Fedora 33 has reached EOL
https://www.qubes-os.org/news/2021/11/30/fedora-33-eol/
As previously announced (https://www.qubes-os.org/news/2021/11/11/fedora-33-approaching-eol-fedora-34-templates-available/), Fedora 33 has reached EOL (end-of-life (https://fedoraproject.org/wiki/End_of_life)).
If you have not already done so, we strongly recommend upgrading (https://www.qubes-os.org/doc/templates/fedora/#upgrading) your
Fedora 33 templates and standalones to Fedora 34 immediately.
We provide fresh Fedora 34 template packages through the official Qubes
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.qubes-os.org/doc/templates/fedora/#installing). Alternatively, we also provide step-by-step
instructions for performing an in-place upgrade (https://www.qubes-os.org/doc/template/fedora/upgrade/) of an existing Fedora
template. After upgrading your templates, please remember to switch all
qubes that were using the old template to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases that are supported for your
specific Qubes release, see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
Please note that no user action is required regarding the OS version in
dom0. For details, please see our note on dom0 and EOL (https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol).
Note for 4.1 release candidate testers: Qubes R4.1-rc1 already
includes the Fedora 34 template by default, so no action is required.
https://www.qubes-os.org/news/2021/11/30/fedora-33-eol/
As previously announced (https://www.qubes-os.org/news/2021/11/11/fedora-33-approaching-eol-fedora-34-templates-available/), Fedora 33 has reached EOL (end-of-life (https://fedoraproject.org/wiki/End_of_life)).
If you have not already done so, we strongly recommend upgrading (https://www.qubes-os.org/doc/templates/fedora/#upgrading) your
Fedora 33 templates and standalones to Fedora 34 immediately.
We provide fresh Fedora 34 template packages through the official Qubes
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.qubes-os.org/doc/templates/fedora/#installing). Alternatively, we also provide step-by-step
instructions for performing an in-place upgrade (https://www.qubes-os.org/doc/template/fedora/upgrade/) of an existing Fedora
template. After upgrading your templates, please remember to switch all
qubes that were using the old template to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases that are supported for your
specific Qubes release, see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
Please note that no user action is required regarding the OS version in
dom0. For details, please see our note on dom0 and EOL (https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol).
Note for 4.1 release candidate testers: Qubes R4.1-rc1 already
includes the Fedora 34 template by default, so no action is required.
XEN PROJECT SHIPS VERSION 4.16 WITH FOCUS ON IMPROVED PERFORMANCE SECURITY AND HARDWARE SUPPORT
https://xenproject.org/2021/12/02/xen-project-ships-version-4-16-with-focus-on-improved-performance-security-and-hardware-support/
NEW VERSION INTRODUCES ARM VIRTUAL PERFORMANCE MONITOR COUNTERS AND BROADER X86 HARDWARE SUPPORT. COMMUNITY INITIATIVES, INCLUDING FUNCTIONAL SAFETY AND VIRTIO, CONTINUE TO PROGRESS. The Xen Project, an open source hypervisor...
https://xenproject.org/2021/12/02/xen-project-ships-version-4-16-with-focus-on-improved-performance-security-and-hardware-support/
NEW VERSION INTRODUCES ARM VIRTUAL PERFORMANCE MONITOR COUNTERS AND BROADER X86 HARDWARE SUPPORT. COMMUNITY INITIATIVES, INCLUDING FUNCTIONAL SAFETY AND VIRTIO, CONTINUE TO PROGRESS. The Xen Project, an open source hypervisor...
Debian 11 templates available
https://www.qubes-os.org/news/2021/12/07/debian-11-templates-available/
New Debian 11 templates are available for both Qubes 4.0 and 4.1.
We provide fresh Debian 11 template packages through the official Qubes
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.qubes-os.org/doc/templates/debian/#installing). Alternatively, we also provide step-by-step
instructions for performing an in-place upgrade (https://www.qubes-os.org/doc/template/debian/upgrade/) of an existing Fedora
template. After upgrading your templates, please remember to switch all
qubes that were using the old template to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases that are supported for your
specific Qubes release, see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
Please note that no user action is required regarding the OS version in
dom0. For details, please see our note on dom0 and EOL (https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol).
https://www.qubes-os.org/news/2021/12/07/debian-11-templates-available/
New Debian 11 templates are available for both Qubes 4.0 and 4.1.
We provide fresh Debian 11 template packages through the official Qubes
repositories, which you can install in dom0 by following the standard
installation instructions (https://www.qubes-os.org/doc/templates/debian/#installing). Alternatively, we also provide step-by-step
instructions for performing an in-place upgrade (https://www.qubes-os.org/doc/template/debian/upgrade/) of an existing Fedora
template. After upgrading your templates, please remember to switch all
qubes that were using the old template to use the new one (https://www.qubes-os.org/doc/templates/#switching).
For a complete list of template releases that are supported for your
specific Qubes release, see our supported template releases (https://www.qubes-os.org/doc/supported-releases/#templates).
Please note that no user action is required regarding the OS version in
dom0. For details, please see our note on dom0 and EOL (https://www.qubes-os.org/doc/supported-releases/#note-on-dom0-and-eol).
Qubes Canary 029
https://www.qubes-os.org/news/2021/12/13/canary-029/
We have published Qubes Canary 029. The text of this canary is
reproduced below.
This canary and its accompanying signatures will always be available in
the Qubes security pack (qubes-secpack).
View Qubes Canary 029 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-029-2021.txt
Learn how to obtain and authenticate the qubes-secpack and all the
signatures it contains:
https://www.qubes-os.org/security/pack/
View all past canaries:
https://www.qubes-os.org/security/canary/
---===[ Qubes Canary 029 ]===---
Statements
-----------
The Qubes security team members who have digitally signed this file [1]
state the following:
1. The date of issue of this canary is December 13, 2021.
2. There have been 74 Qubes security bulletins published so far.
3. The Qubes Master Signing Key fingerprint is:
427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
4. No warrants have ever been served to us with regard to the Qubes OS
Project (e.g. to hand out the private signing keys or to introduce
backdoors).
5. We plan to publish the next of these canary statements in the first
fourteen days of March 2022. Special note should be taken if no new
canary is published by that time or if the list of statements changes
without plausible explanation.
Special announcements
----------------------
Many PGP keys in the Qubes security pack (qubes-secpack) that are used
elsewhere in the project (such as the Qubes builder), including the
Qubes Master Signing Key (QMSK), were signed or self-signed using the
SHA-1 hash function. Unlike some other uses of SHA-1, its use in our PGP
signatures does not pose a noteworthy security risk unless an adversary
is capable of performing a successful preimage attack (not merely a
collision attack). Since there are presently no known feasible attacks
against the preimage resistance of full SHA-1, our use of SHA-1 in PGP
signatures does not currently pose a relevant security risk.
Nonetheless, as a preemptive defense-in-depth enhancement and to support
deprecation of SHA-1 in tooling, we have decided to re-(self-)sign many
of these keys using SHA-256 or SHA-512. [3]
In addition, the qubes-secpack contains several expired code signing
keys, old release keys, and keys belonging to individuals who are no
longer active Qubes developers. We have decided to move these keys into
new "retired" subdirectories. (We've decided to move them rather than
delete them, since some users may wish to use them to authenticate old
signatures. Note that this is merely a matter of convenience, since even
deleted files always remain in the Git repository's history and can
always be retrieved that way.)
To be clear, none of the actions described here constitute a response to
any security incident. To our knowledge, the keys in the qubes-secpack
are not and have never been at risk. No key fingerprints have changed as
a result of these actions. We consider this updating and cleanup of the
keys to be more of a "housekeeping" task.
Disclaimers and notes
----------------------
We would like to remind you that Qubes OS has been designed under the
assumption that all relevant infrastructure is permanently compromised.
This means that we assume NO trust in any of the servers or services
which host or provide any Qubes-related data, in particular, software
updates, source code repositories, and Qubes ISO downloads.
This canary scheme is not infallible. Although signing the declaration
makes it very difficult for a third party to produce arbitrary
declarations, it does not prevent them from using force or other means,
like blackmail or compromising the signers' laptops, to coerce us to
produce false declarations.
The proof of freshness provided below serves to demonstrate that this
canary could not have been created prior to the date stated. It shows
https://www.qubes-os.org/news/2021/12/13/canary-029/
We have published Qubes Canary 029. The text of this canary is
reproduced below.
This canary and its accompanying signatures will always be available in
the Qubes security pack (qubes-secpack).
View Qubes Canary 029 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-029-2021.txt
Learn how to obtain and authenticate the qubes-secpack and all the
signatures it contains:
https://www.qubes-os.org/security/pack/
View all past canaries:
https://www.qubes-os.org/security/canary/
---===[ Qubes Canary 029 ]===---
Statements
-----------
The Qubes security team members who have digitally signed this file [1]
state the following:
1. The date of issue of this canary is December 13, 2021.
2. There have been 74 Qubes security bulletins published so far.
3. The Qubes Master Signing Key fingerprint is:
427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
4. No warrants have ever been served to us with regard to the Qubes OS
Project (e.g. to hand out the private signing keys or to introduce
backdoors).
5. We plan to publish the next of these canary statements in the first
fourteen days of March 2022. Special note should be taken if no new
canary is published by that time or if the list of statements changes
without plausible explanation.
Special announcements
----------------------
Many PGP keys in the Qubes security pack (qubes-secpack) that are used
elsewhere in the project (such as the Qubes builder), including the
Qubes Master Signing Key (QMSK), were signed or self-signed using the
SHA-1 hash function. Unlike some other uses of SHA-1, its use in our PGP
signatures does not pose a noteworthy security risk unless an adversary
is capable of performing a successful preimage attack (not merely a
collision attack). Since there are presently no known feasible attacks
against the preimage resistance of full SHA-1, our use of SHA-1 in PGP
signatures does not currently pose a relevant security risk.
Nonetheless, as a preemptive defense-in-depth enhancement and to support
deprecation of SHA-1 in tooling, we have decided to re-(self-)sign many
of these keys using SHA-256 or SHA-512. [3]
In addition, the qubes-secpack contains several expired code signing
keys, old release keys, and keys belonging to individuals who are no
longer active Qubes developers. We have decided to move these keys into
new "retired" subdirectories. (We've decided to move them rather than
delete them, since some users may wish to use them to authenticate old
signatures. Note that this is merely a matter of convenience, since even
deleted files always remain in the Git repository's history and can
always be retrieved that way.)
To be clear, none of the actions described here constitute a response to
any security incident. To our knowledge, the keys in the qubes-secpack
are not and have never been at risk. No key fingerprints have changed as
a result of these actions. We consider this updating and cleanup of the
keys to be more of a "housekeeping" task.
Disclaimers and notes
----------------------
We would like to remind you that Qubes OS has been designed under the
assumption that all relevant infrastructure is permanently compromised.
This means that we assume NO trust in any of the servers or services
which host or provide any Qubes-related data, in particular, software
updates, source code repositories, and Qubes ISO downloads.
This canary scheme is not infallible. Although signing the declaration
makes it very difficult for a third party to produce arbitrary
declarations, it does not prevent them from using force or other means,
like blackmail or compromising the signers' laptops, to coerce us to
produce false declarations.
The proof of freshness provided below serves to demonstrate that this
canary could not have been created prior to the date stated. It shows
that a series of canaries was not created in advance.
This declaration is merely a best effort and is provided without any
guarantee or warranty. It is not legally binding in any way to anybody.
None of the signers should be ever held legally responsible for any of
the statements made here.
Proof of freshness
-------------------
Mon, 13 Dec 2021 01:15:23 +0000
Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
Resurrection of the SP: The Unexpected Rise of Germany's New Chancellor, Olaf Scholz
BioNTech Founder Şahin on the Omicron Variant: “It Will Make Scientific Sense To Offer Booster after Three Months”
City of Warriors: Resistance Across the Border to the Myanmar Military Junta
Deadly Intrigue: The Story of the Destruction of an Aid Organization
The One-Man State: Viktor Orbán and the Fall of Democracy in Hungary
Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Haiti’s Leader Kept a List of Drug Traffickers. His Assassins Came for It.
‘Our Boat Was Surrounded by Dead Bodies’: Witnessing a Migrant Tragedy
Israeli Leader Travels to U.A.E., Showcasing Deepening Ties
New Caledonia Says ‘Non’ to Independence
Diplomats Warn Russia of ‘Massive Consequences’ if It Invades Ukraine
Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Kentucky tornadoes: Death toll likely to pass 100, governor says
Kentucky tornadoes: 100 year-old-church destroyed in seconds
Vladimir Putin: I moonlighted as a taxi driver in the 1990s
Black Axe: Leaked documents shine spotlight on secretive Nigerian gang
Alibaba fires woman who claimed sexual assault
Source: Blockchain.info
00000000000000000001b7c62afe91ab5ddb7ce534f4868fc71e4c9e4797f7b2
Footnotes
----------
[1] This file should be signed in two ways: (1) via detached PGP
signatures by each of the signers, distributed together with this canary
in the qubes-secpack.git repo, and (2) via digital signatures on the
corresponding qubes-secpack.git repo tags. [2]
[2] Don't just trust the contents of this file blindly! Verify the
digital signatures! Instructions for doing so are documented here:
https://www.qubes-os.org/security/pack/
[3] https://github.com/QubesOS/qubes-issues/issues/6470
--
The Qubes Security Team
https://www.qubes-os.org/security/
This declaration is merely a best effort and is provided without any
guarantee or warranty. It is not legally binding in any way to anybody.
None of the signers should be ever held legally responsible for any of
the statements made here.
Proof of freshness
-------------------
Mon, 13 Dec 2021 01:15:23 +0000
Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
Resurrection of the SP: The Unexpected Rise of Germany's New Chancellor, Olaf Scholz
BioNTech Founder Şahin on the Omicron Variant: “It Will Make Scientific Sense To Offer Booster after Three Months”
City of Warriors: Resistance Across the Border to the Myanmar Military Junta
Deadly Intrigue: The Story of the Destruction of an Aid Organization
The One-Man State: Viktor Orbán and the Fall of Democracy in Hungary
Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Haiti’s Leader Kept a List of Drug Traffickers. His Assassins Came for It.
‘Our Boat Was Surrounded by Dead Bodies’: Witnessing a Migrant Tragedy
Israeli Leader Travels to U.A.E., Showcasing Deepening Ties
New Caledonia Says ‘Non’ to Independence
Diplomats Warn Russia of ‘Massive Consequences’ if It Invades Ukraine
Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Kentucky tornadoes: Death toll likely to pass 100, governor says
Kentucky tornadoes: 100 year-old-church destroyed in seconds
Vladimir Putin: I moonlighted as a taxi driver in the 1990s
Black Axe: Leaked documents shine spotlight on secretive Nigerian gang
Alibaba fires woman who claimed sexual assault
Source: Blockchain.info
00000000000000000001b7c62afe91ab5ddb7ce534f4868fc71e4c9e4797f7b2
Footnotes
----------
[1] This file should be signed in two ways: (1) via detached PGP
signatures by each of the signers, distributed together with this canary
in the qubes-secpack.git repo, and (2) via digital signatures on the
corresponding qubes-secpack.git repo tags. [2]
[2] Don't just trust the contents of this file blindly! Verify the
digital signatures! Instructions for doing so are documented here:
https://www.qubes-os.org/security/pack/
[3] https://github.com/QubesOS/qubes-issues/issues/6470
--
The Qubes Security Team
https://www.qubes-os.org/security/
XSAs released on 2021-12-20
https://www.qubes-os.org/news/2021/12/20/xsas-released-on-2021-12-20/
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS is not affected.
Therefore, no user action is required.
XSAs that affect the security of Qubes OS (user action required)
The following XSAs do affect the security of Qubes OS:
(None)
XSAs that do not affect the security of Qubes OS (no user action required)
The following XSAs do not affect the security of Qubes OS, and no user action is necessary:
XSA-376 (denial-of-service only)
XSA-391 (denial-of-service only)
XSA-392 (denial-of-service only)
Related links
Xen XSA list: https://xenbits.xen.org/xsa/
Qubes XSA tracker: https://www.qubes-os.org/security/xsa/
Qubes security pack (qubes-secpack): https://www.qubes-os.org/security/pack/
Qubes security bulletins (QSBs): https://www.qubes-os.org/security/qsb/
https://www.qubes-os.org/news/2021/12/20/xsas-released-on-2021-12-20/
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS is not affected.
Therefore, no user action is required.
XSAs that affect the security of Qubes OS (user action required)
The following XSAs do affect the security of Qubes OS:
(None)
XSAs that do not affect the security of Qubes OS (no user action required)
The following XSAs do not affect the security of Qubes OS, and no user action is necessary:
XSA-376 (denial-of-service only)
XSA-391 (denial-of-service only)
XSA-392 (denial-of-service only)
Related links
Xen XSA list: https://xenbits.xen.org/xsa/
Qubes XSA tracker: https://www.qubes-os.org/security/xsa/
Qubes security pack (qubes-secpack): https://www.qubes-os.org/security/pack/
Qubes security bulletins (QSBs): https://www.qubes-os.org/security/qsb/
Qubes OS 4.1-rc3 has been released!
https://www.qubes-os.org/news/2021/12/21/qubes-4-1-rc3/
The third release candidate for Qubes 4.1 is here! There are no major
changes to report. We’ve just focused on fixing bugs that were
discovered and reported in the second release candidate.
If you’re currently using either any Qubes 4.1 release candidate, a
regular update (https://www.qubes-os.org/doc/how-to-update/) is sufficient to upgrade to the latest one. Otherwise,
read on for more about how to get started with testing Qubes 4.1-rc3.
What’s new in Qubes 4.1?
In case you still haven’t heard, Qubes 4.1 includes several major new
features, each of which is explained in depth in its own article:
Qubes Architecture Next Steps: The GUI Domain (https://www.qubes-os.org/news/2020/03/18/gui-domain/)
Qubes Architecture Next Steps: The New Qrexec Policy System (https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/)
New Gentoo templates and maintenance infrastructure (https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/)
Reproducible builds for Debian: a big step forward (https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/)
There are also numerous other improvements and bug fixes listed in the
release notes (https://www.qubes-os.org/doc/releases/4.1/release-notes/) and in the issue tracker (https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+).
Finally, Qubes 4.1 features the following updated default components:
Xen 4.14
Fedora 32 in dom0
Fedora 34 template
Debian 11 template
Whonix 16 Gateway and Workstation templates
Linux kernel 5.10
How to test Qubes 4.1-rc3
If you’re willing to test (https://www.qubes-os.org/doc/testing/) this release candidate, you can help to
improve the stable release by reporting any bugs you encounter (https://www.qubes-os.org/doc/issue-tracking/).
Experienced users are strongly encouraged to join the testing team (https://forum.qubes-os.org/t/joining-the-testing-team/5190)!
How to migrate to 4.1-rc3:
If you’re already on any 4.1 release candidate, simply perform a
normal update (https://www.qubes-os.org/doc/how-to-update/).
If you’re not on a 4.1 release candidate yet, you have two options:
Back up (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#creating-a-backup) your current installation, download (https://www.qubes-os.org/downloads/) 4.1-rc3, perform a
fresh install (https://www.qubes-os.org/doc/installation-guide/), then restore (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#restoring-from-a-backup) from your backup.
Perform an in-place upgrade (https://www.qubes-os.org/doc/upgrade/4.1/).
Release candidate planning
With each new release candidate, Qubes 4.1 becomes more and more stable
as our testers report more bugs, and our developers fix them. As
explained in our general release schedule (https://www.qubes-os.org/doc/version-scheme/#release-schedule), this cycle will continue
until no major bugs are discovered, at which point the last release
candidate will be declared the stable 4.1 release. Until then, we plan
to have new release candidates approximately every five weeks.
https://www.qubes-os.org/news/2021/12/21/qubes-4-1-rc3/
The third release candidate for Qubes 4.1 is here! There are no major
changes to report. We’ve just focused on fixing bugs that were
discovered and reported in the second release candidate.
If you’re currently using either any Qubes 4.1 release candidate, a
regular update (https://www.qubes-os.org/doc/how-to-update/) is sufficient to upgrade to the latest one. Otherwise,
read on for more about how to get started with testing Qubes 4.1-rc3.
What’s new in Qubes 4.1?
In case you still haven’t heard, Qubes 4.1 includes several major new
features, each of which is explained in depth in its own article:
Qubes Architecture Next Steps: The GUI Domain (https://www.qubes-os.org/news/2020/03/18/gui-domain/)
Qubes Architecture Next Steps: The New Qrexec Policy System (https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/)
New Gentoo templates and maintenance infrastructure (https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/)
Reproducible builds for Debian: a big step forward (https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/)
There are also numerous other improvements and bug fixes listed in the
release notes (https://www.qubes-os.org/doc/releases/4.1/release-notes/) and in the issue tracker (https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+).
Finally, Qubes 4.1 features the following updated default components:
Xen 4.14
Fedora 32 in dom0
Fedora 34 template
Debian 11 template
Whonix 16 Gateway and Workstation templates
Linux kernel 5.10
How to test Qubes 4.1-rc3
If you’re willing to test (https://www.qubes-os.org/doc/testing/) this release candidate, you can help to
improve the stable release by reporting any bugs you encounter (https://www.qubes-os.org/doc/issue-tracking/).
Experienced users are strongly encouraged to join the testing team (https://forum.qubes-os.org/t/joining-the-testing-team/5190)!
How to migrate to 4.1-rc3:
If you’re already on any 4.1 release candidate, simply perform a
normal update (https://www.qubes-os.org/doc/how-to-update/).
If you’re not on a 4.1 release candidate yet, you have two options:
Back up (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#creating-a-backup) your current installation, download (https://www.qubes-os.org/downloads/) 4.1-rc3, perform a
fresh install (https://www.qubes-os.org/doc/installation-guide/), then restore (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#restoring-from-a-backup) from your backup.
Perform an in-place upgrade (https://www.qubes-os.org/doc/upgrade/4.1/).
Release candidate planning
With each new release candidate, Qubes 4.1 becomes more and more stable
as our testers report more bugs, and our developers fix them. As
explained in our general release schedule (https://www.qubes-os.org/doc/version-scheme/#release-schedule), this cycle will continue
until no major bugs are discovered, at which point the last release
candidate will be declared the stable 4.1 release. Until then, we plan
to have new release candidates approximately every five weeks.
Qubes OS 4.1.0-rc4 has been released!
https://www.qubes-os.org/news/2022/01/18/qubes-4-1-0-rc4/
The fourth release candidate for Qubes 4.1.0 is here! There are no major
changes to report. We’ve just focused on fixing bugs that were
discovered and reported in the third release candidate.
If you’re currently using any Qubes 4.1.0 release candidate, a regular
update (https://www.qubes-os.org/doc/how-to-update/) is sufficient to upgrade to the latest one. Otherwise, read on
for more about how to get started with testing Qubes 4.1.0-rc4.
What’s new in Qubes 4.1.0?
In case you still haven’t heard, Qubes 4.1.0 includes several major new
features, each of which is explained in depth in its own article:
Qubes Architecture Next Steps: The GUI Domain (https://www.qubes-os.org/news/2020/03/18/gui-domain/)
Qubes Architecture Next Steps: The New Qrexec Policy System (https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/)
New Gentoo templates and maintenance infrastructure (https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/)
Reproducible builds for Debian: a big step forward (https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/)
There are also numerous other improvements and bug fixes listed in the
release notes (https://www.qubes-os.org/doc/releases/4.1/release-notes/) and in the issue tracker (https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+).
Finally, Qubes 4.1.0 features the following updated default components:
Xen 4.14
Fedora 32 in dom0
Fedora 34 template
Debian 11 template
Whonix 16 Gateway and Workstation templates
Linux kernel 5.10
How to test Qubes 4.1.0-rc4
If you’re willing to test (https://www.qubes-os.org/doc/testing/) this release candidate, you can help to
improve the stable release by reporting any bugs you encounter (https://www.qubes-os.org/doc/issue-tracking/).
Experienced users are strongly encouraged to join the testing team (https://forum.qubes-os.org/t/joining-the-testing-team/5190)!
How to migrate to 4.1.0-rc4:
If you’re already on any 4.1.0 release candidate, simply perform a
normal update (https://www.qubes-os.org/doc/how-to-update/).
If you’re not on a 4.1.0 release candidate yet, you have two options:
Back up (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#creating-a-backup) your current installation, download (https://www.qubes-os.org/downloads/) 4.1.0-rc4, perform
a fresh install (https://www.qubes-os.org/doc/installation-guide/), then restore (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#restoring-from-a-backup) from your backup.
Perform an in-place upgrade (https://www.qubes-os.org/doc/upgrade/4.1/).
Release candidate planning
With each new release candidate, Qubes 4.1.0 becomes more stable as
testers report bugs and our developers fix them. As explained in our
general release schedule (https://www.qubes-os.org/doc/version-scheme/#release-schedule), this cycle will continue until no major bugs
are discovered, at which point the last release candidate will be
declared the stable 4.1.0 release. Until then, we plan to have new
release candidates approximately every five weeks.
https://www.qubes-os.org/news/2022/01/18/qubes-4-1-0-rc4/
The fourth release candidate for Qubes 4.1.0 is here! There are no major
changes to report. We’ve just focused on fixing bugs that were
discovered and reported in the third release candidate.
If you’re currently using any Qubes 4.1.0 release candidate, a regular
update (https://www.qubes-os.org/doc/how-to-update/) is sufficient to upgrade to the latest one. Otherwise, read on
for more about how to get started with testing Qubes 4.1.0-rc4.
What’s new in Qubes 4.1.0?
In case you still haven’t heard, Qubes 4.1.0 includes several major new
features, each of which is explained in depth in its own article:
Qubes Architecture Next Steps: The GUI Domain (https://www.qubes-os.org/news/2020/03/18/gui-domain/)
Qubes Architecture Next Steps: The New Qrexec Policy System (https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/)
New Gentoo templates and maintenance infrastructure (https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/)
Reproducible builds for Debian: a big step forward (https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/)
There are also numerous other improvements and bug fixes listed in the
release notes (https://www.qubes-os.org/doc/releases/4.1/release-notes/) and in the issue tracker (https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+).
Finally, Qubes 4.1.0 features the following updated default components:
Xen 4.14
Fedora 32 in dom0
Fedora 34 template
Debian 11 template
Whonix 16 Gateway and Workstation templates
Linux kernel 5.10
How to test Qubes 4.1.0-rc4
If you’re willing to test (https://www.qubes-os.org/doc/testing/) this release candidate, you can help to
improve the stable release by reporting any bugs you encounter (https://www.qubes-os.org/doc/issue-tracking/).
Experienced users are strongly encouraged to join the testing team (https://forum.qubes-os.org/t/joining-the-testing-team/5190)!
How to migrate to 4.1.0-rc4:
If you’re already on any 4.1.0 release candidate, simply perform a
normal update (https://www.qubes-os.org/doc/how-to-update/).
If you’re not on a 4.1.0 release candidate yet, you have two options:
Back up (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#creating-a-backup) your current installation, download (https://www.qubes-os.org/downloads/) 4.1.0-rc4, perform
a fresh install (https://www.qubes-os.org/doc/installation-guide/), then restore (https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#restoring-from-a-backup) from your backup.
Perform an in-place upgrade (https://www.qubes-os.org/doc/upgrade/4.1/).
Release candidate planning
With each new release candidate, Qubes 4.1.0 becomes more stable as
testers report bugs and our developers fix them. As explained in our
general release schedule (https://www.qubes-os.org/doc/version-scheme/#release-schedule), this cycle will continue until no major bugs
are discovered, at which point the last release candidate will be
declared the stable 4.1.0 release. Until then, we plan to have new
release candidates approximately every five weeks.
XSAs released on 2022-01-25
https://www.qubes-os.org/news/2022/01/25/xsas-released-on-2022-01-25/
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS is affected.
Therefore, user action is required.
XSAs that affect the security of Qubes OS (user action required)
The following XSAs do affect the security of Qubes OS:
XSA-395
Please see QSB-075 for the actions users must take in order to
protect themselves, as well as further details about these XSAs:
https://www.qubes-os.org/news/2022/01/25/qsb-075/
XSAs that do not affect the security of Qubes OS (no user action required)
The following XSAs do not affect the security of Qubes OS, and no user action is necessary:
XSA-393 (ARM architectures only)
XSA-394 (denial-of-service only)
Related links
Xen XSA list: https://xenbits.xen.org/xsa/
Qubes XSA tracker: https://www.qubes-os.org/security/xsa/
Qubes security pack (qubes-secpack): https://www.qubes-os.org/security/pack/
Qubes security bulletins (QSBs): https://www.qubes-os.org/security/qsb/
https://www.qubes-os.org/news/2022/01/25/xsas-released-on-2022-01-25/
The Xen Project has released one or more Xen Security Advisories (XSAs).
The security of Qubes OS is affected.
Therefore, user action is required.
XSAs that affect the security of Qubes OS (user action required)
The following XSAs do affect the security of Qubes OS:
XSA-395
Please see QSB-075 for the actions users must take in order to
protect themselves, as well as further details about these XSAs:
https://www.qubes-os.org/news/2022/01/25/qsb-075/
XSAs that do not affect the security of Qubes OS (no user action required)
The following XSAs do not affect the security of Qubes OS, and no user action is necessary:
XSA-393 (ARM architectures only)
XSA-394 (denial-of-service only)
Related links
Xen XSA list: https://xenbits.xen.org/xsa/
Qubes XSA tracker: https://www.qubes-os.org/security/xsa/
Qubes security pack (qubes-secpack): https://www.qubes-os.org/security/pack/
Qubes security bulletins (QSBs): https://www.qubes-os.org/security/qsb/
QSB-075: Insufficient cleanup of passed-through device IRQs (XSA-395)
https://www.qubes-os.org/news/2022/01/25/qsb-075/
We have just published Qubes Security Bulletin (QSB) 075:
Insufficient cleanup of passed-through device IRQs (XSA-395).
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB-075 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-075-2022.txt
In addition, you may wish to:
Get the qubes-secpack: https://www.qubes-os.org/security/pack/
View all past QSBs: https://www.qubes-os.org/security/qsb/
View the XSA Tracker: https://www.qubes-os.org/security/xsa/
---===[ Qubes Security Bulletin 075 ]===---
2022-01-25
Insufficient cleanup of passed-through device IRQs (XSA-395)
User action required
---------------------
Users must install the following specific packages in order to address
the issues discussed in this bulletin:
For Qubes 4.0, in dom0:
- Xen packages, version 4.8.5-37
For Qubes 4.1, in dom0:
- Xen packages, version 4.14.3-8
These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [1] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [2]
Dom0 must be restarted afterward in order for the updates to take
effect.
If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new Xen
binaries.
Summary
--------
On 2022-01-25, the Xen project published XSA-395, "Insufficient cleanup
of passed-through device IRQs" [3]:
| The management of IRQs associated with physical devices exposed to x86
| HVM guests involves an iterative operation in particular when cleaning
| up after the guest's use of the device. In the case where an
| interrupt is not quiescent yet at the time this cleanup gets invoked,
| the cleanup attempt may be scheduled to be retried. When multiple
| interrupts are involved, this scheduling of a retry may get
| erroneously skipped. At the same time pointers may get cleared
| (resulting in a de-reference of NULL) and freed (resulting in a
| use-after-free), while other code would continue to assume them to be
| valid.
Impact
-------
The precise impact is system-specific but would typically be a denial of
service (DoS) affecting the entire host. Privilege escalation and
information leaks cannot be ruled out.
Only x86 HVM guests with one or more passed-through physical devices
using multiple physical interrupts together can exploit this
vulnerability. In Qubes, this generally applies to sys-usb and sys-net,
but whether the relevant devices use multiple interrupts together is
system-specific.
Credits
--------
See the original Xen Security Advisory.
References
-----------
[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/how-to-update/
[3] https://xenbits.xen.org/xsa/advisory-395.html
--
The Qubes Security Team
https://www.qubes-os.org/security/
https://www.qubes-os.org/news/2022/01/25/qsb-075/
We have just published Qubes Security Bulletin (QSB) 075:
Insufficient cleanup of passed-through device IRQs (XSA-395).
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB-075 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-075-2022.txt
In addition, you may wish to:
Get the qubes-secpack: https://www.qubes-os.org/security/pack/
View all past QSBs: https://www.qubes-os.org/security/qsb/
View the XSA Tracker: https://www.qubes-os.org/security/xsa/
---===[ Qubes Security Bulletin 075 ]===---
2022-01-25
Insufficient cleanup of passed-through device IRQs (XSA-395)
User action required
---------------------
Users must install the following specific packages in order to address
the issues discussed in this bulletin:
For Qubes 4.0, in dom0:
- Xen packages, version 4.8.5-37
For Qubes 4.1, in dom0:
- Xen packages, version 4.14.3-8
These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [1] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [2]
Dom0 must be restarted afterward in order for the updates to take
effect.
If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR18+19 will change due to the new Xen
binaries.
Summary
--------
On 2022-01-25, the Xen project published XSA-395, "Insufficient cleanup
of passed-through device IRQs" [3]:
| The management of IRQs associated with physical devices exposed to x86
| HVM guests involves an iterative operation in particular when cleaning
| up after the guest's use of the device. In the case where an
| interrupt is not quiescent yet at the time this cleanup gets invoked,
| the cleanup attempt may be scheduled to be retried. When multiple
| interrupts are involved, this scheduling of a retry may get
| erroneously skipped. At the same time pointers may get cleared
| (resulting in a de-reference of NULL) and freed (resulting in a
| use-after-free), while other code would continue to assume them to be
| valid.
Impact
-------
The precise impact is system-specific but would typically be a denial of
service (DoS) affecting the entire host. Privilege escalation and
information leaks cannot be ruled out.
Only x86 HVM guests with one or more passed-through physical devices
using multiple physical interrupts together can exploit this
vulnerability. In Qubes, this generally applies to sys-usb and sys-net,
but whether the relevant devices use multiple interrupts together is
system-specific.
Credits
--------
See the original Xen Security Advisory.
References
-----------
[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/how-to-update/
[3] https://xenbits.xen.org/xsa/advisory-395.html
--
The Qubes Security Team
https://www.qubes-os.org/security/
👍1
Qubes OS 4.1.0 has been released!
https://www.qubes-os.org/news/2022/02/04/qubes-4-1-0/
At long last, the Qubes 4.1.0 stable release has arrived! The
culmination of years of development, this release brings a host of new
features, major improvements, and numerous bug fixes. Read on to find
out what’s new, how to install or upgrade to the new release, and all
the noteworthy changes it includes.
What’s new in Qubes 4.1.0?
In case you still haven’t heard, Qubes 4.1.0 includes several major new
features, each of which is explained in depth in its own article.
Qubes Architecture Next Steps: The GUI Domain (https://www.qubes-os.org/news/2020/03/18/gui-domain/)
The GUI domain is a qube separate from dom0 that handles all
display-related tasks and some system management. This separation allows
us to more securely isolate dom0 while granting the user more
flexibility with respect to graphical interfaces. (Note: The GUI domain
is still experimental, so it’s an opt-in feature in Qubes 4.1.0 (https://www.qubes-os.org/news/2020/03/18/gui-domain/#what-will-actually-be-in-qubes-41).)
Qubes Architecture Next Steps: The New Qrexec Policy System (https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/)
Qrexec is is an RPC (remote procedure call) mechanism that allows one
qube to do something inside another qube. The qrexec policy system
enforces “who can do what and where.” Qubes 4.1 brings a new qrexec
policy format, significant performance improvements, support for socket
services, and policy notifications that make it easier to detect
problems.
New Gentoo templates and maintenance infrastructure (https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/)
There are three new flavors of Gentoo templates, as well as an advanced
infrastructure for automated building and testing, which also supports
Linux kernel and Arch Linux building and testing.
Improvements in testing and building: GitLab CI and reproducible builds (https://www.qubes-os.org/news/2021/02/28/improvements-in-testing-and-building/)
This article explains our work on continuous integration (CI), which
automates and improves several aspects of the development process, and
reproducible builds, which improves the security of the build and
verification process.
Reproducible builds for Debian: a big step forward (https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/)
This article explains the tools and infrastructure we’ve built to verify
official package builds by rebuilding them. While this was supposed to
be possible in theory, making it a reality required significant work,
including rewriting certain components from scratch.
More improvements, bug fixes, and updated components
In addition to the articles above, there are also numerous other
improvements and bug fixes listed in the release notes (https://www.qubes-os.org/#release-notes) and in the
issue tracker (https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+).
Finally, Qubes 4.1.0 features the following updated default components:
Xen 4.14
Fedora 32 in dom0
Fedora 34 template
Debian 11 template
Whonix 16 Gateway and Workstation templates
Linux kernel 5.10
How to install or upgrade to Qubes 4.1.0
To perform a fresh install, download (https://www.qubes-os.org/downloads/) Qubes 4.1.0, then follow the
installation guide (https://www.qubes-os.org/doc/installation-guide/).
If you’re currently on Qubes 4.0, please see how to upgrade
to Qubes 4.1 (https://www.qubes-os.org/doc/upgrade/4.1/).
If you’re already on any 4.1.0 release candidate, simply perform a
normal update (https://www.qubes-os.org/doc/how-to-update/).
https://www.qubes-os.org/news/2022/02/04/qubes-4-1-0/
At long last, the Qubes 4.1.0 stable release has arrived! The
culmination of years of development, this release brings a host of new
features, major improvements, and numerous bug fixes. Read on to find
out what’s new, how to install or upgrade to the new release, and all
the noteworthy changes it includes.
What’s new in Qubes 4.1.0?
In case you still haven’t heard, Qubes 4.1.0 includes several major new
features, each of which is explained in depth in its own article.
Qubes Architecture Next Steps: The GUI Domain (https://www.qubes-os.org/news/2020/03/18/gui-domain/)
The GUI domain is a qube separate from dom0 that handles all
display-related tasks and some system management. This separation allows
us to more securely isolate dom0 while granting the user more
flexibility with respect to graphical interfaces. (Note: The GUI domain
is still experimental, so it’s an opt-in feature in Qubes 4.1.0 (https://www.qubes-os.org/news/2020/03/18/gui-domain/#what-will-actually-be-in-qubes-41).)
Qubes Architecture Next Steps: The New Qrexec Policy System (https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/)
Qrexec is is an RPC (remote procedure call) mechanism that allows one
qube to do something inside another qube. The qrexec policy system
enforces “who can do what and where.” Qubes 4.1 brings a new qrexec
policy format, significant performance improvements, support for socket
services, and policy notifications that make it easier to detect
problems.
New Gentoo templates and maintenance infrastructure (https://www.qubes-os.org/news/2020/10/05/new-gentoo-templates-and-maintenance-infrastructure/)
There are three new flavors of Gentoo templates, as well as an advanced
infrastructure for automated building and testing, which also supports
Linux kernel and Arch Linux building and testing.
Improvements in testing and building: GitLab CI and reproducible builds (https://www.qubes-os.org/news/2021/02/28/improvements-in-testing-and-building/)
This article explains our work on continuous integration (CI), which
automates and improves several aspects of the development process, and
reproducible builds, which improves the security of the build and
verification process.
Reproducible builds for Debian: a big step forward (https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/)
This article explains the tools and infrastructure we’ve built to verify
official package builds by rebuilding them. While this was supposed to
be possible in theory, making it a reality required significant work,
including rewriting certain components from scratch.
More improvements, bug fixes, and updated components
In addition to the articles above, there are also numerous other
improvements and bug fixes listed in the release notes (https://www.qubes-os.org/#release-notes) and in the
issue tracker (https://github.com/QubesOS/qubes-issues/issues?q=milestone%3A%22Release+4.1%22+is%3Aclosed+-label%3A%22R%3A+duplicate%22+-label%3A%22R%3A+invalid%22+-label%3A%22R%3A+cannot+reproduce%22+-label%3A%22R%3A+not+an+issue%22+-label%3A%22R%3A+not+our+bug%22+-label%3A%22R%3A+won%27t+do%22+-label%3A%22R%3A+won%27t+fix%22+).
Finally, Qubes 4.1.0 features the following updated default components:
Xen 4.14
Fedora 32 in dom0
Fedora 34 template
Debian 11 template
Whonix 16 Gateway and Workstation templates
Linux kernel 5.10
How to install or upgrade to Qubes 4.1.0
To perform a fresh install, download (https://www.qubes-os.org/downloads/) Qubes 4.1.0, then follow the
installation guide (https://www.qubes-os.org/doc/installation-guide/).
If you’re currently on Qubes 4.0, please see how to upgrade
to Qubes 4.1 (https://www.qubes-os.org/doc/upgrade/4.1/).
If you’re already on any 4.1.0 release candidate, simply perform a
normal update (https://www.qubes-os.org/doc/how-to-update/).
Thank you to our partners, donors, contributors, and testers!
This release would not be possible without generous support from our
partners (https://www.qubes-os.org/partners/) and donors (https://www.qubes-os.org/donate/), as well as contributions (https://www.qubes-os.org/doc/contributing/) from our active
community members, especially bug reports (https://www.qubes-os.org/doc/issue-tracking/) from our testers (https://www.qubes-os.org/doc/testing/). We are
eternally grateful to our excellent community for making the Qubes OS
Project a great example of open-source collaboration.
Release notes
The following list is also available on the Qubes OS 4.1 release notes (https://www.qubes-os.org/doc/releases/4.1/release-notes/)
page.
Optional qubes-remote-support package now available from repositories
(strictly opt-in, no package installed by default; no new ports or
network connections open by default; requires explicit connection
initiation by the user, then requires sharing a code word with the
remote party before a connection can be established; see
#6364 (https://github.com/QubesOS/qubes-issues/issues/6364) for more
information)
Qubes firewall reworked to be more defensive (see
#5540 (https://github.com/QubesOS/qubes-issues/issues/5540) for
details)
Xen upgraded to version 4.14
Dom0 operating system upgraded to Fedora 32
Default desktop environment upgraded to Xfce 4.14
Upgraded default template releases
Experimental support for GUI running outside of dom0 (hybrid mode GUI
domain without real GPU passthrough; see
#5662 (https://github.com/QubesOS/qubes-issues/issues/5662) for
details)
Experimental support for audio server running outside of dom0 (“Audio
domain”)
sys-firewall and sys-usb are now disposables by default
UEFI boot now loads GRUB, which in turn loads Xen, making the boot
path similar to legacy boot and allowing the user to modify boot
parameters or choose an alternate boot menu entry
New qrexec policy format (see
#4370 (https://github.com/QubesOS/qubes-issues/issues/4370) for
details)
qrexec protocol improvements (see
#4909 (https://github.com/QubesOS/qubes-issues/issues/4909) for
details)
New qrexec-policy daemon
Simplified using in-qube kernels
Windows USB and audio support courtesy of
tabit-pro (https://github.com/tabit-pro) (see
#5802 (https://github.com/QubesOS/qubes-issues/issues/5802) and
#2624 (https://github.com/QubesOS/qubes-issues/issues/2624))
Clarified disposable-related terminology and properties
Default kernelopts can now be specified by a kernel package
Improved support for high-resolution displays
Improved notifications when a system drive runs out of free space
Support for different cursor shapes
“Paranoid mode” backup restore option now properly supported using
disposables
Users can now choose between Debian and Fedora in the installer
Certain files and applications are now opened in disposables, e.g.,
Thunderbird email attachments
New graphical interface for managing testing repository updates
New “Cute Qube” icon family (replaces padlock icons)
Disposable qube types now use the disposable icon
New Template Manager tool for installing, removing, and updating
templates (meanwhile, the tool previously known as the “Template
Manager,” which was for mass template switching, has been integrated
into the Qube Manager)
The “file” storage driver has been deprecated in Qubes 4.1 and will be
removed in Qubes 4.2
property-del event renamed to property-reset to avoid confusion
qrexec no longer supports non-executable files in /etc/qubes-rpc
qrexec components have been reorganized into the core-qrexec
repository
The qvm-pool argument parser has been rewritten and improved
Removed the need for the out-of-tree u2mfn kernel module
Qrexec services can now run as a socket server
Improved template distribution mechanism
Now possible to restart qrexec-agent
The term “VM” has largely been replaced by “qube”
This release would not be possible without generous support from our
partners (https://www.qubes-os.org/partners/) and donors (https://www.qubes-os.org/donate/), as well as contributions (https://www.qubes-os.org/doc/contributing/) from our active
community members, especially bug reports (https://www.qubes-os.org/doc/issue-tracking/) from our testers (https://www.qubes-os.org/doc/testing/). We are
eternally grateful to our excellent community for making the Qubes OS
Project a great example of open-source collaboration.
Release notes
The following list is also available on the Qubes OS 4.1 release notes (https://www.qubes-os.org/doc/releases/4.1/release-notes/)
page.
Optional qubes-remote-support package now available from repositories
(strictly opt-in, no package installed by default; no new ports or
network connections open by default; requires explicit connection
initiation by the user, then requires sharing a code word with the
remote party before a connection can be established; see
#6364 (https://github.com/QubesOS/qubes-issues/issues/6364) for more
information)
Qubes firewall reworked to be more defensive (see
#5540 (https://github.com/QubesOS/qubes-issues/issues/5540) for
details)
Xen upgraded to version 4.14
Dom0 operating system upgraded to Fedora 32
Default desktop environment upgraded to Xfce 4.14
Upgraded default template releases
Experimental support for GUI running outside of dom0 (hybrid mode GUI
domain without real GPU passthrough; see
#5662 (https://github.com/QubesOS/qubes-issues/issues/5662) for
details)
Experimental support for audio server running outside of dom0 (“Audio
domain”)
sys-firewall and sys-usb are now disposables by default
UEFI boot now loads GRUB, which in turn loads Xen, making the boot
path similar to legacy boot and allowing the user to modify boot
parameters or choose an alternate boot menu entry
New qrexec policy format (see
#4370 (https://github.com/QubesOS/qubes-issues/issues/4370) for
details)
qrexec protocol improvements (see
#4909 (https://github.com/QubesOS/qubes-issues/issues/4909) for
details)
New qrexec-policy daemon
Simplified using in-qube kernels
Windows USB and audio support courtesy of
tabit-pro (https://github.com/tabit-pro) (see
#5802 (https://github.com/QubesOS/qubes-issues/issues/5802) and
#2624 (https://github.com/QubesOS/qubes-issues/issues/2624))
Clarified disposable-related terminology and properties
Default kernelopts can now be specified by a kernel package
Improved support for high-resolution displays
Improved notifications when a system drive runs out of free space
Support for different cursor shapes
“Paranoid mode” backup restore option now properly supported using
disposables
Users can now choose between Debian and Fedora in the installer
Certain files and applications are now opened in disposables, e.g.,
Thunderbird email attachments
New graphical interface for managing testing repository updates
New “Cute Qube” icon family (replaces padlock icons)
Disposable qube types now use the disposable icon
New Template Manager tool for installing, removing, and updating
templates (meanwhile, the tool previously known as the “Template
Manager,” which was for mass template switching, has been integrated
into the Qube Manager)
The “file” storage driver has been deprecated in Qubes 4.1 and will be
removed in Qubes 4.2
property-del event renamed to property-reset to avoid confusion
qrexec no longer supports non-executable files in /etc/qubes-rpc
qrexec components have been reorganized into the core-qrexec
repository
The qvm-pool argument parser has been rewritten and improved
Removed the need for the out-of-tree u2mfn kernel module
Qrexec services can now run as a socket server
Improved template distribution mechanism
Now possible to restart qrexec-agent
The term “VM” has largely been replaced by “qube”
GUI daemon is now configured using qvm-features tool,
/etc/qubes/guid.conf file is no longer used
qvm-run tool got --no-shell option to run a single command without
using a shell inside the qube
For a full list, including more detailed denoscriptions, please see
here (https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+sort%3Aupdated-desc+milestone%3A%22Release+4.1%22+label%3A%22release+notes%22+is%3Aclosed).
/etc/qubes/guid.conf file is no longer used
qvm-run tool got --no-shell option to run a single command without
using a shell inside the qube
For a full list, including more detailed denoscriptions, please see
here (https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+sort%3Aupdated-desc+milestone%3A%22Release+4.1%22+label%3A%22release+notes%22+is%3Aclosed).
QSB-076: Intel microcode updates
https://www.qubes-os.org/news/2022/02/11/qsb-076/
We have just published Qubes Security Bulletin (QSB) 076:
Intel microcode updates.
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB-076 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-076-2022.txt
In addition, you may wish to:
Get the qubes-secpack: https://www.qubes-os.org/security/pack/
View all past QSBs: https://www.qubes-os.org/security/qsb/
View the XSA Tracker: https://www.qubes-os.org/security/xsa/
---===[ Qubes Security Bulletin 076 ]===---
2022-02-11
Intel microcode updates
User action required
---------------------
Users must install the following specific packages in order to address
the issues discussed in this bulletin:
For Qubes 4.0, in dom0:
- microcode_ctl package, version 2.1-34.qubes1
For Qubes 4.1, in dom0:
- microcode_ctl package, version 2.1-34.qubes1
These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [1] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [2]
Dom0 must be restarted afterward in order for the updates to take
effect.
If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR19 will change due to the new
microcode in the initramfs.
Summary
--------
On 2022-02-08, Intel published microcode updates [3] for some of their
CPUs that fix security issues [4]. INTEL-SA-00561 (CVE-2021-0145) [7][8]
affects Qubes installations on hardware with affected CPU models. Red
Hat provides a good overview [5]:
| A flaw was found in microcode. Fast store forwarding prediction in one
| domain could be controlled by software previously executed in another
| domain. Such control helps a malicious program running in user mode
| (or guest VM) to trigger transient execution gadgets in supervisor
| mode (or VMM), potentially leading to sensitive data disclosure.
There is also a separate vulnerability -- INTEL-SA-00589
(CVE-2021-33120) [9] -- that seems to affect mainly low-power
architecture CPUs, e.g., Atom. However, due to the sparse denoscription of
the issue, we cannot judge whether it affects Qubes OS.
Impact
-------
INTEL-SA-00561 (CVE-2021-0145) is another CPU vulnerability related to
speculative execution (also called transient execution). If successfully
exploited, it could allow an attacker to read information across
security boundaries. In this case, the successful exploitation could
allow an attacker-controlled VM to read information that should be
accessible only to the hypervisor.
This affects at least 10th generation mobile and 11th generation mobile
and desktop Intel Core CPUs. For a full list of affected CPU models, see
Intel's table [6] or Red Hat's summary [5].
Credits
--------
See the original security advisories. Additional thanks to Red Hat for
their helpful overview of the microcode updates.
References
-----------
[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/how-to-update/
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md#microcode-2022027
[4] https://www.intel.com/content/www/us/en/security-center/default.html
[5] https://access.redhat.com/articles/6716541
[6] https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
[7] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html
[8] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html
https://www.qubes-os.org/news/2022/02/11/qsb-076/
We have just published Qubes Security Bulletin (QSB) 076:
Intel microcode updates.
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB-076 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-076-2022.txt
In addition, you may wish to:
Get the qubes-secpack: https://www.qubes-os.org/security/pack/
View all past QSBs: https://www.qubes-os.org/security/qsb/
View the XSA Tracker: https://www.qubes-os.org/security/xsa/
---===[ Qubes Security Bulletin 076 ]===---
2022-02-11
Intel microcode updates
User action required
---------------------
Users must install the following specific packages in order to address
the issues discussed in this bulletin:
For Qubes 4.0, in dom0:
- microcode_ctl package, version 2.1-34.qubes1
For Qubes 4.1, in dom0:
- microcode_ctl package, version 2.1-34.qubes1
These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [1] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [2]
Dom0 must be restarted afterward in order for the updates to take
effect.
If you use Anti Evil Maid, you will need to reseal your secret
passphrase to new PCR values, as PCR19 will change due to the new
microcode in the initramfs.
Summary
--------
On 2022-02-08, Intel published microcode updates [3] for some of their
CPUs that fix security issues [4]. INTEL-SA-00561 (CVE-2021-0145) [7][8]
affects Qubes installations on hardware with affected CPU models. Red
Hat provides a good overview [5]:
| A flaw was found in microcode. Fast store forwarding prediction in one
| domain could be controlled by software previously executed in another
| domain. Such control helps a malicious program running in user mode
| (or guest VM) to trigger transient execution gadgets in supervisor
| mode (or VMM), potentially leading to sensitive data disclosure.
There is also a separate vulnerability -- INTEL-SA-00589
(CVE-2021-33120) [9] -- that seems to affect mainly low-power
architecture CPUs, e.g., Atom. However, due to the sparse denoscription of
the issue, we cannot judge whether it affects Qubes OS.
Impact
-------
INTEL-SA-00561 (CVE-2021-0145) is another CPU vulnerability related to
speculative execution (also called transient execution). If successfully
exploited, it could allow an attacker to read information across
security boundaries. In this case, the successful exploitation could
allow an attacker-controlled VM to read information that should be
accessible only to the hypervisor.
This affects at least 10th generation mobile and 11th generation mobile
and desktop Intel Core CPUs. For a full list of affected CPU models, see
Intel's table [6] or Red Hat's summary [5].
Credits
--------
See the original security advisories. Additional thanks to Red Hat for
their helpful overview of the microcode updates.
References
-----------
[1] https://www.qubes-os.org/doc/testing/
[2] https://www.qubes-os.org/doc/how-to-update/
[3] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md#microcode-2022027
[4] https://www.intel.com/content/www/us/en/security-center/default.html
[5] https://access.redhat.com/articles/6716541
[6] https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
[7] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html
[8] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html
Qubes Canary 030
https://www.qubes-os.org/news/2022/03/08/canary-030/
We have published Qubes Canary 030. The text of this canary is
reproduced below.
This canary and its accompanying signatures will always be available in
the Qubes security pack (qubes-secpack).
View Qubes Canary 030 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-030-2022.txt
Learn how to obtain and authenticate the qubes-secpack and all the
signatures it contains:
https://www.qubes-os.org/security/pack/
View all past canaries:
https://www.qubes-os.org/security/canary/
---===[ Qubes Canary 030 ]===---
Statements
-----------
The Qubes security team members who have digitally signed this file [1]
state the following:
1. The date of issue of this canary is March 08, 2022.
2. There have been 76 Qubes security bulletins published so far.
3. The Qubes Master Signing Key fingerprint is:
427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
4. No warrants have ever been served to us with regard to the Qubes OS
Project (e.g. to hand out the private signing keys or to introduce
backdoors).
5. We plan to publish the next of these canary statements in the first
fourteen days of June 2022. Special note should be taken if no new
canary is published by that time or if the list of statements changes
without plausible explanation.
Special announcements
----------------------
None.
Disclaimers and notes
----------------------
We would like to remind you that Qubes OS has been designed under the
assumption that all relevant infrastructure is permanently compromised.
This means that we assume NO trust in any of the servers or services
which host or provide any Qubes-related data, in particular, software
updates, source code repositories, and Qubes ISO downloads.
This canary scheme is not infallible. Although signing the declaration
makes it very difficult for a third party to produce arbitrary
declarations, it does not prevent them from using force or other means,
like blackmail or compromising the signers' laptops, to coerce us to
produce false declarations.
The proof of freshness provided below serves to demonstrate that this
canary could not have been created prior to the date stated. It shows
that a series of canaries was not created in advance.
This declaration is merely a best effort and is provided without any
guarantee or warranty. It is not legally binding in any way to anybody.
None of the signers should be ever held legally responsible for any of
the statements made here.
Proof of freshness
-------------------
Tue, 08 Mar 2022 04:12:58 +0000
Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
Yuval Noah Harari on the Ukraine War: "Human Stupidity Should Never Be Underestimated"
Josep Borrell on Russia's war in Ukraine and what Europe needs to do about it
Ukraine: Kyiv Residents Prepare for the Arrival of the Russians
Russia-Ukraine-War: How Vladimir Putin Brought the West Together
The Ukrainian Heartland Prepares for War: "I'm Not Leaving My Home!"
Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Ukraine Live Updates: Third Round of Talks Raise Hopes for Evacuation Routes
With New Limits on Media, Putin Closes a Door on Russia’s ‘Openness’
Once Victims in Southeast Europe, Jews Come to Aid Fleeing Ukrainians
Baltics, in Russia's Shadow, Demand Tougher Stance From West
These Syrian Refugees Can't Stay in Denmark, but They Can't Go Home
Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
War in Ukraine: Russia says it may cut gas supplies if oil ban goes ahead
War in Ukraine: Crisis is unleashing 'hell on earth' for food prices
War in Ukraine: World Bank approves $723m financial package
War in Ukraine: 'It's hell, it's really hell' - Families flee bombs in Irpin
Ukraine war: Chernobyl workers' 12-day ordeal under Russian guard
Source: Blockchain.info
https://www.qubes-os.org/news/2022/03/08/canary-030/
We have published Qubes Canary 030. The text of this canary is
reproduced below.
This canary and its accompanying signatures will always be available in
the Qubes security pack (qubes-secpack).
View Qubes Canary 030 in the qubes-secpack:
https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-030-2022.txt
Learn how to obtain and authenticate the qubes-secpack and all the
signatures it contains:
https://www.qubes-os.org/security/pack/
View all past canaries:
https://www.qubes-os.org/security/canary/
---===[ Qubes Canary 030 ]===---
Statements
-----------
The Qubes security team members who have digitally signed this file [1]
state the following:
1. The date of issue of this canary is March 08, 2022.
2. There have been 76 Qubes security bulletins published so far.
3. The Qubes Master Signing Key fingerprint is:
427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
4. No warrants have ever been served to us with regard to the Qubes OS
Project (e.g. to hand out the private signing keys or to introduce
backdoors).
5. We plan to publish the next of these canary statements in the first
fourteen days of June 2022. Special note should be taken if no new
canary is published by that time or if the list of statements changes
without plausible explanation.
Special announcements
----------------------
None.
Disclaimers and notes
----------------------
We would like to remind you that Qubes OS has been designed under the
assumption that all relevant infrastructure is permanently compromised.
This means that we assume NO trust in any of the servers or services
which host or provide any Qubes-related data, in particular, software
updates, source code repositories, and Qubes ISO downloads.
This canary scheme is not infallible. Although signing the declaration
makes it very difficult for a third party to produce arbitrary
declarations, it does not prevent them from using force or other means,
like blackmail or compromising the signers' laptops, to coerce us to
produce false declarations.
The proof of freshness provided below serves to demonstrate that this
canary could not have been created prior to the date stated. It shows
that a series of canaries was not created in advance.
This declaration is merely a best effort and is provided without any
guarantee or warranty. It is not legally binding in any way to anybody.
None of the signers should be ever held legally responsible for any of
the statements made here.
Proof of freshness
-------------------
Tue, 08 Mar 2022 04:12:58 +0000
Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
Yuval Noah Harari on the Ukraine War: "Human Stupidity Should Never Be Underestimated"
Josep Borrell on Russia's war in Ukraine and what Europe needs to do about it
Ukraine: Kyiv Residents Prepare for the Arrival of the Russians
Russia-Ukraine-War: How Vladimir Putin Brought the West Together
The Ukrainian Heartland Prepares for War: "I'm Not Leaving My Home!"
Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Ukraine Live Updates: Third Round of Talks Raise Hopes for Evacuation Routes
With New Limits on Media, Putin Closes a Door on Russia’s ‘Openness’
Once Victims in Southeast Europe, Jews Come to Aid Fleeing Ukrainians
Baltics, in Russia's Shadow, Demand Tougher Stance From West
These Syrian Refugees Can't Stay in Denmark, but They Can't Go Home
Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
War in Ukraine: Russia says it may cut gas supplies if oil ban goes ahead
War in Ukraine: Crisis is unleashing 'hell on earth' for food prices
War in Ukraine: World Bank approves $723m financial package
War in Ukraine: 'It's hell, it's really hell' - Families flee bombs in Irpin
Ukraine war: Chernobyl workers' 12-day ordeal under Russian guard
Source: Blockchain.info