Archive:Features 13.1

(Redirected from Archive:Features)
Jump to: navigation, search

openSUSE 13.1 – Better, Stronger, Greener!

More details on openSUSE 13.1

The following pages go into much detail on what is new in this openSUSE release. Too much information? Check out the Feature highlights instead.

Under the hood

We have upgraded our infrastructure, further integrating new technologies while improving performance, hardware support and configuration. The major changes are featured below.

Linux kernel 3.11

openSUSE 13.1 ships with the latest patch in the 3.11 kernel series. The brisk development pace of the world's largest software engineering project has continued, with no less than four releases since the previous openSUSE version, bringing countless features to our users. We give you an overview of the most noticeable of those.

Performance

Several patches have gone into the various kernels between the current and previous openSUSE release, aiming to improve performance of stressed systems. For example, page reclaim, a kernel function cleaning up memory, used to go wild under certain situations often involving transfer of large amounts of data, like copying a movie to or from a USB stick. Due to some hard work by SUSE developer Mel Gorman, these issues are far less likely to hit, although work is still ongoing in this area. Another memory-related change is the introduction of Zswap. When this compressed swap cache is enabled, it will attempt to compress memory instead of writing it to a disk. This reduces data transfer to slow disks, speeding up systems low on memory.

For heavy systems like multi-CPU servers, the improved NUMA policy redesign, timerless multitasking, rwlock, mutex and SYSV IPC message queue scalability improvements will make a sizeable difference in scalability of certain workloads. In general, the kernel has improved tracking of resources with the introduction of accounting of kernel memory in the memory resource controller and detailed tracking of which pages a program writes. This will enable better decisions on resource allocation and optimizations, both for developers and in-kernel algorithms.

Changes in filesystems

Btrfs introduced a format improvement that makes the tree dedicated to store extent information 30–35% smaller; there is also a new Btrfs feature that allows to quickly replace a disk in a btrfs-based RAID 5/6 array (note that while almost stable, this is not yet officially supported). This release also brings better defragmentation in files shared by snapshots.

Icon-warning.png
Warning: btrfs has a low hardlink limit that you can raise; see section 4.2.1 of the related SLE release notes for details. (Not turning on extended inode refs has caused installation problems of certain openSUSE packages already.)

Ext4 introduces the embedding of very small files in the inode. This makes these tiny files essentially part of the table ext4 uses to look up files on the disk, meaning it will not actually have to look them up, saving thus significant time and even some disk space.

The XFS, the SUSE-recommended choice for large file data storage, gained support for metadata and journal checksums as well as self-describing metadata checksums, bringing greater reliability and error discovery to this filesystem.

New is the filesystem F2FS which is optimized for SSDs and contributed to Linux by Samsung. This filesystem is not tested as much as others, but it is promising for SSD owners looking for the best performance. Talking about performance and SSDs, this release also introduces bcache, which allows a fast device like a SSD to be used as a cache for other block devices like traditional spinning-rust drivers. Find some documentation here. Finally, for big-iron hardware, the experimental support for the Lustre distributed filesystem will certainly be appreciated.

Networking

This openSUSE release brings preliminary client support for NFS 4.2, a new version of the NFS standard under development. In the performance area, this release delivers a neat optimization to users for short network transfers like Web transactions. The TCP Tail loss probe algorithm reduces the "tail latency" of such short transactions. In essence, this code speeds up recovery from transmission errors at the end of short transactions, saving the user the long wait for a timeout. New is also a low latency network polling mechanism, mostly relevant for servers.

Other changes and improvements

Security conscious users will appreciate the ability for their applications to use the new O_TMPFILE open(2) flag for the easy creation of secure temporary files, the expanded namespaces support (bringing filesystems into the fold and giving UTS, IPC, PIDs, and network stack namespaces for unprivileged users) and finally the "labeled NFS" ability which brings full support for SELinux on NFS, allowing more fine-grained security settings.

In the power management area, there is a new suspend power state for devices which can deal with extremely low power states (or have issues with the other suspend states) and, perhaps more relevant for laptop users, experimental dynamic power management for all Radeon GPUs since r600. While the experimental nature means AMD graphics card users will have to enable this by passing the "radeon.dpm=1" module parameter, this can lead to significant power savings.

For ARM, this release introduces support for huge pages improving memory performance and the ARM big.LITTLE architecture that mixes CPUs of different types. It also brings KVM/Xen to ARM64.

As always, there is a huge number of new and improved drivers. As highlights, openSUSE 13.1 now features full support for Chrome OS laptops and the new Intel Haswell hardware.

(thanks to kernel newbies and lwn.net for their invaluable kernel tracking skills!)

glibc 2.18

The latest Glibc introduces improved C11 support, performance related improvements like optimized string functions, new API functions, support for Intel TSX lock elision, and the usual slew of bug fixes.

systemd

Thanks to integration of udev in the latest systemd the labeling of ethernet devices has become persistent across reboots. See also [1]

su(1)

su(1) has been moved from coreutils to util-linux (besides many other changes in both packages).

Samba

Samba 4.1 introduces support for SMB2/3 smbclient connections, transport encryption and server-side copy operations. A new Btrfs Samba VFS module is provided for enhanced server-side copy performance on the Btrfs filesystem. Refer to the release notes for full details.

Freeradius

The freeradius-server has been updated to a feature release 3.0.0, including a lot of new functions like: RADIUS over TLS, packet tracking or coloured log messages See release page for more details.

Bluez 5

BlueZ 5 introduced command line support

Icon-warning.png
Warning: Out of the box, openSUSE 13.1's Plasma Desktop does not work very well with Bluez5. This will be fixed in after-release updates.

openSUSE technologies

The focus in openSUSE tech has been on stability and bugfixes. Both zypper 1.9 and the latest Snapper feature nothing but fixes in various areas.

ARM

openSUSE 13.1 comes with even more ARM ports. In addition to ARMv7, we have now also ARMv6 and AArch64 ports. Having contributed key ARMv8 technologies to the ARM ecosystem like QEMU user mode support, openSUSE is proud to have over 6000 packages for each of these new architectures available for testing.

openSUSE ARM has switched to hard-float to be able to support Raspberry Pi, created a completely new distro for AArch64 and builds all images from a single source kiwi file.

On the architectural side, the team switched to native building for ARMv7 in KVM, and extended OBS build power quite a bit by getting early access to Calxeda's upcoming virtualization-capable hardware. The results of this have been increased build power and speed, bringing over 6000 packages to ARM users.

Documentation

In this release, ActiveDoc replaces doc.opensuse.org and most of the packaged documents in openSUSE. ActiveDoc is a new web app which lowers the barrier to contribution to openSUSE documentation while maintaining the high quality standards and multiple formats in which documentation is available. Check it out here

Free Desktops

KDE

KDE Plasma Desktop is the default in openSUSE, and the 4.11 version of this Free Desktop is a long term supported release. This release brings speed improvements in Desktop Search, file- and window management, improved multi-monitor handling, brand new delayed mail sending feature and scam detection for KDE PIM and much more.

KDE's volume control tool
The Desktop

Plasma's basic widgets have seen several improvements. The battery can handle keyboard brightness and multiple batteries, the menu shows recently installed applications and notifications can now easily be disabled per type. The mixer application introduces interface improvements and MPRIS2 support to control media players. Finally, window management has improved edge detection and quick tiling, better performance and some new animations. The new monitor handling in System Settings has better defaults and remembers settings for monitors manually configured, sporting a visual drag-and-drop interface.

The Applications
Send Later feature

In KDE PIM, the new Send Later feature in KDE's email client allows scheduling the sending of emails on a specific date and time, also allowing repeated sending according to a specified interval. New is also scam detection and the Blogilo blogging tool has a new HTML editor.

Advanced text editor Kate introduces extended language support for Python (2 and 3), JavaScript and JQuery, Django and XML with static and dynamic autocompletion, indenting, code snippets and more. KTouch now comes with Right-to-left support, Okular has undo/redo in forms and annotations, KStars shows interesting events coming up in your area and the math tools and games have gotten new graphics, levels and calculations.

Other technologies

openSUSE 13.1 also brings the following key technologies to its users:

  • Qt 5.1.1
  • KWin Wayland backend (experimental)
  • QtWebkit 2.3.3
  • Lightdm KDE greeter The Light Display Manager (LightDM) is an alternative display manager. openSUSE 13.1 adds the relevant KDE support, allowing its use in place of KDM.
  • kdev-python kdev-python is a plugin adding Python support to the KDevelop IDE, offering code completion, on-the-fly syntax checking, interactive debugging and custom documentation of Python code.
KStars What's interesting
  • phonon-backend-vlc With the inclusion of the Video Lan multimedia Client (VLC) in the standard openSUSE distribution, we were able to build also the phonon backend for it. This as a very strong alternative for the gstreamer backend. With openSUSE 13.2 this could become the new standard backend for Phonon.
  • libkfbapi libkfbapi is a library which allows access to Facebook resources, integrated into the KDE PIM stack.
  • colord-kde
  • plasma-nm Plasma-nm is the upstream successor of the NetworkManager-kde4 package and will provide a better integration with Plasma and the new releases of NetworkManager and ModemManager. At this moment plasma-nm is still provided as an additional package with the target to fully replace NetworkManager-kde4 in openSUSE 13.2
  • KIO mtp is introduced so you can plug in your Android device and copy over your files easily.
  • In the KDE-extra repository you can find an early version of KDE connect offering android integration, allowing you to transfer files wirelessly to and from android devices, controling your computer from android and more.

GNOME

Systemtray improved
Classic mode

openSUSE 13.1 comes with the latest GNOME Shell 3.10.1 and its associated applications and tools. This release is very significant for the GNOME community, bringing a unified system status area, geolocation features, high-resolution display support and a collection of new and improved applications including Maps, Notes, Music and Photos.

Interface improvements

GNOME Shell 3.10 introduces a new system status area, bringing the various menus of the status bar together into a single design. This brings easier mouse interaction but also features a new screen brightness slider and a better airplane mode.

Several GNOME applications have been updated to merge titlebars and toolbars into a single element. Named Header Bars, this feature allows applications to make better use of screen space.

The settings have been improved, with an Automatic Time Zone option (thanks to the Geolocation feature), the Display section is redesigned, Online Accounts now incorporates chat, flickr and works with Google two-step verification and you can pick a background for the lock screen - from flickr, if you so desire.

GNOME Applications

The GNOME applications have seen significant work. Music is the brand new audio player for GNOME 3 and Technology Preview in 3.10. It provides a clean and focused interface for looking for and playing music. Support from online sources is planned for future versions.

The new Maps application shows your location based on OpenStreetMap data and lets you search for names of towns, cities and landmarks. Photos has matured, bringing Online Account integration with Flickr and other services coming. Clocks will detect your location thanks to GeoClue and Tweak Tool settings have been re-organized. Webbrowser Web gained integration with system search, allowing you to browse your history and now uses duckduckgo as default search engine. There have been many more improvements like owncloud integration in Documents and Notes, drag&drop of files between host and guest and an import feature for QEMU, VMWare, VirtualPC and LCL images in Boxes and DDjVu support, search sidebar and keyboard navigation support in Document viewer.

Xfce

XFCE has not seen major releases but introduces an alternate application launcher under the name Whisker Menu. The package is named xfce4-panel-plugin-whiskermenu and can be installed easily by command line, YaST or software.opensuse.org.

Enlightenment

Enlightenment has received the latest bugfix updates and improved openSUSE integration with a working openSUSE profile. e17 is now at 0.17.3 and the Enlightenment foundation libraries were updated to the 1.7.8 bugfix release.

Graphics

  • The Weston compositor has entered Factory. This represents experimental support for Wayland, the successor of Xorg (by the same developers). Support from this (equally experimental) is available from GNOME and KDE.
  • Xorg Server 1.14 brings a variety of small improvements and a bigger feature with "pointer barriers" which are used in GNOME and KDE for active screen corners.
  • Mesa 9.2.2 comes with a radeonsi driver for AMD's Southern Island Chips (Radeon HD 7000 Series)
  • Freetype 2.5.0.1 brings support for color embedded bitmaps (color emoji!) and a new parsing and hinting engine for CFF font contributed by Adobe with help from Google.

Input Methods

In this release we continued to work with upstream to cover as many locales as possible (India, Russian, Ukraine, Vietnam), brought some traditional IM engines back (eg: skk, a Japanese input method engine, was famous in SCIM era, we brought it back to ibus-skk and fcitx-skk), implemented some new features/input engines (eg: kkc, a brand-new Japanese input method engine introduced by Fedora 19, we not only packaged ibus-kkc but also "pushed" upstream to develop another brand-new fcitx-kkc) and finally proceeded the big movement: enable IBus integration with GNOME 3.10 by introducing the long-delayed IBus 1.5.

In openSUSE 13.1, you will have fcitx 4.2.8.3, which has a new industrial-standard default theme (made by us openSUSE developers), a new DBus-based systray which means, on KDE, you will see it in a Plasma workspace style, on GNOME, you should also see it in a native style like sound applet. New is also multiple quick-phrase support: it is totally up to you to decide whether to "quick input" emoji or math functions, those files never conflict with each other any more. And the Pinyin helper, fcitx-cloudpinyin, is now disabled by default in case someone outside China may take it as a security threat. fcitx-libpinyin now has a new dictionary manager, you can delete the less-used terms or maintain your own dictionary. fcitx-table-extra has a new T9 table to use on mobile phones eg Nokia N9 with Plasma Active. And there's also a fcitx-sogoupinyin in M17N repo, which is a wrapper to a close source input method engine which is famous on Windows. fcitx-pylogger, is also worth trying for free software lovers, it will "log" the wrong combinations you typed, later you can decide to submit it to fcitx upstream so they can develop a better guessing mechanism. And a new website webdict.info has been launched to make a dictionary from twitter/G+ Chinese posts, you can decide if a string is a word there, it's as amazing as Angry Bird!

There have been lots of noises all over the Internet about the IBus/GNOME marriage. In openSUSE 12.3 we didn't make that happen because at that time IBus 1.5 was totally unusable and GNOME upstream also implemented some childish limits in the UI part, which actually blocked user from getting what they actually need. But in this release we think they're now all grown up. 4 versions have passed for GNOME and IBus since then, and this integration has been throughly tested on Fedora for two releases. Compared the benefits to have this integration with the shortcomings to maintain an unmaintained version while fix GNOME, we think it's time to proceed. Actually IBus 1.5 has been testing in M17N:Devel repository for almost a year. Unfortunately, the upstream has not finished to implement IBus integration to desktop environments other than GNOME. In order to make IBus as useable as its 1.4 series, M17N team has imported patches from other distributions and implemented several new patches for openSUSE 13.1 in cooperation with IBus and its engines developers. In this release you will have IBus 1.5.4 and all its flavors.

GCIN and other M17N stuff have also received lots of normal bugfixes and enhancements.

New and updated applications

General utilities

  • lzip implements a LZMA-strength compression algorithm and a file format that is designed for long-term data archiving with 4-factor integrity checking, and recovery using lziprecover (something that xz does not have at this time). The multithreaded variant is called plzip. — http://www.nongnu.org/lzip/lzip.html

Browsers

Chromium & Firefox on 13.1
  • Firefox 24, Thunderbird 24 (nothing new though, since they get released to older openSUSEs as well on a regular basis)
  • Chromium 31 openSUSE 13.1 marks a new beginning of the Chromium package in openSUSE. As of 13.1, the Chromium package will follow closely the official Beta and Stable channels. With 13.1 one of the latest Beta builds (31.0.1650.11) is being provided and Maintenance released for the supported openSUSE versions will be based on releases in the Stable Channel. This should improve the overall stability of the Chromium browser.

Graphics and multimedia

Amarok in action
  • Amarok 2.8 openSUSE 13.1 provides latest Amarok package, bringing a new audio analyzer applet, smooth fade-out when pausing, better MusicBrainz tagging, better suspend support and lost of other features and bugfixes. MTP rewritten, so you can plug in your Android device and copy over your music.
  • gimp - nothing noteworthy
  • alsa-lib - too technical
  • inkscape - no change
  • k3b - no change
  • vim from 7.3 to 7.4 - big deal?

Two new applications useful for photographers:

Krita 2.7.4
Krita 13.1

Digital painting application Krita is included with version 2.7 in this release. The new version brings a series of improvements:

  • Rewritten and hugely improved transform tool.
  • New line smoothing method for inking.
  • Greyscale masks and selections.
  • support for new file formats include export to QML and a much improved import/export filter for photoshop PSD files.
  • support for the OpenColorIO colormanagement system (a standard in the movie and VFX studio area).
  • textured painting in most brushes and improved tools
  • much better performance and UI and usability improvements

In other news, commercial support for Krita was announced and there is now a Krita shop.

Office suites and Personal information applications

LibreOffice 13.1
  • The latest LibreOffice 4.1 release brings again a large number of additions and improvements such as:
    • General: improved hyphenation in Calc and Draw; delete multiple styles at once; lots fixes and improvements in the right-to-left (RTL) support; new gallery images from IBM Symphony; embedding fonts in Writer, Calc, and Impress documents; numerous improvements in the OOXML and RTF import/export filters; lots performance improvements
    • Writer: gradient background in text frames; graphical numbering bullets in DOC, DOCX and RTF import/export; several improvements in comments handling; easy rotate images in 90 degree increments
    • Calc: two new graph types; new functions NUMBERVALUE and SKEWP; import/export more than 45 functions that are new in Excel 2013; import large HTML documents with more than 64k table cells
    • Impress: "Photo Album" allows to create slideshows from a series of pictures
    • Experimental feature: sidebar from AOO/IBM Symphony with resizeable layout from LO team
Calligra Office 13.1
  • The latest Calligra 2.7.4 comes with:
    • a new look and functionality for the Words and Sheets toolbox and a series of smaller improvements.
    • Author has support for mathematical formulas and multimedia content in EPUB3.
    • Plan has improvements in the scheduling of tasks and new export filters.
    • Kexi improves CSV data import and Shapes has some new shapes.
    • All applications benefit from improvements to LaTEX support, formula handling and text styles.
  • abiword - nothing noteworthy
  • Gnummeric - nothing noteworthy

Systems Administration

Virtualization

KVM/QEMU

  • QEMU is an extremely well-performing CPU emulator that allows you to choose between simulating an entire system and running userspace binaries for different architectures under your native operating system. It currently emulates x86, ARM, PowerPC and SPARC CPUs as well as PC and PowerMac systems. As of this release the kvm package is mainly just a wrapper of the binaries provided by the qemu package, a change that reflects the complete support that QEMU now provides for KVM.

Xen

  • Xen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems with unprecedented levels of performance and resource isolation.
    • Updated to version 4.3
    • The xl/libxl toolstack is now the default toolstack in Xen. The legacy xm/xend toolstack has been deprecated upstream and will likely be removed in a future Xen release. To ease transition to the new toolstack, xm/xend is still available in the xen-xend-tools subpackage.
    • read more

libvirt

  • Libvirt is a C toolkit to interact with the virtualization capabilities of Linux. Virtualization of the Linux Operating System means the ability to run multiple instances of Operating Systems concurrently on a single hardware system where the basic resources are driven by a Linux instance. The library aims to provide long term stable C API to interact with Linux virtualization technologies.
    • Updated to version 1.1.2
    • The libvirt package has been split into several subpackages, allowing users to create a libvirtd specific to their needs. Previously, libvirtd was a monolithic daemon containing drivers for all supported hypervisors. Users can now install a hypervisor-specific libvirtd, reducing its dependencies, memory footprint, and attack surface. E.g. libvirt-daemon-qemu provides a libvirtd specific to a QEMU/KVM host. Similarly, libvirt-daemon-xen and libvirt-daemon-lxc provide a libvirtd stack specific to Xen and LXC respectively.
    • read more

Scientific

  • GNU R, a language for statistical computing, was upgraded to 3.0. This release marks a point where its designers feel it has reached a new level with full 64 bit support on all platforms, parallel processing, the Matrix package and more. Some features debuting in 3.0 include long vectors, better memory management and more, see the announcement for an overview.
  • Two new Open Source suites for electronic design automation are now available from the openSUSE 13.1 repositories:
    • gEDA
    • Kicad (version with GOST support is also available)

Web Stack

MySQL

Although not the default database, MySQL Community Server was updated to 5.6 branch which brings stronger encryption support, innoDB improvements for better performance and some new query features, improved partitioning, replicating and logging, optimizer enhancements, new data types and much more. Read the mysql 5.6 in a nutshell page for more details.

But what both MariaDB and MySQL can benefit from is cleaned up and improved default configuration based on what is in MySQL 5.6 (like file_per_table for InnoDB and Barracuda by default).

httpd

The new 2.4 release of Apache's httpd delivers many improvements to the Multiple Processing Modules including the ability to build them as loadable modules, asynchronous read/write support and more. There is now per-module and per-directory LogLevel configuration, a new expression parser and many improvements in performance and memory usage.

Cloud

This release comes with various cloud technologies including the latest Havana release from OpenStack, s3fs and more.

OpenStack Havana
OpenStack in action

OpenStack Havana is the eighth OpenStack release and the second this year. It brings almost 400 new features to its users. Some highlights include:

  • Global clusters support, expanding on the 'region' concept to support separate replication networks and configurable read- and write affinity. This makes it possible to now have a single Swift cluster spanning a wide geographic area
  • the Orchestration and Metering projects have been integrated, bringing automated, policy-based VM Management and monitoring and statistics gathering (enabling billing) support to OpenStack.
  • better disk performance through the use of threadpools for smoothing out latencies and other optimizations
  • pooling memcache connection support
  • conf.d support allows splitting up the configuration over several files in a folder
s3fs

s3fs is a FUSE filesystem that allows you to mount an Amazon S3 bucket as a local filesystem. It stores files natively and transparently in S3 (i.e., you can use other programs to access the same files). Maximum file size=64GB (limited by s3fs, not Amazon).

Development tools, IDEs, toolchain

IDEs and compilers

  • GCC 4.8
    • Better error reporting: Each diagnostic emitted now includes the original source line text and a caret '^' indicating the column.
    • initial aarch64 support
    • for more changes see here
  • LLVM 3.3
    • initial aarch64 support
  • automake 1.13.x — http://savannah.gnu.org/forum/forum.php?forum_id=7467
  • codelite 5.2 - C/C++ IDE, finally available in OSS repository.
  • mono 3.2.3 — Mono 3.0/Mono 3.2
    • complete C# 5.0 compiler with asynchronous programming support
    • sgen: a new faster garbage collector enabled by default
    • updated with the latest Microsoft Open Source Stacks

Languages and Libraries

  • Qt 5.1.1 and 4.8.5 First openSUSE release to ship with Qt 5.x. Both are bug fix releases. Qt 5.1.1 Released Qt 4.8.5 Released
  • Java (Based on OpenJDK 7 and IcedTea 7):several improvements and fixes IcedTea 2.4.1 for OpenJDK 7 Released!
  • PHP 5.4.20 brings performance improvements, some new language syntax and a build in testing server.
  • Perl 5.18 brings support for Unicode 6.2, new and improved hash functions and much more.
  • Python 2.7.5 and latest 3.3 are both available
  • Ruby 2.0 brings major new features such as:
    • Refinements
    • Keyword arguments
    • many improvements to core classes
    • regexp engine was changed to Onigmo
    • DTrace (SystemTap) support
    • TracePoint
    • The release is source level backward compatible with the Ruby release in openSUSE 12.3.
  • Rails 4
    • Strong Parameters
    • Turbolinks
    • Russian Doll Caching
    • read more
  • Tcl/Tk updated to 8.6.1
    • Tcl major new features:
      • threads enabled by default
      • coroutines
      • IPv6 support
      • built-in OOP witch TclOO
      • built-in zlib support
      • stacked channels
    • Tk major new features:
      • built-in PNG support
      • new portable fontchooser
      • canvas: commands to move items, rotate text
      • additional wm hints
    • more at [2] [3]
  • GHC 7.6 (but still Haskell Platform 2012.4)
  • Go 1.1 brings new types for Unicode characters and errors and new time package and renamings in the strconv package. The package hierarchy has been rearranged to group related items together, such as moving the networking facilities, for instance the rpc package, into subdirectories of net. Developers are strongly encouraged to read the release notes.
  • SDL2 is now part of openSUSE 13.1. For game developers here is the migration guide. End users will benefit, once applications are ported, from full 3D hardware acceleration, support for openGL 3.0+ and ES, multiple-window- display- and audio device support, a 2D rendering API which uses OpenGL(ES) behind the scenes, Force Feedback, shaped windows, power management, touch support, improved full-screen support, clipboard support, drag'n'drop support and much more.
  • Racket is a newcomer in openSUSE. Lisp dialect, descendant of Scheme, set of tools and a place where one can start learning programming, we'd urge you to check out How to Design Programs so your journey to programmer can begin!

Security

  • The kernel.kptr_restrict=1 feature was enabled, which avoids leaking address space information into userland [4]. Hiding information about kernel memory addresses makes it harder for attackers to reliably exploit kernel security vulnerabilities.
  • hardlink and symlink protection is enabled by default now (fs.protected_hardlinks=1 resp fs.protected_symlinks=1, [5]). That makes it harder for attackers to trick sloppy programmed applications into unintentionally corrupting or changing permissions of files owned by other users.
  • OpenVAS was updated from dead v4 to v6 read more here
  • Due to the inclusion of cryptsetup 1.6, the default cipher mode for new LUKS volumes is now XTS (aes-xts-plain64). Old volumes using CBC-ESSIV (aes-cbc-essiv) are still supported.