Version 2.42 of the GNUC Library has been released. Changes include the addition of a number ofnew math functions, support for arbitrary baud rates in thetermios.h interface, support for SFrame-based stack tracing(described in this article), support formemory guard pages, and a handful ofsecurity fixes.
The 6.16 development cycle was another busy one, with 14,639 non-mergechangesets pulled into the mainline - just 18commits short of thetotal for 6.15. The 6.16 release happenedon July27, as expected. Also as expected, LWN has put together itstraditional look at where the code for this release came from.
Fedora's qualityteam is looking to reduce the scope of test coverage and changethe project's release criteria to drop some features from the list ofrelease blockers. This is, in part, an exercise in getting rid ofcriteria, such as booting from optical media, that are less relevant. It is also a necessity, since the Red Hat team focusing on Fedoraquality assurance (QA) is only half the size it was a year ago.
The good folks at Linode still have not managed to fix whatever broke intheir data center, so we are running on an emergency backup server. Thingsseem to be working, but the occasional glitch is to be expected. Pleaseaccept our apologies for the extended downtime!Update: we're back on the regular production server, and all seemsstable now.
There is an inherent limit to the privacy of the publiccloud. While Linux can isolate virtual machines (VMs) from each other,nothing in the system's memory is ultimately out of reach for the host cloudprovider. To accommodate the most privacy-conscious clients, confidentialcomputing protects the memory of guests, even fromhypervisors. But the Linux cloud stack needs to be rethought in order to hostconfidential VMs, juggling two goals that are often at odds: performanceand security.
Security updates have been issued by AlmaLinux (git, kernel, nginx:1.24, and sudo), Fedora (dpkg, java-21-openjdk, java-25-openjdk, java-latest-openjdk, and valkey), Oracle (apache-commons-vfs, sudo, tigervnc, and xorg-x11-server), Red Hat (kernel, krb5, and openssh), SUSE (gnutls, ImageMagick, iputils, kernel-livepatch-MICRO-6-0-RT_Update_10, kubernetes1.18, libarchive, ovmf, python, and salt), and Ubuntu (iputils, linux-aws-6.14, linux-raspi, openjdk-21, and openjdk-24).
People tend to put a lot of trust into their phones. Those devices haveaccess to no end of sensitive data about our lives - our movements,finances, communications, and more - so phones belonging to even relativelylow-profile people can be high-value targets. Android devices run freesoftware, at least at some levels, so it should be possible to ensure thatthey are working in their owners' interests. Off-the-shelf Androidinstallations tend to fall short of that goal. The GrapheneOS Android rebuild is an attemptto improve on that situation.
Security updates have been issued by Debian (chromium, firefox-esr, and mediawiki), Fedora (firefox), Oracle (git, kernel, redis, and sudo), Red Hat (aardvark-dns, firefox, kernel, and thunderbird), Slackware (httpd), SUSE (php7, php8, and salt), and Ubuntu (linux-raspi-realtime and ruby-rack).
Richard van der Hoff, a member of the team that runs the Matrix.org homeserver,has writtena detailed blog post about diagnosing and fixing a problem where Matrix roomswould simply stop working:
Providing security updates for a Linux distribution, such asDebian, involves a lot of work behind the scenes-and requiresmuch more than simply shipping the latest code. On July 15, at DebConf25 in Brest, France,Samuel Henrique walked through the process of providing securityupdates to users; he discussed how Debian learns about securityvulnerabilities, decides on the best response, and the process ofsending out updates to keep its users safe. He also provided guidanceon how others could get involved.
Michael Prokop has posted alengthy list of changes coming in the Debian "trixie" release, due inearly August. "As usual with major upgrades, there are some things tobe aware of, and hereby I'm starting my public notes on trixie that mightbe worth for other folks. My focus is primarily on server systems andlooking at things from a sysadmin perspective."
Python has recently seen a number of experiments to improve its parallelperformance, including exposingsubinterpreters as part of the standard library. These allowseparate threads within the same Python process to run simultaneously, as longas any data sent between them is copied, rather than shared.PEP795 ("Deep Immutability in Python")seeks to make efficient sharing of data between subinterpreters possible byallowing Python objects to be "frozen", so that they can be accessed frommultiple subinterpreters without copying or synchronization.That task is more difficult than itseems, and the PEP prompted a good deal of skepticism from the Python community.
Security updates have been issued by AlmaLinux (cloud-init, fence-agents, git, kernel, and kernel-rt), Debian (openjdk-11), Fedora (firefox, golang, libinput, transfig, and yasm), Mageia (qtbase5, qtbase6), Red Hat (fence-agents, go-toolset:rhel8, golang, kernel, and python-setuptools), Slackware (mozilla), SUSE (cyradm, gstreamer-plugins-base, and xen), and Ubuntu (gdk-pixbuf, jq, linux-gcp, linux-gcp-6.8, linux-oracle, ruby-sinatra, thunderbird, and unbound).
Version141.0 of the Firefox browser is out. Changes include "a local AImodel" that can perform tab grouping, unit conversions in the addressbar, and a change that many of us will find welcome: "On Linux, Firefoxuses less memory and no longer requires a forced restart after an updatehas been applied by a package manager".
GNOME and Fedora contributor Michael Catanzaro has written alengthy blogpost about the future of Fedora Workstation as an image-basedrelease and the need to enable Flathub by default. He writes that theFedora Workstation of the future must be "safe and image-based bydefault", with applications provided through Flathub:
The QUIC transport-layer network protocol is not exactly new; it was firstcovered here in 2013. Despite carrying asignificant part of the traffic on the Internet, QUIC has been anything butquick when it comes to getting support into the Linux kernel. The pacemight be picking up, though; Xin Long has posted the first set ofpatches intended to provide mainline support for this protocol.
At DebConf25 in Brest,France, thetalk "When Free Software Communities Unite: Tails, Tor, and theFight for Privacy" was delivered by a man who introduced himself onlyas intrigeri. He delivered an overview of the Tor Project, its mission, andthe projects under the umbrella. He also spoke about how theorganization depends on Debian, and plans for the software itdelivers.
The Arch Linux project has sent out anadvisory warning that a set of malicious packages, containing a remoteaccess trojan, were uploaded to the Arch User Repository (AUR). Theaffected packages were librewolf-fix-bin, firefox-patch-bin, andzen-browser-patched-bin. "We strongly encourage users that may haveinstalled one of these packages to remove them from their system and totake the necessary measures in order to ensure they were notcompromised."
The interfaces between C and Rust in the kernel have grown over time; anynon-trivial Rust driver will use a number of these. Tasks like allocating memory,dealing with immovable structures, and interacting with locks are necessary forhandling most devices. There are also many subsystem-specific bindings, but thefocus this time will be on an overview of the bindings that all kernel Rust codecan be expected to use.
Version 12.0 ofthe Forgejo software forge has been released. Changes include a number ofuser-interface improvements, a mechanism to keep forks in sync with theirupstream, and more; see the releasenotes for the full list.
Decades after its creation, the Linux CPU scheduler remains an areaof active development; it is difficult to find a time slice to cover everyinteresting scheduler change. In an attempt to catch up, the time has cometo round-robin through a few patches that have been circulating recently.The work at hand focuses on a new attempt at time-slice extension, thecreation of a deadline server for sched_ext tasks, and keeping tasks onisolated CPUs from being surprised by LRU batching.
Version 0.50.0 of Hyprland, a compositor for Wayland, has beenreleased. Changes include a new render-scheduling option that "candrastically improve FPS on underpowered devices, while coming at noperformance or latency cost when the system is doing alright", anoption to exclude applications from screen sharing, a new test suite, andmore.
Linux users who have Secure Bootenabled on their systems knowingly or unknowingly rely on a key fromMicrosoft that is set to expire in September. After that point, Microsoftwill no longer use that key to sign the shimfirst-stage UEFI bootloader that is used by Linux distributions to boot thekernel with Secure Boot. But the replacement key, which has been availablesince 2023, may not be installed on many systems; worse yet, it may requirethe hardware vendor to issue an update for the system firmware, which mayor may not happen. It seems that the vast majority of systems will not belost in the shuffle, but it may require extra work from distributors andusers.
Fedora's NeuroFedoraspecial-interest group (SIG) is considering a change of strategywhen it comes to packaging Python modules. The SIG, which consists ofthree active members, is struggling to keep up with maintaining thehundreds of packages that it has taken on. What's more, it's notclear that the majority of packages are even being consumed by Fedorausers; the group is trying to determine the right strategy to meet itsgoals and shed unnecessary work. If its new packaging strategy issuccessful, it may point the way to a more sustainable model for Linuxdistributions to provide value to users without trying to packageeverything under the sun.
Software in the Public Interest has releasedits annual report for 2024. It includes reports from the long list ofprojects housed under the SPI umbrella, but the financial statements arenot included at this time.
Loadable kernel modules require access to kernel data structures andfunctions to get their job done; the kernel provides this access by way ofexported symbols. Almost since this mechanism was created, there have beendebates over which symbols should be exported, and how. The 6.16 kernelgained a new export mechanism that limits access to symbols to specifickernel modules. That code is likely to change soon, but the additionof an enforcement mechanism has since been backed out.
Security updates have been issued by Debian (ffmpeg), Fedora (gnutls, linux-firmware, mingw-djvulibre, mingw-python-requests, and salt), Mageia (qtimageformats6), Oracle (gnome-remote-desktop, golang, kernel, libxml2, and perl-File-Find-Rule), SUSE (gstreamer-plugins-base, gstreamer-plugins-good, kernel, and protobuf), and Ubuntu (apport, glibc, gnutls28, and roundcube).
Parrot is a Debian-baseddistribution with an emphasis on security improvement and tools; the 6.4release is now available. "Many tools, like Metasploit, Sliver,Caido and Empire received important updates, the Linux kernel was updatedto a more recent version, and the latest LTS version of Firefox wasprovided with all our privacy oriented patches.".
The 6.12.38, 6.6.98, 6.1.145, and 5.15.188 stable kernel updates have beenreleased, each contains a single AMD-related fix. "Only users of AMDx86-based processors need to upgrade, all others may skip thisrelease".
Performance of Pythonprograms has been a major focus of development for the language over the lastfive years or so; the FasterCPython project has been a big part of that effort.One of its subprojects is to add an experimental just-in-time (JIT) compiler tothe language; at last year's PyCon US, project member Brandt Bucher gave an introduction to the copy-and-patch JITcompiler. AtPyCon US2025, he followed that up with a talk on "What they don't tell youabout building a JIT compiler for CPython" to describe some of the thingshe wishes he had known when he set out to work on that project. Therewas something of an elephant in the room, however, in that Microsoftdropped support for the project and laid off most of itsFaster CPythonteam a few days before the talk.
LWN.net