Feed lwn LWN.net

Favorite IconLWN.net

Link https://lwn.net/
Feed http://lwn.net/headlines/rss
Updated 2025-10-02 20:00
[$] Kernel hackers at Cauldron, 2025 edition
The GNU Tools Cauldron is almost entirely focused on user-space tools, butkernel developers need a solid toolchain too. In what appears to be adeveloping tradition (started in 2024),some kernel developers attended the 2025 Cauldron for thesecond year in a row to discuss their needs with the assembled toolchaindevelopers. Topics covered in this year's gathering include Rust, betterBPF typeformat (BTF) support, SFrame, and more.
Seven new stable kernels
Greg Kroah-Hartman has announced the release of the 6.16.10, 6.12.50, 6.6.109, 6.1.155, 5.15.194, 5.10.245, and 5.4.300 stable kernels. All of these kernelshave lots of important fixes throughout the kernel tree.
Security updates for Thursday
Security updates have been issued by AlmaLinux (perl-JSON-XS), Debian (chromium and openssl), Fedora (bird, dnsdist, firefox, mapserver, ntpd-rs, python-nh3, rust-ammonia, skopeo, sqlite, thunderbird, and xen), Oracle (perl-JSON-XS), Red Hat (kernel, kernel-rt, and libvpx), SUSE (afterburn, cairo, docker-stable, firefox, nginx, python-Django, snpguest, and warewulf4), and Ubuntu (libmspack, libxslt, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-hwe-6.14, linux-realtime, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux, linux-kvm, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-hwe-6.8, linux-kvm, linux-oracle-5.15, linux-oracle-6.14, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8, linux-realtime-6.14, and python-django).
[$] LWN.net Weekly Edition for October 2, 2025
Inside this week's LWN.net Weekly Edition:
Alpine Linux plans /usr merge
The Alpine Linux project has announcedplans to change its base filesystem hierarchy:
[$] Fedora floats AI-assisted contributions policy
The Fedora Council began a process to create a policy on AI-assistedcontributions in 2024, starting with a survey to ask the communityits opinions about AI and using AI technologies in Fedora. OnSeptember25, Jason Brooks publisheda draft policy for discussion; so far, in keeping with the spirit ofcompromise, it has something to make everyone unhappy. For some it istoo AI-friendly, while others have complained that it holds Fedoraback from experimenting with AI tooling.
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-rubygem-rack), and Ubuntu (linux-azure-5.15 and openssl, openssl1.0).
OpenSUSE Leap 16 released
The openSUSELeap 16 release is now available.
Radicle 1.5.0 released
Version 1.5.0of the Radicle peer-to-peer Git collaboration platform has beenreleased. This release includes better support for bare repositories,structured logging, and improvements in the output of rad patchshow:
[$] Linting Rust code in the kernel
Klint is a Rust compiler extensiondeveloped by Gary Guo to run somekernel-specific lint rules, which may also be useful for embedded systemdevelopment. He spoke about hisrecent work on the project atKangrejos 2025. The next day, Alejandra Gonzalezled a discussion about Rust's normal linter,Clippy. The two tools offer complementary approaches to analyzing Rustkernel code, although both need some additional direction and support fromkernel developers to reach their full potential.
Security updates for Tuesday
Security updates have been issued by Debian (python-internetarchive and tiff), Fedora (nextcloud), Oracle (kernel, openssh, and squid), Red Hat (kernel, kernel-rt, and ncurses), SUSE (afterburn and chromium), and Ubuntu (open-vm-tools, ruby-rack, and tiff).
Bcachefs removed from the mainline kernel
After marking bcachefs "externally maintained" in 6.17, Linus Torvalds hasremovedit entirely for 6.18. "It's now a DKMS module, making the in-kernelcode stale, so remove it to avoid any version confusion."
[$] Development statistics for 6.17
The 6.17 development cycle ended on September28 with the releaseof the 6.17 kernel. This cycle brought in 13,089 non-merge changesets, aslowdown from its predecessor but still within the normal bounds for recentkernels. The time has come for a look at where those changes came from,with a bit of a side trip into bug statistics.
NixOS moderation team resigns
The NixOS moderation team, which is theoretically in charge of ensuring that community participation on the project's repositories anddiscussion forum remains welcoming and useful, has releaseda joint resignation statement. This action was motivated by conflict with the project's steering committee (SC), which has repeatedly overridden the moderation team, leading the team members to decide that they could not continue acting as moderators. Arian Van Putten, speaking for the whole team, writes:
[$] Managing encrypted filesystems with dirlock
As with a mobile phone, a portable gaming device like the Steam Deck can containlots of personal information that the owner would like to keepsecret-especially given that such devices can do far more than gaming.Alberto Garcia worked with his colleagues at Igalia and people atValve, the company behind the Steam gaming platform, to comeup with a new tool to manage encrypted filesystems for SteamOS, which is a Linuxdistribution optimized for gaming. Garcia gave a talk about that tool, dirlock, at OpenSource Summit Europe, which was held in Amsterdam in late August.In the talk, he looked at the design process forthe encrypted-files feature, the alternatives considered, and why they madethe choices they did.
Security updates for Monday
Security updates have been issued by AlmaLinux (avahi, cups, firefox, gnutls, golang, httpd, kernel, libtpms, mysql, opentelemetry-collector, php:8.2, podman, postgresql:13, postgresql:15, python3, python3.11, python3.12, python3.9, thunderbird, and udisks2), Debian (firefox-esr, gimp, nncp, node-tar-fs, and squid), Fedora (chromium, firebird, python-azure-keyvault-securitydomain, python-azure-mgmt-security, and python-microsoft-security-utilities-secret-masker), Red Hat (httpd:2.4, kernel, kernel-rt, and mod_http2), SUSE (aide, apache2-mod_security2, chromedriver, cloud-init, docker, gdk-pixbuf, git, google-osconfig-agent, govulncheck-vulndb, gstreamer-plugins-base, iperf, kernel, krb5, krita, luajit, net-tools, nvidia-open-driver-G06-signed, pam, postgresql17, python311, rust-keylime, sevctl, tor, tree-sitter-ruby, and udisks2), and Ubuntu (curl, ghostscript, inetutils, python2.7, and qtbase-opensource-src).
F-Droid and Google's Developer Registration Decree
The F-Droid project has posted anurgent message regarding Google's plan to require developerregistration to install apps on Android devices.
The 6.17 kernel has been released
Linus Torvalds has released the 6.17 kernel. He notes that the shortlog for the changes since -rc7 are pretty tame:
[$] Jumping into openSUSE Leap 16
The openSUSE project is nearing the release of Leap16, itsfirst major release since openSUSELeap15in May 2018. This release brings some changes to thecore of the distribution aside from the usual software upgrades; YaST has been retired,SELinux has replaced AppArmor as the default mandatory access control(MAC) system, and more. If all goes according to plan, Leap16final should be released in early October, with planned supportthrough 2031.
Security updates for Friday
Security updates have been issued by AlmaLinux (firefox, kernel, and thunderbird), Debian (ceph and thunderbird), Fedora (chromium, mingw-expat, python-deepdiff, python-orderly-set, python-pip, rust-az-cvm-vtpm, rust-az-snp-vtpm, rust-az-tdx-vtpm, and trustee-guest-components), Oracle (aide, kernel, and thunderbird), Red Hat (firefox, kernel, openssh, perl-YAML-LibYAML, and thunderbird), Slackware (expat), SUSE (jasper, libssh, openjpeg2, and python-pycares), and Ubuntu (linux-aws-6.14, linux-hwe-6.14, linux-azure, linux-hwe-6.8, linux-realtime-6.8, node-sha.js, and pcre2).
Cuni: Tracing JITs in the real world @ CPython Core Dev Sprint
Longtime PyPy developer Antonio Cuni has alengthyblog post that describes his talk at the recently completed 2025CPythonCore Dev Sprint, held at Arm in Cambridge, UK. The talk, entitled"Tracing JIT and real world Python - aka: what we can learn from PyPy" wasmeant to try to pass on some of his experiences "optimizing existingcode for PyPy at a high-frequency trading firm" to thedevelopers working on the CPython JIT compiler. His goal wasto raise awareness of some of the problems he encountered:
[$] The phaseout of the mmap() file operation
The file_operationsstructure in the kernel is a set of function pointers implementing, as thename would suggest, operations on files. A subsystem that manages objectswhich can be represented by a file descriptor will provide afile_operations structure providing implementations of the variousoperations that a user of the file descriptor may want to carry out. Themmap() method, in particular, is invoked when user space calls themmap()system call to map the object behind a file descriptor into its addressspace. That method, though, is currently on its way out in a multi-releaseprocess that started in 6.17.
Fedora considers an AI-tool policy
The Fedora project has posted aproposal for a policy regarding the use of AI tools when developing forthe distribution.
Four stable kernels released
The 6.16.9, 6.12.49, 6.6.108, and 6.1.154 stable kernels have been released.As usual, they all contain important fixes throughout the kernel tree.
Security updates for Thursday
Security updates have been issued by AlmaLinux (grub2 and kernel), Debian (chromium and libxslt), Fedora (chromium, expat, libssh, and webkitgtk), Oracle (avahi, firefox, ImageMagick, kernel, libtpms, and mysql), Red Hat (kernel), SUSE (bird3, expat, kernel, and tiff), and Ubuntu (dpkg, gnuplot, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-riscv-5.15, linux-xilinx-zynqmp, linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime, linux-riscv, linux-riscv-6.14, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure-fips, linux-ibm, linux-ibm-6.8, linux-intel-iot-realtime, linux-realtime, linux-oem-6.14, linux-oracle-5.15, linux-realtime-6.14, and python-eventlet).
PostgreSQL 18 released
Version18 of the PostgreSQL database has been released. Notableimprovements in this release include "skip scan" lookups formulticolumn B-tree indexes, virtualgenerated columns, better text processing, oauthauthentication, and a new asynchronous I/O (AIO) subsystem to improveperformance:
[$] LWN.net Weekly Edition for September 25, 2025
Inside this week's LWN.net Weekly Edition:
[$] Canceling asynchronous Rust
Asynchronous Rust code has what Rain Paharia calls a "universal cancellationprotocol", meaning that any asynchronous code can be interrupted in the sameway. They claimthat this is both a useful feature when used deliberately, and a source oferrors when done by accident. They presentedabout this problem atRustConf2025, offering a handful of techniques to avoid introducing bugs intoasynchronous Rust code.
[$] CHERI with a Linux on top
The CapabilityHardware Enhanced RISC Instructions (CHERI) project is a rethinking ofcomputer architecture in order to improve system security. Carl Shaw gavea presentation atLinuxSecurity Summit Europe (LSS EU) about CHERI and the efforts to getLinux running on it. He introduced capabilities,which are a mechanism for access control, and outlined theirhistory, which goes back many decades at this point, then looked morespecifically at the CHERI project and what it will take to apply thesecurity constraints of capabilities to an operating system like Linux.
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel and kernel-rt), Fedora (expat), Red Hat (kernel and multiple packages), SUSE (avahi, busybox, busybox-links, kernel, sevctl, tcpreplay, thunderbird, and tor), and Ubuntu (isc-kea, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-aws-6.8, linux-gcp-6.8, linux-aws-fips, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-realtime, python-pip, and rabbitmq-server).
Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship
The Open Source Security Foundation(OpenSSF) has put together a joint statement from many of the publicpackage repositories for various languages about the need for assistance inmaintaining these commons. Services such as PyPI for Python, crates.io for Rust, and many others areworking together to try to find ways to sustain these services in the faceof challenges from "automated CI systems, large-scale dependencyscanners, and ephemeral container builds" all downloading enormousamounts of package data, coupled with the rise of generative and agentic AI"driving a further explosion of machine-driven, often wasteful automatedusage, compounding the existing challenges". It is not a crisis, yet,they say, but it is headed in that direction.
[$] An unstable Debian stable update
A bug in a recent release of systemd's network manager causedheadaches for people managing systems that have a virtual LAN (VLAN)interface on a bridge; something one might want to do, for example,when configuring network interfaces for virtual machines. The bugaffected several Debian users when upgrading the systemd packagefrom v257.7-1 to v257.8-1. The updated package is part of the Debian13.1release, and the bug has snared enough users to cause a minorstir-due in no small part to the maintainer's response as muchas the bug itself.
Security updates for Tuesday
Security updates have been issued by Debian (corosync and kernel), Fedora (checkpointctl, chromium, curl, and perl-Catalyst-Authentication-Credential-HTTP), SUSE (firefox, frr, kernel, rustup, vim, and wireshark), and Ubuntu (glibc and pam).
RPM 6.0.0 released
Version 6.0.0 of the RPM Package Manager has been released. Notable changes in this release include support for multiple OpenPGP signatures per package, the ability to update previously installed PGP keys, as well as support for RPM v4 and v6 packages. See the release notes for full details.
[$] Revocable references for transient devices
Computers were once relatively static devices; if a peripheral was presentat boot, it was unlikely to disappear while the system was operating.Those days are far behind us, though; devices can come and go at any time,often with no notice. That impermanence can create challenges for kernelcode, which may not be expecting resources it is managing to make an abruptexit. The revocableresource management patch set from Tzung-Bi Shih is meant to help withthe creation of more robust - and more secure - kernel subsystems in adynamic world.
Security updates for Monday
Security updates have been issued by Debian (ffmpeg, jetty12, jetty9, jq, and pam), Fedora (curl, libssh, podman-tui, and prometheus-podman-exporter), Oracle (firefox, gnutls, kernel, and thunderbird), and SUSE (bluez, cairo, chromium, cmake, cups, firefox, frr, govulncheck-vulndb, kernel, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, mariadb, mybatis, ognl, python-h2, and rke2).
Kernel prepatch 6.17-rc7
Linus has released 6.17-rc7 for testing."Let's keep the testing going, and we'll have the final 6.17 in aweek".
[$] Multiple kernels on a single system
The Linux kernel generally wants to be in charge of the system as a whole;it runs on all of the available CPUs and controls access to them globally.Cong Wang has just come forward with a differentapproach: allowing each CPU to run its own kernel. The patch set is inan early form, but it gives a hint for what might be possible.
Four Friday stable kernel updates
Greg Kroah-Hartman has announced the release of the 6.16.8, 6.12.48, 6.6.107, and 6.1.153 stable kernels; eachcontains an important set of fixes.
[$] Blender 4.5 brings big changes
Blender 4.5 LTS was releasedon July 15, 2025, and will be supported through 2027. This is the lastfeature release of the 3D graphics-creation suite's 4.x series; itincludes quality-of-life improvements, including work to bring the Vulkan backend up topar with the default OpenGL backend. With 4.5 released, Blenderdevelopers are turning their attention toward Blender 5.0, planned forrelease later this year. It will introduce substantial changes,particularly in the GeometryNodes system, a central feature of Blender's proceduralworkflows.
Security updates for Friday
Security updates have been issued by Debian (chromium, cjson, and firefox-esr), Fedora (expat, gh, scap-security-guide, and xen), Oracle (container-tools:rhel8, firefox, grub2, and mysql:8.4), SUSE (busybox, busybox-links, element-web, kernel, shadowsocks-v2ray-plugin, and yt-dlp), and Ubuntu (imagemagick, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-azure, linux-azure-5.15, linux-azure-fips, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi, linux-oracle-6.8, linux-realtime, and openjpeg2).
[$] Extending the time-slice-extension discussion
Time-slice extension is a proposed scheduler feature that would allow auser-space process to request to not be preempted for a short period whileit executes a critical section. It is an idea that has been circulatingfor years, but efforts to implement it becamemore serious in February of this year. The latest developer to make anattempt at time-slice extension is Thomas Gleixner, who has posted a new patch setwith a reworked API. Chances are good that this implementation is close towhat will actually be adopted by the kernel.
Rust 1.90.0 released
Version1.90.0 of the Rust language has been released. Changes includeswitching to the LLD linker by default,the addition of support for workspace publishing to cargo, and theusual set of stabilized APIs.
Security updates for Thursday
Security updates have been issued by AlmaLinux (gnutls, mysql:8.4, opentelemetry-collector, and python-cryptography), Debian (nextcloud-desktop), Fedora (chromium, firefox, forgejo, gitleaks, kernel, kernel-headers, lemonldap-ng, perl-Cpanel-JSON-XS, and python-pip), Red Hat (firefox and libxml2), Slackware (expat and mozilla), SUSE (avahi, bluez, cups, curl, firefox-esr, gdk-pixbuf, gstreamer, java-1_8_0-ibm, krb5, net-tools, podman, raptor, sevctl, tkimg, ucode-intel, and vim), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-fips, linux-azure-fips, linux-gcp-fips, and linux-gcp-6.14, linux-oracle, linux-oracle-6.14).
Bluefin LTS released
The Universal Blue project has announced the release of BluefinLTS,an image-based distribution similar to Bluefin that usesCentOSStream10 and EPEL instead of Fedora as its base:
Tails 7.0 released
Version7.0 of the Tails portableoperating system has been released. This is the first version of Tailsbased on Linux 6.12.43, Debian13("trixie") and GNOME48. It uses zstd instead ofxz to compress the USB and ISO images to deliver afaster start time on most computers. The release is dedicated to the memory of Lunar, "atraveling companion for Tails, a Tor volunteer, Free Software hacker,and community organizer":
[$] LWN.net Weekly Edition for September 18, 2025
Inside this week's LWN.net Weekly Edition:
GNOME 49 released
Version 49 of the GNOME desktopenvironment has been released. Changes include new default video(Showtime) and PDF-viewing (Papers) applications, a number of calendarimprovements, and updates to the Web, Maps, and Software applications.
Jackson: tag2upload in the first month of forky
Ian Jackson has published a blogpost summarizing the tag2upload service'sfirst month of handling uploads for the upcoming Debian14 ("forky") release:
Libxml2 2.15.0 released
Version2.15.0 of libxml2 hasbeen released. Notable changes include the disabling of Pythonbindings by default, using Doxygen to generate API documentation, aswell as bringing HTML serialization and handling of characterencodings more in line with the HTML5 specification.Nick Wellnhofer has also announcedthat he is stepping down as libxml2 maintainer, and Ivan Chavero hasvolunteeredto take over. LWN covered libxml2 inJune.
12345678910...