LWN.net

At the 2025 Linux PlumbersConference (LPC), held in Tokyo in mid-December, Changwoo Min led a session on whathe has learned while developing the"latency-criticalityaware virtual deadline" (LAVD) scheduler, which is aimed at gamingworkloads. The session was part of the Gamingon Linux microconference, which is a new entrant into LPC; organizershope to see it return next year inPrague and, presumably, beyond. LAVD uses the extensible scheduler class (sched_ext) and hasthe primary goal of minimizing stutteringin games;it is implemented in a combination of BPF and Rust.

Last year werevived the tradition of publishing a timeline ofnotable events from the previous year. Since that seemed to go overwell, we decided we should continue the practice and look back on someof the most noteworthy events and releases of 2025.

The IPFire project, anopen-source firewall Linux distribution, has released version2.29 - Core Update 199. Notable changes in this release include anupdate to Linux 6.12.58, support for WiFi6 and 7 features onwireless access points, as well as native support for link-localdiscovery protocol (LLDP) and Cisco discovery protocol (CDP).

Android Authority reportsthat Google will be reducing the frequency of releases of code to theAndroid Open Source Project to only twice per year.

Security updates have been issued by AlmaLinux (resource-agents, ruby:3.3, thunderbird, and xorg-x11-server), Fedora (libpcap), Red Hat (brotli), Slackware (libsodium), SUSE (dcmtk, govulncheck-vulndb, libpcap, mozjs60, qemu, rsync, and usbmuxd), and Ubuntu (glib2.0 and linux-raspi, linux-raspi-5.4).

The nature and role of the Linux Foundation's Technical Advisory Board (TAB) isnot well-understood, thougha recent LWN article shed some light on itsrole andhistory. At the 2025Linux Plumbers Conference (LPC), the TAB held a question andanswer session to address whatever it was the community wanted to know(video).Those questions ended up covering the role of large language models in kerneldevelopment, what it is like to be on the TAB, how the TAB can help grease thewheels of corporate bureaucracy, and more.

Aleksa Sarai, as the maintainer of therunc container runtime, faces aconstant battle against security problems. Recently, runc has seenanotherinstance of a security vulnerability that can be traced back to the difficultyof handling file paths on Linux. Sarai spoke at the 2025Linux Plumbers Conference(slides;video)aboutsome of the problems runc has had with path-traversal vulnerabilities, and toask people to please uselibpathrs, the library that he has been developing forsafe path traversal.

Version26.0 ("Anh-Linh") of the Arch-based Manjaro Linux distribution has beenreleased. Manjaro26.0 includes Linux6.18, GNOME49,KDEPlasma6.5, Xfce4.20, and more.

Security updates have been issued by AlmaLinux (kernel, ruby, and thunderbird), Debian (libsodium and ruby-rmagick), Fedora (gnupg2 and proxychains-ng), Oracle (gcc-toolset-14-binutils, rsync, tar, and thunderbird), Red Hat (buildah, mariadb, mariadb10.11, podman, and tar), SUSE (alloy, apache2, buildah, erlang26, glib2, ImageMagick, kernel, libsoup, pgadmin4, python-tornado6, python3, python312, python313, qemu, webkit2gtk3, and xen), and Ubuntu (webkit2gtk).

The calendar has flipped over to 2026; a new year has begun. That meansthe moment we all dread has arrived: it is time for LWN to put out a set oflame predictions for what may happen in the coming year. Needless to say,we do not know any more than anybody else, but that doesn't stop us frommaking authoritative-sounding pronouncements anyway.

Version 1.30 of the GNUddrescue data recovery tool has been released. Notable changes inthis release include improvements to automatic recovery of a drivewith a dead head, addition of a --no-sweep option to disablereading of skipped areas, and more.

Security updates have been issued by AlmaLinux (tar), Debian (curl and gimp), Fedora (doctl, gitleaks, gnupg2, grpcurl, nginx, nginx-mod-brotli, nginx-mod-fancyindex, nginx-mod-headers-more, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, and usd), Mageia (cups), Red Hat (container-tools:rhel8, go-toolset:rhel8, grafana, and skopeo), and SUSE (dirmngr, fluidsynth, gnu-recutils, libmatio-devel, python311-marshmallow, python312-Django6, rsync, and thunderbird).

The 6.19-rc4 kernel prepatch is out fortesting.

Greg Kroah-Hartman has written anoverview of how the kernel's security team works.

Greg Kroah-Hartman has announced the release of the 6.18.3 stable kernel. As always, thisupdate contains important fixes; users of this kernel are advised toupgrade.

Security updates have been issued by Debian (smb4k), Fedora (direwolf, gh, usd, and webkitgtk), Slackware (libpcap and seamonkey), and SUSE (kepler).

Security updates have been issued by Debian (imagemagick and net-snmp), Fedora (delve, golang-github-google-wire, and golang-github-googlecloudplatform-cloudsql-proxy), and SUSE (podman, python3, and python36).

Version4.19.0 of the shadow-utilsproject has been released. Notable changes in this release includedisallowingsome usernames that were previously accepted with the--badname option, and removingsupport for escaped newlines in configuration files. Possibly moreinteresting is the announcement that the project is deprecating anumber of programs, hashing algorithms, and the ability toperiodically expire passwords:

Security updates have been issued by Debian (mediawiki), Fedora (duc, golang-github-projectdiscovery-mapcidr, and kustomize), Slackware (wget2), and SUSE (cheat, duc, flannel, go-sendxmpp, python311, python312, python313, and trivy).

Daniel Stenberg has written a blogpost about the decision to ban the use strcpy()in curl:

Security updates have been issued by Debian (openjpeg2, osslsigncode, php-dompdf, and python-django), Fedora (fluidsynth, golang-github-alecthomas-chroma-2, golang-github-evanw-esbuild, golang-github-jwt-5, and opentofu), Mageia (ceph and ruby-rack), and SUSE (anubis, apache2-mod_auth_openidc, dpdk22, kernel, libpng16, and python311-openapi-core).

Nate Graham looksback at how 2025 went for the KDE project.

Security updates have been issued by Debian (kodi, pgbouncer, and rails), Fedora (duc, fluidsynth, gdu, singularity-ce, and tkimg), Slackware (vim), and SUSE (buildah, duc, gnutls, python39, qemu, and webkit2gtk3).

Linus has released 6.19-rc3 for testing. "Another week, another -rc release.Except the past week has obviously been the holiday week, and this rcrelease is pretty small as a result. Very much as expected."

Graphite is an effort to unifyillustration, raster editing, desktop publishing, and animation in onebrowser-based application. The project has been in development since2021 and announced its first alpha release in 2022. According to creator Keavon Chambers, the project's mission is to become"the 2D counterpart to Blender", by bringing a node-based,non-destructive workflow to 2D graphics. The project, currently still inalpha, is a long way from complete; but it is worth testing for anyoneinvolved with open-source-graphics production. Currentbuilds, from September 2025, include vector-illustration tools, anode-based compositor, and early brush tooling, with broader pixel-based-and photo-editing work still in progress.

Security updates have been issued by Debian (gst-plugins-good1.0, postgresql-13, and python-urllib3), Fedora (chezmoi, docker-buildkit, ov, and subfinder), Oracle (httpd:2.4), Slackware (net), and SUSE (apache2, buildah, kernel, and mariadb).

The judge in the Vizio GPL-compliance lawsuit has ruled, in asummary judgment, that the GNU General Public License, version2,does not require the provision of signing keys needed to install modifiedsoftware on a device.

Once again there is a brand-new release under the tree from theRuby programming-language project: Ruby4.0has been released with many new features and improvements. Notablechanges include the experimental Ruby Boxfeature for in-process isolation of classes and modules, a newjust-in-time compiler called ZJIT, and improvements to Ruby'sparallel-execution mechanism (Ractor). There are a number of languagechanges as well. See the documentationfor Ruby4.0 for more.

Security updates have been issued by Fedora (httpd, retroarch, and roundcubemail), Oracle (container-tools:rhel8, grafana, httpd, kernel, python3.12, python39:3.9, thunderbird, and uek-kernel), and SUSE (cheat, go-sendxmpp, and kernel).

Inside this week's LWN.net Weekly Edition:

Another year has reached its conclusion. That can only mean one thing: thetime has come to take a look back at thepredictions we made in January and evaluate just how badly they turnedout. Much to our surprise, not all of our predictions were entirelyaccurate. It has been a wild year in the Linux community and beyond, tosay the least.

The systemdv259release was announced on December17, just three months afterv258. It is a more modest release but still includes a number ofimportant changes such as a new option for the run0 command(an alternative to sudo), ability to mount user home directories from the host in virtualmachines, as well as under-the-hood changes with dlopen()for library linking, the ability to compile systemd with musl libc,and more.

Security updates have been issued by AlmaLinux (container-tools:rhel8, grafana, opentelemetry-collector, and thunderbird), Red Hat (kernel), and SUSE (cheat, libsoup, mariadb, mozjs52, python310, python315, qemu, rsync, and zk).

Version8.1 of elementary OS has been released. Notable changes in thisrelease include making the Wayland session the default, changes towindow management and multitasking, as well as a number ofaccessibility improvements. The 8.1 release is the first to be madeavailable for Arm64 devices, which should allow users to runelementary on Apple M-series hardware or other Arm devices that canload UEFI-supporting firmware, such as some Raspberry Pi models. Seethe blog post for a full list of changes.

Arnd Bergmann began his 2025 LinuxPlumbers Conference session on the future of 32-bit support in theLinux kernel by saying that it was to be a followup to his September talk on the same topic. Thefocus this time, though, was on the kernel's "high memory" abstraction, andwhen it could be removed. It seems that the kernel community will need tosupport 32-bit systems for some time yet, even if it might be possible toremove some functionality, including support for large amounts of memory onthose systems, more quickly.

The BPF verifier works, on a theoretical level, by considering every possiblepath that a BPF program could take. As a practical matter, however, it needs todo that in a reasonable amount of time. At the2025 Linux Plumbers Conference, Mahe Tardy and Paul Chaignongave a detailed explanation(slides;video) ofthe main mechanism that it uses to accomplish that: state pruning. They focusedon two optimizations that help reduce the number of paths the verifier needs tocheck, and discussed some of the complications the optimizations introduced to the verifier'scode.

Security updates have been issued by AlmaLinux (binutils, curl, gcc-toolset-13-binutils, git-lfs, httpd, httpd:2.4, keylime, libssh, mod_md, openssh, php:8.3, podman, python3.12, python3.9, python39:3.9, skopeo, tomcat, tomcat9, and webkit2gtk3), Fedora (mingw-glib2, mingw-libsoup, and mingw-python3), Mageia (roundcubemail), Oracle (git-lfs and mod_md), and SUSE (glib2, kernel, mariadb, and qemu).

Version6.20 of the Incus container and virtual-machine management systemhas been released. Notable changes in this release include a newstandalonecommand to add IncusOS servers to a cluster,qcow2-formattedvolumes for clustered LVM, and reverseDNS records in OVN. See the announcement for a full list ofchanges.

Version 17.1 of the GDB debugger is out. Changes include shadow-stacksupport, info threads improvements, a number of Python APIimprovements, and more, including: "Warnings and error messages nowstart with an emoji (warning sign, or cross mark) if supported by the hostcharset. Configurable." See theNEWS file for more information.

Version 4.3.0 of the security-oriented Qubes OS distribution has beenreleased. Changes include more recent distribution templates, preloadeddisposable virtual machines, and the reintroduction of the Qubes WindowsTools set. See therelease notes for more information.

Ian Jackson (along with Sean Whitton) has posted a manifesto and statusupdate to the effect that, since Git repositories have become thepreferred method to distribute source, that is how Debian should bedistributing its source packages.

At OpenSource Summit Japan 2025, Erin McKean talked about the challenges toproducing good project documentation, along with some tooling that can helpguide the process toward success. It is a problem that many projectsstruggle with and one that her employer, Google, gained a lot of experiencewith from its now-concluded Season of Docsinitiative. Through that program, more than 200 case studies ofdocumentation projects were gathered that were mined for common problemsand solutions, which led to the tools and techniques that McKean described.

John Paul Adrian Glaubitz has announcedthat loong64 is now an official architecture for Debian, and will bepart of the Debian14 ("forky") release "if everything goesalong as planned". This is a bit more than two years after the initialbootstrap of the architecture.

Security updates have been issued by Debian (chromium, dropbear, mediawiki, php8.4, python-mechanize, rails, roundcube, usbmuxd, and wordpress), Fedora (cef, chromium, fonttools, gobuster, gosec, mingw-libpng, moby-engine, mqttcli, nextcloud, pgadmin4, python-unicodedata2, uriparser, and util-linux), Mageia (php and webkit2), Oracle (binutils, curl, gcc-toolset-13-binutils, gimp, git-lfs, kernel, openssh, php:8.3, podman, python-kdcproxy, python3.12, python3.9, skopeo, and webkit2gtk3), Red Hat (rsync), Slackware (php), SUSE (alloy, busybox, chromedriver, chromium, coredns-for-k8s, duc, firefox, kernel-devel, libpng16, libruby3_4-3_4, mariadb, netty, php8, python311-tornado6, rsync, taglib, and xen), and Ubuntu (linux-oracle-5.4, linux-raspi, linux-realtime-6.14, and linux-xilinx).

The 6.19-rc2 kernel prepatch is out fortesting. "I obviously expect next week to be even quieter, with peoplebeing distracted by the holidays. So let's all enjoy taking a little break,but maybe break the boredom with some early rc testing?"

The 2025 election for members of the Linux Foundation Technical AdvisoryBoard hasconcluded; the winners are Greg Kroah-Hartman, Steven Rostedt, JuliaLawall, David Hildenbrand, and Ted Ts'o.

The FreeBSD Foundation has a blogpost about the progress it has made in 2025 on the Laptop Support& Usability Project for FreeBSD. The foundation committed$750,000 to the project in 2025 and has made progress on graphicsdrivers, Wi-Fi4 and 5 support, audio improvements, sleep states,and more.

The BPF verifier is complicated. It needs tocheck every possible path that aBPF program's execution could take. The fact that its determination of whether aBPF program is safe is based on the whole lifetime of the program, instead ofsimple local factors, means that the cause of a verificationfailure is not always obvious. Ihor Solodrai and Jordan Rome gave a presentation(slides)at the2025 Linux Plumbers Conference in Tokyo aboutthe BPF verifier visualizer that they have been buildingto make diagnosing verification failures easier.

Security updates have been issued by Debian (roundcube), Fedora (checkpointctl, containernetworking-plugins, mingw-libpng, NetworkManager, php, python3-docs, python3.13, and webkitgtk), Oracle (kernel, keylime, and libssh), and SUSE (apache2, clair, colord, flannel, gnutls, golang-github-prometheus-alertmanager, grafana, grub2, helm, ImageMagick, libpng16, netty, openssl-3, postgresql13, postgresql14, postgresql15, python36, salt, uyuni-tools, and venv-salt-minion).

Stephen Rothwell, who has maintained the kernel's linux-next integrationtree from its inception, has announced hisretirement from that role: