Distribution release Ubuntu 24.04 LTS

The distribution has been released Ubuntu 24.04 "Noble Numbat", which is categorized as a long-term support (LTS) release, for which updates are generated over 12 years (5 years for the public, plus another 7 years for service users) Ubuntu Pro). Installation images are created for Ubuntu desktop, Ubuntu Server, Lubuntu, Kubuntu, Ubuntu Mate, Ubuntu Budgie, Ubuntu Studio, Xubuntu, UbuntuKylin (China edition), Ubuntu Unity, Edubuntu и Ubuntu Cinnamon.

Major changes:

• The desktop has been updated to the release of GNOME 46, which added a global search function, improved performance of the file manager and terminal emulators, added experimental support for the VRR (Variable Refresh Rate) mechanism, improved output quality for fractional scaling, expanded capabilities for connecting to external services, updated configurator and improved notification system. GTK uses a new rendering engine that is based on the Vulkan API. The Cheese camera app has been replaced by GNOME Snapshot.
• Core Linux updated to version 6.8.
• Updated versions of GCC 14-pre, LLVM 18, Python 3.12, OpenJDK 21 (OpenJDK 8, 11 and 17 are optionally available), Rust 1.75, Go 1.22, .NET 8, PHP 8.3.3, Ruby 3.2.3, binutils 2.42, glibc 2.39.
• Updated user applications: Firefox 124 (built with Wayland support), LibreOffice 24.2, Thunderbird 115, Ardour 8.4.0, OBS Studio 30.0.2, Audacity 3.4.2, Transmission 4.0, digiKam 8.2.0, Kdenlive 23.08.5, Krita 5.2.2 .3.0.20, VLC XNUMX.
• Subsystems updated: Mesa 24.0.3, systemd 255.4, BlueZ 5.72, Cairo 1.18, NetworkManager 1.46, Pipewire 1.0.4, Poppler 24.02, xdg-desktop-portal 1.18.
• Server packages updated: Nginx 1.24, Apache httpd 2.4.58, Samba 4.19, Exim 4.97, Clamav 1.0.0, Chrony 4.5, containerd 1.7.12, LXD 5.21.0, Django 4.2.11, Docker 24.0.7, Dovecot 2.3.21. 11.1, GlusterFS 2.8.5, HAProxy 2.4.1, Kea DHCP 10.0.0, libvirt 5.9.4, NetSNMP 2.6.7, OpenLDAP 12.3.5, open-vm-tools 16.2, PostgreSQL 1.1.12, Runc 8.2.1, QEMU 4.0.0 .6.6, SpamAssassin 2.9.4, Squid 2.1.6, SSSD 2024.1, Pacemaker 19.2.0, OpenStack 3.3.0, Ceph 24.03, Openvswitch XNUMX, Open Virtual Network XNUMX.
• The Thunderbird email client now only comes in snap format. The Thunderbird DEB package contains a stub for installing the snap package.
• The installer has been modernized ubuntu-desktop-installer, which is now being developed as part of a larger project ubuntu-desktop-provision and renamed to ubuntu-desktop-bootstrap. The essence of the new project is to split the installer into stages performed before installation (disk partitioning and package copying) and during the first system boot (initial system configuration). The installer is written in Dart, uses the Flutter framework for building the user interface, and is implemented as an add-on to the low-level curtin installer, which is already used in the Subiquity installer used in Ubuntu Server.

  Among the changes in the new installer, there is an improved interface design, the addition of a page for specifying the URL for downloading the autoinstall.yaml automated installation script, and the ability to change the default behavior and design style through the configuration file. Added support for updating the installer itself - if a new version is available at an early stage of installation, a request to update the installer is now issued.

  In the installer Ubuntu Desktop uses the minimal installation mode by default. To install additional programs, such as LibreOffice and Thunderbird, you must select the advanced installation mode. The installer also highlights features added in the previous release. Ubuntu 23.10, such as support for the ZFS file system and the ability to encrypt disks without requiring a disk unlock password at boot, thanks to storing decryption key information in the TPM (Trusted Platform Module).

  
• Improved new application manager Ubuntu App Center, written in Dart using the Flutter framework and responsive layout techniques to work correctly on screens of all sizes. Ubuntu The Store implements a combined interface for working with DEB and Snap packages (if the same program is packaged in both DEB and Snap formats, Snap is selected by default). It allows you to search and navigate the snapcraft.io package catalog and connected DEB repositories, manage the installation, removal, and updates of applications, and install individual DEB packages from local files. The app uses a rating system, replacing the five-point rating scale with a like/dislike (+1/-1) vote, which is used to generate a virtual five-star rating.

  Ubuntu The App Center replaces the old Snap Store interface. Compared to Ubuntu On October 23.10, a new application category was added: Games (GNOME games were removed from the distribution). A separate interface for updating firmware, Firmware Updater, was introduced, available for systems based on the amd64 and arm64 architectures, allowing firmware updates without running a full-fledged application manager in the background.

  
• Similar to the changes in Arch Linux and Fedora Linux, the sysctl parameter vm.max_map_count, which determines the maximum number of memory mapping areas available to a process, has been increased by default from 65530 to 1048576. The change improves compatibility with Windows- games launched through Wine (for example, with the old value, DayZ, Hogwarts Legacy, Counter Strike 2, Star Citizen and THE FINALS did not launch), and resolved some performance issues with memory-intensive applications.
• Access to user namespaces for unprivileged users has been restricted, which will improve the security of systems using container isolation from vulnerabilities that require manipulation of the user namespace to exploit. Ubuntu A hybrid blocking scheme has been implemented, selectively allowing certain programs to create user namespaces if they have an AppArmor profile with the "allow usernames create" rule or the CAP_SYS_ADMIN permission. For example, profiles have been created for Chrome and Discord, which use user namespaces for process sandboxing.
• When building packages, compiler options are enabled by default to make exploiting vulnerabilities more difficult. In gcc and dpkg, the “-D_FORTIFY_SOURCE=3” mode is enabled by default, which detects possible buffer overflows when executing string functions defined in the string.h header file. The difference from the previously used “_FORTIFY_SOURCE=2” mode comes down to additional checks. Theoretically, additional checks can lead to reduced performance, but in practice, the SPEC2000 and SPEC2017 tests showed no differences and there were no complaints from users during the testing process about the decrease in performance.
• Apparmor is enabled by default to allow any application to access GnuTLS and OpenSSL library configuration files. Previously, selective provisioning resulted in problems that were difficult to diagnose due to the lack of error output when configuration files could not be accessed.
• The pptpd and bcrelay packages have been removed due to potential security issues and deprecation of the underlying codebases. The PAM module pam_lastlog.so, which does not solve the 2038 problem, has also been removed.
• Added "-mbranch-protection=standard" flag to dpkg to enable execution protection on ARM64 systems for instruction sets that should not be branched to (ARMv8.5-BTI - Branch Target Indicator). Blocking transitions to arbitrary sections of code is implemented to prevent the creation of gadgets in exploits that use return-oriented programming techniques (ROP - Return-Oriented Programming).
• For applications using gnutls, support for the TLS 1.0, TLS 1.1, and DTLS 1.0 protocols, which were officially deprecated by the Internet Engineering Task Force (IETF) three years ago, has been forcibly disabled. A similar change was implemented for openssl in Ubuntu 20.04.
• 1024-bit RSA keys used by APT to verify repositories by digital signature have been deprecated and disabled. Ubuntu As of April 24.04, repositories must be signed with RSA keys of at least 2048 bits, or Ed25519 and Ed448 keys. Since 1024-bit RSA keys continue to be used in some PPA repositories, such keys are not currently blocked, but a warning is displayed. This warning will eventually be replaced with an error message.
• The APT package manager has changed the priority for the "proposed pocket" repository, which pre-tests new versions of packages before they are released to the main repositories for the general public. The change is aimed at reducing the likelihood of automated installation of unstable updates, if the “proposed pocket” repository is enabled, which can lead to system malfunction. After enabling the “proposed pocket”, all updates will no longer be transferred from it, but the user will be able to selectively install updates to the necessary packages using the “apt install /-proposed” command.
• The irqbalance service, which distributes hardware interrupt handling across different CPU cores, has been discontinued by default. Currently, the kernel's native handler distribution mechanisms are sufficient in most situations. LinuxUsing irqbalance may be justified in certain situations, but only if properly configured by the administrator. Furthermore, in certain configurations, irqbalance can cause problems, such as when used in virtualization systems, and can also interfere with manual configuration of parameters affecting power consumption and latency.
• Network configuration is supported by the release of Netplan 1.0, which stores settings in YAML format and provides backends that abstract configuration access for NetworkManager and systemd-networkd. The new version adds the ability to simultaneously use WPA2 and WPA3, adds support for Mellanox VF-LAG network devices with SR-IOV (Single-Root I/O Virtualization), and implements the "netplan status --diff" command for visually assessing the differences between the actual settings and the configuration files. Ubuntu Desktop has NetworkManager enabled as the default configuration backend.
• Active Directory Certificate Auto Enrollment (ADSys) is enabled, allowing for automatic certificate acquisition from Active Directory services when group policies are enabled. Automatic certificate acquisition via Active Directory also applies when connecting to corporate wireless networks and VPN.
• In the Apport package used in Ubuntu To automate application crash handling, integration with systemd-coredump has been implemented for handling crashes. The coredumpctl utility can now be used to analyze core dumps.
• The basic package includes applications for performance analysis, process tracing and system health monitoring. In particular, the procps, sysstat, iproute2, numactl, bpfcc-tools, bpftrace, perf-tools-unstable, trace-cmd, nicstat, ethtool, tiptop and sysprof packages have been added, which are combined into the performance-tools meta-package.
• Active repository settings have been converted to use the deb822 format and moved from /etc/apt/sources.list to /etc/apt/sources.list.d/ubuntu.sources.
• Services are now restarted after installing updates to their associated libraries, even if the updates are installed automatically in unattended-upgrade mode. To prevent the service from automatically restarting after an update, add it to the override_rc section in the /etc/needrestart/needrestart.conf file.
• The work of the Power Profiles Manager has been improved, adding support for new hardware power management mechanisms available in AMD processors, and also adding the ability to use different optimization drivers. When working in offline mode, the optimization level is automatically increased.
• The fprintd package and the libfprint library have been updated to include support for additional fingerprint scanning devices.
• A thinner version of the font is used UbuntuTo return the old system font, you can install the fonts- package.ubuntu-classic.
• Added support for the QAT (QuickAssist Technology) accelerator built into Intel processors, which offers tools to speed up calculations used in compression and encryption. To use Intel QAT, the packages included are qatlib 24.02.0, qatengine 1.5.0, qatzip 1.2.0, ipp-crypto 2021.10.0 and intel-ipsec-mb 1.5-1.
• Packages for the 32-bit Armhf architecture have been converted to use the 64-bit time_t type. The change affected more than a thousand packages. The previously used 32-bit time_t type cannot be used to handle times later than January 19, 2038, due to the overflow of the seconds counter since January 1, 1970.
• Updated assemblies for Raspberry Pi 5 (server and user) and StarFive VisionFive 2 (RISC-V) boards.
• В Ubuntu Cinnamon uses the Cinnamon 6.0 user environment with initial support for Wayland.
• In assembly Ubuntu for the WSL subsystem (Windows Subsystem for Linux) Added support for transferring settings using cloud-init.
• In Xubuntu Delivery of the environment based on Xfce 4.18 has continued.
• В Ubuntu Mate continues to ship the MATE 1.26.2 desktop environment (the 1.28 branch is already available in the MATE repository, but has not yet been officially announced). A new installer is used, similar to the one offered in Ubuntu Desktop. GNOME Firmware is now used for updating firmware, replacing the Firmware Updater app, and App Center has been added to manage app installations instead of Software Boutique. The MATE Welcome app has been discontinued.
• В Ubuntu Budgie uses the Budgie 10.9 desktop environment. Many applets and widgets have been updated. A new configuration tool, Budgie Control Center, is available. GNOME Software has been replaced with App-Center for application management. Pulseaudio has been replaced with Pipewire. Some default applications have been replaced, such as GNOME-Calculator → Mate Calc, GNOME System Monitor → Mate System Monitor, Evince → Atril, GNOME Font Viewer → font-manager, Cheese → guvcview, Celluloid → Parole, Rhythmbox → Lollypop + Goodvibes + gpodder. GNOME-Calendar, GNOME System Monitor, and GNOME Screenshot have been removed from the default distribution.
• In Kubuntu KDE Plasma 5.27.11, KDE Frameworks 5.115, and KDE Gear 23.08 continue to ship by default. KDE 6 will be offered in the fall release of Kubuntu 24.10. Logo and color scheme updated.
• In Lubuntu The installer based on the Calamares framework has been improved. A page has been added for configuring installation parameters, such as installing available updates, installing codecs and proprietary drivers, and installing additional programs. Minimal, Full, and Normal installation modes have been added. A first-boot screen has been added, allowing you to configure the language and wireless network connection, as well as choose whether to launch the installer or switch to Live mode. A Bluetooth Manager and an SDDM display manager settings editor have been added. The desktop environment has been updated to LXQt 1.4.
• В Ubuntu Studio utility added Ubuntu Studio Audio Configuration for configuring PipeWire settings. A new installer is used, similar to the one offered in Ubuntu Desktop. Added a meta-package for installing programs useful for music education, such as FMIT, GNOME Metronome, Minuet, MuseScore, Piano Booster, and Solfege.

Source: opennet.ru