AlmaLinux OS 8.5 Stable Now Available

Hi, Community! The AlmaLinux OS Foundation is thrilled to announce that AlmaLinux OS 8.5 Stable is now available. This stable release for x86_64 and ARM architectures is ready for production installations and to power all your computing needs and workloads. So grab it from the nearest mirror and join us on the AlmaLinux Community Chat to discuss.

The Raspberry Pi image is also updated to the newest version.

Our Live Images, Cloud and Container images updates are in process and will be updated shortly as well.

A Very Special Thank You to the CentOS Project and Team

For the last almost 20 years the CentOS Project and the team behind it have served the community faithfully and provided us with a stable and free enterprise-grade operating system and community. As the sun sets for CentOS Linux and it reaches end-of-life, The AlmaLinux OS Foundation, team and community members would like to take this opportunity to publicly thank the CentOS team for all they have done, and made possible, for almost two decades. We look forward to continue collaborating and engaging with the CentOS Stream process and encourage the greater EL community to do so too as the Community Enterprise Operating System continues its evolution.

Release Notes and More Information

You can read more about this stable release by checking out the Release Notes. AlmaLinux OS 8.5 includes features and improvements to container tools to reduce friction and make the build and deploy processes more flexible, support for OpenJDK 17, additional OpenSCAP profiles for hardening and security compliance, new system roles, and Network Time Security (NTS) for NTP, amongst other additions and enhancement.

Don’t Just Read This. Come Help!

Your effort and contributions are what make great releases like this possible. Join us. Please report any bugs you may see on the Bug Tracker. Join the AlmaLinux Community Chat if you need any help, post a question, or even if you just want to hang out. Reach us on Reddit and on Twitter. Have fun with the new release and as always happy hacking.

1 Like

Wow, that was a really quick release.

Thumbs up to AlmaLinux Team!

Thank You so very much. Enjoy the release.

There appears to be a problem updating machines that rely on EPEL packages. When I run a simple dnf upgrade I get 35 problems listed. They all seem to be similar, so I’ll just list the last one:

Problem 35: package kwrite-19.12.2-1.el8.x86_64 requires, but none of the providers can be installed
  - package kf5-kxmlgui-5.68.0-1.el8.x86_64 requires, but none of the providers can be installed
  - package kf5-kxmlgui-5.68.0-1.el8.x86_64 requires qt5-qtbase(x86-64) = 5.12.5, but none of the providers can be installed
  - cannot install both qt5-qtbase-5.15.2-3.el8.x86_64 and qt5-qtbase-5.12.5-8.el8.x86_64
  - package wireshark-1:2.6.2-14.el8.x86_64 requires, but none of the providers can be installed
  - problem with installed package wireshark-1:2.6.2-12.el8.x86_64
  - package wireshark-1:2.6.2-12.el8.x86_64 requires wireshark-cli = 1:2.6.2-12.el8, but none of the providers can be installed
  - cannot install both wireshark-cli-1:2.6.2-14.el8.x86_64 and wireshark-cli-1:2.6.2-12.el8.x86_64
  - cannot install the best update candidate for package wireshark-cli-1:2.6.2-12.el8.x86_64
  - cannot install the best update candidate for package kwrite-19.12.2-1.el8.x86_64

If I try dnf --nobest update I get the same 35 problems listed, then the familiar list of what needs to be upgraded, but it ends with:

Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
 pcp-libs                                      x86_64   5.3.1-5.el8                                        appstream    615 k
 poppler                                       x86_64   20.11.0-3.el8                                      appstream    1.1 M
 python-qt5-rpm-macros                         noarch   5.15.0-2.el8                                       appstream     17 k
 qt5-qtbase                                    x86_64   5.15.2-3.el8                                       appstream    3.6 M
 qt5-qtbase-common                             noarch   5.15.2-3.el8                                       appstream     40 k
 qt5-qtbase-gui                                x86_64   5.15.2-3.el8                                       appstream    6.1 M
 qt5-qtdeclarative                             x86_64   5.15.2-2.el8                                       appstream    4.2 M
 qt5-qttools-common                            noarch   5.15.2-3.el8                                       appstream     20 k
 wireshark-cli                                 x86_64   1:2.6.2-14.el8                                     appstream     17 M
Skipping packages with broken dependencies:
 pcp-gui                                       x86_64   5.3.1-5.el8                                        appstream    874 k
 pcp-testsuite                                 x86_64   5.3.1-5.el8                                        appstream     21 M
 poppler-qt5                                   x86_64   20.11.0-3.el8                                      powertools   219 k
 python3-qt5                                   x86_64   5.15.0-2.el8                                       appstream    1.2 M
 python3-qt5-base                              x86_64   5.15.0-2.el8                                       appstream    3.2 M
 qt5-qtbase-mysql                              x86_64   5.15.2-3.el8                                       appstream     68 k
 qt5-qtconnectivity                            x86_64   5.15.2-2.el8                                       appstream    537 k
 qt5-qtgraphicaleffects                        x86_64   5.15.2-2.el8                                       appstream    121 k
 qt5-qtimageformats                            x86_64   5.15.2-2.el8                                       appstream    105 k
 qt5-qtlocation                                x86_64   5.15.2-2.el8                                       appstream    3.3 M
 qt5-qtmultimedia                              x86_64   5.15.2-2.el8                                       appstream    882 k
 qt5-qtquickcontrols                           x86_64   5.15.2-2.el8                                       appstream    1.1 M
 qt5-qtquickcontrols2                          x86_64   5.15.2-2.el8                                       appstream    1.6 M
 qt5-qtscript                                  x86_64   5.15.2-2.el8                                       appstream    1.1 M
 qt5-qtsensors                                 x86_64   5.15.2-2.el8                                       appstream    219 k
 qt5-qtserialport                              x86_64   5.15.2-2.el8                                       appstream     70 k
 qt5-qtsvg                                     x86_64   5.15.2-3.el8                                       appstream    183 k
 qt5-qttools                                   x86_64   5.15.2-3.el8                                       appstream     53 k
 qt5-qttools-libs-designer                     x86_64   5.15.2-3.el8                                       appstream    2.8 M
 qt5-qttools-libs-help                         x86_64   5.15.2-3.el8                                       appstream    193 k
 qt5-qtwebchannel                              x86_64   5.15.2-2.el8                                       appstream    101 k
 qt5-qtwebsockets                              x86_64   5.15.2-2.el8                                       appstream    100 k
 qt5-qtx11extras                               x86_64   5.15.2-2.el8                                       appstream     39 k
 qt5-qtxmlpatterns                             x86_64   5.15.2-2.el8                                       appstream    1.1 M
 wireshark                                     x86_64   1:2.6.2-14.el8                                     appstream    3.6 M

Transaction Summary
Install    6 Packages
Upgrade  625 Packages
Remove     5 Packages
Skip      34 Packages

Which looks fairly dangerous to my main server/workstation. I also tried:

dnf --enablerepo epel-testing --enablerepo epel-testing-modular update
dnf --enablerepo epel-testing --enablerepo epel-testing-modular --nobest update

with exactly the same results.

I’ve also tried dnf --nobest --allowerasing update which looked much better, but contained the lines:

 python3-libstoragemgmt                        x86_64   1.9.1-1.el8                                        baseos       174 k
     replacing  python3-libstoragemgmt-clibs.x86_64 1.8.7-1.el8

and finally dnf --best --allowerasing update which had

 pcp                                           x86_64   5.3.1-5.el8                                        appstream    1.3 M
     replacing  pcp-pmda-rpm.x86_64 5.2.5-6.el8_4

as well as the python3-libstoragemgmt mentioned above, however it also wanted to remove 123 packages!

I’m quite happy to wait, but has anyone any other suggestions?

1 Like

Since problem is in EPEL, it affects all EL8.5 the same.

Carl George in Mattermost suggested using epel-next to overcome the problems. I’ve just tried:

dnf --enablerepo epel-next  update

and it looks good as far as the Is this ok [y/N]: prompt. It’s 22:23 here so I haven’t let it start, but will try in the morning.

1 Like

A big THANK YOU @MartinR !!!
Worked like a charm ! Fully updated all the qt5* and kf5-* rpms from KDE/Plasma (although I don’t use KDE, I depend on it because okular is my top choice pdf reader).

I wondered what happened to EPEL Playground… Now I just got the answer :slight_smile:


Well, apparently qt5* is OK (tested with a previously compiled qbittorrent), but not some kf5-* !

Trying to launch some KDE apps (okular or krusader) end up with:

okular: symbol lookup error: /lib64/ undefined symbol: _ZN19KeySequenceRecorder16recordingChangedEv

Apparently seems to be in culprit, or its mismatch with some updated qt5 libs. This needs to be investigated…

Proceed with caution for the update if using epel-next.

I find this somehow ambiguous (maybe because English is not my native language ? :slight_smile: ) : is epel-next following CentOS Stream ? If so, the packages therein would be built for… RHEL 9 :grimacing:

@bogdan_ro I copied your comments over (in summary) to Mattermost and @srbala has got back to me. You need to set the cost of epel-next higher than epel. Bala pointed me at this page but is shows setting epel-next at a cost of 1000, which is the default.

1 Like

There are two CentOS Streams: 8 and 9.
Current Stream 8 foreshadows RHEL 8.6 and Stream 9 ought to converge towards RHEL 9.

Is there already epel9-next?

1 Like

I’ve been offline for a while. I’ve just bitten the bullet and upgraded to KDE under Alma 8.5. I enabled epel-next with a cost of 2000 (1000 seems to be the default according to man dnf.config). The first attempt to log in failed, so I tried Wayland KDE. That worked, but config was a bit screwey, but I’ve managed to go back to X11 KDE. Seems to be function, but the menu isn’t quite right yet, I’ll be patient.

please i need help with almalinux on raspberry pi

I have this message vcc-sd: disabling

happens with kernel 5.10.78
With kernel 5.10.60 I don’t have this message
thanks for your help

The qt5, kf5 package issues have been fixed by the EPEL developers. There are a number of updates today.

KDE Plasma 5 works again.

1 Like

I can confirm that, I proceeded with the update yesterday night on one of my systems. I also disabled epel-next.
Everything works flawlessly on Alma 8.5.

I’m still seeing

Last metadata expiration check: 1:40:36 ago on Mon 22 Nov 2021 19:44:07 GMT.
Problem: cannot install the best update candidate for package kde-gtk-config-5.18.4-1.el8.x86_64

  • nothing provides breeze-gtk-common needed by kde-gtk-config-5.22.5-1.el8.x86_64
    (try to add ‘–skip-broken’ to skip uninstallable packages or ‘–nobest’ to use not only best candidate packages)

For information: the problem seems to have gone away as of this morning (24/11/21). Thanks to all at Alma and (if they’re reading) EPEL.

Hi Experts,

We noticed Alma Linux 8.5 supports only " [httpd-2.4.37-47.module_el8.6.0+2872+fe0ff7aa.1.alma.x86_64.rpm]" whereas AlmaLinux9 has " [httpd-2.4.51-7.el9_0.x86_64.rpm]". Due to this, we are seeing multiple security vulnerabilities in our product, where Alma Linux 8.5 being used.

• Plugin ID 153584 - High - Apache < 2.4.49 Multiple Vulnerabilities
• Plugin ID 139574 - High - Apache 2.4.x < 2.4.46 Multiple Vulnerabilities
• Plugin ID 123642 - High - Apache 2.4.x < 2.4.39 Multiple Vulnerabilities
• Plugin ID 156255 - High - Apache 2.4.x >= 2.4.7 / < 2.4.52 Forward Proxy DoS / SSRF
• Plugin ID 161454 - High - Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow
• Plugin ID 150280 - High - Apache 2.4.x < 2.4.47 Multiple Vulnerabilities
• Plugin ID 158900 - High - Apache 2.4.x < 2.4.53 Multiple Vulnerabilities
• Plugin ID 128033 - Medium -Apache 2.4.x < 2.4.41 Multiple Vulnerabilities
• Plugin ID 153583 - Medium -Apache < 2.4.49 Multiple Vulnerabilities
• Plugin ID 153586 - Medium -Apache >= 2.4.30 < 2.4.49 mod_proxy_uwsgi
• Plugin ID 121355 - Medium -Apache 2.4.x < 2.4.38 Multiple Vulnerabilities
• Plugin ID 161948 - Medium -Apache 2.4.x < 2.4.54 Multiple Vulnerabilities
• Plugin ID 135290 - Medium -Apache 2.4.x < 2.4.42 Multiple Vulnerabilities
• Plugin ID 153585 - Medium -Apache >= 2.4.17 < 2.4.49 mod_http2

It look lot of efforts for us to move from CentOS 8.1 to AlmaLinux 8.5, as AlmaLinux9 was not available during our development phase. And with these many vulnerabilities open with Apache, it might not go well with our customers., Please let us know if Alma Linux 8.5 can support Apache httpd 2.4.37-51 or 2.4.37-54 RPM.


Hi @Kiran,

You have no issues here. RHEL, and therefore we, backport security patches. Your scanner doesn’t recognize them because they only do version checking.

What scanner are you using?

You have nothing to worry about. You are secure as can be.

Thanks Jack for your kind response. We are using Nessus scan and all the above vulnerabilities are seen with 2.4.37-43.alma RPM that we are using in our product with AlmaLinux 8.5

Yes Nessus isn’t parsing those correctly yet.

We have raised the issue with the Tenable team already.

Meanwhile you are perfectly secure!