Linux Weekly News

BPF arenas are areas of memory where the verifier can safely relax its checking of pointers, allowing programmers to write arbitrary data structures in BPF. Emil Tsalapatis reported on how his team has used arenas in writing sched_ext schedulers at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit. His biggest complaint was about the fact that kernel pointers can't be stored in BPF arenas — something that the BPF developers hope to address, although there are some implementation problems that must be sorted out first.

Nextcloud provides an open-source collaboration platform called Nextcloud Hub, which includes file-sharing and syncing features. The company has written a blog post explaining that Google has revoked a critical permission from the Nextcloud Files app for Android that allows it to sync files to Nextcloud Hub.

Google is stating security concerns as a reason for revoking the permission. This is hard to believe for us. Nextcloud has had this feature since its inception in 2016, and we have never heard about any security concerns from Google about it. Moreover, several Big Tech apps as well as Google's own still have this. What we think: Google owning the platform means they can and are giving themselves preferential treatment.

Despite multiple appeals since mid-2024, Google has refused to reinstate the permission, blocking automated Nextcloud file uploads for millions of users.

The Nextcloud app available via F-Droid does not have this limitation, but the post notes that that is not an option for many users.

The SUSE Security Team has published an article detailing several security issues it has uncovered with GNU Screen. This includes a local root exploit when Screen is shipped setuid-root, as it is in some Linux and BSD distributions. The security team also reports problems in coordinating disclosure with the upstream Screen project.

The article includes a table of operating systems, screen versions, and which vulnerabilities they may be affected by.

The Guix project has announced that it is migrating all of its Git repositories, as well as bug tracking and patch tracking, from Savannah to the Codeberg Git forge.

The motivation for the move, which is spelled out in a Guix Consensus Document (GCD), is to improve the contribution experience and improve quality assurance efforts. Migration of Git repositories should be completed by June 7, though they will continue to be mirrored on Savannah until "at least" May 2026. LWN covered Guix in February 2024.

The announcement of the openSUSE Leap 16.0 beta contained something of a surprise—along with the usual set of changes and updates, it informed the community of the retirement of "the traditional YaST stack" from Leap. The YaST ("Yet another Setup Tool") installation and configuration utility has been a core part of the openSUSE distribution since its inception in 2005, and part of SUSE Linux since 1996. It will not, immediately, be removed from the openSUSE Tumbleweed rolling-release distribution, but its future is uncertain and its fate is up to the larger community to decide.

Everything still looks fairly normal - we've got a bit more commits than we did in rc5, which isn't the trend I want to see as the release progresses, but the difference isn't all that big and it feels more like just the normal noise in timing fluctuation in pull requests of fixes than any real signal.

So I won't worry about it. We've got another two weeks to go in the normal release schedule, and it still feels like everything is on track.

Lance Albertson writes that the Oregon State University Open Source Lab has been funded for the next year, following his announcement in April that the future of OSL was in jeopardy. OSL is now focusing on becoming self-sustainable long term.

The recent support was amazing for our immediate team needs. But for the OSL to thrive long-term, we need a sustainable financial foundation. This is crucial, as the university expects units like ours to become self-sufficient beyond this current year.

So, our big focus this next year is locking in ongoing support – think annualized pledges, different kinds of regular income, and other recurring help. This is vital, especially with potential new data center costs and hardware needs. Getting this right means we can stop worrying about short-term funding and plan for the future: investing in our tech and people, growing our awesome student programs, and serving the FOSS community. We're looking for partners, big and small, who get why foundational open source infrastructure matters and want to help us build this sustainable future together.

Greg Kroah-Hartman has announced the release of the 6.14.6, 6.12.28, 6.6.90, 6.1.138, and 5.15.182 stable kernel versions.

The GNOME Foundation has announced the hiring of Steven Deobald as its new executive director.

Perhaps tired of waiting, the packager decided to try a different avenue to get the remaining Deepin components into openSUSE skirting the review requirements. In January 2025, during routine reviews, we stumbled upon the deepin-feature-enable package, which was introduced on 2021-04-27 without consulting us or even informing us. This innocently named package implements a "license agreement dialog" which basically explains that the SUSE security team has doubts about the security of Deepin, but to properly use Deepin, certain components need to be installed anyway. Thus, if the user does not care about security then "the license" should be accepted.

Asynchronous I/O delivers the most noticeable gains in cloud environments where storage is network-attached, such as Amazon EBS volumes. In these setups, individual disk reads often take multiple milliseconds, introducing substantial latency compared to local SSDs.

With traditional synchronous I/O, each of these reads blocks query execution until the data arrives, leading to idle CPU time and degraded throughput. By contrast, asynchronous I/O allows Postgres to issue multiple read requests in parallel and continue processing while waiting for results. This reduces query latency and enables much more efficient use of available I/O bandwidth and CPU cycles.

• Front: Debian and essential packages; Custom BPF OOM killers; Speculation barriers for BPF programs; More LSFMM+BPF 2025 coverage.
• Briefs: Deepin on openSUSE; AUTOSEL; Mission Center 1.0.0; OASIS ODF; Redis license; USENIX ATC; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Anton Protopopov led a short discussion at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit about amount of memory used by hash tables in BPF programs. He thinks that the current memory layout is inefficient, and wants to split the structure that holds table entries into two variants for different kinds of maps. When that proposal proved uncontroversial, he also took the chance to talk about a bug in BPF's call instruction.