The openSUSE project has announcedthat future installations of the Tumbleweed rolling distribution will useSELinux for mandatory access control rather than AppArmor. Existinginstallations will not be migrated, and AppArmor will continue to bemaintained for Tumbleweed. The openSUSE Leap15 distribution is not changing.
Huge pages can increase the performance of many programs, but they can alsohave unfortunate performance impacts of their own. Over the last fewyears, multi-size transparent huge pages (mTHPs) have increasingly beenseen as a happy medium that bring the benefits of huge pages at a lower cost.The system cannot benefit from mTHPs, though, if it does not create them;two developers have independently posted patches to enable the creation ofmTHPs in the background.
The Codeberg development forge hasrecently been subject to sustained attacks resulting in, among otherthings, abusive email being sent to the site's users. The organization hasnow put up adescription and a defiant response:
While large language models and the expensive hardware they require are allthe rage now, other areas of artificial intelligence work within much moreconstrained hardware environments. At FOSDEM2025, Jon Nordby presentedhis open-source machine-learning inference engine for microcontrollers,named emlearn. The projectalso boasts bindings for MicroPython,thus making machine-learning applications even more accessible.
Security updates have been issued by AlmaLinux (firefox, kernel, kernel-rt, tbb, and thunderbird), Debian (bind9, cacti, pam-pkcs11, and ruby2.7), Fedora (bind, bind-dyndb-ldap, chromium, crun, and java-21-openjdk), Mageia (calibre, nginx, python-ansible-core, python-jinja2, python-pip, python-setuptools, python-twisted, and python-waitress), Red Hat (doxygen, firefox, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, tbb, and thunderbird), SUSE (go1.24, govulncheck-vulndb, java-1_8_0-openj9, kernel, openssl-3, ovmf, python3-numpy, python311, python36, qemu, and skopeo), and Ubuntu (bluez and openssl).
Most Linux systems depend on a suite of core utilities that the GNU Project started development ondecades ago and are, of course, written in C. At FOSDEM2025, Sylvestre Ledrumade the case in hismain stage talk that modern systems require safer, moremaintainable tools. Over the past few years, Ledru has led the chargeof rewriting the GNUCore Utilities (coreutils) in Rust, as the MIT-licensed uutils project. The goal is tooffer what he said are more secure, and more performant drop-inreplacements for the tools Linux users depend on. At FOSDEM, Ledruannounced that the uutils project is setting its sights evenhigher.
High-performance networking is a highly tuned activity; the amount of timeavailable to deal with each packet may be measured in nanoseconds, so caremust be taken to avoid anything that might slow the process down.Recently, there has been a fair amount of attention given to a patch setmerged for 6.13 that, it is claimed, can improve processing efficiency(and, thus, power savings)in data centers by as much as 30%. The change itself, contributed by JoeDamato and Martin Karsten, is a relatively small tweak to existingoptimization techniques; it shows just how much care is needed to optimizea high-bandwidth server.
Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim).
Miguel Ojeda gavea keynote atFOSDEM2025 about the history of theRust-for-Linuxproject, and the current attitude of people in the kernel community toward theexperiment. Unlike hisusual talks, this talk didn't focus so much on the currentstate of the project, but rather on discussing historyand predictions for the future. He ended up presenting quotes from more than 30people involved in kernel development about what they thought of the project andexpected going forward.
Version1.4.0 of Arti, the Tor Project's next-generationTor client written in Rust, has been released. Notable improvements inthis release include a new RPCinterface, and preparatory work toward service-side onion servicedenial-of-service resistance. The release is dedicated to the memory of Jeremy Bobbio,better known by many as "Lunar". For full details on the release, seethe changelog.
The BPF verifier is charged with thechallenging task of ensuring that a BPF program is safe for the kernel torun before that program is loaded. Among many other concerns, the verifiermust ensure that any kfuncs (kernel functions that have been exported toBPF programs) are called with the correct parameters and from the rightcontext. The "context" part of that enforcement is showing its age in waysthat are hurting performance; Juntong Deng has been working oninfrastructure to provide finer-grained control over when a kfunc can becalled.
Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc).
Jonathan Bryce has announced two open community meetings to hearinput on the topic of the OpenInfraFoundation migrating to the Linux Foundation. Brycewrote that the OpenInfra board has carefully evaluated its options,and sees joining the Linux Foundation as the best way forward.Like the Linux Foundation, the OpenInfra Foundation is 501(c)(6)nonprofit. According to the FAQ,OpenInfra "is in great health, financially and otherwise" witha growth in membership of about 15% in the last year. However, itsneeds in 2025 are different than when it was founded as the OpenStackFoundation in 2012.
Version 25.2 of the LibreOffice productivity suite is out. Changes includethe ability to remove all personal information from any document, supportfor ODF version1.4, a number of accessibility improvements, and more;see therelease notes for details.
Version24.10.0 of the OpenWrt router-oriented distribution has been released.Changes include an update to the 6.6 kernel, use of access control lists onlarger systems, multipath TCP support, better WiFi6 support, thebeginning of WiFi7 support, and more.
Open source is often described as a "gift economy"-anecosystem where contributors are motivated by a desire to make theworld a better place. That is, sometimes, true. However, JamesBottomley used his maintrack slot at FOSDEM 2025,on February1, to make the case that it is better to bank on theselfish motivations of individuals to drive community success than torely on their altruism.
Security updates have been issued by Debian (asterisk and chromium), Fedora (FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, and SimGear), Mageia (bind, chromium-browser-stable, python-django, and vim), Oracle (buildah, bzip2, firefox, keepalived, mariadb:10.11, and podman), Slackware (curl, mariadb, and mozilla), SUSE (cargo-audit-advisory-db-20250204 and python311-scikit-learn), and Ubuntu (ckeditor, krb5, and ruby2.7).
Over the past year or so, LWN has added a number of useful newfeatures for our subscribers to enhance the experience of reading andcommenting on our content. Those features are of little use, however,to readers who do not know about them. It has been more than a decadesince we last provided atour of the site-it seems that another is inorder. Walk this way for a look at the LWN kernel source database (KSDB),enhanced commenting features, EPUB downloads, and more.
Jake Hillion gavea presentation atFOSDEM about usingsched_ext, the BPFscheduling framework that was introduced in kernel version 6.12, to help findelusive concurrency problems. In collaboration with Johannes Bechberger, he hasbuilt a scheduler that can reveal theoretically possible but unobservedconcurrency bugs in test code in a few minutes. Since their scheduler onlyrelies on mainline kernel features, it can theoretically be applied to anyapplication that runs on Linux - although there are a number of caveats sincethe project is still in its early days.
Security updates have been issued by Debian (firefox-esr), Fedora (fastd, ovn, and yq), Mageia (libreoffice), Slackware (mozilla), SUSE (google-osconfig-agent, grafana, helm, and rime-schema-all), and Ubuntu (linux-azure, linux-azure-5.4, linux-lowlatency, openjdk-17, openjdk-21, openjdk-23, openjdk-8, and openjdk-lts).
Jeff Xu has been working ona patch set that makes certain mappings in a process's address spaceimpossible to change, sealing them against tampering. This has some potentialsecurity benefits - mainly, makingsure that someone cannot relocate thevsyscall andvDSO mappings - but some kernel developers haven'tbeen impressed with the patches.While the core functionality (sealing the mappings) is sound, some of thesupporting code for enabling and disabling the new feature caused concern bygoing against the normal design for such things. Reviewers also questionedhow this feature would interact with checkpointing and with sandboxing.
Version135.0 of the Firefox web browser has been released. Changes includemore languages for the translations feature, increasing roll-out of thecredit-card autofill and AI chatbot features, and (perhaps most welcome):
By the time that Linus Torvalds released6.14-rc1 and closed the merge window for this development cycle, some9,307 non-merge changesets had been pulled into the mainlinerepository - the lowest level of merge-window activity seen in years.There were, nonetheless, a number of interesting changes in the5,000 commits pulled since thefirst-half merge-window summary was written.
Matthias Clasen has written a short update on a GTK hackfest thattook place at FOSDEM and what'scoming in GTK 4.18. This includes fixes for pointer sizes in Waylandwhen fractional scaling is enabled, removal of the old GL renderer infavor of the GLrenderer introduced in GTK4.13.6, and deprecation of X11 and Broadway backends with intentto remove them in GTK 5.The deprecated backends will remain available until then, and noaction is required by developers at this time, Clasen wrote: "Thereis no need to act on deprecations until you are actively porting yourapp to the next major version of GTK, which is not on the horizonyet".
Version 2.44 of the GNU Binutils package has been released. Perhaps themost significant change is the absence of the "gold" linker, which isdeprecated and about to disappear entirely. Gold appeared in 2008 with some fanfare as a fasterlinker, but it has suffered from a lack of maintenance in recent years.This release also includes some architecture-specific assemblerimprovements, and some (non-gold) linker enhancements.
The6.13.1,6.12.12,6.6.75,6.1.128,5.15.178,5.10.234, and5.4.290stable kernel updates have all been released; each contains another set ofimportant fixes.
Julia, a free, general-purposeprogramming language aimed at science, engineering, and related arenas oftechnical computing, has steadily improved and widened its scope ofapplication since its initial publicrelease in2012. As part of its 1.11release from late 2024, Julia made several inroads into areasoutside of its traditional focus, provided its users with advances intooling, and has seen several improvements in performance and programmerconvenience. These recent developments in andaround Julia go a long way to answer several longstanding complaints fromboth new and experienced users. We last lookedin on the language one year ago,for its previous major release, Julia1.10.
The election to replace outgoing openSUSE board members isunderway, with four candidates vying for three seats. The election wasinitially scheduled to be completed in December, but the timeline was extendeddue to too few candidates standing for the seats. Voting closes onFebruary2 and the results are expected to be announced onFebruary3.
The Linux Foundation has published itslong-awaited article on international sanctions and open-sourcedevelopment. This is the reasoning that went into the removal of a group of Russian kernelmaintainers in October.
Security updates have been issued by AlmaLinux (libsoup), Debian (debian-security-support and redis), Fedora (expat, java-21-openjdk, lemonldap-ng, and phpMyAdmin), Mageia (chromium-browser-stable and git-lfs), Oracle (bzip2, git-lfs, libsoup, mariadb:10.11, mariadb:10.5, python-jinja2, redis, and unbound), Red Hat (git-lfs, libsoup, python-jinja2, rsync, and unbound), SUSE (buildah, chromium, google-osconfig-agent, govulncheck-vulndb, hauler, ignition, krb5, libxml2, python311-pydantic, SDL2_sound, and trivy), and Ubuntu (jquery, linux-azure, linux-azure-4.15, linux-azure-5.15, linux-hwe-5.4, linux-oracle, and mysql-8.0).
While the path toward the ability to write device drivers in Rust has beenanything but smooth, steady progress has been made and that goal is closeto being achieved - for some types of drivers at least. Device driversneed to be able to set up memory areas for direct memory access (DMA)transfers, though; that means Rust drivers will need a set ofabstractions to interface with the kernel's DMA-mapping subsystem. Thoseabstractions have run into resistance that has the potential to blockprogress on the Rust-for-Linux project as a whole.
Visitors to the freedesktop.orgGitLab instance are currently being greeted with a message noting thatthe company who has been hosting it for free for nearly five years, Equinix, hasasked that it be moved (or start being paid for) by the end of April. Theissueticket opened by Benjamin Tissoires in order to track the planning of a move is clear that the project is grateful forthe gift:"First, I'd like to thank Equinix Metal for the years of support they gave us. They were very kind and generous with us and even if it's a shame we have to move out on a short notice, all things come to an end."The current cost for the services, much of which is for 50TB of bandwidth data transferper month and a half-dozen beefy servers for running continuous-integration(CI) jobs, comes to around $24,000 per month. Tissoires believes that theproject should start paying for service somewhere, in order to avoidupheaval of this sort, sometimes on short or no notice. "I personallythink we better have fd.o pay for its own servers, and then have sponsorschip in. This way, when a sponsor goes away, it's technically much simplerto just replace the money than change datacenter." Various options arebeing discussed there, but any move is likely to disrupt normal servicesfor a week or more.
Version 2.41 of the GNUC Library has been released. Changes include a number of test-suiteimprovements, strict-error support in the DNS stub resolver, wrappers forthe the sched_setattr()and sched_getattr() system calls,Unicode 16.0.0 support,improved C23 support,support for extensible restartablesequences,Guarded Control Stack support on 64-bit Arm systems,and more.
The Thunderbird project has announcedthat it is making its Releasechannel the default download beginning with the 135.0 release inMarch. This will move users to major monthly releases instead of theannual major Extended Support Release (ESR) that is the currentdefault.
Version 6.9 of the Incus container and virtual-machine management system has been released. Changes include a command to provide virtual machine memory dumps, ability to set network ACLs for instances on bridged networks, and more.
LWN.net