LWN.net

Inside this week's LWN.net Weekly Edition: Front : LLMs and security; restartable sequences and TCMalloc; Fedora and GNOME bug reports; Prolly trees; Arm on s390. Briefs : NHS open source; Alpine outage; GCC 16.1; Incus 7.0 LTS; NetHack 5.0.0; PHP license; Quotes; ... Announcements : Newsletters, conferences, security updates, patches, and more.

Predictions that LLM tools would cause a surge in reports of security vulnerabilities have, unquestionably, borne out. As expected, maintainers are having to wade through more security reports than ever before; in addition, LLM tools are disrupting traditional-coordinated disclosure practices as well. The method of Copy Fail 's disclosure, in particular, left vendors, projects, and users scrambling. In addition, maintainers are seeing parallel discovery of the same security flaws within the emb…

Version 7.0 of the Incus container and virtual-machine management system has been released. Notable changes in this release include the inclusion of a low-level backup API, the addition of basic S3 operations directly in Incus to replace the now-unmaintained MinIO project, as well as the removal of support for cgroups v1 and xtables (iptables/ip6tables/ebtables). This is a long-term-support (LTS) release, with support through June 2031. The first 2 years will feature bug and security fixes as w…

Security updates have been issued by AlmaLinux (corosync, dovecot, image-builder, python-tornado, resource-agents, and systemd), Debian (openjdk-11, openjdk-17, and pyjwt), Fedora (pdns, pyOpenSSL, and squid), Slackware (hunspell), SUSE (alloy, avahi, bubblewrap, cmctl, coredns, curl, dpkg, firefox, golang-github-prometheus-prometheus, grafana, libpng12, PackageKit, sed, and xen), and Ubuntu (docker.io-app, nghttp2, python-django, and python-mako).

A recent patch set from Steffen Eiden and others has set the groundwork for allowing hardware-assisted emulation of Arm CPUs on s390 CPUs. Version two of the posting fixes a handful of smaller problems, but does not differ much. The patches were welcomed by the Arm maintainers, pending some discussion of how the collaboration between the architectures could be structured to prevent maintainability problems on the Arm side. When those details are resolved, the patches could pave the way for tran…

Security updates have been issued by AlmaLinux (kernel, kernel-rt, libcap, LibRaw, openssh, thunderbird, and tigervnc), Debian (libarchive and lxd), Fedora (chromium, insight, nodejs20, rust-sequoia-git, and uriparser), Mageia (kernel, kmod-virtualbox), Oracle (kernel, libcap, thunderbird, and uek-kernel), Red Hat (.NET 10.0, .NET 8.0, .NET 9.0, fence-agents, sudo, and systemd), Slackware (httpd), SUSE (freerdp, hauler, helm, himmelblau, kernel, libspectre, thunderbird, trivy, and xen), and Ubu…

The PHP project has long shipped under its own license — except for the parts under the Zend Engine License. The PHP project has now announced that the PHP license has been retired, and the PHP code has been relicensed under the three-clause BSD license. See this blog entry for more details. Getting here required more than writing an RFC . The PHP License gives the PHP Group the authority to change it, which meant tracking down each of the original PHP Group members and getting their written co…

The Alpine Linux account on fosstodon.org reports that all systems hosted at Linode, including its GitLab instance, " are suspended at the moment due to some billing issue ". They are working to get it resolved, but in the meantime all of their services appear to be down. Update : Alpine Linux's servers are back online .

For a number of years, users submitting bugs reports against GNOME packages in Fedora have received an auto-reply saying that the reports were not actively monitored; users were encouraged to file bugs with GNOME upstream instead. However, that practice seems to be in conflict with the Fedora Engineering Steering Committee (FESCo) policy that package maintainers " deal with reported bugs in a timely manner ". On April 28, FESCo discussed the disconnect between practice and policy; so far, it ha…

Version 5.0.0 of the NetHack dungeon-exploration game, a distant relative of Rogue and Hack , has been released. NetHack's code is now compliant with the C99 standard, and the release includes more than 3,100 bug fixes and changes, detailed in doc/fixes5-0-0.txt (may contain game spoilers). Saved games from previous versions will not work with NetHack 5.0.0.

Security updates have been issued by AlmaLinux (kernel, libcap, libtiff, sudo, and thunderbird), Debian (dovecot, imagemagick, incus, kernel, libexif, linux-6.1, openjdk-25, pyasn1, python-aiohttp, and thunderbird), Fedora (chromium, firefox, GitPython, glibc, insight, krb5, nano, nss, openssh, openvpn, perl-CryptX, python3.14, rust-openssl, rust-openssl-sys, rust-sequoia-git, and xen), Oracle (dtrace, fence-agents, grafana-pcp, libcap, libtiff, sudo, and xorg-x11-server-Xwayland), Red Hat (bui…

The second 7.1 kernel prepatch is out for testing. " It's not small, and while it's a bit early to say for sure, I do suspect we're seeing the same continued pattern of more patches than usual - probably due to AI tooling - that we saw in 7.0. "

Terence Eden reports that the UK's National Health Service (NHS) is preparing to close almost all of its open-source repositories as a response to LLM tools, such as Anthropic's Mythos, becoming more sophisticated at finding security vulnerabilities. He does not, to put it mildly, agree with the decision: The majority of code repos published by the NHS are not meaningfully affected by any advance in security scanning. They're mostly data sets, internal tools, guidance, research tools, front-end…

Modern database and filesystems make pervasive use of B-trees , which are tree structures optimized for storing sorted lists of keys and values on block devices. Dolt is an Apache 2.0-licensed project that makes clever use of a variant of a B-tree to support efficient version control for an entire database. The data structure it uses could well be of interest to other projects.

Security updates have been issued by AlmaLinux (fence-agents), Debian (chromium, dovecot, and kernel), Fedora (chromium, dotnet10.0, dotnet8.0, dotnet9.0, emacs, glow, jfrog-cli, openbao, pyp2spec, python3.6, rust-rustls-webpki, vhs, and xen), Oracle (grafana, grafana-pcp, PackageKit, sudo, vim, and xorg-x11-server), Red Hat (rhc), SUSE (avahi, bouncycastle, chromium, container-suseconnect, firewalld, gdk-pixbuf, grafana, java-25-openjdk, kernel, libixml11, libmozjs-140-0, libpng12-0, libsodium…