A fully free, simple, and lightweight operating system

You've reached the website of Parabola GNU/Linux-libre. The Parabola project is a community-driven, "labour-of-love" effort to maintain a 100% free (as in: freedom) operating system distribution that is lean, clean, and hackable.

Based on the Arch distribution, Parabola is a complete, user-friendly operating system, suitable for general "everyday" use, while retaining Arch's "power-user" charm. Parabola adheres to the GNU Free System Distribution Guidelines (FSDG); which requires source code for every part of the system to be freely available, modifyable, and re-distributable. All Parabola packages are built from source, in clean chroots, and with networking disabled, in order to replace any software and artworks in the standard Arch system which fall outside the GNU guidelines. LiveISOs, installers, and packages are provided for the armv7h, i686, and x86_64 CPU architectures.

Our community is friendly and helpful. Feel free to hop on the IRC channel, join the web forum, or subscribe to the mailing lists, to get your feet wet. Once you are ready to begin your adventures through Fosstopia, the wiki will guide you well toward learning to install and use Parabola comfortably and confidently.

Learn more...

Latest News

RSS Feed

[arch-announce] The xz package has been backdoored


From: "Arch Linux: Recent news updates: David Runge" arch-announce@lists.archlinux.org

TL;DR: Upgrade your systems and container images now!

As many of you may have already read 1, the upstream release tarballs for xz in version 5.6.0 and 5.6.1 contain malicious code which adds a backdoor.

This vulnerability is tracked in the Arch Linux security tracker 2.

The xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1) contain this backdoor.

We strongly advise against using affected release artifacts and instead downloading what is currently available as latest version!

Upgrading the system

It is strongly advised to do a full system upgrade right away if your system currently has xz version 5.6.0-1 or 5.6.1-1 installed:

pacman -Syu

Regarding sshd authentication bypass/code execution

From the upstream report 1:

> openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma.

Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:

ldd "$(command -v sshd)"

However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.

URL: https://archlinux.org/news/the-xz-package-has-been-backdoored/

[From Arch]: budgie-desktop >= 10.7.2-6 update requires manual intervention


When upgrading from budgie-desktop 10.7.2-5 to 10.7.2-6, the package mutter43 must be replaced with magpie-wm, which currently depends on mutter. As mutter43 conflicts with mutter, manual intervention is required to complete the upgrade.

First remove mutter43, then immediately perform the upgrade. Do not relog or reboot between these steps.

pacman -Rdd mutter43

pacman -Syu

OpenBLAS >= 0.3.23-2 update requires manual intervention


From Arch:

The openblas package prior to version 0.3.23-2 doesn't ship optimized LAPACK routine and CBLAS/LAPACKE interfaces for compatibility. This decision has been reverted now, and the ability to choose a different default system BLAS/LAPACK implementation while keeping openblas installed is now provided to allow future co-installation of BLIS, ATLAS, etc.

The default BLAS implementation will be used for most packages like NumPy or R. Please install "blas-openblas" and "blas64-openblas" to make OpenBLAS the default BLAS implementation, just like the old behavior.

Unfortunately you will get errors on updating if you currently have OpenBLAS installed as ...

[From Arch] Switch to the base-devel meta package requires manual intervention


The base-devel package group has recently been replaced by a meta package of the same name.
People that had the base-devel package group installed (meaning people that installed base-devel before February 2nd) have to explicitly re-install it to get the new base-devel package installed on their system:

pacman -Syu base-devel

systemd encrypted boot may be broken by upgrade to openssl v3 (systemd-cryptsetup), and various libcrypto.so.1.1 errors - suggest to postpone upgrading


until https://bugs.archlinux.org/task/76440 is resolved

FS#76440 : systemd-cryptsetup still refers to libcrypto.so.1.1 after upgrading to openssl3

see: https://labs.parabola.nu/issues/3368

UPDATE 2022-11-08: fixed in cryptsetup 2.5.0-4

Older News

[From Arch] Removing python2 from the repositories
Grub bootloader upgrade and configuration incompatibilities
elogind requires manual intervention
[nonsystemd] NetworkManager, dbus and display managers require manual intervention
[From Arch]: wxgtk2 may require manual intervention
TalkingParabola merged in main ISO and installation medium with installer
[From Arch] Sorting out old password hashes
[From Arch 32] plasma-workspace needs manual intervention
[From Arch] libtraceevent>=5.9-1 update requires manual intervention
[From Arch] ghostpcl>=9.53.2-2 and ghostxps>=9.53.2-2 updates require manual intervention

Recent Updates (more)

RSS Feed
spglib 2.4.0-1 armv7h/x86_64
python-ulid 2.4.0.post0-1 armv7h
jupyter-server 2.14.0-1 armv7h
xmlsec 1.3.4-1 armv7h
cmake 3.29.2-1 armv7h
xf86-video-intel 1:2.99.917+923+gb74b67f0-2.0 i686
pypinyin 0.50.0-2.0 i686
python-pytest-relaxed 2.0.2-1.0 i686
python-looseversion 1.3.0-2.0 i686
mate-user-guide 1.28.0-1.0 i686
mozo 1.28.0-1.0 i686
libvirt-python 1:10.2.0-1.0 i686
python-notify2 0.3.1-9.0 i686
python-pycparser 2.22-1.0 i686
qt6-translations 6.6.3-1.0 i686

Friends of Freedom

1984 - Parabola's server hosting sponsor Olimex - Maker of libre-friendly ARM computers Vikings - Libre-friendly hardware and hosting