Bookmarks (392)

The 6.15-rc3 kernel prepatch is out for testing. "There's absolutely nothing of huge note here as far as I can tell. Just a fair number of small fixes all over the place".

The 6.14.3, 6.13.12, and 6.12.24 stable kernel updates have been released; each contains another set of important fixes. Note that the 6.13.x series ends with 6.13.12.

The New Stack looks at EU OS, an attempt to create a desktop system for the European public sector. EU OS is not a brand-new Linux distribution in the traditional sense. Instead, it is a proof-of-concept built atop Fedora's immutable KDE Plasma spin (Kinoite). EU OS takes a layered approach to customization. The project's vision is to provide a standard, adaptable Linux base that...

The final session in the memory-management track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit was a brief, last-minute addition run by Kalesh Singh. The kernel's readahead mechanism is generally good for performance; it ensures that data is present by the time an application gets around to asking for it. Sometimes, though, readahead can go a little too far.

Adding tracepoints to some kernel subsystems has been controversial—or disallowed—due to concerns about the user-space ABI that they might create. The virtual filesystem (VFS) layer has long been one of the subsystems that has not allowed any tracepoints, but that may be changing. At the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Ted Ts'o led a discussion about whether the ABI...

Security updates have been issued by Debian (graphicsmagick and libapache2-mod-auth-openidc), Fedora (giflib, mod_auth_openidc, mysql8.0, perl, perl-Devel-Cover, perl-PAR-Packer, perl-String-Compare-ConstantTime, rust-openssl, rust-openssl-sys, trunk, and workrave), Mageia (chromium-browser-stable and rust), Oracle (java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, kernel, libreoffice, and webkit2gtk3), Red Hat (gvisor-tap-vsock), SUSE (containerd, docker, docker-stable, forgejo, GraphicsMagick, libmozjs-115-0, perl-32bit, poppler, subfinder, and thunderbird), and Ubuntu (erlang and ruby2.3, ruby2.5).

Version 25.04 ("Plucky Puffin") of the Ubuntu Linux distribution has been released. This release includes Linux 6.14, GNOME 48, APT 3.0, and introduces a Arm64 desktop ISO to install Ubuntu Desktop on Arm64 systems. This is an interim release, with support through January 2026. See the release notes for a detailed list of new features and changes.

Version 14.5 of the Tor Browser has been released. Notable features in this release include the addition of Connection Assist for the Android version of the Tor Browser, and language support for Belarusian, Bulgarian, and Portuguese for all versions of the browser. Should Tor Browser fail to establish a direct connection to the Tor network, Connection Assist will offer to find and try bridges...

The kernel's memory controller works within the control-group mechanism to enforce memory-usage limits on groups of processes. This component has often had performance problems, so there is continual interest in optimizing it. Shakeel Butt led a session during the memory-management track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit to look at the current state of the memory controller and what can...

Security updates have been issued by Debian (chromium and libapache2-mod-auth-openidc), Oracle (expat, freetype, glibc, grub2, gvisor-tap-vsock, and kernel), Red Hat (grub2 and webkit2gtk3), and SUSE (apache2-mod_auth_openidc, cosign, gitoxide, govulncheck-vulndb, GraphicsMagick, haproxy, hauler, mozjs52, oci-cli, pam, perl-Data-Entropy, poppler, python-lxml-doc, python311-aiohttp, rekor, rubygem-rexml, and webkit2gtk3).

Inside this week's LWN.net Weekly Edition: Front: APT 3.0; Fedora 42; Lots more LSFMM+BPF coverage. Briefs: CVE funding; Yelp vulnerability; Fedora 42; Manjaro 25.0; GCC 15; Pinta 3.0; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.

Debian's Advanced Package Tool (APT) is the suite of utilities that handle package management on Debian and Debian-derived operating systems. APT recently received a major upgrade to 3.0 just in time for inclusion in Debian 13 ("trixie"), which is planned for release sometime in 2025. The version bump is warranted; the latest APT has user-interface improvements, switches to Sequoia to verify package signatures, and includes...

GNOME contributor Michael Catanzaro has written a blog post about a noteworthy vulnerability in GNOME's help browser, Yelp. I don't normally blog about particular CVEs, but Yelp CVE-2025-3155 is noteworthy because it is quite severe, public for several weeks now, and not yet fixed upstream. In short, help files can read your filesystem and execute arbitrary JavaScript code, allowing an attacker to exfiltrate any...

Allowing directories to be modified in parallel was the topic of Jeff Layton's filesystem-track session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF). There are certain use cases, including for the NFS and Lustre filesystems, as mentioned in a patch set referenced in the topic proposal, where contention in creating multiple files in a directory is causing noticeable performance problems....

The BPF verifier is not magic; it cannot solve the halting problem. Therefore, it has to err on the side of assuming that a program will run too long if it cannot prove that the program will not. The ultimate check on the size of a BPF program is the one-million-instruction limit — the verifier will refuse to process more than one-million instructions, no...

Sergiu Gatlan reports that the US government has extended funding for the Common Vulnerabilities and Exposures (CVE) program, following yesterday's reports that funding would run out as of April 16. "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no...

As a system runs, its memory becomes fragmented; it does not take long before the allocation of large, physically contiguous memory ranges becomes difficult or impossible. The contiguous memory allocator (CMA) is a kernel subsystem that attempts to address this problem, but it has never worked as well as some would like. Two sessions in the memory-management track at the 2025 Linux Storage, Filesystem,...

Security updates have been issued by AlmaLinux (gvisor-tap-vsock, kernel, and kernel-rt), Fedora (chromium, dnf, dotnet9.0, golang, lemonldap-ng, mariadb10.11, perl-Crypt-URandom-Token, perl-DBIx-Class-EncodedColumn, php-tcpdf, podman-tui, and trunk), Red Hat (java-17-openjdk and kernel), Slackware (mozilla), SUSE (apache2-mod_auth_openidc, cosign, etcd, expat, flannel, kernel, libsqlite3-0, libvarnishapi3, mozjs52, Multi-Linux Manager 4.3: Server, Multi-Linux Manager 5.0: Server, Proxy and Retail Server, pgadmin4, rekor, rsync, rubygem-bundler, and webkit2gtk3), and Ubuntu (7zip, Docker, and...

In the first filesystem-track session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), virtual filesystem (VFS) layer co-maintainer Christian Brauner had a few different topics he wanted to talk about. Issues on the agenda included iterating through anonymous mount namespaces, a needed feature for ID-mapped mounts, the perennial unprivileged mounts topic, potentially using hazard pointers for file reference counting, and...

Security Week is one of several outlets reporting that the funding for the CVE program at MITRE disappears as of April 16. Maintained by MITRE Corporation, a not-for-profit organization that operates federal R&D centers, the CVE program is funded through multiple channels, including the U.S. government, industry partnerships, and international organizations. Earlier this month, in anticipation of the US government funding cuts, MITRE initiated layoffs...

Version 25.0 ("Zetar") of the Arch-based Manjaro Linux distribution is now available. This release includes Linux kernel 6.12, GNOME 48, KDE 6.3, Xfce 4.18, and more.

The Fedora Project has announced the release of Fedora Linux 42, with "what's new" articles for Fedora Workstation and Fedora KDE Plasma Desktop. There is also a last-minute warning about the live media for the release: We discovered a problem with the Live boot media at the last minute, and since the release was already out of the airlock, we can't do much about it. It doesn't damage anything,...

Fedora Linux 42 has been released with many incremental improvements and updates. In this development cycle, the KDE Plasma Desktop has finally gotten a promotion from a spin to an edition, the new web-based user interface for the Anaconda installer makes its debut, and the Wayland-ification of Fedora continues apace. In all it is a solid release with lots of polish.

It is common, on NUMA systems, to try to allocate all memory on the local node, since it will be the fastest. That is not the only possible policy, though; another is weighted interleaving, which seeks to distribute allocations across memory controllers to maximize the bandwidth utilization on each. Configuring such policies can be challenging, though. At the 2025 Linux Storage, Filesystem, Memory-Management, and...

Security updates have been issued by AlmaLinux (glibc), Red Hat (kernel and kernel-rt), Slackware (perl), SUSE (haproxy, kernel, and webkit2gtk3), and Ubuntu (cimg, perl, protobuf, and webkit2gtk).

Version 3.0 of the Pinta image editor has been released. The most notable change in this release is that Pinta has been ported to GTK 4.0 and libadwaita. It also includes a number of improvements, new effects, and bug fixes.

BPF is, famously, not part of the kernel's promises of user-space stability. New kernels can and do break existing BPF programs; the BPF developers try to fix unintentional regressions as they happen, but the whole thing can be something of a bumpy ride for users trying to deploy BPF programs across multiple kernel versions. Shung-Hsi Yu and Daniel Xu had two different approaches to...

Andrew Morton, the lead maintainer for the kernel's memory-management subsystem, tends to be quiet during the Linux Storage, Filesystem, Memory-Management, and BPF Summit, preferring to let the developers work things out on their own. That changes, though, when he leads the traditional development-process session in the memory-management track. At the 2025 gathering, this discussion covered a number of ways in which the process could...

Security updates have been issued by Debian (glib2.0, jinja2, kernel, mediawiki, perl, subversion, twitter-bootstrap3, twitter-bootstrap4, and wpa), Fedora (c-ares, chromium, condor, corosync, cri-tools1.29, exim, firefox, matrix-synapse, nextcloud, openvpn, perl-Data-Entropy, suricata, upx, varnish, webkitgtk, yarnpkg, and zabbix), Mageia (giflib, gnupg2, graphicsmagick, and poppler), Oracle (delve and golang, go-toolset:ol8, grub2, and webkit2gtk3), Red Hat (kernel and kernel-rt), SUSE (chromium, fontforge-20230101, govulncheck-vulndb, kernel, liblzma5-32bit, pgadmin4, python311-Django, and...

Linus has released 6.15-rc2 for testing. "Nothing particularly stands out to me, but it's early in the release yet, so let's see how it goes."

Knowing how frequently accessed a page of memory is (its "hotness") is a key input to many memory-management heuristics. Jonathan Cameron, in a memory-management track at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, pointed out that the number of sources of that kind of data is growing over time. He wanted to explore the questions of what commonality exists between data from...

Eduard Zingerman presented a daring proposal that "makes sense if you think about it a bit" at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit. He wants to inline performance-sensitive kernel functions into the BPF programs that call them. His prototype does not yet address all of the design problems inherent in that idea, but it did spark a lengthy discussion about the...

Security updates have been issued by AlmaLinux (delve and golang and go-toolset:rhel8), Debian (webkit2gtk), Fedora (openvpn, thunderbird, uboot-tools, and zabbix), SUSE (expat, fontforge, govulncheck-vulndb, and kernel), and Ubuntu (haproxy and libsoup2.4, libsoup3).

Building on the discussion in the two previous sessions on untorn (or atomic) writes, for buffered I/O and for XFS using direct I/O, Ojaswin Mujoo remotely led a session on support for the feature on ext4. That took place in the combined storage and filesystem track at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit. Part of the support for the feature...

Over on the Red Hat Developer site, David Malcolm has an article about improvements in GCC 15, specifically focusing on the diagnostic information that the compiler emits. This includes ASCII art with a "⚠️" warning emoji to display the execution path when it detects a problem (like an infinite loop in one of his examples), better C++ template errors, machine-readable diagnostics using Static Analysis...

Compute Express Link (CXL) memory is not like the ordinary RAM that one might install into a computer; it can come and go at any time and is often not present when the kernel is booting. That complicates the management of this memory. During the memory-management track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, Gregory Price ran a session on the...

Greg Kroah-Hartman has announced the release of eight stable kernels: 6.14.2, 6.13.11, 6.12.23, 6.6.87, 6.1.134, 5.15.180, 5.10.236, and 5.4.292. These all contain a large assortment of important kernel fixes throughout the tree.

The Data Access MONitor (DAMON) subsystem provides access to detailed memory-management statistics, along with a set of tools for implementing policies based on those statistics. An update on DAMON by its primary author, SeongJae Park, has been a fixture of the Linux Storage, Filesystem, Memory-Management, and BPF Summit for some years. The 2025 Summit was no exception; Park led two sessions on recent and...

Security updates have been issued by AlmaLinux (tomcat and webkit2gtk3), Debian (chromium), Fedora (ghostscript), Mageia (atop, docker-containerd, and xz), Red Hat (go-toolset:rhel8), SUSE (apache2-mod_auth_openidc, apparmor, etcd, expat, firefox, kernel, libmozjs-128-0, and libpoppler-cpp2), and Ubuntu (dino-im, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-fips, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, opensc, and poppler).

Inside this week's LWN.net Weekly Edition: Front: Debian project leader election; 6.15 Merge window; Lots of LSFMM coverage; Joplin. Briefs: Firefox hardening; OpenSSH 10.0; Supply chain security; FreeDOS 1.4; OpenSSL 3.5.0; Rust 1.86.0; Quotes; ... Announcements: Newsletters, conferences, security updates, patches, and more.

Tom Schuster, Frederik Braun, and Christoph Kerschbaumer have published an article on the Firefox Security team's Attack & Defense blog that explains recent work to harden Firefox's frontend code. We have rewritten over 600 JavaScript event handlers to mitigate XSS and other injection attacks in the main Firefox user interface. This mitigation will ship in Firefox 138. However, blocking the execution of scripts in...

In a combined storage and filesystem track session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit, John Garry continued the theme of "untorn" (or atomic) writes that started in the previous session. It was also an update on where things have gone for untorn writes since his session at last year's summit. Beyond that, he looked at some of the plans...

Four candidates have stepped up to run in the 2025 Debian Project Leader (DPL) election. Andreas Tille, who is in his first term as DPL, is running again. Sruthi Chandran, Gianfranco Costamagna, and Julian Andres Klode are the other candidates running for a chance to serve a term as DPL. The campaigning phase ended on April 5, and Debian members began voting on April 6. Voting...

The 6.15 merge window saw the inclusion of a new type of lock for BPF programs: a resilient queued spinlock that Kumar Kartikeya Dwivedi has been working on for some time. Eventually, he hopes to convert all of the spinlocks currently used in the BPF subsystem to his new lock. He gave a remote presentation about the design of the lock at the 2025...

Tiered-memory systems feature multiple types of memory with varying performance characteristics; on such systems, good performance depends on keeping the most frequently used data in the fastest memory. Identifying that data and placing it properly is a challenge that has kept developers busy for years. Bharata Rao, presenting remotely during a memory-management-track session at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, led...

The kernel samepage merging (KSM) subsystem works by finding pages in memory with the same contents, then replacing the duplicated copies with a single, shared copy. KSM can improve memory utilization in a system, but has some problems as well. In two memory-management-track sessions at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit, Mathieu Desnoyers and Sourav Panda proposed improvements to KSM to...

OpenSSH 10.0 has been released. Support for the DSA signature algorithm, which was disabled by default beginning in 2015, has been removed. Other notable changes include using the post-quantum algorithm mlkem768x25519-sha256 for key agreement by default, support for systemd-style socket activation in Portable OpenSSH, and moving code for user authentication from the sshd-session binary to the new ssh-auth binary: Splitting this code into a...

Security updates have been issued by Debian (lemonldap-ng, libbssolv-perl, and phpmyadmin), Fedora (augeas, mariadb10.11, and thunderbird), Oracle (gimp, libxslt, python3.11, python3.12, tomcat, and xorg-x11-server), Red Hat (expat, grafana, opentelemetry-collector, and webkit2gtk3), SUSE (azure-cli-core, doomsday, kernel, and poppler), and Ubuntu (dotnet8, dotnet9, erlang, and poppler).

Version 3.5.0 of OpenSSL has been released. This release adds support for server-side QUIC (RFC 9000), a new configuration option (no-tls-deprecated-ec) that disables support for TLS groups deprecated in RFC 8422, and more.

Version 1.4 of FreeDOS has been released. This is the first stable release since 2022, and includes improvements to the Fdisk hard-disk-management program, and reliability updates for the mTCP set of TCP/IP applications for DOS. This version was much smoother because Jerome Shidel, our distribution manager, had an idea after FreeDOS 1.3 that we could have a rolling test release that collected all of...