The GNU Tools Cauldron is almost entirely focused on user-space tools, butkernel developers need a solid toolchain too. In what appears to be adeveloping tradition (started in 2024),some kernel developers attended the 2025 Cauldron for thesecond year in a row to discuss their needs with the assembled toolchaindevelopers. Topics covered in this year's gathering include Rust, betterBPF typeformat (BTF) support, SFrame, and more.
Greg Kroah-Hartman has announced the release of the 6.16.10, 6.12.50, 6.6.109, 6.1.155, 5.15.194, 5.10.245, and 5.4.300 stable kernels. All of these kernelshave lots of important fixes throughout the kernel tree.
The Fedora Council began a process to create a policy on AI-assistedcontributions in 2024, starting with a survey to ask the communityits opinions about AI and using AI technologies in Fedora. OnSeptember25, Jason Brooks publisheda draft policy for discussion; so far, in keeping with the spirit ofcompromise, it has something to make everyone unhappy. For some it istoo AI-friendly, while others have complained that it holds Fedoraback from experimenting with AI tooling.
Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-rubygem-rack), and Ubuntu (linux-azure-5.15 and openssl, openssl1.0).
Version 1.5.0of the Radicle peer-to-peer Git collaboration platform has beenreleased. This release includes better support for bare repositories,structured logging, and improvements in the output of rad patchshow:
Klint is a Rust compiler extensiondeveloped by Gary Guo to run somekernel-specific lint rules, which may also be useful for embedded systemdevelopment. He spoke about hisrecent work on the project atKangrejos 2025. The next day, Alejandra Gonzalezled a discussion about Rust's normal linter,Clippy. The two tools offer complementary approaches to analyzing Rustkernel code, although both need some additional direction and support fromkernel developers to reach their full potential.
Security updates have been issued by Debian (python-internetarchive and tiff), Fedora (nextcloud), Oracle (kernel, openssh, and squid), Red Hat (kernel, kernel-rt, and ncurses), SUSE (afterburn and chromium), and Ubuntu (open-vm-tools, ruby-rack, and tiff).
After marking bcachefs "externally maintained" in 6.17, Linus Torvalds hasremovedit entirely for 6.18. "It's now a DKMS module, making the in-kernelcode stale, so remove it to avoid any version confusion."
The 6.17 development cycle ended on September28 with the releaseof the 6.17 kernel. This cycle brought in 13,089 non-merge changesets, aslowdown from its predecessor but still within the normal bounds for recentkernels. The time has come for a look at where those changes came from,with a bit of a side trip into bug statistics.
The NixOS moderation team, which is theoretically in charge of ensuring that community participation on the project's repositories anddiscussion forum remains welcoming and useful, has releaseda joint resignation statement. This action was motivated by conflict with the project's steering committee (SC), which has repeatedly overridden the moderation team, leading the team members to decide that they could not continue acting as moderators. Arian Van Putten, speaking for the whole team, writes:
As with a mobile phone, a portable gaming device like the Steam Deck can containlots of personal information that the owner would like to keepsecret-especially given that such devices can do far more than gaming.Alberto Garcia worked with his colleagues at Igalia and people atValve, the company behind the Steam gaming platform, to comeup with a new tool to manage encrypted filesystems for SteamOS, which is a Linuxdistribution optimized for gaming. Garcia gave a talk about that tool, dirlock, at OpenSource Summit Europe, which was held in Amsterdam in late August.In the talk, he looked at the design process forthe encrypted-files feature, the alternatives considered, and why they madethe choices they did.
The openSUSE project is nearing the release of Leap16, itsfirst major release since openSUSELeap15in May 2018. This release brings some changes to thecore of the distribution aside from the usual software upgrades; YaST has been retired,SELinux has replaced AppArmor as the default mandatory access control(MAC) system, and more. If all goes according to plan, Leap16final should be released in early October, with planned supportthrough 2031.
Security updates have been issued by AlmaLinux (firefox, kernel, and thunderbird), Debian (ceph and thunderbird), Fedora (chromium, mingw-expat, python-deepdiff, python-orderly-set, python-pip, rust-az-cvm-vtpm, rust-az-snp-vtpm, rust-az-tdx-vtpm, and trustee-guest-components), Oracle (aide, kernel, and thunderbird), Red Hat (firefox, kernel, openssh, perl-YAML-LibYAML, and thunderbird), Slackware (expat), SUSE (jasper, libssh, openjpeg2, and python-pycares), and Ubuntu (linux-aws-6.14, linux-hwe-6.14, linux-azure, linux-hwe-6.8, linux-realtime-6.8, node-sha.js, and pcre2).
Longtime PyPy developer Antonio Cuni has alengthyblog post that describes his talk at the recently completed 2025CPythonCore Dev Sprint, held at Arm in Cambridge, UK. The talk, entitled"Tracing JIT and real world Python - aka: what we can learn from PyPy" wasmeant to try to pass on some of his experiences "optimizing existingcode for PyPy at a high-frequency trading firm" to thedevelopers working on the CPython JIT compiler. His goal wasto raise awareness of some of the problems he encountered:
The file_operationsstructure in the kernel is a set of function pointers implementing, as thename would suggest, operations on files. A subsystem that manages objectswhich can be represented by a file descriptor will provide afile_operations structure providing implementations of the variousoperations that a user of the file descriptor may want to carry out. Themmap() method, in particular, is invoked when user space calls themmap()system call to map the object behind a file descriptor into its addressspace. That method, though, is currently on its way out in a multi-releaseprocess that started in 6.17.
Version18 of the PostgreSQL database has been released. Notableimprovements in this release include "skip scan" lookups formulticolumn B-tree indexes, virtualgenerated columns, better text processing, oauthauthentication, and a new asynchronous I/O (AIO) subsystem to improveperformance:
Asynchronous Rust code has what Rain Paharia calls a "universal cancellationprotocol", meaning that any asynchronous code can be interrupted in the sameway. They claimthat this is both a useful feature when used deliberately, and a source oferrors when done by accident. They presentedabout this problem atRustConf2025, offering a handful of techniques to avoid introducing bugs intoasynchronous Rust code.
The CapabilityHardware Enhanced RISC Instructions (CHERI) project is a rethinking ofcomputer architecture in order to improve system security. Carl Shaw gavea presentation atLinuxSecurity Summit Europe (LSS EU) about CHERI and the efforts to getLinux running on it. He introduced capabilities,which are a mechanism for access control, and outlined theirhistory, which goes back many decades at this point, then looked morespecifically at the CHERI project and what it will take to apply thesecurity constraints of capabilities to an operating system like Linux.
Security updates have been issued by AlmaLinux (kernel and kernel-rt), Fedora (expat), Red Hat (kernel and multiple packages), SUSE (avahi, busybox, busybox-links, kernel, sevctl, tcpreplay, thunderbird, and tor), and Ubuntu (isc-kea, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-aws-6.8, linux-gcp-6.8, linux-aws-fips, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-realtime, python-pip, and rabbitmq-server).
The Open Source Security Foundation(OpenSSF) has put together a joint statement from many of the publicpackage repositories for various languages about the need for assistance inmaintaining these commons. Services such as PyPI for Python, crates.io for Rust, and many others areworking together to try to find ways to sustain these services in the faceof challenges from "automated CI systems, large-scale dependencyscanners, and ephemeral container builds" all downloading enormousamounts of package data, coupled with the rise of generative and agentic AI"driving a further explosion of machine-driven, often wasteful automatedusage, compounding the existing challenges". It is not a crisis, yet,they say, but it is headed in that direction.
A bug in a recent release of systemd's network manager causedheadaches for people managing systems that have a virtual LAN (VLAN)interface on a bridge; something one might want to do, for example,when configuring network interfaces for virtual machines. The bugaffected several Debian users when upgrading the systemd packagefrom v257.7-1 to v257.8-1. The updated package is part of the Debian13.1release, and the bug has snared enough users to cause a minorstir-due in no small part to the maintainer's response as muchas the bug itself.
Security updates have been issued by Debian (corosync and kernel), Fedora (checkpointctl, chromium, curl, and perl-Catalyst-Authentication-Credential-HTTP), SUSE (firefox, frr, kernel, rustup, vim, and wireshark), and Ubuntu (glibc and pam).
Version 6.0.0 of the RPM Package Manager has been released. Notable changes in this release include support for multiple OpenPGP signatures per package, the ability to update previously installed PGP keys, as well as support for RPM v4 and v6 packages. See the release notes for full details.
Computers were once relatively static devices; if a peripheral was presentat boot, it was unlikely to disappear while the system was operating.Those days are far behind us, though; devices can come and go at any time,often with no notice. That impermanence can create challenges for kernelcode, which may not be expecting resources it is managing to make an abruptexit. The revocableresource management patch set from Tzung-Bi Shih is meant to help withthe creation of more robust - and more secure - kernel subsystems in adynamic world.
The Linux kernel generally wants to be in charge of the system as a whole;it runs on all of the available CPUs and controls access to them globally.Cong Wang has just come forward with a differentapproach: allowing each CPU to run its own kernel. The patch set is inan early form, but it gives a hint for what might be possible.
Blender 4.5 LTS was releasedon July 15, 2025, and will be supported through 2027. This is the lastfeature release of the 3D graphics-creation suite's 4.x series; itincludes quality-of-life improvements, including work to bring the Vulkan backend up topar with the default OpenGL backend. With 4.5 released, Blenderdevelopers are turning their attention toward Blender 5.0, planned forrelease later this year. It will introduce substantial changes,particularly in the GeometryNodes system, a central feature of Blender's proceduralworkflows.
Time-slice extension is a proposed scheduler feature that would allow auser-space process to request to not be preempted for a short period whileit executes a critical section. It is an idea that has been circulatingfor years, but efforts to implement it becamemore serious in February of this year. The latest developer to make anattempt at time-slice extension is Thomas Gleixner, who has posted a new patch setwith a reworked API. Chances are good that this implementation is close towhat will actually be adopted by the kernel.
Version1.90.0 of the Rust language has been released. Changes includeswitching to the LLD linker by default,the addition of support for workspace publishing to cargo, and theusual set of stabilized APIs.
The Universal Blue project has announced the release of BluefinLTS,an image-based distribution similar to Bluefin that usesCentOSStream10 and EPEL instead of Fedora as its base:
Version7.0 of the Tails portableoperating system has been released. This is the first version of Tailsbased on Linux 6.12.43, Debian13("trixie") and GNOME48. It uses zstd instead ofxz to compress the USB and ISO images to deliver afaster start time on most computers. The release is dedicated to the memory of Lunar, "atraveling companion for Tails, a Tor volunteer, Free Software hacker,and community organizer":
Version 49 of the GNOME desktopenvironment has been released. Changes include new default video(Showtime) and PDF-viewing (Papers) applications, a number of calendarimprovements, and updates to the Web, Maps, and Software applications.
Version2.15.0 of libxml2 hasbeen released. Notable changes include the disabling of Pythonbindings by default, using Doxygen to generate API documentation, aswell as bringing HTML serialization and handling of characterencodings more in line with the HTML5 specification.Nick Wellnhofer has also announcedthat he is stepping down as libxml2 maintainer, and Ivan Chavero hasvolunteeredto take over. LWN covered libxml2 inJune.
LWN.net