The out-of-memory (OOM) killer has long been a scary and controversial part
of the Linux kernel. It is summoned from some dark place when the system
as a whole (or, more recently, any given control group) is running so low
on memory that further allocations are not possible; its job is to kill off
processes until a sufficient amount of memory has been freed. Roman
Gushchin has found a way to make the OOM killer even scarier: adding the
ability to
load
custom OOM killers in BPF.
Security updates have been issued by Debian (expat, fig2dev, firefox-esr, golang-github-gorilla-csrf, jinja2, libxml2, nagvis, qemu, request-tracker4, request-tracker5, u-boot, and vips), Fedora (firefox, giflib, and thunderbird), Mageia (imagemagick), Red Hat (thunderbird), SUSE (amber-cli, libjxl, and redis), and Ubuntu (h2o, poppler, and postgresql-10).
Inside this week's LWN.net Weekly Edition:
- Front: Mailman 2 vulnerabilities; AI in Debian; __nonstring__; Cache-aware scheduling; Freezing filesystems; Socket-level storage; Debugging information; LWN in 2025.
- Briefs: Debian election; Kali Linux key; OpenBSD 7.7; Firefox 138.0; GCC 15.1; Meson 1.8.0; Valgrind 3.25.0; FSF review; OSI retrospective; Mastodon; Quotes; ...
- Announcements: Newsletters, conferences, security updates, patches, and more.
Lance Albertson
writes
that the Oregon State University Open Source Lab, the home of many
prominent free-software projects over the years, has run into financial
trouble:
I am writing to inform you about a critical and time-sensitive
situation facing the Open Source Lab. Over the past several years,
we have been operating at a deficit due to a decline in corporate
donations. While OSU's College of Engineering (CoE) has generously
filled this gap, recent changes in university funding have led to a
significant reduction in CoE's budget. As a result, our current
funding model is no longer sustainable and CoE needs to find ways
to cut programs.
Earlier this week, I was informed that unless we secure $250,000 in
committed funds, the OSL will be forced to shut down later this
year.
Many eyebrows were raised recently when three vulnerabilities were announced
that allegedly impact GNU Mailman 2.1,
since many folks assumed that it was no longer being supported. That's
not quite the case. Even though version 3 of
the GNU Mailman mailing-list manager has been available
since 2015, and version 2 was declared (mostly) end of life
(EOL) in 2020, there are still plenty of users and projects still
using version 2.1.x. There is, as it turns out, a big difference between
mostly EOL and actually EOL. For example: WebPros, the company behind the cPanel server and web-site-management
platform, still maintains a port of
Mailman 2.1.x to Python 3 for its customers and was
quick to respond to reports of vulnerabilities. However, the
company and upstream Mailman project dispute that the CVEs are
valid.
Modern compilers perform a lot of optimizations, which can complicate debugging.
Song Liu and Thierry Treyer spoke about a potential improvement to
BPF Type Format (BTF) debugging information that could partially combat that
problem at the 2025 Linux Storage, Filesystem,
Memory-Management, and BPF Summit.
They want to add information on selectively inlined functions to BTF in order to
better support tracing tools.
Treyer participated remotely.
The Free Software Foundation has
announced
the completion of the review of its board of directors; the process
resulted in the reconfirmation of all five sitting board members.
The review examined board members Ian Kelling, Geoffrey Knauth,
Henry Poole, Richard Stallman, and Gerald Sussman. The process
generated detailed philosophical and policy discussions between
board members and the FSF's global associate members on topics
ranging from the firmness of the Free Software Definition,
developments in machine learning, to the board's president
position.
Just over six months ago, The Economist described the US economy as "
the envy of the
world". That headline would be unlikely to appear now. The economic
boom referenced in that article feels like a distant memory, markets are
falling, and uncertainty is at an all-time high. Like everybody else, LWN
is affected by the current turbulence in the political and economic
spheres; we expect to get through this period, but there will be some
challenges.
Security updates have been issued by Debian (glibc and libraw), Fedora (digikam, icecat, mingw-LibRaw, perl, perl-Devel-Cover, and perl-PAR-Packer), Red Hat (ghostscript, kernel, and kernel-rt), Slackware (mozilla), SUSE (augeas, firefox, and java-11-openjdk), and Ubuntu (binutils, libxml2, and nodejs).
The LWN.net fediverse (Mastodon) feed has moved; we are now known as
@LWN@lwn.net. The migration magic has
shifted many of our followers over automatically but, if you follow that
stream, you might want to make sure that you have shifted to the new
source.