lwn.net

Security updates have been issued by Debian (frr, gerbv, mujs, and twisted), Fedora (nodejs and python-virtualbmc), Oracle (dotnet7.0, kernel, kernel-container, krb5, varnish, and varnish:6), SUSE (busybox, python3, tiff, and tomcat), and Ubuntu (harfbuzz).

The BPF subsystem, which allows code to be loaded into the kernel from user space and safely executed in the kernel context, is bound to create a number of challenges for the kernel as a whole. One might not think that allocating memory for BPF programs would be high on the list of problems, but life (and memory management) can be surprising. The attempts to do a better job of providing space for compiled BPF code have, to date, only been partially successful; now Song Liu is back with a new approach to finish the job.

FFmpeg is an indispensable tool for working with audio and video streams, but it can be challenging to learn to use well. FFmpeg — The Ultimate Guide, posted by Csaba Kopias, can help. "This guide covers the ins and outs of FFmpeg starting with fundamental concepts and moving to media transcoding and video and audio processing providing practical examples along the way."

Security updates have been issued by Debian (chromium, commons-configuration2, graphicsmagick, heimdal, inetutils, ini4j, jackson-databind, and varnish), Fedora (drupal7-i18n, grub2, kubernetes, and python-slixmpp), Mageia (botan, golang, kernel, kernel-linus, radare2/rizin, and xterm), Red Hat (krb5, varnish, and varnish:6), SUSE (busybox, chromium, erlang, exiv2, firefox, freerdp, ganglia-web, java-1_8_0-openj9, nodejs12, nodejs14, opera, pixman, python3, sudo, tiff, and xen), and Ubuntu (libice and shadow).

The 6.1-rc7 kernel prepatch has been released for testing.

There is really nothing here that makes me at all worried, except that it's just a bit more than I'm comfortable with. It should just have slowed down more by now.

As a result, I'm now pretty sure that this is going to be one of those "we'll have an extra week and I'll make an rc8" releases. Which then in turn means that now the next merge window will be solidly in the holiday season.

Greg Kroah-Hartman has released the 5.10.156, 5.4.225, 4.19.267, 4.14.300, and 4.9.334 stable kernels. As usual, they contain important fixes throughout the kernel tree.

Security updates have been issued by Fedora (firefox), Mageia (dropbear, freerdp, java, libx11, and tumbler), Slackware (ruby), SUSE (erlang, grub2, libdb-4_8, and tomcat), and Ubuntu (exim4, jbigkit, and tiff).

Security updates have been issued by Debian (vim), Fedora (drupal7-context, drupal7-link, firefox, xen, xorg-x11-server, and xorg-x11-server-Xwayland), Oracle (container-tools:ol8, device-mapper-multipath, dotnet7.0, firefox, hsqldb, keylime, podman, python3.9, python39:3.9, thunderbird, and xorg-x11-server), SUSE (exiv2-0_26, keylime, libarchive, net-snmp, nginx, opensc, pixman, python-joblib, strongswan, and webkit2gtk3), and Ubuntu (expat, imagemagick, mariadb-10.3, mariadb-10.6, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, xwayland).

The 4.19.286 stable kernel update has been released; it consists entirely of backported fixes for speculative-execution vulnerabilities.

Security updates have been issued by Debian (heimdal, libarchive, and nginx), Fedora (varnish-modules and xterm), Red Hat (firefox), Scientific Linux (firefox, hsqldb, and thunderbird), SUSE (Botan, colord, containerized-data-importer, ffmpeg-4, java-1_8_0-ibm, krb5, nginx, redis, strongswan, tomcat, and xtrabackup), and Ubuntu (apr-util, freerdp2, and sysstat).

For those who are waiting for Linux on Apple hardware, the Asahi Linux project has put out a detailed report on progress toward a working kernel and distribution.

This kind of safety model is not new: it is already commonplace on Android phones, where it is usually implemented in DSP firmware. But of course, the desktop Linux ecosystem doesn’t even have a speaker EQ database framework yet, nevermind safety models! The eternal lagging behind of Linux audio strikes again. What’s the plan? While this isn’t settled yet, our current idea is to implement the safety model in a stand-alone daemon that captures the voltage/current feedback data from the ALSA device, and drives the mixer volume itself as as means of implementing soft power limits, together with some kind of “safety watchdog interlock” with the kernel that only enables higher volume limits when the daemon is active and running

The Document Foundation has announced the hiring of a quality-assurance analyst, bringing its staff up to 13 people.

A lot of my time will be spent on triaging the issues users report on Bugzilla – our bug-reporting platform. There is a lot of activity on Bugzilla, and classifying and testing the reports is fundamental for us to focus on the most pressing issues, help the work developers are doing, and keep improving the software for everyone! Part of the work will also be to analyse and summarise the wealth of data available to help us see the bigger picture and make better decisions when allocating resources.

Security updates have been issued by Debian (ntfs-3g), Fedora (krb5 and samba), Gentoo (firefox-bin, ghostscript-gpl, pillow, sudo, sysstat, thunderbird-bin, and xterm), Red Hat (firefox, hsqldb, and thunderbird), SUSE (cni, cni-plugins, and krb5), and Ubuntu (isc-dhcp and sqlite3).

Security updates have been issued by Debian (graphicsmagick and krb5), Fedora (dotnet6.0, js-jquery-ui, kubernetes, and xterm), Gentoo (php and postgresql), Mageia (php-pear-CAS, sysstat, varnish, vim, and x11-server), Red Hat (thunderbird), SUSE (389-ds, binutils, dpkg, firefox, frr, grub2, java-11-openjdk, java-17-openjdk, kernel, kubevirt stack, libpano, nodejs16, openjpeg, php7, php74, pixman, python-Twisted, python39, rubygem-loofah, sccache, sudo, thunderbird, tor, and tumbler), and Ubuntu (flac, git, linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4, linux-gcp, linux-gcp-4.15, and linux-gcp-5.15, linux-gke-5.15, linux-intel-iotg, linux-raspi).

The 6.1-rc6 kernel prepatch is out for testing.

I'm still waffling about whether there will be an rc8 or not, leaning a bit towards it happening. We'll see - it will make the 6.2 merge window leak into the holidays, but maybe that's fine and just makes people make sure they have everything lined up and ready *before* the merge window opens, the way things _should_ work.

Even a single kernel oops is never a good thing; it is an indication that something has gone badly wrong in the system somewhere and a straightforward recovery is not possible. But it seems that oopsing a large number of times has the potential to be even worse. To head off problems that might result from repeated oopsing, there is currently work afoot to put an upper limit on the number of times that the kernel can be allowed to oops before just giving up and rebooting.

Libre Arts looks at the GIMP as the 3.0 release approaches.

Releases like this are too rare to disregard and thus all the more to treasure. In one swift motion the team is doing away with floating selections and bringing strokes/outlines for text. But this has been a bumpy road

The Register looks at the discussion around the GNU Tools Infrastructure proposal.

Sourceware, a volunteer group that has been supporting various critical FOSS developer tools for more than two decades, is being courted by The Linux Foundation's Open Source Security Foundation (OpenSSF). The OpenSSF aims to improve open source software security by providing Sourceware projects with more modern IT infrastructure.

But some members of the Sourceware community fear that accepting the help of the OpenSSF would give the corporate Linux world more leverage over FOSS developer tools. They would prefer to seek support from the Software Freedom Conservancy, a charitable non-profit that they believe is better aligned with software freedom.

LWN covered this discussion back in September.

Security updates have been issued by Debian (asterisk, firefox-esr, php-phpseclib, phpseclib, python-django, and thunderbird), Fedora (grub2, samba, and thunderbird), Mageia (firefox, sudo, systemd, and thunderbird), Slackware (freerdp), SUSE (firefox, go1.18, go1.19, kernel, openvswitch, python-Twisted, systemd, and xen), and Ubuntu (expat, git, multipath-tools, unbound, and webkit2gtk).

The merge window for the 6.1 release brought in basic support for writing kernel code in Rust — with an emphasis on "basic". It is possible to create a "hello world" module for 6.1, but not much can be done beyond that. There is, however, a lot more Rust code for the kernel out there; it's just waiting for its turn to be reviewed and merged into the mainline. Miguel Ojeda has now posted the next round of Rust patches, adding to the support infrastructure in the kernel.