Other Sites

9to5Linux

First Look at Ubuntu Lomiri: Ubuntu Touch’s Mobile Desktop Arrives on PC

For those not in the know, Lomiri is the continuation of the Unity 8 desktop environment that Canonical, the maker of the Ubuntu distribution, abandoned a few years ago along with their Ubuntu Touch mobile OS. The UBports Foundation took over the development of Ubuntu Touch and turned Unity 8 into Lomiri.

Ubuntu 24.04 Official Flavors Are Now Available for Download, Here’s What’s New

Ubuntu 24.04’s official flavors include Kubuntu 24.04, Xubuntu 24.04, Lubuntu 24.04, Ubuntu Unity 24.04, Ubuntu Cinnamon 24.04, Edubuntu 24.04, Ubuntu Studio 24.04, Ubuntu MATE 24.04, Ubuntu Budgie 24.04, and Ubuntu Kylin 24.04.

Ubuntu 24.04 LTS ‘Noble Numbat’ Is Now Available for Download, Here’s What’s New

Powered by Linux kernel 6.8, Ubuntu 24.04 LTS features the latest GNOME 46 desktop environment, an all-new graphical firmware update tool called Firmware Updater, Netplan 1.0 for state-of-the-art network management, updated Ubuntu font, support for the deb822 format for software sources, increased vm.max_map_count for better gaming, and Mozilla Thunderbird as a Snap by default.

QEMU 9.0 Released with Raspberry Pi 4 Support, LoongArch KVM Acceleration

Highlights of QEMU 9.0 include multi-queue support for the virtio-blk block driver allowing different queues of a single disk to be processed by different I/O threads, the ability to concurrently handle preallocation of memory backends using multiple threads in some cases, and support for the “mapped-ram” capability allowing for more efficient virtual machine snapshots, checkpoint-restart support for VFIO, and improved support for zero-page detection.

LinuxGizmos.com

ADLINK Launches Innovative A380E Graphics Card Featuring Intel Arc GPU

ADLINK Technology Inc. has unveiled the EGX-PCIE-A380E graphics card, integrated with the Intel Arc A380E GPU. This new card is specifically designed to enhance commercial gaming and edge AI applications, supported by compatibility with the OpenVino toolkit.

OpenSSH 9.1 released (UPDATED)

posted by Roy Schestowitz on Oct 04, 2022,
updated Oct 05, 2022

OpenSSH 9.1 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.


OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.


Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html


Changes since OpenSSH 9.0
=========================


This release is focused on bug fixing.


Security
========


This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.


 * ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
   Reported by Qualys


 * ssh-keygen(1): double free() in error path of file hashing step in
   signing/verify code; GHPR333


 * ssh-keysign(8): double-free in error path introduced in openssh-8.9


Potentially-incompatible changes
--------------------------------


 * The portable OpenSSH project now signs commits and release tags
   using git's recent SSH signature support. The list of developer
   signing keys is included in the repository as .git_allowed_signers
   and is cross-signed using the PGP key that is still used to sign
   release artifacts:
   https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc


 * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
   are now first-match-wins to match other directives. Previously
   if an environment variable was multiply specified the last set
   value would have been used. bz3438


 * ssh-keygen(8): ssh-keygen -A (generate all default host key types)
   will no longer generate DSA keys, as these are insecure and have
   not been used by default for some years.


New features
------------


 * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
   RSA key length. Keys below this length will be ignored for user
   authentication and for host authentication in sshd(8). 


   ssh(1) will terminate a connection if the server offers an RSA key
   that falls below this limit, as the SSH protocol does not include
   the ability to retry a failed key exchange.


 * sftp-server(8): add a "users-groups-by-id@openssh.com" extension
   request that allows the client to obtain user/group names that
   correspond to a set of uids/gids.


 * sftp(1): use "users-groups-by-id@openssh.com" sftp-server
   extension (when available) to fill in user/group names for
   directory listings.


 * sftp-server(8): support the "home-directory" extension request
   defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
   a bit with the existing "expand-path@openssh.com", but some other
   clients support it.


 * ssh-keygen(1), sshd(8): allow certificate validity intervals,
   sshsig verification times and authorized_keys expiry-time options
   to accept dates in the UTC time zone in addition to the default
   of interpreting them in the system time zone. YYYYMMDD and
   YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
   with a 'Z' character.


   Also allow certificate validity intervals to be specified in raw
   seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
   is intended for use by regress tests and other tools that call
   ssh-keygen as part of a CA workflow. bz3468


 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
   "/usr/libexec/sftp-server -el debug3"


 * ssh-keygen(1): allow the existing -U (use agent) flag to work
   with "-Y sign" operations, where it will be interpreted to require
   that the private keys is hosted in an agent; bz3429


Bugfixes
--------


 * ssh-keygen(1): implement the "verify-required" certificate option.
   This was already documented when support for user-verified FIDO
   keys was added, but the ssh-keygen(1) code was missing.


 * ssh-agent(1): hook up the restrict_websafe command-line flag;
   previously the flag was accepted but never actually used.


 * sftp(1): improve filename tab completions: never try to complete
   names to non-existent commands, and better match the completion
   type (local or remote filename) against the argument position
   being completed.


 * ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key
   handling, especially relating to keys that request
   user-verification. These should reduce the number of unnecessary
   PIN prompts for keys that support intrinsic user verification.
   GHPR302, GHPR329


 * ssh-keygen(1): when enrolling a FIDO resident key, check if a
   credential with matching application and user ID strings already
   exists and, if so, prompt the user for confirmation before
   overwriting the credential. GHPR329


 * sshd(8): improve logging of errors when opening authorized_keys
   files. bz2042


 * ssh(1): avoid multiplexing operations that could cause SIGPIPE from
   causing the client to exit early. bz3454


 * ssh_config(5), sshd_config(5): clarify that the RekeyLimit
   directive applies to both transmitted and received data. GHPR328


 * ssh-keygen(1): avoid double fclose() in error path.


 * sshd(8): log an error if pipe() fails while accepting a
   connection. bz3447


 * ssh(1), ssh-keygen(1): fix possible NULL deref when built without
   FIDO support. bz3443


 * ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage.
   GHPR294.


 * sshd(8): ensure that authentication passwords are cleared from
   memory in error paths. GHPR286


 * ssh(1), ssh-agent(1): avoid possibility of notifier code executing
   kill(-1). GHPR286


 * ssh_config(5): note that the ProxyJump directive also accepts the
   same tokens as ProxyCommand. GHPR305.


 * scp(1): do not not ftruncate(3) files early when in sftp mode. The
   previous behaviour of unconditionally truncating the destination
   file would cause "scp ~/foo localhost:foo" and the reverse
   "scp localhost:foo ~/foo" to delete all the contents of their
   destination. bz3431


 * ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is
   unable to load a private key; bz3429


 * sftp(1), scp(1): when performing operations that glob(3) a remote
   path, ensure that the implicit working directory used to construct
   that path escapes glob(3) characters. This prevents glob characters
   from being processed in places they shouldn't, e.g. "cd /tmp/a*/",
   "get *.txt" should have the get operation treat the path "/tmp/a*"
   literally and not attempt to expand it.


 * ssh(1), sshd(8): be stricter in which characters will be accepted
   in specifying a mask length; allow only 0-9. GHPR278


 * ssh-keygen(1): avoid printing hash algorithm twice when dumping a
   KRL


 * ssh(1), sshd(8): continue running local I/O for open channels
   during SSH transport rekeying. This should make ~-escapes work in
   the client (e.g. to exit) if the connection happened to have
   stalled during a rekey event.


 * ssh(1), sshd(8): avoid potential poll() spin during rekeying


 * Further hardening for sshbuf internals: disallow "reparenting" a
   hierarchical sshbuf and zero the entire buffer if reallocation
   fails. GHPR287


Portability
-----------


 * ssh(1), ssh-keygen(1), sshd(8): automatically enable the built-in
   FIDO security key support if libfido2 is found and usable, unless
   --without-security-key-builtin was requested.


 * ssh(1), ssh-keygen(1), sshd(8): many fixes to make the WinHello
   FIDO device usable on Cygwin. The windows://hello FIDO device will
   be automatically used by default on this platform unless requested
   otherwise, or when probing resident FIDO credentials (an operation
   not currently supported by WinHello).


 * Portable OpenSSH: remove workarounds for obsolete and unsupported
   versions of OpenSSL libcrypto. In particular, this release removes
   fallback support for OpenSSL that lacks AES-CTR or AES-GCM.


   Those AES cipher modes were added to OpenSSL prior to the minimum
   version currently supported by OpenSSH, so this is not expected to
   impact any currently supported configurations.


 * sshd(8): fix SANDBOX_SECCOMP_FILTER_DEBUG on current Linux/glibc


 * All: resync and clean up internal CSPRNG code.


 * scp(1), sftp(1), sftp-server(8): avoid linking these programs with
   unnecessary libraries. They are no longer linked against libz and
   libcrypto. This may be of benefit to space constrained systems
   using any of those components in isolation.


 * sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox
   architectures.


 * configure: remove special casing of crypt(). configure will no
   longer search for crypt() in libcrypto, as it was removed from
   there years ago. configure will now only search libc and libcrypt.


 * configure: refuse to use OpenSSL 3.0.4 due to potential RCE in its
   RSA implementation (CVE-2022-2274) on x86_64.


 * All: request 1.1x API compatibility for OpenSSL >=3.x; GHPR#322


 * ssh(1), ssh-keygen(1), sshd(8): fix a number of missing includes
   required by the XMSS code on some platforms.


 * sshd(8): cache timezone data in capsicum sandbox.


Checksums:
==========


- SHA1 (openssh-9.1.tar.gz) = 3ae2d6a3a695d92778c4c4567dcd6ad481092f6c
- SHA256 (openssh-9.1.tar.gz) = QKfVArlcItV+e8V1Th85TL5//5d/AvOUhYOeHMDEGuE=


- SHA1 (openssh-9.1p1.tar.gz) = 15545440268967511d3194ebf20bcd0c7ff3fcc9
- SHA256 (openssh-9.1p1.tar.gz) = GfhQCcfj4jeH8CNvuxV4OSq01L+fjsX+a8HNfov90og=


Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available from the mirror sites:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc


Reporting Bugs:
===============


- Please read https://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

UPDATE

A couple of reference pages:

Announce: OpenSSH 9.1 released

OpenSSH 9.1 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly.
OpenSSH 9.1/9.1p1 (2022-10-04)

This release contains fixes for three minor memory safety problems. None are believed to be exploitable, but we report most memory safety problems as potential security vulnerabilities out of caution.

Other Recent Tux Machines' Posts

QEMU 9.0 Released with Raspberry Pi 4 Support, LoongArch KVM Acceleration: QEMU 9.0 open-source virtualization software is now available for download with various improvements for ARM, RISC-V, HPPA, and LoongArch architectures.
Audacity 3.5 Released with Cloud Saving, Beat Detection, Pitch Shifting, and More: Audacity 3.5 open-source digital audio editor and recording application software has been released today as a major update adding several new features and various improvements.
LWN Articles About Linux (Kernel): 4 new articles, now outside the paywall
Fedora Linux 40 Officially Released with Linux Kernel 6.8, Here’s What’s New: Fedora Linux 40 distribution has been officially released and it’s now available for download powered by the latest Linux 6.8 kernel series and featuring the GNOME 46 and KDE Plasma 6 desktop environments.
Microsoft Layoffs Again: Studio shut down
Kubernetes v1.30: Uwubernetes: new release
Windows 11 Start Menu ads - now coming to a PC near you: After spending some time in the preview build, Windows 11 Start menu ads are now rolling out to all users of Microsoft's operating system
Games: Steam Deck, Proton Experimental, Dead Island 2, and More: 11 picks for today
Elektrobit Unveils EB corbos Linux To Augment Advanced Automotive Functions: The open-source framework enhances transparency, flexibility, and security, and significantly reduces time to market by up to 50% through accelerated development cycles, offering substantial cost savings.
GNU ed 1.20.2 released: This release is also GPG signed
First Look at Ubuntu Lomiri: Ubuntu Touch’s Mobile Desktop Arrives on PC: Ubuntu Unity maintainer Rudra Saraswat informs 9to5Linux today about the availability for public testing of the first ISO images of what looks like a new Ubuntu flavor, Ubuntu Lomiri.
Upgrade to Ubuntu 24.04 "Noble Numbat" From Ubuntu 22.04: Here are the complete steps and precautions you need to take before upgrading to Ubuntu 24.04 LTS "Noble Numbat" from Ubuntu 22.04 LTS "Jammy Jellyfish".
Managing to-do lists on the command line with Taskwarrior: Getting started with Taskwarrior is straightforward
Sailfish OS, GNU/Linux, and More: today's leftovers
Games: Steam, Horizon Forbidden West, and More: 7 stories from gamingonlinux
Free, Libre, and Open Source Software Leftovers: Education focus
Open Hardware: Arduino, Raspberry Pi, and More: Some devices and gadgets with Linux favouritism
Programming Leftovers: Programming and a little more
Ubuntu 24.04 Official Flavors Are Now Available for Download, Here’s What’s New: As part of today’s release of Ubuntu 24.04 LTS (Noble Numbat), all the official Ubuntu flavors have been updated to the same version and, in this article, you can learn about their new features and improvements.
Security Leftovers and Windows TCO: Windows TCO still an under-reported issue
Fedora / Red Hat / Alma / IBM Leftovers: the RHEL and Fedora universe
today's howtos: a second batch for today
Ubuntu 24.04 LTS ‘Noble Numbat’ Is Now Available for Download, Here’s What’s New: Canonical released today Ubuntu 24.04 LTS (Noble Numbat) as the latest version of its popular Linux-based operating system featuring some of the latest GNU/Linux technologies and Open Source software.
Android Leftovers: Best Android FRP Bypass Tools for PC [Free Download 2024]
Raspberry Pi CM4S module gets 2GB, 4GB, and 8GB RAM variants for commercial products: The main downside is that the modules can only be purchased in bulk (200-unit boxes) through Raspberry Pi Approved Resellers
Berlin mega-sprint recap: So I thought I’d share what we did
Clapper Video Player for Linux Gets First Update in 2 Years: A new version of Clapper, a GTK4-based video player for Linux desktop has been released
Nginx 1.26 Released with Experimental HTTP/3 Support: Nginx 1.26 web server debuts with HTTP/3 experimental support, per-server HTTP/2, advanced stream modules, and more
Ronetix launches NXP i.MX93 SoMs in SMARC and OSM-L form factors: Software – Yocto, Linux Kernel, U-BOOT
IBASE ISR500 fanless Edge AI computer and digital signage player features MediaTek Genio 510 or 700 SoC: IBASE offers DIN rail and wall mounting options and provides Android 13 and Yocto 5.15-based Linux images for the MediaTek Genio 510/700-powered Edge AI computer
IPFire 2.29 - Core Update 185 released: I am happy to announce that we finally have a new release of IPFire
Best Free and Open Source: Digital Audio Workstations, and Find and Delete Duplicate Files: Here’s our verdict captured in a legendary LinuxLinks-style ratings chart
Free and Open Source Softwares: This is free and open source software
Today in Techrights: Some of the latest articles
Forget Windows Emulation, These Game Stores Sell Native Linux Games: Ditch Windows emulation and dive into the world of seamless Linux gaming!
What role community plays in free software and more -- Interview with David Wilson: I've been using GNU/Linux since around 1997 when I installed Slackware Linux for the first time
IBM Wants to Buy Microsoft Partner of the Year: bad move
Programming Leftovers: a handful of coding related links
today's leftovers: Software and devices
Red Hat, AlmaLinux, and Fedora: IBM, RHEL etc.
Security Leftovers and Windows TCO, Microsoft DRM Failing: roundup of security news
Mozilla: More Rust and Firefox Nightly: 3 Mozilla related posts
What’s new in security for Ubuntu 24.04 LTS?: We’re excited about the upcoming Ubuntu 24.04 LTS release, Noble Numbat
NetBSD 9.4 released: The NetBSD Project is pleased to announce NetBSD 9.4
TrueNAS SCALE 24.04 Rolls Out with Enhanced SMB and NFS Monitoring: TrueNAS SCALE 24.04 (Dragonfish) open storage introduces auditing, sandboxing for devs, and enhanced SMB performance
Red Hat Satellite 6.15 is now available: We are pleased to announce the availability of Red Hat Satellite 6.15
New Updates in PCLinuxOS: Some PCLinuxOS patches of interest
OSMC's April update is here with Kodi v20.5: finalised our support for Kodi v21 and this will be the final release of Kodi v20
today's howtos: only a half dozen for now
Ruby Tackles CVE-2024-27282: newly patched reeleases
Android Leftovers: Lock screen ads could be coming to your Android phone
Slimbook Fedora 2 Laptops Launch with Fedora Linux 40 Workstation: Linux hardware vendor Slimbook and the Fedora Project announced today the launch of the Slimbook Fedora 2 laptops as the first portable computers to ship with the latest Fedora Linux 40 release pre-installed.
today's howtos: a longish batch for noon
PowerDevil in Plasma 6.0 and beyond: Thus started a journey into the code of Plasma's power management service, internally known as PowerDevil
Notifications in 46 and beyond: One of the things we’re tackling as part of the STF infrastructure initiative is improving notifications
EndeavourOS Gemini Lands with the KDE Plasma 6 Desktop Environment: The EndeavourOS team announced today the release and general availability for download of EndeavourOS Gemini as the latest stable version and the first release of the Arch Linux-based distro to feature the latest KDE Plasma 6 desktop environment.
Tails 6.2 Anonymous Linux OS Improves Mitigation of Spectre v4 Vulnerability: The Tails project released today Tails 6.2 as the second update to the latest Tails 6.x series of this security-focused Debian-based live system for preserving Internet privacy and anonymity.
Linux can finally run your car’s safety systems and driver-assistance features: There's a new Linux distro on the scene today, and it's a bit specialized
BIGTREETECH Pi 2 SBC and CB2 module for 3D printers now feature Rockchip RK3566 SoC with Gigabit Ethernet: The BTT Pi 1 runs the CB1 image based on Debian 11, Linux 5.16, and Klipper open-source 3D printer software
Linux Candy: Fantascene – dynamic wallpaper: We only feature open source software in this series
Linux Distributions: wattOS is a simple, minimal, and fast Linux distribution.It’s based on Debian
Unmanned Ground Vehicle Rover for Raspberry Pi 4 & 5 SBCs: This open-source platform is geared towards robotics and navigation applications
today's leftovers: 4 links for now
Microsoft Digital Restrictions (DRM) and Windows TCO (Security Incidents): Microsoft doing its damage, still
Games: Trackline Express, Swarm Grinder 1.0, OpenXR in Godot Engine Improved, KILLBEAT, and More: 7 stories from gamingonlinux
today's howtos and software: only a handful for now
Upgrade to Fedora 40 from Fedora 39 Workstation (GUI and CLI): Here are the upgrade steps for the new Fedora 40 release from the earlier Fedora 39 workstation version.
For the First Time, GNU/Linux ('Proper') Crosses 4% in Taiwan According to statCounter [original]: all-time high
Today in Techrights: Some of the latest articles
Canonical Extends LTS Support to 12 Years: Ubuntu’s long-term support releases just got even longer, with Canonical today announcing they are eligible for up to 12 years of security coverage from initial release
Blaming "Linux" for Intel Defects: As usual
today's leftovers: 4 misc. links
Contributing is more than just code (and more): Programming centric posts
Open Hardware/Modding: ESP32 and Open Home Foundation: 3 new stories
Fedora, Red Hat, IBM, and Canonical/Ubuntu: Private companies in community clothing
Security Leftovers: Security related stories
Audiocasts/Shows: Destination Linux and Late Night Linux: a couple of new episodes
Applications: Fwupd, Shell Wrapper for sudo, and GNU Parallel 20240422: 3 stories for now
Linux Kernel and Graphics Stack: 3 stories
Security Fix in Istio (ISTIO-SECURITY-2024-003): On ISTIO-SECURITY-2024-003
Andreas Tille Is the New Debian Project Leader: After democratically held elections, Jonathan Carter stepped down as the Debian project leader, passing the role to Andreas Tille
today's howtos: second howtos batch for the day
PostgreSQL: pgdsat v1.1 and E-Maj 4.4.0 released: psql releases
today's leftovers: a mixture or FOSS and GNU/Linux/BSD news
Open Hardware/Modding: Arduino, Adafruit, Raspberry Pi, Purism, and More: Some devices and hardware news
Software: A Look at Dool and QSoas 3.3: a couple of FOSS picks
today's howtos: only 4 howtos for now (much more later today)
Android Leftovers: Alphabet enhances YouTube integration with Android TV feature
Windows TCO: The cost of relying on Microsoft
EdgeDB 5.0 Launches with Branching Functionality: EdgeDB 5.0 graph-relational database introduces branching functions to align database and code branches for efficient schema changes
APT is Getting a Colourful New UI — And It Looks GREAT: I think most of us are familiar with the way that APT, the package management tool underpinning Ubuntu and all other Debian-based Linux distributions, looks and behaves
Mozilla Seeks Feedback for Firefox Nightly ARM64 (AArch64) Binaries on Linux: The wait is almost over for those who want to download the Firefox web browser as binaries for the ARM64 (AArch64) architecture on Linux.
Best Free and Open Source: CLI Linux Time Trackers, JSON Tools, and GUI ebook Readers: Only free and open source software is eligible for inclusion
Louder Raspberry Pi is an open-source home media center that is powered by Raspberry Pi Zero and a TI TAS5805M DAC: Louder Raspberry Pi is an open-source home media center based on a combination of the Raspberry Pi Zero W or Zero 2 W and the Texas Instruments TAS5805M DAC
Free and Open Source Softwares: This is free and open source software
Collections of Different Linux Distributions: Because Linux is an open source operating system, combinations of software vary between Linux distros
Announcing AlmaLinux 9.4 Beta!: The AlmaLinux OS Foundation is announcing the availability of AlmaLinux 9.4 Beta “Seafoam Ocelot” for all supported architectures
Tux Machines Party 7 Weeks From Now (Our 20th Anniversary), Celebrating Software Freedom [original]: There's widespread recognition these days that proprietary cannot be trusted
Windows Falls to 6% Market Share in Africa's (by Far) Biggest Population [original]: market share of Windows continues to decrease in Nigeria
Fedora 40 is just around the corner with more spins and flavors than ever: KDE edition has the most conspicuous changes, and could become future flagship
Today in Techrights: Some of the latest articles