Greg Kroah-Hartman has announced the release of the 6.17.9, 6.12.59, and 6.6.117 stable kernels. As usual, he advises users of stable kernels to upgrade.

Security updates have been issued by Fedora (calibre, chromium, cri-o1.32, cri-o1.33, cri-o1.34, dotnet10.0, dovecot, gnutls, gopass, gopass-hibp, gopass-jsonapi, kubernetes1.31, kubernetes1.32, kubernetes1.33, kubernetes1.34, and linux-firmware), Mageia (ffmpeg, kernel, kmod-xtables-addons & kmod-virtualbox, kernel-linus, konsole, and redis), Red Hat (bind and bind-dyndb-ldap and kernel), SUSE (act, alloy, amazon-ssm-agent, ansible-12, ansible-core, blender, chromium, cups-filters, curl, elfutils, expat, firefox, glib2, grub2, helm, kernel, libipa_hbac-devel, libxslt, nvidia-container-toolkit, ongres-scram, openexr, podman, poppler, runc, samba, sssd, thunderbird, and tomcat), and Ubuntu (cups-filters, linux, linux-aws, linux-gcp, linux-hwe-6.14, linux-oracle, linux-realtime, linux-oem-6.14, and linux-realtime-6.14).

Linus has released 6.18-rc7, probably the last -rc before the 6.18 release.

So the rc6 kernel wasn't great: we had a last-minute core VM regression that caused people problems.

That's not a great thing late in the release cycle like that, but it was a fairly trivial fix, and the cause wasn't some horrid bug, just a latent gotcha that happened to then bite a late VM fix. So while not great, it also doesn't make me worry about the state of 6.18. We're still on track for a final release next weekend unless some big new problem rears its ugly head.

The Racket programming language project has released Racket version 9.0. Racket is a descendant of Scheme, so it is part of the Lisp family of languages. The headline feature in the release is parallel threads, which adds to the concurrency tools in the language: "While Racket has had green threads for some time, and supports parallelism via futures and places, we feel parallel threads is a major addition." Other new features include the black-box wrapper to prevent the compiler from optimizing calculations away, the decompile-linklet function to map linklets back to an s-expression, the addition of Weibull distributions to the math library, and more.

The Oracle blog has a lengthy article on enhancements to GCC to help detect overflows of flexible array members (FAMs) in C programs.

We describe here two new GNU extensions which specify size information for FAMs. These are a new attribute, "counted_by" and a new builtin function, "__builtin_counted_by_ref". Both extensions can be used in GNU C applications to specify size information for FAMs, improving the buffer overflow detection for FAMs in general.

This work has been covered on LWN as well.

The call for candidates for the 2025 election for the Linux Foundation Technical Advisory Board has been posted.

The TAB exists to provide advice from the kernel community to the Linux Foundation and holds a seat on the LF's board of directors; it also serves to facilitate interactions both within the community and with outside entities. Over the last year, the TAB has overseen the organization of the Linux Plumbers Conference, advised on the setup of the kernel CVE numbering authority, worked behind the scenes to help resolve a number of contentious community discussions, worked with the Linux Foundation on community conference planning, and more.

Nominations close on December 13.

Unpacking Python iterables of various sorts, such as dictionaries or lists, is useful in a number of contexts, including for function arguments, but there has long been a call for extending that capability to comprehensions. PEP 798 ("Unpacking in Comprehensions") was first proposed in June 2025 to fill that gap. In early November, the steering council accepted the PEP, which means that the feature will be coming to Python 3.15 in October 2026. It may be something of a niche feature, but it is an inconsistency that has been apparent for a while—to the point that some Python programmers assume that it is already present in the language.

Version 8.5.0 of the PHP language has been released. Changes include a new "|>" operator that, for some reason, makes these two lines equivalent:

    $result = strlen("Hello world");
    $result = "Hello world" |> strlen(...);

Other changes include a new function attribute, "#[\NoDiscard]" to indicate that the return value should be used, attributes on constants, and more; see the migration guide for details.

Security updates have been issued by AlmaLinux (delve and golang), Debian (webkit2gtk), Oracle (expat and thunderbird), Red Hat (kernel), Slackware (openvpn), SUSE (chromium, grub2, and kernel), and Ubuntu (cups-filters, imagemagick, and libcupsfilters).

In July, Collabora announced the Rust-based Tyr GPU driver for Arm Mali GPUs. Daniel Almeida has posted an update on progress with a prototype of the driver running on a Rock 5B board with the Rockchip RK3588 system-on-chip:

The Tyr prototype has progressed from basic GPU job execution to running GNOME, Weston, and full-screen 3D games like SuperTuxKart, demonstrating a functional, high-performance Rust driver that matches C-driver performance and paves the way for eventual upstream integration! [...]

Tyr is not ready to be used as a daily-driver, and it will still take time to replicate this upstream, although it is now clear that we will surely get there. And as a mere prototype, it has a lot of shortcuts that we would not have in an upstream version, even though it can run on top of an unmodified (i.e., upstream) version of Mesa.

That said, this prototype can serve as an experimental driver and as a testbed for all the Rust abstraction work taking place upstream. It will let us experiment with different design decisions and gather data on what truly contributes to the project's objective.

There is also a video on YouTube of the prototype in action.

BPF allows programs uploaded from user space to be run, safely, within the kernel. The io_uring subsystem, too, can be thought of as a way of loading programs in the kernel, though the programs in question are mostly a sequence of I/O-related system calls. It has sometimes seemed inevitable that io_uring would, like many other parts of the kernel, gain BPF capabilities as a way of providing more flexibility to user space. That has not yet happened, but there are currently two patch sets under consideration that take different approaches to the problem.

Security updates have been issued by AlmaLinux (bind, bind9.18, container-tools:rhel8, expat, grub2, haproxy, idm:DL1, kernel, kernel-rt, lasso, libsoup, libssh, libtiff, pcs, podman, python-kdcproxy, qt5-qt3d, redis, redis:7, runc, shadow-utils, sqlite, squid, vim, webkit2gtk3, xorg-x11-server, xorg-x11-server-Xwayland, and zziplib), Debian (chromium), Oracle (lasso and postgresql), SUSE (erlang27, ghostscript, grub2, kernel, libIex-3_4-33, python312, and sbctl), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp, linux-aws-6.8, linux-fips, linux-aws-fips, linux-gcp-fips, linux-oracle, and mysql-8.0, mysql-8.4).

Inside this week's LWN.net Weekly Edition:

• Front: Hardware architectures; Fedora Flatpaks; Debian hardware support; sockaddr structure; NUMA nodes; Homebrew.
• Briefs: LightDM security; Debian Libre Live; Xubuntu postmortem; Blender 5.0; Git 2.52.0; Rust in Android; Thunderbird 145; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The Linux kernel supports a large number of architectures. Not all of those are supported by Linux distributions, but Debian does support many of them, officially or unofficially. On October 26, Bastian Blank opened a discussion about the minimum version of these architectures that Debian should support: in particular, raising the de-facto minimum versions in the next Debian release ("forky"). Thread participants were generally in favor of keeping support for older architecture variants, but didn't reach a firm conclusion.

In mid-October, the Xubuntu download site was compromised and had directed users to a malicious zip file instead of the Torrent file that users expected. Elizabeth K. Joseph has published a postmortem of the incident, along with plans to avoid such a breach in the future:

To be perfectly clear: this only impacted our website, and the torrent links provided there.

If you downloaded or opened a file named "Xubuntu-Safe-Download.zip" from the Xubuntu downloads page during this period, you should assume it was malicious. We strongly recommend scanning your computer with a trusted antivirus or anti-malware solution and deleting the file immediately.

Nothing on cdimages.ubuntu.com or any of the other official Ubuntu repositories was impacted, and our mirrors remained safe as long as they were also mirroring from official resources.

None of the build systems, packages, or other components of Xubuntu itself were impacted.

Recordings from the GStreamer Conference 2025, held in London in late October, are now available on the GStreamer Conferences Archive site. Includes the GStreamer State of the Union talk by Tim-Philipp Müller, State of MPEG 2 Transport Stream (MPEG-TS) by Edward Hervey, and many others.

Security updates have been issued by Debian (pdfminer), Fedora (chromium and firefox), Mageia (bubblewrap, flatpak, cups-filters, and thunderbird), Oracle (container-tools:rhel8, kernel, and squid), Red Hat (kernel), Slackware (libarchive), SUSE (gimp, itextpdf, kernel, thunderbird, and unbound), and Ubuntu (lasso).

Version 5.0 of the Blender animation system has been released. Notable improvements include improved color management, HDR capabilities, and a new storyboarding template. See the release notes for a lengthy list of new features and changes, and the bugfixes page for the 588 commits that fixed bugs in Blender 4.5 or older.

There have been several recent announcements about Linux distributions changing the list of architectures they support, or adjusting how they build binaries for some versions of those architectures. Ubuntu introduced architecture variants, Fedora considered dropping support for i686 but reversed course after some pushback, and Debian developers have discussed raising its architecture baseline for the upcoming Debian 14 ("forky"). Linux supports a large number of architectures, and it's not always clear where or by whom they are used. With increasing concerns about diminishing support for legacy architectures, it's a good time to look at the overall state of architecture support on Linux.

The Homebrew project is an open-source package-management system that comes with a repository of useful packages for Linux and macOS. Even though Linux distributions have their own package management and repositories, Homebrew is often used to obtain software that is not available in a distribution's repository or to install more current versions of projects than are available from long-term-support (LTS) distributions. Homebrew 5.0.0, released on November 12, 2025, expanded Linux support to include 64-bit Arm packages in addition to x86_64, and turned on concurrent downloads by default to speed up package downloads.