Post Syndicated from jzb original https://lwn.net/Articles/964559/

Security updates have been issued by Debian (libapache2-mod-auth-openidc, libuv1, php-phpseclib, and phpseclib), Red Hat (buildah, cups, curl, device-mapper-multipath, emacs, fence-agents, frr, fwupd, gmp, gnutls, golang, haproxy, keylime, libfastjson, libmicrohttpd, linux-firmware, mysql, openssh, rear, skopeo, sqlite, squid, systemd, and tomcat), Slackware (mozilla), SUSE (kernel-firmware-nvidia-gspx-G06, nvidia-open- driver-G06-signed, postgresql-jdbc, python, python-cryptography, rubygem-rack, wpa_supplicant, and xmlgraphics-batik), and Ubuntu (c-ares, firefox, libde265, libgit2, and ruby-image-processing).

Post Syndicated from jzb original https://lwn.net/Articles/963986/

Tails 6.0 is now available. Based on Debian, Tails is a portable operating system designed to run from a USB stick and help users avoid surveillance and censorship. This release updates most Tails applications, and includes important security and usability improvements.

One major new feature in 6.0 is to provide warnings to users about
errors when reading or
writing to persistent storage. This release now ignores USB devices plugged in while the screen is locked, and removes some file and disk-wiping features from the Files application that are “not reliable enough” on USB sticks and SSDs to continue offering to users.

Users of Tails prior to 6.0~rc1 will need to do a manual
upgrade to retain persistent storage. New users can download Tails for
USB, or as
an ISO
to create a DVD or run Tails in a virtual machine.

Post Syndicated from jzb original https://lwn.net/Articles/963851/

It’s been nearly 10 years since
KDE Plasma 5,
which is the last major release of the desktop.
On February 28 the project announced its “mega release” of KDE
Plasma 6, KDE Frameworks 6, and KDE Gear 24.02 — all based on the Qt 6 development framework. This
release focuses heavily on migrating to Wayland, and aspires to be a seamless
upgrade for the user while improving performance, security, and support
for newer hardware. For developers, a lot of work has gone into removing
deprecated frameworks and decreasing dependencies to make it easier to write
applications targeting KDE.

Post Syndicated from jzb original https://lwn.net/Articles/963957/

Security updates have been issued by Debian (knot-resolver and wpa), Fedora (chromium, kernel, thunderbird, and yarnpkg), Mageia (c-ares), Oracle (firefox, kernel, opensc, postgresql:13, postgresql:15, and thunderbird), Red Hat (edk2, gimp:2.8, and kernel), SUSE (bind, bluez, container-suseconnect, dnsdist, freerdp, gcc12, gcc7, glib2, gnutls, kernel, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, libqt5-qtbase, libqt5-qtsvg, nodejs18, nodejs20, openssl, openssl-1_0_0, poppler, python-crcmod, python-cryptography, python-cryptography- vectors, python-pip, python-requests, python3-requests, python311, python39, rabbitmq-c, samba, sccache, shim, SUSE Manager 4.2, SUSE Manager Server 4.2, the Linux-RT Kernel, and thunderbird), and Ubuntu (less, openssl, php7.0, php7.2, php7.4, and tiff).

Post Syndicated from jzb original https://lwn.net/Articles/963730/

Version 0.6 of Incus, a fork of LXD, has been released. This release includes a number of changes, including a new storage driver called lvmcluster, improvements for Open Virtual Network (OVN) users, improvements to migration tooling, a number of new security features, and storage bucket backup and re-import. See the release announcement for detailed release notes and complete list of changes. The announcement notes that a Long Term Support (LTS) release of Incus is planned in a few months “to coincide with the LTS releases of LXC and LXCFS“.

Post Syndicated from jzb original https://lwn.net/Articles/963725/

Security updates have been issued by Debian (gnutls28, iwd, libjwt, and thunderbird), Fedora (chromium, expat, mingw-expat, mingw-openexr, mingw-python3, mingw-qt5-qt3d, mingw-qt5-qtactiveqt, mingw-qt5-qtbase, mingw-qt5-qtcharts, mingw-qt5-qtdeclarative, mingw-qt5-qtgraphicaleffects, mingw-qt5-qtimageformats, mingw-qt5-qtlocation, mingw-qt5-qtmultimedia, mingw-qt5-qtquickcontrols, mingw-qt5-qtquickcontrols2, mingw-qt5-qtscript, mingw-qt5-qtsensors, mingw-qt5-qtserialport, mingw-qt5-qtsvg, mingw-qt5-qttools, mingw-qt5-qttranslations, mingw-qt5-qtwebchannel, mingw-qt5-qtwebsockets, mingw-qt5-qtwinextras, mingw-qt5-qtxmlpatterns, and thunderbird), Gentoo (btrbk, Glances, and GNU Aspell), Mageia (clamav and xen, qemu and libvirt), Oracle (firefox and postgresql), Red Hat (firefox, opensc, postgresql:10, postgresql:12, postgresql:13, postgresql:15, thunderbird, and unbound), SUSE (firefox, java-1_8_0-ibm, libxml2, and thunderbird), and Ubuntu (binutils, linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-oracle,
linux-raspi, linux-starfive, linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-gcp,
linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm,
linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm,
linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15,
linux-raspi, linux-azure, linux-oem-6.1, and roundcube).

Post Syndicated from jzb original https://lwn.net/Articles/963095/

The world of open-source “forges” is becoming a little more fragmented. The Forgejo project is a software-development platform that started as a “soft” fork of Gitea in late 2022. On February 16, Forgejo announced its intent to become a “hard fork” of Gitea to help address its mission of community-controlled development and to “liberate software development from the shackles of proprietary tools“. In a world where proprietary tools cast a long shadow over open-source development that’s a welcome sentiment—if the project can deliver.

Post Syndicated from jzb original https://lwn.net/Articles/962787/

Qubes OS is a security-focused desktop Linux distribution built on Fedora Linux and the Xen hypervisor. Qubes uses virtualization to run applications, system services, and devices access via virtual machines called “qubes” that have varying levels of trust and persistence to provide an open-source “reasonably secure” operating system with “serious privacy“. The Qubes 4.2.0 release, from December 2023, brings a number of refinements to make Qubes OS easier to manage and use.

Post Syndicated from jzb original https://lwn.net/Articles/962553/

The openSUSE News blog looks at the roadmap for Agama (a new installer from the YaST development team) with releases planned for April and July:

The milestone in April is set to revolutionize Agama’s architecture. It will be moving away from its reliance on Cockpit toward a more autonomous framework that is coupled with a refined user interface that aims to streamline storage configurations.

The aim of the second milestone is to improve Agama’s flexibility and capabilities for unattended installations, which seeks to position Agama as a formidable alternative to AutoYaST.

The Agama page explains why YaST is due for replacement.

Post Syndicated from jzb original https://lwn.net/Articles/961871/

The FreeBSD Project has announced that it intends to deprecate 32-bit platforms “over the next couple of major releases“.

We anticipate FreeBSD 15.0 will not include the armv6, i386, and powerpc platforms, and FreeBSD 16.0 will not include armv7. Support for executing 32-bit binaries on 64-bit kernels will be retained through at least the lifetime of the stable/16 branch if not longer.

The announcement notes that support for some 32-bit platforms “may be extended if there is both demand and commitment to increased developer resources“. More details about the current plans for 32-bit platforms are available in the FreeBSD 14.0-RELEASE Release Notes.

Post Syndicated from jzb original https://lwn.net/Articles/961086/

Once again, runc—a tool
for spawning and running OCI containers—is drawing attention due to a high
severity container breakout attack. This vulnerability is interesting for
several reasons: its potential for widespread impact, the continued difficulty
in actually containing containers, the dangers of running containers
as a privileged user, and the fact that this vulnerability is made possible
in part by a response to a previous
container breakout flaw in runc.

Post Syndicated from jzb original https://lwn.net/Articles/961653/

Fedora Magazine has announced the creation Fedora Atomic Desktops: a way of branding Fedora’s growing set of rpm-ostree spins. Joseph Gayso wrote “we’ve seen more of our mainline Fedora Linux spins make the jump to offer a version that implements rpm-ostree. It’s reached the point where it can be hard to talk about all of them at the same time. Therefore we’ve introduced a new brand that will serve to simplify how we discuss rpm-ostree and how we name future atomic spins.” LWN covered Project Bluefin, which is based on Fedora’s rpm-ostree work, in December of 2023.