Posts for: #linux

Arkane Linux: A Promising Arch-Based Immutable Distro

According to It’s FOSS News, Arkane Linux presents itself as an Arch-based immutable distribution. The operating system is in the development phase, emphasizing caution for those considering it for production environments. Arkane Linux comes in two flavors: the immutable flagship with GNOME desktop and a mutable variant, also GNOME-equipped. This distinction allows users flexibility, especially with the immutable version’s capability to revert to previous system states after updates.

Arkane Linux aims to offer a modern, minimal GNOME-centric experience, leveraging the Arch Linux base for the latest technological advancements and adopting newer GNOME applications over traditional choices. A notable development for Arkane Linux is Arkdep, a toolkit designed by the lead developer to facilitate the building, deployment, and maintenance of immutable, btrfs-based, multi-root systems.

Arkane Linux’s development includes Arkdep, described as an “OS deployment manager” rather than a package manager, emphasizing a straightforward approach to system immutability by replacing the core OS during updates.

Arkane Linux is currently available for AMD64 systems, with plans to expand hardware support, including RISC-V. Interested users can download the distribution from its official website and follow its development on GitHub or join the Matrix chat for more information.

Source: It’s FOSS News.

Armbian Releases OS Version 24.2 Kereru

Armbian Releases OS Version 24.2 Kereru

Armbian has announced the release of version 24.2, codenamed Kereru, introducing numerous improvements to enhance the user experience. Here are the key highlights of this release:

  • Resolved DNS resolution issues on Debian Bookworm
  • Optimized HDMI console performance on Khadas VIM1S and VIM4 devices
  • Streamlined Rockchip patch maintenance for improved stability
  • Expanded hardware compatibility with Xiaomi Mi10, OrangePi Zero 3, and ASUS Tinker Edge R
  • Implementation of the latest Amlogic kernel 5.15.y drop for Khadas VIM1S & VIM4 users
  • Introduced feature for displaying download links
  • Integrated Odroid M1 into the rockchip64 family
  • Added support for Ubuntu 24.04 Noble
  • Upgraded all current kernels to 6.6 LTS
  • Included Home Assistant extensions and security measures like LVM support and CRYPTROOT
  • Implemented cloud-init support and added support for Radxa Rock S0
  • Fixed network interface card failures on OrangePi One+
  • Resolved WiFi and Bluetooth issues on RockPi S devices caused by Edge Kernel
  • Addressed package removal and systemd unit enablement errors
  • Fixed desktop compatibility issues with Cinnamon desktop on Vim4
  • Optimized image loading times on Khadas VIM1S/VIM4 Bookworm

For a full list of actions, visit here.

Debian 12.5: The Latest Update

Debian 12.5: The Latest Update

The Debian project has announced the release of the fifth update for its stable distribution, Debian 12 (codename bookworm). This point release includes important security corrections and fixes for various issues. Security advisories have already been published separately and are available for reference.

This stable update includes important bug fixes for various packages. Here are some notable corrections:

  • apktool: Prevents arbitrary file writes with malicious resource names [CVE-2024-21633]
  • atril: Fixes crash when opening some epub files, index loading for certain epub documents, and adds fallback for malformed epub files in check_mime_type; uses libarchive for extracting documents instead of an external command [CVE-2023-51698]
  • base-files: Updated for the 12.5 point release
  • caja: Fixes desktop rendering artifacts after resolution changes and use of informal date format
  • calibre: Fixes HTML Input to not add resources that exist outside the folder hierarchy rooted at the parent folder of the input HTML file by default [CVE-2023-46303]
  • compton: Removes recommendation of picom
  • cryptsetup: Adds support for compressed kernel modules, handles missing /lib/systemd/system-sleep directory, and changes suffix drop logic to match initramfs-tools
  • debian-edu-artwork: Provides an Emerald theme based artwork for Debian Edu 12
  • debian-edu-config: New upstream release
  • debian-edu-doc: Updates included documentation and translations
  • debian-edu-fai: New upstream release
  • debian-edu-install: New upstream release; fixes security sources.list
  • debian-installer: Increases Linux kernel ABI to 6.1.0-18; rebuilds against proposed-updates
  • debian-installer-netboot-images: Rebuilds against proposed-updates
  • debian-ports-archive-keyring: Adds Debian Ports Archive Automatic Signing Key (2025)
  • dpdk: New upstream stable release
  • dropbear: Fixes terrapin attack [CVE-2023-48795]
  • engrampa: Fixes several memory leaks and archive save as functionality
  • espeak-ng: Fixes buffer overflow and underflow issues, as well as a floating point exception issue [CVE-2023-49990 CVE-2023-49992 CVE-2023-49993 CVE-2023-49991 CVE-2023-49994]
  • filezilla: Prevents Terrapin exploit [CVE-2023-48795]
  • fish: Safely handles Unicode non-printing characters when given as command substitution [CVE-2023-49284]
  • fssync: Disables flaky tests
  • gnutls28: Fixes assertion failure when verifying a certificate chain with a cycle of cross signatures [CVE-2024-0567] and timing side-channel issue [CVE-2024-0553]
  • indent: Fixes buffer under read issue [CVE-2024-0911]
  • isl: Fixes use on older CPUs
  • jtreg7: New source package to support builds of openjdk-17
  • libdatetime-timezone-perl: Updates included timezone data
  • libde265: Fixes buffer overflow issues [CVE-2023-49465 CVE-2023-49467 CVE-2023-49468]
  • libfirefox-marionette-perl: Fixes compatibility with newer firefox-esr versions
  • libmateweather: Fixes URL for aviationweather.gov
  • libspreadsheet-parsexlsx-perl: Fixes possible memory bomb [CVE-2024-22368] and XML External Entity issue [CVE-2024-23525]
  • linux: New upstream stable release; bumps ABI to 18
  • linux-signed-amd64: New upstream stable release; bumps ABI to 18
  • linux-signed-arm64: New upstream stable release; bumps ABI to 18
  • linux-signed-i386: New upstream stable release; bumps ABI to 18
  • localslackirc: Sends authorization and cookie headers to the websocket
  • mariadb: New upstream stable release; fixes denial of service issue [CVE-2023-22084]
  • mate-screensaver: Fixes memory leaks
  • mate-settings-daemon: Fixes memory leaks, relaxes High DPI limits, and fixes handling of multiple rfkill events
  • mate-utils: Fixes various memory leaks
  • monitoring-plugins: Fixes check_http plugin when –no-body is used and the upstream response is chunked
  • needrestart: Fixes microcode check regression on AMD CPUs
  • netplan.io: Fixes autopkgtests with newer systemd versions
  • nextcloud-desktop: Fixes syncing files with special characters like ‘:’ and two-factor authentication notifications
  • node-yarnpkg: Fixes use with Commander 8
  • onionprobe: Fixes initialization of Tor if using hashed passwords
  • pipewire: Uses malloc_trim() to release memory when available
  • pluma: Fixes memory leak issues and double activation of extensions
  • postfix: New upstream stable release; addresses SMTP smuggling issue [CVE-2023-51764]
  • proftpd-dfsg: Implements fix for the Terrapin attack [CVE-2023-48795] and fixes out-of-bounds read issue [CVE-2023-51713]
  • proftpd-mod-proxy: Implements fix for the Terrapin attack [CVE-2023-48795]
  • pypdf: Fixes infinite loop issue [CVE-2023-36464]
  • pypdf2: Fixes infinite loop issue [CVE-2023-36464]
  • pypy3: Avoids an rpython assertion error in the JIT if integer ranges don’t overlap in a loop
  • qemu: New upstream stable release; fixes virtio-net, null pointer dereference, and suspend/resume functionality issues [CVE-2023-6693 CVE-2023-6683]
  • rpm: Enables the read-only BerkeleyDB backend
  • rss-glx: Installs screensavers into /usr/libexec/xscreensaver and calls GLFinish() prior to glXSwapBuffers()
  • spip: Fixes two cross-site scripting issues
  • swupdate: Prevents acquiring root privileges through inappropriate socket mode
  • systemd: New upstream stable release; fixes missing verification issue in systemd-resolved [CVE-2023-7008]
  • tar: Fixes boundary checking in base-256 decoder [CVE-2022-48303] and handling of extended header prefixes [CVE-2023-39804]
  • tinyxml: Fixes assertion issue [CVE-2023-34194]
  • tzdata: New upstream stable release
  • usb.ids: Updates included data list
  • usbutils: Fixes usb-devices not printing all devices
  • usrmerge: Cleans up biarch directories when not needed, avoids running convert-etc-shells again on converted systems, handles mounted /lib/modules on Xen systems, improves error reporting, and adds versioned conflicts with libc-bin, dhcpcd, libparted1.8-10, and lustre-utils
  • wolfssl: Fixes security issue when client sends neither PSK nor KSE extensions [CVE-2023-3724]
  • xen: New upstream stable release; includes security fixes [CVE-2023-46837 CVE-2023-46839 CVE-2023-46840]

For a complete list of package changes in this revision, you can visit https://deb.debian.org/debian/dists/bookworm/ChangeLog.

After a 16-year hiatus, Damn Small Linux makes a triumphant return

Damn Small Linux (DSL) is making a comeback after 16 years with the release of DSL 2024. This lightweight distribution, based on antiX 23, offers a unique experience in the world of Debian-based and Fedora-based distros.

DSL used to be a compact distro, only 50 MB in size, but it has now been updated to better suit the current state of computing. Despite the changes, it remains a great option for older computers with modest specifications. Currently in alpha, DSL 2024 features version 5.10 of the Linux kernel and Debian 12 ‘Bookworm’ at its core. It comes with two window managers, Fluxbox and JWM, and apt is fully enabled by default for easy package installations. Due to the updates and improvements, the ISO size of DSL has increased to around 700 MB. The goal of the developers is to provide a usable desktop experience that can fit on a single CD with a maximum limit of 700 MB. This is to ensure that older computers can continue to be used for as long as possible.

The application suite in DSL 2024 is extensive and includes zzzFM as the file manager, mtPaint for graphics editing, BadWolf as the default web browser, and tmux as the terminal multiplexer.

Source: It’s FOSS News.

Incus 0.5.1 Release: Bug Fixes and Compatibility Updates for CentOS, AlmaLinux and Rocky Linux VMs

Incus 0.5.1 Release: Bug Fixes and Compatibility Updates for CentOS, AlmaLinux and Rocky Linux VMs

Incus 0.5.1 has been released. This release includes important bugfixes and a minor feature addition that caters to those running CentOS, AlmaLinux and Rocky Linux virtual machines.

One of the highlights of this release is the alternative way to get the VM agent. In the previous version, there was a single share named config that included both the instance-specific agent configuration and the incus-agent binary. However, this approach was wasteful and required a copy of the large incus-agent for every VM. With Incus 0.5.1, a separate share was introduced just for the binaries to avoid copying them for every VM. This change reduces resource usage on the host system.

Another important fix in this release is the handling of stopped instances during evacuation. In Incus 0.5, a bug caused stopped instances to be relocated to other systems during evacuation, even if they were configured to remain where they were. This bug has been corrected in Incus 0.5.1, ensuring that instances using stopped, force-stop, or stateful-stop will remain on their current server.

There are also some database performance fixes in this release. Improvements in Incus 0.5 unintentionally caused nested database transactions when fetching network information details for a large number of instances. This issue became visible when using an Incus cluster that serves DNS zones and has its metrics scraped by Prometheus. The fix removes the nested transactions and optimizes database interactions during command API interactions.

Here is the complete changelog for Incus 0.5.1:

  • Translated using Weblate (German)
  • Translated using Weblate (Dutch)
  • incus/action: Fix resume
  • Translated using Weblate (Japanese)
  • Translated using Weblate (Japanese)
  • Translated using Weblate (Japanese)
  • doc: Remove net_prio
  • incusd/cgroup: Fully remove net_prio
  • incusd/warningtype: Remove net_prio
  • incusd/cgroup: Look for full cgroup controllers list at the root
  • incusd/dns: Serialize DNS queries
  • incusd/network: Optimize UsedByInstanceDevices
  • incusd/backups: Simplify missing backup errors
  • tests: Update for current backup errors
  • incusd/cluster: Optimize ConnectIfInstanceIsRemote
  • incusd/instance/qemu/agent-loader: Fix to work with busybox
  • doc/installing.md: add a gentoo-wiki link under Gentoo section
  • Translated using Weblate (French)
  • Translated using Weblate (Dutch)
  • incusd/device/disk: Better cleanup cloud-init ISO
  • incusd/instance/qemu/qmp: Add Eject command
  • incusd/instance/qemu/qmp: Handle eject requests
  • api: agent_config_drive
  • doc/devices/disk: Add agent:config drive
  • incusd/device/disk: Add agent config drive
  • incusd/project: Add support for agent config drive
  • incusd/instance/qemu/agent-loader: Handle agent drive
  • incusd/db/warningtype: gofmt
  • incusd/loki: Sort lifecycle context keys
  • incusd/instance/qemu/agent-loader: Don’t hardcode paths
  • incusd/cluster: Fix evacuation of stopped instances

For more information, you can refer to the Incus documentation.

Ubuntu 24.04 LTS Aims to Include Linux 6.8 Kernel

Canonical has laid out their kernel plans for Ubuntu 24.04 LTS and they are being hopeful with tentative plans to ship the in-development Linux 6.8 kernel as their default kernel on this next long-term support Ubuntu desktop/server distribution. Linux 6.8 has a lot of great features and improvements in store from hardware support to new optimizations and more. Andrea Righi of Canonical announced the tentative plans for Linux 6.8 in Ubuntu 24.04. An experimental kernel build is already available via a PPA.

Source: Phoronix.