lwn.net

Security updates have been issued by Debian (kernel, linux-6.1, munge, and tcpflow), Fedora (accel-ppp, atuin, babl, bustle, endless-sky, envision, ettercap, fapolicy-analyzer, firefox, glycin, gnome-settings-daemon, go-fdo-client, greenboot-rs, greetd, helix, hwdata, keylime-agent-rust, kiwi, libdrm, maturin, mirrorlist-server, ntpd-rs, ogr2osm, open-vm-tools, perl-App-Cme, perl-Net-RDAP, perl-rdapper, polymake, python-requests-ratelimiter, python-tqdm, rust-add-determinism, rust-afterburn, rust-ambient-id, rust-app-store-connect, rust-bat, rust-below, rust-btrd, rust-busd, rust-bytes, rust-cargo-c, rust-cargo-deny, rust-coreos-installer, rust-crypto-auditing-agent, rust-crypto-auditing-client, rust-crypto-auditing-event-broker, rust-crypto-auditing-log-parser, rust-dua-cli, rust-eif_build, rust-git-delta, rust-git-interactive-rebase-tool, rust-git2, rust-gst-plugin-dav1d, rust-gst-plugin-reqwest, rust-heatseeker, rust-ingredients, rust-jsonwebtoken, rust-lsd, rust-monitord, rust-monitord-exporter, rust-muvm, rust-nu, rust-num-conv, rust-onefetch, rust-oo7-cli, rust-pleaser, rust-pore, rust-pretty-git-prompt, rust-procs, rust-rbspy, rust-rbw, rust-rd-agent, rust-rd-hashd, rust-redlib, rust-resctl-bench, rust-resctl-demo, rust-routinator, rust-sccache, rust-scx_layered, rust-scx_rustland, rust-scx_rusty, rust-sequoia-chameleon-gnupg, rust-sequoia-keystore-server, rust-sequoia-octopus-librnp, rust-sequoia-sq, rust-sevctl, rust-shadow-rs, rust-sigul-pesign-bridge, rust-speakersafetyd, rust-tealdeer, rust-time, rust-time-core, rust-time-macros, rust-tokei, rust-weezl, rust-wiremix, rust-ybaas, rustup, sad, strawberry, systemd, tbtools, transmission, trustedqsl, tuigreet, uv, and vdr-extrecmenung), Oracle (brotli, git-lfs, java-1.8.0-openjdk, kernel, libsoup, libsoup3, nodejs:24, python3.12, and thunderbird), Red Hat (fence-agents, python-urllib3, python3.11-urllib3, python3.12-urllib3, and resource-agents), SUSE (avahi, cups, freerdp, golang-github-prometheus-prometheus, java-11-openjdk, java-17-openjdk, libsoup2, libxml2, and python-pip), and Ubuntu (expat, glib2.0, and imagemagick).

Linus has released the 6.19 kernel. "No big surprises anywhere last week, so 6.19 is out as expected - just as the US prepares to come to a complete standstill later today watching the latest batch of televised commercials."

The most significant changes in 6.19 include initial support for Intel's linear address-space separation feature, support for Arm Memory system resource Partitioning And Monitoring, the listns() system call, a reworked restartable-sequences implementation, support for large block sizes in the ext4 filesystem, some networking changes for improved memory safety, the live update orchestrator, and much more. See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.19 page for details.

For those wanting more machine learning in the kernel, Viacheslav Dubeyko has posted a new in-kernel library for that purpose.

What is the goal of using ML models in Linux kernel? The main goal is to employ ML models for elaboration of a logic of particular Linux kernel subsystem based on processing data or/and an efficient subsystem configuration based on internal state of subsystem. As a result, it needs: (1) collect data for training, (2) execute ML model training phase, (3) test trained ML model, (4) use ML model for executing the inference phase. The ML model inference can be used for recommendation of Linux kernel subsystem configuration or/and for injecting a synthesized subsystem logic into kernel space (for example, eBPF logic).

It is rigorously undocumented and there are no real users, so it's not entirely clear what the purpose is, but there are undoubtedly interesting things that could be done with it.

Greg Kroah-Hartman has released the 6.18.9, 6.12.69, 6.6.123, 6.1.162, 5.15.199, and 5.10.249 stable kernels. As always, each contains important fixes throughout the tree; users are advised to upgrade.

The Ardour digital-audio-workstation (DAW) project has announced the release of version 9.0. This is a major release for the project, seeing several substantive new features that users have asked for over a long period of time. Region FX, clip recording, a touch-sensitive GUI, pianoroll windows, clip editing and more, not to mention dozens of bug fixes, new MIDI binding maps, improved GUI performance on macOS (for most) ...

We expect to get feedback on some of the major new features in this release, and plan to take that into account as we improve and refine them and the rest of Ardour going forward. We have no doubt that there will be both delight and disappointment with certain things - rather than assume that we don't know what we're doing, please leave us feedback on the forums so that Ardour gets better over time. Those of you new to our clip launching implementation might care to read up on the differences with Ableton Live.

In the coming weeks, we'll begin to sketch out what we have planned next for Ardour, in addition to responding to the feedback we get on this 9.0 release.

Control-flow integrity (CFI) is a set of techniques that make it more difficult for attackers to hijack indirect jumps to exploit a system. The Linux kernel has supported forward-edge CFI (which protects indirect function calls) since 2020, with the most recent implementation of the feature introduced in 2022. That version avoids the overhead introduced by the earlier approach by using a compiler flag (-fsanitize=kcfi) that is present in Clang but not in GCC. Now, Kees Cook has a patch set adding that support to GCC that looks likely to land in GCC 17.

The Linux From Scratch (LFS) project provides step-by-step instructions on building a customized Linux system entirely from source. Historically, the project has provided separate System V and systemd editions, which gave users a choice of init systems. Bruce Dubbs has announced the project will no longer produce the System V version:

There are two reasons for this decision. The first reason is workload. No one working on LFS is paid. We rely completely on volunteers. In LFS there are 88 packages. In BLFS there are over 1000. The volume of changes from upstream is overwhelming the editors. In this release cycle that started on the 1st of September until now, there have been 70 commits to LFS and 1155 commits to BLFS (and counting). When making package updates, many packages need to be checked for both System V and systemd. When preparing for release, all packages need to be checked for each init system.

The second reason for dropping System V is that packages like GNOME and soon KDE's Plasma are building in requirements that require capabilities in systemd that are not in System V. This could potentially be worked around with another init system like OpenRC, but beyond the transition process it still does not address the ongoing workload problem.

[...] As a personal note, I do not like this decision. To me LFS is about learning how a system works. Understanding the boot process is a big part of that. systemd is about 1678 "C" files plus many data files. System V is "22" C files plus about 50 short bash scripts and data files. Yes, systemd provides a lot of capabilities, but we will be losing some things I consider important.

The next version, 13.0, is expected in March and will only focus on systemd.

Security updates have been issued by AlmaLinux (freerdp, kernel, python3, and python3.12-wheel), Debian (alsa-lib, chromium, openjdk-25, phpunit, tomcat10, tomcat11, and tomcat9), Fedora (openqa, pgadmin4, phpunit10, phpunit11, phpunit12, phpunit8, phpunit9, and yarnpkg), Mageia (python-django), SUSE (alloy, cups, dpdk, expat, glib2, java-1_8_0-ibm, java-1_8_0-openj9, java-25-openjdk, kernel, libpainter0, libsoup, libxml2, openssl-3, python-filelock, python-wheel, python312-Django6, thunderbird, traefik2, udisks2, wireshark, and xen), and Ubuntu (glib2.0, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, python3.14, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4, and tracker-miners).

The first installment in this series introduced several data structures in the kernel's swap subsystem and described work to replace some of those with a new "swap table" structure. The work did not stop there, though; there is more modernization of the swap subsystem queued for an upcoming development cycle, and even more for multiple kernel releases after that. Once that work is done, the swap subsystem will be both simpler and faster than it is now.

Security updates have been issued by AlmaLinux (brotli, curl, kernel, python-wheel, and python3.12), Debian (containerd), Fedora (gnupg2, pgadmin4, phpunit10, phpunit11, phpunit12, phpunit8, phpunit9, and yarnpkg), Mageia (expat), Oracle (qemu-kvm and util-linux), Red Hat (kernel, kernel-rt, opentelemetry-collector, and python3.12-wheel), SUSE (abseil-cpp, dpdk, freerdp, glib2, ImageMagick, java-11-openj9, java-17-openj9, java-1_8_0-ibm, java-1_8_0-openj9, java-1_8_0-openjdk, java-21-openj9, kernel, libsoup, libsoup-3_0-0, openssl-3, patch, python-Django, rekor, rizin, udisks2, and xrdp), and Ubuntu (gh, linux, linux-aws, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-gcp, linux-oem-6.17, linux-oracle, linux-raspi, linux-realtime, linux, linux-gke, linux-gkeop, linux-hwe-6.8, linux-oracle, linux-oracle-6.8, linux-raspi, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-realtime, linux-intel-iot-realtime, and linux-realtime, linux-realtime-6.8, linux-raspi-realtime).

Inside this week's LWN.net Weekly Edition:

• Front: Sigil; Eurydice; Sub-schedulers for sched_ext; Swap table; Futex robust lists; Tyr.
• Briefs: openSUSE governance; Git 2.53.0; LibreOffice 26.2; Open Source Award; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The robust futex kernel API is a way for a user-space program to ensure that the locks it holds are properly cleaned up when it exits. But the API suffers from a number of different problems, as André Almeida described in a session in the "Gaming on Linux" microconference at the 2025 Linux Plumbers Conference in Tokyo. He had some ideas for a new API that would solve many of those problems, which he wanted to discuss with attendees; there is a difficult-to-trigger race condition that he wanted to talk about too.

Creating an ebook in EPUB format is easy, for certain values of "easy". All one really needs is a text editor, a few command-line utilities; also needed is a working knowledge of XHTML, CSS, along with an understanding of the format's structure and required boilerplate. Creating a well-formatted and attractive ebook is a bit harder. However, it can be made easier with an application custom-made for the purpose. Sigil is an EPUB editor that provides the tooling authors and publishers may be looking for.

Version 26.2 of the LibreOffice office suite has been released. LibreOffice 26.2 is focused on improvements that make a difference in daily work and brings better performance, smoother interaction with complex documents and improved compatibility with files created in other office software. Whether you're writing reports, managing spreadsheets, or preparing presentations, the experience feels more responsive and reliable.

LibreOffice has always been about giving users control. LibreOffice 26.2 continues that tradition by strengthening support for open document standards, and ensuring long-term access to your files, without subscriptions, license restrictions, or data collection. Your documents stay yours – forever.

More information can be found in the release notes for LibreOffice 26.2.

Security updates have been issued by Debian (thunderbird), Fedora (openqa, os-autoinst, python-jupytext, python-python-multipart, rust-sequoia-keystore-server, rust-sequoia-octopus-librnp, rust-sequoia-sq, rust-sequoia-sqv, and xen), Oracle (curl, kernel, net-snmp, python3, and python3.12), Red Hat (container-tools:rhel8, fence-agents, golang, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, opentelemetry-collector, podman, python-s3transfer, python-wheel, and resource-agents), SUSE (alloy, chromium, cockpit-podman, cockpit-subscriptions, dpdk, elemental-register, elemental-toolkit, glib2, glibc, gpg2, ImageMagick, imagemagick, jasper, java-17-openjdk, java-21-openjdk, kernel, libheif, libmlt++, libpng16, libsodium, libsoup, libvirt, openssl-3, openvpn, php8, postgresql16, postgresql17 and postgresql18, protobuf, python-FontTools, python-fonttools, python-h2, python-python-multipart, python-urllib3, python-wheel, python311-PyNaCl, trivy, ucode-amd, udisks2, unbound, util-linux, wireshark, and xkbcomp), and Ubuntu (emacs, freerdp2, glibc, imagemagick, mysql-8.0, pagure, python-django, python-filelock, python-internetarchive, and python-keystonemiddleware).

The team behind Tyr started 2025 with little to show in our quest to produce a Rust GPU driver for Arm Mali hardware, and by the end of the year, we were able to play SuperTuxKart (a 3D open-source racing game) at the Linux Plumbers Conference (LPC). Our prototype was a joint effort between Arm, Collabora, and Google; it ran well for the duration of the event, and the performance was more than adequate for players. Thankfully, we picked up steam at precisely the right moment: Dave Airlie just announced in the Maintainers Summit that the DRM subsystem is only "about a year away" from disallowing new drivers written in C and requiring the use of Rust. Now it is time to lay out a possible roadmap for 2026 in order to upstream all of this work.

Security updates have been issued by AlmaLinux (fence-agents, gcc-toolset-15-binutils, golang-github-openprinting-ipp-usb, iperf3, kernel, kernel-rt, openssl, osbuild-composer, php:8.2, python3, util-linux, and wireshark), Debian (clamav and xrdp), Fedora (gimp and openttd), Mageia (docker-containerd), Oracle (gimp:2.8, golang-github-openprinting-ipp-usb, grafana-pcp, image-builder, iperf3, kernel, openssl, osbuild-composer, php, php:8.2, php:8.3, python3.9, util-linux, and wireshark), SUSE (cockpit-subscriptions, elemental-register, elemental-toolkit, glibc, gpg2, logback, openssl-1_1, python-urllib3, ucode-amd, and unbound), and Ubuntu (inetutils, libpng1.6, mysql-8.0, mysql-8.4, openjdk-17, openjdk-17-crac, openjdk-21, openjdk-21-crac, openjdk-25, openjdk-25-crac, openjdk-8, openjdk-lts, and thunderbird).

Version 2.53.0 of the Git source-code management system has been released. Changes include documentation for the Git data model, the ability to choose the diff algorithm to use with git blame, a new white-space error class, and more; see the announcement for details.

The kernel's swap subsystem is a complex and often unloved beast. It is also a critical component in the memory-management subsystem and has a significant impact on the performance of the system as a whole. At the 2025 Linux Storage, Filesystem, Memory-Management and BPF Summit, Kairui Song outlined a plan to simplify and optimize the kernel's swap code. A first installment of that work, written with help from Chris Li, was merged for the 6.18 release. This article will catch up with the 6.18 work, setting the stage for a future look at the changes that are yet to be merged.

Security updates have been issued by AlmaLinux (iperf3, kernel, and php), Debian (ceph, pillow, pyasn1, python-django, and python-tornado), Fedora (bind9-next, cef, chromium, fontforge, java-21-openjdk, java-25-openjdk, java-latest-openjdk, mingw-python-urllib3, mingw-python-wheel, nodejs20, nodejs22, nodejs24, opencc, openssl, python-wheel, and qownnotes), Red Hat (binutils, gcc-toolset-13-binutils, gcc-toolset-14-binutils, gcc-toolset-15-binutils, java-1.8.0-openjdk, and java-25-openjdk), Slackware (expat), SUSE (bind, cacti, cacti-spine, chromedriver, chromium, dirmngr, fontforge-20251009, glib2, golang-github-prometheus-prometheus, govulncheck-vulndb, icinga2, ImageMagick, kernel, logback, openCryptoki, openssl-1_1, python311-djangorestframework, python311-pypdf, python314, python315, qemu, and xen), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm and linux-aws-fips, linux-fips, linux-gcp-fips).