#Linux Weekly Roundup for April 13th, 2025: #LMDE 7 getting OEM support, #Pinta 3.0 ported to GTK4, #DXVK 2.6.1 improves support for #AMD Vega GPUs and several games, #OpenSSL 3.5, #fwupd 2.0.8, #IPFire gets post-quantum cryptography support, and more https://9to5linux.com/9to5linux-weekly-roundup-april-13th-2025
Also: #Slackware 15 has a security update for Python3:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.326755
& Slackware-current just adopted #OpenSSH 10.0.p1 & #OpenSSL 3.5
n/openssh-10.0p1-x86_64-1.txz: Upgraded. Potentially-incompatible changes include the removal of the weak DSA signature algorithm, completing the deprecation process that began in 2015 (when DSA was disabled by default) and repeatedly warned over the last 12 months.
n/openssl-3.5.0-x86_64-1.txz: Upgraded. New LTS release, supported until 08 Apr 2030.
It looks like the #OpenSSL QUIC API might be supported in the coming #ngtcp2 1.12.0 release:
https://github.com/ngtcp2/ngtcp2/pull/1582
This could be exciting for #curl users building with #OpenSSL ...
testssl.sh (3.2rc4) has now a client simulation for #OpenSSL 3.5.0:
Mittwoch: Einbruch in US-Bankenaufsicht, TSMC vor Milliardenstrafe wegen Huawei
Bankenaufsicht bespitzelt + Strafe nach Exportverbot + FreeDOS in neuer Version + Commandos-Spiel angetestet + OpenSSL mit Post-Quanten-Verfahren + Bit-Rauschen
#OpenSSL 3.5.0 (#LTS) has been released (#SSL / #TLS) https://openssl-library.org/
OpenSSL 3.5.0 now contains post-quantum procedures
With the new LTS version 3.5.0, OpenSSL adds the post-quantum methods ML-KEM, ML-DSA and SLH-DSA to its library.
OpenSSL 3.5.0 enthält nun Post-Quanten-Verfahren
OpenSSL fügt mit der neuen LTS-Version 3.5.0 seiner Bibliothek die Post-Quanten-Verfahren ML-KEM, ML-DSA und SLH-DSA hinzu.
OpenSSL 3.5 introduces major crypto updates, including PQC support, server-side QUIC, and new TLS defaults.
https://linuxiac.com/openssl-3-5-brings-major-cryptographic-shifts/
#OpenSSL 3.5 Released with Support for PQC Algorithms, Server-Side QUIC, and More https://9to5linux.com/openssl-3-5-released-with-support-for-pqc-algorithms-server-side-quic
Released: #swad v0.1 
Looking for a simple way to add #authentication to your #nginx reverse proxy? Then swad *could* be for you!
swad is the "Simple Web Authentication Daemon", written in pure #C (+ #POSIX) with almost no external dependencies. #TLS support requires #OpenSSL (or #LibreSSL). It's designed to work with nginx' "auth_request" module and offers authentication using a #cookie and a login form.
Well, this is a first release and you can tell by the version number it isn't "complete" yet. Most notably, only one single credentials checker is implemented: #PAM. But as pam already allows pretty flexible configuration, I already consider this pretty useful 
If you want to know more, read here:
https://github.com/Zirias/swad
OpenSSL is advancing into the quantum era with the upcoming release of OpenSSL 3.5, integrating post-quantum cryptographic algorithms such as ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205). This development ensures enhanced security against emerging quantum computing threats. For an in-depth analysis, refer to the article by Prof Bill Buchanan OBE FRSE: https://medium.com/asecuritysite-when-bob-met-alice/no-excuses-openssl-enters-the-quantum-age-ad29af287273
Trying out the Post-Quantum TLS feature (called ML-KEM) in #OpenSSL 3.5-beta1 and #Tor was a success!
The experiment is using the same setup as we did with #BoringSSL back when they enabled the Kyber768/x25519 TLS 1.3 group: we use a Tor binary, compiled against a PQC-enabled lib(ssl|crypto), to run a Bridge Server locally and connect a local Bridge Client to the server.
The branch used for this experiment is available from https://gitlab.torproject.org/ahf/tor/-/commits/ahf/openssl-3.5-pqc-experiments
Lo and behold, #OpenSSL 3.5 (their upcoming LTS release) will come out here at the beginning of April, and it does indeed support some of these hybrid PQC schemes. Their recent beta2 announcement can be read here: https://openssl-library.org/post/2025-03-25-openssl-3.5-beta/ and their roadmap is at https://openssl-library.org/roadmap/index.html
Very excited by this work. Big kudos to the OpenSSL Team here! 
Already planning on giving this a spin with the C implementation of #Tor later this week to see how it goes!
Ok, the final tuning to the supplied #openssl binary has taken place.
Recent patches see https://github.com/testssl/openssl-1.0.2.bad/pulls?q=is%3Apr%20is%3Aclosed%20
Private testing went good so far. Help testing would be much appreciated.
You can grab the binary from here https://testssl.sh/contributed_binaries/openssl.Linux.x86_64 (signature: https://testssl.sh/contributed_binaries/openssl.Linux.x86_64.asc) and let us SOON know of any problems.
The HTTP/3 Challenge: Bridging the Divide Between Hyperscale and Long-Tail Web Traffic
HTTP/3, built on Google's QUIC protocol, promises to revolutionize web performance, yet its adoption faces significant hurdles. As major browsers and CDNs embrace the new standard, the lack of support...
