The Free Software Foundation has announced the recipients of its 2024 (even though 2025 is almost over) Free Software Awards. Andy Wingo won the award for the advancement of free software, Alx Sa is the outstanding new free-software contributor, and Govdirectory takes the award for projects of social benefit.

As has been recently announced, nominations are open for the 2025 Linux Foundation Technical Advisory Board (TAB) elections. I am one of the TAB members whose term is coming to an end, but I have decided that, after 18 years on the board, I will not be seeking re-election; instead, I will step aside and make room for a fresh voice. My time on the TAB has been rewarding, and I will be sad to leave; the TAB has an important role to play in the functioning of the kernel community.

As of this writing, 4,124 non-merge commits have been pulled into the mainline repository for the 6.19 kernel development cycle. That is a relatively small fraction of what can be expected this time around, but it contains quite a bit of significant work, with changes to many core kernel subsystems. Read on for a summary of the first part of the 6.19 merge window.

Version 2025.12 of the Home Assistant home-automation system has been released.

This month, we're unveiling Home Assistant Labs, a brand-new space where you can preview features before they go mainstream. And what better way to kick it off than with Winter mode? ❄️ Enable it and watch snowflakes drift across your dashboard. It's completely unnecessary, utterly delightful, and exactly the kind of thing we love to build. ❄️

But that's just the beginning. We've been working on making automations more intuitive over the past releases, and this release finally delivers purpose-specific triggers and conditions. Instead of thinking in (numeric) states, you can now simply say "When a light turns on" or "If the climate is heating". It's automation building the way our mind works, as it should be.

There are many possible programmer mistakes that are not caught by the minimal checks specified by the C language; among those is passing an array of the wrong size to a function. A recent attempt to add some safety around array parameters within the crypto layer involved the use of some clever tricks, but it turns out that clever tricks are unnecessary in this case. There is an obscure C feature that can cause this checking to happen, and it is already in use in a few places within the kernel.

Linus Torvalds released the 6.18 kernel as expected on November 30, closing the last full development cycle of 2025. It was another busy cycle, featuring a record number of developers. The time has come for a look at where the code came from for this kernel release, but also for the year-long long-term-support cycle which has also reached its conclusion with this release.

Linus has released the 6.18 kernel, as expected.

So I'll have to admit that I'd have been happier with slightly less bugfixing noise in this last week of the release, but while there's a few more fixes than I would hope for, there was nothing that made me feel like this needs more time to cook. So 6.18 is tagged and pushed out.

Headline changes in this release include the ability to manage namespaces with file handles, support for the AccECN congestion-control protocol, initial support for signing of BPF programs, improved memory management with sheaves, the Rust binder driver, better control over transparent huge pages, and a lot more. This release also saw the removal of the bcachefs filesystem.

See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.18 page for more information.

Version 25.11 of the NixOS distribution has been released. "The 25.11 release was made possible due to the efforts of 2742 contributors, who authored 59430 commits since the previous release". Changes include 7,002 new packages, GNOME 49, LLVM 21, a new COSMIC desktop environment beta, firewalld support, and more; see the release notes for details.

The prizrak.me blog is carrying an introduction to the Landlock security module.

Landlock shines when an application has a predictable set of files or directories it needs. For example, a web server could restrict itself to accessing only /var/www/html and /tmp.

Unlike SELinux or AppArmor, Landlock policies don't require administrator involvement or system-wide configuration. Developers can embed policies directly in application code, making sandboxing a natural part of the development process.

Linus has released 6.18-rc7, probably the last -rc before the 6.18 release.

So the rc6 kernel wasn't great: we had a last-minute core VM regression that caused people problems.

That's not a great thing late in the release cycle like that, but it was a fairly trivial fix, and the cause wasn't some horrid bug, just a latent gotcha that happened to then bite a late VM fix. So while not great, it also doesn't make me worry about the state of 6.18. We're still on track for a final release next weekend unless some big new problem rears its ugly head.

The Oracle blog has a lengthy article on enhancements to GCC to help detect overflows of flexible array members (FAMs) in C programs.

We describe here two new GNU extensions which specify size information for FAMs. These are a new attribute, "counted_by" and a new builtin function, "__builtin_counted_by_ref". Both extensions can be used in GNU C applications to specify size information for FAMs, improving the buffer overflow detection for FAMs in general.

This work has been covered on LWN as well.

The call for candidates for the 2025 election for the Linux Foundation Technical Advisory Board has been posted.

The TAB exists to provide advice from the kernel community to the Linux Foundation and holds a seat on the LF's board of directors; it also serves to facilitate interactions both within the community and with outside entities. Over the last year, the TAB has overseen the organization of the Linux Plumbers Conference, advised on the setup of the kernel CVE numbering authority, worked behind the scenes to help resolve a number of contentious community discussions, worked with the Linux Foundation on community conference planning, and more.

Nominations close on December 13.

Version 8.5.0 of the PHP language has been released. Changes include a new "|>" operator that, for some reason, makes these two lines equivalent:

    $result = strlen("Hello world");
    $result = "Hello world" |> strlen(...);

Other changes include a new function attribute, "#[\NoDiscard]" to indicate that the return value should be used, attributes on constants, and more; see the migration guide for details.

BPF allows programs uploaded from user space to be run, safely, within the kernel. The io_uring subsystem, too, can be thought of as a way of loading programs in the kernel, though the programs in question are mostly a sequence of I/O-related system calls. It has sometimes seemed inevitable that io_uring would, like many other parts of the kernel, gain BPF capabilities as a way of providing more flexibility to user space. That has not yet happened, but there are currently two patch sets under consideration that take different approaches to the problem.

Inside this week's LWN.net Weekly Edition:

• Front: Hardware architectures; Fedora Flatpaks; Debian hardware support; sockaddr structure; NUMA nodes; Homebrew.
• Briefs: LightDM security; Debian Libre Live; Xubuntu postmortem; Blender 5.0; Git 2.52.0; Rust in Android; Thunderbird 145; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Version 2.52.0 of the Git source-code management system has been released. Changes include a new last-modified command to find the closest ancestor commit that touched one or more paths, a couple of git refs improvements, a new git repo command for obtaining information about the repository itself, and more. See the announcement and this GitHub blog entry for more information.

For better or for worse, the NUMA node is the abstraction used by the kernel to keep track of different types of memory. How that abstraction is used, though, is still an active area of development. Two patch sets focused on this problem are currently under review; one addresses the perennial problem of promoting heavily used folios from slower to faster memory, while the other aims to improve the kernel's handling of nodes containing special memory installed for a specific purpose.

Linus has released 6.18-rc6 for testing. "So we have a slightly larger rc6 than usual, but I think it's just the random noise and a result of pull request timings rather than due to any issues with the release. But I guess we have a couple of weeks remaining to find out."

One of the many objectives of the Linux Kernel Self-Protection Project (KSPP), which just completed ten years of work, is to ensure that all array references can be bounds-checked, even in the case of flexible array members, the size of which is not known at compile time. One of the most challenging flexible array members in the kernel is not even declared as such. Almost exactly one year ago, LWN looked at the effort to increase safety around the networking subsystem's heavily used sockaddr structure. One year later, Kees Cook is still looking for a way to bring this work to a close.

The Google Security Blog has a new post on just how well the use of Rust is working out for the Android project.

We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android's C and C++ code. But the biggest surprise was Rust's impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.