Mon, Dec 2nd, 2024
Vídeo oficial de FreeCAD 1.0
Si hace unos días anuncié su lanzamiento es hora de darle un poco más de promoción con el vídeo oficial de FreeCAD 1.0, una creación muy profesional de proyecto que destacar por su música «potente y cañera», acorde con las creaciones que se muestran, todas ellas acompañadas por sus creadores.
Vídeo oficial de FreeCAD 1.0
Son menos de dos minutos y medio pero sirve para ver algunos de las dibujos que se pueden hacer con FreeCAD 1.0, así como de un buen repaso a sus nuevas características y la corrección algunos errores que eran muy molestos.
Lanzado FreeCAD 1.0
Aunque me consta que los profesionales del tema no comparten conmigo esta sensación, yo tengo una buena experiencia con FreeCAD aplicación. La utilicé en mis clases de tecnología para alumnado de 4º de ESO, convirtiéndose en una excelente forma de introducirse en el mundo de diseño 3D sin caer en software privado.
Aprovechando unos magníficos vídeos de Juan Gonzalez Gomez (aka ObiJuan) mi alumnado trabajó de forma autónoma, cada uno a su ritmo, mientras yo me dedicaba a solucionar los problemas que aparecen porque las interfaces van evolucionando.
Es por ello que me alegré compartir que había lanzado su primera versión estable, la 1.0, la cual trae como novedades principales:
- Workbench de ensamblajes integrado: Este nuevo módulo permite diseños basados en un enfoque de «bottom-up», pruebas de movimiento y vistas explosionadas de componentes, utilizando el solucionador Ondsel.
- Mejora en la gestión de nombres topológicos: Este avance resuelve un problema histórico, evitando que la eliminación de geometrías rompa modelos debido a referencias cruzadas.
- Sistema de materiales renovado: Ahora se pueden asignar propiedades de apariencia a los materiales, mejorando el realismo y la personalización en los modelos.
- Interfaz gráfica mejorada: Cambios como nuevas herramientas en el «Sketcher», un indicador de centro de rotación personalizable, y opciones para adaptar la disposición de los paneles hacen que la experiencia de usuario sea más fluida.
- Nuevas funcionalidades para diseño BIM: Se añadieron herramientas específicas para arquitectura e ingeniería civil, junto con mejor soporte para el formato IFC.
- Página de inicio basada en QTWidgets: Facilita el acceso a herramientas principales y proyectos recientes con un diseño más intuitivo.
Más información: Notas de lanzamiento den la Wiki de FreeCAD | LibreArts | Phoronix | betanews
La entrada Vídeo oficial de FreeCAD 1.0 se publicó primero en KDE Blog.
Herramienta para actualizar entre distintas versiones de openSUSE
Una nueva herramienta viene para ayudar a actualizar entre versiones de openSUSE
El objetivo de esta nueva herramienta llamada opensuse-migration-tool, publicada bajo una licencia Apache, es simplificar las actualizaciones y las actualizaciones entre distribuciones dentro de las distintas opciones de openSUSE. También es compatible con la migración de openSUSE Leap a SUSE Linux Enterprise.
Esta herramienta se ha empezado a desarrollar dentro de un proyecto de la Hackweek24. Por cierto la herramienta aún es experimental y no se espera que se use en producción, hasta que no se haya testeado a fondo. Así que precaución a la hora de utilizarla en vuestros sistemas.
La herramienta obtiene información sobre las versiones puntuales desde el sitio get.opensuse.org API y también utiliza openSUSE-repos para una migración entre distribuciones y actualización a versiones más actuales.
La instalación de openSUSE-repos desde el repositorio de destino de una actualización o migración elimina cualquier retoque manual de los repositorios de distribución.
Los casos para los que está pensada esta herramienta es para la actualización entre las siguientes versiones:
- Leap → Leap n+1
- Leap → SLES
- Leap → Tumbleweed
- Leap → Slowroll
- Leap Micro → Leap Micro n+1
- Leap Micro → MicroOS
- Slowroll → Tumbleweed
Lo ideal es ejecutar siempre la herramienta primero con la opción --dry-run
para tener una idea general de lo que la herramienta va a realizar haría a su sistema.
A la hora de testear la herramienta se recomiendo hacerlo en una máquina virtual o contenedor a través, por ejemplo, de distrobox.
Si vamosa probar la herramienta en una versión de las normales Lea, Tumbleweed o Slowroll, el flujo de trabajo a seguir sería el siguiente:
$ sudo zypper in opensuse-migration-tool #Para instalar la herramienta
$ opensuse-migration-tool --dry-run # Vemos de un vistazo los cambios que propone
$ sudo opensuse-migration-tool
$ reboot
De forma predeterminada, la herramienta no muestra las versiones Alpha, Beta, RC de versiones puntuales como objetivos con los que realiza la actualización/migración. Por ejemplo, Leap Micro 6.1 Beta o Leap 16.9 Alpha.
Esto es así a propósito ya que se quiere asegurar que nadie actualice accidentalmente su sistema a, por ejemplo, la versión Alpha de una próxima versión.
Para hacer el cambio a esas versiones previas al lanzamiento final, existe la posibilidad de ejecutar el comandos con el argumento --pre-release
, luego obtendremos información de get.opensuse.org API sobre todas las versiones disponibles.
Pero el comportamiento predeterminado es capturar solo las versiones con el estado «Estable», lo que significa liberadas/compatibles.
Desde que estoy en Tumbleweed no necesito de esta herramienta, pero sin duda es algo a tener muy en cuenta si por ejemplo usas Leap.
Sun, Dec 1st, 2024
KDE estuvo presente en el III Seminario Anual GNU/Linux
Ya ha pasado el mes de noviembre y ya ha finalizado un evento online donde el Software Libre fue el protagonista. Hoy es el momento de recordar que KDE estuvo presente en el III Seminario Anual GNU/Linux compartiendo con vosotros mi participación.
KDE estuvo presente en el III Seminario Anual GNU/Linux
Hace un tiempo que me invitaron y, por supuesto, acepté, a participar en el III Seminario Anual GNU/Linux represenando a la Comunidad KDE. El nombre de la charla es sencillo ya que mi objetivo es mostrar lo que puedes hacer con Plasma y que lo convierten en el escritorio más eficiente para cualquier usuario.
Mi participación fue muy sencilla, utilizando los servicios de Telegram, cuyo funcionamiento me sorprendió gratamente, ya que no solo la retransmisión fue perfecta, sino que se conectó con Youtube y quedó registrada sin ningún problema. Es más, la integración con el escritorio Plasma 6.2 fue perfecta ya que mi charla necesitaba compartir mi pantalla, lo cual se realizó sin ningún inconveniente.
De esta forma, no os perdáis mi charla «10 cosas que no sabías que podías hacer en Plasma 6» que fue grabada el viernes 1 de noviembre a las 21:00 hora peninsular española.
Por cierto, agradezco a Javier, organizador del evento, por hacerme este recordatorio del evento:
III Seminario Anual GNU/Linux
Todos los fines de semana de noviembre thas tenido una cita con el mundo GNU/Linux en forma de ponencia en directo con divulgadores de todo el mundo hispano hablante con la nueva edición del seminario Anual GNU/Linux.
De esta forma, la Comunidad OpenShield organizó 7 presentaciones con las que iniciarse, aprender, profundizar y, en general, conocer un poco más el abanico de posibilidades que te ofrece el mundo del Conocimiento Libre al módico precio de un poco de tu tiempo (que no es poco).
El objetivo de este evento es mostrar, enseñar y demostrando las bondades de Linux, GNU/Linux. Pero lo mejor es que veáis el vídeo presentación:
Esta es la lista de participantes:
🗣 Klaibson Ribeiro 🇧🇷 🏢 Comunidad Brasileña del Software Libre de Brasil 📝 La IA en Suites de ofimatica
🗣 Roberto Ronconi 🇦🇷 🏢 Independiente 📝 Migración de Windows a GNULinux
🗣 Baltasar Ortega (un servidor) 🇪🇸 🏢 Comunidad KDE España 📝 10 cosas que no sabías que podías hacer con Plasma 6
🗣 Angelo Ramírez 🇨🇱 🏢 Bit Technology 📝 Seguridad, Apache, MySQL
🗣 Andres Gomez 🇨🇱 🏢 Bit Technology 📝 MySQL, Docker
🗣 Lina Castro 🇨🇴 🏢 Cencosud 📝 Romper las barreras de Android, sumérgete en Ubuntu Touch
🗣 Marga Manterola 🇦🇷 🏢 Aprendiendo con Marga 📝 Una carrera exitosa con sofware libre
🗣️ Jorge Varela🇲🇽 🏢 Red Hat Latinoamérica 📝 Primeros pasos en Fedora CoreOS
¿Qué os parece?
Más información: III Seminario GNU/Linux
La entrada KDE estuvo presente en el III Seminario Anual GNU/Linux se publicó primero en KDE Blog.
Sat, Nov 30th, 2024
Cómo crear un iDevice de Geogebra en eXeLearning – Vídeo
Hace ya casi tres años que presenté eXeLearning, un editor de recursos educativos e interactivos de código abierto que te permite llevar tu actividades a otro nivel a la vez que compartirlos sin ningún tipo de restricción en multitud de formatos. Lo cierto es que me interesa mucho esta aplicación y he empezado a aprender mucho sobre ella, y es mi deber pagarlo mediante promoción. Hoy os traigo cómo crear un iDevice de Geogebra en eXeLearning – un vídeo de Cedec_Intef .
Cómo crear un iDevice de Geogebra en eXeLearning – Vídeo
Seguimos con eXeLearning, y en esta ocasión con un vídeo de Cedec_Intef, que no es más que el Centro Nacional de Desarrollo Curricular en Sistemas no Propietarios (Cedec), un organismo público español que promueve la transformación digital y metodológica de las aulas que pone a disposición de los docentes recursos educativos abiertos (REA) del Proyecto EDIA, elaborados por docentes en activo con la herramienta de software libre eXeLearning.
Pues bien, en el vídeo que os presento hoy se explica en pocos pasos cómo crear un iDevice de Geogebra, enlazando otro de los grandes proyectos libre educativos, abriendo una abanico de posibilidades casi inimaginable y mostrando que la creación de contenido compatible entre plataformas no es solo recomendable sino necesario para optimizar los recursos.
¿Qué es EXeLearning?
Para los que no lo conozcan, eXeLearning es un editor de recursos educativos e interactivos de código abierto se caracteriza por:
- Permite crear contenidos educativos de una manera sencilla
- Descarga fácil y gratuita desde su web.
- Está disponible para todos los sistemas operativos.
- Nos pemite catalogar los contenidos y publicarlos en diferentes formatos:
- Sitio web navegable y adaptable a diferentes dispositivos (responsive design).
- Estándar educativo, para trabajar con Moodle y otros LMS.
- Página HTML única para imprimir cómodamente tu trabajo.
- ePub3 (libro electrónico), etc.
- Ofrece diferentes diseños a elegir desde el menú, además de la posibilidad de crear diseños propios.
Con eXelearnig se puede crear todo tipo de actividades entre las que destaco rellenar huecos, pregunta de elección múltiple, pregunta de selección múltiple, pregunta verdadero-falso, cuestionario SCORM o actividad desplegable.
Además, y este es uno de los principales usos que hago de esta aplicación, nos permite crear rúbricas de forma sencilla, así como incluir recursos realizados con otras aplicaciones. Por ejemplo, Jclic, Descartes, Scratch, Geogebra, Physlets…
La entrada Cómo crear un iDevice de Geogebra en eXeLearning – Vídeo se publicó primero en KDE Blog.
Fri, Nov 29th, 2024
#openSUSE Tumbleweed revisión de la semana 48 de 2024
Tumbleweed es una distribución de GNU/Linux «Rolling Release» o de actualización contínua. Aquí puedes estar al tanto de las últimas novedades.
openSUSE Tumbleweed es la versión «rolling release» o de actualización continua de la distribución de GNU/Linux openSUSE.
Hagamos un repaso a las novedades que han llegado hasta los repositorios esta semana.
Y recuerda que puedes estar al tanto de las nuevas publicaciones de snapshots en esta web:
El anuncio original lo puedes leer en el blog de Dominique Leuenberger, publicado bajo licencia CC-by-sa, en este este enlace:
Esta semana 6 nuevas snapshots publicadas 81121, 1122, 1124, 1125, 1126 y 1127
Comentar, que en una actualización hubo un problema con la pantalla de bienvenida del sistema Plytmouth que hizo que no terminara de arrancar el sistema. Hubo una corrección que solucionó el problema.
En la lista de correo se comentó:
Las actualizaciones más destacadas de esta semana:
- Mesa 24.2.7 & 24.3.0
- ICU 76.1
- gpgme 1.24.0
- GTK 4.16.6 & 4.16.7
- LLVM 19.1.4
- PHP 8.3.14
- CMake 3.31.0
- GNOME 47.2
- KDE Plasma 6.2.4
- Qt 5.15.16
- Debugedit 5.1
Pero hay mucho más que se está preparando
- Mozilla Firefox 133.0
- LibreOffice 24.8.3.2
- Python setuptools 75.6
- systemd 257
- SQLite 3.47.1
- Linux kernel 6.12.1
Si quieres estar a la última con software actualizado y probado utiliza openSUSE Tumbleweed la opción rolling release de la distribución de GNU/Linux openSUSE.
Mantente actualizado y ya sabes: Have a lot of fun!!
Enlaces de interés
- ¿Por qué deberías utilizar openSUSE Tumbleweed?
- zypper dup en Tumbleweed hace todo el trabajo al actualizar
- ¿Cual es el mejor comando para actualizar Tumbleweed?
- ¿Qué es el test openQA?
- http://download.opensuse.org/tumbleweed/iso/
- https://es.opensuse.org/Portal:Tumbleweed
——————————–
Tumbleweed – Review of the week 2024/48
Dear Tumbleweed users and hackers,
After hackweek, we see a bunch of nifty changes coming our way. I have not seen everything by far, but there is at least a replacement for openSUSE-welcome planned on the GNOME Desktop (a variant of GNOME Tour), Lubos has just announced a new migration tool and there will certainly be many more things popping up in the next few days/weeks. During the last week, we have managed to deliver six snapshots (1121, 1122, 1124, 1125, 1126, and 1127)
The most relevant changes delivered are:
- Mesa 24.2.7 & 24.3.0
- ICU 76.1
- gpgme 1.24.0
- GTK 4.16.6 & 4.16.7
- LLVM 19.1.4
- PHP 8.3.14
- CMake 3.31.0
- GNOME 47.2
- KDE Plasma 6.2.4
- Qt 5.15.16
- Debugedit 5.1
Amongst the initially mentioned changes, we are currently also testing these updates in the Factory Staging areas:
- Mozilla Firefox 133.0
- LibreOffice 24.8.3.2
- Python setuptools 75.6
- systemd 257
- SQLite 3.47.1
- Linux kernel 6.12.1
Lanzado FreeCAD 1.0
Una de la eternas luchas del Software Libre es proporcionar una aplicación potente y verátil para el diseño 3D, es por ello que ver que el desarrollo de éste tipo de software sigue activo y que va evolucionando es una gran noticia. Me alegra compartir con vosotros que ha sido lanzado FreeCAD 1.0, una aplicación para el modelado 3D paramétrico en diseño mecánico y arquitectónico libre.
Lanzado FreeCAD 1.0
Aunque me consta que los profesionale del tema no comparten conmigo esta sensación, yo tengo una buena experiencia con FreeCAD aplicación. La utilicé en mis clases de tecnología para alumnado de 4º de ESO, convirtiéndose en una excelente forma de introducirse en el mundo de diseño 3D sin caer en software privado.
Aprovechando unos magníficos vídeos de Juan Gonzalez Gomez (aka ObiJuan) mi alumnado trabajó de forma autónoma, cada uno a su ritmo, mientras yo me dedicaba a solucionar los problemas que aparecen porque las interfaces van evolucionando.
Por esta razón, y porque creo que es necesario tener aplicaciones libres potentes en todas y cada una de las necesidades humanas, principalmente para no caer de forma esclava en una aplicación privativa, me elgra mucho anunciar que ha sido lanzado FreeCAD 1.0, hecho que marca un hito importante tras más de 20 años de desarrollo.
Algunas de las novedades principales incluyen:
- Workbench de ensamblajes integrado: Este nuevo módulo permite diseños basados en un enfoque de «bottom-up», pruebas de movimiento y vistas explosionadas de componentes, utilizando el solucionador Ondsel.
- Mejora en la gestión de nombres topológicos: Este avance resuelve un problema histórico, evitando que la eliminación de geometrías rompa modelos debido a referencias cruzadas.
- Sistema de materiales renovado: Ahora se pueden asignar propiedades de apariencia a los materiales, mejorando el realismo y la personalización en los modelos.
- Interfaz gráfica mejorada: Cambios como nuevas herramientas en el «Sketcher», un indicador de centro de rotación personalizable, y opciones para adaptar la disposición de los paneles hacen que la experiencia de usuario sea más fluida.
- Nuevas funcionalidades para diseño BIM: Se añadieron herramientas específicas para arquitectura e ingeniería civil, junto con mejor soporte para el formato IFC.
- Página de inicio basada en QTWidgets: Facilita el acceso a herramientas principales y proyectos recientes con un diseño más intuitivo.
Más información: Notas de lanzamiento den la Wiki de FreeCAD | LibreArts | Phoronix | betanews
La entrada Lanzado FreeCAD 1.0 se publicó primero en KDE Blog.
Upgrading to Leap Micro 6.1 Beta with opensuse-migration-tool
Leap Micro 6.1 Beta was released last Wednesday. Images can be found at get.opensuse.org As this is mostly a rebrand of SUSE Linux Enterprise Micro 6.1, unless some serious issues are found, users can expect a quick transition to RC and GA next week.
We’re introducing a new migration tool with Leap Micro 6.1 which should hopefully ease future upgrades to a Leap Micro releases, specifically new major versions. Let’s have a look at how to deploy it from git on older Leap Micro releases as well as how to install it on Leap Micro 6.1 Beta.
The main benefit for the user is that you don’t have to deal manually with any repository changes that might have been introduced in a new releases. This will hopefully lead to smoother and more straightforward upgrades. As of now the opensuse-migration-tool is still experimental.
Testing the tool with Leap Micro container from your Leap or Tumbleweed
We have to be running an older version of Leap Micro to be able to upgrade to 6.1.
Since we’re using distrobox in this example our host can be running Leap, Tumbleweed, Aeon. Distrobox will have access to your home directory, including the git checkout.
The key is to use –pre-release to have Leap Micro 6.1 as an available upgrade target.
$ git clone https://github.com/openSUSE/opensuse-migration-tool.git
$ cd opensuse-migration-tool
$ distrobox create --image registry.opensuse.org/opensuse/leap-micro/6.0/toolbox --name micro60
$ distrobox enter micro60 # from now on inside distrobox
$ zypper in bc jq curl dialog sed gawk
$ ./opensuse-migration-tool --pre-release --dry-run
$ sudo ./opensuse-migration-tool --pre-release # Chooose Leap Micro 6.1
$ cat /etc/os-release # should confirm that you've upgraded to 6.1
If you trash your container, just type exit podman stop micro60
or docker stop micro60
followed by distrobox rm micro60
.
And you can start all over again.
Testing the tool on Leap Micro host or inside the VM
Here we have to use transactional-update shell as we’re working inside Leap Micro 6.0 or even 5.5 host or a VM. Just like in the previous case, the important piece is to try it from a Leap Micro release older than 6.1, as otherwise, the only migration target would be MicroOS.
Make sure to use –pre-release to have 6.1 Beta as a viable migration target.
$ sudo transactional-update shell # from now on inside shell
$ zypper in git bc jq curl dialog sed gawk
$ git clone https://github.com/openSUSE/opensuse-migration-tool.git
$ cd opensuse-migration-tool
$ ./opensuse-migration-tool --pre-release --dry-run
$ sudo ./opensuse-migration-tool --pre-release # Choose Leap Micro 6.1 as a target
$ reboot
Don’t worry In case you mess up, we’re using transactional-update shell. You can always boot the previous snapshot.
Testing Leap Micro 6.1 to MicroOS upgrade migration
Since there is no newer point release than Leap Micro 6.1 Beta, the only migration/upgrade target would be MicroOS.
The point of this example is to show that the Leap Micro 6.1 repository already contains the opensuse-migration-tool Therefore there is no need to run it from a git checkout unless you want to tinker with it.
$ sudo transactional-update shell
$ zypper in opensuse-migration-tool # Will work only on Leap Micro 6.1
$ sudo opensuse-migration-tool --dry-run # to oversee what would change
$ sudo opensuse-migration-tool # MicroOS is expected to be the only migration option from Leap Micro 6.1 Beta
Don’t bother re-running the opensuse-migration-tool once you upgrade to MicroOS which is in fact openSUSE Tumbleweed. There is really nothing newer that you could migrate to, and you’ll get the message that openSUSE Tumbleweed is unsupported. This behavior is expected.
Known issues
Bug 1233982 - Upgrade to 6.1 (netcfg) failed
This particular issue will for sure pop up in your distrobox-based experiments. Distrobox mounts over /etc/hostname with a bind mount and the upgrade of netcfg will fail on post-script. This is safe to ignore (type i in interactive zypper dup).
The migration tool tries to run non-interactively at first, and in case it fails it leaves problem resolution on the user by re-running zypper dup
in interactive mode.
Contributing
If you’re interested in contributing feel free to send PR, report issues or features against openSUSE/opensuse-migration-tool Github repository
Tumbleweed Monthly Update - November 2024
This month, the rolling-release continues to shine as a well-oiled machine. November brings key updates for Mesa, gtk4, php8, postgresql17 and more. Alongside these key updates, important security fixes arrived for mozjs128, postgresql, Firefox, and OpenSC, which resolved several CVEs to help bolster your system’s resilience. The fresh design introduced last month, with its revamped logo and day/night-themed wallpapers, continues to enhance Tumbleweed’s aesthetic appeal while the updates this month improve functionality and security.
As always, remember to roll back using snapper if any issues arise.
Happy updating and tumble on!
For more details on the change logs for the month, visit the openSUSE Factory mailing list.
New Features and Enhancements
-
GTK4 4.16.6 and 4.16.7: The newest version reduces the size of error underlines in text rendering for better visual clarity. The 4.16.6 version provides fixes for a smoother user experience. Wayland color management is now opt-in, helping prevent compatibility issues with KWin. Users can experiment with this feature by setting
GDK_DEBUG=color-mgmt
. Improvements include preventing emoji selection when inserted inGtkText
, setting default window icons from the application ID inGtkApplication
and enhancingGtkFontChooser
to make its dialog more adaptable.The release also includes updated translations. -
postgresql 17.2: The package received two updates this month and resolves an ABI break affecting extensions that interact with
ResultRelInfo
and restores the functionality ofALTER {ROLE|DATABASE} SET
role. Logical replication slots now handlerestart_lsn
correctly to avoid backward movement. The update prevents deletion of required WAL files duringpg_rewind
and fixes race conditions with shared statistics entries. Index statistics incontrib/bloom
are now correctly counted. The update fixes an assertion failure in regular expression parsing caused by disconnected NFA sub-graphs. -
gnutls 3.8.8: Improvements in this package were made in post-quantum cryptography and Online Certificate Status Protocol handling. Experimental support for X25519MLKEM768 and SecP256r1MLKEM768 key exchange algorithms in TLS 1.3 were added that align with the final ML-KEM standard. This update requires liboqs 0.11.0 or newer. Additionally, the library now validates all records in OCSP responses, ensuring the server certificate is checked against all available records instead of only the first. Improvements in handling malformed
compress_certificate
extensions bring stricter RFC 8879 compliance, replacing incorrect alerts withillegal_parameter
and rejecting overlong extension data. -
KDE Plasma 6.2.3:
Bluedevil improves PIN entry behavior, while Breeze resolves a potential null pointer issue. Discover updates its backend for compatibility with fwupd 2.0.0 and corrects review visibility in the Application Page. KWin receives extensive updates, including fixes for crashes, colormap leaks, file descriptor handling, and HDR brightness management. Plasma Desktop fixes app tooltips, task manager icon alignment, emoji search, and optimizes activity management. Other components like KPipeWire, KSystemStats, and Powerdevil improve stream handling, sensor robustness, and brightness adjustments, respectively. Plasma Mobile simplifies and cleans up the Action Drawer and enhances app list navigation and search functionality. Plasma Audio Volume Control ensures accurate device name updates, while Plasma Workspace adjusts logout screen behavior, theme defaults, and mobile user interface fixes. - KDE Gear 24.08.3: Elisa fixes missing icons on certain platforms. K3b corrects file pattern parsing for ripped files and removes deprecated MusicBrainz code. KAccounts-Integration improves logging, fixes dangling references, and handles missing files gracefully. Kate addresses session group saving, export order for SQL and builds on openSUSE with updated dependencies. Kdenlive resolves multiple crashes and improves project handling, proxy generation, and timeline management. KIO-Extras adds WebP thumbnail support. Kitinerary expands ticket extraction support for multiple transport services and improves handling of Renfe and Agoda formats. Konsole fixes issues with OSC color commands.
- KDE Frameworks 6.8.0: Baloo now excludes model/obj and text/rust from indexing. Breeze Icons adds support for text/x-typst mimetype icons and unifies index themes for better consistency. Extra CMake Modules gain Python bindings and improved static Qt6 support. KIO sees improvements in http handling, resizing in KFilePlacesView, and overall UX enhancements. Kirigami resolves various issues with icons, themes, and overlays, improving usability. KTextEditor enhances session restore, template handling, and introduces comprehensive swap file tests. Solid restores media change handling for audio CDs and adopts libmount on Linux for better functionality. This release also includes numerous bug fixes, CI improvements for static builds, enhanced Qt 6 compatibility, and updated translations.
- gnome-control-center 47.2: GNOME users see accessibility improvements by removing excessive “screen” labels. The appearance settings fix accidental resets of accent colors. Lemory leak are addressed in the Apps section, while Color ensures profiles are connected before use. Printers fix an incorrect tooltip in the “Add Printer” button. Updated translations are included.
-
ruby3.3 3.3.6: This update includes the merging of JSON 2.7.2 and reline 0.5.10, along with an upgrade to REXML 3.3.9. The release resolves significant bugs, such as improper object freeing when using
Data_Make_Struct
, brokenIO#close
functionality under Fiber scheduling, and errors with multibyte path names on Windows. Additional fixes address issues withFloat
handling ASCII-incompatible strings, memory management inIO::Buffer
operations, and discrepancies ininstance_method
behavior across Ruby versions. This version also corrects corruptRUBY_DESCRIPTION
metadata when specific flags are used and improves hash key retrieval afterProcess.warmup
.
Key Package Updates
-
Mesa 24.3.0: The package introduces a new stable release with updates enhancing its graphical capabilities and addressing security and build issues. The update refreshes patches for various vulnerabilities, including CVE-2023-45913, CVE-2023-45919, and CVE-2023-45922, while incorporating fixes for Python 3.6 build compatibility and other adjustments. Deprecated options like
-Ddri3=enabled
and-Ddri-search-path
have been removed to streamline the build configuration. Vulkan 1.3 is now supported on Raspberry Pi 4 and 5 via v3dv, while the NVK driver adds support for important extensions likeVK_EXT_descriptor_buffer
,VK_KHR_dynamic_rendering_local_read
, andVK_KHR_pipeline_binary
. RADV sees new features and Shader support is significantly enhanced. Full details can be accessed in the release notes. - kernel-source 6.11.8: Key updates for the Linux Kernel address issues like dangling pointers in virtual socket and hyper-v socket initialization, improved support for AMD audio on certain laptops, and fixes for display rendering and timeout handling in Intel and AMD graphics drivers. The update resolves several memory management, file system and USB-related bugs, which includes USB Type-C and serial device handling. Fixes were made to Thunderbolt connections, media device parsing, and the management of system clocks and platformance features for AMD processors. Updates to the Btrfs file system enhance subvolume flag management and quota handling.
-
GStreamer 1.24.9: Fixes include better timestamp handling in
flvmux
,RTPManager
keyframe management and enhancedSRT
andV4L2
support. Updates optimizeaggregator
,playbin3
, andqtdemux
, with broader format and library compatibility. - gpgme 1.24.0: This package brings several significant enhancements and fixes, including extended decryption and verification commands that now support direct file output. Encryption and signing commands also allow input data to be read from files. Additional features include improved handling of designated revocation keys, new context flags for advanced operations like importing options and processing all signatures and the introduction of an easier method to change owner trust and enable or disable keys. The Qt library now supports simultaneous builds for Qt 5 and Qt 6, enabling file-based operations for encryption and signing while offering better integration for importing options and appending detached signatures.
- gtk4 4.16.3: This update enhances how default cursor themes are handled by searching within XDG directories to ensure better compatibility with Wayland environments. The default cursor size now matches the gsettings schema and provides a more consistent user experience. The fallback process for portal settings was refined as settings_portal is cleared when switching to fallback without portal settings. This release also includes updated translations.
-
php8 8.3.14: Fixes include addressing segmentation faults in DOM, GD, and FFI, memory leak in Reflection and OpenSSL, and use-after-free vulnerabilities in SPL and sockets. The update also resolves overflows in multiple modules, such as
mbstring
,streams
andGMP
for more stable and secure handling of edge cases. Notable security improvements include patches for out-of-bounds writes in LDAP CVE-2024-8932, heap buffer over-reads in MySQLnd CVE-2024-8929, and CRLF injection vulnerabilities in streams CVE-2024-11234. -
ibus 1.5.31: This includes enhanced CI support for both generic setups and Wayland environments, as well as updates to compose keys based on the latest Xorg and GTK standards. The release transitions to using
localectl
for XKB configuration retrieval in Wayland, enhancing integration. Security improvements include a change to the IBus unique name, while updates to XKB engines and Unicode categories ensure broader compatibility. This version resolves various issues, including problems with X11 applications and games, Emoji handling, Flatpak integration, and preedit behavior in specific input methods likem17n:sa:itrans
.
Bug Fixes and Security Updates
Several key security vulnerabilities were addressed this month:
- Firefox 132:
-
CVE-2024-10458: Permission leak via embed or object elements.
- CVE-2024-10459: Use-after-free in layout with accessibility, potentially leading to an exploitable crash.
- CVE-2024-10460: Confusing display of origin for external protocol handler prompt.
- CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response.
- CVE-2024-10462: Origin of permission prompt could be spoofed by a long URL.
- CVE-2024-10463: Cross-origin video frame leak in some conditions.
- CVE-2024-10468: Race conditions in IndexedDB could cause memory corruption and a potentially exploitable crash.
- CVE-2024-10464: History interface could cause a Denial of Service condition.
- CVE-2024-10465: Clipboard “paste” button persisted across tabs, allowing a potential spoofing attack.
- CVE-2024-10466: DOM push subscription message could hang Firefox, causing it to become unresponsive.
- CVE-2024-10467: Memory safety bugs fixed, potentially exploitable to run arbitrary code.
-
php8 8.3.14:
- CVE-2024-8932: An out-of-bounds access in the LDAP extension’s ldap_escape function.
- CVE-2024-8929: A heap buffer over-read in MySQLnd that could leak partial heap content.
- CVE-2024-11233: An issue in the Streams component allowing potential CRLF injection via proxy configurations.
- CVE-2024-11234: A vulnerability in the Streams component related to CRLF injection.
- CVE-2024-11236: Integer overflows in PDO DBLIB and PDO Firebird quoters, leading to out-of-bounds writes.
-
opensc 0.26.0:
-
CVE-2024-45615: Uninitialized values in
libopensc
andpkcs15init
could lead to undefined behavior. -
CVE-2024-45616: Incorrect checks or usage of APDU response values in
libopensc
may result in uninitialized values. -
CVE-2024-45617: Missing or incorrect return value checks in
libopensc
can cause uninitialized values. -
CVE-2024-45618: Similar issues in
pkcs15init
due to improper return value handling. -
CVE-2024-45619**: Improper handling of buffer or file lengths in
libopensc
. -
CVE-2024-45620**: Similar buffer or file length handling issues in
pkcs15init
. - CVE-2024-8443**: A heap buffer overflow in the OpenPGP driver during key generation.
-
CVE-2024-45615: Uninitialized values in
-
libsoup:
-
CVE-2024-52531: A buffer overflow in
soup_header_parse_param_list_strict
could occur during UTF-8 conversion in applications using libsoup versions prior to 3.6.1. This issue cannot be triggered by input received over the network. - CVE-2024-52532: An infinite loop and excessive memory consumption were possible when reading certain patterns of WebSocket data from clients in libsoup versions before 3.6.1.
-
CVE-2024-52531: A buffer overflow in
-
mozjs128 128.4.0:
-
CVE-2024-10458: Permission leak via
embed
orobject
elements. - CVE-2024-10459: Use-after-free in layout with accessibility.
- CVE-2024-10460: Confusing display of origin for external protocol handler prompt.
- CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response.
- CVE-2024-10462: Origin of permission prompt could be spoofed by long URL.
- CVE-2024-10463: Cross-origin video frame leak.
- CVE-2024-10464: History interface could cause a Denial of Service condition.
- CVE-2024-10465: Clipboard “paste” button persisted across tabs.
- CVE-2024-10466: DOM push subscription message could hang Firefox.
- CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
-
CVE-2024-10458: Permission leak via
-
postgresql17 17.1:
- CVE-2024-10976: Incomplete tracking of tables with row-level security could allow reused queries to access unintended rows.
- CVE-2024-10977: Error messages during SSL or GSS protocol negotiation could be spoofed by a man-in-the-middle.
- CVE-2024-10978: Incorrect privilege assignment could allow less-privileged users to view or modify unintended rows.
- CVE-2024-10979: In PL/Perl, unprivileged database users could alter sensitive process environment variables, potentially leading to arbitrary code execution.
-
libssh2_org 1.11.1:
- CVE-2023-48795: A vulnerability that could cause mishandled handshake and sequence numbers, allowing attackers to bypass integrity checks and downgrade security features in certain OpenSSH extensions.
-
Xen 4.19.0_06:
- CVE-2024-45818: Fixed a deadlock in x86 HVM standard VGA handling.
-
CVE-2024-45819: Only x86 systems running PVH guests are affected; HVM and PV guests are not vulnerable. The
libxl
toolstack may leak data to PVH guests via ACPI tables.
-
python-tornado6 6.4.2:
- CVE-2024-52804: The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue
Conclusion
November 2024 was another stellar month for Tumbleweed as it showcased its commitment to delivering the newest software with an impressive array of updates. Notable updates to Mesa, GTK4, KDE Plasma, PostgreSQL and more provide rolling release users with the latest in open-source technology for a secure and robust system. Keep rolling forward, and don’t forget to check out the detailed changelogs and discussions on the openSUSE Factory mailing list. Here’s to another month of seamless updates—happy tumbling!
Slowroll Arrivals
Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.
Contributing to openSUSE Tumbleweed
Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
stalld: unpatched fixed temporary file use and other issues
Table of Contents
- 1) Introduction
-
2) Use of Fixed Temporary File Path
/tmp/rtthrottle
inscripts/throttlectl.sh
- 3) The
fill_process_comm()
Function Might Read Unexpected Control Characters - 4) Experimental FIFO Boosting Feature might have a Danger of Locking up the System
- 5) Potential Race Conditions when Accessing
/proc/<pid>/{status,comm}
- 6) Weird
umask()
Setting used indaemonize()
- 7) CVE Assignments
- 8) Timeline
- 9) References
1) Introduction
Stalld is a daemon that aims to prevent starvation of operating system threads on Linux. It has recently been added to openSUSE Tumbleweed and we performed a routine review of the contained systemd service. During the review we noticed a couple of security issues that should be addressed.
We reached out to upstream via their GitLab issue tracker and created a public and a private issue (still private), but never got any reaction. After nearly three months without a reply we decided to publish the available information now.
This report is based on stalld version v1.19.6.
2) Use of Fixed Temporary File Path /tmp/rtthrottle
in scripts/throttlectl.sh
The throttlectl.sh script, which is called with root
privileges as a pre and post script in stalld’s systemd unit, is using the
fixed /tmp path /tmp/rtthrottle
to cache the original values found in
/proc/sys/kernel/sched_rt_runtime_us
and
/proc/sys/kernel/sched_rt_period_us
. This allows for a symlink attack and
a file pre-creation attack.
2.a) Symlink Attack
A symlink attack can only work if the Linux kernel’s protected_symlinks
setting is not in effect. If that would be the case then an attacker could
place a symlink at the location causing throttlectl
to overwrite arbitrary
files in the system, allowing for a local Denial-of-Service.
2.b) File Pre-Creation Attack
Pre-creating the path in /tmp/rtthrottle
will always work, even if the
protected_regular
setting in the kernel is active. This is the case because
the shell redirection in the script (like in the line echo $period >
$path/sched_rt_period_us
) will fall back to opening the target file without
O_CREAT
in the open()
flags, if creating the file fails. Without O_CREAT
the protected_regular
logic no longer triggers.
This means that if a local attacker pre-creates the file, the script will write
to a file owned by the attacker. By the time the script tries to restore the
values from this file, the local attacker can place arbitrary values in it,
which will in turn be written to the pseudo files in
/proc/sys/kernel/sched_rt_*
. This is a kind of local Denial-of-Service or a
local integrity violation. It is not an information leak, because the content
of these pseudo files is world-accessible anyway.
2.c) Exploitability
When stalld starts at boot time, there is not much opportunity for unprivileged local users to exploit this issue. If the service is started at a later time, or restarted, then the attack vector is exploitable, though.
2.d) Suggested Fix
To fix this, we suggest to place the file into the /run/stalld
directory,
which is owned by root. This directory is already created via stalld’s systemd
unit.
In the systemd unit some hardenings like PrivateTmp=yes
could also be
applied to prevent any future temporary file issues of this type.
The throttlectl
script should also set the errexit
shell option to make it
exit upon any unexpected errors.
3) The fill_process_comm()
Function Might Read Unexpected Control Characters
The fill_process_comm()
function reads the content
of /proc/<pid>/comm
from potentially untrusted processes in the system. The
data found in there is obtained from the name of the executable that the
kernel executed. Executable names can contain any data, except for the /
character. This also includes control characters like \r
or even terminal
control sequences. This string is used by stalld
to write information to
logs. By embedding a carriage return in an executable name, a local attacker
could achieve log spoofing.
To fix this, we suggest to transform any non-alphanumeric characters in the
string into some safe character like ?
.
4) Experimental FIFO Boosting Feature might have a Danger of Locking up the System
Via the --force_fifo
command line switch, stalld can be instructed to
“boost” stalled tasks by switching them to SCHED_FIFO
scheduling. We are
wondering what happens if a “rogue task” is assigned to this scheduler. As far
as we know, if such a task never yields the CPU again, the whole system could
lock up. This might require stalld
to run under SCHED_FIFO
itself,
using a higher scheduling priority than the boosted task, to prevent any such
situation.
5) Potential Race Conditions when Accessing /proc/<pid>/{status,comm}
As usual, when iterating over the processes in the /proc
file system, race
conditions can occur. Target processes could attempt to replace themselves by
other processes, confusing stalld. We don’t believe that the “stall” situation
can be provoked easily by a local attacker, though, thus the possibility to
exploit anything in this direction is likely small.
We just mention this as a hint to the reader, maybe we’re overlooking something more critical here.
6) Weird umask()
Setting used in daemonize()
The daemonize()
function applies a new umask to the daemon
process by calling umask(DAEMON_UMASK)
. The constant for this
has a weird value, though:
/*
* Daemon umask value.
*/
#define DAEMON_UMASK 0x133 /* 0644 */
We don’t know why an octal 0644
value isn’t used in the first place, instead
of writing this as a comment only. The constant 0x133
corresponds to an
octal value of 0463
, though. It will mask out the owner-readable bit,
read-write bits for the group and write-execute bits for world. This is likely
not what was intended here.
Luckily no world-writable files will come into existence this way, but the misconfiguration could lead to strange effects in the future, e.g. because the owner of the file will not have read permissions for it.
We don’t believe this is a security issue, which is why we created a public issue in the upstream GitLab tracker for this.
7) CVE Assignments
Since upstream did not react and therefore also didn’t confirm any of these issues, we did not request any CVEs from Mitre until now. The fixed temporary file usage issue 2) likely is worthy of a CVE assignment, though.
8) Timeline
2024-09-09 | We reported the issues (1, 2) in the upstream GitLab project, offering coordinated disclosure for the sensitive issues. |
2024-11-13 | After getting no reaction for such a long time we commented in the issue, asking for a reply until 2024-11-22, otherwise we would publish the issue on our end. |
2024-11-28 | We published the information without upstream fixes being available. |