lwn.net

Security updates have been issued by AlmaLinux (kernel, kernel-rt, mysql:8.0, and openssh), Debian (libcommons-lang-java, libcommons-lang3-java, libcpanel-json-xs-perl, libjson-xs-perl, libxml2, open-vm-tools, and u-boot), Fedora (bird, dnsdist, mapserver, ntpd-rs, python-nh3, and rust-ammonia), Oracle (kernel and mysql:8.0), Red Hat (cups, postgresql:12, and postgresql:13), SUSE (cJSON-devel, gimp, kernel-devel, kubecolor, open-vm-tools, openssl-1_1, openssl-3, and ruby3.4-rubygem-rack), and Ubuntu (linux-azure-5.15 and openssl, openssl1.0).

The openSUSE Leap 16 release is now available.

This major version update of our fixed-release community-Linux distribution has a fresh software stack and introduces an unmatched maintenance- and security-support cycle, a new installer and simplified migration options.

See our look at this release for more information.

Version 1.5.0 of the Radicle peer-to-peer Git collaboration platform has been released. This release includes better support for bare repositories, structured logging, and improvements in the output of rad patch show:

The previous output would differentiate "updates", where the original author creates a new revision, and "revisions", where another author creates a revision. This could be confusing since updates are also revisions. Instead, the output shows a timeline of the root of the patch and each new revision, without any differentiation. The revision identifiers, head commit of the revision, and author are still printed as per usual.

LWN covered Radicle in March 2024.

Klint is a Rust compiler extension developed by Gary Guo to run some kernel-specific lint rules, which may also be useful for embedded system development. He spoke about his recent work on the project at Kangrejos 2025. The next day, Alejandra González led a discussion about Rust's normal linter, Clippy. The two tools offer complementary approaches to analyzing Rust kernel code, although both need some additional direction and support from kernel developers to reach their full potential.

Security updates have been issued by Debian (python-internetarchive and tiff), Fedora (nextcloud), Oracle (kernel, openssh, and squid), Red Hat (kernel, kernel-rt, and ncurses), SUSE (afterburn and chromium), and Ubuntu (open-vm-tools, ruby-rack, and tiff).

After marking bcachefs "externally maintained" in 6.17, Linus Torvalds has removed it entirely for 6.18. "It's now a DKMS module, making the in-kernel code stale, so remove it to avoid any version confusion."

The 6.17 development cycle ended on September 28 with the release of the 6.17 kernel. This cycle brought in 13,089 non-merge changesets, a slowdown from its predecessor but still within the normal bounds for recent kernels. The time has come for a look at where those changes came from, with a bit of a side trip into bug statistics.

The NixOS moderation team, which is theoretically in charge of ensuring that community participation on the project's repositories and discussion forum remains welcoming and useful, has released a joint resignation statement. This action was motivated by conflict with the project's steering council (SC), which has repeatedly overridden the moderation team, leading the team members to decide that they could not continue acting as moderators. Arian Van Putten, speaking for the whole team, writes:

The SC has also shown, in private and public conversations, their lack of understanding of basic principles of community management and open communication. They have mistaken quiet and a lack of controversy for success and peace. They have consistently become upset when there is criticism, and gone quiet on crucial issues in between. We have some fundamental conflicts in this community, which absolutely require discussion. Meanwhile, discussion with the SC has only become less effective.

We think that the goal of moderation should not be to avoid difficult conversations - it's to navigate those difficult conversations in ways that remain safe and constructive. We believe we've made considerable progress as a community on making those conversations happen, and we believe they need to happen more for the project to grow, not be suppressed. We thank everyone for the growth that we have seen, and for their efforts to avoid personal focus in discussion, especially recently.

The NixOS project has had problems with community moderation stretching back more than a year. With the next steering council election coming up soon, it will be interesting to see whether the community selects a council that feels differently or not.

As with a mobile phone, a portable gaming device like the Steam Deck can contain lots of personal information that the owner would like to keep secret—especially given that such devices can do far more than gaming. Alberto Garcia worked with his colleagues at Igalia and people at Valve, the company behind the Steam gaming platform, to come up with a new tool to manage encrypted filesystems for SteamOS, which is a Linux distribution optimized for gaming. Garcia gave a talk about that tool, dirlock, at Open Source Summit Europe, which was held in Amsterdam in late August. In the talk, he looked at the design process for the encrypted-files feature, the alternatives considered, and why they made the choices they did.

Security updates have been issued by AlmaLinux (avahi, cups, firefox, gnutls, golang, httpd, kernel, libtpms, mysql, opentelemetry-collector, php:8.2, podman, postgresql:13, postgresql:15, python3, python3.11, python3.12, python3.9, thunderbird, and udisks2), Debian (firefox-esr, gimp, nncp, node-tar-fs, and squid), Fedora (chromium, firebird, python-azure-keyvault-securitydomain, python-azure-mgmt-security, and python-microsoft-security-utilities-secret-masker), Red Hat (httpd:2.4, kernel, kernel-rt, and mod_http2), SUSE (aide, apache2-mod_security2, chromedriver, cloud-init, docker, gdk-pixbuf, git, google-osconfig-agent, govulncheck-vulndb, gstreamer-plugins-base, iperf, kernel, krb5, krita, luajit, net-tools, nvidia-open-driver-G06-signed, pam, postgresql17, python311, rust-keylime, sevctl, tor, tree-sitter-ruby, and udisks2), and Ubuntu (curl, ghostscript, inetutils, python2.7, and qtbase-opensource-src).

The F-Droid project has posted an urgent message regarding Google's plan to require developer registration to install apps on Android devices.

The F-Droid project cannot require that developers register their apps through Google, but at the same time, we cannot "take over" the application identifiers for the open-source apps we distribute, as that would effectively seize exclusive distribution rights to those applications.

If it were to be put into effect, the developer registration decree will end the F-Droid project and other free/open-source app distribution sources as we know them today, and the world will be deprived of the safety and security of the catalog of thousands of apps that can be trusted and verified by any and all. F-Droid's myriad users will be left adrift, with no means to install — or even update their existing installed — applications.

Linus Torvalds has released the 6.17 kernel. He notes that the shortlog for the changes since -rc7 are pretty tame: It's not exciting, which is all good. I think the biggest patch in there is some locking fixes for some bluetooth races that could cause use-after-free situations. Whee - that's about as exciting as it gets.

Other than that, there' the usual driver fixlets (GPU and networking dominate as usual, but "dominate" is still pretty small), there's some minor random other driver updates, some filesystem noise, and core kernel and mm.

And some selftest updates.

Significant features in this release include better control over x86 Spectre mitigations, live patching support on 64-bit Arm platforms, a number of pidfd improvements, the removal of special support for uniprocessor systems, initial support for proxy execution, experimental large-folio support in the Btrfs filesystem, the file_getattr() and file_setattr() system calls, and support for the DualPI2 congestion-control protocol.

See the LWN merge-window summaries (part 1, part 2) for more information. In addition, KernelNewbies has a look at the changes that went into 6.17.

The openSUSE project is nearing the release of Leap 16, its first major release since openSUSE Leap 15 in May 2018. This release brings some changes to the core of the distribution aside from the usual software upgrades; YaST has been retired, SELinux has replaced AppArmor as the default mandatory access control (MAC) system, and more. If all goes according to plan, Leap 16 final should be released in early October, with planned support through 2031.

Security updates have been issued by AlmaLinux (firefox, kernel, and thunderbird), Debian (ceph and thunderbird), Fedora (chromium, mingw-expat, python-deepdiff, python-orderly-set, python-pip, rust-az-cvm-vtpm, rust-az-snp-vtpm, rust-az-tdx-vtpm, and trustee-guest-components), Oracle (aide, kernel, and thunderbird), Red Hat (firefox, kernel, openssh, perl-YAML-LibYAML, and thunderbird), Slackware (expat), SUSE (jasper, libssh, openjpeg2, and python-pycares), and Ubuntu (linux-aws-6.14, linux-hwe-6.14, linux-azure, linux-hwe-6.8, linux-realtime-6.8, node-sha.js, and pcre2).

Longtime PyPy developer Antonio Cuni has a lengthy blog post that describes his talk at the recently completed 2025 CPython Core Dev Sprint, held at Arm in Cambridge, UK. The talk, entitled "Tracing JIT and real world Python — aka: what we can learn from PyPy" was meant to try to pass on some of his experiences "optimizing existing code for PyPy at a high-frequency trading firm" to the developers working on the CPython JIT compiler. His goal was to raise awareness of some of the problems he encountered: Until now CPython's performance has been particularly predictable, there are well established "performance tricks" to make code faster, and generally speaking you can mostly reason about the speed of a given piece of code "locally".

Adding a JIT completely changes how we reason about performance of a given program, for two reasons:

1. JITted code can be very fast if your code conforms to the heuristics applied by the JIT compiler, but unexpectedly slow(-ish) otherwise;
2. the speed of a given piece of code might depend heavily on what happens elsewhere in the program, making it much harder to reason about performance locally.

The end result is that modifying a line of code can significantly impact seemingly unrelated code. This effect becomes more pronounced as the JIT becomes more sophisticated.

Cuni also gave a talk on Python performance, which LWN covered, at EuroPython 2025 in July.

The file_operations structure in the kernel is a set of function pointers implementing, as the name would suggest, operations on files. A subsystem that manages objects which can be represented by a file descriptor will provide a file_operations structure providing implementations of the various operations that a user of the file descriptor may want to carry out. The mmap() method, in particular, is invoked when user space calls the mmap() system call to map the object behind a file descriptor into its address space. That method, though, is currently on its way out in a multi-release process that started in 6.17.

The Fedora project has posted a proposal for a policy regarding the use of AI tools when developing for the distribution.

You are responsible for your contributions. AI-generated content must be treated as a suggestion, not as final code or text. It is your responsibility to review, test, and understand everything you submit. Submitting unverified or low-quality machine-generated content (sometimes called "AI slop") creates an unfair review burden on the community and is not an acceptable contribution.

The 6.16.9, 6.12.49, 6.6.108, and 6.1.154 stable kernels have been released. As usual, they all contain important fixes throughout the kernel tree.

Security updates have been issued by AlmaLinux (grub2 and kernel), Debian (chromium and libxslt), Fedora (chromium, expat, libssh, and webkitgtk), Oracle (avahi, firefox, ImageMagick, kernel, libtpms, and mysql), Red Hat (kernel), SUSE (bird3, expat, kernel, and tiff), and Ubuntu (dpkg, gnuplot, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux-riscv-5.15, linux-xilinx-zynqmp, linux, linux-aws, linux-gcp, linux-gcp-6.14, linux-oracle, linux-realtime, linux-riscv, linux-riscv-6.14, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure-fips, linux-ibm, linux-ibm-6.8, linux-intel-iot-realtime, linux-realtime, linux-oem-6.14, linux-oracle-5.15, linux-realtime-6.14, and python-eventlet).

Version 18 of the PostgreSQL database has been released. Notable improvements in this release include "skip scan" lookups for multicolumn B-tree indexes, virtual generated columns, better text processing, oauth authentication, and a new asynchronous I/O (AIO) subsystem to improve performance:

AIO lets PostgreSQL issue multiple I/O requests concurrently instead of waiting for each to finish in sequence. This expands existing readahead and improves overall throughput. AIO operations supported in PostgreSQL 18 include sequential scans, bitmap heap scans, and vacuum. Benchmarking has demonstrated performance gains of up to 3x in certain scenarios.

There are, of course, many other improvements and changes; see the release notes for full details.