Security updates have been issued by Debian (sslh), Oracle (container-tools:rhel8, gnome-remote-desktop, golang, javapackages-tools:201801, jq, libvpx, libxml2, mpfr, and perl-File-Find-Rule-Perl), Red Hat (glib2, libblockdev, and sudo), Slackware (git), SUSE (avif-tools, containerd, djvulibre, gpg2, helm, kernel, libpoppler-cpp2, libxml2, libxml2-2, openssl-3, perl-YAML-LibYAML, python-cryptography, python-setuptools, python311-pycares, tomcat10, and wireshark), and Ubuntu (djvulibre, git, libyaml-libyaml-perl, and protobuf).
Inside this week's LWN.net Weekly Edition:
- Front: Python packaging; Kernel API specification; Kselftests and KUnit; niri; pedalboard.
- Briefs: Git security fixes; Amarok 3.3; Bash 5.3; Thunderbird 140; tmux-rs; U-Boot 2025.07; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
Version
3.3 of the Amarok music
player has been released. This is the first release of Amarok based on
KDE Frameworks 6
and Qt 6. Amarok 3.3
also includes a major rework of its audio engine to use GStreamer for audio
playback.
The reworked audio engine provides unified feature set for all users
and should provide a solid and future-proof sonic experience for years
to come. Notable improvements have also landed to the database system:
improved character set support helps with e.g. emojis in podcast
descriptions and other very exotic symbols, date handling has been
improved ('year 2038 problem'), and various other potential and actual
database-related issues have been fixed.
The AlmaLinux project has announced
new upgrade paths for its ELevate utility, which
allows users to upgrade between major versions of Red Hat Enterprise
Linux derivatives. The new paths include upgrades from AlmaLinux 9
to AlmaLinux 10 and CentOS Stream 9 to
CentOS Stream 10, with support for EPEL, Docker CE, and
PostgreSQL third-party package repositories. LWN covered ELevate last
year.
It is no secret that the Python packaging world is at something of a
crossroads; there have been debates and discussions about the packaging
landscape that started long before our
2023
series describing some of the difficulties. There has been progress
since then—and incremental improvements all along, in truth—but a new
initiative is looking to overhaul packaging for the language. At
PyCon US 2025, Barry Warsaw and
Jonathan Dekhtiar gave a presentation on the
WheelNext project, which is a community
effort that aims improve the experience for users and providers of Python
packages while also working with toolmakers and other parts of the
ecosystem to "
reinvent the wheel
". While the project's name refers
to Python's
wheel
binary distribution format, its goals stretch much further than simply the
format.
Security updates have been issued by AlmaLinux (container-tools:rhel8, jq, kernel, podman, python-setuptools, socat, and thunderbird), Gentoo (Chromium, Google Chrome, Microsoft Edge. Opera, ClamAV, Git, NTP, REXML, and strongSwan), Oracle (buildah, gnome-remote-desktop, ipa, jq, kernel, podman, python-setuptools, ruby:3.3, socat, uek-kernel, and xorg-x11-server-Xwayland), SUSE (kernel), and Ubuntu (freerdp3, git, gnupg2, linux-aws, linux-oracle, linux-azure, linux-azure, linux-azure-6.11, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-ibm-5.15, linux-intel-iotg, linux-nvidia-tegra,
linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-kvm, linux-lowlatency, linux-oem-6.11, and onionshare).
Versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 and
v2.50.1 of the Git source-code management system have been released.
"
This is a set of coordinated security fix releases. Please update at
your earliest convenience
". See
the announcement for details;
many of the vulnerabilities have to do with tricks buried in untrusted
repositories.
Version
140 of the Thunderbird mail client has been released. Notable
features include "dark message mode" to adapt message content
to dark mode, the ability to easily transfer desktop
settings to the mobile Thunderbird client, experimental support for
Microsoft Exchange, as well as global controls for message threading
and sort order.
Thunderbird 140 is an extended-support
release (ESR) which will be supported for 12 months. However, the
Thunderbird project is trying to encourage users to adopt the Release
channel for monthly updates instead. The project is staggering
upgrades to 140 for existing Thunderbird users in order to catch any
significant bugs before they are widely deployed, but users can
upgrade manually via the Help > About
menu. See the release
notes for a full list of changes.
The kernel project, for many years, lacked a formal testing setup; it was
often joked that testing was the project's main reason for keeping users
around. While many types of kernel testing can only be done in the
presence of specific hardware, there are other parts of the kernel
that could be more widely tested. Over time, though, the kernel has gained
two separate testing frameworks and a growing body of automated tests to go
with them. These two frameworks — kselftests and KUnit — take different
approaches to the testing problem; now
this
patch series from Thomas Weißschuh aims to bring them together.
Security updates have been issued by Debian (djvulibre and slurm-wlm), Red Hat (apache-commons-vfs, container-tools:rhel8, kernel, kernel-rt, podman, python3, rsync, socat, and sudo), SUSE (apache2, helm-mirror, incus, kernel, openssl-3, python-Django, and systemd), and Ubuntu (dcmtk, File::Find::Rule, ghostscript, jquery, and libssh).