The 6.16 merge windowclosed on June 8, asexpected, containing 12,899 non-merge commits. This isslightly more than the 6.15 merge window, but well in line with expectations.7,353 of those were merged afterthe summary of the first half of the mergewindow was written. More detailed statistics can be found inthe LWN kernel source database.
At Flock,Fedora's annual developer conference, held in Prague from June5to June8, two members of the Fedoradocumentation team, Petr Boko and Peter Boy, led asession on the state of Fedora documentation. The pair covered abrief history of the project's documentation since the days of FedoraCore1,challenges the documentation team faces, as well as plans to improve Fedora'sdocumentation by enticing more people to contribute.
The FreeBSD Foundationhas announceda reportfor work completed in April to improve FreeBSD support forlaptops. This includes installer updates, improved suspend/resumebehavior, as well as progress on aport of Linux6.7 and 6.8 graphics drivers to drm-kmod. Aroadmapfor the FreeBSD laptop work is also available.
Security updates have been issued by AlmaLinux (golang, nodejs22, thunderbird, and varnish), Debian (gimp, modsecurity-apache, python-tornado, and roundcube), Fedora (chromium, coreutils, fcgi, ghostscript, krb5, libvpx, mingw-gstreamer1-plugins-bad-free, mingw-libsoup, mod_security, and samba), Mageia (php-adodb, systemd, and tomcat), Red Hat (buildah, firefox, glibc, grafana, kernel, libsoup, libxslt, mod_security, perl-FCGI, podman, python-tornado, and skopeo), Slackware (libvpx), and SUSE (helm-mirror, iputils, and libraw).
Nyxt is an unusual webbrowser that tries to answer the question, "what if Emacs was agood web browser?". Nyxt is not an Emacs package, but a fullweb browser written in Common Lisp and available under the BSDthree-clause license. Its target audience is developers who want abrowser that is keyboard-driven and extensible; Nyxt is also developedfor Linux first, rather than Linux being an afterthought or just asliver of its audience. The philosophy (as described in its FAQ)behind the project is that users should be able to customize all ofthe browser's functionality.
The Netdev0x19 conference was held in Zagreb, Croatia from March10through March13. The organizers announcedtoday that the videos and slides for all sessions are nowonline. Topics from the conference include IRQ suspension, the futureof SO_TIMESTAMPING, remote TCP connection offloading, andmore.
The 6.16 kernel will include a number of changes to how the kernel handlesthe processing of core dumps for crashed processes. Christian Brauner explainedhis reasons for doing this work as: "Because I'm a clown and also I hadit with all the CVEs because we provide a **** API for userspace". Thehandling of core dumps has indeed been a constant source ofvulnerabilities; with luck, the 6.16 work will result in rather fewer ofthem in the future.
Security updates have been issued by AlmaLinux (go-toolset:rhel8, golang, nodejs:20, nodejs:22, openssh, and python36:3.6), Debian (edk2, libfile-find-rule-perl, and webkit2gtk), Fedora (emacs, libvpx, perl-FCGI, and seamonkey), Mageia (cifs-utils), Red Hat (containernetworking-plugins, go-toolset:rhel8, golang, gvisor-tap-vsock, krb5, mod_auth_openidc:2.3, protobuf, and thunderbird), Slackware (seamonkey), SUSE (gimp, gnutls, haproxy, opensaml, openssh, openvpn, python-cryptography, python-tornado, python311-nh3, and python311-selenium), and Ubuntu (gst-plugins-bad1.0 and linux-fips).
In a combined storage and filesystem session at the 2025 Linux Storage,Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Keith Busch leda discussion about zero-copy operations for the Filesystemin Userspace (FUSE) subsystem. The session was proposedby his colleague, David Wei, who could not make it to the summit, so Buschfilled in, though he noted that "I do not really know FUSE sowell". The idea is to eliminate data copies in the data path to andfrom the FUSE server in user space.
The European Union'sCyber Resilience Act (CRA) has caused a stir in thesoftware-development world. Thanks to advocacy by the Eclipse Foundation, OpenSource Initiative, Linux Foundation, Mozilla, and others, open-source softwareprojects generally have minimal requirements under the CRA- but nothing to do with law is ever quiteso simple. Marta Rybczyska spoke at Linaro Connect 2025 about the impact of theCRA on the open-source ecosystem, with an emphasis on the importance ofunderstanding a project's role under the CRA. She later participated in a paneldiscussion with Joakim Bech, Kate Stewart, and Mike Bursell about how the CRAwould impact embedded open-source development.
Version3.0 of the privacy-centric, open-source mobile operating systemhas been released. Notable changes in this release include improvedprivacy tools, a "find my device" feature, and more. LWN looked at /e/OS inMarch.
One of the more obscure features provided by Unix-domain sockets is theability to pass a file descriptor from one process to another. Thisfeature is often used to provide access to a specific file or networkconnection to a process running in a relatively unprivileged context. Butwhat if the recipient doesn't want a new file descriptor? A featureadded for the 6.16 release makes it possible to refuse that offer.
Peer-to-peer DMA (P2PDMA) has been part ofthe kernel since the 4.20 release in 2018;it provides a framework that allows devices to transfer data between themselvesdirectly, without using system RAM for the transfer. At the 2025 LinuxStorage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), StephenBates led a combined storage, filesystems, and memory-management session ondevice-initiated I/O, which is perhaps what P2PDMA is evolving toward. Twoyears ago, he led a session on P2PDMA at thesummit; this year's session was a brief update on P2PDMA with a lookat where it may be heading.
Cong Wang and Daniel Borkmann each led session at the 2025 Linux Storage,Filesystem, Memory Management, and BPF Summit about their respectiveplans to speed up networking in the Linux kernel. Both sessions described waysto remove unnecessary operations in the networking stack, but they focused ondifferent areas. Wang spoke about using BPF to speed up socket operations,while Borkmann spoke about eliminating the overhead of networkingoperations on virtual machines.
Free software plays a critical role in science, both in research and indisseminating it. Aspects of software freedom are directly relevant tosimulation, analysis, document preparation and preservation, security,reproducibility, and usability. Free software brings practical and specificadvantages, beyond just its ideological roots, to science, whileproprietary software comes with equally specific risks. As a practicingscientist, I would like to help others-scientists or not-see the benefitsfrom free software in science.
Greg Kroah-Hartman has announced the release of the 6.15.1, 6.14.10, 6.12.32, 6.6.93, 6.1.141, 5.15.185, 5.10.238, and 5.4.294 stable kernels. As usual, eachcontains a set of important fixes.
This year'sLinaro Connect in Lisbon, Portugal featured a number of talks about the use ofopen-source components in safety-critical systems. Kate Stewart gave a keynote on the topicon the first day of the conference. In it, she highlighted several projects thathave been working to pursue safety certification and spoke about the importance ofbeing able to trace software's origins to safety. In a talk on the second day, RobertoBagnara shared his experience with working on one of those projects, the Xenhypervisor, to conform to a formal set of rules for safety-critical code.
Security updates have been issued by AlmaLinux (varnish), Debian (asterisk and roundcube), Fedora (systemd), Mageia (golang), Red Hat (ghostscript, perl-CPAN, python36:3.6, and rsync), SUSE (govulncheck-vulndb, libsoup-2_4-1, and postgresql, postgresql16, postgresql17), and Ubuntu (mariadb, open-vm-tools, php-twig, and python-tornado).
Version3.22.0 of the Alpine Linux distribution has been released. Notablechanges in this release include the removal of the X11 session for KDEPlasma, a switch to systemd-efistub, and experimental supportfor userservices with the OpenRCinit system. See the releasenotes for a detailed list of changes.
Kees Cook's "hardeningfixes" pull request for the 6.16 merge window looked like astraightforward exercise; it only contained four commits. So just abouteverybody was surprised when it resulted in Cook being temporarily blockedfrom his kernel.org account among fears of malicious activity. When thedust settled, though, the red alert was canceled. It turns out,surprisingly, that Git is a tool with which one can inflict substantialself-harm in a moment of inattention.
Software patents and workarounds for them are, once again,causing headaches for open-source projects and users. This timearound, Fedora users have been vulnerable to a serious flaw in the OpenH264 library formonths-not for want of a fix, but because of the RubeGoldberg machine methodology of distributing the library to Fedorausers. The software is open source under a two-clause BSD license; the RPMs are built andsigned by Fedora, but the final product is distributed by Cisco, sothe company can pick up the tab for license fees. Unfortunately, abreakdown in the process of handing RPMs to Cisco for distribution hasleft Fedora users vulnerable, and inaction on Fedora's part has leftusers unaware that they are at risk.
The seventh edition of the Power Management and Schedulingin the Linux Kernel Summit (known as "OSPM") took place on March 18-20,2025. Topics discussed on the third (and final) day include proxyexecution, energy-aware scheduling, the deadline scheduler, and anevaluation of the kernel's EEVDF scheduler.
Mozilla has decided to throw inthe towel on Pocket, a social-bookmarkingservice that it acquired in 2017. This has left many users scramblingfor a replacement for Pocket before its shutdown in July. One possibleoption is wallabag, aself-hostable, MIT-licensed project for saving web content for laterreading. It can import saved data from services like Pocket, sharecontent on the web, export to various formats, and more. Even better,it puts users in control of their data long-term.
As of this writing, 5,546 non-merge changesets have been pulled into the mainlinekernel repository for the 6.16 release. This is a bit less than half of thetotal commits for 6.15, so the merge window is well on its way. Read on for oursummary of the first half of the 6.16 merge window.
As the end of the 1990s approached, a lot of kernel-development effort wasgoing into improving support for 32-bit systemswith shockingly large amounts of memory installed. This being the 1990s,having more than 1GB of memory in such a system was deemed to be shocking.Many of the compromises made to support such inconceivably large systemshave remained in the kernel to this day. One of those compromises -bounce buffering of I/O requests in the block layer - has finally beeneased out for the 6.16 release, more than a quarter-century after itsintroduction.
The SUSE Security Team has published a detailedreport about security vulnerabilities it discovered in the Kea DHCP server suite from the Internet Systems Consortium(ISC).
The GNU C Library(glibc) is the core C library for most Linux distributions, so it is a crucial part of the open-source ecosystem-and an attractivetarget for any attackers looking to carry out supply-chainattacks. With that being the case, securing the project'sinfrastructure using industry best practices and improving thesecurity of its development practices are a frequent topic among glibcdevelopers. A recent discussion suggests that improvements are nothappening as quickly as some would like.
Mahe Tardy led two sessions about some of the challenges that he, Kornilios Kourtis,and John Fastabend have run into in their work onTetragon (Apache-licensed BPF-based security monitoring software)at the Linux Storage, Filesystem, Memory Management, and BPF Summit. The sessionprompted discussion about the feasibility of letting BPF programssend data over the network, as well as potential new kfuncs to let BPF firewallssend TCP reset packets. Tardy presented several possible ways that these couldbe accomplished.
Canonical's Launchpadsoftware-collaboration platform that is used for Ubuntu developmentwill be shutting down its hosted mailing lists atthe end of October. The announcementrecommends Discourse or Launchpad Answers asalternatives. Ubuntu's mailinglists are unaffected by the change.
The increasing sophistication of attackers has organizationsrealizing that perimeter-based security models are inadequate. Manyare planning to transition their internal networks to a zero-trustarchitecture. This requires every communication on the network tobe encrypted, authenticated, and authorized. This can be achieved inapplications and services by using modern communicationprotocols. However, the world still depends on Domain Name System(DNS) services where encryption, while possible, is far from being theindustry standard. To address this we, as part of a working group atRed Hat, worked on fully integrating encrypted DNS for Linuxsystems-not only while the system is running but also during theinstallation and boot process, including support for a customcertificate chain in the initial ramdisk. This integration is nowavailable in CentOSStream9, 10, and the upcomingFedora43 release.
Srinivas Narayana led a remote session about extendingAgni to prove the correctness ofthe BPF verifier's handling of different execution paths as part of the Linux Storage,Filesystem, Memory Management, and BPF Summit. The problem of ensuring thecorrectness of path explorationis much more difficult than the problem ofensuring the correctness of arithmetic operations(which wasthe subject of the previous session), however. Narayana's plan totackle the problem makes use of a mixture of specialized techniques - and mayneed some assistance from the BPF developers to make it feasible at all.
Cory Doctorow wears many hats:digital activist, science-fiction author, journalist, and more. He hasalso written many books, both fiction and non-fiction, runs the Pluralistic blog, is a visitingprofessor, and is an advisor to the ElectronicFrontier Foundation (EFF); his Chokepoint Capitalismco-author, Rebecca Giblin, gave a 2023 keynotein Australia that we covered. Doctorow gave a rousing keynote onthe state of the "enshitternet"-today's internet-to kickoff the recently held PyCon US2025 in Pittsburgh, Pennsylvania.
Version25.05 of the NixOS distribution has been released. Changes includesupport for the COSMIC desktop environment (reviewed here in August), GNOME48, a6.12 kernel, and many new modules; see therelease notes for details. (Thanks to Pavel Roskin).
Security updates have been issued by AlmaLinux (gstreamer1-plugins-bad-free, libsoup, and python-tornado), Debian (libavif and pgbouncer), Red Hat (gstreamer1-plugins-bad-free, mingw-freetype and spice-client-win, and webkit2gtk3), SUSE (firefox, govulncheck-vulndb, and python310-setuptools), and Ubuntu (flask, intel-microcode, openjdk-17-crac, tika, and Tomcat).
The 6.14 kernel development cycle only brought in 11,003 non-mergechangesets, making it the slowest cycle since 4.0, which was released in2015. The 6.15 kernel, instead, brought in 14,612 changesets, making itthe busiest release since 6.7, released at the beginning of 2024. Thekernel development process, in other words, is back up to full speed. The6.15release happened on May25, so the time has come for theobligatory look at where the changes in this release came from.
LWN.net