Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

Why I Ditched Linux for Samsung DeX

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

Good Advice

Straight frwd run archinstall 3.0.0 crashes in pipewiire section

Hyprland 0.45.0 has just been released for Arch Linux based

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

KDE Plasma 6.0.2 on Manjaro Testing branch

Story: Attempt to upgrade Manjaro 23.1 via Manjaro Testing branch

Total Replies: 0

Author	Content
dba477 Mar 17, 2024 12:43 PM EDT	As of now `sudo pacman -Syu` installs KDE Plasma 6.0.2 on Manjaro Testing branch. See https://dbaxps.blogspot.com/2024/03/kde-plasma-602-on-manjar... Setup in mentioned link was performed on bare metal. Same setup in VENV might need switch to unstable. UPDATE as of 03/19/24 One more screenshot added to blog entry $ neofetch $ pacman-mirrors -G testing UPDATE as of 03/20/24 In meantime you may be forced to switch to unstable $ sudo pacman-mirrors --api --set-branch unstable $ sudo pacman-mirrors --fasttrack 5 && sudo pacman -Syu UPDATE as of 03/21/2024 I was able to find workaround and keep manjaro's testing repos to install KDE Plasma 6.0.2 after switching to libvirt's default network for particular KVM guest (Linux bridging vs NAT). Placing VM on linux bridge seems to be the core issue for myself either it is/was just a matter of luck. Actually working with manjaro's testing branch is an exciting adventure I've posted details in the blog entry. UPDATE as of 03/22/2024 My major concern is :- Looks like command $ sudo pacman -Syyu goes directly to Arch Linux stable repos. In reality prepared by the command up here package's sets would be the same with no dependency on did I specify "testing" or "unstable" when excuted $ sudo pacman-mirrors --api --set-branch testing either $ sudo pacman-mirrors --api --set-branch unstable. That is just my experience after deploying several VMs (around 5-6) on different hosts. UPDATE as of 03/23/2024 I may confirm the issue mentioned in https://forum.manjaro.org/t/i-tested-kde-6-oh-my-oh-my-you-w... <<So after update (pacman -Syyu) you have no webp thumbnails in Dolphin and Gwenview cannot display those photos (webp). What will a typical user do? >>. I've also tested with no problems opening .webp files via Dolphin on the most recent fedora 40 KDE nightly build and on openSUSE Tumbleweed with `sudo zypper dup` as of today (03/23/24). CachyOS 2024.3 (with `sudo pacman -Syu` also as of today) showed up failure to open via Dolphin .webp images. I've also updated blog entry accordingly . Final draft may be viewed here http://lxer.com/module/newswire/view/339034/index.html UPDATE as of 03/25/2024 Per advise of oioi at https://forum.manjaro.org/t/i-tested-kde-6-oh-my-oh-my-you-w... I issued `sudo pacman -S qt6-imageformats` :- webp : qt5-imageformats → qt6-imageformats gimp : kimageformats5 → kimageformats It fixes the problem on Manjaro testing all the way around . What actually is going on when this install happens on CachyOS 2024.3 $ sudo pacman -S qt6-imageformats [sudo] password for boris: resolving dependencies... looking for conflicting packages... Package (2) New Version Net Change Download Size cachyos-extra-v3/libmng 2.0.3-3.1 0.75 MiB 0.21 MiB cachyos-extra-v3/qt6-imageformats 6.6.2-1.1 0.30 MiB 0.06 MiB Total Download Size: 0.27 MiB Total Installed Size: 1.05 MiB :: Proceed with installation? [Y/n] Y UPDATE as of 04/04/24 Manjaro KDE Testing moved to KDE Plasma 6.0.3 Regarding CVE-2024-3094 , after downgrade to 5.4.3 xz, lib32-xz , which doesn't look as problem solving, I am experiensing following issue :- $ sudo pacman -S xz lib32-xz ✔ [sudo] password for djon: :: xz is in IgnorePkg/IgnoreGroup. Install anyway? [Y/n] Y :: lib32-xz is in IgnorePkg/IgnoreGroup. Install anyway? [Y/n] Y resolving dependencies... looking for conflicting packages... Packages (2) lib32-xz-5.6.1-3 xz-5.6.1-3 Total Download Size: 0.74 MiB Total Installed Size: 2.69 MiB Net Upgrade Size: 0.16 MiB :: Proceed with installation? [Y/n] n UPDATE as of 04/06/2024 KVM guest deployed via manjaro-kde-23.1.4-240406-linux66.iso and upgraded to Manjaro Testing is still affected by CVE-2024-3094. See also the threads :- https://www.reddit.com/r/archlinux/comments/1bqx81e/arch_lin... https://forum.manjaro.org/t/xz-package-contains-a-vulnerabil... Running https://github.com/cyclone-github/scripts/blob/main/xz_cve-2... on Manjaro Testing :- $ hostnamectl  ✔ Static hostname: boris-kde0406 Icon name: computer-vm Chassis: vm 🖴 Machine ID: 7cc6ab841db44eb8a8cc9b95bff724fc Boot ID: 44d7407b6a124ea2aa59909ac0c32d1e Virtualization: kvm Operating System: Manjaro Linux Kernel: Linux 6.8.4-1-MANJARO Architecture: x86-64 Hardware Vendor: QEMU Hardware Model: Standard PC _Q35 + ICH9, 2009_ Firmware Version: 1.16.3-1.fc39 Firmware Date: Tue 2014-04-01 Firmware Age: 10y 6d    ~  ./test01.sh  ✔ Checking system for CVE-2024-3094 Vulnerability... https://nvd.nist.gov/vuln/detail/CVE-2024-3094 Checking for function signature in liblzma... Function signature in liblzma: OK Checking xz version using pacman package manager... Note: Arch Linux detected (1) CVE-2024-3094 does not target Arch Linux sshd service (2) Manually check your installed xz version and make sure it is not vulnerable (3) Detected xz version: 5.4.6-1 (4) Check for most recent xz release: https://archlinux.org/packages/core/x86_64/xz/ Once again per https://forum.manjaro.org/t/xz-package-contains-a-vulnerabil... Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command: ldd "$(command -v sshd)" However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist. – Arch Linux - News: The xz package has been backdoored 20 Final draft may viewed here http://lxer.com/module/newswire/view/339565/index.html UPDATE as of 04/09/20224 As of now you might need $ sudo pacman -Syyu after updating mirror's list. Another way $ sudo pacman -Syy ; $ sudo pacman -Syu Your installation should go through phase :: Synchronizing package databases... core 147.7 KiB 444 KiB/s 00:00 [##################################] 100% extra 8.7 MiB 6.76 MiB/s 00:01 [##################################] 100% multilib 144.9 KiB 315 KiB/s 00:00 [##################################] 100% :: Some packages should be upgraded first... resolving dependencies... looking for conflicting packages... Packages (1) archlinux-keyring-20240313-1 Total Download Size: 1.16 MiB Total Installed Size: 1.66 MiB Net Upgrade Size: 0.00 MiB :: Proceed with installation? [Y/n] Y . . . . . . . :: Starting full system upgrade... :: Replace baloo5 with extra/baloo? [Y/n] Y :: Replace breeze with extra/breeze5? [Y/n] Y :: Replace ksysguard with extra/plasma-systemmonitor? [Y/n] Y :: Replace kuserfeedback5 with extra/kuserfeedback? [Y/n] Y :: Replace oxygen with extra/oxygen5? [Y/n] Y :: Replace plasma-integration with extra/plasma5-integration? [Y/n] Y :: Replace plasma-wayland-session with extra/plasma-workspace? [Y/n] Y :: Replace plasma5-themes-breath with extra/plasma6-themes-breath? [Y/n] Y :: Replace plasma5-themes-breath-migration with extra/plasma6-themes-breath-migration? [Y/n] Y resolving dependencies... :: There are 2 providers available for qt6-multimedia-backend: :: Repository extra 1) qt6-multimedia-ffmpeg 2) qt6-multimedia-gstreamer Enter a number (default=1): 1 END UPDATE UPDATE as of 04/15/2024 KDE Frameworks 6.1.0 arrived on Manjaro Testing branch https://dbaxps.blogspot.com/2024/04/kde-frameworks-610-arriv... Which one of commands $ sudo pacman -Syu either $ sudo pacman -Syyu does "extra" repository synchronization , this one is supposed to be issued. I am hesitant to detect here any in depth explanation . Increasing number of mirrors from 5 to 15 allows me to succeed with following upgrade $ sudo pacman-mirrors --fasttrack 15 && sudo pacman -Syu . Just 10 mirrors forced me to execute $ sudo pacman-mirrors --fasttrack 10 && sudo pacman -Syyu . UPDATE as of 04/19/2024 KDE Plasma 6.0.4 && KDE Frameworks 6.1.0 arrived on Manjaro Testing branch https://dbaxps.blogspot.com/2024/04/kde-plasma-604-kde-frame... UPDATE as of 04/25/2024 See https://forum.manjaro.org/t/plasma-6-0-4-root-privileges-are... I am unable to reproduce the bug on Ryzen box. UPDATE as of 05/01/2024 System wide Python is now 3.12.3 && QEMU upgraded up to 9.0.0 on Manjaro Testing branch https://dbaxps.blogspot.com/2024/05/system-wide-python-is-no... UPDATE as of 05/03/2024 Manjaro Testing Instance setup as KVM Guest in UEFI mode (Fedora 40 KVM Hypervisor) https://dbaxps.blogspot.com/2024/05/manjaro-testing-instance... UPDATE as of 05/05/2024 Deploying KVM Guests in UEFI mode on Manjaro Testing KVM Host See https://forum.manjaro.org/t/qemu-swtpm-wiki-guide-missing-re... . Several "Howto"s pop up the first in google search are missing extremely important command : $ sudo pacman -S swtpm

Author

Content

dba477

Mar 17, 2024
12:43 PM EDT

As of now `sudo pacman -Syu` installs KDE Plasma 6.0.2 on Manjaro Testing branch. See https://dbaxps.blogspot.com/2024/03/kde-plasma-602-on-manjar... Setup in mentioned link was performed on bare metal. Same setup in VENV might need switch to unstable.

UPDATE as of 03/19/24 One more screenshot added to blog entry

$ neofetch

$ pacman-mirrors -G

testing

UPDATE as of 03/20/24

In meantime you may be forced to switch to unstable

$ sudo pacman-mirrors --api --set-branch unstable

$ sudo pacman-mirrors --fasttrack 5 && sudo pacman -Syu

UPDATE as of 03/21/2024

I was able to find workaround and keep manjaro's testing repos to install KDE Plasma 6.0.2 after switching to libvirt's default network for particular KVM guest (Linux bridging vs NAT). Placing VM on linux bridge seems to be the core issue for myself either it is/was just a matter of luck. Actually working with manjaro's testing branch is an exciting adventure I've posted details in the blog entry.

UPDATE as of 03/22/2024

My major concern is :- Looks like command $ sudo pacman -Syyu goes directly to Arch Linux stable repos. In reality prepared by the command up here package's sets would be the same with no dependency on did I specify "testing" or "unstable" when excuted $ sudo pacman-mirrors --api --set-branch testing either $ sudo pacman-mirrors --api --set-branch unstable. That is just my experience after deploying several VMs (around 5-6) on different hosts.

UPDATE as of 03/23/2024

I may confirm the issue mentioned in https://forum.manjaro.org/t/i-tested-kde-6-oh-my-oh-my-you-w... <<So after update (pacman -Syyu) you have no webp thumbnails in Dolphin and Gwenview cannot display those photos (webp). What will a typical user do? >>. I've also tested with no problems opening *.webp files via Dolphin on the most recent fedora 40 KDE nightly build and on openSUSE Tumbleweed with `sudo zypper dup` as of today (03/23/24). CachyOS 2024.3 (with `sudo pacman -Syu` also as of today) showed up failure to open via Dolphin *.webp images. I've also updated blog entry accordingly .

Final draft may be viewed here http://lxer.com/module/newswire/view/339034/index.html

UPDATE as of 03/25/2024

Per advise of oioi at https://forum.manjaro.org/t/i-tested-kde-6-oh-my-oh-my-you-w...

I issued `sudo pacman -S qt6-imageformats` :-

webp : qt5-imageformats → qt6-imageformats

gimp : kimageformats5 → kimageformats

It fixes the problem on Manjaro testing all the way around .

What actually is going on when this install happens on CachyOS 2024.3

$ sudo pacman -S qt6-imageformats

[sudo] password for boris:

resolving dependencies...

looking for conflicting packages...

Package (2) New Version Net Change Download Size

cachyos-extra-v3/libmng 2.0.3-3.1 0.75 MiB 0.21 MiB

cachyos-extra-v3/qt6-imageformats 6.6.2-1.1 0.30 MiB 0.06 MiB

Total Download Size: 0.27 MiB Total Installed Size: 1.05 MiB

:: Proceed with installation? [Y/n] Y

UPDATE as of 04/04/24

Manjaro KDE Testing moved to KDE Plasma 6.0.3

Regarding CVE-2024-3094 , after downgrade to 5.4.3 xz, lib32-xz , which doesn't look as problem solving,

I am experiensing following issue :-

$ sudo pacman -S xz lib32-xz ✔ [sudo] password for djon:

:: xz is in IgnorePkg/IgnoreGroup. Install anyway? [Y/n] Y

:: lib32-xz is in IgnorePkg/IgnoreGroup. Install anyway? [Y/n] Y

resolving dependencies... looking for conflicting packages...

Packages (2) lib32-xz-5.6.1-3 xz-5.6.1-3

Total Download Size: 0.74 MiB

Total Installed Size: 2.69 MiB

Net Upgrade Size: 0.16 MiB

:: Proceed with installation? [Y/n] n

UPDATE as of 04/06/2024

KVM guest deployed via manjaro-kde-23.1.4-240406-linux66.iso and upgraded to Manjaro Testing

is still affected by CVE-2024-3094.

See also the threads :-

https://www.reddit.com/r/archlinux/comments/1bqx81e/arch_lin...

https://forum.manjaro.org/t/xz-package-contains-a-vulnerabil...

Running https://github.com/cyclone-github/scripts/blob/main/xz_cve-2... on Manjaro Testing :-

$ hostnamectl  ✔ Static hostname: boris-kde0406

Icon name: computer-vm

Chassis: vm 🖴

Machine ID: 7cc6ab841db44eb8a8cc9b95bff724fc

Boot ID: 44d7407b6a124ea2aa59909ac0c32d1e

Virtualization: kvm

Operating System: Manjaro Linux Kernel: Linux 6.8.4-1-MANJARO

Architecture: x86-64

Hardware Vendor: QEMU

Hardware Model: Standard PC _Q35 + ICH9, 2009_

Firmware Version: 1.16.3-1.fc39

Firmware Date: Tue 2014-04-01

Firmware Age: 10y 6d    ~  ./test01.sh  ✔ Checking system for CVE-2024-3094 Vulnerability... https://nvd.nist.gov/vuln/detail/CVE-2024-3094

Checking for function signature in liblzma... Function signature in liblzma: OK

Checking xz version using pacman package manager...

Note: Arch Linux detected

(1) CVE-2024-3094 does not target Arch Linux sshd service

(2) Manually check your installed xz version and make sure it is not vulnerable

(3) Detected xz version: 5.4.6-1

(4) Check for most recent xz release: https://archlinux.org/packages/core/x86_64/xz/

Once again per https://forum.manjaro.org/t/xz-package-contains-a-vulnerabil...

Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:

ldd "$(command -v sshd)"

However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist. – Arch Linux - News: The xz package has been backdoored 20

Final draft may viewed here http://lxer.com/module/newswire/view/339565/index.html

UPDATE as of 04/09/20224

As of now you might need $ sudo pacman -Syyu after updating mirror's list.

Another way $ sudo pacman -Syy ; $ sudo pacman -Syu

Your installation should go through phase

:: Synchronizing package databases... core 147.7 KiB 444 KiB/s 00:00

[##################################] 100%

extra 8.7 MiB 6.76 MiB/s 00:01

[##################################] 100%

multilib 144.9 KiB 315 KiB/s 00:00

[##################################] 100%

:: Some packages should be upgraded first...

resolving dependencies...

looking for conflicting packages...

Packages (1) archlinux-keyring-20240313-1

Total Download Size: 1.16 MiB

Total Installed Size: 1.66 MiB

Net Upgrade Size: 0.00 MiB

:: Proceed with installation? [Y/n] Y . . . . . . . :: Starting full system upgrade...

:: Replace baloo5 with extra/baloo? [Y/n] Y

:: Replace breeze with extra/breeze5? [Y/n] Y

:: Replace ksysguard with extra/plasma-systemmonitor? [Y/n] Y

:: Replace kuserfeedback5 with extra/kuserfeedback? [Y/n] Y

:: Replace oxygen with extra/oxygen5? [Y/n] Y

:: Replace plasma-integration with extra/plasma5-integration? [Y/n] Y

:: Replace plasma-wayland-session with extra/plasma-workspace? [Y/n] Y

:: Replace plasma5-themes-breath with extra/plasma6-themes-breath? [Y/n] Y

:: Replace plasma5-themes-breath-migration with extra/plasma6-themes-breath-migration? [Y/n] Y

resolving dependencies...

:: There are 2 providers available for qt6-multimedia-backend:

:: Repository extra

1) qt6-multimedia-ffmpeg 2) qt6-multimedia-gstreamer

Enter a number (default=1): 1

END UPDATE

UPDATE as of 04/15/2024 KDE Frameworks 6.1.0 arrived on Manjaro Testing branch

https://dbaxps.blogspot.com/2024/04/kde-frameworks-610-arriv...

Which one of commands $ sudo pacman -Syu either $ sudo pacman -Syyu does "extra" repository synchronization , this one is supposed to be issued. I am hesitant to detect here any in depth explanation . Increasing number of mirrors from 5 to 15 allows me to succeed with following upgrade $ sudo pacman-mirrors --fasttrack 15 && sudo pacman -Syu . Just 10 mirrors forced me to execute $ sudo pacman-mirrors --fasttrack 10 && sudo pacman -Syyu .

UPDATE as of 04/19/2024 KDE Plasma 6.0.4 && KDE Frameworks 6.1.0 arrived on Manjaro Testing branch https://dbaxps.blogspot.com/2024/04/kde-plasma-604-kde-frame...

UPDATE as of 04/25/2024 See https://forum.manjaro.org/t/plasma-6-0-4-root-privileges-are...

I am unable to reproduce the bug on Ryzen box.

UPDATE as of 05/01/2024 System wide Python is now 3.12.3 && QEMU upgraded up to 9.0.0 on Manjaro Testing branch

https://dbaxps.blogspot.com/2024/05/system-wide-python-is-no...

UPDATE as of 05/03/2024 Manjaro Testing Instance setup as KVM Guest in UEFI mode (Fedora 40 KVM Hypervisor)

https://dbaxps.blogspot.com/2024/05/manjaro-testing-instance...

UPDATE as of 05/05/2024 Deploying KVM Guests in UEFI mode on Manjaro Testing KVM Host

See https://forum.manjaro.org/t/qemu-swtpm-wiki-guide-missing-re... . Several "Howto"s pop up the first in google search are missing extremely important command :

$ sudo pacman -S swtpm

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software