[$] Enhancing FineIBT
At the Linux\
Security Summit Europe (LSS EU), Scott Constable and Sebastian
Österlund gave a talk on an enhancement to a control-flow integrity (CFI)
protection that was added to the kernel several years ago. The “ FineIBT: Fine-grain Control-flow\
Enforcement with Indirect Branch Tracking” mechanism was merged for
Linux 6.2 in early 2023 to harden the kernel against CFI attacks of various
sorts, but needed [ … ⌘ Read more
Security updates for Friday
Security updates have been issued by Debian (redis and valkey), Fedora (docker-buildkit, ibus-bamboo, pgadmin4, webkitgtk, and wordpress), Mageia (kernel-linus, kmod-virtualbox & kmod-xtables-addons, and microcode), Oracle (compat-libtiff3 and udisks2), Red Hat (rsync), Slackware (python3), SUSE (chromium, cJSON, digger-cli, glow, go1.24, go1.25, go1.25-openssl, grafana, libexslt0, libruby3_4-3_4, pgadmin4, python311-python-socketio, and squid), and Ubuntu (dpdk, libhtp, v … ⌘ Read more
[$] Gccrs after libcore
Despite its increasing popularity, the Rust programming language is still
supported by a single compiler, the LLVM-based rustc. At the 2025 GNU Tools\
Cauldron, Pierre-Emmanuel Patry said that a lot of people are waiting
for a GCC-based Rust compiler before jumping into the language. Patry, who
is working on just that compiler (known as “gccrs”), provided an update on
the status of that project and what is coming next. ⌘ Read more
[$] Last-minute /boot boost for Fedora 43
Sudden increases in the size of Fedora’s initramfs
files have prompted the project to fast-track a proposal to increase
the default size of the /boot partition for new installs of
Fedora 43 and later. The project has also walked back a few
changes that have contributed to larger initramfs files, but the
ever-increasing size of firmware means that the need for more room is
unavoidable. The Fedora En … ⌘ Read more
Ubuntu 25.10 released
Ubuntu\
25.10, “Questing Quokka”, has been released. This release includes
Linux 6.17, GNOME 49, GCC 15, Python 3.13.7,
Rust 1.85, and more. This release also features Rust-based
implementations of sudo and coreutils; LWN covered the switch to the
Rust-based tools in March. The 25.10 version of Ubuntu flavors
Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu
Kylin, Ubuntu MATE, Ubun … ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (gnutls, kernel, kernel-rt, and open-vm-tools), Debian (chromium, python-django, and redis), Fedora (chromium, insight, mirrorlist-server, oci-seccomp-bpf-hook, rust-maxminddb, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, rust-protobuf-support, turbo-attack, and yarnpkg), Oracle (iputils, kernel, open-vm-tools, redis, and valkey), Red Hat (perl-File-Find-Rule and perl-File-Find-Rul … ⌘ Read more
[$] LWN.net Weekly Edition for October 9, 2025
Inside this week’s LWN.net Weekly Edition:
Front: Kernel Rust features; systemd v258, part 2; Cauldron kernel hackers; BPF for GNU tools; 6.18 merge window, part 1; Lifetime-end pointer zapping; Robot Operating System.
Briefs: OpenSSH 10.1; Firefox profiles; Python 3.14; U-Boot v2025.10; FSF presidency; Quotes; …
Announcements: Newsletters, conferences, security upda … ⌘ Read more
Better profile management coming to Firefox
Firefox has long had support for multiple profiles
to store personal information such as bookmarks, passwords, and user
preferences. However, Firefox did not make profiles particularly
discoverable or easy to manage. That is about to change; Mozilla has
announced
that it is launching a profile management feature that will make it
easier to … ⌘ Read more
[$] Upcoming Rust language features for kernel development
The
Rust for Linux project has been good for Rust, Tyler Mandry, one of the
co-leads of Rust’s language-design team, said. He
gave a talk at
Kangrejos 2025 covering upcoming Rust language features and thanking
the Rust for Linux developers for helping drive them forward. Afterward, Benno Lossin and Xiangfei Ding
went into more detail about their work on the three most important language
features for kernel development: … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by Fedora (apptainer, civetweb, mod_http2, openssl, pandoc, and pandoc-cli), Oracle (kernel), Red Hat (gstreamer1-plugins-bad-free, iputils, kernel, open-vm-tools, and podman), SUSE (cairo, firefox, ghostscript, gimp, gstreamer-plugins-rs, libxslt, logback, openssl-1_0_0, openssl-1_1, python-xmltodict, and rubygem-puma), and Ubuntu (gst-plugins-base1.0, linux-aws-6.8, linux-aws-fips, linux-azure, linux-azure-nvidia, linux-gke, linux-nvidia-tegra- … ⌘ Read more
Python 3.14.0 released
Version\
3.14.0 of the Python language has been released. There are a lot of
changes this time around, including official support for free threading, template string literals, and much more; see
the announcement for details. ⌘ Read more
[$] Progress on defeating lifetime-end pointer zapping
Paul McKenney gave a remote presentation at
Kangrejos 2025 following up on the
talk he gave last year about the
lifetime-end-pointer-zapping problem: certain common patterns for multithreaded code are
technically undefined behavior, and changes to the C and C++ specifications
will be needed to correct that. Those changes could also impact code that uses
unsafe Rust, such as the kernel’s Rust bindings. Progress on the p … ⌘ Read more
[$] Highlights from systemd v258: part two
Systemd\
v258 was released on September 17 after more than nine months
of development. LWN has already covered some of the
features and changes being readied for v258 before it was final. Now
that the release is out, it is time to look at more of what came in
v258, including a sandbox shell, new boot options, service-level disk
quotas, and enhancements to systemd-resolved. ⌘ Read more
Notes from the 2025 Git Contributor’s Summit
Taylor Blau has posted an\
extensive set of notes from the recently concluded Git Contributor’s
Summit. Covered topics include the SHA-256 transition, Rust, Change-ID
headers, Git 3.0, and many more. The note are also available on\
Google Docs for those who prefer that format. ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Fedora (chromium), Red Hat (kernel, open-vm-tools, and postgresql), SUSE (chromedriver and chromium), and Ubuntu (haproxy and pam-u2f). ⌘ Read more
U-Boot v2025.10 released
Version 2025.10 of the U-Boot boot loader
has been released with new features, including Python tooling improvements,
cleanups for implicit header inclusions, better support for numerous Arm
platforms, support for new RISC-V platforms, better documentation, and
more. Maintainer Tom Rini also reports on some project news:
As I mentioned with the v2025.07
release, I was looking for a few people to step up and help with the
overall organization and management of the project. To that … ⌘ Read more
[$] 6.18 merge window, part 1
At the time of writing, there have been 9,099 commits in the 6.18 merge window,
8,475 non-merges and 624 merges. The
changes so far include core-kernel, graphics, and networking work, among others.
There are no big surprises, but several items that were discussed at this year’s
LFSMM+BPF Summit have now been merged. ⌘ Read more
[$] Next steps for BPF support in the GNU toolchain
Support for BPF in the kernel has been tied to the LLVM toolchain since the
advent of extended BPF. There has been a growing effort to add BPF support
to the GNU toolchain as well, though. At the 2025 GNU Tools Cauldron, the
developers involved got together with representatives of the kernel
community to talk about the state of that work and what needs to happen
next. ⌘ Read more
Four new stable kernels
The 6.17.1, 6.16.11, 6.12.51, and 6.6.110 stable kernels have been released.
This time around, they contain a relatively small number of important fixes
in various parts of the kernel. ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, git, log4cxx, and openssl), Fedora (containernetworking-plugins, firebird, firefox, jupyterlab, mupdf, and thunderbird), Oracle (ipa), Red Hat (container-tools:rhel8, firefox, gnutls, kernel, kernel-rt, multiple packages, mysql, mysql:8.0, nginx, podman, and thunderbird), Slackware (fetchmail), SUSE (afterburn, chromium, firefox, haproxy, libvmtools-devel, logback, python311-Django, python311-Django4, and … ⌘ Read more
OpenSSH 10.1 released
OpenSSH 10.1 has
been released. Along with “a minor security fix” and some other bug
fixes, this release disallows control characters in user names passed via
the command line, adds better logging around certificate refusals, and a
new RefuseConnection server configuration option. ⌘ Read more
[$] A look at the Robot Operating System
Despite its name, the Robot\
Operating System (ROS) is not an operating system; it is
a software development kit (SDK) that provides building blocks for
robotic applications. One of the main goals of ROS is to present a
common API that abstracts away the details of particular hardware
drivers or algorithms to make development easier; developers can focus
on what a robot should do rather than the low-level details of
specific controllers. The latest release of ROS, [Kilt … ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (idm:DL1), Debian (gegl and haproxy), Fedora (ffmpeg, firefox, freeipa, python-pip, rust-astral-tokio-tar, sqlite, uv, webkitgtk, and xen), Oracle (idm:DL1, ipa, kernel, perl-JSON-XS, and python3), Red Hat (git), SUSE (curl, frr, jupyter-jupyterlab, and libsuricata8_0_1), and Ubuntu (linux-aws, linux-lts-xenial, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-6.8, linux-fips, linux-gcp-fips, and l … ⌘ Read more
Ian Kelling is the new FSF president
The Free Software Foundation has announced
the selection of Ian Kelling as the organization’s president.
Kelling, age forty-three, has held the role of a board member and a
voting member since March 2021. The board said of Kelling’s
confirmation: “His hands-on technical experience resulting from his
position as the organization’s senior systems administrator proved
invaluable for his work on the board of directors. … ⌘ Read more
[$] Kernel hackers at Cauldron, 2025 edition
The GNU Tools Cauldron is almost entirely focused on user-space tools, but
kernel developers need a solid toolchain too. In what appears to be a
developing tradition ( started in 2024),
some kernel developers attended the 2025 Cauldron for the
second year in a row to discuss their needs with the assembled toolchain
developers. Topics covered in this year’s gathering include Rust, better
[BPF type\
format (BTF … ⌘ Read more
Seven new stable kernels
Greg Kroah-Hartman has announced the release of the 6.16.10, 6.12.50, 6.6.109, 6.1.155, 5.15.194, 5.10.245, and 5.4.300 stable kernels. All of these kernels
have lots of important fixes throughout the kernel tree. ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (perl-JSON-XS), Debian (chromium and openssl), Fedora (bird, dnsdist, firefox, mapserver, ntpd-rs, python-nh3, rust-ammonia, skopeo, sqlite, thunderbird, and xen), Oracle (perl-JSON-XS), Red Hat (kernel, kernel-rt, and libvpx), SUSE (afterburn, cairo, docker-stable, firefox, nginx, python-Django, snpguest, and warewulf4), and Ubuntu (libmspack, libxslt, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linu … ⌘ Read more
[$] LWN.net Weekly Edition for October 2, 2025
Inside this week’s LWN.net Weekly Edition:
Front: Fedora and AI; Linting kernel Rust; openSUSE Leap 16; mmap() file operation; 6.17 statistics; dirlock.
Briefs: Bcachefs removal; Alpine /usr merge; F-Droid; Fedora AI policy; OpenSUSE Leap 16; PostgreSQL 18; Radicle 1.5.0; Quotes; …
Announcements: Newsletters, conferences, security updates, patches, and more. ⌘ Read more
Alpine Linux plans /usr merge
The Alpine Linux project has announced
plans to change its base filesystem hierarchy:
In the future,
/lib,/bin, and/sbin
will be symbolic links to their/usrcounterparts, and every package
shall be installed under the/usrpaths. For now,
/usr/binand/usr/sbinwill continue to be independent paths,
but that might change if the Filesystem Hierarchy Standard (FHS) gets
updated.
The merge will take place in the upcomi … ⌘ Read more
[$] Fedora floats AI-assisted contributions policy
The Fedora \
Council began a process to create a policy on AI-assisted
contributions in 2024, starting with a survey to ask the community
its opinions about AI and using AI technologies in Fedora. On
September 25, Jason Brooks published
a draft policy for discussion; so far, in keeping with the spirit of
compromise, it has something … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-ruby … ⌘ Read more
OpenSUSE Leap 16 released
The openSUSE\
Leap 16 release is now available.
This major version update of our fixed-release community-Linux
distribution has a fresh software stack and introduces an unmatched
maintenance- and security-support cycle, a new installer and
simplified migration options.
See our look at this release for more
information. ⌘ Read more
Radicle 1.5.0 released
Version 1.5.0
of the Radicle peer-to-peer Git collaboration platform has been
released. This release includes better support for bare repositories,
structured logging, and improvements in the output of rad patch
show:
The previous output would differentiate “updates”, where the original
author creates a new revision, and “revisions”, where another author
creates a revision. This could be confusing since updates are also
revisions. Instead, the output sh … ⌘ Read more
[$] Linting Rust code in the kernel
Klint is a Rust compiler extension
developed by Gary Guo to run some
kernel-specific lint rules, which may also be useful for embedded system
development. He spoke about his
recent work on the project at
Kangrejos 2025. The next day, Alejandra González
led a discussion about Rust’s normal linter,
Clippy. The two tools … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (python-internetarchive and tiff), Fedora (nextcloud), Oracle (kernel, openssh, and squid), Red Hat (kernel, kernel-rt, and ncurses), SUSE (afterburn and chromium), and Ubuntu (open-vm-tools, ruby-rack, and tiff). ⌘ Read more
Bcachefs removed from the mainline kernel
After marking bcachefs “externally maintained” in 6.17, Linus Torvalds has
removed\
it entirely for 6.18. “It’s now a DKMS module, making the in-kernel
code stale, so remove it to avoid any version confusion.” ⌘ Read more
[$] Improving iov_iter
The iov_iter interface is used to
describe and iterate through buffers in the kernel. David Howells led a combined storage and
filesystem session at
the 2025 Linux Storage,
Filesystem, Memory Management, and BPF Summit (LSFMM+BPF) to discuss ways
to improve iov_iter. His topic\
proposal listed a few different ideas including replacing some
iov_iter types and possibly allowing mixed types in chains of … ⌘ Read more
[$] An end to uniprocessor configurations
The Linux kernel famously scales from the smallest of systems to massive
servers with thousands of CPUs. It was not always that way, though; the
initial version of the kernel could only manage a single processor. That
limitation was lifted, obviously, but single-processor machines have always
been treated specially in the scheduler. That longstanding situation may
soon come to an end, though, if this patch\
series from Ingo M … ⌘ Read more
20 Years of the Open Invention Network
The Open Invention Network (OIN) is celebrating
its 20th anniversary.
The central feature of the OIN community is a patent cross-license
that covers core Open Source functionality and expands in parallel
with the growth of Open Source technology. As growth in Open Source
has accelerated, OIN has proactively expanded the scope of the OIN
license’s benefit by including more than 4,500 software components … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by Debian (python-django), Fedora (krb5), Mageia (cockpit, golang, kernel, and kernel-linus), SUSE (augeas, go1.23, go1.24, iputils, libwebp, transfig, and xen), and Ubuntu (amd64-microcode, apport, linux-azure, linux-azure, linux-azure-4.15, linux-azure-fips, linux-raspi, systemd, and tomcat). ⌘ Read more
[$] The second half of the 6.16 merge window
The 6.16 merge window
closed on June 8, as
expected, containing 12,899 non-merge commits. This is
slightly more than the 6.15 merge window, but well in line with expectations.
7,353 of those were merged after
the summary of the first half of the merge\
window was written. More detailed statistics can be found in
[the LWN kernel source database](https://lwn … ⌘ Read more
[$] Improving Fedora’s documentation
At Flock,
Fedora’s annual developer conference, held in Prague from June 5
to June 8, two members of the Fedora\
documentation team, Petr Bokoč and Peter Boy, led a\
session on the state of Fedora documentation. The pair covered a
brief history of the project’s documentation since the days of [Fedora Core 1](https://lwn.net/Articles/56036/ … ⌘ Read more
FreeBSD laptop support update
The FreeBSD Foundation
has announced
a report
for work completed in April to improve FreeBSD support for
laptops. This includes installer updates, improved suspend/resume
behavior, as well as progress on [a\
port of Linux 6.7 and 6.8 graphics drivers](https://github.com/FreeBSDFoundation/pro … ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (golang, nodejs22, thunderbird, and varnish), Debian (gimp, modsecurity-apache, python-tornado, and roundcube), Fedora (chromium, coreutils, fcgi, ghostscript, krb5, libvpx, mingw-gstreamer1-plugins-bad-free, mingw-libsoup, mod_security, and samba), Mageia (php-adodb, systemd, and tomcat), Red Hat (buildah, firefox, glibc, grafana, kernel, libsoup, libxslt, mod_security, perl-FCGI, podman, python-tornado, and skopeo), Slackware (libvp … ⌘ Read more
Kernel prepatch 6.16-rc1
Linus has released 6.16-rc1 and closed the
merge window for this release.
I think we had a fairly normal merge window, although I did get the
feeling that there were a few more “late straggler” pull requests
than usual. Not to a huge degree, but there was definitely an
upward bump at the end of the second week.But on the whole, all the stats look pretty normal. ⌘ Read more
[$] Nyxt: the Emacs-like web browser
Nyxt is an unusual web
browser that tries to answer the question, “what if Emacs was a
good web browser?”. Nyxt is not an Emacs package, but a full
web browser written in Common Lisp and available under the BSD
three-clause license. Its target audience is developers who want a
browser that is keyboard-driven and extensible; Nyxt is also developed
for Linux first, rather than Linux being an afterthought or just a
sliver of its audience. The philosophy (as described … ⌘ Read more
Netdev 0x19 videos and slides are live
The Netdev\
0x19 conference was held in Zagreb, Croatia from March 10
through March 13. The organizers announced
today that the videos and slides for all sessions are now
online. Topics from the conference include IRQ suspension, the future
of SO_TIMESTAMPING, remote TCP connection offloading, and
more. ⌘ Read more
[$] Slowing the flow of core-dump-related CVEs
The 6.16 kernel will include a number of changes to how the kernel handles
the processing of core dumps for crashed processes. Christian Brauner explained
his reasons for doing this work as: “Because I’m a clown and also I had
it with all the CVEs because we provide a **** API for userspace”. The
handling of core dumps has indeed been a constant source of
vulnerabilities; with luck, the 6.16 work will result in rather fewer of
th … ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (go-toolset:rhel8, golang, nodejs:20, nodejs:22, openssh, and python36:3.6), Debian (edk2, libfile-find-rule-perl, and webkit2gtk), Fedora (emacs, libvpx, perl-FCGI, and seamonkey), Mageia (cifs-utils), Red Hat (containernetworking-plugins, go-toolset:rhel8, golang, gvisor-tap-vsock, krb5, mod_auth_openidc:2.3, protobuf, and thunderbird), Slackware (seamonkey), SUSE (gimp, gnutls, haproxy, opensaml, openssh, openvpn, python-crypto … ⌘ Read more
[$] Zero-copy for FUSE
In a combined storage and filesystem session at the 2025 Linux Storage,
Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Keith Busch led
a discussion about zero-copy operations for the Filesystem\
in Userspace (FUSE) subsystem. The session was proposed
by his colleague, David Wei, who could not make it to the summit, so Busch
filled in, though he noted that “I do … ⌘ Read more
[$] Open source and the Cyber Resilience Act
The European Union’s
Cyber Resilience Act (CRA) has caused a stir in the
software-development world. Thanks to advocacy by the Eclipse Foundation, Open
Source Initiative, Linux Foundation, Mozilla, and others, open-source software
projects generally have minimal requirements under the CRA
— but nothing to do with law is ever quite
so simple. Marta Rybczyńska spoke at Linaro Connect 2025 about the impact of the
CRA on the open-source eco … ⌘ Read more
/e/OS 3.0 released
Version\
3.0 of the privacy-centric, open-source mobile operating system
has been released. Notable changes in this release include improved
privacy tools, a “find my device” feature, and more. LWN looked at /e/OS in
March. ⌘ Read more
[$] Fending off unwanted file descriptors
One of the more obscure features provided by Unix-domain sockets is the
ability to pass a file descriptor from one process to another. This
feature is often used to provide access to a specific file or network
connection to a process running in a relatively unprivileged context. But
what if the recipient doesn’t want a new file descriptor? A feature
added for the 6.16 release makes it possible to refuse that offer. ⌘ Read more
Security updates for Thursday
Security updates have been issued by Debian (chromium and mariadb-10.5), Oracle (firefox, ghostscript, git, go-toolset:ol8, golang, kernel, krb5, mingw-freetype and spice-client-win, nodejs:20, nodejs:22, perl-CPAN, python36:3.6, rsync, varnish, and varnish:6), Red Hat (firefox, thunderbird, and webkit2gtk3), Slackware (curl and python3), SUSE (apache-commons-beanutils, apache2-mod_security2, avahi, buildkit, ca-certificates-mozilla, cloud-regionsrv-client, cloud-regionsrv-client, py … ⌘ Read more
[$] LWN.net Weekly Edition for June 5, 2025
Inside this week’s LWN.net Weekly Edition:
Front: OpenH264 in Fedora; Wallabag; Safety certification; 6.16 Merge window; Bounce buffering; Hardening repository problems; Device-initiated I/O; Faster networking; OSPM 2025; Free software in science.
Briefs: Kea vulnerabilities; Alpine Linux 3.22.0; Fedora strategy; Quotes; …
Announcements: Newsletters, conferences, securi … ⌘ Read more
[$] Device-initiated I/O
Peer-to-peer DMA (P2PDMA) has been part of
the kernel since the 4.20 release in 2018;
it provides a framework that allows devices to transfer data between themselves
directly, without using system RAM for the transfer. At the 2025 Linux
Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Stephen
Bates led a combined storage, filesystems, and memory-management session on
device-initiated I/O, which is perhaps what P2PDMA is … ⌘ Read more
Strategy 2028 update (Fedora Community Blog)
Outgoing Fedora Project Leader Matthew Miller has posted an update
on Fedora’s high-level plan through 2028:
[Fedora] Council members identified potential Initiatives that we
believe are important to work on next. We came up with a list of
thirteen — which is way more than we can handle at once. We previously
set a limit of four Initiatives at a time. We decided to keep to that
… ⌘ Read more
[$] The importance of free software to science
Free software plays a critical role in science, both in research and in
disseminating it. Aspects of software freedom are directly relevant to
simulation, analysis, document preparation and preservation, security,
reproducibility, and usability. Free software brings practical and specific
advantages, beyond just its ideological roots, to science, while
proprietary software comes with equally specific risks. As a practicing
scientist, I would like to help others—scientists or not—see the … ⌘ Read more
Eight stable kernels released
Greg Kroah-Hartman has announced the release of the 6.15.1, 6.14.10, 6.12.32, 6.6.93, 6.1.141, 5.15.185, 5.10.238, and 5.4.294 stable kernels. As usual, each
contains a set of important fixes. ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (git, krb5, perl-CPAN, and rsync), Debian (tcpdf), Fedora (libmodsecurity, lua-http, microcode_ctl, and nextcloud), Red Hat (osbuild-composer), SUSE (389-ds, avahi, ca-certificates-mozilla, docker, expat, freetype2, glib2, gnuplot, gnutls, golang-github-teddysun-v2ray-plugin, golang-github-v2fly-v2ray-core, govulncheck-vulndb, helm, iperf, kernel, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, krb5, libarc … ⌘ Read more
[$] Safety certification for open-source systems
This year’s
Linaro Connect in Lisbon, Portugal featured a number of talks about the use of
open-source components in safety-critical systems. Kate Stewart gave a keynote on the topic
on the first day of the conference. In it, she highlighted several projects that
have been working to pursue safety certification and spoke about the importance of
being able to trace software’s origins to safety. In a talk on the second day, Roberto
Bagnara shared his ex … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by AlmaLinux (varnish), Debian (asterisk and roundcube), Fedora (systemd), Mageia (golang), Red Hat (ghostscript, perl-CPAN, python36:3.6, and rsync), SUSE (govulncheck-vulndb, libsoup-2_4-1, and postgresql, postgresql16, postgresql17), and Ubuntu (mariadb, open-vm-tools, php-twig, and python-tornado). ⌘ Read more
Alpine Linux 3.22.0 released
Version\
3.22.0 of the Alpine Linux distribution has been released. Notable
changes in this release include the removal of the X11 session for KDE
Plasma, a switch to systemd-efistub, and experimental support
for user\
services with the OpenRC
init system. See the [release\
notes](https://wiki.alpinelinux.org/wiki/Rele … ⌘ Read more
[$] Hardening fixes lead to hard questions
Kees Cook’s “hardening\
fixes” pull request for the 6.16 merge window looked like a
straightforward exercise; it only contained four commits. So just about
everybody was surprised when it resulted in Cook being temporarily blocked
from his kernel.org account among fears of malicious activity. When the
dust settled, though, the red alert was canceled. It turns out,
surprisingly, that Git is a tool with which one can inflict substantial … ⌘ Read more
[$] OpenH264 induces headaches for Fedora
Software patents and workarounds for them are, once again,
causing headaches for open-source projects and users. This time
around, Fedora users have been vulnerable to a serious flaw in the OpenH264 library for
months—not for want of a fix, but because of the Rube\
Goldberg machine methodology of distributing the library to Fedora
users. The software is open source under a two-clause BSD license; the RPMs are … ⌘ Read more
Security updates for Monday
Security updates have been issued by Debian (espeak-ng, kitty, kmail-account-wizard, krb5, libreoffice, libvpx, net-tools, python-flask-cors, symfony, tcpdf, thunderbird, and twitter-bootstrap3), Fedora (chromium, dropbear, firefox, gstreamer1-plugins-bad-free, python-tornado, systemd, and thunderbird), Mageia (coreutils, deluge, glib2.0, and redis), Oracle (firefox, kernel, and systemd), Red Hat (firefox, kernel, kernel-rt, varnish, varnish:6, and zlib), SUSE (bind, curl, dnsdist, … ⌘ Read more
[$] Reports from OSPM 2025, day three
The seventh edition of the Power Management and Scheduling\
in the Linux Kernel Summit (known as “OSPM”) took place on March 18-20,
2025. Topics discussed on the third (and final) day include proxy
execution, energy-aware scheduling, the deadline scheduler, and an
evaluation of the kernel’s EEVDF scheduler. ⌘ Read more
[$] Out of Pocket and into the wallabag
Mozilla has decided to throw in\
the towel on Pocket, a social-bookmarking
service that it acquired in 2017. This has left many users scrambling
for a replacement for Pocket before its shutdown in July. One possible
option is wallabag, a
self-hostable, MIT-licensed project for saving web content for later
reading. It can import saved dat … ⌘ Read more
Security updates for Friday
Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, firefox, ghostscript, gstreamer1-plugins-bad-free, libsoup3, mingw-freetype, perl, ruby, sqlite, thunderbird, unbound, valkey, and xz), Debian (chromium, firefox-esr, libavif, linux-6.1, modsecurity-apache, mydumper, systemd, and thunderbird), Fedora (coreutils, dnsdist, docker-buildx, maturin, mingw-python-flask, mingw-python-flit-core, ruff, rust-hashlink, rust-rusqlite, and thunderbird), Red Hat (pcs), SUSE (augeas, … ⌘ Read more
[$] The first half of the 6.16 merge window
As of this writing, 5,546 non-merge changesets have been pulled into the mainline
kernel repository for the 6.16 release. This is a bit less than half of the
total commits for 6.15, so the merge window is well on its way. Read on for our
summary of the first half of the 6.16 merge window. ⌘ Read more
[$] Block-layer bounce buffering bounces out of the kernel
As the end of the 1990s approached, a lot of kernel-development effort was
going into improving support for 32-bit systems
with shockingly large amounts of memory installed. This being the 1990s,
having more than 1GB of memory in such a system was deemed to be shocking.
Many of the compromises made to support such inconceivably large systems
have remained in the kernel to this day. One of those compromises —
bounce buffering of I/O requests in the block layer — has finally be … ⌘ Read more
Local vulnerabilities in Kea DHCP
The SUSE Security Team has published a detailed\
report about security vulnerabilities it discovered in the Kea DHCP server suite from the Internet Systems Consortium
(ISC).
Since SUSE is also going to ship Kea DHCP in its products, we
performed a routine review of its code base. Even before checking the
network security of Kea, we stumbled over a range of local securit … ⌘ Read more
Two new stable kernels
The 6.14.9 and 6.12.31 stable kernels have been released.
Each contains an unusually large number of important fixes all over the
kernel tree. ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel and kernel-rt), Debian (firefox-esr, libvpx, net-tools, php-twig, python-tornado, setuptools, varnish, webpy, yelp, and yelp-xsl), Fedora (xen), Mageia (cimg and ghostscript), Oracle (gstreamer1-plugins-bad-free, kernel, libsoup, thunderbird, and unbound), Red Hat (firefox, mingw-freetype and spice-client-win, pcs, and varnish:6), Slackware (curl and mozilla), SUSE (apparmor, containerd, dnsdist, go1.23-openssl, go1.24 … ⌘ Read more
[$] LWN.net Weekly Edition for May 29, 2025
Inside this week’s LWN.net Weekly Edition:
Front: Glibc security; How we lost the Internet; Encrypted DNS; 6.15 Development statistics; Filesystem stress-testing; BPF verifier; Network access from BPF; OSPM 2025.
Briefs: AlmaLinux 10.0; FESCo decision overturned; NixOS 25.05; Pocket, Launchpad retired; Quotes; …
Announcements: Newsletters, conferences, security updates, … ⌘ Read more
[$] Glibc project revisits infrastructure security
The GNU C Library
(glibc) is the core C library for most Linux distributions, so it is a
crucial part of the open-source ecosystem—and an attractive
target for any attackers looking to carry out supply-chain
attacks. With that being the case, securing the project’s
infrastructure using industry best practices and improving the
security of its development practices are a frequent topic among glibc
developers. A recent discussion suggests that improveme … ⌘ Read more
[$] Allowing BPF programs more access to the network
Mahé Tardy led two sessions about some of the challenges that he, Kornilios Kourtis,
and John Fastabend have run into in their work on
Tetragon (Apache-licensed BPF-based security monitoring software)
at the Linux Storage, Filesystem, Memory Management, and BPF Summit. The session
prompted discussion about the feasibility of letting BPF programs
send data over the network, as well as potential new kfuncs to let BPF firewalls
send TCP reset packets. Tardy pre … ⌘ Read more
Launchpad mailing lists going away
Canonical’s Launchpad
software-collaboration platform that is used for Ubuntu development
will be shutting down its hosted mailing lists at
the end of October. The announcement
recommends Discourse or Launchpad Answers as
alternatives. Ubuntu’s mailing\
lists are u … ⌘ Read more
[$] System-wide encrypted DNS
The increasing sophistication of attackers has organizations
realizing that perimeter-based security models are inadequate. Many
are planning to transition their internal networks to a zero-trust\
architecture. This requires every communication on the network to
be encrypted, authenticated, and authorized. This can be achieved in
applications and services by using modern communication
protocols. However, the world still depends on Domain Name Syste … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (gstreamer1-plugins-bad-free and kernel), Arch Linux (bind and varnish), Debian (glibc and syslog-ng), Fedora (microcode_ctl, mozilla-ublock-origin, nodejs20, and nodejs22), Mageia (firefox, nss, rootcerts, open-vm-tools, sqlite3, and thunderbird), Oracle (gstreamer1-plugins-bad-free, kernel, libsoup, nodejs:22, php, php:8.2, php:8.3, python-tornado, redis, and redis:7), Red Hat (libsoup, pcs, and python-tornado), Slackware … ⌘ Read more
AlmaLinux OS 10.0 released
Version\
10 of the AlmaLinux OS distribution has been released.
The goal of AlmaLinux OS is to support our community, and AlmaLinux
OS 10 is the best example of that yet. With an unwavering eye on
maintaining compatibility with Red Hat Enterprise Linux (RHEL), we
have made small improvements to AlmaLinux OS 10 that target
specific sections of our userbase.
See [the\ release notes](https://wiki.almalinux.org/release-notes/10.0.h … ⌘ Read more
[$] Verifying the BPF verifier’s path-exploration logic
Srinivas Narayana led a remote session about extending
Agni to prove the correctness of
the BPF verifier’s handling of different execution paths as part of the Linux Storage,
Filesystem, Memory Management, and BPF Summit. The problem of ensuring the
correctness of path exploration
is much more difficult than the problem of
ensuring the co … ⌘ Read more
[$] Cory Doctorow on how we lost the internet
Cory Doctorow wears many hats:
digital activist, science-fiction author, journalist, and more. He has
also written many books, both fiction and non-fiction, runs the Pluralistic blog, is a visiting
professor, and is an advisor to the Electronic\
Frontier Foundation (EFF); his Chokepoint Capitalism
co-author, Rebecca Giblin, gave a [2023 keynote\
in Australia](https://lw … ⌘ Read more
Security updates for Tuesday
Security updates have been issued by AlmaLinux (gstreamer1-plugins-bad-free, libsoup, and python-tornado), Debian (libavif and pgbouncer), Red Hat (gstreamer1-plugins-bad-free, mingw-freetype and spice-client-win, and webkit2gtk3), SUSE (firefox, govulncheck-vulndb, and python310-setuptools), and Ubuntu (flask, intel-microcode, openjdk-17-crac, tika, and Tomcat). ⌘ Read more
[$] Development statistics for the 6.15 kernel
The 6.14 kernel development cycle only brought in 11,003 non-merge
changesets, making it the slowest cycle since 4.0, which was released in
2015. The 6.15 kernel, instead, brought in 14,612 changesets, making it
the busiest release since 6.7, released at the beginning of 2024. The
kernel development process, in other words, is back up to full speed. The
6.15\
release happened on May 25, so the … ⌘ Read more
Security updates for Monday
Security updates have been issued by AlmaLinux (389-ds-base, ghostscript, grafana, kernel, and osbuild-composer), Debian (intel-microcode, kernel, libphp-adodb, and openssl), Fedora (dotnet8.0, ghostscript, iputils, nbdkit, open-vm-tools, thunderbird, and vyper), Mageia (chromium-browser-stable, glibc, iputils, microcode, nodejs, and zsync), Oracle (.NET 8.0, .NET 9.0, 389-ds-base, avahi, buildah, compat-openssl11, expat, firefox, ghostscript, gimp, git, grafana, gvisor-tap-vsock, libso … ⌘ Read more
The 6.15 kernel has been released
Linus has released the 6.15 kernel, as
expected.
So this was delayed by a couple of hours because of a last-minute
bug report resulting in one new feature being disabled at the
eleventh hour, but 6.15 is out there now.
Significant changes in 6.15 include smarter timer-ID assignment to make
checkpoint/restore operations more reliable, the [ability](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/comm … ⌘ Read more
[$] Reports from OSPM 2025, day two
The seventh edition of the Power Management and Scheduling\
in the Linux Kernel Summit (known as “OSPM”) took place on March 18-20,
2025. Topics discussed on the second day include improvements to device
suspend and resume, the status and future of sched_ext, the scx_lavd
scheduler, improving the efficiency of load balancing, and hierarchical
constant bandwidth server scheduling. ⌘ Read more
[$] Formally verifying the BPF verifier
The BPF verifier is an increasingly complex and security-critical piece of code.
When the kinds of people who are apt to work on BPF see a situation like that,
they naturally question whether it’s possible to use formal verification to
ensure that the implementation of the code in question is correct. Santosh
Nagarakatte led the first of two extra-long sessions in the BPF track
of the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit
about his team’s work formally verifying the … ⌘ Read more
Security updates for Friday
Security updates have been issued by Fedora (dotnet9.0, dropbear, ghostscript, nbdkit, openssh, python-watchfiles, rpm-ostree, yelp, yelp-xsl, and zsync), Oracle (firefox and kernel), Red Hat (osbuild-composer), Slackware (aaa_glibc and mozilla), SUSE (chromedriver, open-vm-tools, postgresql14, python-cryptography, and thunderbird), and Ubuntu (linux-aws, linux-hwe-5.4, python, and sqlite3). ⌘ Read more
Mozilla is shutting down Pocket
Mozilla has announced
that it is shutting down Pocket, a bookmarking service acquired by Mozilla
in 2017, this coming July. “Pocket has helped millions save articles
and discover stories worth reading. But the way people use the web has
evolved, so we’re channeling our resources into projects that better match
their browsing habits and online needs.” ⌘ Read more
Home Assistant deprecates the “core” and “supervised” installation modes
Our recent article on Home Assistant
observed that the project emphasizes installations using its own Linux
distribution or within containers. The project has now made that emphasis
rather stronger with this\
announcement of the deprecation of the “core” and “supervised”
installation modes, which allowed H … ⌘ Read more
Fedora Council overturns FESCo provenpackager decision
The Fedora Council has ruled on the Fedora Engineering Steering
Council’s (FESCo) decision last year to revoke Peter Robinson’s
provenpackager status. In a statement
published to the fedora-devel-announce mailing list, the council has
announced that it has overturned FESCo’s decision:
FESCo didn’t have a specific policy for dealing with a request to remove
Proven Packager rights. In addition, the FESCo process wa … ⌘ Read more
Five new stable kernels
Greg Kroah-Hartman has announced the release of the 6.14.8, 6.12.30, 6.6.92, 6.1.140, and 5.15.184 stable kernels. As usual, each
contains a long list of important fixes throughout the kernel tree. ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (kernel, kernel-rt, and webkit2gtk3), Fedora (mozilla-ublock-origin and sudo-rs), Oracle (.NET 8.0, compat-openssl10, grafana, osbuild-composer, redis:6, ruby:2.5, and webkit2gtk3), SUSE (dante, firefox-esr, gnuplot, govulncheck-vulndb, grype, postgresql13, postgresql14, postgresql15, postgresql16, postgresql17, python-tornado6, python314, thunderbird, ucode-intel, and xen), and Ubuntu (bind9, libfcgi-perl, linux-ibm-5.4, linux-oracle-5.4 … ⌘ Read more
[$] LWN.net Weekly Edition for May 22, 2025
Inside this week’s LWN.net Weekly Edition:
Front: Home Assistant; Setuptools; Debian AI GR; DMA-mapping API; BPF CI; OSPM 2025
Briefs: Go audit; Oniux; Asahi progress; Rust in FreeBSD; RHEL 10; Rust 1.87.0; RIP John L. Young; Quote; …
Announcements: Newsletters, conferences, security updates, patches, and more. ⌘ Read more
Status report on optional Rust in FreeBSD support
Shawn Webb has published a status\
report on work to provide basic support in FreeBSD for userland components
written in Rust.
We introduced a new BSD makefile, located at
share/mk/bsd.rust.mk,
that enables building a Rust application during buildworld. As of … ⌘ Read more
[$] Recent disruptive changes from Setuptools
In late March, version 78.0.1 of Setuptools — an important
Python packaging tool — was released. It was scarcely half an hour before
the first bug\
report came in, and it quickly became clear that the change was far
more disruptive than anticipated. Within only about five hours [78.0.2 was\
published to roll back the change](https://setuptools.pypa.io/e … ⌘ Read more
Security updates for Wednesday
Security updates have been issued by AlmaLinux (.NET 8.0, avahi, buildah, compat-openssl10, compat-openssl11, expat, firefox, gimp, git, grafana, libsoup, libxslt, mod_auth_openidc, nginx, nodejs:22, osbuild-composer, php, redis, redis:7, skopeo, thunderbird, vim, webkit2gtk3, xterm, and yelp), Arch Linux (dropbear, freetype2, go, nodejs, nodejs-lts-iron, nodejs-lts-jod, python-django, webkit2gtk, webkit2gtk-4.1, webkitgtk-6.0, and wpewebkit), Debian (mongo-c-driver), Fedora (openssh, … ⌘ Read more
[$] An update on continuous testing of BPF kernel patches
Ihor Solodrai has been working on the BPF subsystem’s continuous-integration
(CI) testing for the last six months. At the 2025 Linux Storage, Filesystem,
Memory-Management, and BPF Summit, he remotely shared
an update on his work, and solicited feedback on how the tests could be further
improved. Much of the work he’s done has been specific to the BPF subsystem, but
some is more generic and could potentially be of use to other subsystems. He
also shared some general lessons le … ⌘ Read more