Welcome to the monthly update for openSUSE Tumbleweed for July 2024. Last month was busy with events like the Community Summit in Berlin and the openSUSE Conference. Both events were productive and well-received. Despite the busy schedule and follow on discussion from the conference about the Rebranding of the Project, a number of snapshots continued to roll out to users this month.

Stay tuned and tumble on!

Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the openSUSE Factory mailing list.

New Features and Enhancements

• Linux Kernel 6.9.9: This kernel introduces several important fixes and enhancements across various subsystems. Key updates include the introduction of devm_mutex_init() for mutex initialization in multiple components, addressing issues in the Hisilicon debugfs uninit process, and resolving shared IRQ handling in DRM Lima drivers. Fixes in the PowerPC architecture avoid nmi_enter/nmi_exit in real mode interrupts, while networking improvements prevent unnecessary BUG() calls in net/dql. Enhancements in WiFi drivers such as RTW89 include improved handling for 6 GHz channels. Updates in DRM/AMD drivers address multiple issues, from uninitialized variable warnings to ensuring proper timestamp initialization and memory management. The RISC-V architecture receives a fix for initial sample period values, and several BPF selftests see adjustments for better error detection. These updates collectively enhance system stability, performance, and security. Snapshot 20240730 updated the Linux Kernel to version 6.10.2 after this blog was first published.
• KDE Plasma 6.1.3: Discover now auto-handles Flatpak rebases from runtimes and properly uninstalls EOL refs without replacements. In Kglobalacceld, invalid keycodes are explicitly processed. Kpipewire introduces proper cleanup on deactivate and fixes thread handling for PipeWireSourceStream. KScreen now uses ContextualHelpButton from Kirigami, and Kscreenlocker adds a property to track past prompts. KWin sees numerous improvements: relaxed nightlight constraints, simplified Wayland popup handling, better input method windows, and enhanced screencast plugins. Plasma Mobile enhancements improve home screen interactions, translation issues, and swipe detection. Plasma Networkmanager and Plasma Workspace benefit from shared QQmlEngine and various bug fixes, including avatar image decoding and pointer warping on Wayland.
• Frameworks 6.4.0: Attica updates its gitignore to include VS Code directories. Baloo reverts a QCoreApplication change and ports QML modules. Breeze Icons introduces a ColorScheme-Accent and fixes data-warning icons. KArchive now rejects tar files with negative sizes and fixes crashes with malformed files. KAuth and KBookmarks add VS Code directories to gitignore. KCalendarCore adds missing QtCore dependencies and QML bindings for calendar models. KIO improves systemd process handling and deprecates unused features. Kirigami enhances navigation and dialog components. KTextEditor adds a tool for testing JavaScript scripts and ensures even indent sizes, fixing multiple bugs.
• KDE Gear 24.05.2: Akonadi-calendar adds missing change notifications. Dolphin updates Meta-Object Compiler generation. Filelight enables appx building and ensures hicolor icon presence while Itinerary fixes calendar permissions, corrupted notes, and the package introduces new extractors. Kdenlive addresses timeline, aspect ratio, and compilation issues. Okular fixes a crash with certain PDF actions.
• Supermin 5.3.4: This update introduces several key enhancements, including support for OCaml 5 and kylinsecos. It improves package management by detecting dnf5 and omitting missing options. The update also refines OCaml compilation by using -output-complete-exe instead of -custom that fixes kernel filtering for the aarch64 architecture, and enables kernel uncompression on RISC-V. The update removes previously applied patches now included in the new tarball, helping to streamline the codebase and improve maintainability.
• Checkpolicy 3.7: The latest update brings support for Classless Inter-Domain Routing notation in nodecon statements, enhancing SELinux policy definition capabilities. Error messages are now more descriptive, and error handling has been improved. Key bug fixes include handling unprintable tokens, avoiding garbage value assignments, freeing temporary bounds types and performing contiguous checks in host byte order.

Key Package Updates

• NetworkManager 1.48.4: This update introduces support for matching Open vSwitch (OVS) system interfaces by MAC address, enhancing network interface management. Additionally, NetworkManager now considers the contents of /etc/hosts when determining the system hostname from reverse DNS lookups of configured interface addresses, improving hostname resolution accuracy. Subpackages updated include NetworkManager-bluetooth, NetworkManager-lang, NetworkManager-tui, NetworkManager-wwan, libnm0, and typelib-1_0-NM-1_0. These enhancements contribute to more robust and precise network configuration handling in Linux environments.
• libguestfs 1.53.5: This update includes significant enhancements and fixes. The --chown parameter is now correctly split on the ‘:’ character, and a new checksum command is supported. Detection for Circle Linux and support for the LoongArch architecture have been added, including file architecture translation fixes. The update allows nbd+unix:// URIs and reimplements GPT partition functions using sfdisk. DHCP configuration improvements and a new virt-customize --inject-blnsvr operation enhance usability. Deprecated features include the removal of gluster, sheepdog, and tftp drive support. New APIs such as findfs_partuuid and findfs_partlabel improve functionality, while inspection tools now resolve PARTUUID and PARTLABEL in /etc/fstab. These updates enhance compatibility, performance, and functionality across various environments.
• glib2 2.80.4: The latest update backports key patches: mapping EADDRNOTAVAIL to G_IO_ERROR_CONNECTION_REFUSED, handling files larger than 4GB in g_file_load_contents(), and correcting GIR install locations and build race conditions. Additionally, improvements in gthreadedresolver ensure returned records are properly reference-counted in lookup_records().
• ruby3.3 3.3.4: This release addresses a regression where dependencies were missing in the gemspec for some bundled gems such as net-pop, net-ftp, net-imap, and prime. Other fixes include preventing Warning.warn calls for disabled warnings, correcting memory allocation sizes in String.new(:capacity) and resolving string corruption issues.
• libgcrypt 1.11.0: The latest update introduces several new interfaces and performance enhancements. New features include an API for Key Encapsulation Mechanism (KEM), support for algorithms like Streamlined NTRU Prime sntrup761, Kyber, and Classic McEliece, and various Key Derivation Functions (KDFs) including HKDF and X963KDF. Performance improvements feature optimized implementations for SM3, SM4, and other cryptographic operations on ARMv8/AArch64, PowerPC, and AVX2/AVX512 architectures. Other changes include various enhancements for constant time operations and deprecates the GCRYCTL_ENABLE_M_GUARD control code.

Bug Fixes

• orc 0.4.39:
  • CVE-2024-40897 was solved with versions before 0.4.39, which had a buffer overflow vulnerability in orcparse.c.
• java-21-openjdk 21.0.4.0:
  • CVE-2024-21131 was a difficult-to-exploit vulnerability allowing unauthorized data modifications.
  • CVE-2024-21138 was a vulnerability causing partial denial of service.
  • CVE-2024-21140 was a vulnerability allowing unauthorized data access and modification;
  • CVE-2024-21145 was similar.
  • CVE-2024-21147 was the same, but for more critical data.
• ovmf 202402 had three months of CVE patches in its quarterly update.
• Mozilla Firefox 128.0: This release fixes 16 CVEs. The most severe was CVE-2024-6604; this was a memory safety bug in Firefox 128, Firefox ESR 115.13, Thunderbird 128 and Thunderbird 115.13. These bugs showed evidence of memory corruption that potentially allowed arbitrary code execution.
• ghostscript 10.03.1)
  • CVE-2024-33869 allowed bypassing restrictions via crafted PostScript documents.
  • CVE-2023-52722
  • CVE-2024-33870 allows access to arbitrary files via crafted PostScript documents.
  • CVE-2024-33871 allowed arbitrary code execution via crafted PostScript documents using custom Driver libraries in contrib/opvp/gdevopvp.c.
  • CVE-2024-29510 allowed memory corruption and SAFER sandbox bypass via format string injection in a uniprint device.
• xwayland 24.1.1 3:
  • CVE-2024-31080 had a vulnerability that could allow attackers to trigger the X server to read and transmit heap memory values, leading to a crash.
  • CVE-2024-31081 could cause memory leakage and segmentation faults, leading to a crash.
  • CVE-2024-31083 allowed arbitrary code execution by authenticated attackers through specially crafted requests.
• libreoffice 24.2.5.2:
  • CVE-2024-5261 allows fetching remote resources without proper security checks.
• GTK3 3.24.43:
  • CVE-2024-6655 allowed a library injection into a GTK application from the current working directory under certain conditions.
• netpbm 11.7.0:
  • CVE-2024-38526: doc, which provides API documentation for Python projects, had a vulnerability where pdoc –math linked to malicious JavaScript files from polyfill.io.

Conclusion

The month of July 2024 was marked by significant updates, security fixes and enhancements. The Linux Kernel 6.9.9 update introduced several key fixes and improvements across various subsystems, enhancing overall stability and performance. KDE Plasma 6.1.3 brought numerous UI improvements and better handling of Flatpak rebases. The updates to Frameworks 6.4.0 and KDE Gear 24.05.2 provided additional enhancements and bug fixes, improving user experience and system reliability. Critical security vulnerabilities were addressed in various packages, including Firefox, ghostscript, and xwayland, ensuring Tumbleweed remains secure, efficient, and feature-rich for all users. Additionally, the Aeon team announced the release of Aeon Desktop to Release Candidate 3 status that came from the release of a Tumbleweed snapshot last week.

For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

_{^{(Image made with DALL-E)}}

Last week One Identity released version 4.8.0 of its open-source log management application. Learn about some of the new features and bug fixes: why upgrade to the latest syslog-ng version, not only on FreeBSD :-)

Read more at https://www.syslog-ng.com/community/b/blog/posts/version-4-8-0-of-syslog-ng-improves-freebsd-and-macos-support

This is a quick fix, should you find you have a ghosted entry in your application menu on KDE Plasma. This may work for other desktop environments but I have not tested against anything else. If you run into this and you are running GNOME, Cinnamon, XFCE or anything else, please let me know. Sometimes […]

The Aeon team is very happy to announce that with the release of Snapshot 20240726, Aeon Desktop is now officially at Release Candidate 3 (RC3) Status!

The biggest change with this release is the introduction of Full Disk Encryption by default, configured automatically as part of the installation.

Depending on your hardware, Aeon will automatically configure Full Disk Encryption in one of two modes:

• Default Mode with strong verification of bootloader via the Trusted Platform Module version 2.0 (TPM2 for short), initrd and kernel before automatically decrypting your system
• Fallback Mode with no verification of boot components and requiring a Passphrase on boot to decrypt your system

For more details, please read our Encryption Documentation..

Please download Aeon from aeondesktop.org and install it following our Installation Guide.

Existing users who want the RC3s Encryption feature, people will need to re-install their system.

Pro tip: it’s recommended to use “a large” USB stick for the automatic backup/restore feature of the existing users data & configuration. Ensure it provides enough space to complete this transition.

#RC3 is expected to be the last RC that will require a reinstallation. Users who install RC3 can expect to be automatically upgraded to any future RC versions and the official Aeon Release automatically while RC4 doesn’t appear to be nececcary at this point in testing.

Behind the Scenes

RC3 has also brought some nice technical and community improvements preparing for Aeon’s official release:

• tik (Aeon’s installer) now uses systemd-repart instead of dd for deploying images. This is what enabled Full Disk Encryption. to be offered as you now see it in RC3
• Aeon now has an official Brand Guide covering logos, colours, and advice toward how to use these when spreading the word about Aeon.
• Aeon now has an official Subreddit for announcements like this, development blogs, and can be used by the community for discussions, technical help or anything else related to Aeon.

What’s Coming Next

RC3 may be the final Release Candidate before Aeon’s official release. There are no major structural changes planned to the core Aeon OS, just regular improvements as upstream versions develop and our community contributes to new features and packages.

The main difference between RC3 and the official release will be the writing of openQA, which is a noteworthy for CrowdStrike to consider, to test Aeon’s installation and basic functionality.

We would appreciate help in this area, which can now begin in earnest using RC3 as a reference.

There is a possibility of an RC4, which is currently being investigated.

If it occurs, RC4 will use tik’s new systemd-repart functionality to act as a ‘Self Installer’.

Users will see no practical difference between RC3, except for a significantly smaller download size as the Installer will not need a separate embedded Aeon image to deploy.

For that approach to work however, we will depend on features we haven’t tested yet from systemd v256. This was only submitted to openSUSE Factory recently, so it’s very cutting edge.

If RC4 does not occur, users can expect smaller more efficient images to come sometime after the release.

Our hope is everyone has a lot of fun with Aeon RC3, and would like to thank everyone who helped to get Aeon toward its release schedule.

The Aeon Team

The user has been a dedicated user of PDF Studio since 2008. The application's standout features include non-subscription model, Linux compatibility, and useful tools for PDF management. The user appreciates its dark mode, multi-page PDF splitting/merging, scanning and cropping, OCR, digital signatures, and MS Office files conversion. PDF Studio's installation and upgrade process is hassle-free, and the user values Qoppa's support for Linux.

Dear Tumbleweed users and hackers,

As I informed you in my last ‘weekly review’ (end of week 27 – so three weeks ago), I enjoyed some vacation time of my own and used it to recharge by entirely stepping away from computers. Of course, you did not notice anything, as Ana was there to steer the big Tumbleweed ship around and snapshots have been delivered constantly. for completeness, I will also include things that happened during my absence to give more continuity to the reports.

During the weeks 28 – 30, 11 snapshots could be published (0705, 0708, 0709, 0710, 0711, 0712, 0714, 0715, 0716, 0722, 0724, and 0725). There was a larger gap between 0716 and 0722, as openQA detected some issues on Mesa and sdbootutil,. As we did not want you to suffer through those problems, snapshots were held back and the issues addressed.

The most relevant changes included in those snapshots were:

• Mesa 24.1.3
• Mozilla Firefox 127.0.2 & 128.0
• KDE Gear 24.05.2
• PHP 8.3.9
• Apache 2.4.61
• cmake 3.30.0 & 3.30.1
• NetworkManager 1.48.4
• Ruby 3.3.4
• SELinux 3.7
• Linux kernel 6.9.9
• KDE Frameworks 6.4.0
• KDE Plasma 6.1.3
• LibreOffice 24.2.5.2
• trasnactional-update 4.7.0: soft-reboot feature not yet enabled, as it takes a bit more time to get QA adjusted for this during the summer break
• Agama installer medium is generated as part of the snapshot. This is not yet the default installer, but you are invited to check out progress. ISOs are published in https://download.opensuse.org/tumbleweed/appliances/iso/

The staging projects are currently nicely filled; some things are passing tests already, and others will take a bit more time. But you deserve to know what’s brewing, namely:

• gnutls 3.8.6
• Qemu 9.0.2
• Lua 5.4.7
• Systemd 256.4
• AppArmor 4.0.2
• Linux kernel 6.10.1
• cURL 8.9.0: breaks test suite of cmake
• ffmpeg-7 as system default (currently ffmpeg-6). A big bunch of packages is still stuck on ffmpeg-4.
• transactional-update: enable soft reboot; see https://microos.opensuse.org/blog/2024-06-13-soft-reboot/
• dbus-broker: some networking issue after upgrades left to work out
• GCC 14: phase 2: use gcc14 as the default compiler – lots of help needed: https://build.opensuse.org/project/show/openSUSE:Factory:Staging:Gcc7

An experimental “Pre-RC3” image for the Aeon Desktop has been published and testers are encouraged to try out the final prototype before it becomes the official Release Candidate 3 (RC3). The new image can be downloaded from the openSUSE development repository.

This prototype, which has been submitted to openSUSE Factory, introduces some significant changes and improvements. Notably, the dd backend in the tik installer has been replaced with a new systemd-repart backend. This change allows for the installation of Aeon with Full Disk Encryption that enhances the security features of the operating system.

Existing users of Aeon RC2 and earlier versions will need to perform a reinstall to take advantage of the new features destined for RC3. Due to the fundamental changes in partition layout necessary for the new encryption features, an in-place upgrade from RC2 is not feasible without risking data integrity, according to a post on the new Aeon Desktop subreddit. Users can utilize Aeon’s reinstall feature, which facilitates the backup and restoration of user data as long as a sufficiently large USB stick is used.

Users installing the prototype image may encounter some packages from the OBS devel project. These can be removed by running transactional-update --interactive dup and selecting solutions that replace devel:microos packages with official ones.

Testers are encouraged to provide feedback and report any issues encountered during the testing phase on the Aeon Desktop bug report page.

Next Steps

If the prototype is accepted into Factory and becomes RC3, the development of Aeon will be in its final stages before an official release. RC3 will serve as the basis for writing openQA tests for Aeon, which are crucial for ensuring the desktop’s stability and functionality.

There is a possibility of an RC4, which aims to streamline the installer process by embedding the full Aeon install within the installer image, potentially reducing the download size by 50 percent. If this approach is not feasible in the short term, it may be revisited post-release.

Full Disk Encryption is set up in one of two modes: Default or Fallback. Get more info about that in the Aeon Desktop Introduces Comprehensive Full Disk Encryption article.

The syslog-ng configuration starts with a version number declaration. Up until recently, if it was missing, syslog-ng did not start. With syslog-ng 4.8, this is changing.

From this blog, you can learn why version information is useful, what workaround you can use if you do not want to edit your syslog-ng configuration on each update, and what changed in version 4.8.

You can read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/why-it-is-useful-to-set-the-version-number-in-the-syslog-ng-configuration

Last year, I picked up Kalimba and put together some beginner melodies by transcribing youtube videos. That’s been a bit too needlessly arduous, so there is a few:

Sound of silence

6 6 1’ 1’ 3’ 3’ 2’
5 5 7 7 2’ 2’ 1
1’ 1’ 3’ 3’ 5’ 5’ 6’ 6’ 5’
1’ 1’ 3’ 3’ 5’ 5’ 6’ 6’ 5’
1’ 1’ 6’
6’ 6’ 7’ 1’’
1’’ 7’ 6’ 5’
6’ 5’ 3’
1’ 1’ 1’ 5’
7 1’ 6
6 6 1’ 1’ 3’ 3’ 2’
5 5 7 7 2’ 2’ 1’
1’ 1’ 3’ 3’ 5’ 5’ 6’ 6’ 5’
1’ 1’ 3’ 3’ 5’ 5’ 6’ 6’ 5’
1’ 1’ 1’ 6’
6’ 6’ 7’ 1’’
1’’ 6’ 6’ 5’ (?)
6’ 5’ 3’
1’ 1’ 1’ 5’
7 1’ 6

Wellerman

3’ 6 666 1’ 3’ 3’ 3’
3’3’4’ 2’2’2’ 4’4’6’6’3’ 3’
3’6 7 1’ 2’ 3’ 3’ 3’ …
3’ 2’ 1’1’7 6 …..

==

6’…. 6’.. 4’5’5’3’ 3’
3’4’ 2’ 2’3’4’ 3’ 1’ 6
6’…. 6’ 5’4’5’5’3’ 3’
3’ 3’ 2’ 1’ 7 6 …..

—

56 666 1’3’ 3’3’
3’4’ 2’2’2’ 4’4’6’ 3’3’
3’6 66 1’3’ 3’3’
3’3’2’1’ 1’1’ 776

6’ 6’ 4’5’5’ 3’3’
3’4’ 2’2’ 4’4’6’ 3’3’
6’ 6’ 4’5’5’ 3’3’
3’3’ 2’1’ 76
6 66 1’3’ 3’3’
3’4’ 2’2’ 4’6’ 3’3’
3’6 66 1’3’ 3’3’
3’2’1’ 1’1’ 76

Hedwig’s Theme Harry Potter

3 6 1’7 6 3’ 2’ 7
6 1’7 5 6 3 ….
3 6 1’7 6 3’5’ 4’3’
7 3’ 2’1’ 7 1’6
1’ 3’ 1’ 3’ 1’4’ 3’2’
7 1’ 3’2’ 7 53’
1’ 3’ 1’ 3’ 1’ 5’ 4’3’
1’ 3’ 2’1’ 7 1’6

Pirates

3566 671’1’ 1’2’77 6556
3566 671’1’ 1’2’77 656 (!)
3566 61’2’2’ 2’3’4’4’ 3’2’3’6
671’1’ 2’3’6 61’77 1’67….
3566 671’1’ 1’2’77 6556
3566 671’1’ 1’2’77 656 (!)
3566 612’2’ 2’3’4’4’ 3’2’3’6
671’1’ 2’3’6 61’77 6566
71’1’2’ 3’… 1’63 …
4 … 1’64 … 3 … 6 …
74’3’3’ 3’4’3’.. (0:53)
2’2’2’ 2’3’… 3’3’3’ 4’3’… 2’1’76

—

6 6 66 6 66 6 66 1’6
6 6 66 6 66 6 66 1’6
536… 7… 1’… 2’3’ 4’3’ 4’3’ 6’
67167 6 5 6
67167 1’ 2’ 2’ 2’3’4’61’
7 6 7 6 5 61’3’
6671’67
656671’6 71’
2’ 2’ 2’3’4’61’

I make a lot of digital things and need the space to store the information. I don’t like deleting items, after all, I did make the time investment. I also don’t want to put my data in “cold storage” for me to forget about where I put the drive or lose access due to bit-rot. […]