Qubes OS updates Weekly Review - Y2024-W24

General Discussion
1

Introduction

Weekly review of new packages uploaded to Qubes OS repositories. Notes on how it is prepared and what resources are used to write this newsletter is available in previous versions

Alphabetically sorted list of new packages for Y2024-W24

kernel-510-5.10.218-1.fc32.qubes.x86_64.rpm
kernel-510-devel-5.10.218-1.fc32.qubes.x86_64.rpm
kernel-510-qubes-vm-5.10.218-1.fc32.qubes.x86_64.rpm
kernel-515-5.15.160-1.qubes.fc32.x86_64.rpm
kernel-515-5.15.160-1.qubes.fc37.x86_64.rpm
kernel-515-devel-5.15.160-1.qubes.fc32.x86_64.rpm
kernel-515-devel-5.15.160-1.qubes.fc37.x86_64.rpm
kernel-515-modules-5.15.160-1.qubes.fc32.x86_64.rpm
kernel-515-modules-5.15.160-1.qubes.fc37.x86_64.rpm
kernel-515-qubes-vm-5.15.160-1.qubes.fc32.x86_64.rpm
kernel-515-qubes-vm-5.15.160-1.qubes.fc37.x86_64.rpm
kernel-61-6.1.93-1.qubes.fc32.x86_64.rpm
kernel-61-6.1.93-1.qubes.fc37.x86_64.rpm
kernel-61-devel-6.1.93-1.qubes.fc32.x86_64.rpm
kernel-61-devel-6.1.93-1.qubes.fc37.x86_64.rpm
kernel-61-modules-6.1.93-1.qubes.fc32.x86_64.rpm
kernel-61-modules-6.1.93-1.qubes.fc37.x86_64.rpm
kernel-61-qubes-vm-6.1.93-1.qubes.fc32.x86_64.rpm
kernel-61-qubes-vm-6.1.93-1.qubes.fc37.x86_64.rpm
libqrexec-utils2_4.2.20-1+deb12u1_amd64.deb
libqrexec-utils2_4.2.20-1+deb13u1_amd64.deb
libqrexec-utils2_4.2.20-1+jammy1_amd64.deb
libqrexec-utils2-dbgsym_4.2.20-1+deb12u1_amd64.deb
libqrexec-utils2-dbgsym_4.2.20-1+deb13u1_amd64.deb
libqrexec-utils-dev_4.2.20-1+deb12u1_amd64.deb
libqrexec-utils-dev_4.2.20-1+deb13u1_amd64.deb
libqrexec-utils-dev_4.2.20-1+jammy1_amd64.deb
libqubes-pure0_4.3.0+deb12u1_amd64.deb
libqubes-pure0_4.3.0+deb13u1_amd64.deb
libqubes-pure0_4.3.0+jammy1_amd64.deb
libqubes-pure0-dbgsym_4.3.0+deb12u1_amd64.deb
libqubes-pure0-dbgsym_4.3.0+deb13u1_amd64.deb
libqubes-pure-dev_4.3.0+deb12u1_amd64.deb
libqubes-pure-dev_4.3.0+deb13u1_amd64.deb
libqubes-pure-dev_4.3.0+jammy1_amd64.deb
libqubes-rpc-filecopy2_4.3.0+deb12u1_amd64.deb
libqubes-rpc-filecopy2_4.3.0+deb13u1_amd64.deb
libqubes-rpc-filecopy2_4.3.0+jammy1_amd64.deb
libqubes-rpc-filecopy2-dbgsym_4.3.0+deb12u1_amd64.deb
libqubes-rpc-filecopy2-dbgsym_4.3.0+deb13u1_amd64.deb
libqubes-rpc-filecopy-dev_4.3.0+deb12u1_amd64.deb
libqubes-rpc-filecopy-dev_4.3.0+deb13u1_amd64.deb
libqubes-rpc-filecopy-dev_4.3.0+jammy1_amd64.deb
python3-dnf-plugins-qubes-hooks-4.3.1-1.fc39.noarch.rpm
python3-dnf-plugins-qubes-hooks-4.3.1-1.fc40.noarch.rpm
python3-fido2_1.1.2-2+jammy1_all.deb
python3-qrexec_4.2.20-1+deb12u1_amd64.deb
python3-qrexec_4.2.20-1+deb13u1_amd64.deb
python3-qrexec_4.2.20-1+jammy1_amd64.deb
python3-qubesadmin_4.3.0-1+deb12u1_amd64.deb
python3-qubesadmin_4.3.0-1+deb13u1_amd64.deb
python3-qubesadmin-4.3.0-1.fc37.noarch.rpm
python3-qubesadmin-4.3.0-1.fc39.noarch.rpm
python3-qubesadmin-4.3.0-1.fc40.noarch.rpm
python3-qubesadmin_4.3.0-1+jammy1_amd64.deb
python3-qubesimgconverter-4.3.0-1.fc37.x86_64.rpm
python3-qubesimgconverter-4.3.0-1.fc39.x86_64.rpm
python3-qubesimgconverter-4.3.0-1.fc40.x86_64.rpm
python3-qubesimgconverter_4.3.0+deb12u1_amd64.deb
python3-qubesimgconverter_4.3.0+deb13u1_amd64.deb
python3-qubesimgconverter_4.3.0+jammy1_amd64.deb
qubes-audio-daemon_4.3.0-1+deb12u1_amd64.deb
qubes-audio-daemon_4.3.0-1+deb13u1_amd64.deb
qubes-audio-daemon-4.3.0-1.fc37.x86_64.rpm
qubes-audio-daemon-4.3.0-1.fc39.x86_64.rpm
qubes-audio-daemon-4.3.0-1.fc40.x86_64.rpm
qubes-audio-daemon_4.3.0-1+jammy1_amd64.deb
qubes-audio-daemon-dbgsym_4.3.0-1+deb12u1_amd64.deb
qubes-audio-daemon-dbgsym_4.3.0-1+deb13u1_amd64.deb
qubes-audio-dom0-4.3.0-1.fc37.x86_64.rpm
qubes-audio-dom0-4.3.0-1.fc39.x86_64.rpm
qubes-audio-dom0-4.3.0-1.fc40.x86_64.rpm
qubes-core-admin-client_4.3.0-1+deb12u1_amd64.deb
qubes-core-admin-client_4.3.0-1+deb13u1_amd64.deb
qubes-core-admin-client-4.3.0-1.fc37.noarch.rpm
qubes-core-admin-client-4.3.0-1.fc39.noarch.rpm
qubes-core-admin-client-4.3.0-1.fc40.noarch.rpm
qubes-core-admin-client_4.3.0-1+jammy1_amd64.deb
qubes-core-agent_4.3.1-1+deb12u1_amd64.deb
qubes-core-agent_4.3.1-1+deb13u1_amd64.deb
qubes-core-agent-4.3.1-1.fc39.x86_64.rpm
qubes-core-agent-4.3.1-1.fc40.x86_64.rpm
qubes-core-agent_4.3.1-1+jammy1_amd64.deb
qubes-core-agent-caja_4.3.1-1+deb12u1_amd64.deb
qubes-core-agent-caja_4.3.1-1+deb13u1_amd64.deb
qubes-core-agent-caja-4.3.1-1.fc39.x86_64.rpm
qubes-core-agent-caja-4.3.1-1.fc40.x86_64.rpm
qubes-core-agent-caja_4.3.1-1+jammy1_amd64.deb
qubes-core-agent-dbgsym_4.3.1-1+deb12u1_amd64.deb
qubes-core-agent-dbgsym_4.3.1-1+deb13u1_amd64.deb
qubes-core-agent-dom0-updates_4.3.1-1+deb12u1_amd64.deb
qubes-core-agent-dom0-updates_4.3.1-1+deb13u1_amd64.deb
qubes-core-agent-dom0-updates-4.3.1-1.fc39.noarch.rpm
qubes-core-agent-dom0-updates-4.3.1-1.fc40.noarch.rpm
qubes-core-agent-dom0-updates_4.3.1-1+jammy1_amd64.deb
qubes-core-agent-nautilus_4.3.1-1+deb12u1_amd64.deb
qubes-core-agent-nautilus_4.3.1-1+deb13u1_amd64.deb
qubes-core-agent-nautilus-4.3.1-1.fc39.x86_64.rpm
qubes-core-agent-nautilus-4.3.1-1.fc40.x86_64.rpm
qubes-core-agent-nautilus_4.3.1-1+jammy1_amd64.deb
qubes-core-agent-networking_4.3.1-1+deb12u1_amd64.deb
qubes-core-agent-networking_4.3.1-1+deb13u1_amd64.deb
qubes-core-agent-networking-4.3.1-1.fc39.noarch.rpm
qubes-core-agent-networking-4.3.1-1.fc40.noarch.rpm
qubes-core-agent-networking_4.3.1-1+jammy1_amd64.deb
qubes-core-agent-network-manager_4.3.1-1+deb12u1_amd64.deb
qubes-core-agent-network-manager_4.3.1-1+deb13u1_amd64.deb
qubes-core-agent-network-manager-4.3.1-1.fc39.noarch.rpm
qubes-core-agent-network-manager-4.3.1-1.fc40.noarch.rpm
qubes-core-agent-network-manager_4.3.1-1+jammy1_amd64.deb
qubes-core-agent-passwordless-root_4.3.1-1+deb12u1_amd64.deb
qubes-core-agent-passwordless-root_4.3.1-1+deb13u1_amd64.deb
qubes-core-agent-passwordless-root-4.3.1-1.fc39.noarch.rpm
qubes-core-agent-passwordless-root-4.3.1-1.fc40.noarch.rpm
qubes-core-agent-passwordless-root_4.3.1-1+jammy1_amd64.deb
qubes-core-agent-selinux-4.3.1-1.fc39.noarch.rpm
qubes-core-agent-selinux-4.3.1-1.fc40.noarch.rpm
qubes-core-agent-systemd-4.3.1-1.fc39.x86_64.rpm
qubes-core-agent-systemd-4.3.1-1.fc40.x86_64.rpm
qubes-core-agent-thunar_4.3.1-1+deb12u1_amd64.deb
qubes-core-agent-thunar_4.3.1-1+deb13u1_amd64.deb
qubes-core-agent-thunar-4.3.1-1.fc39.x86_64.rpm
qubes-core-agent-thunar-4.3.1-1.fc40.x86_64.rpm
qubes-core-agent-thunar_4.3.1-1+jammy1_amd64.deb
qubes-core-dom0-4.3.0-1.fc37.noarch.rpm
qubes-core-qrexec_4.2.20-1+deb12u1_amd64.deb
qubes-core-qrexec_4.2.20-1+deb13u1_amd64.deb
qubes-core-qrexec-4.2.20-1.fc37.x86_64.rpm
qubes-core-qrexec-4.2.20-1.fc39.x86_64.rpm
qubes-core-qrexec-4.2.20-1.fc40.x86_64.rpm
qubes-core-qrexec_4.2.20-1+jammy1_amd64.deb
qubes-core-qrexec-dbgsym_4.2.20-1+deb12u1_amd64.deb
qubes-core-qrexec-dbgsym_4.2.20-1+deb13u1_amd64.deb
qubes-core-qrexec-devel-4.2.20-1.fc37.x86_64.rpm
qubes-core-qrexec-devel-4.2.20-1.fc39.x86_64.rpm
qubes-core-qrexec-devel-4.2.20-1.fc40.x86_64.rpm
qubes-core-qrexec-dom0-4.2.20-1.fc37.x86_64.rpm
qubes-core-qrexec-libs-4.2.20-1.fc37.x86_64.rpm
qubes-core-qrexec-libs-4.2.20-1.fc39.x86_64.rpm
qubes-core-qrexec-libs-4.2.20-1.fc40.x86_64.rpm
qubes-core-qrexec-vm-4.2.20-1.fc39.x86_64.rpm
qubes-core-qrexec-vm-4.2.20-1.fc40.x86_64.rpm
qubes-core-qrexec-vm-selinux-4.2.20-1.fc39.x86_64.rpm
qubes-core-qrexec-vm-selinux-4.2.20-1.fc40.x86_64.rpm
qubes-gui-daemon_4.3.0-1+deb12u1_amd64.deb
qubes-gui-daemon_4.3.0-1+deb13u1_amd64.deb
qubes-gui-daemon-4.3.0-1.fc37.x86_64.rpm
qubes-gui-daemon-4.3.0-1.fc39.x86_64.rpm
qubes-gui-daemon-4.3.0-1.fc40.x86_64.rpm
qubes-gui-daemon_4.3.0-1+jammy1_amd64.deb
qubes-gui-daemon-dbgsym_4.3.0-1+deb12u1_amd64.deb
qubes-gui-daemon-dbgsym_4.3.0-1+deb13u1_amd64.deb
qubes-gui-daemon-pulseaudio_4.3.0-1+deb12u1_amd64.deb
qubes-gui-daemon-pulseaudio_4.3.0-1+deb13u1_amd64.deb
qubes-gui-daemon-pulseaudio_4.3.0-1+jammy1_amd64.deb
qubes-gui-dom0-4.3.0-1.fc37.x86_64.rpm
qubes-gui-dom0-4.3.0-1.fc39.x86_64.rpm
qubes-gui-dom0-4.3.0-1.fc40.x86_64.rpm
qubes-kernel-vm-support-4.3.0-1.fc37.x86_64.rpm
qubes-kernel-vm-support-4.3.0-1.fc39.x86_64.rpm
qubes-kernel-vm-support-4.3.0-1.fc40.x86_64.rpm
qubes-kernel-vm-support_4.3.0+deb12u1_amd64.deb
qubes-kernel-vm-support_4.3.0+deb13u1_amd64.deb
qubes-kernel-vm-support_4.3.0+jammy1_amd64.deb
qubes-manager_4.2.8-1+jammy1_amd64.deb
qubes-manager_4.3.0-1+deb12u1_amd64.deb
qubes-manager_4.3.0-1+deb13u1_amd64.deb
qubes-manager-4.3.0-1.fc37.noarch.rpm
qubes-manager-4.3.0-1.fc39.noarch.rpm
qubes-manager-4.3.0-1.fc40.noarch.rpm
qubes-manager_4.3.0-1+jammy1_amd64.deb
qubes-utils-4.3.0-1.fc37.x86_64.rpm
qubes-utils-4.3.0-1.fc39.x86_64.rpm
qubes-utils-4.3.0-1.fc40.x86_64.rpm
qubes-utils_4.3.0+deb12u1_amd64.deb
qubes-utils_4.3.0+deb13u1_amd64.deb
qubes-utils_4.3.0+jammy1_amd64.deb
qubes-utils-dbgsym_4.3.0+deb12u1_amd64.deb
qubes-utils-dbgsym_4.3.0+deb13u1_amd64.deb
qubes-utils-devel-4.3.0-1.fc37.x86_64.rpm
qubes-utils-devel-4.3.0-1.fc39.x86_64.rpm
qubes-utils-devel-4.3.0-1.fc40.x86_64.rpm
qubes-utils-libs-4.3.0-1.fc37.x86_64.rpm
qubes-utils-libs-4.3.0-1.fc39.x86_64.rpm
qubes-utils-libs-4.3.0-1.fc40.x86_64.rpm
qubes-utils-selinux-4.3.0-1.fc37.x86_64.rpm
qubes-utils-selinux-4.3.0-1.fc39.x86_64.rpm
qubes-utils-selinux-4.3.0-1.fc40.x86_64.rpm
qubes-vm-core-4.3.1-1-x86_64.pkg.tar.zst
qubes-vm-kernel-support-4.3.0-1-x86_64.pkg.tar.zst
qubes-vm-keyring-4.3.1-1-x86_64.pkg.tar.zst
qubes-vm-networking-4.3.1-1-x86_64.pkg.tar.zst
qubes-vm-passwordless-root-4.3.1-1-x86_64.pkg.tar.zst
qubes-vm-qrexec-4.2.20-1-x86_64.pkg.tar.zst
qubes-vm-utils-4.3.0-1-x86_64.pkg.tar.zst

Highlights

Unlike previous week which was relatively quiet (possibly due to Xen Project Summit 2024 in Lisbon), we have an enormous amount of updates and new packages this week. The highlights are the new device API. Proper fixing of VNC GUIVM as well as the usual fixes and cleanups.

Details

  • Linux Kernel - Kernel, Kernel Latest and Kernel LTS receive updates. For dom0, templates, all Qubes OS releases. You should follow Greg Kroah-Hartman’s announcements if you need more information on Linux Kernel updates.

  • core-admin v4.3.0 - A gigantic upgrade. Say hello to the new device API. It is hard to sum it up here. Assigning a device as boot requirement for a qube will be possible. Preventing devices from being manually detached from a running VM is made possible. Auto-attachment to specific qube while it is running will be possible (e.g. for external devices). All of this is different from the current persistent mode. Handling devices by Vendor ID/Product ID, Port Number, Serial Number, etc etc. I am not sure if the new device API will be ever a part of R4.2. Most probably it is only for R4.3 :confused: Some of the new changes might be necessary for properly splitting storage VM from dom0. You could spend days reading the commits. I wonder how much time Piotr (Bartman, not Krol) spent on writing the new device API (months? years?). This upgrade might deserve its own forum post.
    There were some other fixes to qubes-core-admin. Such as fixing a bogous error if service name started with a numeral, Rejecting too long service names, a minor fix for Thunderbird in Fedora 40 template. And some other.

  • desktop-linux-manager v4.3.0 - GUI Widget changes to enable the new device API.

  • linux-utils v4.3.2 - Bumping required libraries version for Debian. Nothing serious.

  • gui-agent-linux v4.2.15 & gui-daemon v4.2.8 - Fixing a bug with VNC GUIVM found and reported by @solene

  • gui-daemon v4.3.0 - The GUI daemon receives some fixes to enable the new device API. Mostly for microphone. And it was then bumped to v4.3.1 after adding the VNC GUIVM fix.

  • mgmt-salt-dom0-virtual-machines v4.2.14 - Another fix to enable VNC GUIVM.

  • core-admin-client - The command line interface to the new device API. qvm-device <assign|unassign|info> sub-commands are added. qvm-start is modified to implement the new device API. The new library is called qubesadmin.device_protocol (old one was qubesadmin.devices). A lot of unit tests are added.

  • manager v4.2.8-1 - Some minor Python cosmetic changes. Fixing a minor issue of VM settings GUI crash with temporal unlocked firewall.

  • linux-utils v4.3.0 - Updated udev rules for the new device API.

  • core-agent-linux v4.3.1 - Using modern Freedesktop /etc/os-release identification data and setting some new Qubes OS template features based on them. For example you will have ubuntu for os-release future and debian for the new os-distribution-like feature of your Ubuntu templates. There will be a new os-version feature. I wish if there was an additional os-pretty-name feature. It would be nice as a tool-tip in some of GUI tools. Maybe I should create a pull request for that.

  • core-qrexec v4.2.20 - qrexec core receives some major upgrade. Dealing with stdout and stderr streams, assuring they are properly and timely closed and flushed. There should be some speed improvements in the end. Fixing an issue with qubes.UpdatesProxy. Adding some highly appreciated comments; Command and API documentation.

  • python-fido2 v1.1.2-2 (r4.3) is packed for Ubuntu Jammy 22.04 LTS for Qubes OS R4.3.

Epilog

I take the opportunity here to inform you that Marek has finalized the workflow of building packages for Qubes OS R4.3 and closed the related issue on Github. We do not have a qubes-dist-upgrade to migrate from R4.2 to R4.3 testing to follow its development closely. Doing this manually might be possible but I personally do not have the guts to do it yet as I do not want to break my only working Qubes OS machine.

12 Likes
2

Thanks for writing this up! It’s helpful to have a summary of changes and context for more significant changes. One thing that would be even more helpful for me is the ability to subscribe to this through an RSS feed. I understand that would probably require a non-trivial amount of work on your end because the forum probably doesn’t have built-in support for that, but the forum is also a sensible place to put this newsletter since interested people are more likely to be on here. Just wanted to mention it in case it becomes more convenient to add in the future. :slightly_smiling_face:

Thanks again for putting this together!

2 Likes
3

Discourse has internal RSS feed support. I am currently posting under General Discussions → Updates. The RSS feed for it is as follow:

If you need dedicated RSS feed only for the Weekly Reviews, it should be possible if there was an independent category for it. So I could post only in that category. This is something the forum moderators could do.

4 Likes