, sleep states,and more.

The BPF verifier is complicated. It needs tocheck every possible path that aBPF program's execution could take. The fact that its determination of whether aBPF program is safe is based on the whole lifetime of the program, instead ofsimple local factors, means that the cause of a verificationfailure is not always obvious. Ihor Solodrai and Jordan Rome gave a presentation(slides)at the2025 Linux Plumbers Conference in Tokyo aboutthe BPF verifier visualizer that they have been buildingto make diagnosing verification failures easier.

Security updates have been issued by Debian (roundcube), Fedora (checkpointctl, containernetworking-plugins, mingw-libpng, NetworkManager, php, python3-docs, python3.13, and webkitgtk), Oracle (kernel, keylime, and libssh), and SUSE (apache2, clair, colord, flannel, gnutls, golang-github-prometheus-alertmanager, grafana, grub2, helm, ImageMagick, libpng16, netty, openssl-3, postgresql13, postgresql14, postgresql15, python36, salt, uyuni-tools, and venv-salt-minion).

Stephen Rothwell, who has maintained the kernel's linux-next integrationtree from its inception, has announced hisretirement from that role:

Linus Torvalds is famously averse to presenting prepared talks, but thewider community is always interested in what he has to say about thecondition of the Linux kernel. So, for some time now, his appearances havebeen in the form of an informal conversation with Dirk Hohndel. At the2025 Open Source Summit Japan, the pair followed that tradition for the29th time. Topics covered include the state of the development process,what Torvalds actually does, and how machine-learning tools might fit intothe kernel project.

Systemdv259 has been released. Notable changes include a new"--empower" option for run0 that provides elevatedprivileges to a user without switching to root, ability to propagate auser's home directory into a VM with systemd-vmspawn, andmore. Support for System V service scripts has been deprecated, andwill be removed in v260. See the release notes for other changes,feature removals, and deprecated features.

Greg Kroah-Hartman has announced the release of the 6.18.2, 6.17.13, and 6.12.63 stable kernels. As always, eachcontains important fixes throughout the tree. He notes that6.17.13 is the last release of the 6.17.y kernel; users areadvised to move to the 6.18.y kernel branch.

Security updates have been issued by AlmaLinux (kernel, keylime, mysql:8.4, and tomcat), Debian (c-ares and webkit2gtk), Fedora (brotli, cups, golang-github-facebook-time, nebula, NetworkManager, perl-Alien-Brotli, python-django4.2, python-django5, and vips), Red Hat (binutils, buildah, curl, go-toolset:rhel8, golang, grafana, multiple packages, php:8.3, podman, python3.12, python39:3.9, ruby:3.3, and skopeo), SUSE (buildah, cups, firefox, glib2, grub2, helm, icinga-php-library, icingaweb2, ImageMagick, imagemagick, kernel, libpng12, libpng16, mariadb, openssl-3, poppler, python39, usbmuxd, webkit2gtk3, wireshark, and xkbcomp), and Ubuntu (linux-azure-fips).

Inside this week's LWN.net Weekly Edition:

After three years of development, Linux hardware provider System76has declaredthe COSMIC desktopenvironment stable. It shipped COSMIC Epoch1 as part of thelong-awaited Pop!_OS24.04LTSrelease on December11, just in time for Linux enthusiasts tohave something to tinker with over the end-of-year holidays. With thestable release out the door, it seemed like a good time to check backin on COSMIC and see how it has evolved since the first alpha. For a firststable release of a new desktop environment, COSMIC shows a lot ofpromise and room to grow.

The Asahi Linux project has publishedits progress report following the release of Linux 6.18. This timearound the project reports progress on many fronts, includingmicrophone support for M2 Pro/Max MacBooks, work queued for Linux 6.19to support USB3 via the USB-C ports, and work to improve the AsahiLinux installation experience. The project is also enabling asadditional System Management Controller (SMC) drivers, which meansthat "the myriad voltage, current, temperature and power sensorscontrolled by the SMC will be readable using the standard hwmoninterfaces".

The Civil Infrastructure Platform(CIP) first launched in that form in April 2016, so it has atenth-anniversary celebration in its near future. At the 2025 OpenSource Summit Japan, Yoshitake Kobayashi talked about the goals of thisproject and where it is headed in the future. Supporting a Linux systemfor even one year is a challenging task; maintaining that support for adecade or more is rather more so, and a changing regulatory environmentcomplicates the task further.

Security updates have been issued by Debian (node-url-parse), Fedora (assimp, conda-build, mod_md, util-linux, and webkitgtk), Oracle (firefox), SUSE (chromium, librsvg, poppler, python311, qemu, strongswan, webkit2gtk3, wireshark, and xen), and Ubuntu (linux-azure, linux-azure-5.4, linux-azure-5.15, linux-azure-fips, and linux-raspi, linux-raspi-realtime, linux-xilinx).

Mozilla has announceda new CEO, Anthony Enzor-DeMeo. Prior to becoming CEO, Enzor-DeMeo wasgeneral manager of Firefox and led its "vision, strategy, andbusiness performance". He has publisheda blog post about taking over from interim CEO Laura Chambers, andhis plans for Mozilla and Firefox:

The final part of the 2025 Maintainers Summit was devoted to the kernel'sdevelopment process itself. There were two sessions, one on continuity andsuccession planning, and the traditional discussion, led by Linus Torvalds,on any pain points that the community is experiencing. There was not a lotthat developers were unhappy about, and there are now more explicit plans inthe works to provide a process should Torvalds abruptly become unable tofill his role.

Security updates have been issued by Debian (binwalk, glib2.0, libgd2, paramiko, and python-apt), Fedora (chromium, python3.13, python3.14, qt6-qtdeclarative, and usd), Mageia (ffmpeg, firefox, nspr, nss, and thunderbird), Oracle (kernel, mysql, mysql:8.0, mysql:8.4, ruby:3.3, wireshark, and xorg-x11-server), Red Hat (expat, mingw-expat, and rsync), SUSE (binutils, curl, glib2, gnutls, go1.24, go1.25, keylime, libmicrohttpd, libssh, openexr, postgresql15, python311, and xkbcomp), and Ubuntu (libsoup3, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-azure-6.14, linux-azure, linux-azure-6.8, linux-azure-fips, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, linux-oem-6.14, linux-raspi, and linux-realtime, linux-realtime-6.8).

Version8.16.0 of the calibreebook-management software, released on December4, includes a"Discuss with AI" feature that can be used to query various AI/LLMservices or local models about books, and ask for recommendations onwhat to read next. The feature has sparked discussion among humanusers of calibre as well, and more than a few are upset about theintrusion of AI into the software. After much pushback, it looks asthough users will get the ability to hide the feature from calibre's userinterface, but LLM-driven features are here to stay and more willlikely be added over time.

Vojtch Polaek has announcedan unofficial effort to create a Fedora-based distribution designedfor visually impaired users:

Despite depending heavily on tools, the kernel project often seems tounder-invest in the development of those tools. There has been progress inthat area, though. At the 2025 Maintainers Summit, Konstantin Ryabitsev,who is (among other things) the author of b4, led a session on waysin which the kernel's tools could be improved to make the developmentprocess more efficient and accessible.

Security updates have been issued by AlmaLinux (firefox, grafana, kernel, libsoup3, mysql8.4, and wireshark), Debian (ruby-git, ruby-sidekiq, thunderbird, and vlc), Fedora (apptainer, chromium, firefox, golangci-lint, libpng, and xkbcomp), Mageia (golang), SUSE (binutils, chromium, firefox, gegl, go1.25, govulncheck-vulndb, hauler, kernel, keylime, libpng12, pgadmin4, postgresql16, python, python-Django, python-django, python3, python311, rhino, thunderbird, unbound, and xkbcomp), and Ubuntu (usbmuxd).

Linus Torvalds released 6.19-rc1 andclosed the 6.19 merge window on December14 (Japan time), after havingpulled 12,314 non-merge commits into the mainline. Over 8,000 of thosecommits came in after our first 6.19merge-window summary was written. The second part of the merge windowwas focused on drivers, but brought in a number of other changes as well.

Linus has released 6.19-rc1, perhaps a bitearlier than expected.

Ariadne Conill isexploring a capability-based approach to privilege escalation on Linuxsystems.

The ability to write kernel code in Rust was explicitly added as anexperiment - if things did not go well, Rust would be removed again. Atthe 2025 Maintainers Summit, a session was held to evaluate the state ofthat experiment, and to decide whether the time had come to declare theresult to be a success. The (arguably unsurprising) conclusion was thatthe experiment is indeed a success, but there were some interesting pointsmade along the way.

Greg Kroah-Hartman has released the 6.18.1, 6.17.12, and 6.12.62 stablekernels. Each contains important fixes; users of those kernelsare advised to upgrade.

One of the key components in the kernel's development process is thelinux-next repository. Every day, a large number of branches, eachcontaining commits intended for the next kernel development cycle, ispulled into linux-next and integrated. If there are conflicts betweenbranches, the linux-next process will reveal them. In theory, many othertypes of problems can be found as well. Some developers feel thatlinux-next does not work as well as it could, though. At the 2025Maintainers Summit, Mark Brown, who helps to keep linux-next going, led asession on how it could be made to work more effectively.

KDE has announced therelease of KDEGear25.12. This release adds more"extractors" to the Itinerary travel-assistantapplication, improved Git support in the Kate text editor, better PDFexport in Konqueror, andmuch more. See the changelogfor all new features, improvements, and bug fixes.

Security updates have been issued by AlmaLinux (firefox, luksmeta, mysql, mysql:8.0, mysql:8.4, tomcat, and wireshark), Debian (chromium, kernel, and tzdata), Fedora (brotli, dr_libs, perl-Alien-Brotli, python-urllib3, singularity-ce, wireshark, and yarnpkg), Oracle (firefox, grafana, lasso, libsoup3, luksmeta, ruby, ruby:3.3, tomcat, and wireshark), Slackware (mozilla), SUSE (container-suseconnect, kubernetes-client, libpoppler-cpp2, postgresql14, postgresql15, and python3), and Ubuntu (c-ares, keystone, linux, linux-aws, linux-aws-5.15, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp, linux-azure, linux-azure-4.15, linux-oracle,, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-hwe-6.8, linux-oracle-6.8, linux-raspi, linux-realtime, linux-intel-iot-realtime, and python-urllib3).

Version 24.04 LTS of the Ubuntu-based Pop!_OS distribution hasbeen released with the COSMIC Desktop Environment:

Version1.92.0 of Rust has been released. This release includes a numberof stabilized APIs, emits unwind tables by default on Linux, validatesinput to #[macro_export], and much more. See the separaterelease notes for Rust,Cargo,and Clippy.

The first topic of discussion at the 2025 Maintainers Summit has been inthe air for a while: what role - if any - should machine-learning-basedtools have in the kernel development process? While there has been a fairamount of controversy around these tools, and concerns remain, it seemsthat the kernel community, or at least its high-level maintainership, iscomfortable with these tools becoming a significant part of the developmentprocess.

Security updates have been issued by Debian (ffmpeg, firefox-esr, libsndfile, and rear), Fedora (httpd, perl-CGI-Simple, and tinyproxy), Oracle (firefox, kernel, libsoup, mysql8.4, tigervnc, tomcat, tomcat9, and uek-kernel), SUSE (alloy, curl, dovecot24, fontforge, glib2, himmelblau, java-17-openjdk, java-21-openjdk, kernel, krb5, lasso, libvirt, mozjs128, mysql-connector-java, nvidia-open-driver-G07-signed-check, openssh, poppler, postgresql17, postgresql18, python-cbor2, python-Django, python310, python311-Django, runc, strongswan, tomcat11, and xwayland), and Ubuntu (binutils, libpng1.6, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-gcp, linux-hwe-6.14, linux-raspi, linux, linux-aws, linux-gcp, linux-realtime, and qtbase-opensource-src).

Inside this week's LWN.net Weekly Edition:

Let's Encrypt has publisheda retrospective that covers the decade since it published its firstpublicly trusted certificate in September 2015:

Greg Kroah-Hartman is writinga series of blog posts about Linux becoming a CertificateNumbering Authority (CNA):

Linux containers have made it reasonably easy to develop, distribute, anddeploy server applications along with all the distribution dependencies that theyneed. For example, anyone can deploy and run a Debian-based PostgreSQL container on a FedoraLinux host. Distrobox is a project that is designed tobring the cross-distribution compatibility to the desktop and allow users tomix-and-match Linux distributions without fussing with dual-booting, virtualmachines, or multiple computers. It is an ideal way to installadditional software on image-based systems, such as Fedora's Atomic Desktopsor Bazzite, and alsoprovides a convenient way to move a development environment orfavorite applications to a new system.

Security updates have been issued by AlmaLinux (abrt and kernel), Debian (libpng1.6, libsoup2.4, pdns-recursor, webkit2gtk, and wordpress), Fedora (imhex, libwebsockets, lunasvg, python3-docs, and python3.14), Mageia (python3 and webkit2), Red Hat (abrt, firefox, mysql8.4, and postgresql:15), Slackware (mozilla), SUSE (gegl, gnutls, go1.24, go1.25, libpng16-16, openssh, postgresql13, python-Jinja2, and sssd), and Ubuntu (fonttools and netty).

The topic of the Rust experiment was just discussed at the annualMaintainers Summit. The consensus among the assembled developers is thatRust in the kernel is no longer experimental - it is now a core part of thekernel and is here to stay. So the "experimental" tag will be coming off.Congratulations are in order for all of the Rust for Linux team.(Stay tuned for details in our Maintainers Summit coverage.)

The Free Software Foundation has announcedthe recipients of its 2024 (even though 2025 is almost over) Free SoftwareAwards. Andy Wingo won the award for the advancement of free software, AlxSa is the outstanding new free-software contributor, and Govdirectory takesthe award for projects of social benefit.

One of the things that has historically stood between Linux and thefabled "year of the Linux desktop" is its lack of support for videogames. Many users who would have happily abandoned Windows have,reluctantly, stayed for the video games or had to deal with dualbooting. In the past few years, though, Linux support forgames-including those that only have Windows versions-hasimproved dramatically, if one is willing to put the piecestogether. Bazzite, an image-basedFedora derivative, is a project that aims to let users play games anduse the Linux desktop with almost no assembly required.

Version146.0 of the Firefox web browser has been released. One feature ofparticular interest to Linux users is that Firefox now nativelysupports fractional scaled displays on Wayland. Firefox Labs has alsobeen made available to all users even if they opt out of telemetry orparticipating in studies. "This means more experimental featuresare now available to more people."This release also adds support for Module-Lattice-BasedKey-Encapsulation Mechanism (ML-KEM) for WebRTC. ML-KEM is"believed to be secure against attackers with large quantumcomputers". See the release notes for all changes.