Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

October 28 2019

nvidia-390xx-lts 1:390.129-6 x86_64

NVIDIA drivers for linux-lts, 390xx legacy branch

nvidia 435.21-14 x86_64

NVIDIA drivers for linux

nvidia-dkms 435.21-14 x86_64

NVIDIA driver sources for linux

nvidia-lts 1:435.21-7 x86_64

NVIDIA drivers for linux-lts

linux-zen-headers 5.3.7.zen1-2 x86_64

Header files and scripts for building modules for Linux-zen kernel

linux-zen-docs 5.3.7.zen1-2 x86_64

Kernel hackers manual - HTML documentation that comes with the Linux-zen kernel

linux-zen 5.3.7.zen1-2 x86_64

The Linux-zen kernel and modules

linux-hardened-headers 5.3.7.b-2 x86_64

Header files and scripts for building modules for Linux-hardened kernel

linux-hardened-docs 5.3.7.b-2 x86_64

Kernel hackers manual - HTML documentation that comes with the Linux-hardened kernel

linux-hardened 5.3.7.b-2 x86_64

The Linux-hardened kernel and modules

linux-lts-headers 4.19.80-2 x86_64

Header files and scripts for building modules for Linux-lts kernel

linux-lts 4.19.80-2 x86_64

The Linux-lts kernel and modules

linux-lts-docs 4.19.80-2 x86_64

Kernel hackers manual - HTML documentation that comes with the Linux-lts kernel

linux-headers 5.3.7.arch1-2 x86_64

Header files and scripts for building modules for Linux kernel

linux-docs 5.3.7.arch1-2 x86_64

Kernel hackers manual - HTML documentation that comes with the Linux kernel

October 25 2019

Clarification regarding recent email activity on the arch-announce list

Today, one email was sent to the arch-announce mailing list that was able to circumvent the whitelisting checks that are done by the mailman software. This was not due to unauthorized access and no Arch Linux servers were compromised.

We have implemented measures to make sure this does not happen again, by using mailman's poster password feature. We are also making sure, these simple whitelist checks are not used anywhere else.

Edited to add: There was a second email that was also sent today, in order to make sure the poster password feature was working. That email did not circumvent any check and was intentionally sent.

Clarification regarding recent email activity on the arch-announce list

Today, one email was sent to the arch-announce mailing list that was able to circumvent the whitelisting checks that are done by the mailman software. This was not due to unauthorized access and no Arch Linux servers were compromised. We have implemented measures to make sure this does not happen again, by using mailman's poster password feature. We are also making sure, these simple whitelist checks are not used anywhere else. Edited to add: There was a second email that was also sent today, in order to make sure the poster password feature was working. That email did not circumvent any check and was intentionally sent.

October 21 2019

Pacman 5.2 Release

Nothing like a new pacman release to make me locate the password to this site… Tradition dictates I thank people who have contributed to the release (as well as genuinely meaning the thanks!). We had 29 people have a patch committed this release, with a few new names. Here is the top ten: $ git shortlog -n -s v5.1.0..v5.2.0 | head -n10    108  Eli Schwartz     38  Allan McRae     30  morganamilo     24  Andrew Gregory     20  Dave Reisner      9  Jan Steffens      6  Michael Straube      4  Jonas Witschel      4  Luke Shumaker      3  Que Quotion We have a clear winner. Although I’m sure that at least half of those are in responses to bugs he created! He claims it is a much smaller proportion… And a new contributor in third. What has changed in this release? Nothing super exciting as far as I’m concerned, but check out the detailed list here. We have completely removed support for delta packages. This was a massively underused feature, usually made updates slower for a slight saving on bandwidth, and had a massive security hole. Essentially, a malicious package database in combination with delta packages could run arbitrary commands on your system. This would be less of an issue if a certain Linux distro signed their package databases… Anyway, on balance I judged it better to remove this feature altogether. We may come back to this in the future with a different implementation, but I would not expect that any time soon. Note a similar vulnerability was found with using XferCommand to download packages, but we plugged that hole instead of removing it! Support for downloading PGP keys using the new Web Key Directory (WKD) was added to pacman. Both pacman-key and makepkg will also look there by default with the latest GnuPG release. This prevents DoS attacks through people adding very large numbers of signatures to PGP keys. The attack scope was limited for Arch Linux anyway, as most people obtain the pacman keyring through the archlinux-keyring package. The much maligned --force made its way to /dev/null. The --overwrite option has been a replacement for over a year and is a precision surgical instrument compared to the blunt hammer of --force. There is a small user interface change for searching files databases with -F. Specifying the -s option was redundant, so removed. More information such as package group and installed status is shown in the search results, bringing the output inline with -Ss. The split of makepkg into smaller and extendable components continued. You can now provide new source download and signature verification routines (e.g. if you are living in the past and want to support cvs:// style URLs). We also added support for lzip, lz4 and zst compressed packages. Arch Linux will switch zst by default in the near future. Under the hood, we are in the process of changing our build system from autotools to meson. This is relatively complete, but there still was a decent churn of patches to meson files as we approached release. You can build pacman from the release tarball using meson if you want to test. Next release is likely to be meson only. (Edit: you can’t test meson with the 5.2.0 tarball as it is missing a couple of the meson build files.) Expect the release to land in Arch Linux “soon”. Expect to see another blog post in a year or so when I make the next release…

October 16 2019

Required update to recent libarchive

The compression algorithm zstd brings faster compression and decompression, while maintaining a compression ratio comparable with xz. This will speed up package installation with pacman, without further drawbacks.

The imminent release of pacman 5.2 brings build tools with support for compressing packages with zstd. To install these packages you need libarchive with support for zstd, which entered the repositories in September 2018. In order for zstd compressed packages to be distributed, we require all users to have updated to at least libarchive 3.3.3-1. You have had a year, so we expect you already did update. Hurry up if you have not.

If you use custom scripts make sure these do not rely on hardcoded file extensions. The zstd package file extension will be .pkg.tar.zst.

Required update to recent libarchive

The compression algorithm zstd brings faster compression and decompression, while maintaining a compression ratio comparable with xz. This will speed up package installation with pacman, without further drawbacks. The imminent release of pacman 5.2 brings build tools with support for compressing packages with zstd. To install these packages you need libarchive with support for zstd, which entered the repositories in September 2018. In order for zstd compressed packages to be distributed, we require all users to have updated to at least libarchive 3.3.3-1. You have had a year, so we expect you already did update. Hurry up if you have not. If you use custom scripts make sure these do not rely on hardcoded file extensions. The zstd package file extension will be .pkg.tar.zst.
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl