Pi-hole v6 has been released. Thelatest version of the popular ad-blocking software sports a redesigneduser interface, has support for subscribing to allowlists, and bringsa new REST API and embedded web server. Its Docker/OCI image is nowbased on Alpine Linuxrather than Debian to reduce imagesize. See the announcement for guidance on upgrading existing Pi-holeinstallations.
Kernel developers have been working to convert various internal interfaces tousefolios; while this process has been progressing, there is still theoccasional regression introduced by the change. In December2024, it wasdiscovered that installing aFlatpak application could trigger a filesystem bug inthe kernel that would cause the software to read incorrect data from the disk.The problem was quickly fixed - only for an another problem caused by the foliorewrite to pop up in the same kernel subsystem. This was discovered by an ArchLinux user, who noticed that selecting files in a Flatpak application wascausing kernel crashes. Now both bugs are fixed, but there may be more bugs to find.
The 6.12.15 stable kernel update has beenfast-tracked to release. It seems that its predecessor contains aregression in the XFS filesystem that can lead to kernel crashes.
Security updates have been issued by Debian (gnutls28, openssh, and pam-pkcs11), Mageia (microcode and python-cryptography), Oracle (nodejs:18, nodejs:20, and rsync), Red Hat (gcc, nodejs:20, and nodejs:22), SUSE (emacs, kernel, openvswitch, and ucode-intel), and Ubuntu (Docker).
It is a standard practice to use milestones to reflect on theachievements of a project, such as the anniversary of its firstrelease or first commit. Usually, these are observed at five andtenyear increments; the tenth anniversary of the 1.0 release, or 25years since from the first public announcement, etc. LennartPoettering, however, took a different approach at FOSDEM2025 with a keynotecommemorating 14 years of systemd,and a brief look ahead at his goals and systemd's challenges for the future.
Greg Kroah-Hartman has released three more stable kernels:6.13.3,6.12.14, and6.6.78.There was a bit of confusion that resulted in the patch forCVE 2025-21687getting applied twice - but that doesn't result in any problems for users of thekernel, just a bit of extra noise in the CVE database, so Kroah-Hartman hasdecided to leave the releases as-is instead of rushing another point release.
Security updates have been issued by AlmaLinux (container-tools:rhel8, gcc, libxml2, nodejs:18, and nodejs:20), Debian (freerdp2, golang-glog, trafficserver, and tryton-client), Fedora (chromium, krb5, libheif, microcode_ctl, nginx, nginx-mod-fancyindex, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, and webkitgtk), Mageia (ffmpeg, golang, postgresql13 and postgresql15, and python-zipp), Oracle (container-tools:ol8, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, kernel, libxml2, and nodejs:20), Red Hat (gcc, idm:DL1, and ipa), SUSE (buildah, chromium, glibc, kernel, kernel-firmware-all-20250206, libecpg6, postgresql15, python, python3, python311, and ruby3.4-rubygem-rack), and Ubuntu (intel-microcode).
There are many challenges involved with running a web site like LWN. Someof them, such as finding the courage to write for people who know moreabout the subject matter than we do, simply come with the territory we havechosen. But others show up as an unwelcome surprise; the ongoing task offending off bots determined to scrape the entire Internet to (seemingly)feed into the insatiable meat grinder of AI training is certainly one ofthose. Readers have, at times, expressed curiosity about that fight andhow we are handling it; read on for a description of a modern-day plague.
Memcached is a memory-baseddata-caching daemon that has a long history. More than twenty years after its first publicrelease, Memcached strives to remain relevant in a vastly changedcomputing landscape, balancing new features with a commitment to the originalprinciples that separate it from newer alternatives like Redis and Hazelcast.
The Asahi Linux project, which is working to support Linux on Applesilicon, has announced theresignation of Hector "marcan" Martin as its lead, and his replacement by aseven-person committee. "Today's news is bittersweet. We are gratefulto marcan for kicking off this project and tirelessly working on it thesepast years. Our community will miss him. Still, with your support, theproject has a bright future to come". Martin has explained his reasonsfor leaving at length in thisblog post.
The openSUSE project has announcedthat future installations of the Tumbleweed rolling distribution will useSELinux for mandatory access control rather than AppArmor. Existinginstallations will not be migrated, and AppArmor will continue to bemaintained for Tumbleweed. The openSUSE Leap15 distribution is not changing.
Huge pages can increase the performance of many programs, but they can alsohave unfortunate performance impacts of their own. Over the last fewyears, multi-size transparent huge pages (mTHPs) have increasingly beenseen as a happy medium that bring the benefits of huge pages at a lower cost.The system cannot benefit from mTHPs, though, if it does not create them;two developers have independently posted patches to enable the creation ofmTHPs in the background.
The Codeberg development forge hasrecently been subject to sustained attacks resulting in, among otherthings, abusive email being sent to the site's users. The organization hasnow put up adescription and a defiant response:
While large language models and the expensive hardware they require are allthe rage now, other areas of artificial intelligence work within much moreconstrained hardware environments. At FOSDEM2025, Jon Nordby presentedhis open-source machine-learning inference engine for microcontrollers,named emlearn. The projectalso boasts bindings for MicroPython,thus making machine-learning applications even more accessible.
Security updates have been issued by AlmaLinux (firefox, kernel, kernel-rt, tbb, and thunderbird), Debian (bind9, cacti, pam-pkcs11, and ruby2.7), Fedora (bind, bind-dyndb-ldap, chromium, crun, and java-21-openjdk), Mageia (calibre, nginx, python-ansible-core, python-jinja2, python-pip, python-setuptools, python-twisted, and python-waitress), Red Hat (doxygen, firefox, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, tbb, and thunderbird), SUSE (go1.24, govulncheck-vulndb, java-1_8_0-openj9, kernel, openssl-3, ovmf, python3-numpy, python311, python36, qemu, and skopeo), and Ubuntu (bluez and openssl).
Most Linux systems depend on a suite of core utilities that the GNU Project started development ondecades ago and are, of course, written in C. At FOSDEM2025, Sylvestre Ledrumade the case in hismain stage talk that modern systems require safer, moremaintainable tools. Over the past few years, Ledru has led the chargeof rewriting the GNUCore Utilities (coreutils) in Rust, as the MIT-licensed uutils project. The goal is tooffer what he said are more secure, and more performant drop-inreplacements for the tools Linux users depend on. At FOSDEM, Ledruannounced that the uutils project is setting its sights evenhigher.
High-performance networking is a highly tuned activity; the amount of timeavailable to deal with each packet may be measured in nanoseconds, so caremust be taken to avoid anything that might slow the process down.Recently, there has been a fair amount of attention given to a patch setmerged for 6.13 that, it is claimed, can improve processing efficiency(and, thus, power savings)in data centers by as much as 30%. The change itself, contributed by JoeDamato and Martin Karsten, is a relatively small tweak to existingoptimization techniques; it shows just how much care is needed to optimizea high-bandwidth server.
Security updates have been issued by AlmaLinux (firefox, tbb, and thunderbird), Debian (cacti, libtasn1-6, and rust-openssl), Oracle (galera and mariadb, kernel, raptor2, and thunderbird), SUSE (bind, fq, java-21-openj9, libtasn1-6-32bit, ovmf, python310, python312, python313, python314, rime-schema-all, thunderbird, and wget), and Ubuntu (eglibc, firefox, glibc, linux, linux-aws, linux-lts-xenial, ruby2.3, ruby2.5, and vim).
Miguel Ojeda gavea keynote atFOSDEM2025 about the history of theRust-for-Linuxproject, and the current attitude of people in the kernel community toward theexperiment. Unlike hisusual talks, this talk didn't focus so much on the currentstate of the project, but rather on discussing historyand predictions for the future. He ended up presenting quotes from more than 30people involved in kernel development about what they thought of the project andexpected going forward.
Version1.4.0 of Arti, the Tor Project's next-generationTor client written in Rust, has been released. Notable improvements inthis release include a new RPCinterface, and preparatory work toward service-side onion servicedenial-of-service resistance. The release is dedicated to the memory of Jeremy Bobbio,better known by many as "Lunar". For full details on the release, seethe changelog.
The BPF verifier is charged with thechallenging task of ensuring that a BPF program is safe for the kernel torun before that program is loaded. Among many other concerns, the verifiermust ensure that any kfuncs (kernel functions that have been exported toBPF programs) are called with the correct parameters and from the rightcontext. The "context" part of that enforcement is showing its age in waysthat are hurting performance; Juntong Deng has been working oninfrastructure to provide finer-grained control over when a kfunc can becalled.
Security updates have been issued by Debian (openjdk-17), Fedora (firefox, FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-latest-openjdk, and SimGear), Mageia (gstreamer), Red Hat (firefox, kernel, kernel-rt, libsoup, and python-jinja2), SUSE (bind, curl, dcmtk, etcd, firefox, google-osconfig-agent, krb5, openssl-1_1, podman, python311-cbor2, thunderbird, wget, and xrdp), and Ubuntu (glibc).
Jonathan Bryce has announced two open community meetings to hearinput on the topic of the OpenInfraFoundation migrating to the Linux Foundation. Brycewrote that the OpenInfra board has carefully evaluated its options,and sees joining the Linux Foundation as the best way forward.Like the Linux Foundation, the OpenInfra Foundation is 501(c)(6)nonprofit. According to the FAQ,OpenInfra "is in great health, financially and otherwise" witha growth in membership of about 15% in the last year. However, itsneeds in 2025 are different than when it was founded as the OpenStackFoundation in 2012.
Version 25.2 of the LibreOffice productivity suite is out. Changes includethe ability to remove all personal information from any document, supportfor ODF version1.4, a number of accessibility improvements, and more;see therelease notes for details.
Version24.10.0 of the OpenWrt router-oriented distribution has been released.Changes include an update to the 6.6 kernel, use of access control lists onlarger systems, multipath TCP support, better WiFi6 support, thebeginning of WiFi7 support, and more.
Open source is often described as a "gift economy"-anecosystem where contributors are motivated by a desire to make theworld a better place. That is, sometimes, true. However, JamesBottomley used his maintrack slot at FOSDEM 2025,on February1, to make the case that it is better to bank on theselfish motivations of individuals to drive community success than torely on their altruism.
Security updates have been issued by Debian (asterisk and chromium), Fedora (FlightGear, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk, and SimGear), Mageia (bind, chromium-browser-stable, python-django, and vim), Oracle (buildah, bzip2, firefox, keepalived, mariadb:10.11, and podman), Slackware (curl, mariadb, and mozilla), SUSE (cargo-audit-advisory-db-20250204 and python311-scikit-learn), and Ubuntu (ckeditor, krb5, and ruby2.7).
Over the past year or so, LWN has added a number of useful newfeatures for our subscribers to enhance the experience of reading andcommenting on our content. Those features are of little use, however,to readers who do not know about them. It has been more than a decadesince we last provided atour of the site-it seems that another is inorder. Walk this way for a look at the LWN kernel source database (KSDB),enhanced commenting features, EPUB downloads, and more.
Jake Hillion gavea presentation atFOSDEM about usingsched_ext, the BPFscheduling framework that was introduced in kernel version 6.12, to help findelusive concurrency problems. In collaboration with Johannes Bechberger, he hasbuilt a scheduler that can reveal theoretically possible but unobservedconcurrency bugs in test code in a few minutes. Since their scheduler onlyrelies on mainline kernel features, it can theoretically be applied to anyapplication that runs on Linux - although there are a number of caveats sincethe project is still in its early days.
Security updates have been issued by Debian (firefox-esr), Fedora (fastd, ovn, and yq), Mageia (libreoffice), Slackware (mozilla), SUSE (google-osconfig-agent, grafana, helm, and rime-schema-all), and Ubuntu (linux-azure, linux-azure-5.4, linux-lowlatency, openjdk-17, openjdk-21, openjdk-23, openjdk-8, and openjdk-lts).
Jeff Xu has been working ona patch set that makes certain mappings in a process's address spaceimpossible to change, sealing them against tampering. This has some potentialsecurity benefits - mainly, makingsure that someone cannot relocate thevsyscall andvDSO mappings - but some kernel developers haven'tbeen impressed with the patches.While the core functionality (sealing the mappings) is sound, some of thesupporting code for enabling and disabling the new feature caused concern bygoing against the normal design for such things. Reviewers also questionedhow this feature would interact with checkpointing and with sandboxing.
Version135.0 of the Firefox web browser has been released. Changes includemore languages for the translations feature, increasing roll-out of thecredit-card autofill and AI chatbot features, and (perhaps most welcome):
By the time that Linus Torvalds released6.14-rc1 and closed the merge window for this development cycle, some9,307 non-merge changesets had been pulled into the mainlinerepository - the lowest level of merge-window activity seen in years.There were, nonetheless, a number of interesting changes in the5,000 commits pulled since thefirst-half merge-window summary was written.
Matthias Clasen has written a short update on a GTK hackfest thattook place at FOSDEM and what'scoming in GTK 4.18. This includes fixes for pointer sizes in Waylandwhen fractional scaling is enabled, removal of the old GL renderer infavor of the GLrenderer introduced in GTK4.13.6, and deprecation of X11 and Broadway backends with intentto remove them in GTK 5.The deprecated backends will remain available until then, and noaction is required by developers at this time, Clasen wrote: "Thereis no need to act on deprecations until you are actively porting yourapp to the next major version of GTK, which is not on the horizonyet".
LWN.net