Linux Weekly News

The 6.12.38, 6.6.98, 6.1.145, and 5.15.188 stable kernel updates have been released, each contains a single AMD-related fix. "Only users of AMD x86-based processors need to upgrade, all others may skip this release".

Performance of Python programs has been a major focus of development for the language over the last five years or so; the Faster CPython project has been a big part of that effort. One of its subprojects is to add an experimental just-in-time (JIT) compiler to the language; at last year's PyCon US, project member Brandt Bucher gave an introduction to the copy-and-patch JIT compiler. At PyCon US 2025, he followed that up with a talk on "What they don't tell you about building a JIT compiler for CPython" to describe some of the things he wishes he had known when he set out to work on that project. There was something of an elephant in the room, however, in that Microsoft dropped support for the project and laid off most of its Faster CPython team a few days before the talk.

Security updates have been issued by Debian (redis and thunderbird), Fedora (cef, git, gnutls, httpd, linux-firmware, luajit, mingw-djvulibre, mingw-python-requests, perl, php, python-requests, python3.6, salt, and selenium-manager), Mageia (dpkg, firefox, gnupg2, and golang), Slackware (httpd and kernel), SUSE (afterburn, cmctl, git, go1.23, go1.24, k9s, liboqs-devel, libxml2, php8, python36, trivy, and xen), and Ubuntu (linux-xilinx-zynqmp and nix).

Linus has released 6.16-rc6 for testing; it includes a fix for a somewhat scary regression that came up over the week.

So I was flailing around blaming everybody and their pet hamster, because for a while it looked like a drm issue and then a netlink problem (it superficially coincided with separate issues with both of those subsystems).

But I did eventually figure out how to trigger it reliably and then it bisected nicely, and a couple of days have passed, and I'm feeling much better about the release again. We're back on track, and despite that little scare, I think we're in good shape.

The kernel's perf events subsystem can produce high-quality profiles, with full function-call chains, of resource usage within the kernel itself. Developers, however, often would like to see profiles of the whole system in one integrated report with, for example, call-stack information that crosses the boundary between the kernel and user space. Support for unwinding user-space call stacks in the perf events subsystem is currently inefficient at best. A long-running effort to provide reliable, user-space call-stack unwinding within the kernel, which will improve that situation considerably, appears to be reaching fruition.

Security updates have been issued by AlmaLinux (gnome-remote-desktop, go-toolset:rhel8, golang, jq, kernel, kernel-rt, libxml2, and podman), Fedora (chromium, git, helix, pam, rust-blazesym-c, rust-clearscreen, rust-gitui, rust-nu-cli, rust-nu-command, rust-nu-test-support, rust-procs, rust-which, selenium-manager, sudo, thunderbird, and uv), SUSE (audiofile, chmlib-devel, docker, firefox, go1, libsoup, libsoup2, libssh, libxml2, tomcat, umoci, and xen), and Ubuntu (git and resteasy, resteasy3.0).

Few, if any, web sites or web-based services have gone unscathed by the locust-like hordes of AI crawlers looking to consume (and then re-consume) all of the world's content. The Anubis project is designed to provide a first line of defense that blocks mindless bots—while granting real users access to sites without too much hassle. Anubis is a young project, not even a year old. However, its development is moving quickly, and the project seems to be enjoying rapid adoption. The most recent release of Anubis, version 1.20.0, includes a feature that many users have been interested in since the project launched: support for challenging clients without requiring users to have JavaScript turned on.

Greg Kroah-Hartman has released the 6.15.6, 6.12.37, 6.6.97, 6.1.144, and 5.15.187 stable kernels. As is the usual case, each contains important fixes all over the kernel tree.

Security updates have been issued by Debian (sslh), Oracle (container-tools:rhel8, gnome-remote-desktop, golang, javapackages-tools:201801, jq, libvpx, libxml2, mpfr, and perl-File-Find-Rule-Perl), Red Hat (glib2, libblockdev, and sudo), Slackware (git), SUSE (avif-tools, containerd, djvulibre, gpg2, helm, kernel, libpoppler-cpp2, libxml2, libxml2-2, openssl-3, perl-YAML-LibYAML, python-cryptography, python-setuptools, python311-pycares, tomcat10, and wireshark), and Ubuntu (djvulibre, git, libyaml-libyaml-perl, and protobuf).

Inside this week's LWN.net Weekly Edition:

• Front: Python packaging; Kernel API specification; Kselftests and KUnit; niri; pedalboard.
• Briefs: Git security fixes; Amarok 3.3; Bash 5.3; Thunderbird 140; tmux-rs; U-Boot 2025.07; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Version 3.3 of the Amarok music player has been released. This is the first release of Amarok based on KDE Frameworks 6 and Qt 6. Amarok 3.3 also includes a major rework of its audio engine to use GStreamer for audio playback.

The reworked audio engine provides unified feature set for all users and should provide a solid and future-proof sonic experience for years to come. Notable improvements have also landed to the database system: improved character set support helps with e.g. emojis in podcast descriptions and other very exotic symbols, date handling has been improved ('year 2038 problem'), and various other potential and actual database-related issues have been fixed.

The AlmaLinux project has announced new upgrade paths for its ELevate utility, which allows users to upgrade between major versions of Red Hat Enterprise Linux derivatives. The new paths include upgrades from AlmaLinux 9 to AlmaLinux 10 and CentOS Stream 9 to CentOS Stream 10, with support for EPEL, Docker CE, and PostgreSQL third-party package repositories. LWN covered ELevate last year.

It is no secret that the Python packaging world is at something of a crossroads; there have been debates and discussions about the packaging landscape that started long before our 2023 series describing some of the difficulties. There has been progress since then—and incremental improvements all along, in truth—but a new initiative is looking to overhaul packaging for the language. At PyCon US 2025, Barry Warsaw and Jonathan Dekhtiar gave a presentation on the WheelNext project, which is a community effort that aims to improve the experience for users and providers of Python packages while also working with toolmakers and other parts of the ecosystem to "reinvent the wheel". While the project's name refers to Python's wheel binary distribution format, its goals stretch much further than simply the format.

Security updates have been issued by AlmaLinux (container-tools:rhel8, jq, kernel, podman, python-setuptools, socat, and thunderbird), Gentoo (Chromium, Google Chrome, Microsoft Edge. Opera, ClamAV, Git, NTP, REXML, and strongSwan), Oracle (buildah, gnome-remote-desktop, ipa, jq, kernel, podman, python-setuptools, ruby:3.3, socat, uek-kernel, and xorg-x11-server-Xwayland), SUSE (kernel), and Ubuntu (freerdp3, git, gnupg2, linux-aws, linux-oracle, linux-azure, linux-azure, linux-azure-6.11, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-ibm-5.15, linux-intel-iotg, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-kvm, linux-lowlatency, linux-oem-6.11, and onionshare).

Versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 and v2.50.1 of the Git source-code management system have been released. "This is a set of coordinated security fix releases. Please update at your earliest convenience". See the announcement for details; many of the vulnerabilities have to do with tricks buried in untrusted repositories.

Version 140 of the Thunderbird mail client has been released. Notable features include "dark message mode" to adapt message content to dark mode, the ability to easily transfer desktop settings to the mobile Thunderbird client, experimental support for Microsoft Exchange, as well as global controls for message threading and sort order.

Thunderbird 140 is an extended-support release (ESR) which will be supported for 12 months. However, the Thunderbird project is trying to encourage users to adopt the Release channel for monthly updates instead. The project is staggering upgrades to 140 for existing Thunderbird users in order to catch any significant bugs before they are widely deployed, but users can upgrade manually via the Help > About menu. See the release notes for a full list of changes.

The kernel project, for many years, lacked a formal testing setup; it was often joked that testing was the project's main reason for keeping users around. While many types of kernel testing can only be done in the presence of specific hardware, there are other parts of the kernel that could be more widely tested. Over time, though, the kernel has gained two separate testing frameworks and a growing body of automated tests to go with them. These two frameworks — kselftests and KUnit — take different approaches to the testing problem; now this patch series from Thomas Weißschuh aims to bring them together.

Security updates have been issued by Debian (djvulibre and slurm-wlm), Red Hat (apache-commons-vfs, container-tools:rhel8, kernel, kernel-rt, podman, python3, rsync, socat, and sudo), SUSE (apache2, helm-mirror, incus, kernel, openssl-3, python-Django, and systemd), and Ubuntu (dcmtk, File::Find::Rule, ghostscript, jquery, and libssh).

The U-Boot universal bootloader project has announced the release of version 2025.07. It has multiple new features including "uthreads" (inspired by the "bthreads" coroutines in the barebox bootloader), exFAT support, new architecture and SoC support and improvements to existing platforms, cleanups, better testing, and more. Project leader Tom Rini took the opportunity to mention his efforts toward getting some help with the project and more formal governance: As this is a full release, and not just a release candidate I'm hoping for a few more people to read this and then read what I'm linking to as well. For the overall health of the project, and the community, I'm hoping to find a few people within the community that can help with overall organization and management. I would like to long term be able to move us to being under the Software Freedom Conservancy umbrella and that in turn means having a organizational structure that's not just a single person.

He also noted that there is a community meeting on July 8th, 2025 at 9am (GMT -06:00) on Google Meet.

The GNU project's Bourne Again SHell (Bash) has released version 5.3, with some significant new features, including some from the associated Readline 8.3 release, which provides command-line editing and other features for Bash and lots of other programs. Bash 5.3 has a "new form of command substitution that executes the command in the current shell execution context", pathname-completion sorting will be handled based on the GLOBSORT shell variable, generated completions can go to a shell variable instead of to stdout, the source code has been updated to C23, and more. Meanwhile: Readline has new features as well. There is a new option that allows case-insensitive searching, a new command that executes a named readline command, and a new command that exports possible word completions in a specified format for consumption by another process.