Other Sites

9to5Linux

Ubuntu Touch OTA-24 Released for Ubuntu Phone Users, Here’s What’s New

Ubuntu Touch OTA-24 is here almost five months after Ubuntu Touch OTA-23 and while it’s still based on the Ubuntu 16.04 (Xenial Xerus) upstream repositories, it introduces further improvements to increase the overall stability and reliability of the mobile OS.

TUXEDO Stellaris 17 and Polaris 15 Linux Gaming Laptops Get High-End NVIDIA GPUs

If you’re in the market for a new gaming laptop, the TUXEDO Stellaris 17 and Polaris 15 Gen4 are now available for pre-order with the NVIDIA GeForce RTX 3060 graphics card and AMD Ryzen 7 6800H processor for the TUXEDO Polaris 15 model, as well as the NVIDIA GeForce RTX 3070 Ti or 3080 Ti graphics cards and AMD Ryzen 9 6900HX processor for the TUXEDO Stellaris 17 variant.

LibreOffice 7.4.3 Open-Source Office Suite Released with 100 Bug Fixes, Download Now

LibreOffice 7.4.3 is here six weeks after the LibreOffice 7.4.2 point release and includes a total of 100 bug fixes that improve document interoperability and the reliability of the LibreOffice 7.4 office suite series. For more details on these bug fixes, check out the RC1 and RC2 changelogs.

Qt Creator 9 Released with Experimental Squish Support, C++ and QML Improvements

Qt Creator 9 is here about four months after Qt Creator 8 and introduces experimental Squish support through a new plugin that lets you open existing Squish test suites, create new test suites and test cases, record test cases, run test suites or cases and view the results in the Squish output using Squish Runner and Server.

Ubuntu 23.04 (Lunar Lobster) Daily Builds Are Now Available for Download

Ubuntu 23.04‘s six-month-long development cycle kicked off at the end of October 2022 with the toolchain upload. Now, early adopters and application developers can download the daily build ISOs, which appeared earlier today on the official servers.

LinuxGizmos.com

T-Mobile launches IoT Kit supporting 4G LTE, Wi-Fi and BLE

T-Mobile recently launched their first developer kit designed to speed up the development of IoT applications that require “transmitting small amounts of data over long periods of time.” The DevEdge is powered by a Cortex-M4 processor, wireless connectivity, diverse sensors and it runs on a Zephyr-based SDK.

Banana Pi introduces SenaryTech SN3680 based SBC

Banana Pi’s new SBC board features the SenaryTech SN3680 SoC which combines a quad-core CPU, 6.75 TOPS NPU and a GE9920 GPU. The BPI-M6 also provides 4Kp60 display support, 1x GbE port, and optional wireless connectivity.

Ryzen Embedded 3000 based fanless PC equipped with up to 6x LAN ports

SolidRun recently unveiled an industrial-grade PC built around the AMD Ryzen Embedded V3000 processor. The Bedrock PC comes with up to 4x 2.5GbE LAN ports, 2x 10GbE LAN ports, 3x M.2 2280 sockets and optional wireless connectivity.

OpenSSH 9.1 released (UPDATED)

posted by Roy Schestowitz on Oct 04, 2022,
updated Oct 05, 2022

OpenSSH 9.1 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.


OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.


Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html


Changes since OpenSSH 9.0
=========================


This release is focused on bug fixing.


Security
========


This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.


 * ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
   Reported by Qualys


 * ssh-keygen(1): double free() in error path of file hashing step in
   signing/verify code; GHPR333


 * ssh-keysign(8): double-free in error path introduced in openssh-8.9


Potentially-incompatible changes
--------------------------------


 * The portable OpenSSH project now signs commits and release tags
   using git's recent SSH signature support. The list of developer
   signing keys is included in the repository as .git_allowed_signers
   and is cross-signed using the PGP key that is still used to sign
   release artifacts:
   https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc


 * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
   are now first-match-wins to match other directives. Previously
   if an environment variable was multiply specified the last set
   value would have been used. bz3438


 * ssh-keygen(8): ssh-keygen -A (generate all default host key types)
   will no longer generate DSA keys, as these are insecure and have
   not been used by default for some years.


New features
------------


 * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
   RSA key length. Keys below this length will be ignored for user
   authentication and for host authentication in sshd(8). 


   ssh(1) will terminate a connection if the server offers an RSA key
   that falls below this limit, as the SSH protocol does not include
   the ability to retry a failed key exchange.


 * sftp-server(8): add a "users-groups-by-id@openssh.com" extension
   request that allows the client to obtain user/group names that
   correspond to a set of uids/gids.


 * sftp(1): use "users-groups-by-id@openssh.com" sftp-server
   extension (when available) to fill in user/group names for
   directory listings.


 * sftp-server(8): support the "home-directory" extension request
   defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
   a bit with the existing "expand-path@openssh.com", but some other
   clients support it.


 * ssh-keygen(1), sshd(8): allow certificate validity intervals,
   sshsig verification times and authorized_keys expiry-time options
   to accept dates in the UTC time zone in addition to the default
   of interpreting them in the system time zone. YYYYMMDD and
   YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
   with a 'Z' character.


   Also allow certificate validity intervals to be specified in raw
   seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
   is intended for use by regress tests and other tools that call
   ssh-keygen as part of a CA workflow. bz3468


 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
   "/usr/libexec/sftp-server -el debug3"


 * ssh-keygen(1): allow the existing -U (use agent) flag to work
   with "-Y sign" operations, where it will be interpreted to require
   that the private keys is hosted in an agent; bz3429


Bugfixes
--------


 * ssh-keygen(1): implement the "verify-required" certificate option.
   This was already documented when support for user-verified FIDO
   keys was added, but the ssh-keygen(1) code was missing.


 * ssh-agent(1): hook up the restrict_websafe command-line flag;
   previously the flag was accepted but never actually used.


 * sftp(1): improve filename tab completions: never try to complete
   names to non-existent commands, and better match the completion
   type (local or remote filename) against the argument position
   being completed.


 * ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key
   handling, especially relating to keys that request
   user-verification. These should reduce the number of unnecessary
   PIN prompts for keys that support intrinsic user verification.
   GHPR302, GHPR329


 * ssh-keygen(1): when enrolling a FIDO resident key, check if a
   credential with matching application and user ID strings already
   exists and, if so, prompt the user for confirmation before
   overwriting the credential. GHPR329


 * sshd(8): improve logging of errors when opening authorized_keys
   files. bz2042


 * ssh(1): avoid multiplexing operations that could cause SIGPIPE from
   causing the client to exit early. bz3454


 * ssh_config(5), sshd_config(5): clarify that the RekeyLimit
   directive applies to both transmitted and received data. GHPR328


 * ssh-keygen(1): avoid double fclose() in error path.


 * sshd(8): log an error if pipe() fails while accepting a
   connection. bz3447


 * ssh(1), ssh-keygen(1): fix possible NULL deref when built without
   FIDO support. bz3443


 * ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage.
   GHPR294.


 * sshd(8): ensure that authentication passwords are cleared from
   memory in error paths. GHPR286


 * ssh(1), ssh-agent(1): avoid possibility of notifier code executing
   kill(-1). GHPR286


 * ssh_config(5): note that the ProxyJump directive also accepts the
   same tokens as ProxyCommand. GHPR305.


 * scp(1): do not not ftruncate(3) files early when in sftp mode. The
   previous behaviour of unconditionally truncating the destination
   file would cause "scp ~/foo localhost:foo" and the reverse
   "scp localhost:foo ~/foo" to delete all the contents of their
   destination. bz3431


 * ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is
   unable to load a private key; bz3429


 * sftp(1), scp(1): when performing operations that glob(3) a remote
   path, ensure that the implicit working directory used to construct
   that path escapes glob(3) characters. This prevents glob characters
   from being processed in places they shouldn't, e.g. "cd /tmp/a*/",
   "get *.txt" should have the get operation treat the path "/tmp/a*"
   literally and not attempt to expand it.


 * ssh(1), sshd(8): be stricter in which characters will be accepted
   in specifying a mask length; allow only 0-9. GHPR278


 * ssh-keygen(1): avoid printing hash algorithm twice when dumping a
   KRL


 * ssh(1), sshd(8): continue running local I/O for open channels
   during SSH transport rekeying. This should make ~-escapes work in
   the client (e.g. to exit) if the connection happened to have
   stalled during a rekey event.


 * ssh(1), sshd(8): avoid potential poll() spin during rekeying


 * Further hardening for sshbuf internals: disallow "reparenting" a
   hierarchical sshbuf and zero the entire buffer if reallocation
   fails. GHPR287


Portability
-----------


 * ssh(1), ssh-keygen(1), sshd(8): automatically enable the built-in
   FIDO security key support if libfido2 is found and usable, unless
   --without-security-key-builtin was requested.


 * ssh(1), ssh-keygen(1), sshd(8): many fixes to make the WinHello
   FIDO device usable on Cygwin. The windows://hello FIDO device will
   be automatically used by default on this platform unless requested
   otherwise, or when probing resident FIDO credentials (an operation
   not currently supported by WinHello).


 * Portable OpenSSH: remove workarounds for obsolete and unsupported
   versions of OpenSSL libcrypto. In particular, this release removes
   fallback support for OpenSSL that lacks AES-CTR or AES-GCM.


   Those AES cipher modes were added to OpenSSL prior to the minimum
   version currently supported by OpenSSH, so this is not expected to
   impact any currently supported configurations.


 * sshd(8): fix SANDBOX_SECCOMP_FILTER_DEBUG on current Linux/glibc


 * All: resync and clean up internal CSPRNG code.


 * scp(1), sftp(1), sftp-server(8): avoid linking these programs with
   unnecessary libraries. They are no longer linked against libz and
   libcrypto. This may be of benefit to space constrained systems
   using any of those components in isolation.


 * sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox
   architectures.


 * configure: remove special casing of crypt(). configure will no
   longer search for crypt() in libcrypto, as it was removed from
   there years ago. configure will now only search libc and libcrypt.


 * configure: refuse to use OpenSSL 3.0.4 due to potential RCE in its
   RSA implementation (CVE-2022-2274) on x86_64.


 * All: request 1.1x API compatibility for OpenSSL >=3.x; GHPR#322


 * ssh(1), ssh-keygen(1), sshd(8): fix a number of missing includes
   required by the XMSS code on some platforms.


 * sshd(8): cache timezone data in capsicum sandbox.


Checksums:
==========


- SHA1 (openssh-9.1.tar.gz) = 3ae2d6a3a695d92778c4c4567dcd6ad481092f6c
- SHA256 (openssh-9.1.tar.gz) = QKfVArlcItV+e8V1Th85TL5//5d/AvOUhYOeHMDEGuE=


- SHA1 (openssh-9.1p1.tar.gz) = 15545440268967511d3194ebf20bcd0c7ff3fcc9
- SHA256 (openssh-9.1p1.tar.gz) = GfhQCcfj4jeH8CNvuxV4OSq01L+fjsX+a8HNfov90og=


Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available from the mirror sites:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc


Reporting Bugs:
===============


- Please read https://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

UPDATE

A couple of reference pages:

Announce: OpenSSH 9.1 released

OpenSSH 9.1 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly.
OpenSSH 9.1/9.1p1 (2022-10-04)

This release contains fixes for three minor memory safety problems. None are believed to be exploitable, but we report most memory safety problems as potential security vulnerabilities out of caution.

Other Recent Tux Machines' Posts

PipeWire, Flatpak, YaST packages update in Tumbleweed (UPDATED): This week saw the continuous release of openSUSE Tumbleweed snapshots reach 42
Fedora: Wayland in Blender and (Community Platform Engineering (CPE) Weekly Update: Fedora reports
Games: SC Controller in SparkyLinux, Pixel Wheels 0.24.0, and Linux on Nintendo Wii: Gaming stories
Programming Leftovers: Coding-related links
Gemini Articles of Interest: Gemini protocol posts and pages from the past few days
today's howtos: 4 more howtos
EasyOS Dunfell-series version 4.5.2 released: This is another bug-fix release for version 4.5
What Linux distributions to recommend to computer scientists: To have great and enough documentation, a distribution like Fedora or a non-LTS Ubuntu version is not what I recommend
Videos: News, Ubuntu Terminal Ads, and Qtile "Extras" Gives You Even More Customization Options: 3 new videos
Pop OS Review: Reasons why its an all-rounder Linux distro: Few reasons why System76’s Pop OS is the best all-rounder Ubuntu-based Linux distribution
lnav: Advanced Log File Viewer for Linux Desktops and Servers: lnav can unzip all the compressed log files on the fly and merge them together for a nice display
Panorama photo stitcher - Hugin 2022 in Beta Now: Hugin, the popular free and open-source panorama photo stitcher application, now is in beta stage for the upcoming 2022 version.
today's howtos: 5 more howtos for the day
10 Best Windows Alternative OS: Which One is Best for You?: There are many other operating systems that are faster and more useful than Windows
Android Leftovers: Google and other OEMs have yet to patch a critical Android security flaw
Free Software Leftovers: 4 final links
Devices Leftovers: 4 more stories
Programming Leftovers: Coding, with R, perl, Python..
FUD and Proprietary Software: 4 stories
Open and Linux-centric Hardware: Arduino, Raspberry Pi, and More: Lots in this category toay
today's howtos: afternoon howtos
WineHQ - Wine Announcement - The Wine development release 7.22 is now available.: Binary packages for various distributions will be available
Android Leftovers: These Samsung devices are set to get the latest Android features
This week in KDE: Humongous UI improvements: This week we have a lot of large and impactful user interface improvements across multiple apps and Plasma
Games: Euro Truck Simulator, Heroic Games Launcher, and Creator Day: 3 posts by Liam Dawe
today's howtos: morning howtos
Kick-off for EU database of public domain works and digital access to scientific works: EU Parliament approved the funding of two pilot projects in the field of free knowledge
Open source is a hard requirement for reproducibility: And I’m not only talking about the code you typed for your research paper/report/analysis. I’m talking about the whole ecosystem that you used to type your code.
Maui 2.2.1 Release - MauiKit: Today, we bring you a new special report on the Maui Project’s progress.
Today in Techrights: Latest posts in Techrights
Software: WriteFreely, LibreOffice, and More: Assorted posts about software
Programming Leftovers: Cairo, GoReleaser, and more
Open Hardware/Modding: Raspberry Pi, Jetson Nano, Arduino: Open-ended projects
Security Leftovers: Patches, tips, and DRM
Shows and Videos: Python, Going Linux, Zorin OS 16.2 Core, and More: 4 new ones
today's howtos: 4 howtos
Linux 5.10.156, 5.4.225, 4.19.267, 4.14.300, and 4.9.334: Stable releases
Violence, sexism, racist harassment and physical abuse at FOSDEM, DebConf, FrOSCon, Debian, OSI: FOSDEM organization is getting under way and volunteers have already started receiving anonymous threats and insults
This Week in GNOME: #71 Increased Circle: Update on what happened across the GNOME project in the week from November 18 to November 25
Android Leftovers: How to Develop Android Apps in Linux
Free Software Leftovers: FSF and more
Programming Leftovers: Coding links
today's howtos: half a dozen howtos, mostly from howtoforge
Open Hardware/Modding: Arduino, Raspberry Pi, and More: Several projects and products
89 operating systems: curl has manged to reach its ten billion installations.
Germany Bans Proprietary Microsoft Spyware, Other Privacy News: 3 links
How to Develop Android Apps in Linux: Here you will find everything you need to know about building, publishing, and releasing an app on Android
4 Must-Have Extensions for a More Complete GNOME Experience: These extensions are a must if you're looking to personalize GNOME to suit your preferences.
Red Hat and Fedora Leftovers: Most, but not all, are fluff today
Ubuntu Touch OTA-24 Released for Ubuntu Phone Users, Here’s What’s New: The UBports Foundation announced today the release of the OTA-24 software update for its Ubuntu Touch mobile operating system for supported Ubuntu Phone devices.
Ubuntu Touch OTA-24 Release: Today we are happy to announce the release of Ubuntu Touch OTA-24, the very latest update to the system
Videos: Blur My Shell (GNOME), SlowCat, and More: 5 new videos
Excellent News! Midori Browser to Integrate its Own Open Source Engine for a Strong Comeback: Midori web browser is active (in beta) and available as a free and open-source offering.
Uruk GNU/Linux 3.0: A 100% free simple distro that fulfills our desires
First Look at the Upcoming Fedora Web-Based Installer (UPDATED): Fedora announced the first public preview of the new web-based Anaconda Installer, significantly simplifying the installation process
Let’s Go: Ubuntu 23.04 Daily Builds Available to Download (UPDATED): Development is officially underway on Ubuntu 23.04 ‘Lunar Lobster’, the next interim release of Ubuntu
today's leftovers: Ubuntu, SUSE, and Krita
Games: Isonzo, Steam Deck, Europa Universalis IV, More: Articles from Liam Dawe
GNU and KDE Fundraising (UPDATED): Ahead of Buy Nothing Day
today's howtos: many afternoon howtos
Android Leftovers: AIoTBOX-3568GK industrial control box offers six USB ports, RS232, RS485, CAN Bus, LVDS, and more
Rnote: An Open-Source Drawing App for Notes and Annotation: Rnote allows you to take notes, draw, and annotate documents. Sounds like you need it? Let us explore more
TUXEDO Stellaris 17 and Polaris 15 Linux Gaming Laptops Get High-End NVIDIA GPUs: TUXEDO Computers announced today the 4th generation of its TUXEDO Stellaris 17 and TUXEDO Polaris 15 Linux-powered gaming laptops with updated components up to AMD Ryzen 9 CPUs and NVIDIA RTX 3080 Ti GPUs.
Android Leftovers: Why Samsung makes the only Android tablets worth buying
Today in Techrights: Latest posts in Techrights
today's leftovers: Games and programming links
Gemini Articles of Interest: Gemini protocol posts and pages from the past few days
7 Best Mastodon Server Instances to Join by the Twitter Emigrants: Leaving Twitter after Elon Musk’s takeover? Well, you are not alone.
LibreOffice 7.4.3 Open-Source Office Suite Released with 100 Bug Fixes, Download Now: The Document Foundation announced today LibreOffice 7.4.3 as the third maintenance update to the latest LibreOffice 7.4 “Community” open-source, free, and cross-platform office suite.
today's howtos: many howtos
EU anti-trust action against Microsoft likely over bundling apps: report: Reuters reported that the European Commission, the executive arm of the EU, had been looking into the Slack complaint since October last year
Best Extensions for GNOME Top Bar: Use these GNOME top bar extensions to transform your GNOME desktop’s top bar from mundane to extraordinary.
Concurrency, Parallelism, I/O Scheduling, Thread Pooling, and Work-Stealing: Around 15 years ago I worked on some interesting pieces of software which are unfortunately still not part of my daily toolbox in GNOME and GTK programming
Recent AudioTube improvements: Since the last post about AudioTube, a lot has happened
Best Free and Open Source Screen-readers: A screen-reader is a computer application designed to provide spoken feedback to a blind or visually impaired person
Videos and Shows: Rsync, Twitter, Linux in the Ham Shack, and Linux Action News: 4 new ones