Тег: linux

CachyOS July 2024 Release

This is our 8th release this year, and we are very proud to announce a new optimized repository. Starting with this release, we are providing a Zen4 optimized repository. This repository will be automatically used at new installation for Zen4 and Zen5 CPUs, to provide the best performance.

The znver4 target provides a bunch of extra avx512 extensions and also other instructions. Here you can find a list of the additional used instructions by the compiler compared to the x86-64-v4 target: abm, adx, aes, avx512bf16, avx512bitalg, avx512ifma, avx512vbmi, avx512vbmi2, avx512vnni, avx512vpopctndq, clflushopt, clwb, clzero, fsgsbase, gfni, mwaitx, pclmul, pku. prfchw, rpdid, rdrnd, rdseed, sha, sse4a, vaes, vockmulqdq, wbnoinvd, savec, xsaveopt, xsaves

Софт

Qubes OS 4.2.2

The Qubes OS team have announced a new update to the project's security-focused operating system. One of the significant changes in Qubes OS 4.2.2 is an adjustment to how files are transferreed between isolated envirnonments, called qubes. "Qubes 4.2.2 includes a fix for #8332: File-copy qrexec service is overly restrictive. As explained in the issue comments, we introduced a change in Qubes 4.2.0 that caused inter-qube file-copy/move actions to reject filenames containing, e.g., non-Latin characters and certain symbols. The rationale for this change was to mitigate the security risks associated with unusual unicode characters and invalid encoding in filenames, which some software might handle in an unsafe manner and which might cause confusion for users. Such a change represents a trade-off between security and usability. After the change went live, we received several user reports indicating more severe usability problems than we had anticipated. Moreover, these problems were prompting users to resort to dangerous workarounds (such as packing files into an archive format prior to copying) that carry far more risk than the original risk posed by the unrestricted filenames. In addition, we realized that this was a backward-incompatible change that should not have been introduced in a minor release in the first place. Therefore, we have decided, for the time being, to restore the original (pre-4.2) behavior by introducing a new allow-all-names argument for the qubes.Filecopy service. By default, qvm-copy and similar tools will use this less restrictive service (qubes.Filecopy +allow-all-names) whenever they detect any files that would be have been blocked by the more restrictive service (qubes.Filecopy +). If no such files are detected, they will use the more restrictive service."

Софт

Finnix 126

Finnix 126, a new version of the project's small Debian-based live Linux distribution designed for system administrators: "Today marks the release of Finnix 126, the original utility live Linux distribution. Finnix 126 includes a number of fixes, new packages and new features: Linux kernel 6.8 (Debian 6.8.12); new packages - libc6-i386 (finnix/finnix#35; not directly usable but allows for running certain i386 binaries in Finnix's amd64 userland); added 0 kernel command line option which does the same as the 0 (locale-config) utility, but during early boot and before shell prompts; upstream Debian package updates; many minor fixes and improvements. This is the first Finnix release to contain additional 'supply chain' assurances. The release was built on a public CI platform (GitHub Actions), with the ISO (.disk/build_info) pointing to the URL of the build run which lists a SHA256 checksum of the ISO and links to the exact commit used to build it. Additionally, the build provides an attestation of the build artifacts through GitHub's new attestation functionality. Note that this release was made a few days after the OpenSSH CVE-2024-6387 vulnerability announcement, and to be clear, Finnix 126 does include a fixed version (Debian 9.7p1-7)."

Софт

EndeavourOS 2024.06.25

EndeavourOS is a rolling release Linux distribution based on Arch Linux. The project aims to be a spiritual successor to Antergos. The Endeavour project is celebrating its fifth anniversary with a new release which carries the code name "Endeavour". Along with package updates, including Plasma 6.1, this snapshot updates Endeavour's ARM images, and includes a few fixes: "To mark our fifth anniversary and coming full circle, we gave this release the one-off code name 'Endeavour'. This release carries the usual upstream changes as with our other releases: Calamares 24.06.1.2, Firefox 127.0.1, Linux kernel 6.9.6, Mesa 24.1.2, X.Org Server 21.1.13, NVIDIA 550.90.07, Plasma 6.1 for both the live environment as the offline install option. Installation doesn't crash anymore when the EOS apps are deselected in Calamares. Fixed language selection for Italian users for vconsole. The r8168 legacy driver package is removed from our default installation options due to removal from the Arch repo. Most legacy Realtek hardware will run with the Realtek drivers provided by the Linux kernel. In some cases, a workaround is needed described in this thread post."

Софт

Tails 6.4

The Amnesic Incognito Live System (Tails) is a Debian-based live DVD/USB with the goal of providing complete Internet anonymity for the user. The distribution's latest version, Tails 6.4, introduces a random seed to help strength cryptographic functions: "Tails now stores a random seed on the USB stick to strengthen all cryptography. Having a secure random number generator is critical to some of the cryptography used in Tails, for example, in the Persistent Storage, Tor, or HTTPS. This random seed is stored outside of the Persistent Storage so that all users can benefit from stronger cryptography. Changes and updates: switch to using HTTPS addresses instead of an onion addresses for the Debian and Tails APT repositories, this makes the Additional Software feature more reliable; update Tor Browser to 13.0.16; update the Tor client to 0.4.8.12; update Thunderbird to 115.12.0. Fixed problems: fix more issues when unlocking the persistent storage; fix connecting to a mobile broadband network on some hardware; enable again the PDF reader of Thunderbird that we disabled in Tails 6.3 for security reasons; improve the error message of Tails Cloner when the target USB stick cannot be unmounted because it is being used...."

Софт