Tux Machines

Do you waddle the waddle?

Other Sites

9to5Linux

Mozilla Firefox 124 Is Now Available for Download, Here’s What’s New

Mozilla Firefox 124 looks like a small update that only updates the Caret Browsing mode to also work in the PDF viewer and adds support for the Screen Wake Lock API to prevent devices from dimming or locking the screen when an application needs to keep running.

4MLinux 45.0 Released with Linux Kernel 6.6 LTS, New Printing Drivers

Coming more than three and a half months after 4MLinux 44.0, which was powered by the Linux 6.1 LTS kernel series, the 4MLinux 45.0 release ships with a new long-term supported kernel, namely Linux 6.6 LTS. The Linux 6.6.18 kernel is included by default in the ISO images, along with the Mesa 23.3 graphics stack.

9to5Linux Weekly Roundup: March 17th, 2024

I want to thank all the people who sent us donations. Your help is very much appreciated! I also want to thank you all for your continued support by commenting, liking, sharing, and boosting the articles, following us on social media, and last but not least for sending tips and suggestions.

You Can Now Install Linux Kernel 6.8 on Ubuntu, Here’s How

Linux kernel 6.8 was released on March 10th, 2024. It introduces new features like LAM (Linear Address Masking) virtualization and guest-first memory support for KVM, support for the Broadcom BCM2712 processor in Raspberry Pi 5, zswap writeback disabling, fscrypt support for CephFS, a new Intel Xe DRM driver, as well as numerous other new and updated drivers for better hardware support.

Internet Society

What Governments Can Learn from Canada when Regulating Online Harms

The Government of Canada introduced Bill C-63, the Online Harms Act, on 26 February 2024. As the name implies, the Bill seeks to address certain harms that people see online through various public platforms.

LinuxGizmos.com

AAEON’s Multi-PoE Fanless Appliance for Embedded In-Vehicle Solutions

Today, AAEON unveiled the VPC-5640S, a multi-PoE and fanless appliance, specifically designed for the embedded in-vehicle solutions market. This versatile device supports various 12th Gen Intel Core processors and is compatible with up to 64GB of DDR5 memory.

OpenSSH 9.1 released (UPDATED)

posted by Roy Schestowitz on Oct 04, 2022,
updated Oct 05, 2022

OpenSSH 9.1 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: https://www.openssh.com/donations.html
Changes since OpenSSH 9.0 =========================
This release is focused on bug fixing.
Security ========
This release contains fixes for three minor memory safety problems. None are believed to be exploitable, but we report most memory safety problems as potential security vulnerabilities out of caution.
* ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing. Reported by Qualys
* ssh-keygen(1): double free() in error path of file hashing step in signing/verify code; GHPR333
* ssh-keysign(8): double-free in error path introduced in openssh-8.9
Potentially-incompatible changes --------------------------------
* The portable OpenSSH project now signs commits and release tags using git's recent SSH signature support. The list of developer signing keys is included in the repository as .git_allowed_signers and is cross-signed using the PGP key that is still used to sign release artifacts: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
* ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438
* ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years.
New features ------------
* ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8).
ssh(1) will terminate a connection if the server offers an RSA key that falls below this limit, as the SSH protocol does not include the ability to retry a failed key exchange.
* sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids.
* sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings.
* sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it.
* ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character.
Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468
* sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3"
* ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429
Bugfixes --------
* ssh-keygen(1): implement the "verify-required" certificate option. This was already documented when support for user-verified FIDO keys was added, but the ssh-keygen(1) code was missing.
* ssh-agent(1): hook up the restrict_websafe command-line flag; previously the flag was accepted but never actually used.
* sftp(1): improve filename tab completions: never try to complete names to non-existent commands, and better match the completion type (local or remote filename) against the argument position being completed.
* ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key handling, especially relating to keys that request user-verification. These should reduce the number of unnecessary PIN prompts for keys that support intrinsic user verification. GHPR302, GHPR329
* ssh-keygen(1): when enrolling a FIDO resident key, check if a credential with matching application and user ID strings already exists and, if so, prompt the user for confirmation before overwriting the credential. GHPR329
* sshd(8): improve logging of errors when opening authorized_keys files. bz2042
* ssh(1): avoid multiplexing operations that could cause SIGPIPE from causing the client to exit early. bz3454
* ssh_config(5), sshd_config(5): clarify that the RekeyLimit directive applies to both transmitted and received data. GHPR328
* ssh-keygen(1): avoid double fclose() in error path.
* sshd(8): log an error if pipe() fails while accepting a connection. bz3447
* ssh(1), ssh-keygen(1): fix possible NULL deref when built without FIDO support. bz3443
* ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage. GHPR294.
* sshd(8): ensure that authentication passwords are cleared from memory in error paths. GHPR286
* ssh(1), ssh-agent(1): avoid possibility of notifier code executing kill(-1). GHPR286
* ssh_config(5): note that the ProxyJump directive also accepts the same tokens as ProxyCommand. GHPR305.
* scp(1): do not not ftruncate(3) files early when in sftp mode. The previous behaviour of unconditionally truncating the destination file would cause "scp ~/foo localhost:foo" and the reverse "scp localhost:foo ~/foo" to delete all the contents of their destination. bz3431
* ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is unable to load a private key; bz3429
* sftp(1), scp(1): when performing operations that glob(3) a remote path, ensure that the implicit working directory used to construct that path escapes glob(3) characters. This prevents glob characters from being processed in places they shouldn't, e.g. "cd /tmp/a*/", "get *.txt" should have the get operation treat the path "/tmp/a*" literally and not attempt to expand it.
* ssh(1), sshd(8): be stricter in which characters will be accepted in specifying a mask length; allow only 0-9. GHPR278
* ssh-keygen(1): avoid printing hash algorithm twice when dumping a KRL
* ssh(1), sshd(8): continue running local I/O for open channels during SSH transport rekeying. This should make ~-escapes work in the client (e.g. to exit) if the connection happened to have stalled during a rekey event.
* ssh(1), sshd(8): avoid potential poll() spin during rekeying
* Further hardening for sshbuf internals: disallow "reparenting" a hierarchical sshbuf and zero the entire buffer if reallocation fails. GHPR287
Portability -----------
* ssh(1), ssh-keygen(1), sshd(8): automatically enable the built-in FIDO security key support if libfido2 is found and usable, unless --without-security-key-builtin was requested.
* ssh(1), ssh-keygen(1), sshd(8): many fixes to make the WinHello FIDO device usable on Cygwin. The windows://hello FIDO device will be automatically used by default on this platform unless requested otherwise, or when probing resident FIDO credentials (an operation not currently supported by WinHello).
* Portable OpenSSH: remove workarounds for obsolete and unsupported versions of OpenSSL libcrypto. In particular, this release removes fallback support for OpenSSL that lacks AES-CTR or AES-GCM.
Those AES cipher modes were added to OpenSSL prior to the minimum version currently supported by OpenSSH, so this is not expected to impact any currently supported configurations.
* sshd(8): fix SANDBOX_SECCOMP_FILTER_DEBUG on current Linux/glibc
* All: resync and clean up internal CSPRNG code.
* scp(1), sftp(1), sftp-server(8): avoid linking these programs with unnecessary libraries. They are no longer linked against libz and libcrypto. This may be of benefit to space constrained systems using any of those components in isolation.
* sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox architectures.
* configure: remove special casing of crypt(). configure will no longer search for crypt() in libcrypto, as it was removed from there years ago. configure will now only search libc and libcrypt.
* configure: refuse to use OpenSSL 3.0.4 due to potential RCE in its RSA implementation (CVE-2022-2274) on x86_64.
* All: request 1.1x API compatibility for OpenSSL >=3.x; GHPR#322
* ssh(1), ssh-keygen(1), sshd(8): fix a number of missing includes required by the XMSS code on some platforms.
* sshd(8): cache timezone data in capsicum sandbox.
Checksums: ==========
- SHA1 (openssh-9.1.tar.gz) = 3ae2d6a3a695d92778c4c4567dcd6ad481092f6c - SHA256 (openssh-9.1.tar.gz) = QKfVArlcItV+e8V1Th85TL5//5d/AvOUhYOeHMDEGuE=
- SHA1 (openssh-9.1p1.tar.gz) = 15545440268967511d3194ebf20bcd0c7ff3fcc9 - SHA256 (openssh-9.1p1.tar.gz) = GfhQCcfj4jeH8CNvuxV4OSq01L+fjsX+a8HNfov90og=
Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). The PGP key used to sign the releases is available from the mirror sites: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
Reporting Bugs: ===============
- Please read https://www.openssh.com/report.html Security bugs should be reported directly to openssh@openssh.com

UPDATE

A couple of reference pages:

Other Recent Tux Machines' Posts

Singapore and Malaysia: GNU/Linux Up to 6% of Desktops/Laptops, According to statCounter [original]
When we looked at Malaysia a couple of weeks ago it was at 4.5%
DBOS Introduced
DBOS as in DB OS
Open Hardware and Linux Gadgets
Raspberry Pi, RP2040, and More
today's howtos
mostly linuxmadesimple from the past week
 
Today in Techrights
Some of the latest articles
Mozilla Firefox 124 Is Now Available for Download, Here’s What’s New
The Mozilla Firefox 124 open-source and cross-platform web browser is now available for download ahead of its official unveiling on March 19th, 2024, so it’s time to take a closer look at the new features and improvements.
LibreELEC (Omega) 12 Beta1
LibreELEC 12 Beta1 has released, bringing Kodi (Omega) v21.0.
4MLinux 45.0 Released with Linux Kernel 6.6 LTS, New Printing Drivers
Zbigniew Konojacki announced the release and general availability of 4MLinux 45.0 as a new stable and major release of his independent GNU/Linux distribution using the lightweight JWM (Joe’s Window Manager) graphical environment.
Remi Pi is a compact, low-cost SBC powered by a Renesas RZ/G2L Cortex-A55/M33 SoC
MYiR Tech provides a Linux 5.10.83-based image built with the Yocto Project and plans to release Ubuntu and Debian images soon along with open-source drivers
today's leftovers
a mix of news
Kernel: EasyOS and More
3 Linux articles
VKD3D-Proton version 2.12
new release
Programming Leftovers
coding links
9to5Linux Weekly Roundup: March 17th, 2024
The 179th installment of the 9to5Linux Weekly Roundup is here for the week ending on March 17th, 2024.
You Can Now Install Linux Kernel 6.8 on Ubuntu, Here’s How
Linux 6.8 is now the latest stable kernel and Ubuntu users can now install it on their machines via Canonical’s Ubuntu Mainline Kernel PPA archive.
today's howtos
some morning howtos
GNU Octave 9.1.0 Released
GNU Octave version 9.1.0 has been released and is now available for download
Some Raspberry Pi 5 boards can be overclocked up to 3.14 GHz (and run just fine)
The Raspberry Pi 5 is advertised as a single board computer with a CPU clocked up to 2.4 GHz
Android Leftovers
Qualcomm Snapdragon 8s Gen 3 chip launched for flagship Android devices
Test improvement – More and better tests for LibreOffice
One of the areas that can help LibreOffice
How to Connect your mobile phone to Linux Mint with KDE Connect – Linux Mint 21.3 edition
I will explain what KDE Connect is and show the process of how to install and set up KDE Connect in Linux Mint
8 Best Free and Open Source OCR Systems
Only free and open source software is eligible for inclusion
Pin It! – pin shortcuts for your favorite portable apps to your app launcher
The software was originally targeted for elementary OS but it’s currently designed for any Linux distro
Review: KDE neon 20240303 and 20240304
KDE neon is an Ubuntu-based Linux distribution released by the KDE project
Kile 2.9.95 / 3.0 beta 4 released
We have a release of Kile 2.9.95, also known as 3.0 beta 4
Distributions and Operating Systems: 10 Best GNU/Linux Distros, Univention Corporate Server 5.0-7, and Qubes OS 4.2.1-rc1
Some distro releases or RCs
Security Leftovers
Lots of CISA updates, too
Today in Techrights
Some of the latest articles
Void Linux’s March 2024 Update Brings Raspberry Pi 5 Support
Void Linux's latest image set, 20240314, is out! Highlights include Raspberry Pi 5 support and improved boot options
New Episodes and Videos About GNU/Linux
Mostly Invidious
Krita vs. GIMP: Which Free Photoshop App is Best?
two leading free and open-source Photoshop alternatives
today's howtos
last batch for today
Sipeed MaixBox M4N AI Box with 43.2 TOPS AXera AX650N SoC can decode/encode up to 32 videos
Sipeed provides a Debian image with Qt support
GNU/Linux Leftovers
or today's leftovers
Android Leftovers
Google Phone app loses the Nearby Places search feature on Android
Programming Leftovers and Education Tidbits
Zig, Swift, and more
Free, Libre, and Open Source Software and Open Access
Mostly FOSS news
Linux Devices and Open Hardware
some hardware news of relevance
Proprietary Security Failures and Shams
4 stories for now
Games: Proton 9.0 Beta 15, Public Domain Game Jam, Playstation Plus From a BSD/Linux User's Perspective, How to Play Games on GNU/Linux
4 stories about gaming
TileOS 1.0 Unveiled for Tiling Window Managers Enthusiasts
TileOS is a Linux distribution based on Debian’s stable branch
7-inch Raspberry Pi CM4-based industrial HMI offers gigabit Ethernet, RS485 Modbus, digital and analog inputs
The NORVI RPI-HMI runs Raspberry Pi OS with all necessary drivers and can be programmed with Python
13 Useful Free and Open Source JavaScript Web Frameworks
All of the software featured here is released under a freely distributable license
Completing the KDE Frameworks 6 transition
Getting the KDE Mega Relase 6 out was a key milestone in the transition to Qt 6 and KDE Frameworks 6
A Sudden Rush [original]
Is there growing interest in GNU/Linux?
Firefox DevTools Newsletter and Mozilla Drops Axe on its Privacy-Friendly Location Service
Some Mozilla news
Programming Leftovers and Gentoo
C++ and more
Linux Kernel, Linux Foundation Leftovers
Some Linux news
OpenPGP Paper Backup, Games on Steam, and CloudNativePG
today's leftovers
Open Hardware: RISC-V, Arduino, and Raspberry Pi
Some hardware news for hackers
Today in Techrights
Some of the latest articles
KDE and openSUSE Tumbleweed News
the latter uses KDE
Security Leftovers
many incidents this weekend
today's howtos
many for Sunday
Proton Mail on GNU/Linux (Beta)
second class
Microsoft's testing an idea to promote Bing in Windows 11 - and it's so awful, it makes me want to install Linux
This should never have made it off the drawing board
Zorin OS 17.1 Released with Enhanced Windows App Support, Education Edition
The Zorin OS team released today Zorin OS 17.1 as the first update to the latest Zorin OS 17 operating system series adding various improvements and updating the Education edition.
Ubuntu Pit's Lists: Hex Editors and Viewers, Notepad++ Alternatives, and CCleaner Alternatives
3 updated lists for GNU/Linux users
9 of the Best Linux Distros for Windows Users
If you’re new to Linux or are switching to Linux from Windows, you’ll want an operating system that is GUI-focused like Windows
Today we launched Flox 1.0
Flox is based on Nix
GNUnet 0.21.1
This is a bugfix release for gnunet 0.21.0
Godot 4.3 dev 5, Godot 4.1.4 RC 2 & Godot 4.2.2 RC 2
Godot releases
Is Fedora Linux a Good Distro? 15 Reasons to Use Fedora Linux
It goes without saying that Fedora GNU/Linux is one of the best GNU/Linux distributions and has significantly distinct properties