[ACTUALIZACIÓN] #ARCHLINUX. Critical rsync security release 3.4.0

[ACTUALIZACIÓN] #ARCHLINUX

The latest and greatest news from the Arch Linux distribution.

(https://archlinux.org/news/critical-rsync-security-release-340/) Critical rsync security release 3.4.0
Jan 16th 2025, 16:33

We'd like to raise awareness about the rsync security release version 3.4.0-1 as described in our advisory (https://security.archlinux.org/ASA-202501-1) ASA-202501-1.
An attacker only requires anonymous read access to a vulnerable rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on.
Additionally, attackers can take control of an affected server and read/write arbitrary files of any connected client.
Sensitive data can be extracted, such as OpenPGP and SSH keys, and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt.
We highly advise anyone who runs an rsync daemon or client prior to version 3.4.0-1 to upgrade and reboot their systems immediately.
As Arch Linux mirrors are mostly synchronized using rsync, we highly advise any mirror administrator to act immediately, even though the hosted package files themselves are cryptographically signed.
All infrastructure servers and mirrors maintained by Arch Linux have already been updated.

 

https://archlinux.org/news/critical-rsync-security-release-340/

Toda la información y las últimas novedades del software libre las puedes encontrar en (http://ubuntuleon.com) ubuntuleon.com

(https://blogtrottr.com/unsubscribe/nx2/dCCZZN) unsubscribe from this feed

 

Leer más...

[ACTUALIZACIÓN] #ARCHLINUX. Providing a license for package sources

[ACTUALIZACIÓN] #ARCHLINUX

The latest and greatest news from the Arch Linux distribution.

(https://archlinux.org/news/providing-a-license-for-package-sources/) Providing a license for package sources
Nov 19th 2024, 10:13

Arch Linux hasn't had a license for any package sources (such as PKGBUILD files) in the past, which is potentially problematic. Providing a license will preempt that uncertainty.
In (https://rfc.archlinux.page/0040-license-package-sources/) RFC 40 we agreed to change all package sources to be licensed under the very liberal (https://spdx.org/licenses/0BSD.html) 0BSD license. This change will not limit what you can do with package sources. Check out (https://rfc.archlinux.page/0040-license-package-sources/) the RFC for more on the rationale and prior discussion.
Before we make this change, we will provide contributors with a way to voice any objections they might have. Starting on 2024-11-19, over the course of a week, contributors will receive a single notification email listing all their contributions.

If you receive an email and agree to this change, there is no action required from your side.
If you do not agree, please reply to the email and we'll find a solution together.

If you contributed to Arch Linux packages before but didn't receive an email, please contact us at package-sources-licensing@archlinux.org.

 

https://archlinux.org/news/providing-a-license-for-package-sources/

Toda la información y las últimas novedades del software libre las puedes encontrar en (http://ubuntuleon.com) ubuntuleon.com

(https://blogtrottr.com/unsubscribe/nx2/dCCZZN) unsubscribe from this feed

 

Leer más...

#SAILFISHOS BY #JOLLA. Sailathon 2024: A journey of Innovation, Community Collaboration and Meetup in Prague

#SAILFISHOS BY #JOLLA

(https://blog.jolla.com/sailathon-2024-a-journey-of-innovation-community-collaboration-and-meetup-in-prague/) Sailathon 2024: A journey of Innovation, Community Collaboration and Meetup in Prague
Oct 11th 2024, 13:11

The sails have been lowered, the laptops packed away, and the creative buzz of Sailathon 2024 has just begun to settle. From Friday, September 27 to Monday, September 30th in Prague developers, Jolla employees and passionate users contributed their skills, ideas and enthusiasm. This resulted in advancements and improvements across various aspects of the platform and community.

(https://blog.jolla.com/content/uploads/2024/10/DSC02031-1.jpg)

Strengthening and Building Community Bonds

This year's Sailathon wasn't just about coding — it was about exploring new opportunities, strengthening community ties, and discussing current challenges of the Sailfish OS ecosystem. With a diverse group of participants tackling both technical and non-technical challenges, the event was a powerful reminder of the strength, passion and commitment that make the Sailfish OS community so special.

First Jolla C2 and Sailfish OS 5.0 showcase

At the heart of the hackathon buzz, Jolla unveiled a prototype of the upcoming Jolla C2, Jolla's newest smartphone. The C2 was made available for hands-on testing, allowing the participants to explore its usage experience firsthand. The hackathon unveiled not only the new hardware but also demonstrated Jolla's coming version 5.0 of Sailfish OS, which brings support for the device Jolla C2 and various improvements.

Chum: Best-Practice Examples for Developers

The hackathon also saw a strong focus on providing more best-practice examples for apps in Chum, the Sailfish community repository. Experienced developers shared their expertise, working together to create templates and examples that will help new developers get started more easily and build higher-quality apps. This effort is a crucial step toward growing the app ecosystem and making it easier for new contributors to get involved.

As a result, participants contributed various improvements to the documentation for app development and submitted new apps to Chum.

Major Steps in App Development

The participants corrected various deficiencies, implemented important improvements to the packaging and development cycle, easing the app development.
As an outstanding example, the Whisperfish app, a native client for the widely popular and secure messaging protocol Signal, saw the addition of Voice calls, a feature that will soon arrive to the users. 

Other improved apps include Tooter (a Mastodon client), Amazfish (smartwatch integration), Bugger (an enhanced bug reporting tool), Taak (a todo list manager), the native browser (first steps for browser notifications) and the Camera 2 API.

(https://blog.jolla.com/content/uploads/2024/10/DSC02070.jpg)
Forum Moderation and Community Engagement

Beyond the technical aspects, the hackathon also touched on the challenges of forum moderation and community engagement. As the Sailfish community grows, so too does the complexity of maintaining a positive, inclusive and productive environment. Hackathon participants discussed strategies for improving moderation practices, ensuring that new users feel welcomed and supported. These conversations were a reminder that building great software is only part of the equation — building a great community is equally important.

Looking to the Horizon: What's Next?

As the sails come down and we reflect on the success of Sailathon 2024, it's clear that the event has set the stage for exciting new developments in the Sailfish OS ecosystem, most notably various apps. Stay tuned for exciting updates. The ideas generated and the connections made will continue to fuel innovation long after we've left Prague.

As we look toward the future, we're excited to continue working together to build a mobile ecosystem that the upholds the values of openness and privacy and is powered by the community.

To everyone who participated in Sailathon 2024 — thank you for your passion, your creativity and your dedication! Together, we're steering Sailfish OS into a bright and exciting future.

(https://blog.jolla.com/content/uploads/2024/10/DSC_0768-1.jpg)

Until we meet again — fair winds and following seas!

Post authored by Sailathon participant Sebastian Wagner
Pictures by Ruben De Smet and Lukáš Karas licensed under CC-BY-SA
The post (https://blog.jolla.com/sailathon-2024-a-journey-of-innovation-community-collaboration-and-meetup-in-prague/) Sailathon 2024: A journey of Innovation, Community Collaboration and Meetup in Prague appeared first on (https://blog.jolla.com) Jolla Blog.

 

https://blog.jolla.com/sailathon-2024-a-journey-of-innovation-community-collaboration-and-meetup-in-prague/

Toda la información y las últimas novedades del software libre las puedes encontrar en (http://ubuntuleon.com) ubuntuleon.com

(https://blogtrottr.com/unsubscribe/nx2/dXBH7w) unsubscribe from this feed

 

Leer más...

[ACTUALIZACIÓN] #ARCHLINUX. Manual intervention for pacman 7.0.0 and local repositories required

[ACTUALIZACIÓN] #ARCHLINUX

The latest and greatest news from the Arch Linux distribution.

(https://archlinux.org/news/manual-intervention-for-pacman-700-and-local-repositories-required/) Manual intervention for pacman 7.0.0 and local repositories required
Sep 14th 2024, 13:40

With the release of (https://gitlab.archlinux.org/pacman/pacman/-/blob/master/NEWS?ref_type=heads) version 7.0.0 pacman has added support for
downloading packages as a separate user with dropped privileges.
For users with local repos however this might imply that the download
user does not have access to the files in question, which can be fixed
by assigning the files and folder to the alpm group and ensuring the
executable bit (+x) is set on the folders in question.
$ chown :alpm -R /path/to/local/repo

Remember to (https://wiki.archlinux.org/title/Pacman/Pacnew_and_Pacsave) merge the .pacnew files to apply the new default.
Pacman also introduced (https://gitlab.archlinux.org/pacman/pacman/-/commit/9548d6cc765b1a8dcf933e8b1b89d0bcc3e50209) a change to improve checksum stability for
git repos that utilize .gitattributes files. This might require a
one-time checksum change for PKGBUILDs that use git sources.

 

https://archlinux.org/news/manual-intervention-for-pacman-700-and-local-repositories-required/

Toda la información y las últimas novedades del software libre las puedes encontrar en (http://ubuntuleon.com) ubuntuleon.com

(https://blogtrottr.com/unsubscribe/nx2/dCCZZN) unsubscribe from this feed

 

Leer más...

[ACTUALIZACIÓN] #ARCHLINUX. The sshd service needs to be restarted after upgrading to openssh-9.8p1

[ACTUALIZACIÓN] #ARCHLINUX

The latest and greatest news from the Arch Linux distribution.

(https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/) The sshd service needs to be restarted after upgrading to openssh-9.8p1
Jul 1st 2024, 18:40

After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections (see (https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5) https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5).
When upgrading remote hosts, please make sure to restart the sshd service
using systemctl try-restart sshd right after upgrading.
We are evaluating the possibility to automatically apply a restart of the sshd service on upgrade in a future release of the openssh-9.8p1 package.

 

https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/

Toda la información y las últimas novedades del software libre las puedes encontrar en (http://ubuntuleon.com) ubuntuleon.com

(https://blogtrottr.com/unsubscribe/nx2/dCCZZN) unsubscribe from this feed

 

Leer más...