Linux Weekly News

The Kali Linux distribution has announced that software updates will soon start failing for all users:

This is not only you, this is for everyone, and this is entirely our fault. We lost access to the signing key of the repository, so we had to create a new one. At the same time, we froze the repository (you might have noticed that there was no update since Friday 18th), so nobody was impacted yet. But we're going to unfreeze the repository this week, and it's now signed with the new key.

The announcement includes instructions for how to recover from the problem.

Security updates have been issued by AlmaLinux (glibc, php:8.1, and thunderbird), Debian (libreoffice), Fedora (caddy), Mageia (chromium-browser-stable), Red Hat (php:8.1), SUSE (glow), and Ubuntu (kicad, linux-aws-5.15, linux-azure-nvidia, linux-gcp-5.15, mistral, python-mistral-lib, tomcat8, and trafficserver).

Version 3.25.0 of the Valgrind dynamic-analysis tool has been released. It has lots of new features, including initial support for RISC-V on Linux, handling zstd-compressed debug sections, integration of the Linux Test Project test suite, support for lots more Linux system calls, and more. It also has plenty of bug fixes, of course.

The Open Source Initiative (OSI) has quietly published "takeaways" from its internal retrospective on the recent board of directors election as an update to the March blog post that announced the new members of the board. The election was controversial, in part, due to poor communication and OSI changing the election rules and disqualifying several candidates after the election finished. LWN covered the election and results in March. The update commits to improvements in communication and candidate selection:

What this election exposed was the need for the organization to also assess whether candidates were fully eligible to run and prepared to be seated on the board before voting begins. This is something we will add to the election timeline next year. While we have not finished figuring out all of the requirements for that assessment, part of it will be asking candidates to sign a Candidate Agreement at nomination time. We also have some ideas on ways for potential candidates to have more information even before submitting a nomination.

In a related note, there is a petition asking OSI to publish the "complete, unaltered" results of the board of directors election. Thanks to Josh Triplett for the tip on the petition.

Martin Lau gave a talk in the BPF track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit about a performance problem plaguing the networking subsystem, and some potential ways to fix it. He works on BPF programs that need to store socket-local data; amid other improvements to the networking and BPF subsystems, retrieving that data has become a noticeable bottleneck for his use case. His proposed fix prompted a good deal of discussion about how the data should be laid out.

Security updates have been issued by AlmaLinux (thunderbird), Debian (distro-info-data, imagemagick, kernel, libsoup2.4, and poppler), Fedora (chromium, java-1.8.0-openjdk, java-1.8.0-openjdk-portable, java-17-openjdk, java-17-openjdk-portable, java-latest-openjdk, pgadmin4, thunderbird, and xz), Mageia (haproxy and libxml2), Oracle (bluez, firefox, gnutls, libtasn1, libxslt, mod_auth_openidc:2.3, ruby:3.1, thunderbird, and xmlrpc-c), Red Hat (delve and golang, glibc, mod_auth_openidc, mod_auth_openidc:2.3, and thunderbird), SUSE (augeas, chromedriver, cifs-utils, govulncheck-vulndb, java-11-openjdk, java-21-openjdk, kyverno, libraw, opentofu, runc, subfinder, and valkey), and Ubuntu (jupyter-notebook and libxml2).

The 6.15-rc4 kernel prepatch is out for testing. "So let's see if this rc ends up avoiding any silly issues - things certainly look pretty normal, and there were no hurried last-minute changes this week due to system upgrades".

The OpenBSD 7.7 release is available. There is, as usual, a long list of changes; see the full changelog for lots of details.

The Debian project is discussing a General Resolution (GR) that would, if approved, clarify that AI models must include training data to be compliant with the Debian Free Software Guidelines (DFSG) and be distributed by Debian as free software. While GR discussions are sometimes contentious, the discussion around the proposal from Debian developer Mo Zhou has been anything but—there seems to be consensus that AI models are not DFSG-compliant if they lack training data. There are, however, some questions about the exact language and questions about the impact the GR will have on existing packages in the Debian archive.

Version 15.1 of the GNU Compiler Collection has been released. Changes include implementing the C23 dialect by default, a number of new C++26 features, experimental support for unsigned integers in Fortran, a new COBOL front end, and more. See the GCC 15 changes page for details.

The 6.14.4, 6.12.25, 6.6.88, and 6.1.135 stable kernel updates have been released; each contains another set of important fixes.

Security updates have been issued by AlmaLinux (thunderbird), Debian (libbpf), Fedora (golang-github-openprinting-ipp-usb, ImageMagick, mingw-libsoup, mingw-poppler, and pgbouncer), SUSE (glib2, govulncheck-vulndb, libsoup-2_4-1, libxml2-2, mozjs60, ruby2.5, and thunderbird), and Ubuntu (linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-aws, linux-aws-5.4, linux-gcp-5.4, linux-iot, linux-aws-fips, linux-azure-fips, linux-fips, linux-gcp-fips, linux-hwe-6.8, linux-ibm-5.4, linux-oracle-5.15, openssh, and php-twig).

The Debian Project Leader election results have been announced. Andreas Tille has been re-elected and will serve another term through April 2026. LWN looked at the election and candidates in early April.

New compiler releases often bring with them new warnings; those warnings are usually welcome, since they help developers find problems before they turn into nasty bugs. Adapting to new warnings can also create disruption in the development process, though, especially when an important developer upgrades to a new compiler at an unfortunate time. This is just the scenario that played out with the 6.15-rc3 kernel release and the implementation of -Wunterminated-string-initialization in GCC 15.

Sometimes worms have a tendency to multiply once their can is opened. James Bottomley recently encountered that situation; he led a session in the filesystem track at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF) to discuss filesystem behavior with respect to suspending and resuming the system. As he noted in his topic proposal, he came at the problem because he needed a way to resynchronize the contents of efivarfs after a system resume and thought there should be an API available to use. But, as the resulting thread shows, the filesystem freeze and thaw code had never been used by the system-wide suspend and resume code. Due to a scheduling mixup, though, several of us missed Bottomley's session, including Luis Chamberlain who has been working on hooking those two pieces up; what follows is largely from a second session that Chamberlain led, with some background information from the topic-proposal discussion and an email exchange with Bottomley.

Security updates have been issued by Debian (haproxy and openrazer), Fedora (c-ares and mingw-poppler), Red Hat (thunderbird), SUSE (epiphany, ffmpeg-6, gopass, and libsoup-3_0-0), and Ubuntu (erlang, haproxy, libapache2-mod-auth-openidc, libarchive, linux, linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-raspi, linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-aws-6.8, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure-fips, linux-gcp, linux-gke, linux-gkeop, linux-gcp-6.8, linux-ibm-5.15, linux-intel-iot-realtime, linux-realtime, linux-intel-iotg-5.15, linux-realtime, perl, and yelp, yelp-xsl).

Inside this week's LWN.net Weekly Edition:

• Front: Owen Le Blanc and MCC; UID/GID drift; DMA for UIO; More LSFMM+BPF 2025 coverage.
• Briefs: EU OS; RISC-V Fedora; Ubuntu 25.04; NLnet funding; Template strings; Tor Browser 14.5; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The Fedora Project is looking for solutions to an interesting problem with its image-based editions and spins, such as the Atomic Desktops or CoreOS, that are created with rpm-ostree or bootc. If a package that is part of a image-based version has a user or group created dynamically on installation, and it owns files installed on the system, the system may be subject to user ID (UID) and group ID (GID) "drift" on updates. This "UID/GID drift" may come about when a new image with updates is generated, and therefore files may have the wrong ownership. This can have side-effects ranging from mildly inconvenient to serious. No solutions have been adopted just yet, but there are a few ideas on how to deal with the problem.

The NLnet Foundation has announced the projects that have received funding from its October call for grant proposals from the Next Generation Internet (NGI) Zero Commons Fund.

The selected projects all contribute, one way or another, to the mission of the Commons Fund: reclaiming the public nature of the internet. For example, there are people working on interesting open hardware projects such as the tablet MNT Reform Touch and the Solar FemtoTX motherboard — a collaborative effort to create an ultra-low power motherboard that can run on solar power. LLM2FPGA aims to enable running open source LLMs locally on programmable chips ("FPGAs") using a fully open-source toolchain. bcachefs readies itself as the next generation filesystem for Linux, improving performance, scalability and reliability when compared to legacy filesystems.

In all, 42 projects have been selected for the NGI grants which are between €5,000 and €50,000. See the announcement for the full list of selected projects, and the current projects page for other recent projects funded by NLnet.

In the filesystem track at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Amir Goldstein wanted to resume discussing a feature that he had briefly introduced at the end of a 2023 summit session: filesystem "write barriers". The idea is to have an operation that would wait for any in-flight write() system calls, but not block any new write() calls as bigger hammers, such as freezing the filesystem, would do. His prototype implementation is used by a hierarchical storage management (HSM) system to create a crash-consistent change log, but there may be other use cases to consider. He wanted to discuss implementation options and the possibility of providing an API for user-space applications.