Feed lwn LWN.net

Favorite IconLWN.net

Link https://lwn.net/
Feed http://lwn.net/headlines/rss
Updated 2025-08-29 01:15
[$] Libxml2's "no security embargoes" policy
Libxml2, anXML parser and toolkit, is an almost perfect example of the successesand failures of the open-source movement. In the 25 years since itsfirst release, it has been widely adopted by open-source projects, foruse in commercial software, and for government use. It alsoillustrates that while many organizations love using open-source software,far fewer have yet to see value in helping to sustain it. That has ledlibxml2's current maintainer to reject security embargoes and sparkeda discussion about maintenance terms for free and open-sourceprojects.
[$] Getting extensions to work with free-threaded Python
One of the biggest changes to come to the Python world is the addition of the free-threadinginterpreter, which eliminates the globalinterpreter lock (GIL) that kept the interpreter thread-safe, but alsoserialized multi-threaded Python code. Over the years, the GIL has been asource of complaints about the scalability of Python code usingthreads, so many developers have been looking forward to the change, whichhas been an experimental feature since Python 3.13was released in October 2024. Making the free-threaded version workwith the rest of the Python ecosystem, especially native extensions, is anongoing effort, however; Nathan Goldbaum and Lysandros Nikolaou spoke at PyCon US 2025 about those efforts.
LSFMM+BPF 2025 reporting complete
It took time and the writing of over 60 articles, but LWN's coverage fromthe 2025 Linux Storage, Filesystem,Memory-Management, and BPF Summit is now complete. We have also madean EPUB book (13MB) containingthe full set of coverage available to all readers. This coverageconstitutes the definitive guide to the challenges that these core-kernelcommunities are facing and their development plans for the coming year.Documenting an event of this intensity at such a detailed level is not asmall undertaking. We are grateful to the Linux Foundation for funding ourtravel to our event and, especially, to LWN's subscribers for making thewhole thing possible. If you appreciate this type of coverage and have notyet subscribed, please sign up today to help makemore of it possible.
Security updates for Wednesday
Security updates have been issued by Debian (commons-beanutils, dcmtk, nginx, trafficserver, and xorg-server), Fedora (atuin, awatcher, dotnet8.0, firefox, glibc, gotify-desktop, keylime-agent-rust, libtpms, mirrorlist-server, qt6-qtbase, qt6-qtimageformats, udisks2, xorg-x11-server, and xorg-x11-server-Xwayland), Mageia (apache-mod_security, clamav, docker, python-django, tomcat, udisks2, and yarnpkg), Oracle (firefox, libblockdev, mod_auth_openidc, perl-FCGI, perl-YAML-LibYAML, tigervnc, and xorg-x11-server and xorg-x11-server-Xwayland), Slackware (libssh and mozilla), SUSE (gimp, gstreamer-plugins-good, icu, ignition, kernel, pam-config, perl-File-Find-Rule, python311, and webkit2gtk3), and Ubuntu (linux, linux-aws, linux-aws-6.8, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux, linux-gcp, linux-raspi, linux-realtime, linux-aws, linux-azure, linux-azure, linux-azure-6.8, linux-azure-5.15, linux-azure-fips, and linux-realtime).
Firefox 140.0 released
Version140.0 of the Firefox browser has been released. Changes include morecontrol over vertical tabs, a dialog to add custom search engines,improvements to translation performance, and more.
[$] Who are kernel defconfigs for?
Working on the kernel can be a challenging task but, for many,configuring a kernel build can be the largest obstacle to gettingstarted. The kernel has thousands of configuration options; many of those,if set incorrectly, will result in a kernel that does not work on thetarget system. The key to helping users with complex configurationproblems is to provide reasonable defaults but, in the kernel community,there is currently little consensus around what those defaults should be.
Security updates for Tuesday
Security updates have been issued by Debian (dns-root-data and xorg-server), Fedora (glibc, mingw-glib2, and optipng), Red Hat (iputils, kernel, kernel-rt, krb5, libarchive, mod_auth_openidc, mod_proxy_cluster, and xorg-x11-server-Xwayland), SUSE (python313), and Ubuntu (fig2dev, gnuplot, gss-ntlmssp, linux, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-lowlatency, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-aws-5.15, linux-gcp-5.15, linux-ibm-5.15, linux-lowlatency-hwe-5.15, linux-oracle-5.15, linux-aws-fips, linux-fips, linux-gcp-fips, linux-hwe-5.15, and linux-intel-iot-realtime, linux-realtime).
Graham: about Plasma’s X11 session
KDE contributor Nate Graham recently wroteabout the KDE Project's plans for Plasma's X11 session. He notes thatthe project will continue to ensure that Plasma "continues tocompile and deploy on X11" and isn't horribly broken. Majorregressions will probably be fixed, eventually, but the writing is onthe wall:
PostmarketOS 25.06: "the one with systemd"
The postmarketOS project,which creates a Linux distribution for mobile devices, announcedit was working on adding a version with systemd last March. That dayhas arrived with the announcementof version 25.06:
[$] GNOME deepens systemd dependencies
Adrian Vovk, a GNOME contributor and member of its releaseteam, recently announcedin a blog post that GNOME would be adding new dependencies on systemd, and soon. The idea is to shedGNOME's homegrown service manager in favor of using systemd, and toimprove GNOME's ability to run concurrent user sessions. However, themove is also going to throw a spanner in the works for the BSDs andLinux distributions without systemd when the changes take effect inthe GNOME49 release that is set for September.
Linux Media Summit 2025 recap (Collabora blog)
The Collabora blog has a summary,written by Nicolas Dufresne, about the LinuxMedia Summit held on May 13 in Nice, France. It was co-located withthe Embedded Recipesconference and had sessions on stateless video encoders, camera support,staging drivers, memory accounting, and a multi-committer model for themedia subsystem."Our largest Media Summit to date brought together around 20 engaged participants. Engagement was strong, marked by thoughtful questions and lively discussions."
Security updates for Monday
Security updates have been issued by AlmaLinux (libblockdev and open-vm-tools), Debian (debian-security-support, gdk-pixbuf, konsole, and node-send), Fedora (apache-commons-beanutils, chromium, clamav, dotnet9.0, libblockdev, mediawiki, mingw-python-setuptools, pam, perl-File-Find-Rule, python-pycares, python-setuptools, spdlog, udisks2, and xorg-x11-server-Xwayland), Mageia (chromium-browser-stable), Oracle (apache-commons-beanutils, container-tools:ol8, gimp:2.8, idm:DL1, perl-FCGI:0.78, and postgresql), Red Hat (container-tools:rhel8, delve, git-lfs, go-toolset:rhel8, grafana, kernel, mod_auth_openidc, and spice-client-win), SUSE (apache-commons-beanutils, apache2-mod_security2, distribution, gstreamer-plugins-good, icu, ignition, perl, python310, python311, python312, and python39), and Ubuntu (apache-log4j1.2 and botan).
Kernel prepatch 6.16-rc3
Linus has released 6.16-rc3 for testing."So rc2 was smaller than usual, but rc3 seems to be right in the usualballpark for this time, so everything looks entirely normal."
[$] How to write Rust in the kernel: part 1
The Linux kernel is seeing a steady accumulation of Rust code. As it becomesmore prevalent, maintainers may want to know how to read, review, and test theRust code that relates to their areas of expertise. Just as kernel C code isdifferent from user-space C code, so too is kernel Rust code somewhat differentfrom user-space Rust code. That fact makes Rust'sextensive documentation ofless use than it otherwise would be, and means that potential contributors withuser-space experience will need some additional instruction.This article is the first in a multi-part series aimed at helping existingkernel contributors become familiar with Rust, and helping existing Rustprogrammers become familiar with what the kernel does differently from thetypical Rust project.
[$] A distributed filesystem for archival systems: ngnfs
A new filesystem was the topic of a session led by Zach Brown atthe 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit(LSFMM+BPF). The ngnfsfilesystem is not a "next generation" NFS, as might be guessed from thename; Brown said that he did not think about that linkage("I hate naming so much") until it was pointed out to him by ChuckLever in an email. It is, instead, a filesystem for enormous data setsthat are mostly stored offline.
Tag2upload is now ready for experimentation
Debian's long-awaited tag2upload service isnow ready for Debian maintainers to use in some circumstances. Tag2upload makes it easier for maintainers to upload packages, by allowing them to push a signed Git commit that will automatically be picked up and built, instead of pushing a build from their local machine. LWN covered thediscussion around the service in July of last year. With the timing of its readiness, it's likely to become more useful once Debian 13 ("trixie") is released.
Security updates for Friday
Security updates have been issued by SUSE (apache2-mod_security2, augeas, ghc-pandoc, gstreamer, ignition, kernel, libblockdev, libxml2, nodejs20, openssl-3, pam_pkcs11, perl, python3, systemd, ucode-intel, webkit2gtk3, and xen) and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux-aws-fips, linux-gcp-fips, python3.13, python3.12, and roundcube).
[$] Asterinas: a new Linux-compatible kernel project
Asterinas is a newLinux-ABI-compatible kernel project written in Rust, based on what theauthors call a "framekernel architecture". The project overlaps somewhatwith the goals of the Rust for Linuxproject, but approaches the problem space from a different direction bytrying to get the best from both monolithic and microkernel designs.
Stable kernels 6.15.3, 6.12.34, and 6.6.94
Greg Kroah-Hartman has announced the release of the 6.15.3, 6.12.34, and 6.6.94 stable kernels. Each contains arelatively large number of important fixes throughout the kernel tree.
Security updates for Thursday
Security updates have been issued by AlmaLinux (gvisor-tap-vsock), Debian (activemq and chromium), Fedora (kea, python-django4.2, python-django5, python-setuptools, and rust-git-interactive-rebase-tool), Oracle (ipa and kernel), Red Hat (buildah, container-tools:rhel8, containernetworking-plugins, git-lfs, go-toolset:rhel8, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, gvisor-tap-vsock, podman, and skopeo), Slackware (libblockdev and xorg), SUSE (gdm, gstreamer-plugins-base, ignition, kernel, pam, redis, s390-tools, screen, systemd, and xorg-x11-server), and Ubuntu (godot, golang-1.22, libblockdev, node-express, pam, samba, and udisks2).
[$] LWN.net Weekly Edition for June 19, 2025
Inside this week's LWN.net Weekly Edition:
[$] The hierarchical constant bandwidth server scheduler
The POSIXrealtime model, which is implemented in the Linux kernel, can ensurethat a realtime process obtains the CPU time it needs to get its job done.It can be less effective, though, when there are multiple realtimeprocesses competing for the available CPU resources. The hierarchicalconstant bandwidth server patch series, posted by Yuri Andriaccio withwork by Luca Abeni, Alessio Balsini, and Andrea Parri, is a modification tothe Linux scheduler intended to make it possible to configure systems withmultiple realtime tasks in a deterministic and correct manner.
[$] Getting Lustre upstream
The Lustre filesystem has a longhistory, some of which intersects with Linux. It was added to the stagingtree in 2013, but was bounced out ofstaging in 2018, due to a lack of progress and a development modelthat was incompatible with the kernel's. Lustre may be working its wayback into the kernel, though. In a filesystem-track session atthe 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit(LSFMM+BPF), Timothy Day and James Simmons led a discussion on how to getLustre into the mainline.
KDE Plasma 6.4 released
The KDE Project has announced thePlasma 6.4 release. New features include more flexible tilingfeatures, improvements to the Spectacle screen capture utility, anumber of accessibility enhancements, and much more. See the changelogfor a complete list of new features, enhancements, and bug fixes.
Security updates for Wednesday
Security updates have been issued by Debian (gst-plugins-bad1.0, konsole, and libblockdev), Oracle (buildah, containernetworking-plugins, gimp, git-lfs, gvisor-tap-vsock, kernel, libvpx, podman, and skopeo), Red Hat (apache-commons-beanutils and thunderbird), Slackware (xorg), SUSE (gdm, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, golang-github-prometheus-prometheus, govulncheck-vulndb, grafana, kernel, Multi-Linux Manager, Multi-Linux Manager Client Tools, openssl-3, pam, python-cryptography, python-requests, python-setuptools, python3-requests, SUSE Manager Server, systemd, ucode-intel, xorg-x11-server, and xwayland), and Ubuntu (dwarfutils, mujs, node-katex, xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, and xorg-server, xwayland).
[$] A parallel path for GPU restore in CRIU
The fundamental concept of checkpoint/restore is elegant: capture aprocess's state and resurrect it later, perhaps elsewhere. Checkpointingmeticulously records a process's memory, open files, CPU state, and more into asnapshot. Restoration then reconstructs the process from this state. Thisestablished technique faces new challenges with GPU-accelerated applications,where low-latency restoration is crucial forfaulttolerance, live migration, andfast startups. Recently, the restore process for AMD GPUs has been redesigned toeliminate substantial bottlenecks.
[$] Enhancing screen-reader functionality in modern GNOME
Accessibility features and the work that goes into developing those featuresoften tend to be overlooked and are poorly understood by all but the people who actuallydepend on such features. At Fedora's annual developer conference, Flock, Luka Tyrychtr sought toimprove understanding and raise awareness about accessibility with his session on accessibilitybarriers and screen-reader functionality in GNOME. His talk provided rare insightinto the world of using and developing open-source software for visually-impairedusers-including landing important accessibility improvements inthe latest GNOME release.
Security updates for Tuesday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, buildah, containernetworking-plugins, firefox, gstreamer1-plugins-bad-free, libsoup3, podman, skopeo, sqlite, thunderbird, unbound, valkey, varnish, and xz), Debian (webkit2gtk), Fedora (fido-device-onboard, python-django4.2, rust-git-interactive-rebase-tool, and thunderbird), Red Hat (libsoup), Slackware (libxml2), SUSE (java-11-openjdk, kernel, and wireshark), and Ubuntu (c3p0, dojo, python-django, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, and requests).
Changes to Kubernetes Slack (Kubernetes Contributors blog)
The Kubernetes project has announcedthat it will be losing its "special status" with the Slack communication platform and will bedowngraded to the free tier in a matter of days:
Git 2.50.0 released
Version2.50.0 of the Git source-code management system has been releasedwith a long list of new user features, performance improvements, andbug fixes. See the announcement and thisGitHub blog post for details.
[$] Supporting NFS v4.2 WRITE_SAME
At the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit(LSFMM+BPF), Anna Schumaker led a discussion about implementing the NFSv4.2 WRITE_SAMEcommand in both the NFS client and server. WRITE_SAME ismeant to write large amounts of identical data (e.g. zeroes) to the serverwithout actually needing to transfer all of it over the wire. In her topicproposal, Schumaker wondered whether other filesystems needed thefunctionality, so that it should be implemented at the virtual filesystem(VFS) layer, or whether it should simply be handled as an NFS-specific ioctl().
Security updates for Monday
Security updates have been issued by AlmaLinux (.NET 8.0 and .NET 9.0), Arch Linux (curl, ghostscript, go, konsole, python-django, roundcubemail, and samba), Fedora (aerc, chromium, golang-x-perf, libkrun, python3.11, python3.12, rust-kbs-types, rust-sev, rust-sevctl, valkey, and wireshark), Gentoo (Konsole and sysstat), Oracle (.NET 9.0), Red Hat (bootc, grub2, keylime-agent-rust, python3.12-cryptography, rpm-ostree, rust-bootupd, xorg-x11-server, and xorg-x11-server-Xwayland), SUSE (apache2-mod_auth_openidc, docker, grub2, java-1_8_0-openj9, kernel, less, python-Django, screen, and sqlite3), and Ubuntu (cifs-utils and modsecurity-apache).
Kernel prepatch 6.16-rc2
Linus Torvalds has released 6.16-rc2,which is "admittedlyeven smaller than usual", though rc2 is not uncommonly one of the smallerrelease candidates.
[$] CoMaps emerges as an Organic Maps fork
The open-source mobile app OrganicMaps is used by millions of people on both the Android and iOSplatforms. In addition to featuring offline maps (generated from OpenStreetMap cartography) andturn-by-turn navigation, it also promises its users greater privacythan proprietary options. However, controversial decisions taken by theproject's leaders, feelings of disenfranchisement among contributors, andeven accusations of embezzlement have precipitated a divide in thecommunity, leading to a new fork called CoMaps.
Radicle Desktop released
The Radicle peer-to-peer codecollaboration project has released RadicleDesktop: a graphical interface designed to simplify more complexparts of using Radicle such as issue management and patch reviews.
Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, glibc, kernel, and mod_security), Fedora (chromium, gh, mingw-icu, nginx-mod-modsecurity, python3.10, python3.9, thunderbird, valkey, and yarnpkg), Oracle (.NET 8.0, .NET 9.0, glibc, grafana-pcp, kernel, libxml2, mod_security, nodejs:20, and thunderbird), SUSE (audiofile, helm, kubernetes-old, kubernetes1.23, kubernetes1.24, libcryptopp, postgresql15, thunderbird, and valkey), and Ubuntu (linux-nvidia-tegra-igx).
[$] FAIR package management for WordPress
The last year has been a rocky one for the WordPress community. MattMullenweg-WordPress co-founder andCEO of WordPress hosting company Automattic-started a messy public spat withWPEngine in September andhas proceeded to use his control of the project's WordPress.orginfrastructure as weapons against the company, with the communitycaught in the crossfire. It is not surprising, then, that onJune6 a group of WordPress community participants announced theFederatedand Independent Repositories Package Manager (FAIR.pm) project. Itis designed to be a decentralized alternative to WordPress.org with agoal of building "public digital infrastructure that is bothresilient and fair".
Summaries from the 2025 Python Language Summit
The Python Software Foundation blog is carrying aset of detailed summaries from the 2025 Python Language Summit:
Rocky Linux 10.0 released
Version10.0 of the Rocky Linux distribution has been released. As withthe AlmaLinux 10.0release, Rocky Linux 10.0 is based on Red Hat Enterprise Linux (RHEL)10. See therelease notes for details.
[$] Parallelizing filesystem writeback
Writeback for filesystems is the process of flushing the "dirty" (written)data in the page cache to storage. At the 2025 Linux Storage,Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Anuj Gupta led acombined storage and filesystem session on some work that has been doneto parallelize the writeback process. Some of the performance problemsthat have been seen with the existing single-threaded writeback came up ina session at last year's summit, where theidea of doing writeback in parallel was discussed.
Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel), Debian (chromium, gst-plugins-bad1.0, node-tar-fs, and ublock-origin), Gentoo (Emacs, File-Find-Rule, GStreamer, GStreamer Plugins, GTK+ 3, LibreOffice, Node.js, OpenImageIO, Python, PyPy, Qt, X.Org X server, XWayland, and YAML-LibYAML), Mageia (mariadb and roundcubemail), Red Hat (go-toolset:rhel8, golang, grafana, grafana-pcp, gstreamer1-plugins-bad-free, libxml2, libxslt, mod_security, nodejs:20, and perl-FCGI:0.78), Slackware (mozilla), SUSE (docker, docker-compose, iputils, kernel, libsoup, open-vm-tools, rabbitmq-server, rabbitmq-server313, wget, and yelp), and Ubuntu (libsoup2.4 and webkit2gtk).
[$] LWN.net Weekly Edition for June 12, 2025
Inside this week's LWN.net Weekly Edition:
[$] Finding locking bugs with Smatch
Smatch is a GPL-licensedstatic-analysis tool for C that has a lot of specialized checks for the kernel. Smatchhas been used in the kernel for more than 20 years; DanCarpenter, its primary author, decided last year that some details of its plugin systemwere due for a rewrite. He spoke at Linaro Connect 2025 about his work onSmatch, the changes to its implementation, and how those changes enabled him to easilyadd additional checks for locking bugs in the kernel.
Covert web-to-app tracking via localhost on Android
The "Local Mess" GitHubrepository is dedicated to the disclosure of an Android trackingexploit used by (at least) Meta and Yandex.
Security updates for Wednesday
Security updates have been issued by AlmaLinux (glibc, grafana, kernel-rt, libjpeg-turbo, libxslt, and thunderbird), Debian (curl), Fedora (dtk6core, dtk6gui, dtk6log, dtk6widget, fcitx5-qt, gammaray, kddockwidgets, kwin, LabPlot, libqtxdg, nheko, plasma-integration, python-pyqt6, python-pyside6, qt-creator, roundcubemail, zeal, and a large number of qt6 packages), Oracle (firefox, glibc, grafana, kernel, libxslt, perl-FCGI, python3.12-cryptography, thunderbird, and zlib), SUSE (glib2, libjxl, libsoup2, nbdkit, nodejs22, perl-Crypt-OpenSSL-RSA, perl-YAML-LibYAML, python3, tomcat, and transfig), and Ubuntu (dotnet8, dotnet9 and samba).
Ubuntu 25.10 to drop support for GNOME on Xorg
Jean Baptiste Lallement, a member of Canonical's desktop team, hasannouncedthat Ubuntu will drop support for GNOME on X11 in the 25.10("Questing Quokka") release set for October. GNOME plans to removeX11 support in GNOME49, which is scheduled for September, soUbuntu is looking to be proactive:
[$] Improving iov_iter
The iov_iter interface is used todescribe and iterate through buffers in the kernel. David Howells led a combined storage andfilesystem session at the 2025 Linux Storage,Filesystem, Memory Management, and BPF Summit (LSFMM+BPF) to discuss waysto improve iov_iter. His topicproposal listed a few different ideas including replacing someiov_iter types and possibly allowing mixed types in chains of iov_iterentries; he would like to make the interface itself and the uses of iov_iter inthe kernel better.
[$] An end to uniprocessor configurations
The Linux kernel famously scales from the smallest of systems to massiveservers with thousands of CPUs. It was not always that way, though; theinitial version of the kernel could only manage a single processor. Thatlimitation was lifted, obviously, but single-processor machines have alwaysbeen treated specially in the scheduler. That longstanding situation maysoon come to an end, though, if this patchseries from Ingo Molnar makes it upstream.
20 Years of the Open Invention Network
The Open Invention Network (OIN) is celebratingits 20th anniversary.
Three stable kernel updates
The6.15.2,6.14.11, and6.12.33stable kernel updates have been released; each contains a relatively smallset of important fixes.Note that this is the end of the line for the 6.14.x updates; GregKroah-Hartman explains the timing of this move:
12345678910...