Linux Weekly News

Security updates have been issued by Debian (node-url-parse), Fedora (assimp, conda-build, mod_md, util-linux, and webkitgtk), Oracle (firefox), SUSE (chromium, librsvg, poppler, python311, qemu, strongswan, webkit2gtk3, wireshark, and xen), and Ubuntu (linux-azure, linux-azure-5.4, linux-azure-5.15, linux-azure-fips, and linux-raspi, linux-raspi-realtime, linux-xilinx).

Mozilla has announced a new CEO, Anthony Enzor-DeMeo. Prior to becoming CEO, Enzor-DeMeo was general manager of Firefox and led its "vision, strategy, and business performance". He has published a blog post about taking over from interim CEO Laura Chambers, and his plans for Mozilla and Firefox:

As Mozilla moves forward, we will focus on becoming the trusted software company. This is not a slogan. It is a direction that guides how we build and how we grow. It means three things.

• First: Every product we build must give people agency in how it works. Privacy, data use, and AI must be clear and understandable. Controls must be simple. AI should always be a choice — something people can easily turn off. People should know why a feature works the way it does and what value they get from it.
• Second: our business model must align with trust. We will grow through transparent monetization that people recognize and value.
• Third: Firefox will grow from a browser into a broader ecosystem of trusted software. Firefox will remain our anchor. It will evolve into a modern AI browser and support a portfolio of new and trusted software additions.

The final part of the 2025 Maintainers Summit was devoted to the kernel's development process itself. There were two sessions, one on continuity and succession planning, and the traditional discussion, led by Linus Torvalds, on any pain points that the community is experiencing. There was not a lot that developers were unhappy about, and there are now more explicit plans in the works to provide a process should Torvalds abruptly become unable to fill his role.

Security updates have been issued by Debian (binwalk, glib2.0, libgd2, paramiko, and python-apt), Fedora (chromium, python3.13, python3.14, qt6-qtdeclarative, and usd), Mageia (ffmpeg, firefox, nspr, nss, and thunderbird), Oracle (kernel, mysql, mysql:8.0, mysql:8.4, ruby:3.3, wireshark, and xorg-x11-server), Red Hat (expat, mingw-expat, and rsync), SUSE (binutils, curl, glib2, gnutls, go1.24, go1.25, keylime, libmicrohttpd, libssh, openexr, postgresql15, python311, and xkbcomp), and Ubuntu (libsoup3, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-azure-6.14, linux-azure, linux-azure-6.8, linux-azure-fips, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-kvm, linux-oem-6.14, linux-raspi, and linux-realtime, linux-realtime-6.8).

Version 8.16.0 of the calibre ebook-management software, released on December 4, includes a "Discuss with AI" feature that can be used to query various AI/LLM services or local models about books, and ask for recommendations on what to read next. The feature has sparked discussion among human users of calibre as well, and more than a few are upset about the intrusion of AI into the software. After much pushback, it looks as though users will get the ability to hide the feature from calibre's user interface, but LLM-driven features are here to stay and more will likely be added over time.

Vojtěch Polášek has announced an unofficial effort to create a Fedora-based distribution designed for visually impaired users:

My ultimate vision for this project is "NO VOJTUX NEEDED!" because I believe Fedora should eventually be fully accessible out of the box. We aren't there yet, which is where Vojtux comes in to fill the gap. [...]

Key Features:
-Speaks out of the box: When the live desktop is ready, Orca starts automatically. After installation, it is configured so that it starts on the login screen and also after logging in.
-Batteries included: Comes with LIOS , Ocrdesktop, Tesseract, Audacity, and command-line tools like Git and Curl. There are also many preconfigured keyboard shortcuts.

See the repository for instructions on getting the image.

Despite depending heavily on tools, the kernel project often seems to under-invest in the development of those tools. There has been progress in that area, though. At the 2025 Maintainers Summit, Konstantin Ryabitsev, who is (among other things) the author of b4, led a session on ways in which the kernel's tools could be improved to make the development process more efficient and accessible.

Security updates have been issued by AlmaLinux (firefox, grafana, kernel, libsoup3, mysql8.4, and wireshark), Debian (ruby-git, ruby-sidekiq, thunderbird, and vlc), Fedora (apptainer, chromium, firefox, golangci-lint, libpng, and xkbcomp), Mageia (golang), SUSE (binutils, chromium, firefox, gegl, go1.25, govulncheck-vulndb, hauler, kernel, keylime, libpng12, pgadmin4, postgresql16, python, python-Django, python-django, python3, python311, rhino, thunderbird, unbound, and xkbcomp), and Ubuntu (usbmuxd).

Linus Torvalds released 6.19-rc1 and closed the 6.19 merge window on December 14 (Japan time), after having pulled 12,314 non-merge commits into the mainline. Over 8,000 of those commits came in after our first 6.19 merge-window summary was written. The second part of the merge window was focused on drivers, but brought in a number of other changes as well.

Linus has released 6.19-rc1, perhaps a bit earlier than expected.

So it's Sunday afternoon in the part of the world where I am now, so if somebody was looking at trying to limbo under the merge window timing with one last pull request and is taken by surprise by the slightly unusual timing of the rc1 release, that failed.

Teaching moment, or random capricious acts? You be the judge.

Ariadne Conill is exploring a capability-based approach to privilege escalation on Linux systems.

Inspired by the object-capability model, I've been working on a project named capsudo. Instead of treating privilege escalation as a temporary change of identity, capsudo reframes it as a mediated interaction with a service called capsudod that holds specific authority, which may range from full root privileges to a narrowly scoped set of capabilities depending on how it is deployed.

The ability to write kernel code in Rust was explicitly added as an experiment — if things did not go well, Rust would be removed again. At the 2025 Maintainers Summit, a session was held to evaluate the state of that experiment, and to decide whether the time had come to declare the result to be a success. The (arguably unsurprising) conclusion was that the experiment is indeed a success, but there were some interesting points made along the way.

Greg Kroah-Hartman has released the 6.18.1, 6.17.12, and 6.12.62 stable kernels. Each contains important fixes; users of those kernels are advised to upgrade.

One of the key components in the kernel's development process is the linux-next repository. Every day, a large number of branches, each containing commits intended for the next kernel development cycle, is pulled into linux-next and integrated. If there are conflicts between branches, the linux-next process will reveal them. In theory, many other types of problems can be found as well. Some developers feel that linux-next does not work as well as it could, though. At the 2025 Maintainers Summit, Mark Brown, who helps to keep linux-next going, led a session on how it could be made to work more effectively.

KDE has announced the release of KDE Gear 25.12. This release adds more "extractors" to the Itinerary travel-assistant application, improved Git support in the Kate text editor, better PDF export in Konqueror, and much more. See the changelog for all new features, improvements, and bug fixes.

Security updates have been issued by AlmaLinux (firefox, luksmeta, mysql, mysql:8.0, mysql:8.4, tomcat, and wireshark), Debian (chromium, kernel, and tzdata), Fedora (brotli, dr_libs, perl-Alien-Brotli, python-urllib3, singularity-ce, wireshark, and yarnpkg), Oracle (firefox, grafana, lasso, libsoup3, luksmeta, ruby, ruby:3.3, tomcat, and wireshark), Slackware (mozilla), SUSE (container-suseconnect, kubernetes-client, libpoppler-cpp2, postgresql14, postgresql15, and python3), and Ubuntu (c-ares, keystone, linux, linux-aws, linux-aws-5.15, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-xilinx-zynqmp, linux-azure, linux-azure-4.15, linux-oracle,, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-hwe-6.8, linux-oracle-6.8, linux-raspi, linux-realtime, linux-intel-iot-realtime, and python-urllib3).

Version 24.04 LTS of the Ubuntu-based Pop!_OS distribution has been released with the COSMIC Desktop Environment:

Today is special not only in that it's the culmination of over three years of work, but even more so in that System76 has built a complete desktop environment for the open source community. We're proud of this contribution to the open source ecosystem. COSMIC is built on the ethos that the best open source projects enable people to not only use them, but to build with them. COSMIC is modular and composable. It's the flagship experience for Pop!_OS in its own way, and can be adapted by anyone that wants to build their own unique user experience for Linux.

In addition to the COSMIC desktop environment, Pop!_OS is now available for Arm computers with the 24.04 LTS release, and the distribution has added hybrid graphics support for better battery life. LWN covered an alpha version of COSMIC in August 2024.

Version 1.92.0 of Rust has been released. This release includes a number of stabilized APIs, emits unwind tables by default on Linux, validates input to #[macro_export], and much more. See the separate release notes for Rust, Cargo, and Clippy.

The first topic of discussion at the 2025 Maintainers Summit has been in the air for a while: what role — if any — should machine-learning-based tools have in the kernel development process? While there has been a fair amount of controversy around these tools, and concerns remain, it seems that the kernel community, or at least its high-level maintainership, is comfortable with these tools becoming a significant part of the development process.

Security updates have been issued by Debian (ffmpeg, firefox-esr, libsndfile, and rear), Fedora (httpd, perl-CGI-Simple, and tinyproxy), Oracle (firefox, kernel, libsoup, mysql8.4, tigervnc, tomcat, tomcat9, and uek-kernel), SUSE (alloy, curl, dovecot24, fontforge, glib2, himmelblau, java-17-openjdk, java-21-openjdk, kernel, krb5, lasso, libvirt, mozjs128, mysql-connector-java, nvidia-open-driver-G07-signed-check, openssh, poppler, postgresql17, postgresql18, python-cbor2, python-Django, python310, python311-Django, runc, strongswan, tomcat11, and xwayland), and Ubuntu (binutils, libpng1.6, linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-xilinx-zynqmp, linux, linux-aws, linux-aws-6.14, linux-gcp, linux-hwe-6.14, linux-raspi, linux, linux-aws, linux-gcp, linux-realtime, and qtbase-opensource-src).