lwn.net

Security updates have been issued by Debian (imagemagick, incus, lxd, pgagent, svgpp, and sysstat), Fedora (chromium, complyctl, fetchmail, firefox, mbedtls, mingw-binutils, mingw-python3, mingw-qt5-qtsvg, mingw-qt6-qtsvg, python3.10, python3.11, python3.12, python3.9, runc, and suricata), Mageia (expat), Red Hat (firefox, kernel, qt5-qtbase, and qt6-qtbase), Slackware (stunnel), SUSE (chromium, coredns, ctdb, firefox, kernel, libexslt0, libpoppler-cpp2, ollama, openssl-1_1, pam, samba, and thunderbird), and Ubuntu (samba).

The 6.18-rc2 kernel prepatch is out.

End result: rc2 is on the bigger side, and we still have some of the remaining regressions outstanding, but we should be making slow progress. It's fairly early days yet, so I'm not very worried. Things on the whole look fairly normal.

Greg Kroah-Hartman has announced the release of the 6.17.4 6.12.54 6.6.113 6.1.157, and 5.15.195 stable kernels. As usual, each contains important fixes; users of those kernels are advised to upgrade.

The Ruby community has experienced some turbulence of late after Ruby Central took control of the GitHub repositories for a number of projects including RubyGems and Bundler. Those projects have historically been developed separately from Ruby itself. They are now being put under the control of Ruby's core team, according to Ruby creator Yukihiro Matsumoto (a.k.a. "Matz"):

To provide the community with long-term stability and continuity, the Ruby core team, led by Matz, has decided to assume stewardship of these projects from Ruby Central. We will continue their development in close collaboration with Ruby Central and the broader community.

Ruby Central has also issued a statement.

Ruby libraries and applications are distributed via a packaging format called a gem. RubyGems.org has been the central hosting service for gems since about 2010. This article is part one of a two-part series on the RubyGems.org takeover by Ruby Central. Understanding the history of RubyGems.org, and the contributor community behind it, is vital to making sense of the current power struggle between Ruby Central and members of the Ruby community who have maintained those services and tools for many years.

Security updates have been issued by AlmaLinux (kernel and libssh), Debian (firefox-esr and pgpool2), Mageia (varnish & lighttpd), Red Hat (python3, python3.11, python3.12, python3.9, and python39:3.9), SUSE (expat, gstreamer-plugins-rs, kernel, openssl1, pgadmin4, python311-ldap, and squid), and Ubuntu (dotnet8, dotnet9, dotnet10 and mupdf).

There have been many discussions in the free-software community about the role of large language models (LLMs) in software development. For the most part, though, those conversations have focused on whether projects should be accepting code output by those models, and under what conditions. But there are other ways in which these systems might participate in the development process. Chris Mason recently started a discussion on the Kernel Summit discussion list about how these models can be used to review patches, rather than create them.

Security updates have been issued by AlmaLinux (kernel and libsoup3), Debian (chromium and firefox-esr), Fedora (httpd), Oracle (cups, ImageMagick, kernel, and vim), Red Hat (libssh), Slackware (samba), SUSE (alloy, exim, firefox-esr, ImageMagick, kernel, libcryptopp-devel, libQt6Svg6, libsoup-3_0-0, libtiff-devel-32bit, lsd, python3-gi-docgen, python311-Authlib, qt6-base, samba, and squid), and Ubuntu (ffmpeg, linux-oracle-6.8, redict, redis, samba, and subversion).

Version 13.0 of the Forgejo software forge has been released. Notable changes in this release include content moderation features, ability to require 2FA for users or administrators, and a migration feature for Pagure repositories. The last will be useful for Fedora's move to Forgejo as its new git forge. See the release notes for all changes in 13.0.

Inside this week's LWN.net Weekly Edition:

• Front: LLMs and copyright; Systemd packaging in Debian; Gccrs; FineIBT; 6.18 Merge window; Interrupt-aware spinlocks; Fedora's /boot.
• Briefs: Librephone; LMDE 7; Ubuntu 25.10; Firefox 144.0; Julia 1.12; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Boqun Feng spoke at Kangrejos 2025 about adding a frequently needed API for Rust drivers that need to handle interrupts: interrupt-aware spinlocks. Most drivers will need to communicate information from interrupt handlers to main driver code, and this exchange is frequently synchronized with the use of spinlocks. While his first attempts ran into problems, Feng's ultimate solution could help prevent bugs in C code as well, by tracking the number of nested scopes that have disabled interrupts. The patch set, which contains work from Feng and Lyude Paul, is still under review.

Linux Mint Debian Edition (LMDE) 7, based on Debian 13 ("trixie"), has been released:

Its goal is to ensure Linux Mint would be able to continue to deliver the same user experience, and how much work would be involved, if Ubuntu was ever to disappear. LMDE is also one of our development targets, to guarantee the software we develop is compatible outside of Ubuntu.

The LMDE release notes are rather sparse; users are also advised to review Debian 13's release notes.

Security updates have been issued by AlmaLinux (kernel, kernel-rt, vim, and webkit2gtk3), Debian (distro-info-data, https-everywhere, and php-horde-css-parser), Fedora (inih, mingw-exiv2, mirrorlist-server, rust-maxminddb, rust-monitord-exporter, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, and rust-protobuf-support), Mageia (fetchmail), Oracle (gnutls, kernel, vim, and webkit2gtk3), Red Hat (kernel, kernel-rt, and webkit2gtk3), Slackware (mozilla), SUSE (curl, libxslt, and net-tools), and Ubuntu (linux-azure-5.15, linux-azure-6.8, linux-azure-fips, linux-oracle, linux-oracle-6.14, and linux-raspi).

Greg Kroah-Hartman has announced the release of the 6.17.3, 6.12.53, 6.6.112, and 6.1.156 stable kernels. As usual, each contains important fixes throughout the kernel tree. Users of these kernels are advised to upgrade.

The Free Software Foundation has announced the launch of the Librephone project, which is aimed at the creation of a fully-free operating system for mobile devices.

Practically, Librephone aims to close the last gaps between existing distributions of the Android operating system and software freedom. The FSF has hired experienced developer Rob Savoye (DejaGNU, Gnash, OpenStreetMap, and more) to lead the technical project. He is currently investigating the state of device firmware and binary blobs in other mobile phone freedom projects, prioritizing the free software work done by the not entirely free software mobile phone operating system LineageOS.

The 6.18 merge window has come to an end, bringing with it a total of 11,974 non-merge commits, 3,499 of which came in after LWN's first-half summary. The total is a little higher than the 6.17 merge window, which saw 11,404 non-merge commits. There are once again a good number of changes and new features included in this release.

Version 1.12 of Julia has been released. Highlights of the release include new multi-threading features, new tracing flags and macros, and an experimental --trim feature. See the release notes for a full list of new features, changes, and improvements. LWN last covered Julia in January.

Version 144.0 of the Firefox browser has been released. Changes this time include improvements to tab-group and profile management, stronger encryption for stored passwords, a "search image with Google Lens" operation, and "Perplexity, an AI-powered answer engine built into the browser".

The Free Software Foundation's Licensing and Compliance Lab concerns itself with many aspects of software licensing, Krzysztof Siewicz said at the beginning of his 2025 GNU Tools Cauldron session. These include supporting projects that are facing licensing challenges, collecting copyright assignments, and addressing GPL violations. In this session, though, there was really only one topic that the audience wanted to know about: the interaction between free-software licensing and large language models (LLMs).

Security updates have been issued by Debian (ghostscript and libfcgi), Fedora (qt5-qtsvg), Red Hat (kernel, perl-FCGI, perl-FCGI:0.78, and vim), SUSE (bluez, curl, podman, postgresql14, python-xmltodict, and udisks2), and Ubuntu (linux-azure, linux-azure-5.4, linux-azure-fips, linux-oracle, and subversion).