KDE Plasma 6.0.4 && KDE Frameworks 6.1.0 arrived on Manjaro Testing branch

 

KDE Frameworks 6.1.0 arrived on Manjaro Testing branch

Precautionary measures at Manjaro Testing Branch in context of CVE-2024-3094

UPDATE as of 04/19/2024   Current status of Manjaro Testing 

branch.  KDE Frameworks 6.1.0 and KDE Plasma 6.0.4 arrived on Manjaro Testing Branch

UPDATE as of 04/09/20224                   

As of now you might need 

$ sudo pacman -Syyu after updating mirror's list. Another way  

$ sudo pacman -Syy ; $ sudo pacman -Syu

Your installation should go through phase

:: Synchronizing package databases...
core                              147.7 KiB   444 KiB/s 00:00 [##################################] 100%
extra                               8.7 MiB  6.76 MiB/s 00:01 [##################################] 100%
multilib                          144.9 KiB   315 KiB/s 00:00 [##################################] 100%
:: Some packages should be upgraded first...
resolving dependencies...
looking for conflicting packages...

Packages (1) archlinux-keyring-20240313-1

Total Download Size:   1.16 MiB
Total Installed Size:  1.66 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] Y
.  .  .  .  .  .  .

:: Starting full system upgrade...
:: Replace baloo5 with extra/baloo? [Y/n] Y
:: Replace breeze with extra/breeze5? [Y/n] Y
:: Replace ksysguard with extra/plasma-systemmonitor? [Y/n] Y
:: Replace kuserfeedback5 with extra/kuserfeedback? [Y/n] Y
:: Replace oxygen with extra/oxygen5? [Y/n] Y
:: Replace plasma-integration with extra/plasma5-integration? [Y/n] Y
:: Replace plasma-wayland-session with extra/plasma-workspace? [Y/n] Y
:: Replace plasma5-themes-breath with extra/plasma6-themes-breath? [Y/n] Y
:: Replace plasma5-themes-breath-migration with extra/plasma6-themes-breath-migration? [Y/n] Y
resolving dependencies...
:: There are 2 providers available for qt6-multimedia-backend:
:: Repository extra
  1) qt6-multimedia-ffmpeg  2) qt6-multimedia-gstreamer

Enter a number (default=1): 1

END UPDATE

Per https://forum.manjaro.org/t/xz-package-contains-a-vulnerability/159028/26 

Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:

ldd "$(command -v sshd)"

However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.
– Arch Linux - News: The xz package has been backdoored 

On Manjaro Testing I was able only downgrade (say) to xz-5.4.6-1 and lib32-xz-5.4.6-1

Running https://github.com/cyclone-github/scripts/blob/main/xz_cve-2... on Manjaro Testing :-

Per https://archlinux.org/news/the-xz-package-has-been-backdoored/

It is strongly advised to do a full system upgrade right away if your system currently has xz version 5.6.0-1 or 5.6.1-1 installed:

$ pacman -Syu

After running  on Manjaro stable KDE as of 04/06/24

$ sudo pacman-mirrors --api --set-branch testing

$ sudo pacman-mirrors --fasttrack 5 && sudo pacman -Syu

I obtained 

$  pacman -Ss xz                                                               

    core/xz 5.6.1-3 [installed]
   Library and command line tools for XZ and LZMA compressed files
   extra/pixz 1.0.7-4
   Parallel, indexed xz compressor
   multilib/lib32-xz 5.6.1-3 [installed]
   Library and command line tools for XZ and LZMA compressed files (32-bit)

$ pacman -Ss lib32-xz                                                        

   multilib/lib32-xz 5.6.1-3 [installed]
   Library and command line tools for XZ and LZMA compressed files (32-bit)

Per link above version  5.6.1-3 was already fixed . I'd just skipped this notice ( 5.6.1-2 had been already fixed ). See first paragraph. So, there is no need to downgrade xz-5.6.1-3 and lib32-xz-5.6.1-3 on Manjaro Testing .

The most recent version of xz released for Arch Linux

Virt-manager && Deploying KVM Guests in UEFI mode on AlmaLinux 9.3

The main purpose of this post is to demonstrate that the cockpit.service is not required for deploying KVM guests in UEFI mode on AlmaLinux 9.3, which has binary-compatibility with RHEL. Linux bridge for VMs has been installed via nmcli to avoid any involvement of cockpit.service. See for detailis  http://lxer.com/module/newswire/view/338368/index.html  Everything works on AlmaLinux 9.3 as on openSUSE Tumbleweed. KVM Setup on AlmaLinux 9.(X) follows standard guide lines.

When installing virt-manager, the presence of the Cockpit web console becomes optional. It's a good idea to have Cockpit Web Console installed, but it's not required. The presence of edk2-ovmf is required. We have the same situation with Tumbleweed, Ubuntu 22.04, Debian12.(X), Manjaro Linux 23.1.3

Virt-manager vs Cockpit Web Console on Fedoras 40 Beta,39,38 and other Linux Flavors

 Having virt-manager installed makes presence of Cockpit Web Console optional .  It's nice to have Cockpit Console installed, however it is not required.  Presence edk2-ovmf is a must. Situation is the same on Tumbleweed, Ubuntu 22.04, Debian 12.(X), Manjaro Linux 23.1.3 

Install Cockpit Flatpak Client on Fedora 40 KDE (NIghtly build 03/27/24)

CONNECT VIA SSH TO SERVERS WITH COCKPIT

Cockpit Client provides a graphical interface to your servers, containers, and virtual machines. Connections are made over SSH, using the SSH configuration of the local user (including aliases, known hosts, key files, hardware tokens, etc).

The server needs to have Cockpit installed, but the Cockpit webserver doesn't need to be enabled, and no extra ports need to be opened. The primary process in a Cockpit Linux session is called cockpit-bridge. It translates operating system interfaces to a JSON stream protocol, which is used by Cockpit browser pages.

boris@fedora:~$ neofetch
            .',;::::;,'.                boris@fedora  
        .';:cccccccccccc:;,.            ------------  
     .;cccccccccccccccccccccc;.         OS: Fedora Linux 40 (Forty Prerelease) x86_64  
   .:cccccccccccccccccccccccccc:.       Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-8.1)  
 .;ccccccccccccc;.:dddl:.;ccccccc;.     Kernel: 6.8.2-300.fc40.x86_64  
.:ccccccccccccc;OWMKOOXMWd;ccccccc:.    Uptime: 26 mins  
.:ccccccccccccc;KMMc;cc;xMMc:ccccccc:.   Packages: 2213 (rpm), 5 (flatpak)  
,cccccccccccccc;MMM.;cc;;WW::cccccccc,   Shell: bash 5.2.26  
:cccccccccccccc;MMM.;cccccccccccccccc:   Resolution: 1280x944  
:ccccccc;oxOOOo;MMM0OOk.;cccccccccccc:   DE: Plasma 6.0.2  
cccccc:0MMKxdd:;MMMkddc.;cccccccccccc;   WM: kwin  
ccccc:XM0';cccc;MMM.;cccccccccccccccc'   Icons: breeze [GTK2/3]  
ccccc;MMo;ccccc;MMW.;ccccccccccccccc;    Terminal: konsole  
ccccc;0MNc.ccc.xMMd:ccccccccccccccc;     CPU: AMD Ryzen 7 3700X (8) @ 3.600GHz  
cccccc;dNMWXXXWM0::cccccccccccccc:,      GPU: 00:01.0 Red Hat, Inc. Virtio 1.0 GPU  
cccccccc;.:odl:.;cccccccccccccc:,.       Memory: 3260MiB / 15590MiB  
:cccccccccccccccccccccccccccc:'.
.:cccccccccccccccccccccc:;,..                                     
 '::cccccccccccccc::;,.                                         

boris@fedora:~$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

boris@fedora:~$ sudo flatpak install flathub  org.cockpit_project.CockpitClient

Looking for matches…

Required runtime for org.cockpit_project.CockpitClient/x86_64/stable (runtime/org.gnome.Platform/x86_64/

45) found in remote flathub

Do you want to install it? [Y/n]: Y

org.cockpit_project.CockpitClient permissions:
   ipc                  fallback-x11      wayland      x11      dri
   dbus access [1]

   [1] org.freedesktop.Flatpak


       ID                                      Branch          Op     Remote     Download
1. [✓] org.freedesktop.Platform.GL.default     23.08           i      flathub    164.4 MB / 164.6 MB
2. [✓] org.freedesktop.Platform.GL.default     23.08-extra     i      flathub     18.5 MB / 164.6 MB
3. [✓] org.freedesktop.Platform.openh264       2.2.0           i      flathub    886.7 kB / 944.3 kB
4. [✓] org.gnome.Platform.Locale               45              i      flathub     18.1 kB / 369.6 MB
5. [✓] org.gnome.Platform                      45              i      flathub    316.4 MB / 378.2 MB
6. [✓] org.cockpit_project.CockpitClient       stable          i      flathub     10.7 MB / 11.4 MB

Installation complete.

Initializing a connection with a remote virtual machine (via two Linux bridges)
boris@fedora:~$ flatpak run  org.cockpit_project.CockpitClient

boris@fedora:~$ uname -a

Linux fedora 6.8.2-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 27 00:16:08 UTC 2024 x86_64 GNU/Linux

boris@fedora:~$ rpm -qa | grep plasma | grep discover

plasma-discover-libs-6.0.2-2.fc40.x86_64

plasma-discover-flatpak-6.0.2-2.fc40.x86_64

plasma-discover-offline-updates-6.0.2-2.fc40.x86_64

plasma-discover-6.0.2-2.fc40.x86_64

plasma-discover-packagekit-6.0.2-2.fc40.x86_64

plasma-discover-notifier-6.0.2-2.fc40.x86_64

Just one question regarding old post RDO Liberty / Mitaka Set up for three Nodes (Controller+Network+Compute) ML2&OVS&VXLAN on CentOS 7.2

 As of now number of reads is equal 8274 . Since 2015 nine years have passed and I cannot unsterstand why people are still reading it . I mean this post  https://dbaxps.blogspot.com/2015/10/rdo-liberty-set-up-for-three-nodes.html

How could packstack be interesting in meantime, unless RH brought it back  to life ?  I am not aware of Packstack's status this days.