Linux Weekly News

Security updates have been issued by AlmaLinux (apache-commons-beanutils, firefox, kea, kernel, kernel-rt, libblockdev, libvpx, pam, python-setuptools, python3, python3.11, python3.12, python3.9, and sudo), Debian (chromium), Gentoo (sudo), Oracle (.NET 8.0, buildah, firefox, freerdp, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, gvisor-tap-vsock, libsoup3, mod_proxy_cluster, perl-FCGI, podman, python-setuptools, qt6-qtbase, skopeo, sudo, and thunderbird), Slackware (mozilla), SUSE (redis, runc, xorg-x11-server, and xwayland), and Ubuntu (composer, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-raspi, linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime, linux, linux-aws, linux-lts-xenial, linux, linux-gcp, linux-raspi, linux-realtime, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-realtime, and linux-realtime, linux-raspi-realtime).

Version 5.0 of the GNU Health Hospital Information System has been released. This project, working to support medical offices, shows just how far the free-software effort can reach. Changes in this release include improved reporting and analytics, more comprehensive handling of many types of patient information, a reworked medical-imaging subsystem, better insurance and billing functionality, and more.

Transparent huge pages (THPs) are, theoretically, supposed to allow processes to benefit from larger page sizes without changes to their code. This does work, but the performance impacts from THPs are not always a benefit, so system administrators with specific knowledge of their workloads may want the ability to fine-tune THPs to the application. On May 15, Usama Arif shared a patch set that would add a prctl() option for setting THP defaults for a process; that patch set has sparked discussion about whether such a setting is a good fit for prctl(), and what alternative designs may work instead.

The extensible scheduler class ("sched_ext") allows the loading of a custom CPU scheduler into the kernel as a set of BPF functions; it was merged for the 6.12 kernel release. Since then, sched_ext has enabled a wide range of experimentation with scheduling algorithms. At the 2025 Open Source Summit North America, Ching-Chun ("Jim") Huang presented work that has been done to apply (local) machine learning to the problem of scheduling processes on complex systems.

The OsmAnd map and navigation app project recently celebrated its 15th anniversary.

All these 15 years can be roughly divided into three stages. For the first five years, we built the very basic functionality—offline maps and navigation that just worked. Over the next five years, we transformed OsmAnd into a full-fledged application with plugins, extensive settings, and professional tools. We dedicated the third five-year period to deep internal work: completely rewriting and improving key components like the rendering engine and routing algorithms.

Now, a new, fourth stage begins. We have reached functional maturity, and our main goal for the near future is to polish what we've already built. We will focus on stability, speed, and consolidation. User expectations are growing, and what was once considered normal must now be flawless.

(Thanks to Paul Wise).

Security updates have been issued by AlmaLinux (delve, emacs, gimp, gimp:2.8, glibc, idm:DL1, ipa, iputils, kernel, krb5, libarchive, libblockdev, libxml2, mod_proxy_cluster, osbuild-composer, pam, perl-File-Find-Rule, perl-YAML-LibYAML, qt5-qtbase, weldr-client, xorg-x11-server and xorg-x11-server-Xwayland, and xorg-x11-server-Xwayland), Debian (mbedtls and sudo), Oracle (.NET 8.0, delve, delve, golang, firefox, ghostscript, glibc, golang, grafana, iputils, kernel, krb5, libarchive, libblockdev, nodejs22, ruby, thunderbird, tomcat, tomcat9, unbound, and wireshark), Red Hat (glibc and mod_auth_openidc), Slackware (sudo), SUSE (gpg2, ImageMagick, iputils, jakarta-commons-fileupload, kernel, libblockdev, libsoup, open-vm-tools, pam, python-tornado6, screen, sudo, and xwayland), and Ubuntu (linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime, linux-gcp, linux-gcp-6.8, linux-hwe-5.4, linux-oem-6.11, and sudo).

A change proposal to end support for 32-bit x86 (i686) applications on the x86_64 architecture with the Fedora 44 release has been withdrawn after significant pushback. As proposed, the change could have had a significant impact on gamers, compiler development, and the Bazzite project, which uses Fedora as a base for a gaming-focused distribution. While i686 gets a reprieve for now, the question still lingers: who is going to keep the necessary i686 packages in working order when few upstream maintainers or volunteer packagers care about the architecture?

Security updates have been issued by AlmaLinux (mod_proxy_cluster), Debian (catdoc, chromium, nagvis, and sudo), Fedora (chromium, gum, kubernetes1.32, moodle, podman, python3-docs, python3.13, salt, and tigervnc), Mageia (x11-server, x11-server-xwayland & tigervnc), Oracle (apache-commons-beanutils, exiv2, expat, firefox, git, git-lfs, gstreamer1-plugins-bad-free, ipa, java-21-openjdk, kea, kernel, libarchive, libblockdev, libsoup3, libvpx, libxslt, mod_auth_openidc, nodejs22, osbuild-composer, perl, perl-File-Find-Rule, php, python-jinja2, python-tornado, sqlite, thunderbird, valkey, varnish, weldr-client, xorg-x11-server-Xwayland, xz, and yggdrasil), Red Hat (apache-commons-beanutils, javapackages-tools:201801, kernel, and python3.11), SUSE (apache-commons-fileupload, gimp, glib2, himmelblau, nvidia-open-driver-G06-signed, sqlite3, thunderbird, yelp, and yelp-xsl), and Ubuntu (samba).

Linus has released 6.16-rc4 for testing. "Despite a fairly large merge window, things continue to look fairly calm on the rc front".

In 2023, Fujita Tomonori wrote a Rust version of the existing driver for the Asix AX88796B embedded Ethernet controller. At slightly more than 100 lines, it's about as simple as a driver can be, and therefore is a useful touchstone for the differences between writing Rust and C in the kernel. Looking at the Rust syntax, types, and APIs used by the driver and contrasting them with the C version will help illustrate those differences.

The history of the bcachefs filesystem in the kernel has been turbulent, most recently with Linus Torvalds refusing a pull request for the 6.16-rc3 release. Torvalds has now pulled the code in question, but also said:

I think we'll be parting ways in the 6.17 merge window.

You made it very clear that I can't even question any bug-fixes and I should just pull anything and everything.

Honestly, at that point, I don't really feel comfortable being involved at all, and the only thing we both seemed to really fundamentally agree on in that discussion was "we're done".

Bcachefs developer Kent Overstreet has his own view of the situation. Both Torvalds and Overstreet refer to a seemingly private conversation where the pull request (and other topics) were discussed.

Kernel versions 6.15.4, 6.12.35, 6.6.95, 6.1.142, 5.15.186, 5.10.239, and 5.4.295 have all been released.

Security updates have been issued by Debian (freeradius and icu), Fedora (clamav, glow, libssh, perl-Crypt-OpenSSL-RSA, perl-CryptX, podman, trafficserver, and xorg-x11-server), Mageia (gdk-pixbuf2.0 and thunderbird), Red Hat (osbuild-composer and weldr-client), SUSE (afterburn, google-osconfig-agent, libblockdev, pam, python-tornado6, screen, and yelp-xsl), and Ubuntu (libxslt and python-pip).

Version 1.88.0 of the Rust language has been released. Changes include the ability to chain let expressions, "naked" functions that have no compiler-generated prologue or epilogue, automatic garbage collection in cargo, a set of stabilized APIs, and more.

Version 10 of the Oracle Linux distribution has been released.

Oracle Linux 10 is now generally available for 64-bit Intel and AMD (x86_64) and 64-bit Arm (aarch64) platforms. Oracle Linux 10 delivers robust security and exceptional performance for business agility and demanding workloads at cloud scale. Key features include modernized cryptographic capabilities, advancements in developer tooling, and innovations for resilient infrastructure.

Over on the Collabora blog, Tathagata Roy has an update on the progress of targeting the Coccinelle tool for matching and transforming source code to Rust. The Coccinelle for Rust project, which we covered in a 2024 talk by Roy at Kangrejos, is adding the ability to transform Rust programs and the goal is "to bring Coccinelle For Rust at par with Coccinelle For C in terms of basic functionalities". There is still work to be done to get there, but progress is being made in various areas. Computational Tree Logic (CTL) is the heart of Coccinelle, which takes semantic patches and generalizes them over Rust files. Prior to using this engine, CfR used an ad-hoc method for matching patterns of code. This engine is the same as the one used for Coccinelle for C, with a few minor changes. Most of the changes were idiomatic but to the same effect. More information on the engine and its language (CTL-VW) can be found in the POPL Paper. With a standard engine, each step of the matching process can be logged, allowing us to learn and reuse the same design patterns from Coccinelle for C, including critical test cases.

Kernel development and machine learning seem like vastly different areas of endeavor; there are not, yet, stories circulating about the vibe-coding of new memory-management algorithms. There may well be places where machine learning (and large language models — LLMs — in particular) prove to be helpful on the edges of the kernel project, though. At the 2025 North-American edition of the Open Source Summit, Sasha Levin presented some of the work he has done putting LLMs to work to make the kernel better

Security updates have been issued by Debian (firefox-esr and libxml2), Fedora (firefox, libtpms, and tigervnc), Mageia (chromium-browser-stable and nss & firefox), Oracle (emacs, iputils, kernel, krb5, libarchive, mod_proxy_cluster, pam, perl-File-Find-Rule, perl-YAML-LibYAML, and qt5-qtbase), Red Hat (opentelemetry-collector, osbuild-composer, and weldr-client), SUSE (clamav, firefox, go1.24-openssl, and helm), and Ubuntu (libarchive, linux-azure, linux-azure-5.4, linux-azure-fips, linux-fips, linux-azure-nvidia, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-xilinx-zynqmp, and python-urllib3).

Inside this week's LWN.net Weekly Edition:

• Front: Libxml2; GNOME and systemd; Rust in the kernel; Defconfigs; ngnfs, Free-threaded Python; Asterinas.
• Briefs: LSFMM+BPF book; tag2upload; PostmarketOS 25.06; Firefox 140.0; NLnet funding; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The NLnet Foundation has announced a new group of projects receiving funding through the Next Generation Internet (NGI) Zero Commons Fund.

Free and open source technologies, open standards, open hardware and open data help to strengthen the open web and the open internet. The projects selected by NLnet all contribute in their own way to this important goal, and will empower end users and the community at large on different layers of the stack. For example, there are people working a browser controlled ad hoc cellular network (Wsdr) which can be used to create small mobile networks where they are needed. The open hardware security key Nitrokey is aiming for formal certification of their implementation of the FIDO2 standard, and will be adding encrypted storage capabilities. There are also more applied technologies: the high end open hardware microscope OpenFlexure will enable among others e-health use cases such as telepathology, allowing medical professionals to work together to help people in more remote areas.

See the announcement for the full list of selected projects and the current projects page for other projects recently funded by NLnet.