Linux Weekly News

Security updates have been issued by Debian (corosync and kernel), Fedora (checkpointctl, chromium, curl, and perl-Catalyst-Authentication-Credential-HTTP), SUSE (firefox, frr, kernel, rustup, vim, and wireshark), and Ubuntu (glibc and pam).

Version 6.0.0 of the RPM Package Manager has been released. Notable changes in this release include support for multiple OpenPGP signatures per package, the ability to update previously installed PGP keys, as well as support for RPM v4 and v6 packages. See the release notes for full details.

Computers were once relatively static devices; if a peripheral was present at boot, it was unlikely to disappear while the system was operating. Those days are far behind us, though; devices can come and go at any time, often with no notice. That impermanence can create challenges for kernel code, which may not be expecting resources it is managing to make an abrupt exit. The revocable resource management patch set from Tzung-Bi Shih is meant to help with the creation of more robust — and more secure — kernel subsystems in a dynamic world.

Security updates have been issued by Debian (ffmpeg, jetty12, jetty9, jq, and pam), Fedora (curl, libssh, podman-tui, and prometheus-podman-exporter), Oracle (firefox, gnutls, kernel, and thunderbird), and SUSE (bluez, cairo, chromium, cmake, cups, firefox, frr, govulncheck-vulndb, kernel, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, mariadb, mybatis, ognl, python-h2, and rke2).

Linus has released 6.17-rc7 for testing. "Let's keep the testing going, and we'll have the final 6.17 in a week".

The Linux kernel generally wants to be in charge of the system as a whole; it runs on all of the available CPUs and controls access to them globally. Cong Wang has just come forward with a different approach: allowing each CPU to run its own kernel. The patch set is in an early form, but it gives a hint for what might be possible.

Greg Kroah-Hartman has announced the release of the 6.16.8, 6.12.48, 6.6.107, and 6.1.153 stable kernels; each contains an important set of fixes.

Blender 4.5 LTS was released on July 15, 2025, and will be supported through 2027. This is the last feature release of the 3D graphics-creation suite's 4.x series; it includes quality-of-life improvements, including work to bring the Vulkan backend up to par with the default OpenGL backend. With 4.5 released, Blender developers are turning their attention toward Blender 5.0, planned for release later this year. It will introduce substantial changes, particularly in the Geometry Nodes system, a central feature of Blender's procedural workflows.

Security updates have been issued by Debian (chromium, cjson, and firefox-esr), Fedora (expat, gh, scap-security-guide, and xen), Oracle (container-tools:rhel8, firefox, grub2, and mysql:8.4), SUSE (busybox, busybox-links, element-web, kernel, shadowsocks-v2ray-plugin, and yt-dlp), and Ubuntu (imagemagick, linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-azure, linux-azure-5.15, linux-azure-fips, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-raspi, linux-oracle-6.8, linux-realtime, and openjpeg2).

Time-slice extension is a proposed scheduler feature that would allow a user-space process to request to not be preempted for a short period while it executes a critical section. It is an idea that has been circulating for years, but efforts to implement it became more serious in February of this year. The latest developer to make an attempt at time-slice extension is Thomas Gleixner, who has posted a new patch set with a reworked API. Chances are good that this implementation is close to what will actually be adopted by the kernel.

Version 1.90.0 of the Rust language has been released. Changes include switching to the LLD linker by default, the addition of support for workspace publishing to cargo, and the usual set of stabilized APIs.

Security updates have been issued by AlmaLinux (gnutls, mysql:8.4, opentelemetry-collector, and python-cryptography), Debian (nextcloud-desktop), Fedora (chromium, firefox, forgejo, gitleaks, kernel, kernel-headers, lemonldap-ng, perl-Cpanel-JSON-XS, and python-pip), Red Hat (firefox and libxml2), Slackware (expat and mozilla), SUSE (avahi, bluez, cups, curl, firefox-esr, gdk-pixbuf, gstreamer, java-1_8_0-ibm, krb5, net-tools, podman, raptor, sevctl, tkimg, ucode-intel, and vim), and Ubuntu (linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-fips, linux-azure-fips, linux-gcp-fips, and linux-gcp-6.14, linux-oracle, linux-oracle-6.14).

The Universal Blue project has announced the release of Bluefin LTS, an image-based distribution similar to Bluefin that uses CentOS Stream 10 and EPEL instead of Fedora as its base:

Bluefin LTS ships with Linux 6.12.0, which is the kernel for the lifetime of release. An optional hwe branch with new kernels is available, offering the same modern kernel you'll find in Bluefin and Bluefin GTS. Both vanilla and HWE ISOs are available, and you can always choose to switch back and forth after installation. [...]

Bluefin LTS provides a backported GNOME desktop so that you are not left behind. This is an important thing for us. James has been diligently working on GNOME backports with the upstream CentOS community, and we feel bringing modern GNOME desktops to an LTS makes sense.

Version 7.0 of the Tails portable operating system has been released. This is the first version of Tails based on Linux 6.12.43, Debian 13 ("trixie") and GNOME 48. It uses ztsd instead of xz to compress the USB and ISO images to deliver a faster start time on most computers. The release is dedicated to the memory of Lunar, "a traveling companion for Tails, a Tor volunteer, Free Software hacker, and community organizer":

Lunar has always been by our side throughout Tails' history. From the first baby steps of the project that eventually became Tails, to the merge with Tor, he's provided sensible technical suggestions, out-of-the-box product design ideas, outreach support, and caring organizational advice.

Outside of Tor, Lunar worked on highly successful Free Software projects such as the Debian project, the Linux distribution on which Tails is based, and the Reproducible Builds project, which helps us verify the integrity of Tails releases.

See the changelog for a full list of fixes, upgraded applications, and removals. LWN covered Tails Project team leader intrigeri's DebConf25 talk in July.

Inside this week's LWN.net Weekly Edition:

• Front: Fighting human trafficking; End of 10; Link tags; Healthy subsystem communities; New kernel tools; Rust and Carbon; Typst.
• Briefs: Brief news items from throughout the community.
• Announcements: Newsletters, conferences, security updates, patches, and more.

Version 49 of the GNOME desktop environment has been released. Changes include new default video (Showtime) and PDF-viewing (Papers) applications, a number of calendar improvements, and updates to the Web, Maps, and Software applications.

Ian Jackson has published a blog post summarizing the tag2upload service's first month of handling uploads for the upcoming Debian 14 ("forky") release:

We announced tag2upload's open beta in mid-July. That was in the middle of the the freeze for trixie, so usage was fairly light until the forky floodgates opened.

Since then the service has successfully performed 637 uploads, of which 420 were in the last 32 days. That's an average of about 13 per day. For comparison, during the first half of September up to today there have been 2475 uploads to unstable. That's about 176/day.

So, tag2upload is already handling around 7.5% of uploads. This is very gratifying for a service which is advertised as still being in beta!

LWN covered tag2upload in July 2024.