The 6.1.1, 6.0.15, 5.15.85, and 5.10.161 stable kernel updates have been released. Each contains a relatively small set of important fixes.

Security updates have been issued by Debian (xorg-server), Fedora (samba, snakeyaml, thunderbird, xorg-x11-server, and xrdp), Slackware (libksba and sdl), and SUSE (cni, cni-plugins, java-1_7_1-ibm, kernel, openssl-3, and supportutils).

ActivityPub-enabled microblogs are gaining popularity as a replacement for Twitter, but ActivityPub is for more than just microblogging. Many other popular services also have open-source alternatives that speak ActivityPub. Proprietary services operated by commercial interests usually deliberately limit interoperability, but users of any ActivityPub-enabled service should be able to communicate with each other, even if they are using different services. This promise of interoperability is often limited in practice, though; while ActivityPub specifies how multiple types of content can be published, the kinds of content that can be displayed or interacted with vary from project to project.

Version 2.4.0 of the GNU Privacy Guard has been released. "Exactly 25 years ago the very first release of GnuPG was published. We are pleased to take this opportunity to announce the availability of a new stable GnuPG release: version 2.4.0." Changes in this release include full support for the key database daemon, some performance improvements, a change to AES256 as the default cipher, and much more.

Security updates have been issued by Fedora (mujs) and SUSE (kernel and thunderbird).

Linux Mint has announced the release of version 21.1 of the distribution in three editions: Cinnamon (what's new), MATE (what's new), and Xfce (what's new). Mint 21.1 is based on Ubuntu 22.04 and uses kernel version 5.15. Linux Mint 21.1 is a long term support release which will be supported until 2027. It comes with updated software and brings refinements and many new features to make your desktop even more comfortable to use.

The memfd interface is a bit of a strange and Linux-specific beast; it was initially created to support the secure passing of data between cooperating processes on a single system. It has since gained other roles, but it may still come as a surprise to some to learn that memory regions created for memfds, unlike almost any other data area, have the execute permission bit set. That can facilitate attacks; this patch set from Jeff Xu proposes an addition to the memfd API to close that hole.

Greg Kroah-Hartman has announced the release of the 6.0.14, 5.15.84, 5.10.160, and 5.4.228 stable kernels. They contain a relatively small number of important fixes throughout the tree.

Security updates have been issued by Debian (chromium and thunderbird), Fedora (keylime, libarchive, libtasn1, pgadmin4, rubygem-nokogiri, samba, thunderbird, wireshark, and xorg-x11-server-Xwayland), Gentoo (curl, libreoffice, nss, unbound, and virtualbox), Mageia (advancecomp, couchdb, firefox, freerdp, golang, heimdal, kernel, kernel-linus, krb5, leptonica, libetpan, python-slixmpp, thunderbird, and xfce4-settings), Oracle (firefox, nodejs:16, and thunderbird), Scientific Linux (firefox and thunderbird), Slackware (samba), SUSE (chromium and kernel), and Ubuntu (linux-oem-5.17).

Version 4.0.0 of the Apache SpamAssassin spam filter has been released.

Apache SpamAssassin 4.0.0 contains numerous tweaks and bug fixes over the past releases. In particular, it includes major changes that significantly improve the handling of text in international language.

As with any major release, there are countless functional patches and improvements to upgrade to 4.0.0. Apache SpamAssassin 4.0.0 includes several years of fixes that significantly improve classification and performance. It has been thoroughly tested in production systems. We strongly recommend upgrading as soon as possible.

Version 5.0.0 of the OCaml programming language is out.

The highlight of this new major version of OCaml is the long-awaited runtime support for shared memory parallelism and effect handlers. This multicore support is the culmination of more than 8 years of effort, and required a full rewrite of the OCaml runtime environment. Consequently, OCaml 5.0.0 is expected to be a more experimental version of OCaml than the usual OCaml releases.

Shadow stacks are one of the methods employed to enforce control-flow integrity and thwart attackers; they are a mechanism for fine-grained, backward-edge protection. Most of the time, applications are not even aware that shadow stacks are in use. As is so often the case, though, life gets more complicated when the Checkpoint/Restore in Userspace (CRIU) mechanism is in use. Not breaking CRIU turns out to be one of the big challenges facing developers working to get user-space shadow-stack support into the kernel.

Security updates have been issued by Debian (firefox-esr, libde265, php7.3, and thunderbird), Fedora (firefox, freeradius, freerdp, and xorg-x11-server), Oracle (firefox, prometheus-jmx-exporter, and thunderbird), Red Hat (firefox, nodejs:16, prometheus-jmx-exporter, and thunderbird), and SUSE (ceph and chromium).

Version 4.18 of the Xfce desktop environment has been released.

Since Xfce 4.16 a lot of major development happened. Our team added multiple nice new features, did a gazillion of bug fixes and did various minor improvements. Finally, all that is going to be released for your pleasure.

See the announcement for a long list of new features.

Once upon a time, Linus Torvalds would try to set a pace of about 1,000 changesets pulled into the mainline each day during the early part of the merge window. For 6.2, though, the situation is different; no less than 9,278 non-merge changesets were pulled during the first two days. Needless to say, these commits affect the kernel in numerous ways, even though there are fewer fundamental changes than were seen in 6.1.

Security updates have been issued by Debian (firefox-esr and git), Slackware (mozilla and xorg), SUSE (apache2-mod_wsgi, capnproto, xorg-x11-server, xwayland, and zabbix), and Ubuntu (emacs24, firefox, linux-azure, linux-azure-5.15, linux-azure-fde, linux-oem-6.0, and xorg-server, xorg-server-hwe-18.04, xwayland).

Ted Ts'o, in collaboration with the Linux Foundation Technical Advisory Board, has put together a document called the Linux kernel contribution maturity model to help companies improve their participation in the kernel development process.

The goal is to encourage, in a management-friendly way, companies to allow their engineers to contribute with the upstream Linux Kernel development community, so we can grow the "talent pipeline" for contributors to become respected leaders, and eventually kernel maintainers.

The 6.0.13, 5.15.83, 5.10.159, 5.4.227, 4.19.269, 4.14.302, and 4.9.336 stable kernel updates have all been released; each contains another set of important fixes.

The LWN.net Weekly Edition for December 15, 2022 is available.

A report from the syzbot kernel fuzz-testing robot does not usually spawn a vitriolic mailing-list thread, but that is just what happened recently. While the invective is regrettable, the underlying issue is important. The dispute revolves around how best to report bugs to affected subsystems and, ultimately, how not to waste maintainers' time.