Members of the openSUSE Election Committee have informed the project that Board elections are underway.

Four candidates are running for three open seats.

The final candidate list is:

• Chuck Payne
• Ish Sookun
• Jeff Mahoney
• Rachel Schrader

Key Dates

• Jan. 19, 2025: Voting opens
• Feb. 2, 2025: Voting closes
• Feb. 3, 2025: Results announced

For more information about the candidates and the election, visit the project mailing list where candidates are answering questions and informing members of their platform.

Board members serve as guides for the community, handle key project functions, facilitate initiatives, organize meetings, and manage openSUSE domains and trademarks. They also uphold community standards, including overseeing complaints and ensuring compliance with the openSUSE Code of Conduct.

Per the Election Rules, only current members are eligible to run for board positions. New members joining during the membership drive can participate in voting but cannot stand as candidates.

The election is overseen by committee members Edwin Zakaria, and Ariez Vachha. Their responsibilities include finalizing the candidate list and ensuring a smooth election process.

Dear Tumbleweed users and hackers,

The year is in full swing, people mostly seem back from their deserved holiday break and submissions keep coming. Based on all the submit requests, we picked what we could and published 5 snapshots out of that (20250109, 0112, 0113, 0114, and 0115)

The most relevant changes delivered during the last week were:

• GStreamer 1.24.11
• Dracut 059+suse.672: rework timeout for devices added via –mount and –add-device (bsc#1231792)
• Mozilla Firefox 134.0
• KDE Gear 24.12.1
• KDE Frameworks 6.10.0
• fwupd 1.9.27
• Poppler 25.01.0
• sssd 2.10.1
• Linux kernel 6.12.9
• shadow 4.17.2
• All python 3.10 modules have been removed. The interpreter is (for now) still in the repository, but probably not for long.

The next snapshot is already in QA, and looks good to be released later today (no promise given though – we only know at the end of QA). This snapshot, and the next ones in planning, will likely bring these changes:

• GIMP 3 (RC2)
• GNOME 47.3
• gpg 2.5.3
• util-linux 2.40.4
• SQLite 3.48.0
• Systemd 257
• RPM 4.20
• KDE Plasma 6.3: Beta is currently staged to get preliminary QA results

The December syslog-ng newsletter is now on-line:

• A syslog-ng container image based on Alpine Linux

• Call for testing: syslog-ng in openSUSE Leap 16.0

• Experimental syslog-ng container image based on Alma Linux

It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2025-01-alpine-linux-leap-16-0-alma-linux

Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of Windows 10 support in October next year.

The good news is that gaming on Linux has never been better, and openSUSE is a powerful and versatile platform for gamers to continue enjoying their favorite titles.

Linux gaming has evolved significantly over the past decade. Thanks to tools like Proton, Steam and Lutris, a large number of Windows-exclusive games are now playable on Linux. openSUSE is an excellent choice for gamers making the switch since it’s well known for its stability, flexibility and hardware support.

Why Choose openSUSE for Gaming? openSUSE brings a unique combination of features that make it a desired Linux distribution for gamers:

• Stability and Performance: openSUSE Leap provides a reliable environment for gaming, while Tumbleweed offers the latest software and drivers for cutting-edge performance.
• Wide Hardware Support: Whether you’re using NVIDIA or AMD GPUs, openSUSE has excellent driver support.
• Customizability: openSUSE allows you to easily tailor your system for gaming with access to tools and tweaks.

Distributions of openSUSE will breathe new life into your existing hardware, help you to avoid costly upgrades and keep gaming without interruption.

Setting Up Gaming on openSUSE

Step 1: Install Steam

Steam is the cornerstone of Linux gaming, providing access to thousands of native and Proton-supported games. Open the software center (Discover for KDE Plasma, GNOME Software for GNOME) or use the terminal.

Install Steam: sudo zypper install steam

Launch Steam, log in, and enable Steam Play:

• Go to Settings > Steam Play.
• Enable Steam Play for supported titles and Steam Play for all other titles.
• Select the latest version of Proton.

Steam Play allows you to run many Windows games seamlessly on Linux.

Step 2: Install Lutris

Lutris is a game manager that simplifies the installation and configuration of games from sources like GOG, Epic Games, and even emulators. Install Lutris via the terminal: sudo zypper install lutris

• Open Lutris and log in to your account. Use Lutris’s library to install and manage your games. It provides pre-configured setups for many popular titles, making the process effortless.

Step 3: Configure Your GPU Drivers

Proper GPU drivers are essential for gaming performance.

For NVIDIA GPUs:

Add the NVIDIA repository: sudo zypper addrepo --refresh https://download.nvidia.com/opensuse/tumbleweed NVIDIA

Install the NVIDIA drivers:

sudo zypper search nvidia (package) sudo zypper install (package)

For AMD GPUs:

AMD GPUs work out of the box with open-source Mesa drivers. To ensure optimal performance, update your system: sudo zypper dup

Check out the GPU Switching if you use multiple GPUs.

Step 4: Optimize Your System

Install MangoHud: Monitor FPS and system performance in games. sudo zypper install mangohud

Use GameMode: Optimize system resources for gaming performance. sudo zypper install gamemode

Popular Games on openSUSE

Many games have native Linux versions that run flawlessly on openSUSE:

• Counter-Strike: Global Offensive
• Dota 2
• Sid Meier’s Civilization VI
• Hades
• Valheim

Proton, Steam’s compatibility layer, allows you to play many Windows games on Linux:

• The Witcher 3: Wild Hunt
• Cyberpunk 2077
• Red Dead Redemption 2
• Elden Ring
• No Man’s Sky

Retro Gaming

For retro gaming enthusiasts, tools like RetroArch and Dolphin Emulator enable you to relive classic titles from consoles like the Nintendo 64, GameCube, and PlayStation.

Resources and Support

Need help? The Linux gaming community is active and ready to assist. Check out these resources:

• Proton – Find information about how well your favorite games run on Linux.
• Lutris – Guides and tips for setting up games.
• openSUSE Forums – Connect with the community for support.

Gaming on Linux, particularly with openSUSE, is no longer a compromise. Whether you’re playing AAA titles, indie games or retro classics, openSUSE offers the tools and performance you need to enjoy a seamless gaming experience.

Don’t wait until Windows 10 support ends; make the switch today and keep your gaming journey alive on openSUSE.

Upgrading to Windows 11 may require new hardware, which could add significant costs. Switching to openSUSE not only extends the life of your current hardware but also gives you access to a modern, secure gaming platform. By adopting openSUSE, you avoid contributing to e-waste caused by discarding perfectly functional machines and take advantage of a free, open-source operating system tailored for performance and reliability. This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.

Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of Windows 10 support in October next year.

The good news is that gaming on Linux has never been better, and openSUSE is a powerful and versatile platform for gamers to continue enjoying their favorite titles.

Linux gaming has evolved significantly over the past decade. Thanks to tools like Proton, Steam and Lutris, a large number of Windows-exclusive games are now playable on Linux. openSUSE is an excellent choice for gamers making the switch since it’s well known for its stability, flexibility and hardware support.

Why Choose openSUSE for Gaming? openSUSE brings a unique combination of features that make it a desired Linux distribution for gamers:

• Stability and Performance: openSUSE Leap provides a reliable environment for gaming, while Tumbleweed offers the latest software and drivers for cutting-edge performance.
• Wide Hardware Support: Whether you’re using NVIDIA or AMD GPUs, openSUSE has excellent driver support.
• Customizability: openSUSE allows you to easily tailor your system for gaming with access to tools and tweaks.

Distributions of openSUSE will breathe new life into your existing hardware, help you to avoid costly upgrades and keep gaming without interruption.

Setting Up Gaming on openSUSE

Step 1: Install Steam Steam is the cornerstone of Linux gaming, providing access to thousands of native and Proton-supported games. Open the software center (Discover for KDE Plasma, GNOME Software for GNOME) or use the terminal. Install Steam: sudo zypper install steam Launch Steam, log in, and enable Steam Play:

• Go to Settings > Steam Play.
• Enable Steam Play for supported titles and Steam Play for all other titles.
• Select the latest version of Proton. Steam Play allows you to run many Windows games seamlessly on Linux. Step 2: Install Lutris Lutris is a game manager that simplifies the installation and configuration of games from sources like GOG, Epic Games, and even emulators. Install Lutris via the terminal: sudo zypper install lutris
• Open Lutris and log in to your account. Use Lutris’s library to install and manage your games. It provides pre-configured setups for many popular titles, making the process effortless.

Step 3: Configure Your GPU Drivers Proper GPU drivers are essential for gaming performance.

For NVIDIA GPUs: Add the NVIDIA repository: sudo zypper addrepo --refresh https://download.nvidia.com/opensuse/tumbleweed NVIDIA

Install the NVIDIA drivers: sudo zypper search nvidia (package) sudo zypper install (package)

For AMD GPUs: AMD GPUs work out of the box with open-source Mesa drivers. To ensure optimal performance, update your system: sudo zypper dup

Check out the GPU Switching if you use multiple GPUs.

Step 4: Optimize Your System Install MangoHud: Monitor FPS and system performance in games. sudo zypper install mangohud Use GameMode: Optimize system resources for gaming performance. sudo zypper install gamemode

Popular Games on openSUSE Native Linux Games Many games have native Linux versions that run flawlessly on openSUSE:

• Counter-Strike: Global Offensive
• Dota 2
• Sid Meier’s Civilization VI
• Hades
• Valheim

Windows Games with Proton Proton, Steam’s compatibility layer, allows you to play many Windows games on Linux:

• The Witcher 3: Wild Hunt
• Cyberpunk 2077
• Red Dead Redemption 2
• Elden Ring
• No Man’s Sky

Retro Gaming For retro gaming enthusiasts, tools like RetroArch and Dolphin Emulator enable you to relive classic titles from consoles like the Nintendo 64, GameCube, and PlayStation.

Resources and Support Need help? The Linux gaming community is active and ready to assist. Check out these resources: ProtonDB: protondb.com – Find information about how well your favorite games run on Linux. Lutris Wiki: lutris.net – Guides and tips for setting up games. openSUSE Forums: forums.opensuse.org – Connect with the community for support.

Gaming on Linux, particularly with openSUSE, is no longer a compromise. Whether you’re playing AAA titles, indie games or retro classics, openSUSE offers the tools and performance you need to enjoy a seamless gaming experience.

Don’t wait until Windows 10 support ends; make the switch today and keep your gaming journey alive on openSUSE.

Upgrading to Windows 11 may require new hardware, which could add significant costs. Switching to openSUSE not only extends the life of your current hardware but also gives you access to a modern, secure gaming platform. By adopting openSUSE, you avoid contributing to e-waste caused by discarding perfectly functional machines and take advantage of a free, open-source operating system tailored for performance and reliability.

This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.

The openSUSE Innovator initiative and the Intel Innovator program play a crucial role in ensuring that the openVINO repository remains up to date for the openSUSE Linux distribution community, which I continually to strive to help.

OpenVINO (Open Visual Inference and Neural Network Optimization) is one of the most crucial tools in the AI ecosystem, especially for applications requiring optimized performance for deep learning model inference. The 2024.6.0 release that arrived in Tumbleweed brings significant advancements in compatibility, optimizations and support for complex models, including those used in Generative AI, such as Large Language Models (LLMs).

The Importance of OpenVINO on openSUSE Linux

• Seamless Hardware and Software Integration: OpenVINO provides native acceleration for Intel CPUs and GPUs while maintaining flexibility to support other platforms. When paired with openSUSE Linux’s optimized kernel and advanced library compatibility, OpenVINO reaches its full potential.
• Generative AI in Open Source: In the era of Generative AI, tools like OpenVINO democratize access to cutting-edge technologies and allow developers of all levels to create advanced solutions directly on openSUSE without requiring expensive proprietary hardware.
• Performance and Efficiency: OpenVINO significantly reduces inference times and resource usage, which is a critical feature for LLM-based applications processing large amounts of data in real-time.
• Developer Simplicity: One of OpenVINO’s greatest advantages is its accessibility. It enables even beginner developers to build robust applications with minimal code while still offering flexibility and customization for advanced projects.

Building an LLM Application in 3 Lines of Code

With OpenVINO, creating an application using a generative language model is as simple as:

import openvino_genai as ov_genai
pipe = ov_genai.LLMPipeline("TinyLlama-1.1B-Chat-v1.0/", "CPU")
print(pipe.generate("Openvino é", max_new_tokens=100, do_sample=False))

This simplicity highlights how OpenVINO allows seamless integration of Generative AI technologies into openSUSE Linux, combining optimization with ease of use.

Conclusion

The presence of OpenVINO on openSUSE Linux reinforces the role of open source in leading technological advancements in the AI era. It empowers businesses, independent developers and enthusiasts to build efficient, scalable and impactful applications. With tools like OpenVINO, openSUSE positions itself as a powerful platform for innovation in Generative AI.

Feedback and suggestions for the evolution of work can be sent to Alessandro de Oliveira Faria (A.K.A. CABELO) cabelo@pensuse.org

Table of Contents

• 1) Introduction
• 2) Improper use of PAM_IGNORE Return Values
• 3) Upstream Bugfix
• 4) Remaining Uses of PAM_IGNORE
• 5) Possible Workaround
• 6) Timeline
• 7) References

1) Introduction

The pam-u2f module allows to use U2F (Universal 2nd Factor) devices like YubiKeys in the PAM authentication stack. The hardware tokens can be used as a second authentication factor, or to allow password-less login.

We have been checking all PAM modules in the openSUSE code base for bad return values. During this effort we found that improper use of PAM_IGNORE return values in the pam-u2f module implementation could allow bypass of the second factor or password-less login without inserting the proper device.

This report is based on pam-u2f release 1.3.0.

2) Improper use of PAM_IGNORE Return Values

PAM modules basically consist of a set of hook functions that are invoked by libpam based on the active PAM stack configuration. Each PAM module function returns an int containing one of the PAM_* return values defined in the libpam headers. These return values are vital for the outcome of a PAM authentication procedure, since libpam reports authentication success or failure depending on the return values encountered while processing the modules configured in the auth management group of the active PAM stack configuration.

The main business logic of the pam-u2f module is found in function pam_sm_authenticate(), which contains multiple code paths that will result in a PAM_IGNORE return value. The following is a list of the possible situations that can cause this to happen:

• if an error occurs in gethostname().
• if various memory allocation errors occur in strdup() or calloc().
• if resolve_authfile_path() fails (which fails if asprintf() fails).
• if pam_modutil_drop_priv() or pam_modutil_regain_priv() fail.

Returning PAM_IGNORE signifies to libpam that the pam-u2f module shall not contribute to the return value that the application obtains. If no module reports a decisive return value, then libpam will report an authentication failure by default. However, if any other module in the auth management group returns PAM_SUCCESS, and no module marks an error condition, the overall result of the authentication will be “success”. How exactly this can happen is explored in the rest of this section.

In the pam-u2f documentation two main use cases for the PAM module are stated:

# as a second factor
auth required pam_u2f.so authfile=/etc/u2f_mappings cue

# for password-less authentication:
auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue pinverification=1

In the “second factor” scenario, a PAM_IGNORE return from pam-u2f means that login will be possible without actually providing a second factor. The first factor authentication module (typically something like pam_unix) will set a PAM_SUCCESS return value, which will become the overall authentication result.

In the “password-less” authentication scenario, when pam-u2f is used exclusively for authentication, a PAM_IGNORE return could mean that login will succeed without providing any authentication at all. The precondition for this is that another module in the auth management group returns PAM_SUCCESS. There exist utility modules that don’t actually authenticate but perform helper functions or enforce policy. An example is the pam_faillock module, which can be added to the auth management group to record failed authentication attempts and lock the account for a certain time if too many failed attempts occur. This module will return PAM_SUCCESS when running in “preauth” mode and if the maximum number of failed attempts has not been reached yet. In such a case PAM_SUCCESS would become the overall authentication result when pam-u2f returns PAM_IGNORE.

An attacker can attempt to provoke a situation that results in a PAM_IGNORE return value in pam-u2f to achieve one of these outcomes. In particular, provoking an out-of-memory situation comes to mind - for example if a local attacker already has user level access and wants to escalate privileges via sudo or su.

3) Upstream Bugfix

We suggested to upstream to change the problematic PAM_IGNORE return values to others that mark the authentication as failed, e.g. PAM_BUF_ERR for memory allocation errors or PAM_ABORT for other critical errors. Furthermore we suggested to harmonize the error handling in the affected function, because different styles of return values have been used in the retval variable (PAM_* constants mixed with literal integers returned from sub-functions).

Upstream implemented a bugfix along these lines, which is available in commit a96ef17f74b8e4. This bugfix is available as part of release 1.3.1. Yubico also offer their own security advisory for this CVE.

4) Remaining Uses of PAM_IGNORE

PAM_IGNORE should only be used in clearly defined circumstances, like when necessary configuration for the PAM module is missing. Even then, this behaviour ideally should require an explicit opt-in by administrators, by passing configuration settings to the module’s PAM configuration line.

Two such cases remain in pam-u2f with the bugfix applied. These cases trigger if no auth file exists for the user to be authenticated and if the “nouserok” option has been passed to the PAM module.

5) Possible Workaround

If applying the bugfix is not possible right away, then a temporary workaround for the issue can be applied via the PAM stack configuration by changing the pam_u2f line as follows:

auth       [success=ok default=bad]    pam_u2f.so [...]

This way even a PAM_IGNORE return in pam_u2f.so will be considered a bad authentication result by libpam.

6) Timeline

7) References

• pam-u2f bugfix commit addressing the issue
• pam-u2f bugfix release 1.3.1
• pam-u2f GitHub project
• pam-u2f project website
• Yubico security advisory

With the release of LXQt 2.1, we are pleased to announce the availability of Wayland compatibility for LXQt within Tumbleweed.

This support is to be considered experimental at this point, and for most users, is likely not ready for daily driving.

LXQt, unlike many other desktop environments, does not provide its own Window Manager. Under X11, the openSUSE-LXQt team defaults to using Openbox as its Window Manager. This decision carries over from upstream to the new Wayland support; the initial release of lxqt-wayland-sessions supports the following Wayland Compositors:

• Hyprland
• Kwin
• labwc
• niri
• river
• Sway
• Wayfire

At present, not all of LXQt’s built-in configuration tools work with all compositors, nor do all compositors support all features of LXQt components. Most notably:

• lxqt-globalkeys does not work with Wayland, and setting keybinds must be done through each individual compositor’s configuration files.
• lxqt-panel’s desktop switcher, and LXQt Power Manager’s settings for controlling displays are only compatible with KWin.
• With the exception of KWin and labwc, configuration is done by editing the text configuration files of individual compositors. KWin can be configured through GUI tools, provided the relevant parts of KDE System Settings are installed. labwc offers labwc-tweaks, which allows certain configurations through a GUI, but it is not comprehensive.

The openSUSE-LXQt team is not currently making any recommendations as to a “default” Wayland compositor for LXQt since this support is still in active development, but we do make the following suggestions to help you decide. If you don’t know which compositor you would like to try, take the following considerations:

• KWin provides the most complete Wayland session, workspace support, and with the right parts of Plasma installed, can be configured through the GUI rather than by editing text files.
• labwc is roughly based on the idea of “Openbox for Wayland” and will feel more “at home” for existing LXQt users.
• If you prefer Floating/Stacking desktops, Kwin, labwc, or Wayfire are your best current choices.
• If you like tiling desktops, Hyprland, niri, river, or Sway may be to your liking.
• If you like lots of desktop effects and “bling”, Kwin, Hyprland, or Wayfire are probably good places to start.

For more detailed information, please visit the openSUSE LXQt Wayland wiki.

Dear Tumbleweed users and hackers,

Welcome to 2025! While we were all celebrating, some people continuously felt the urge to work on packages for Tumbleweed. Tumbleweed kept rolling, as we ensured the staging and openQA results would be monitored even during this time. This review will try to cover the most relevant changes since snapshot 20241218 and include things up to 20250108, which is the latest snapshot published as of this writing. I will thus cover 11 snapshots.

The most relevant and exciting things that have been delivered were:

• Linux kernel 6.12.6 & 6.12.8; FBDEV has been disabled
• LLVM 19.1.6
• PHP 8.3.15
• Qemu 9.2.0
• Systemd 256.10
• XFCE 4.20.0
• Shadow 4.17.0 & 4.17.1
• Samba 4.21.2
• KDE Plasma 6.2.5
• Poppler 24.12.0
• Mesa 24.3.3
• Ruby 3.4: all rubygems have been rebuilt for version 3.4 and the ruby3.3-rubygem packages have been dropped.
• Xen 4.20.0

The staging areas are already well filled up and the following things are works in progress:

• Removal of Python 3.10 module packages (we now build for 3.11, 3.12, and 3.13, with Python 3.11 still being the distro default interpreter)
• KDE Gear 24.12.1
• Mozilla Firefox 134.0
• Linux kernel 6.12.9
• Systemd 257
• RPM 4.20: a few caveats to consider: %patch is now a regular macro, and #%patch might not do what you’d expect. Commented-out lines should always escape % or use %dnl to comment out lines in a spec file. The usage of noarch and ifarch in a spec file are mutually exclusive, as are noarch and the usage of %_libdir.

The openSUSE Slowroll community has welcomed the January version bump that was completed recently.

Slowroll’s snapshots mark the beginning of fresh updates with the initial updates now accessible on mirrors globally.

This month’s bump comes a day early to avoid interruptions caused by routine maintenance on critical infrastructure. Updates are rolling out and users get new Tumbleweed versions from the 20250101 snapshot.

The updates integrate advancements from the openSUSE reproducibility initiative, which derive from Factory/Tumbleweed. Key improvements include enhanced tools for reproducible builds and fixes for dependency handling, parallelism and race conditions in packages such as Python, Qt and others.

Slowroll’s smart roll approach delivers a dependable foundation for users seeking a reliable system with essential security updates that avoid frequent changes seen in traditional rolling-release models. The balance makes it an excellent choice for those who want a balance of stability and access to modern software.

Updates for Slowroll arrive between an average of 5 to 10 days after being released in Tumbleweed. Users can read the latest monthly update for Tumbleweed to see what packages are arriving in Slowroll; recent updates include QEMU 9.2.0, which adds 3D acceleration for Vulkan apps and enhanced crypto support, and GPG 2.5.2, which features ECC+Kyber key generation and improved smart card handling.

While still marked as experimental (for lack of automated tests), Slowroll continues to evolve and offers users a dependable and innovative alternative in the openSUSE ecosystem.

For more details, visit the project’s roadmap.