4 hónap 3 hét óta
The New Stack
looks
at EU OS, an attempt to create a desktop system for the European public
sector.
EU OS is not a brand-new Linux distribution in the traditional
sense. Instead, it is a proof-of-concept built atop Fedora's
immutable KDE Plasma spin (Kinoite). EU OS takes a layered approach
to customization. The project's vision is to provide a standard,
adaptable Linux base that can be extended with national, regional
or sector-specific customizations, making it suitable for a wide
range of European public sector needs.
corbet
4 hónap 3 hét óta
The final session in the memory-management track of the 2025 Linux Storage,
Filesystem, Memory-Management, and BPF Summit was a brief, last-minute
addition run by Kalesh Singh. The kernel's readahead mechanism is
generally good for performance; it ensures that data is present by the time
an application gets around to asking for it. Sometimes, though, readahead
can go a little too far.
corbet
4 hónap 3 hét óta
Adding tracepoints to some kernel subsystems has been controversial—or
disallowed—due to
concerns about the user-space
ABI that they might create. The virtual filesystem (VFS) layer has
long been one of the subsystems that has not allowed any tracepoints, but
that may be changing. At the 2025 Linux Storage, Filesystem, Memory
Management, and BPF Summit (LSFMM+BPF), Ted Ts'o led a discussion about
whether the ABI concerns are outweighed by the utility of tracepoints for
the VFS.
jake
4 hónap 3 hét óta
Security updates have been issued by Debian (graphicsmagick and libapache2-mod-auth-openidc), Fedora (giflib, mod_auth_openidc, mysql8.0, perl, perl-Devel-Cover, perl-PAR-Packer, perl-String-Compare-ConstantTime, rust-openssl, rust-openssl-sys, trunk, and workrave), Mageia (chromium-browser-stable and rust), Oracle (java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, kernel, libreoffice, and webkit2gtk3), Red Hat (gvisor-tap-vsock), SUSE (containerd, docker, docker-stable, forgejo, GraphicsMagick, libmozjs-115-0, perl-32bit, poppler, subfinder, and thunderbird), and Ubuntu (erlang and ruby2.3, ruby2.5).
daroc
4 hónap 3 hét óta
Version
25.04 ("Plucky Puffin") of the Ubuntu Linux distribution has been
released. This release includes Linux 6.14, GNOME 48,
APT 3.0, and introduces a
Arm64
desktop ISO to install Ubuntu Desktop on Arm64 systems. This is an
interim release, with support through January 2026. See the
release
notes for a detailed list of new features and changes.
jzb
4 hónap 3 hét óta
Version
14.5 of the Tor
Browser has been released. Notable features in this release
include the addition of Connection Assist for the Android version of
the Tor Browser, and language support for Belarusian, Bulgarian, and
Portuguese for all versions of the browser.
Should Tor Browser fail to establish a direct connection to the Tor
network, Connection Assist will offer to find and try bridges for
you. But before this feature could be made available on Android, we
had to embark on a multi-year effort to refactor our tor integration
across each platform first. This project has now reached an important
milestone, and we're proud to announce the release of Connection
Assist for Android today.
See the full
changelog for all changes in this release, and the issues
page for known problems.
jzb
4 hónap 3 hét óta
The kernel's memory controller works within the control-group mechanism to
enforce memory-usage limits on groups of processes. This component has
often had performance problems, so there is continual interest in
optimizing it. Shakeel Butt led a session during the memory-management
track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF
Summit to look at the current state of the memory controller and what can
be done to reduce its overhead.
corbet
4 hónap 3 hét óta
Security updates have been issued by Debian (chromium and libapache2-mod-auth-openidc), Oracle (expat, freetype, glibc, grub2, gvisor-tap-vsock, and kernel), Red Hat (grub2 and webkit2gtk3), and SUSE (apache2-mod_auth_openidc, cosign, gitoxide, govulncheck-vulndb, GraphicsMagick, haproxy, hauler, mozjs52, oci-cli, pam, perl-Data-Entropy, poppler, python-lxml-doc, python311-aiohttp, rekor, rubygem-rexml, and webkit2gtk3).
jake
4 hónap 3 hét óta
Inside this week's LWN.net Weekly Edition:
- Front: APT 3.0; Fedora 42; Lots more LSFMM+BPF coverage.
- Briefs: CVE funding; Yelp vulnerability; Fedora 42; Manjaro 25.0; GCC 15; Pinta 3.0; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
corbet
4 hónap 3 hét óta
Debian's Advanced Package Tool (APT) is the suite of utilities that handle package
management on Debian and Debian-derived operating systems. APT recently received a
major upgrade to 3.0 just in time for inclusion in Debian 13
("trixie"), which is planned for release sometime in 2025. The version bump is
warranted; the latest APT has user-interface improvements, switches to Sequoia to verify package
signatures, and includes solver3—a new solver that is designed to improve
how it evaluates and resolves package dependencies.
jzb
4 hónap 3 hét óta
GNOME contributor Michael Catanzaro has written a blog
post about a noteworthy vulnerability in GNOME's help browser, Yelp.
I don't normally blog about particular CVEs, but Yelp CVE-2025-3155 is
noteworthy because it is quite severe, public for several weeks now,
and not yet fixed upstream. In short, help files can read your
filesystem and execute arbitrary JavaScript code, allowing an attacker
to exfiltrate any files your Unix user has access to.
The vulnerability was first reported on December 25, and it
was made public on March 26 after the 90-day-disclosure deadline
was reached. Patches
have been proposed to fix the issue. The bug reporter has published a writeup
demonstrating the attack. Catanzaro asks that Linux vendors
"please consider applying the provided patches even though they
have not yet been accepted upstream".
jzb
4 hónap 3 hét óta
Allowing directories to be modified in parallel was the topic of Jeff
Layton's filesystem-track session at the 2025 Linux Storage, Filesystem,
Memory Management, and BPF Summit (LSFMM+BPF). There are certain use
cases, including for the NFS and Lustre filesystems, as mentioned in a
patch set
referenced in the
topic
proposal, where contention in creating multiple files in a directory is
causing noticeable performance problems. In some testing, Layton has found
that the inode read-write semaphore (i_rwsem) for the directory is
serializing operations; he wanted to discuss alternatives.
jake
4 hónap 3 hét óta
The BPF verifier is not magic; it cannot solve the
halting problem. Therefore,
it has to err on the side of assuming that a program will run too long if it
cannot prove that the program will not.
The ultimate check on the size of a BPF program is the
one-million-instruction limit — the verifier will refuse to process more than
one-million instructions, no matter what a BPF program does. Alexei Starovoitov gave
a talk at the 2025 Linux Storage, Filesystem,
Memory-Management, and BPF Summit about that limit,
why correctly written BPF programs shouldn't hit it, and how to make the user
experience of large BPF programs better in the future.
daroc
4 hónap 3 hét óta
Sergiu Gatlan reports
that the US government has extended funding for the Common
Vulnerabilities and Exposures (CVE) program, following yesterday's reports that funding
would run out as of April 16.
"The CVE Program is invaluable to cyber community and a priority of
CISA," the U.S. cybersecurity agency told BleepingComputer. "Last
night, CISA executed the option period on the contract to ensure there
will be no lapse in critical CVE services. We appreciate our partners'
and stakeholders' patience."
The article also mentions the launch of a CVE Foundation, to
transition the CVE program to a dedicated foundation and eliminate
"a single point of failure in the vulnerability management
ecosystem", as well as a European vulnerability
database (EUVD) backed by the European Union Agency for
Cybersecurity (ENISA). Details on these initiatives are scant at the
moment, and it is unclear whether restoration of funding will have any
impact on these efforts.
jzb
4 hónap 3 hét óta
As a system runs, its memory becomes fragmented; it does not take long
before the allocation of large, physically contiguous memory ranges becomes
difficult or impossible. The
contiguous memory
allocator (CMA) is a kernel subsystem that attempts to address this
problem, but it has never worked as well as some would like. Two sessions
in the memory-management track at the 2025 Linux Storage, Filesystem,
Memory-Management, and BPF Summit looked at how CMA can be improved; the
first looked at providing guaranteed allocations, while the second
addressed some inefficiencies in CMA.
corbet
4 hónap 3 hét óta
Security updates have been issued by AlmaLinux (gvisor-tap-vsock, kernel, and kernel-rt), Fedora (chromium, dnf, dotnet9.0, golang, lemonldap-ng, mariadb10.11, perl-Crypt-URandom-Token, perl-DBIx-Class-EncodedColumn, php-tcpdf, podman-tui, and trunk), Red Hat (java-17-openjdk and kernel), Slackware (mozilla), SUSE (apache2-mod_auth_openidc, cosign, etcd, expat, flannel, kernel, libsqlite3-0, libvarnishapi3, mozjs52, Multi-Linux Manager 4.3: Server, Multi-Linux Manager 5.0: Server, Proxy and Retail Server, pgadmin4, rekor, rsync, rubygem-bundler, and webkit2gtk3), and Ubuntu (7zip, Docker, and quickjs).
jzb
4 hónap 3 hét óta
In the first filesystem-track session at the 2025 Linux Storage,
Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), virtual
filesystem (VFS) layer co-maintainer Christian Brauner had a few different
topics he wanted to talk about. Issues on the agenda
included iterating through anonymous mount namespaces, a needed feature
for ID-mapped mounts, the perennial unprivileged mounts topic, potentially
using hazard pointers for file reference counting, and Rust bindings. He
did not expect to get through all of them in the 30 minutes allotted, but
the session did move along pretty quickly to at least
introduce them to the assembled filesystem developers.
jake
4 hónap 3 hét óta
Security Week is one of several outlets
reporting
that the funding for the CVE program at MITRE disappears as of
April 16.
Maintained by MITRE Corporation, a not-for-profit organization that
operates federal R&D centers, the CVE program is funded through
multiple channels, including the U.S. government, industry
partnerships, and international organizations.
Earlier this month, in anticipation of the US government funding
cuts, MITRE initiated layoffs that affected more than 400 employees
in its Virginia office. The cuts were ordered after the Trump
administration announced more than $28 million in canceled
contracts for the company.
corbet
4 hónap 3 hét óta
Version
25.0 ("Zetar") of the Arch-based Manjaro Linux
distribution is now available. This release includes Linux kernel 6.12,
GNOME 48, KDE 6.3, Xfce 4.18, and more.
jzb
4 hónap 3 hét óta
The Fedora Project has announced
the release of Fedora Linux 42, with "what's new" articles for Fedora Workstation
and Fedora KDE Plasma Desktop. There
is also a last-minute warning about the live media for the release:
We discovered a problem with the Live boot media at the last
minute, and since the release was already out of the airlock, we can't
do much about it. It doesn't damage anything, but is annoying: just
booting the Live media adds an unexpected entry to the UEFI boot
loader even when Fedora Linux 42 is not installed to the local
system.
This is primarily a concern when you are dual-booting with a
different operating system, or if you're just running the Live image
and not intending to actually install.
See the release
notes for more information, and LWN's coverage of
Fedora 42.
jzb
Ellenőrizve
10 perc 42 másodperc ago
LWN.net is a comprehensive source of news and opinions from
and about the Linux community. This is the main LWN.net feed,
listing all articles which are posted to the site front page.
Feliratkozás a következőre: Linux Weekly News hírcsatorna