Dear Tumbleweed users and hackers,

As I mentioned last week, we had to block the release of snapshot 0821 due to conflicts between OpenSSH and SELinux. I’m happy to report that openQA played a crucial role in detecting/resolving this issue on the SELinux-policy side. This incident highlights the strength of the iterative development model we use for delivering Tumbleweed. While we strive for perfection, openQA is instrumental in catching most issues before they reach our users.

However, this week we encountered a hiccup. We released a snapshot that transitioned the dbus-daemon from dbus-1 to dbus-broker. Unfortunately, I misjudged the severity of a test failure, which led to a significant issue: all machines using Wicked lost network access upon reboot (race between starting dbus-broker and wicked). My apologies for the disruption this caused. For more details, you can read the news article here. As the old saying goes, ‘You can’t make an omelet without breaking eggs.’

Not all was bad this week though – despite all, we managed to publish 7 snapshots (0822, 0823, 0825, 0826, 0827, 0828, and 0829), containing these changes:

• Samba 4.20.4
• Cockpit 322
• GStreamer 1.24.7
• LibreOffice 24.8.0.3
• Mozilla Firefox 129.0.1
• OpenSSH 9.8p1
• python setuptools 72.1.0 / pip 24.2
• dbus-broker 36: new default dbus daemon for Tumbleweed (snapshot 0825, published on Aug 26)
• wicked: address the race condition with dbus-broker (published as an emergency update on Aug 28, and merged into snapshot 0829)
• KDE Gear 24.08.0
• GCC 14 is finally the default system compiler (since snapshot 0827).

With the dbus-broker and GCC14 changes done, we completed almost all of the long-standing changes from the last weeks. The switch to GCC 14 has been in the weekly review since 2024/08, when we completed phase 1, using GCC14’s libraries by default. dbus-broker has been in the making even longer, as that was first mentioned to be worked on in the review 2023/45.

So let’s get the list a bit shorter and get an overview of what we currently know should happen in the upcoming days/weeks:

• Linux kernel 6.10.7
• binutils 2.43.1
• Go 1.23 as new system default (ignition is the only failing package identified so far)
• perl-Bootloader will be renamed to update-bootloader: it’s been a while since there was no Perl code in there anymore. Some openQA tests need to be adjusted for this (https://progress.opensuse.org/issues/165686)
• grub2 change: Introduces a new package, grub2-x86_64-efi-bls

Welcome to the monthly update for Tumbleweed for August 2024. This month has been a productive period with significant progress and updates. The rolling-release team is making headway on longer-term projects like dbus-broker showing promising progress and the transition to GNU Compiler Collection 14 as the default compiler is in its second phase as there are ongoing efforts to address the remaining build failures. Those efforts for GCC 14 becoming the default compiler are likely to arrive in the 20240827 snapshot. Go 1.22 became the default go compiler this month and ffmpeg switched from version 6 to 7. However, a critical issue emerged with the network stack in recent builds due to a race condition. Those using Wicked, which is a network configuration tool, were advised to delay updates or rollback using snapper while ongoing efforts focused on resolving the problem. A submit request for Wicked was made on August 28 for resolving the issue and will likely address the networking issue in a snapshot before August ends. Those not dependent on Wicked are encouraged to proceed with updates as usual.

Stay tuned and tumble on!

Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the openSUSE Factory mailing list.

New Features and Enhancements

• Linux Kernel 6.10.4: This update has some key changes including a fix to the klp_symbols macro in the kernel spec file, which addresses errors in the build process for openSUSE Tumbleweed. Networking improvements resolve issues in the bnxt_en driver and multiple fixes were made to the MPTCP protocol, which multiple path connection use while maximizing throughput and increasing redundancy. Updates to the DRM subsystem include fixes for memory leaks in Mesa’s V3D driver, handling issues in the AMD GPU driver and addressing black screen issues in the AST driver after resume. The update also includes critical bug fixes for the ALSA sound system, Btrfs file system and various other components.
• GNOME 46.4: This update brings a series of enhancements and fixes across several core GNOME packages. While the gnome-bluetooth package updated to version 46.1, it addresses a bug that prevented some device icons from appearing correctly and includes updates for translations. The control center improves accessibility, resolves a memory leak in the default apps page and fixes issues related to network settings, Bolt visibility, and fingerprint enrollment. The gnome-software update corrects AppStream metadata formatting, includes translation updates and refreshes user docs and Help documentation.
• php 8.3.10: This update brings a series of critical fixes and enhancements. In the core, it resolves several issues, including memory leaks, segmentation faults and support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1. Notable bug fixes include addressing a use-after-free in property coercion with __toString() and resolving crashes in DOMDocument::xinclude(). The updated package improves compatibility with libxml2 versions 2.13.0 and 2.13.2 and fixes issues in extensions like PDO. The update fixes buffer overflows, stream wrapper truncations and memory leaks.
• KDE Plasma 6.1.4: This Konqi update brings a variety of fixes and improvements across several core components of the Plasma desktop environment. Discover addresses bugs related to license text parsing, icon caching and visibility calculations. The Crash handler Dr Konqi enhances reporting by integrating version information and improving metadata synthesis for crashes in kwin_x11. KPipeWire adds resilience to stream handling during PipeWire restarts and introduces a new encoder using libopenh264. KWin includes numerous fixes, such as improving window focus management, addressing crashes and enhancing rendering performance. Updates to the Plasma Desktop refine folder view behavior, applet layouts and visual configurations.
• Frameworks 6.5.0: This update sees Attica add support for a new version field in DownloadDescription. Bluez Qt fixes connections related to the connectedDevices list property. Breeze Icons introduces new category icons and resolves issues with symlinks for various applications. Extra CMake Modules adds MANPATH support and improves WaylandScanner handling. KAuth enhances dbus backend functionality and KIO improves file handling, enhances logging and optimizes connection management. Additionally, Kirigami refines dialog behavior and accessibility features, while KTextEditor adds new actions for space and tab conversion along with improving drag behavior with wrapped lines. These updates collectively enhanced the functionality, stability and user experience across the KDE Plasma ecosystem.
• systemd 256.5: The update restores the 32-bit version of libudev.so, which was inadvertently dropped during the merge of libudev-devel into systemd-devel. This restoration is essential for enabling plug-and-play support in Wine for 32-bit Windows applications. For a detailed list of changes, users can visit its GitHub changelog.
• KDE Gear 24.08: Just in time for the upcoming Akademy 2024, KDE Gear 24.08 arrives with a fresh wave of updates across a broad range of applications. The release introduces new features for Dolphin like easier file management with administrative privileges and a streamlined Move to New Folder option. The disk visualizer Filelight has a friendlier interface and improves Windows version, which helps you visualize disk usage right from within Dolphin. Konsole makes navigating long outputs easier with a new bookmarking feature and video editor Kdenlive advances keyframe curve editing and refined effects handling. Travel apps like Itinerary and conference tracker Kongress are updated to assist you during Akademy, offering detailed travel plans and venue maps.

Key Package Updates

• NetworkManager 1.48.8: The latest update resolves an issue with Open vSwitch (OVS) where stage3 activation could be triggered without an initialized DHCP client and improves configuration parsing by correctly handling the autoconnect-ports value to provide better control over automatic connections. Enhancements to IPv6 networking were made by preserving router preferences in neighbor discovery (NDISC).
• pavucontrol 6.1: The major version of PulseAudio Volume Control package addresses issues such as translations not being correctly applied, a bug where unplugged audio cards would not disappear from the interface and a misalignment in Bluetooth codec selection. The application name in the desktop file has also been corrected to Volume Control. Version 6 introduces significant changes that including a migration from Gtk 3 to Gtk 4, embedded UI resources and improved support for 144 Hz monitors.
• binutils 2.43: A new .base64 pseudo-op allows encoding data as base64 strings and Intel APX support is expanded with new instructions like CFCMOV and CCMP. The x86 Intel syntax now provides more warnings for mnemonic suffixes, and macros in assembly code can use \+ to track execution counts. Significant updates include support for armv9.5-a in AArch64 and new extensions in RISC-V, along with improved data handling in s390 and MIPS. The arm architecture drops support for outdated co-processors, while LoongArch gains finer control over assembly options. Enhancements in tools like readelf and objdump offer more detailed outputs, particularly for .eh_frame sections. The linker now includes options for segment handling and ISA level reporting. These updates enhance binutils’ functionality and adaptability across a wide range of platforms.
• curl 8.9.1: This update addresses a critical regression fixing proper handling of sigpipe signals by initializing the struct correctly. Bug fixes include better detection of libssh and nettle in CMake providing better connection shutdown handling for event-based processing and more robust socket code for the --ip-tos option. Updates also improve compatibility and stability across different platforms, including fixes for 32-bit systems, OS400 builds and defensive coding for NULL inputs.
• bash 5.2.32: Key fixes include correcting an inverted configure test for strtoimax(3) and resolving a problem where a DEBUG trap in an asynchronous process could mistakenly take control of the terminal, causing the calling shell to exit. The update corrects an issue where functions containing coprocesses were displayed with an erroneous COPROC command, making them unreadable as input.

Bug Fixes

• orc 0.4.39:
  • CVE-2024-40897 was solved with versions before 0.4.39, which had a buffer overflow vulnerability in orcparse.c.
• curl 8.9.1:
  • CVE-2024-7264 was a parser flaw that may cause crashes or leak heap contents.
• Flatpak 1.15.10:
  • CVE-2024-424721 was a flaw that allows unauthorized file access via symlink in persistent directories.
• tiff:
  • CVE-2024-7006 was a null pointer flaw that may cause crashes, which could lead to denial of service.
• unbound 1.21.0:
  • CVE-2024-43167 was a null pointer flaw that may cause crashes, leading to a denial of service as well.
• Mozilla Firefox 129.0: This release fixes 14 CVEs, which addresses multiple vulnerabilities, including fullscreen notification dialog obscuration with CVE-2024-7518, CVE-2024-7523, and CVE-2024-7529. There was an out-of-bounds memory access CVE-2024-7519 and CVE-2024-7522. There was type confusion and incomplete exception handling in WebAssembly with CVE-2024-7520 and CVE-2024-7521 along with some other CVEs affecting security and memory handling.
• python311:
  • CVE-2024-6923 was a medium severity vulnerability in CPython’s email module that allows header injection due to improper quoting of newlines during email serialization.

Conclusion

August 2024 saw significant improvements for Tumbleweed users. Security fixes were made across multiple packages to ensure Tumbleweed remains stable and secure. Significant improvements were made in tools like pavucontrol, binutils and curl, with enhanced compatibility, performance and security. Noteworthy changes in packages such as php, systemd, and NetworkManager are crucial fixes. These updates collectively contribute to a more refined and stable rolling release environment.

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

_{^{(Image made with DALL-E)}}

With the switch to dbus-broker as D-Bus implementation in Tumbleweed Snapshot 20240825, a regression was introduced: When using Wicked for network configuration, the system boots up without network connectivity. Systems that use NetworkManager are not affected.

NetworkManager is the default for all new installations since 2022 and desktop installations since 2018, so this mostly affects systems which have been installed before, or have been switched to Wicked manually.

Users are advised to postpone system updates for now if they use Wicked or are unsure. Users who have updated already can use Snapper to rollback to an earlier snapshot.

The root cause appears to be a race condition between Wicked and the D-Bus system, which results in the network stack failing to initialize properly. When Wicked is launched, it struggles to interact with D-Bus, leading to the failure of various dependent network services. This sequence of events will leave the rolling release’s network stack inoperative, often requiring a manual restart to restore network functionality.

To address this problem, initial efforts are focusing on modifying the service dependencies in the systemd service files.

_{^{(Image made with DALL-E)}}

In the latest set of improvements coming to the content moderation feature we focused on improving the experience of moderators reviewing incoming reports. By including more information about the state of reports we make it easier for moderators to comprehend the user reported content in the notifications. This will lower the time the moderators need to respond to reports. Content Moderation is part of the beta program. Our journey into content moderation began back in...

In recent testing scenarios involving a build and NetworkManager, a significant issue has surfaced: the network stack becomes non-operational.

Users are advised to postpone system updates for now, but if users have already updated, use Snapper to rollback; it’s important to note that while the issue primarily affects GNOME setups with Wicked, it can also impact servers without these components.

This problem has been consistently reproducible since at least the 20240825 Tumbleweed build. Bind 9.20.1 received an update has changes to DNS query handling and system controls, which may have inadvertently contributed to the network stack issue.

The root cause appears to be a race condition between Wicked and the D-Bus system, which results in the network stack failing to initialize properly. When Wicked is launched, it struggles to interact with D-Bus, leading to the failure of various dependent network services.

System logs show that D-Bus is either not fully active or not recognized by Wicked at the time of initialization, triggering a series of failures across services like DHCP and AutoIPv4.

This sequence of events will leave the rolling release’s network stack inoperative, often requiring a manual restart to restore network functionality.

To address this problem, initial efforts are focusing on modifying the service dependencies in the systemd service files. One proposed solution may be adding After=dbus.service to the Wicked service configuration. However, this adjustment alone may prove insufficient in many cases.

Further investigation is leading to more proposed solutions. The issue also appears to extend beyond Wicked, potentially affecting other services and indicating broader implications for the system’s initialization processes. The transition of NetworkManager and Wicked in some setups has uncovered the critical race condition affecting the network stack’s initialization. While recent adjustments to the systemd service configurations have significantly mitigated the issue, ongoing testing and further refinements are essential to achieve consistent network functionality. Users are advised to use snapper’s rollback to maintain proper network stack initialization.

_{^{(Image made with DALL-E)}}

We are always looking for new ways to store log messages. Quickwit is a new contender, designed for log storage, and among others, it also provides an Elasticsearch-compatible API. From this blog, you can learn about Quickwit, and how to forward log messages from syslog-ng to it using the Elasticsearch-compatible API.

Read more at https://www.syslog-ng.com/community/b/blog/posts/first-steps-with-quickwit-and-syslog-ng

Dear Tumbleweed users and hackers,

Week 34 seemed to go almost without drama. Most snapshots passed openQA without big incidents. Most! In one snapshot, we tested updating to openSSH 9.8p1—general functionality was fine. Still, the SELinux policies have not yet been adjusted, which resulted in OpenSSH servers not starting up on MicroOS-based systems. This is nothing we want to give out to our users so we held back snapshot 0821. This will be worked out and openSSH 9.8p1 will be delivered as soon as possible. With this taken into account, 5 snapshots passed QA and could be published (0816, 0817, 0818, 0819, and 0820)

The five snapshots brought you the following changes:

• Linux kernel 6.10.5: this helped unblock the s390 port
• PCRE2 10.44
• PHP 8.3.10
• Bash 5.2.32
• systemd 256.5
• osc 1.9.0, fixing CVE-2024-22034. The file storage on disk has been updated, which causes issues with obs-service-source_validator not being able to handle the new layout. A fix is being worked on (https://github.com/openSUSE/obs-service-source_validator/pull/141) and we will deliver this as part of the Update channel and in future snapshots as soon as possible.

Looking at the staging areas, it seems like the vacation period is ending – and more things are getting ready soon. Currently, the teams are working on those changes:

• LibreOffice 24.8.0
• KDE Gear 24.08.0
• Mozilla Firefox 129.0.1
• perl-Bootloader will be renamed to update-bootloader: it’s been a while since there was no perl code in there anymore
• dbus-broker: All staging tests have passed. We plan on integrating this into full snapshots early next week
• GCC 14: phase 2: use gcc14 as the default compiler – All relevant build failures in Ring0 and Ring1 have been resolved. This has moved ‘up’ (to Staging:O) to get Staging QA runs. In rare cases, this might find some runtime issues stemming from the new compiler, but we do not think this would happen. Taking current progress into account, we should be able to switch by the end of August (dates are predictions, no commitment)

For many years, the official syslog-ng container and development containers were based on Debian Testing. We are switching to Debian Stable now. Learn about the history and the reasons for the change now.

Read more at https://www.syslog-ng.com/community/b/blog/posts/we-are-switching-syslog-ng-containers-from-debian-testing-to-stable

openqa-mq is a small CLI tool that receives openQA related events from RabbitMQ. It is part of the openqa-mon packages and will work for OSD and for OOO.

Dear Tumbleweed users and hackers,

Week 33 was busy, but busy in a good way. We managed to clear almost all stagings out, except the ‘long lasting’ topics like GCC, and dbus-broker, which we carried for a few weeks already. Other than that, the queue has been emptied (At the time of writing, there are now 54 pending requests to Factory). Summer vacation helped us achieve this result. And the fact, that we produced 7 snapshots (one discarded) during the last week.

The six published snapshots (0809, 0810, 0811, 0812, 0813, and 0815) brought you those changes:

• GCC 13.3.1
• glibc 2.40
• KDE Frameworks 6.5.0
• Mozilla Firefox 129.0
• NetworkManager 1.48.8
• binutils 2.43
• cURL 8.9.1
• Linux kernel 6.10.4
• GO 1.22 has become the new default Go compiler version
• FFMPEG default has switched from version 6 to version 7

As mentioned, stagings are almost empty – the few things currently left are:

• Linux kernel 6.10.5
• dbus-broker: some progress was made last week; most QA tests are fine, there is just a race condition on shutdown (likely not new, but dbus-daemon might have waited longer to report it, by when the system had completely shut down and the error has been ‘swallowed’)
• GCC 14: phase 2: use gcc14 as the default compiler – great progress has been made and we believe we will be able to switch during Week 34