Wed, Jan 8th, 2025

Tumbleweed Monthly Update - December 2024

Tumbleweed continues to exemplify a solid rolling release and December 2024 wraps up a year of several snapshots and large array of updates! KDE Gear 24.12 improves app usability, SQLite introduces innovative query features and snapshots brought critical patches across various packages for enhanced security. These updates not only strengthen functionality but also set the stage for an exciting 2025.

As always, remember to roll back using snapper if any issues arise.

Happy updating and tumble on!

For more details on the change logs for the month, visit the openSUSE Factory mailing list.

New Features and Enhancements

  • KDE Gear 24.12: This update delivers many enhancements across KDE’s diverse application suite. Dolphin now boasts better keyboard navigation, file sorting and a new mobile-optimized interface for Plasma Mobile. Document viewer Okular enhances its annotation, form-handling and digital signing capabilities, while Kdenlive introduces features like timeline item resizing and proxy generation improvements. Other apps like certificate manage Kleopatra and KDE Connect also see notable upgrades that ncludes improved cryptography tools and improved Bluetooth connectivity.
  • KDE Ships Frameworks 6.9.0: Key highlights include better accessibility, improved file handling and updated icon sets across various modules. Frameworks like Baloo and Kirigami received significant updates for test reliability and usability, while Breeze Icons introduced new symbolic versions for better UI consistency. The transition to Qt6 progresses with many components now optimized for compatibility, and new Python bindings extend functionality in multiple libraries. Other improvements address cryptographic handling, better integration with Flatpak, and fixes for platform-specific builds like Haiku.
  • sqlite 3.47.1 & 3.47.2: The 3.47.1 version fixes makefile DESTDIR handling, addresses issues with certain IN queries and resolves bugs from prior releases. The upgrade introduces arbitrary expressions for RAISE, enhanced query optimizations, improved group_concat behavior and new CLI features like median() and .www. Several query planner improvements boost performance, while SQLite now avoids “long double” usage for better compatibility. Additional enhancements include custom locale-aware FTS5 tokenizers, contentless FTS5 tables, and an experimental sqlite3_rsync tool. Compatibility for TCL9 is added, and JavaScript OPFS VFS issues are fixed. The 3.47.2 version resolves a text-to-floating-point conversion issue affecting specific numeric text values on x64 and i386 systems, introduced in version 3.47.0. Minor bug fixes are included, and the session extension is now enabled to support NodeJS 22.
  • Kernel-firmware 20241128: This introduces extensive updates that include the i915 Xe2LPD DMC v2.24, new Cirrus CS35L56 firmware for Dell laptops, and multiple amdgpu updates. It also adds new aliases for kernel 6.13-rc1 and enhances support for various AMD GPUs, iwlwifi and other devices.
  • gpg 2.5.2: This update introduces ECC+Kyber key generation, trustdb validation post-key import and improved handling of expired trusted keys. Enhancements include fixes for encryption issues, robust error handling for smart cards and performance boosts for certificate listings. Other updates refine ADSK key usage, address database race conditions and optimize directory creation during extraction.
  • curl 8.11.1: This release addresses a critical security issue involving netrc and redirect credential leaks. Improvements include fixes for cookie handling, enhanced trace timestamps and better error messaging for expired certificates. Updates also resolve issues with netrc parsing, libssh IPv6 handling and HTTP content decoding.

Key Package Updates

  • Kernel Source 6.12.6: The kernel introduces numerous improvements and fixes. Key updates include enhanced USB support, addresses issues in device suspension and improves audio compatibility for specific devices. Other notable fixes involve enhancements to scheduling, block storage, network protocols and RISC-V architecture. It also includes critical patches for BPF, IOMMU, and several drivers.
  • Flatpak 1.15.12: This fixes crashes during app installations by reverting to process IDs in cgroup names, introduces USB metadata parameters (--usb, --no-usb), enhances accessibility with --a11y-own-name, improves debugging with flatpak run -vv, adds KDE search completion support and includes build fixes, updated dependencies, and memory leak resolutions.
  • systemd 256.9 and 256.10: This 256.9 update clarifies $WATCHDOG_USEC usage for the shutdown binary and addresses SAS wide ports in udev-builtin-path_id. It reverts a commit causing regressions, disables EFI on non-compliant architectures, and removes /run/systemd when switching root. The 256.10 update includes fixes for VLAN ranges, improved WireGuard key error reporting and adjustments to systemctl for better user feedback.
  • LLVM 19.1.5 and 19.1.6: This minor update provides bug fixes and the llvm-do-not-install-static-libraries.patch was rebased to align with the update.
  • qemu 9.2.0: This update introduces 3D acceleration for Vulkan apps via virtio-gpu, enhanced crypto with SHA-384 support and QATzip migration compression. arm gains FEAT_EBF16 emulation, two-stage SMMU and CPU Security Extensions for xilinx-zynq-a9. RISC-V sees IOMMU support, extensions for control flow integrity and improved vector performance. x86 highlights include a new Nitro Enclave machine type and AVX10 KVM enhancements.
  • GStreamer 1.24.10: This update addresses more than 40 security vulnerabilities in components like MP4, Matroska and Ogg demuxers and includes fixes for avviddec assertions, appsink/appsrc, decodebin3, closed captioning and pipeline graph generation.
  • vim 9.1.0908: This update includes new file type recognitions, enhancements to documentation, better syntax support for various languages and numerous bug fixes across features like completion, file operations, and plugins. It also refreshes translations and improves runtime components like netrw and termdebug.
  • libzypp 17.35.15: This update updates to treat = as a safe character in URL query values, adds support for recognizing rpmdb.sqlite as a database file, fixes a typo and adjusts the FastCGI header.
  • gedit 48.1: This update removes plugins like External Tools, Snippets and Python Console. The package rewrites the Text Size plugin in C, and eliminates the background-pattern grid feature. Fixes include Wayland unmaximize bug and compilation warnings, alongside code refactoring and updated translations. The gedit-plugins-python-env.patch was dropped as obsolete.
  • AppStream 1.0.4: This release brings new features, including AS_BUNDLE_KIND_SYSUPDATE for system updates and dark theme support for Plasma and Pantheon. Improvements were made to memory size detection for Illumos, Solaris, and GNU/Hurd along with enhanced branding color exposure in Qt. Bug fixes address race conditions in GResource loading, timezone handling and legacy compatibility tags.

Bug Fixes and Security Updates

Several key security vulnerabilities were addressed this month:

  • avahi:
    • CVE-2024-52616: Predictable Avahi-daemon DNS transaction IDs enable potential spoofing attacks.
  • mozjs128 128.5.1:
    • CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL.
    • CVE-2024-11692: Select list elements could display over another site.
    • CVE-2024-11694: CSP bypass and XSS exposure via Web Compatibility Shims.
    • CVE-2024-11695: URL bar spoofing through manipulated Punycode and whitespace characters.
    • CVE-2024-11696: Unhandled exception during add-on signature verification.
    • CVE-2024-11697: Improper keypress handling in executable file confirmation dialog.
  • curl 8.11.1:
    • CVE-2024-11053: Versions 6.5–8.11.0 leaked .netrc passwords during HTTP redirects.
  • libheif:
    • CVE-2023-0996: Addressed out-of-bounds read and write issues during HEIF file decoding with forged overlay image offsets.
    • CVE-2024-41311 : Fixes mitigating vulnerabilities that could lead to memory corruption during malformed HEIF file handling.
    • CVE-2023-29659: Enhances overall security and addresses security flaws in HEIF file processing to prevent out-of-bounds access.
  • socat 1.8.0.2:
    • CVE-2024-54661: Predictable temp file paths in socat may allow arbitrary file overwrites.
  • emacs:
    • CVE-2024-53920: On untrusted Emacs, Lisp code can trigger unsafe macro expansion, allowing arbitrary code execution.

Conclusion

December 2024 capped off the year with significant updates. Notable enhancements include QEMU’s improved virtualization features, systemd’s refined user feedback and hardware compatibility, and the kernel’s advancements in boosting device support and performance. Updates to Flatpak and AppStream further enhance the ecosystem, providing better app management and integration. As Tumbleweed users roll into 2025, they can count on a comfortable, secure open-source software experience. Happy tumbling!

Slowroll Arrivals

Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.

Contributing to openSUSE Tumbleweed

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

Syslog-ng is coming to EPEL 10

Last December, I added support for EPEL 10 in my unofficial syslog-ng Git snapshot repository. This week, I call for testing the official syslog-ng EPEL 10 package.

Once I saw in my unofficial syslog-ng repo that syslog-ng compiles fine on EPEL 10, I also started to work on the official package. I hit a roadblock immediately: ivykis (a mandatory dependency of syslog-ng) was missing from EPEL 10. So, right before the Christmas holidays, I submitted two missing dependencies I maintain (ivykis and riemann-c-client) to EPEL 10. As of today, all mandatory and most optional syslog-ng dependencies are available either in the base OS or in EPEL 10.

Last week, I submitted syslog-ng 4.8.1 to EPEL 10. Three dependencies are missing, thus the related features are disabled. These missing dependencies are SQL support, MQTT support and SMTP support. I suspect that SQL support will stay missing, while MQTT and SMTP might arrive later on. At least these packages arrived with some delay to EPEL 9.

Read more at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-is-coming-to-epel-10

syslog-ng logo

Tue, Jan 7th, 2025

Board Election Schedule Revised

Members of the openSUSE Election Committee have provided an update regarding this year’s Board election. This election will fill three board seats. All eligible openSUSE members are encouraged to participate in shaping the future of the project.

The nomination process, originally scheduled for completion in December, has been extended due to an insufficient number of candidates. The updated timeline aims to provide more opportunities for members to engage in the process.

Revised Election Timeline

  • Jan. 3, 2025: Extension for nominations and applications for Board candidacy; membership drive begins
  • Jan. 18, 2025: Final candidate list announced; campaign begins; membership drive continues (new members can vote but not run)
  • Jan. 19, 2025: Voting opens
  • Feb. 2, 2025: Voting closes
  • Feb. 3, 2025: Election results announced

The three open seats are held by Douglas DeMaio, Neal Gompa, and Patrick Fitzgerald. Board members serve as guides for the community, handle key project functions, facilitate initiatives, organize meetings, and manage openSUSE domains and trademarks. They also uphold community standards, including overseeing complaints and ensuring compliance with the openSUSE Code of Conduct.

How to Participate

Any openSUSE member can stand for election by sending an email to project@lists.opensuse.org and election-officials@lists.opensuse.org. Members can also nominate others by contacting the Election Committee, who will confirm the nominee’s interest.

Eligibility Requirements

Per the Election Rules, only current members are eligible to run for board positions. New members joining during the membership drive can participate in voting but cannot stand as candidates.

The election is overseen by committee members Ish Sookun, Edwin Zakaria, and Ariez Vachha. Their responsibilities include finalizing the candidate list and ensuring a smooth election process.

Let’s work together to make this election a success and continue driving openSUSE forward into 2025!

Tue, Dec 31st, 2024

Quick howto for systemd-inhibit

Bit of the why

So often I come across the need to avoid my system to block forever, or until a process finishes, I can’t recall how did I came across systemd inhibit, but here’s my approach and a bit of motivation

Motivation

I noticed that the Gnome Settings, come with Rygel

After some fiddling (not much really), it starts directly once I login and I will be using it instead of a fully fledged plex or the like, I just want to stream some videos from time to time from my home pc over my ipad :D using VLC.

The Hack

systemd-inhibit --who=foursixnine --why="maybe there be dragons" --mode block \
    bash -c 'while $(systemctl --user is-active -q rygel.service); do sleep 1h; done'

One can also use waitpid and more.

Thank you for comming to my ted talk.

Mon, Dec 30th, 2024

Does Freeciv be better than Civilization?

I think Freeciv has hex tiles earlier than Civilization. Freeciv exists even, when newest Civilization is 3. Perhaps I am not 100% correct in all sentence here, but I only wrote, what I remember about hex tiles. I start play Freeciv even Civilization does not have hex tiles.

There is proof Freeciv supports hex currently and I think it supports it earlier than Civilization. Do not look at Freeciv in web version. Freeciv have many configuration options and on web, it default to rectangle tiles.

Also, Freeciv offers founders and navigable rivers many years after not yet released Civilization 7. There was difference in founders. Founders are special settlers, which create city with two population.

That is all for today.

Mon, Dec 23rd, 2024

Updates to the Request Index Page

A few months ago, we introduced the Request Index Page feature in OBS. Recently, we added new filters to help users narrow down requests by staging projects and by request creators. The filters have also been improved to consider reviews, which is particularly useful for finding staging project requests. The Request Index feature is part of the beta program. We started the redesign of the request index in August 2024 introducing a new UI to...

Sat, Dec 21st, 2024

Tumbleweed – Review of the week 2024/51

Dear Tumbleweed users and hackers,

The end is near—the end of 2024, of course. This will be the last weekly review I’ll compose this year, as I’ll be logging off for the next two weeks. But worry not: Tumbleweed will continue rolling as it did in the past. So if you have spare time, feel free to submit your changes when they are ready.

During the last week, we managed to publish 5 snapshots (1213, 1215, 1216, 1217, and 1218), containing these changes:

  • KDE Gear 24.12.0
  • cURL 8.11.1
  • GPG 2.5.2
  • KDE Frameworks 6.9.0
  • Mozilla Firefox 133.0.3
  • lvm 2.03.29
  • Ruby Rails 8.0

There are still a few things in the staging areas – whatever is being submitted will be staged. Currently, we are testing these changes:

  • Ruby 3.4: subversion test suite fails
  • Linux kernel 6.12.5
  • systemd 257
  • RPM 4.20
  • Haskell 9.10

With this, I wish you a great time ahead and will be looking forward to working with you all on Tumbleweed in 2025 again.

Fri, Dec 20th, 2024

New Package Management Tool Debuts

The name for this project was updated to Myrlyn on Jan. 9, 2025.

YQPkg, a promising new package management tool for openSUSE, is preparing to make waves in the Linux community.

Designed as a standalone GUI, the software package offers a lightweight, intuitive alternative to traditional tools like YaST for users of openSUSE distributions.

YQPkg provides a glimpse into the future of package management on openSUSE systems. The usable alpha when packaged and released for Tumbleweed and Slowroll will include most of the key features necessary for effective package management.

YQPkg was developed during Hack Week 24 and is a standalone Qt-based package manager, free from YaST dependencies. It supports real package installation, updates, and removals with dependency resolution and user feedback. It’s alpha but usable, with read-only and root modes.

Users can run it as root for full functionality or as a regular user in read-only mode. It features a straightforward progress bar and users can toggle detailed views during operations.

However, some limitations remain. Repository refresh operations and gpg key handling are not yet implemented, so users are advised to manually refresh repositories (sudo zypper ref) before starting the program. YQPkg is still in active development, with known bugs and potential issues; IT IS RECOMMENDED TO AVOID USING IT ON CRITICAL PRODUCTION SYSTEMS AT THIS POINT.

Unlike its predecessor, YQPkg does not depend on YaST infrastructure as it relies only on libzypp. This independence ensures a streamlined experience and reduces some complexity. Libzypp is a C++-based package management library that handles package dependency resolution and management, independent of any graphical user interface framework like Qt.

The tool will introduce flexible summary views, allowing users to review completed tasks or return to previous steps for additional changes. Preferences like summary page settings and countdown timers are saved for future sessions.

Users wanting to explore YQPkg will be able to easily get started upon its release; after refreshing repositories with sudo zypper ref, users can download the latest alpha release and run the tool in either non-root read-only mode or with root permissions for full functionality; this accessibility ensures YQPkg is ready to meet the needs of both casual users and power users alike.

Though still in development, YQPkg is steadily evolving. Future updates promise enhancements like improved error handling, GPG key management, and repository refresh prompts. YQPkg is shaping up for a bright future related to package management within the openSUSE ecosystem.

You can build it from source from its GitHub repo. The current development status and screenshots are available here; scroll down for the latest news.

Thu, Dec 19th, 2024

Quick Web Apps | Easy Access to Your Favorite Online Tools

Quick Web Apps enhances web application accessibility by allowing users to launch them in separate windows, avoiding cluttered browser tabs. The installation is straightforward via openSUSE Tumbleweed, and users can easily create shortcuts for frequently used sites. While it’s not a perfect solution, it significantly improves productivity on the Linux desktop.

Leap 15.5 Nears End of Life

The release of Leap 15.6 on June 12 set in motion the End of Life for maintenance and security for Leap 15.5, which will happen at the end of December.

Users should upgrade to openSUSE Leap 15.6 to continue to receive security and maintenance updates. Leap versions have a six-month end-of-life period after the release of a new version.

The openSUSE Project is in the development for stage forLeap 16.0 with the pre-Alpha version people can test.

Early adopters and contributors are encouraged to explore this release and provide feedback to shape the next Leap release, which will come with the Agama installer.

Visit get.opensuse.org to try an openSUSE distribution. For users seeking extended support, SUSE offers long-term support options through its subscription services.