Security updates have been issued by Debian (krb5), Fedora (galera, mariadb, and mingw-python3), Red Hat (389-ds:1.4, kernel, kernel-rt, kpatch-patch, krb5, and usbguard), Scientific Linux (krb5), Slackware (kernel), SUSE (binutils, dbus-1, exiv2, freerdp, git, java-1_8_0-ibm, kernel, libarchive, libdb-4_8, libmspack, nginx, opencc, python, python3, rxvt-unicode, sudo, supportutils, systemd, vim, and webkit2gtk3), and Ubuntu (bind9, gnutls28, libsamplerate, linux-gcp-5.4, perl, pixman, shadow, and sysstat).

As of late, concerns about the future of Twitter have caused many of its users to seek alternatives. Amid this upheaval, an open-source microblogging service called Mastodon has received a great deal of attention. Mastodon is not reliant on any single company or central authority to run its servers; anyone can run their own. Servers communicate with each other, allowing people on different servers to send each other messages and follow each other's posts. Mastodon doesn't just talk to itself, though; it can exchange messages with anything that speaks the ActivityPub protocol. There are many such implementations, so someone who wants to deploy their own microblogging service enjoys a variety of choices.

Asahi Lina gives a detailed update on progress toward a graphics driver for Apple M1 hardware.

There is still a long road ahead! The UAPI that we are using right now is still a prototype, and there are a lot of new features that need to be added or redesigned in order to support a full Vulkan driver in the future. Since Linux mandates that the UAPI needs to remain stable and backwards compatible across versions (unlike macOS), that means that the kernel driver will not be heading upstream for many months, until we have a more complete understanding of the GPU rendering parameters and have implemented all the new design features needed by Vulkan.

Lucien Cartier-Tilet looks forward to the upcoming Emacs 29 release.

In case you didn’t know, Emacs’ current syntax highlighting is currently based on a system of regexes. Although it is not the worst thing to use, it’s not the best either, and it can become quite slow on larger files.

TreeSitter parses programming languages based into a concrete syntax tree. From there, not only can syntax highlighting can be done at high speed, but a much deeper analysis of the code is possible and actions such sa syntax manipulation can also be achieved since the syntax tree itself is available as an object which can be manipulated!

Security updates have been issued by Debian (frr, gerbv, mujs, and twisted), Fedora (nodejs and python-virtualbmc), Oracle (dotnet7.0, kernel, kernel-container, krb5, varnish, and varnish:6), SUSE (busybox, python3, tiff, and tomcat), and Ubuntu (harfbuzz).

The BPF subsystem, which allows code to be loaded into the kernel from user space and safely executed in the kernel context, is bound to create a number of challenges for the kernel as a whole. One might not think that allocating memory for BPF programs would be high on the list of problems, but life (and memory management) can be surprising. The attempts to do a better job of providing space for compiled BPF code have, to date, only been partially successful; now Song Liu is back with a new approach to finish the job.

FFmpeg is an indispensable tool for working with audio and video streams, but it can be challenging to learn to use well. FFmpeg — The Ultimate Guide, posted by Csaba Kopias, can help. "This guide covers the ins and outs of FFmpeg starting with fundamental concepts and moving to media transcoding and video and audio processing providing practical examples along the way."

Security updates have been issued by Debian (chromium, commons-configuration2, graphicsmagick, heimdal, inetutils, ini4j, jackson-databind, and varnish), Fedora (drupal7-i18n, grub2, kubernetes, and python-slixmpp), Mageia (botan, golang, kernel, kernel-linus, radare2/rizin, and xterm), Red Hat (krb5, varnish, and varnish:6), SUSE (busybox, chromium, erlang, exiv2, firefox, freerdp, ganglia-web, java-1_8_0-openj9, nodejs12, nodejs14, opera, pixman, python3, sudo, tiff, and xen), and Ubuntu (libice and shadow).

The 6.1-rc7 kernel prepatch has been released for testing.

There is really nothing here that makes me at all worried, except that it's just a bit more than I'm comfortable with. It should just have slowed down more by now.

As a result, I'm now pretty sure that this is going to be one of those "we'll have an extra week and I'll make an rc8" releases. Which then in turn means that now the next merge window will be solidly in the holiday season.

Greg Kroah-Hartman has released the 5.10.156, 5.4.225, 4.19.267, 4.14.300, and 4.9.334 stable kernels. As usual, they contain important fixes throughout the kernel tree.

Update: 6.0.10 and 5.15.80 were released on November 26.

Security updates have been issued by Fedora (firefox), Mageia (dropbear, freerdp, java, libx11, and tumbler), Slackware (ruby), SUSE (erlang, grub2, libdb-4_8, and tomcat), and Ubuntu (exim4, jbigkit, and tiff).

Security updates have been issued by Debian (vim), Fedora (drupal7-context, drupal7-link, firefox, xen, xorg-x11-server, and xorg-x11-server-Xwayland), Oracle (container-tools:ol8, device-mapper-multipath, dotnet7.0, firefox, hsqldb, keylime, podman, python3.9, python39:3.9, thunderbird, and xorg-x11-server), SUSE (exiv2-0_26, keylime, libarchive, net-snmp, nginx, opensc, pixman, python-joblib, strongswan, and webkit2gtk3), and Ubuntu (expat, imagemagick, mariadb-10.3, mariadb-10.6, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04, xwayland).

The 4.19.266 stable kernel update has been released; it consists entirely of backported fixes for speculative-execution vulnerabilities.

Security updates have been issued by Debian (heimdal, libarchive, and nginx), Fedora (varnish-modules and xterm), Red Hat (firefox), Scientific Linux (firefox, hsqldb, and thunderbird), SUSE (Botan, colord, containerized-data-importer, ffmpeg-4, java-1_8_0-ibm, krb5, nginx, redis, strongswan, tomcat, and xtrabackup), and Ubuntu (apr-util, freerdp2, and sysstat).

For those who are waiting for Linux on Apple hardware, the Asahi Linux project has put out a detailed report on progress toward a working kernel and distribution.

This kind of safety model is not new: it is already commonplace on Android phones, where it is usually implemented in DSP firmware. But of course, the desktop Linux ecosystem doesn’t even have a speaker EQ database framework yet, nevermind safety models! The eternal lagging behind of Linux audio strikes again. What’s the plan? While this isn’t settled yet, our current idea is to implement the safety model in a stand-alone daemon that captures the voltage/current feedback data from the ALSA device, and drives the mixer volume itself as as means of implementing soft power limits, together with some kind of “safety watchdog interlock” with the kernel that only enables higher volume limits when the daemon is active and running

The Document Foundation has announced the hiring of a quality-assurance analyst, bringing its staff up to 13 people.

A lot of my time will be spent on triaging the issues users report on Bugzilla – our bug-reporting platform. There is a lot of activity on Bugzilla, and classifying and testing the reports is fundamental for us to focus on the most pressing issues, help the work developers are doing, and keep improving the software for everyone! Part of the work will also be to analyse and summarise the wealth of data available to help us see the bigger picture and make better decisions when allocating resources.

Security updates have been issued by Debian (ntfs-3g), Fedora (krb5 and samba), Gentoo (firefox-bin, ghostscript-gpl, pillow, sudo, sysstat, thunderbird-bin, and xterm), Red Hat (firefox, hsqldb, and thunderbird), SUSE (cni, cni-plugins, and krb5), and Ubuntu (isc-dhcp and sqlite3).

Security updates have been issued by Debian (graphicsmagick and krb5), Fedora (dotnet6.0, js-jquery-ui, kubernetes, and xterm), Gentoo (php and postgresql), Mageia (php-pear-CAS, sysstat, varnish, vim, and x11-server), Red Hat (thunderbird), SUSE (389-ds, binutils, dpkg, firefox, frr, grub2, java-11-openjdk, java-17-openjdk, kernel, kubevirt stack, libpano, nodejs16, openjpeg, php7, php74, pixman, python-Twisted, python39, rubygem-loofah, sccache, sudo, thunderbird, tor, and tumbler), and Ubuntu (flac, git, linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4, linux-gcp, linux-gcp-4.15, and linux-gcp-5.15, linux-gke-5.15, linux-intel-iotg, linux-raspi).

The 6.1-rc6 kernel prepatch is out for testing.

I'm still waffling about whether there will be an rc8 or not, leaning a bit towards it happening. We'll see - it will make the 6.2 merge window leak into the holidays, but maybe that's fine and just makes people make sure they have everything lined up and ready *before* the merge window opens, the way things _should_ work.

Even a single kernel oops is never a good thing; it is an indication that something has gone badly wrong in the system somewhere and a straightforward recovery is not possible. But it seems that oopsing a large number of times has the potential to be even worse. To head off problems that might result from repeated oopsing, there is currently work afoot to put an upper limit on the number of times that the kernel can be allowed to oops before just giving up and rebooting.