lwn.net

At the Linux Security Summit Europe (LSS EU), Scott Constable and Sebastian Österlund gave a talk on an enhancement to a control-flow integrity (CFI) protection that was added to the kernel several years ago. The "FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking" mechanism was merged for Linux 6.2 in early 2023 to harden the kernel against CFI attacks of various sorts, but needed some fixes and enhancements more recently. The talk looked at the CFI vulnerability problem, FineIBT, and an enhanced version that is hoped to be able to unify all of the disparate hardware and software mitigations to address both regular and speculative CFI vulnerabilities.

Security updates have been issued by Debian (redis and valkey), Fedora (docker-buildkit, ibus-bamboo, pgadmin4, webkitgtk, and wordpress), Mageia (kernel-linus, kmod-virtualbox & kmod-xtables-addons, and microcode), Oracle (compat-libtiff3 and udisks2), Red Hat (rsync), Slackware (python3), SUSE (chromium, cJSON, digger-cli, glow, go1.24, go1.25, go1.25-openssl, grafana, libexslt0, libruby3_4-3_4, pgadmin4, python311-python-socketio, and squid), and Ubuntu (dpdk, libhtp, vim, and webkit2gtk).

Despite its increasing popularity, the Rust programming language is still supported by a single compiler, the LLVM-based rustc. At the 2025 GNU Tools Cauldron, Pierre-Emmanuel Patry said that a lot of people are waiting for a GCC-based Rust compiler before jumping into the language. Patry, who is working on just that compiler (known as "gccrs"), provided an update on the status of that project and what is coming next.

Sudden increases in the size of Fedora's initramfs files have prompted the project to fast-track a proposal to increase the default size of the /boot partition for new installs of Fedora 43 and later. The project has also walked back a few changes that have contributed to larger initramfs files, but the ever-increasing size of firmware means that the need for more room is unavoidable. The Fedora Engineering Steering Council (FESCo) has approved a last-minute change just before the final freeze for Fedora 43 to increase the default size of the /boot partition from 1GB to 2GB; this will leave plenty of space for kernels and initramfs images if a user is installing from scratch, but it is of no help for users upgrading from Fedora 42.

Ubuntu 25.10, "Questing Quokka", has been released. This release includes Linux 6.17, GNOME 49, GCC 15, Python 3.13.7, Rust 1.85, and more. This release also features Rust-based implementations of sudo and coreutils; LWN covered the switch to the Rust-based tools in March. The 25.10 version of Ubuntu flavors Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu have also been released.

Security updates have been issued by AlmaLinux (gnutls, kernel, kernel-rt, and open-vm-tools), Debian (chromium, python-django, and redis), Fedora (chromium, insight, mirrorlist-server, oci-seccomp-bpf-hook, rust-maxminddb, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, rust-protobuf-support, turbo-attack, and yarnpkg), Oracle (iputils, kernel, open-vm-tools, redis, and valkey), Red Hat (perl-File-Find-Rule and perl-File-Find-Rule-Perl), SUSE (expat, ImageMagick, matrix-synapse, python-xmltodict, redis, redis7, and valkey), and Ubuntu (fort-validator and imagemagick).

Inside this week's LWN.net Weekly Edition:

• Front: Kernel Rust features; systemd v258, part 2; Cauldron kernel hackers; BPF for GNU tools; 6.18 merge window, part 1; Lifetime-end pointer zapping; Robot Operating System.
• Briefs: OpenSSH 10.1; Firefox profiles; Python 3.14; U-Boot v2025.10; FSF presidency; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Firefox has long had support for multiple profiles to store personal information such as bookmarks, passwords, and user preferences. However, Firefox did not make profiles particularly discoverable or easy to manage. That is about to change; Mozilla has announced that it is launching a profile management feature that will make it easier to create and switch between profiles. According to the support page for the feature, it will be rolled out to users gradually beginning on October 14.

The Rust for Linux project has been good for Rust, Tyler Mandry, one of the co-leads of Rust's language-design team, said. He gave a talk at Kangrejos 2025 covering upcoming Rust language features and thanking the Rust for Linux developers for helping drive them forward. Afterward, Benno Lossin and Xiangfei Ding went into more detail about their work on the three most important language features for kernel development: field projections, in-place initialization, and arbitrary self types.

Security updates have been issued by Fedora (apptainer, civetweb, mod_http2, openssl, pandoc, and pandoc-cli), Oracle (kernel), Red Hat (gstreamer1-plugins-bad-free, iputils, kernel, open-vm-tools, and podman), SUSE (cairo, firefox, ghostscript, gimp, gstreamer-plugins-rs, libxslt, logback, openssl-1_0_0, openssl-1_1, python-xmltodict, and rubygem-puma), and Ubuntu (gst-plugins-base1.0, linux-aws-6.8, linux-aws-fips, linux-azure, linux-azure-nvidia, linux-gke, linux-nvidia-tegra-igx, and linux-raspi).

Version 3.14.0 of the Python language has been released. There are a lot of changes this time around, including official support for free threading, template string literals, and much more; see the announcement for details.

Paul McKenney gave a remote presentation at Kangrejos 2025 following up on the talk he gave last year about the lifetime-end-pointer-zapping problem: certain common patterns for multithreaded code are technically undefined behavior, and changes to the C and C++ specifications will be needed to correct that. Those changes could also impact code that uses unsafe Rust, such as the kernel's Rust bindings. Progress on the problem has been slow, but McKenney believes that a solution is near at hand.

Systemd v258 was released on September 17 after more than nine months of development. LWN has already covered some of the features and changes being readied for v258 before it was final. Now that the release is out, it is time to look at more of what came in v258, including a sandbox shell, new boot options, service-level disk quotas, and enhancements to systemd-resolved.

Taylor Blau has posted an extensive set of notes from the recently concluded Git Contributor's Summit. Covered topics include the SHA-256 transition, Rust, Change-ID headers, Git 3.0, and many more. The note are also available on Google Docs for those who prefer that format.

Security updates have been issued by Fedora (chromium), Red Hat (kernel, open-vm-tools, and postgresql), SUSE (chromedriver and chromium), and Ubuntu (haproxy and pam-u2f).

Version 2025.10 of the U-Boot boot loader has been released with new features, including Python tooling improvements, cleanups for implicit header inclusions, better support for numerous Arm platforms, support for new RISC-V platforms, better documentation, and more. Maintainer Tom Rini also reports on some project news: As I mentioned with the v2025.07 release, I was looking for a few people to step up and help with the overall organization and management of the project. To that end, Peter Robinson and Neil Armstrong have stepped up and have been helping me. This has been part of the process for the project to join up under the Software Freedom Conservancy's (SFC) umbrella and have a legal entity that can help the project work with other legal entities on things like donations.

At the time of writing, there have been 9,099 commits in the 6.18 merge window, 8,475 non-merges and 624 merges. The changes so far include core-kernel, graphics, and networking work, among others. There are no big surprises, but several items that were discussed at this year's LFSMM+BPF Summit have now been merged.

Support for BPF in the kernel has been tied to the LLVM toolchain since the advent of extended BPF. There has been a growing effort to add BPF support to the GNU toolchain as well, though. At the 2025 GNU Tools Cauldron, the developers involved got together with representatives of the kernel community to talk about the state of that work and what needs to happen next.

The 6.17.1, 6.16.11, 6.12.51, and 6.6.110 stable kernels have been released. This time around, they contain a relatively small number of important fixes in various parts of the kernel.

Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, git, log4cxx, and openssl), Fedora (containernetworking-plugins, firebird, firefox, jupyterlab, mupdf, and thunderbird), Oracle (ipa), Red Hat (container-tools:rhel8, firefox, gnutls, kernel, kernel-rt, multiple packages, mysql, mysql:8.0, nginx, podman, and thunderbird), Slackware (fetchmail), SUSE (afterburn, chromium, firefox, haproxy, libvmtools-devel, logback, python311-Django, python311-Django4, and redis), and Ubuntu (linux-gcp, linux-gcp-6.14, linux-oem-6.14, linux-nvidia-tegra-igx, linux-oracle, mysql-8.0, poppler, and squid).