LWN.net

Security updates for Tuesday
[$] Indirect calls in BPF
Anton Protopopov kicked off the BPF track on the second day of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit with a discussion about permitting indirect calls in BPF. He also spoke about his continuing work on static keys, a topic which is related because the implementation of indirect jumps and static keys in the verifier use some of the same mechanisms for tracking indirect control-flow. Although some design work remains to be done, it may soon be possible to make indirect calls in BPF without any extra work compared to normal C.
RISC-V images for Fedora Linux 42
The Fedora Project's RISC-V special-interest group (SIG) has announced the availability of Fedora Linux 42 images for supported RISC-V boards, as well as QEMU and container images. The SIG is working toward making RISC-V a primary architecture for Fedora, and has made significant progress in the past year.
Our upstreaming work continues apace, and we want to acknowledge that none of this progress would be possible without the incredible collaboration from maintainers across the Fedora Project and beyond. Thank you to everyone who reviewed, accepted, merged, and built our patches. Your support makes this architecture possible.
We're also excited about just how many packages build cleanly without special treatment or overlay repositories that need to be cared for. RISC-V is becoming just another architecture, and that's exactly how it should be.
Template strings accepted for Python 3.14
The Python Steering Council accepted PEP 750 ("Template Strings") on April 10. LWN covered the discussion around the proposal, including the substantial revisions to the idea that were needed for it to be accepted. Template strings (t-strings) are a new kind of string that produces structured data instead of a raw string, allowing library authors to build their own custom template-handling logic. Since the approval happened before the cutoff for new features (May 6), support for template strings will be included in Python 3.14, scheduled for October 2025.
[$] Owen Le Blanc: creator of the first Linux distribution
Ask a Linux enthusiast who created the Linux kernel, and odds are they will have no trouble naming Linus Torvalds—but many would be stumped if asked what the first Linux distribution was, and who created it. Some might guess Slackware, or its predecessor, Softlanding Linux System (SLS); both were arguably more influential but arrived just a bit later. The first honest-to-goodness distribution with a proper installer was MCC Interim Linux, created by Owen Le Blanc, released publicly in early 1992. I recently reached out to Le Blanc to learn more about his work on the distribution, what he has been doing since, and his thoughts on Linux in 2025.
Security updates for Monday
Kernel prepatch 6.15-rc3
Three stable kernels
EU OS: A European Proposal for a Public Sector Linux Desktop (The New Stack)
EU OS is not a brand-new Linux distribution in the traditional sense. Instead, it is a proof-of-concept built atop Fedora's immutable KDE Plasma spin (Kinoite). EU OS takes a layered approach to customization. The project's vision is to provide a standard, adaptable Linux base that can be extended with national, regional or sector-specific customizations, making it suitable for a wide range of European public sector needs.
[$] The problem of unnecessary readahead
[$] Tracepoints for the VFS?
Security updates for Friday
Ubuntu 25.04 released
Tor Browser 14.5 released
Version 14.5 of the Tor Browser has been released. Notable features in this release include the addition of Connection Assist for the Android version of the Tor Browser, and language support for Belarusian, Bulgarian, and Portuguese for all versions of the browser.
Should Tor Browser fail to establish a direct connection to the Tor network, Connection Assist will offer to find and try bridges for you. But before this feature could be made available on Android, we had to embark on a multi-year effort to refactor our tor integration across each platform first. This project has now reached an important milestone, and we're proud to announce the release of Connection Assist for Android today.See the full changelog for all changes in this release, and the issues page for known problems.
[$] Memory controller performance improvements
Security updates for Thursday
[$] LWN.net Weekly Edition for April 17, 2025
- Front: APT 3.0; Fedora 42; Lots more LSFMM+BPF coverage.
- Briefs: CVE funding; Yelp vulnerability; Fedora 42; Manjaro 25.0; GCC 15; Pinta 3.0; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
[$] What's new in APT 3.0
Debian's Advanced Package Tool (APT) is the suite of utilities that handle package management on Debian and Debian-derived operating systems. APT recently received a major upgrade to 3.0 just in time for inclusion in Debian 13 ("trixie"), which is planned for release sometime in 2025. The version bump is warranted; the latest APT has user-interface improvements, switches to Sequoia to verify package signatures, and includes solver3—a new solver that is designed to improve how it evaluates and resolves package dependencies.
Catanzaro: Dangerous arbitrary file read vulnerability in Yelp
GNOME contributor Michael Catanzaro has written a blog post about a noteworthy vulnerability in GNOME's help browser, Yelp.
I don't normally blog about particular CVEs, but Yelp CVE-2025-3155 is noteworthy because it is quite severe, public for several weeks now, and not yet fixed upstream. In short, help files can read your filesystem and execute arbitrary JavaScript code, allowing an attacker to exfiltrate any files your Unix user has access to.The vulnerability was first reported on December 25, and it was made public on March 26 after the 90-day-disclosure deadline was reached. Patches have been proposed to fix the issue. The bug reporter has published a writeup demonstrating the attack. Catanzaro asks that Linux vendors "please consider applying the provided patches even though they have not yet been accepted upstream".