LWN.net

The bootc project allows users tocreate a bootable Linux system image using the container tooling that manydevelopers are already familiar with. It is an evolution of OSTree(now called libostree), which is used to create FedoraSilverblue and other image-based distributions. While creatingcustom images is still a job for experts, the container technologysimplifies delivering heavily customized images to non-technicalusers.

Security updates have been issued by AlmaLinux (bind, bind9.16, libsoup, mariadb:10.5, and sssd), Debian (chromium, keystone, and swift), Fedora (apptainer, buildah, chromium, fcitx5, fcitx5-anthy, fcitx5-chewing, fcitx5-chinese-addons, fcitx5-configtool, fcitx5-hangul, fcitx5-kkc, fcitx5-libthai, fcitx5-m17n, fcitx5-qt, fcitx5-rime, fcitx5-sayura, fcitx5-skk, fcitx5-table-extra, fcitx5-unikey, fcitx5-zhuyin, GeographicLib, libime, mbedtls, mingw-poppler, mupen64plus, python-starlette, webkitgtk, and xen), Mageia (dcmtk, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, libvpx, and sqlite3), Oracle (bind, bind9.16, kernel, libsoup, libsoup3, osbuild-composer, qt6-qtsvg, sssd, and valkey), Red Hat (kernel and kernel-rt), SUSE (bind, gpg2, ImageMagick, python-Django, and runc), and Ubuntu (linux-azure, linux-azure-4.15, linux-fips, linux-aws-fips, inux-gcp-fips, linux-gcp, linux-gcp-6.8, linux-gke, linux-intel-iot-realtime, linux-realtime, linux-raspi-5.4, and linux-realtime, linux-realtime-6.8).

Version4.5 of the Mastodondecentralized social-media platform has been released. Notablefeatures in this release include quoteposts, native emoji support, as well as enhanced moderation andblocking features for server administrators. The project also has a postdetailing new features in 4.5 for developers of clients and othersoftware that interacts with Mastodon.

The future of the Filesystem Hierarchy Standard (FHS) has been under discussion for some time; now,Neal Gompa has announcedthat the FHS is "hosted and stewarded" by Freedesktop.org.

Filesystems are complex and performance-sensitive beasts. They can alsopresent security concerns. Microkernel-based systems have long pushedfilesystems into separate processes in order to contain any vulnerabilitiesthat may be found there. Linux can do the same with the Filesystem inUserspace (FUSE) subsystem, but using FUSE brings a significantperformance penalty. Darrick Wong is working on ways to eliminate thatpenalty, and he has a massive patchset showing how ext4 filesystems can be safely implemented in user space byunprivileged processes with good performance. This work has the potentialto radically change how filesystems are managed on Linux systems.

Security updates have been issued by Debian (unbound), Fedora (deepin-qt5integration, deepin-qt5platform-plugins, dtkcore, dtkgui, dtklog, dtkwidget, fcitx-qt5, fcitx5-qt, fontforge, gammaray, golang-github-openprinting-ipp-usb, kddockwidgets, keepassxc, kf5-akonadi-server, kf5-frameworkintegration, kf5-kwayland, plasma-integration, python-qt5, qadwaitadecorations, qt5, qt5-qt3d, qt5-qtbase, qt5-qtcharts, qt5-qtconnectivity, qt5-qtdatavis3d, qt5-qtdeclarative, qt5-qtdoc, qt5-qtgamepad, qt5-qtgraphicaleffects, qt5-qtimageformats, qt5-qtlocation, qt5-qtmultimedia, qt5-qtnetworkauth, qt5-qtquickcontrols, qt5-qtquickcontrols2, qt5-qtremoteobjects, qt5-qtscript, qt5-qtscxml, qt5-qtsensors, qt5-qtserialbus, qt5-qtserialport, qt5-qtspeech, qt5-qtsvg, qt5-qttools, qt5-qttranslations, qt5-qtvirtualkeyboard, qt5-qtwayland, qt5-qtwebchannel, qt5-qtwebengine, qt5-qtwebkit, qt5-qtwebsockets, qt5-qtwebview, qt5-qtx11extras, qt5-qtxmlpatterns, qt5ct, and xorg-x11-server), Mageia (binutils, gstreamer1.0-plugins-bad, libsoup, libsoup3, mediawiki, net-tools, and tigervnc, x11-server, and x11-server-xwayland), Red Hat (tigervnc), SUSE (aws-efs-utils, fetchmail, flake-pilot, ImageMagick, java-1_8_0-ibm, java-1_8_0-openjdk, kernel-devel, kubecolor, OpenSMTPD, sccache, tiff, and zellij), and Ubuntu (linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime, linux, linux-aws, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-lowlatency, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-oracle-6.8, linux-realtime-6.14, poppler, python-django, and various linux-* packages).

Inside this week's LWN.net Weekly Edition:

Mason Freed and Dominik Rottsches have published a documentwith a timeline and plans for removing Extensible Stylesheet LanguageTransformations (XSLT) from the Chromium project and Chromebrowser:

Version2.3.0 of the Lightweight Qt Desktop Environment (LXQt) has beenreleased. The highlight of this release is continued improvement inWayland support across LXQt components. Rather than offering its owncompositor, the LXQt project takes a modular approach and works withseveral Wayland compositors, such as KWin, labwc, and niri.

Linux has many security features and tools that have evolved overthe years to address threats as they emerge and security gaps as theyare discovered. Linux security is all, as Lennart Poettering observed at the All Systems Go! conference heldin Berlin, somewhat random and not a "clean"design. To many observers, that may also appear to be the case forsystemd; however, Poettering said that he does have a vision for howall of the security-related pieces of systemd are meant to fittogether. He wanted to use his talk to explain "how the individualsecurity-related parts of systemd actually fit together and why theyexist in the first place".

Version1.3 of the Open Container Initiative (OCI) RuntimeSpecification has been released. The specification covers theconfiguration, execution environment, and lifecycle of containers. Themost notable change in 1.3 is the addition of FreeBSD to thespecification, which the FreeBSD Foundation calls"a watershed moment for FreeBSD":

Security updates have been issued by Debian (bind9 and gimp), Fedora (chromium, fastapi-cli, fastapi-cloud-cli, gherkin, libnbd, maturin, openapi-python-client, python-annotated-doc, python-cron-converter, python-fastapi, python-inline-snapshot, python-jiter, python-openapi-core, python-platformio, python-pydantic, python-pydantic-core, python-pydantic-extra-types, python-rignore, python-starlette, python-typer, python-typing-inspection, python-uv-build, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-jiter, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-serde_json, rust-speedate, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, and uv), Mageia (golang and libavif), Red Hat (bind9.16, pcs, and qt6-qtsvg), SUSE (colord, ffmpeg, govulncheck-vulndb, jasper, openjpeg, poppler, qatengine, qatlib, runc, sccache, and tiff), and Ubuntu (keystone, libssh, linux-hwe-6.14, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-raspi, runc-app, runc-stable, squid, squid3, and unbound).

Version6.18 of the Incus container and virtual-machine management systemhas been released. Notable changes in this release include newconfiguration keys for providing credentials to systemd, BPF tokendelegation, VirtIO support for sound cards, the ability to export ISOvolumes, improvements to the IncusOS command-line utility, and more.

Julia is a modern programminglanguage that is of particular interest to scientists due to its highperformance combined with language features such as Lisp-style macros, anadvanced type system, and multiple dispatch. We last looked at Julia in January on the occasion ofits 1.11release. Early in October Julia1.12appeared, bringing a handful of quality-of-life improvements for Juliaprogrammers, most notably support, though still experimental and limited,for the creation of binaries.

Security updates have been issued by Debian (dcmtk, geographiclib, gimp, pure-ftpd, and ruby-rack), Fedora (dotnet9.0), Oracle (expat, kernel, tigervnc, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (git, mariadb:10.5, multiple packages, osbuild-composer, pcs, sssd, and tigervnc), SUSE (kernel and redis), and Ubuntu (google-guest-agent).

Version1.0 of the Capability Hardware Extension to RISC-V for IoT(CHERIoT) specification has been released. CHERIoT is ahardware-software system for secure embedded devices, and thespecification provides a full description of the ISA and its intendeduse by CHERIoTRTOS. David Chisnall has written a blogpost about the release that explains its significance as well as plansfor CHERIoT 2.0 and beyond:

The Project Zero blog explainsthat, on 64-bit Arm systems, the kernel's direct map is always placed atthe same virtual location, regardless of whether kernel address-spacelayout randomization (KASLR) is enabled.

Barry Warsaw, writing for the Python steering council, has announcedthat PEP810 ("Explicit lazyimports") has been approved, unanimously, by the four who could vote. SincePablo Galindo Salgado was one of the PEP authors, he did not vote. The PEP provides a way to defer importing modules until the namesdefined in a module areneeded by other parts of the program. We covered the PEP and the discussion around ita few weeks back. The council also had "recommendations about some ofthe PEP's details, a few suggestions for filling a couple of smallgaps", including:

Python already has several ways to run programs concurrently -including asynchronous functions, threads, subinterpreters, and multiprocessing- but all of those options have drawbacks of one kind or another.PEP703 ("Making the Global Interpreter Lock Optional in CPython")removed a major barrier to running Pythonthreads in parallel, but also exposed Python programmers to the same trickysynchronization problems found in other languages supporting multithreadedprograms. A new draft proposalby Mark Shannon,PEP805 ("Safe Parallel Python"), suggests a way for the CPython runtimeto cut down on concurrency bugs, making it more practical for Python programmersto use versions of the language without the global interpreter lock (GIL).

Version6.0 ("Excalibur") of the systemd-averse Devuan distribution has beenreleased. It is based on Debian13 ("trixie"), and includes some ofthe significant changes from that release, including the merged/usr hierarchy. See therelease notes for details.

The kernel's namespaces feature is, amongother things, a key part of the implementation of containers. Like much inthe kernel, though, the namespace API evolved over time; there was nodesign at the outset. As a result, this API has some rough edges andmissing features. Christian Brauner is working to straighten out thenamespace situation somewhat with thisdaunting 72-part patch series that, among other things, adds a newsystem call to allow user space to query the namespaces present on thesystem.

Joel Severin has announcedthe availability of his port of the Linux kernel to WebAssembly; one can goto this page andwatch it boot in a browser.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, and webkit2gtk3), Debian (ruby-rack, strongswan, ublock-origin, and wordpress), Fedora (firefox, kea, openapi-python-client, openbao, python-uv-build, qt5-qtbase, ruby, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-backon, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, samba, skopeo, sssd, Thunar, unbound, uv, vgrep, and xorg-x11-server-Xwayland), Mageia (bind, libtiff, sope, and transfig), Oracle (compat-libtiff3, kernel, libtiff, redis, redis:6, and redis:7), Red Hat (kernel, kernel-rt, libssh, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (seamonkey), SUSE (bind, chromedriver, chromium, colord, coreboot-utils, git-bug, ImageMagick, java-11-openj9, java-17-openj9, java-21-openj9, java-25-openj9, kea, libmozjs-115-0, libmozjs-140-0, libssh, libtiff-devel-32bit, nodejs18, ongres-scram, poppler, python311-starlette, rav1e, squid, strongswan, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (linux-gcp-6.14 and linux-hwe-6.8).

Linus has released 6.18-rc4 for testing."Last week in fact felt *so* calm that I was surprised to notice thatrc4 isn't really smaller than usual: all the stats look very normal, bothin number of changes and where the changes are."

The relatively small6.17.7,6.12.57, and6.6.116stable kernels have been released; each contains another set of important fixes.

Julian Andres Klode has announced that theDebian APT package-management tool will acquire "hard Rustdependencies sometime after May 2026. "If you maintain a portwithout a working Rust toolchain, please ensure it has one within the next6 months, or sunset the port."

The idea of automatic syntax-aware merging in version-control systems goes back to2005 or earlier, but initial implementations wereoften language-specific and slow.Mergiraf is a merge-conflict resolver that uses a generic algorithm plus asmall amount of language-specific knowledgeto solve conflicts that Git's default strategy cannot.The project's contributors have been working on thetool for just under a year, but it alreadysupports 33 languages, including C,Python, Rust, and evenSystemVerilog.

Michael Hudson-Doyle, a member of Ubuntu's Foundations team, has announcedthe introduction of an "architecture variant" for Ubuntu 25.10:

Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, java-17-openjdk, libtiff, redis, and redis:6), Debian (chromium, mediawiki, pypy3, and squid), Fedora (openbao), SUSE (cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, chromium, chrony, expat, haproxy, himmelblau, ImageMagick, iputils, kernel, libssh, libxslt, openssl-3, podman, strongswan, xorg-x11-server, and xwayland), and Ubuntu (kernel, libxml2, libyaml-syck-perl, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, and netty).

Version1.91.0 of the Rust language has been released. Changes includepromoting aarch64-pc-windows-msvc to a tier-1 platform, a new lint ruleto catch dangling raw pointers from local variables, and a fair number ofnewly stabilized APIs.

The kernel's file-I/O subsystems have been highly optimized over the yearsin the hope of providing the best performance for a wide variety ofworkloads. There is, however, one workload type that suffers with currentkernels: applications that perform many short reads, in multiple processes,from the same file. Kiryl Shutsemau has been working on a patch totry to optimize this case, but the task is turning out to be harder thanone might expect.

The Universal Blueproject has announcedthe Fall update for the Fedora-based Bazzite gaming distribution. Thisrelease brings Bazzite up to Fedora43, includes support foradditional handheld gaming systems, as well as drivers for a number ofsteering wheel devices, and more.

Security updates have been issued by AlmaLinux (java-21-openjdk and libtiff), Debian (pdns-recursor and xorg-server), Fedora (bind, bind-dyndb-ldap, dtk6core, dtk6gui, dtk6log, dtk6widget, fcitx5-qt, fluidsynth, gammaray, kddockwidgets, LabPlot, mingw-qt6-qt3d, mingw-qt6-qt5compat, mingw-qt6-qtactiveqt, mingw-qt6-qtbase, mingw-qt6-qtcharts, mingw-qt6-qtdeclarative, mingw-qt6-qtimageformats, mingw-qt6-qtlocation, mingw-qt6-qtmultimedia, mingw-qt6-qtpositioning, mingw-qt6-qtscxml, mingw-qt6-qtsensors, mingw-qt6-qtserialport, mingw-qt6-qtshadertools, mingw-qt6-qtsvg, mingw-qt6-qttools, mingw-qt6-qttranslations, mingw-qt6-qtwebchannel, mingw-qt6-qtwebsockets, nheko, python-pyqt6, qt-creator, qt6, qt6-qt3d, qt6-qt5compat, qt6-qtbase, qt6-qtcharts, qt6-qtcoap, qt6-qtconnectivity, qt6-qtdatavis3d, qt6-qtdeclarative, qt6-qtgrpc, qt6-qthttpserver, qt6-qtimageformats, qt6-qtlanguageserver, qt6-qtlocation, qt6-qtlottie, qt6-qtmqtt, qt6-qtmultimedia, qt6-qtnetworkauth, qt6-qtopcua, qt6-qtpositioning, qt6-qtquick3d, qt6-qtquick3dphysics, qt6-qtquicktimeline, qt6-qtremoteobjects, qt6-qtscxml, qt6-qtsensors, qt6-qtserialbus, qt6-qtserialport, qt6-qtshadertools, qt6-qtspeech, qt6-qtsvg, qt6-qttools, qt6-qttranslations, qt6-qtvirtualkeyboard, qt6-qtwayland, qt6-qtwebchannel, qt6-qtwebengine, qt6-qtwebsockets, qt6-qtwebview, unbound, xorg-x11-server-Xwayland, and zeal), Oracle (kernel and libtiff), Red Hat (redis:6), Slackware (tigervnc and xorg), SUSE (java-21-openjdk, java-25-openjdk, strongswan, and xorg-x11-server), and Ubuntu (amd64-microcode, binutils, and xorg-server, xwayland).

Inside this week's LWN.net Weekly Edition:

Alejandro Colomar has announced the release of version 6.16 of the GNU/Linux man pages. This release includes new or rewritten man pages for fsconfig(), fsmount(), and fsopen(), as well as a number of newly documented interfaces in existing man pages. The release is also available as a PDF book.

ICANN's Security andStability Advisory Committee (SSAC) has announceda reporton "the critical role of Free and Open Source Software (FOSS)within the Domain Name System (DNS)". The report is aimed atpolicymakers and examines recent cybersecurity regulations in the US,UK, and EU as they apply to FOSS in the DNS system; it includesfindings and guidelines "to strengthen the FOSS ecosystem that iscritical to the secure and stable operation of the Internet". Fromthe report's summary:

A new class of attacks on Android phones, called "Pixnapping", was announced onOctober 13. It allows a malicious app to gather output rendered in avictim app, pixel-by-pixel, by exploiting a GPU side-channel. Depending onwhat the victim app displays, anything from sensitive email and chats totwo-factor authentication (2FA) codes could be captured-and shipped off toan attacker's site.

Version15.0of the TorBrowser has been released:

Debian's ftpmasterteam has been responsible for allowing new packages to enter Debian,removing old packages, and otherwise maintaining Debian's packagearchive for more than two decades. As of October26, the team isno more and its duties are being split between two new teams. The ArchiveOperations Team will focus on the infrastructure required tosupport the Debianarchives, and the DFSG, Licensing & NewPackages Team, which is responsible for reviewing packagesentering the newqueue. In time, this move could speed up processing of newpackages, as well as making the teams more sustainable, but only afternew members are recruited and trained. For now, the same folks aredoing the work but spread across two teams.

Greg Kroah-Hartman has announced the release of the 6.17.6, 6.12.56, 6.6.115, 6.1.158, 5.15.196, 5.10.246, and 5.4.301 stable kernels. As always, eachcontains important fixes throughout the tree. Users of these kernelsare advised to upgrade.

Security updates have been issued by Debian (gimp, python-authlib, and xorg-server), Fedora (chromium and git-lfs), Mageia (poppler and tomcat), Red Hat (kernel, kernel-rt, redis, and redis:6), SUSE (fetchmail, grafana, ImageMagick, kernel-devel, libluajit-5_1-2, proxy-helm, python-Authlib, and xen), and Ubuntu (linux-intel-iotg, linux-intel-iotg-5.15 and squid, squid3).

Fil-C is a memory-safe implementation of C and C++ that aims to let C code -complete with pointer arithmetic, unions, and other features that are oftencited as a problem for memory-safe languages - run safely, unmodified.Its dedication to being "fanaticallycompatible" makes it an attractive choice for retrofitting memory-safetyinto existing applications. Despite the project's relative youth and singleactive contributor, Fil-C is capable of compiling anentire memory-safe Linux user space (based onLinux From Scratch),albeit with some modifications to the more complex programs. It also featuresmemory-safe signal handling and a concurrent garbage collector.

The Fedora Project has announced the release of Fedora Linux43,with "what's new" articles for FedoraWorkstation, FedoraKDE Plasma Desktop, and FedoraAtomic Desktops.

Security updates have been issued by AlmaLinux (kernel, kernel-rt, libtiff, squid:4, and thunderbird), Debian (strongswan and webkit2gtk), Fedora (pcre2, qt5-qtbase, squid, unbound, and xen), Mageia (icu and libtpms), Oracle (java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, kernel, squid:4, and thunderbird), Red Hat (libtiff, squid, squid:4, and webkit2gtk3), SUSE (cmake, dracut-saltboot, erlang, exim, expat, ffmpeg-4, firefox, golang-github-prometheus-alertmanager, haproxy, java-11-openjdk, kernel, libxslt, multi-linux-manager, openssl-3, podman, rabbitmq-server, spacewalk-web, strongswan, and wireshark), and Ubuntu (gst-plugins-good1.0, linux-aws-5.15, radare2, ruby2.3, ruby2.5, ruby2.7, and strongswan).

BPF lets users load programs into a running kernel.Even though BPF programs are checked by the verifier toensure that they stay inside certain limits, some users would still like to ensurethat only approved BPF programs are loaded. KP Singh'spatches adding that capability to the kernel were acceptedin version 6.18, but not everyone issatisfied with his implementation. Blaise Boscaccy, who has been working to geta version of BPF code signing with better auditabilityinto the kernel for some time, posteda patch set on top of Singh's changes that alters the loading process tonot invoke security module hooksuntil the entire loading process is complete.The discussion on the patchset is the continuation of along-running disagreement overthe interface for signed BPF programs.

The Python Software Foundation, earlier this year, successfully obtained a$1.5million grant from the US National Science Foundation "toaddress structural vulnerabilities in Python and PyPI". The actualgrant came with some strings attached though, in the form of a requirementnot to pursue diversity, equity, and inclusion programs. So the Foundationhas withdrawnthe proposal rather than agree to terms that run counter to its ownmission.

Version0.3.0 of Rust Coreutils, part of the uutils project, has beenreleased. This release adds safe directory traversal for severalutilities, better error handling, and performanceimprovements. The project has upgraded its test suite reference fromGNU coreutils 9.7 to 9.8, and added 16 new tests. It includes a fixfor the date bugthat affected automatic updates in Ubuntu25.10.

Security updates have been issued by Debian (intel-microcode, openjdk-11, openjdk-17, openjdk-21, python-pip, request-tracker4, thunderbird, and tika), Fedora (cef, chromium, complyctl, cri-o1.31, cri-o1.32, cri-o1.33, cri-o1.34, docker-buildkit, docker-buildx, dovecot, fetchmail, gi-docgen, golang-github-facebook-time, insight, mbedtls, mingw-binutils, mingw-python3, mingw-qt5-qtsvg, mingw-qt6-qtsvg, moodle, openssl, perl-YAML-Syck, podman-tui, python-socketio, python-sqlparse, python3.10, python3.11, python3.12, python3.9, qt5-qtsvg, runc, samba, squid, sssd, suricata, valkey, wireshark, wordpress, and yarnpkg), Red Hat (libssh), SUSE (aaa_base, afterburn, bind, chromedriver, chrony, firefox, git, govulncheck-vulndb, grub2, ImageMagick, java-11-openjdk, java-17-openjdk, kernel, libssh, libunbound8, libxslt, micropython, mozilla-nss, netty, open-vm-tools, openbao, p7zip, podman, poppler, python-python-socketio, python-urllib3, ruby2.5, rust-keylime, vim, wireshark, and xen), and Ubuntu (linux-aws-6.14).

Version 3.26.0 of the Valgrindmemory-profiling and debugging framework has been released. Notablechanges include updated support for the Linux TestProject (LTP) to version v20250930, many new Linux syscallwrappers, and the license for Valgrind has been changed from GPLv2 toGPLv3.

Linus has released 6.18-rc3 for testing."Things feel fairly normal, and in fact the numbers say it's been a bitcalmer than usual, but that's likely just the usual fluctuation in pullrequest timing rather than anything else".