Software package updates for openSUSE Tumbleweed beginning in 2026 started off fast and paused in the middle of the month before resuming.

New major versions transactional-update and Ruby 4.0 begin the new year with major changes. GNOME keeps the 49 version rolling while Plasma 6.5.5, Frameworks 6.22.0 And KDE Gear 25.12.1 do the same. Even Xfce has some updates. Versions of the Linux Kernel source continue to update and bring improvement to hardware and several Common Vulnerabilities and Exposures were fixed with packages like curl, cups and QEMU.

As always, be sure to roll back using snapper if any issues arise.

For more details on the change logs for the month, visit the openSUSE Factory mailing list.

New Features and Enhancements

transactional-update 6.0.6: This major version updates refines the reliability and usability of openSUSE’s atomic system updates, especially for immutable and transactional systems like MicroOS and other flavors of the project’s distributions. It fixes self-update logic to correctly fetch the right libtukit version, improves FIPS compliance by using package-native setup commands, and cleans up logging. The “run” command now properly propagates exit codes and discards failed snapshots by default, while the --keep option allows preserving snapshots for debugging or reuse. Logging is overhauled with full journald/syslog support, SELinux handling is extended beyond /var, and soft-reboot behavior is stabilized.

Ruby 4.0: The Ruby programming language jump to version 4.0 reflects not just a version bump but a shift in ecosystem maturity. The release focuses on packaging and build improvements rather than new language features. It ensures better integration between tools like gem2rpm and package managers. It fixes dependency handling for advanced builds, introduces smarter macros for accurate runtime requirements, and removes outdated assumptions about documentation tools by dropping rdoc/ri packages due to upstream removal of key APIs.

GNOME 49.3: This minor update smooths out everyday desktop interactions, especially in system settings, online accounts, and core apps. Users will notice more reliable Wi-Fi toggling, better timezone search, correct locale application, and fewer UI quirks when adjusting keyboard or app settings. GNOME Online Accounts improves DAV auto-detection for services like SOGo, making calendar and contact syncing more dependable. Even bundled apps like GNOME Sudoku benefit from visual and gameplay fixes. GNOME Software 49.3 refines the app store experience with clearer messaging and smoother interactions. Long repository names now display properly, uninstall warnings more clearly explain data removal, and unnecessary firmware alerts no longer appear on the Installed Updates page. Scrolling with touchpad gestures feels more responsive, and rpm-ostree systems benefit from improved update history tracking.

Plasma 6.5.5: The Discover app now correctly responds to the F5 refresh shortcut and no longer hardcodes “Linux” in web searches. Window Manager and Wayland Compositor KWin improves multi-monitor handling by aligning screen-switching shortcuts with actual display order, fixes cursor scaling and resolves key repeat issues with input methods. Lock screen unlocking via KDE Connect is more stable, weather applet visuals are corrected, and Flatpak permissions load faster. System settings, notifications, and panel behaviors were refined and QR codes for WPA3 networks now use the correct format.

Frameworks 6.22.0: This release enhances encoding detection in KCodecs with improved UTF-16 and Greek/Hebrew support. The release refines clipboard performance on Wayland via threaded reading in KGuiAddons. Kirigami adds the TitleSubtitleWithActions component and fixes layout binding loops, while KIO improves file operations with a “Compare Files” button in rename dialogs and better thumbnail handling. Additional updates include holiday data for Japan, China, and Nepal in KHolidays, decoding fixes in KImageFormats, and removal of legacy features like KColorSchemeWatcher and form factor handling in KService.

KDE Gear 25.12.1: This release delivers focused fixes across the suite. Dolphin resolves issues with view properties, directory observation, and session file migration, while KMail and messagelib address crashes and fixes link-clicking in HTML emails. Kdenlive had stability improvements with crash fixes on copy/paste, proper welcome screen behavior on Wayland, and correct keyframe and transform editing. Itinerary and Kitinerary gains more reliable sorting, timezone handling and enhance travel data extraction with new support for Czech, Italian, and KLM tickets. Other highlights include NeoChat refining notification counts and reactions, Okular fixing stamp scaling and DVI text handling. Plus, Akonadi optimizes database cleanup and agent configuration.

Xfce4-panel 4.20.6: This update brings stability and usability of the Xfce desktop panel, especially on Wayland. It fixes visual glitches like button sizing when arrows disappear, ensures proper cleanup of plugin signals to prevent crashes, and refines workspace group handling for a smoother experience.

Xfce4-settings 4.20.3: This update makes display and accessibility settings more predictable and less error-prone. It resolves issues where color profiles were lost or failed to apply correctly by keeping track of active profiles and syncing with portal settings. The display configuration now matches monitors by EDID for more consistent multi-monitor setups, prevents redundant profile updates, and fixes memory leaks.

Inkscape 1.4.3: The update to the vector graphics editor delivers a more stable and polished experience. Key improvements include better handling of text-on-path rendering, robust layer and object selection logic, and fixes to prevent crashes when editing complex paths or using Live Path Effects (LPEs). The welcome screen is now faster and more responsive, toolbars adapt better to window sizes, and clipboard interactions are safer against rogue managers. Under the hood, PDF import is more reliable, font handling is improved, and extension errors are reported more clearly.

Vim 9.1.2050: Critical security fixes for the text editor address a buffer overflow with incomplete multi-byte characters and a use-after-free vulnerability that could be triggered via malicious autocmds. Users benefit from fixes to crashes, cursor and undo behavior, and better filetype detection for modern languages and tools.

Key Package Updates

GnuPG 2.5.16: This update improves the reliability of key handling and signature validation, which directly affects secure email, package verification, and encrypted workflows. A validation bug involving keyboxd is fixed, reducing the risk of incorrect trust decisions, and keyboxd migrations are now more robust. The release also cleans up legacy behavior by deprecating a rarely used armor option, while dirmngr gains forward compatibility with upcoming crypto libraries.

Linux kernel 6.18.3 through 6.18.7:: The 6.18.7 update resolves memory leaks in btrfs and pNFS, prevents deadlocks in NFS and GFS2, and fixes critical issues in networking as well as crashes in nvme-tcp and mlx5e drivers. The 6.18.5 update helps prevent crashes, and fixes memory corruption and privilege escalation across filesystems, networking, Wi-Fi, GPU drivers, crypto, and virtualization paths. The 6.18.4 update helps users benefit from safer CPU scheduling fixes, better Wi-Fi and networking robustness, and targeted AMD, Intel, and Bluetooth driver corrections that reduce crashes and edge-case misbehavior. The 6.18.3 update delivers critical stability and security fixes across storage, networking, and hardware support. It resolves multiple memory leaks and data corruption risks in btrfs, hfsplus, and ntfs3 filesystems, improves BPF verifier safety, and enhances Wi-Fi and Bluetooth compatibility with new device IDs and driver fixes. These are targeted correctness and stability fixes rather than new features, making the update a safe and worthwhile upgrade.

SDL 3.4.0: This update expands what games and interactive apps can do while improving performance and portability. Developers and gamers benefit from smoother mixing of 2D and 3D rendering, better controller support for popular gamepads, and native PNG handling that simplifies asset loading. HDR colorspaces, YUV textures, and paletted textures improve visual fidelity and retro-style workflows, while improved Emscripten and KMSDRM support help web builds and embedded or handheld systems.

xterm 406: This package enhances reliability, security, and standards compliance for one of the most widely used terminal emulators on Unix-like systems. It improves handling of modern text with support for Unicode variation selectors 15 and 16 while refining wcwidth behavior for private-use characters to consistently reflect their intended width, which is critical for CJK users and mixed-script layouts. The addition of numeric keypad codes in XTGETTCAP enables better application compatibility, and improved bounds checking for mouse events helps prevent potential input-related exploits. Emoji now respect configurable width via the new -emoji_width option, giving users control over rendering in scripts and tools.

UPower 1.91.0: This update improves how Linux systems manage power and peripherals, especially for modern laptops and multi-device setups. It adds support for controlling multiple keyboard backlight LEDs, which is useful for split or external keyboards with per-zone lighting. A new conf.d-style configuration system allows cleaner, modular setup for system integrators, while the deprecated CapacityLevel property signals a move toward more accurate battery reporting. Tests are now optional during installation, reducing overhead, but can still be enabled for development use.

dav1d 1.5.3: The decoder update makes AV1 video playback a bit faster and more reliable, especially on emerging RISC-V hardware. Everyday users benefit from smoother video decoding and fewer edge-case failures when playing or testing AV1 content. Under the hood, small performance optimizations and new RISC-V assembly improvements speed up prediction and blending paths, while a bug affecting IVF files with zero frames is fixed.

libnvme 1.16.1: This update matters because it improves the reliability and security of NVMe discovery and management, especially for networked and enterprise storage setups. Users and admins benefit from more robust NVMe-oF discovery, better error handling, and fixes around TLS key derivation that prevent subtle authentication failures. Support for additional transports, including Apple NVMe, and safer Python bindings make automation and tooling more dependable. Most changes are internal, but they reduce crashes, improve compatibility with newer OpenSSL versions, and make NVMe management scripts behave more predictably.

PipeWire 1.5.85: This update improves channel mapping with ALSA, and more stable playback at unusual sample rates. DMABUF device ID negotiation improves graphics-audio interoperability, while resampler and mixer fixes reduce distortion and latency issues. Many smaller bug fixes and compatibility tweaks make PipeWire more robust as it approaches the 1.6 version.

PackageKit 1.3.3: Users of this release benefit from upstream fixes rolled into the rebase and a cleaner, more stable experience without long-standing crashes or permission issues. PackageKit transitions to the newer dnf5 backend while dropping legacy dnf support. Systems using dnf gain a smoother path forward with fewer edge-case failures.

cups 2.4.16: This version fixes a critical infinite loop in the GTK print dialog caused by internal libcups changes, prevents the scheduler from stopping on unknown configuration directives, and resolves several long-standing bugs in UTF-8 handling and web authentication with domain usernames. It also includes fixes for local denial-of-service issues and an unresponsive cupsd triggered by slow clients (CVE-2025-61915, CVE-2025-58436). Packaging was cleaned up for immutable systems, rpmlint warnings were addressed, and minor driver and PPD scanning crashes were fixed. Overall, this is a strongly recommended update for both desktop and server printing reliability.

Security Updates

ImageMagick 7.1.2.12:

• CVE-2025-68618: A flaw where reading a malicious SVG file can cause uncontrolled recursion and trigger a denial-of-service crash.
• CVE-2025-68950: Fixes a failure to check for circular references in MVG image files that can lead to stack overflow and potential application crashes.
• CVE-2025-69204: A fix for an integer overflow that can lead to a buffer overflow and denial-of-service crash.

curl 8.18.0:

• CVE-2025-14017: A fix for a flaw that could potentially lead to undefined behavior or security issues during LDAP connections.
• CVE-2025-14524: A fix for redirect-handling and risk credential misuse.
• CVE-2025-15224: A fix for a flaw where public key authentication was allowed without requiring a private key or user-agent.
• CVE-2025-14819: A fix that could affect TLS trust validation.
• CVE-2025-15079: A configuration fix where mismatched known-hosts settings could weaken host verification.

cups 2.4.16:

• CVE-2025-61915: A fix for the configuration that could cause an out-of-bounds write leading to potential crashes or denial of service.
• CVE-2025-58436: This vulnerability gains a fix for when the print server hangs and becomes unresponsive for other users, resulting in a denial of service.

gimp:

• CVE-2025-15059: Fixes a buffer overflow that can let a malicious file crash the program or allow code execution when a user opens a crafted file.

harfbuzz:

• CVE-2026-22693: Fixes a null pointer where the code may dereference a NULL allocation result and crash when parsing certain font tables.

qemu:

• CVE-2026-0665: This fixes a vulnerability that could let a malicious guest trigger an out-of-bounds memory access in the host process leading to crashes or denial of service.

libheif 1.21.1:

• CVE-2025-68431: A fix for a flaw that could cause malformed overlay image data that leads to a crash when decoding crafted files.

uriparser 1.0.0:

• CVE-2025-67899: Fixes a flaw that crashes applications that parse certain URIs.

XWayland 24.1.9:

• CVE-2025-62229: A fix that may lead to memory corruption, crashes, or privilege issues when processing display notifications.
• CVE-2025-62230: Fixes a flow that can cause memory corruption or crashes when keyboard resources are released.
• CVE-2025-62231: Fixes an integer overflow that may lead to memory corruption or crashes from malformed keyboard mapping data.

freerdp 3.21.0:

• CVE-2026-23530: A fix for a heap buffer overflow that can crash the client or corrupt memory and potentially lead to code execution.
• CVE-2026-23531: Fixes a server crash the client or corrupt memory.
• CVE-2026-23532: Fixes a heap buffer overflow that could be triggered by a rogue server, causing crashes or heap corruption.
• CVE-2026-23533: Fixes an exploit that could crash the client or alter memory.
• CVE-2026-23534: Fixes a decode path that may let a malicious RDP server crash the client or lead to memory corruption.
• CVE-2026-23732: Fixes a buffer overflow that can be triggered by malformed data from a server, causing client crashes or denial of service.
• CVE-2026-23883: Fixes some pointer cleanup errors during update calls that can be exploited can crash the client or corrupt memory.
• CVE-2026-23884: A fix for a bug that may allow crafted server data to crash the client along with potential heap corruption with code-execution risk.

gpg2 2.5.17:

• CVE-2026-24881: Fixes a stack-based buffer overflow when processing crafted messages that can cause crashes and may allow memory corruption.
• CVE-2026-24882: Fixes a component during handling that could let a local attacker crash the service.
• CVE-2026-24883: Fixes a signature packet that can cause a NULL pointer dereference in parse_signature.

libpcap 1.10.6:

• CVE-2025-11961: A fix for a flaw that could potentially cause an out-of-bounds memory access and crash when provided malformed input.

libtasn1 4.21.0:

• CVE-2025-13151: A stack-based buffer overflow, which can overflow a fixed-size stack buffer, potentially causing crashes or other memory corruption issues.

libsoup:

• CVE-2026-0716: Fixes a flaw where the library may read memory beyond intended bounds and potentially cause crashes or expose data.
• CVE-2026-0719: Fixes an overflow issue that may lead to incorrect memory handling and cause crashes or denial of service in applications.

Users are advised to update to the latest versions to mitigate these vulnerabilities.

Conclusion

January set a solid trend for Tumbleweed as newer major versions arrived. Components such as the Linux kernel, PipeWire, SDL, and storage libraries improved hardware support, performance, and reliability. A wide range of timely security fixes across graphics, networking, multimedia, and system libraries rounded out the month and users can look forward to 2026 with confidence.

Slowroll Arrivals

Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users. Updated packages for Slowroll are regularly published in emails on openSUSE Factory mailing list.

Contributing to openSUSE Tumbleweed

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

On January 29th, the Open Build Service (OBS) experienced a significant service disruption. All OBS users were affected for around 1 hour and 45 minutes. We want to give you some insight into what happened and what steps we are taking to prevent similar problems in the future. Detection During deployment, we detected many errors being tracked in our logs. Root Cause The errors tracked in our logs pointed to a lock wait timeout. After...

More than 30 years ago, when 32 Bit, and Athlon used to be modern, I was fascinated with the little program freq51 (called as xfreq on X11). That thing could use a normal microphone and soundcard, and gave you an idea about the frequency spectrum of arbitrary sounds – in real time. Times have changed, and nowadays you probably would use your mobile phone to accomplish this, but still I missed xfreq.

I had some AI time from my subscription still available, and thought, why not trying “Vibe Coding” to get that back. About everything would have to be changed, and I had no idea about programming of a pulseaudio device, or what to use for graphical interfaces. Still, I wanted to try, and it actually did take me about an evening to modernize that old piece of a gem. This now looks like this:

Now, I have to explain a bit, because it really looks somewhat different. The reason is not so much the AI, but the additional features I requested. The current sample is a tuning sound from a KORG Auto Tuner, that is why all the harmonics are just in line.

First, the FFT graph: You can use the mouse wheel to change the looked at interval for both, Amplitude and Frequency. Just point to the scale and turn the wheel. To zoom in or out, just point to the main spectrum window. You can also just click and drag to move the graph around.

On the right hand side is something totally new. Back then, I helped another Student with his final study, where he compared the sound of Celli a) from a hearing perspective, and b) from a analytical perspective. What he found back then was, that the harmonics of string instruments never are exactly where theory would expect them. However the closer they are, the better the instrument sounds. Of course his work covered lots more, but this is the result in very short. Ever since that study, I wanted to have the possibility to have such an analysis easily performed. And that is, what you can see to the right.

That panel shows subharmonics (calculated from the harmonics, but not measured) as grayed out values, then from the base frequency up to 16 harmonics all the different measured harmonics and their deviation from the calculated value. The result is in both, frequency and cent. In order to make it even more easy to look at, I also let it create a vertical line, that shows deviations from the calculated value. In that case, this is only a scale form -10 to 10 Cent, anything beyond would just change the color.

To see what this could look like, here is another improvised example:

All the other drop down menus should be self-explanatory. There is not much difference to the original program, even standard keys are implemented.

I have added that little toy to my home project in OBS: home:azouhr for Tumbleweed. You can find the resulting package as well as the source code at https://build.opensuse.org/projects/home:azouhr/packages/freq-modern/repositories/openSUSE_Tumbleweed/binaries

So, tell me if you also like it. To me, this one nice toy, just being created by an AI. No, I did not do a review, and I have no idea what the AI did exactly. However, from my experience with bash code and reviewing it, it probably is easy to read and well done.

Reading files and monitoring directories became a lot more efficient in recent syslog-ng releases. However, it is also needed manual configuration. Version 4.11 of syslog-ng can automatically configure the optimal setting for both.

Read more at https://www.syslog-ng.com/community/b/blog/posts/automatic-configuration-of-the-syslog-ng-wildcard-file-source

This article was written by Marcus Rueckert, Build Service Engineer at SUSE. This article originally appeared on the ‘Nordisch by Nature‘ blog under the same title and has been slightly updated for the suse.com blog. The End of Spec File Sprawl? Enter Declarative RPM For decades, the RPM spec file has been the “Swiss Army […]

The post Declarative RPM: Cleaning Up Your Spec Files appeared first on SUSE Communities.

Dear Tumbleweed users and hackers,

Just in time for the weekend, we have managed to get a snapshot out. You likely noticed the gap between Jan 13 and Jan 21; this was due to some tricky conflicts between Postfix and SELinux. While the pause dragged on longer than we would have liked, the resolution was successful.

Crucially, nothing broke on existing systems, and new submissions to Factory continued to be processed in the background. This resulted in a massive accumulation of changes rolling into snapshot 20260121.

The accumulated changes include:

• 389-ds 3.2.0
• ImageMagick 7.1.2.13
• Mozilla Firefox 147.0
• alsa 1.2.15.3
• Amarok 3.3.2
• KDE Plasma 6.5.5
• FreeRDP 3.20.2
• Linux kernel 6.18.6
• libvirt 12.0.0
• PHP 8.4.17
• Postfix 3.10.7
• Ruby 4.0.1
• Shadow 4.19.2
• util-linux 2.41.3

From an end-user perspective, the result is essentially the same as receiving five smaller snapshots, though major updates like KDE Plasma 6.5.5 had to simmer a bit longer than usual before reaching you.

With the blockage cleared, we look forward to returning to our regular pace. Here is what is coming your way soon:

• Mozilla Firefox 147.0.1
• Pipewire 1.5.85
• PackageKit 1.3.3
• Cockpit 354
• Linux kernel 6.18.7
• Pam 1.7.2
• libzypp (adding support for UAPI style configuration)

This is a roundup of articles from the openSUSE community listed on planet.opensuse.org.

The community blog feed aggregator lists the featured highlights below from Jan. 16 to Jan. 22.

Blogs this week highlight mentoring with the Season of KDE 2026, efforts to tackle the Y2K38 problem, an announcement about the call for proposals for the openSUSE Conference, news about a high-end executive laptop by Slimbook and several other topics. Other topics include discussions about KDE, Myrlyn 1.0, testing of syslog-ng’s 4.11 release, adding Firefox’s Nightly Repository and much more.

Here is a summary and links for each post:

Season of KDE 2026 Projects Announced

The KDE Blog reveals the selected projects for Season of KDE 2026, which is a mentorship program that pairs contributors with experienced developers to create impactful open-source features over several months. This year’s cohort includes diverse initiatives such as improving accessibility in KWin, enhancing KDE Connect’s file transfer reliability, developing a new vector-based icon theme, and integrating AI-assisted coding tools into Kate and KDevelop.

Myrlyn 1.0 Released: A New Package Manager for openSUSE

Victorhck reports that Myrlyn, the modern Qt6-based graphical package manager for openSUSE, has reached its 1.0.0 milestone. The new version brings community repository support on Leap 16.0, improved package search (including RPM Recommends), and a more organized transaction history view. Myrlyn continues to evolve with usability enhancements that simplify installing, updating, and removing software.

A New Era for Calligra Plan and Key Productivity Improvements This Week in KDE Apps

The KDE Blog reports progress with the release of Calligra Plan 4.0.0, which is the first version of the project planning tool built on Qt 6. Recent updates include improved Gantt chart rendering, better resource allocation tools, and enhanced file compatibility with other project management formats. The roundup also covers updates across the ecosystem, including improvements in NeoChat, Kaidan, Drawy, Kdenlive, Kate, and more.

Call for Testing: syslog-ng 4.11 is Coming

Peter Czanik invites the community to help test the upcoming syslog-ng 4.11 release. Key features under test include support for Elasticsearch/OpenSearch data streams, a new Kafka source, and various CMake build fixes.

Add the Firefox Nightly Repository in openSUSE

Victorhck explains how to install Firefox Nightly on openSUSE using Mozilla’s official RPM repository. The Nightly version offers early access to new features and performance improvements, and can coexist alongside the stable Firefox release without conflict. Instructions include adding the repository via zypper, refreshing package metadata, installing the browser, and optionally adding language packs for localization.

Accessibility with Free Technologies – Episode 11: EU, Fediverse, Open Data, Apps, Joomla, and Inclusive Talent

The KDE Blog highlights the long-awaited return of a Spanish-language podcast focused on digital inclusion through open-source tools. Episode 11 covers a wide range of topics including EU accessibility initiatives, Fediverse client recommendations and more.

Open-Source Community Tackling Y2K38 Epoch

The openSUSE Project reports on the growing community efforts to address the Y2K38 problem, which is a timekeeping crisis set to occur on January 19, 2038. Testing by openSUSE developers has already revealed failures in compilers, version control systems, desktop toolkits, and core utilities when simulating post-2038 dates, even on modern 64-bit systems. The blog highlights actions related to toolchain improvements, build system hardening, and advocacy for safer time types like int64_t.

Amarok 3.3.2 Released with Improved Usability and Stability

Victorhck and the KDE Blog cover the release of Amarok 3.3.2, which is KDE’s beloved music player. This version includes refined playlist handling, better metadata synchronization, and fixes for crashes related to large libraries and online service integrations. The update also bumps the dependency to KDE Frameworks 6.5.

Register and Submit a Presentation for openSUSE Conference 2026

The openSUSE Project has opened registration and the call for proposals for the openSUSE Conference 2026, which is scheduled to be held in Nuremberg, Germany, from June 25–27. Attendees can submit talks or workshops in categories such as Lightning Talks (10 min), Short Talks (30 min), Long Talks (45 min), and Workshops (1 hour), across tracks including Cloud, Community, Embedded Systems, Open Source for Business, and more. The event coincides with other major open-source conferences in Central Europe. Submissions are accepted until April 30.

KDE Express Episode 64 – Happy New Year 2026 with Love from Phoronix

The KDE Blog presents the latest episode of KDE Express, hosted by David Marzal, and summarizes key developments in KDE and the wider free software ecosystem at the start of 2026. Highlights include KDE dominating Phoronix’s most-read stories of 2025 and KDE’s fundraising efforts.

Open Source in Data Centers with Eduardo Collado – Compilando Podcast

The KDE Blog features a new episode of Compilando Podcast where host Paco Estrada interviews Eduardo Collado, a respected expert in telecommunications and open source infrastructure. They discuss the strategic role of open source software in modern data centers, and cover topics like digital sovereignty, Linux’s dominance in production environments, and real-world applications in networking, automation, and cloud services.

Dark Mode Toggle and Global Push-to-Talk in Plasma

The KDE Blog highlights new features being merged ahead of Plasma 6.7, including a system-wide dark mode switch that lets users instantly flip between light and dark themes. A global push-to-talk option is also coming that allows all microphones to remain muted until a chosen key is held down.

Slimbook Executive Range Renewed

The KDE Blog reports that Slimbook has refreshed its high-end Executive laptop lineup with updated hardware and improved connectivity for professional Linux users. The renewed models emphasize powerful performance, a high-resolution display, and premium build while maintaining strong Linux compatibility.

openSUSE Tumbleweed Weekly Review – Week 3 of 2026

Victorhck and dimstar provide an overview of openSUSE Tumbleweed snapshots released during the third week of January 2026. They highlight key updates such as Linux kernel 6.18, GNOME 49.3 components, and AppArmor 4.1.3. The review points out reports by GNOME users who have experienced some crashes with Bluetooth devices.

The Journey of Auditing UYUNI

The SUSE Security Team blog details the comprehensive security audit of Uyuni. The audit identified several vulnerabilities to include XSS flaws and unprotected endpoints. The audit also identified numerous minor issues and led to code hardening suggestions.

View more blogs or learn to publish your own on planet.opensuse.org.

The syslog-ng 4.11 release is right around the corner. Thousands of automatic tests run before each new piece of source code is merged, but nothing can replace real-world hands-on tests. So help us testing Elasticsearch / OpenSearch data-streams, Kafka source, cmake fixes and much more!

The development of syslog-ng is supported by thousands of automatic test cases. Nothing can enter the syslog-ng source code before all of these tests pass. In theory, I could ask my colleagues at any moment to make a release from the current state of the syslog-ng development branch once all tests pass. However, before my current job, I was working as a director of quality assurance, so I have a different take on testing things. Automatic test cases are indeed fantastic and help us to catch many problems during development. However, nothing can replace real-world users trying to use the latest version of your software.

Personally, I run a nightly or git snapshot build of syslog-ng on all my hosts. However, none of my machines are mission-critical, where downtime would cost $$$ with each and every passing minute. While syslog-ng snapshot builds are usually quite stable and breaking configuration changes are rare, I still do not recommend installing these builds on critical servers. On the other hand, I am a big fan of production testing on hosts where running into occasional problems is not a critical issue.

Read more at https://www.syslog-ng.com/community/b/blog/posts/call-for-testing-syslog-ng-4-11-is-coming

Just 12 years remain before a fundamental limit in timekeeping threatens to disrupt unprepared computer systems; Y2K38 is the new Y2K, and open-source contributors are aiming to create actionable warnings.

Known as a Faulty Date Logic, which is a lot more common in computer systems than people may think, openSUSE is actively surfacing and fixing these issues through early testing, toolchain improvements and community-driven coordination to ensure software remains reliable well beyond 2038.

At 03:14:07 UTC on Jan. 19, 2038, the UNIX Epoch will exceed the maximum value of a signed 32-bit integer; 2,147,483,647, or 0x7fffffff. Beyond that point, systems that still rely on 32-bit representations of time risk rolling over into invalid dates, triggering failures that range from subtle data corruption to outright crashes.

While most see this as an issue for 32-bit platforms such as i586 or armv7, there are some exposures with modern 64-bit systems as covered in an openSUSE Conference talk some years ago.

Y2K38 is close enough to force action and recent testing by openSUSE developers demonstrates that the risk is immediate and tangible. By advancing a build system’s clock into the year 2038, numerous packages failed to compile or pass their test suites. Affected software in the tests included version control tools, editors, compilers, Python libraries, desktop toolkits and system components.

In some cases, basic system behavior like uptime reporting was disrupted.

Several of these failures have been corrected, but breakages in these tests show how deeply embedded 32-bit time assumptions exist.

Each new feature or refactoring carries the risk of reintroducing the problem if developers default to using int or long instead of safer types such as time_t, int64_t or long long.

The problem extends beyond applications. Commonly used protocols, including SOAP/XML-RPC and SNMP, encode timestamps using 32-bit values. Implementations must therefore take extra care to handle dates beyond 2038 without breaking interoperability.

Testing itself remains challenging. Tooling improvements are being explored as a next step for these adjustments. Discussions are underway about adding compiler warnings when code performs unsafe conversions between 32-bit integers and time-related types.

Leap 16 is 2038 safe as it comes with 32-bit (ia32) support disabled by default, but the tests show that changes in future minor releases will need to be made for affected 64-bit pieces.

Developers interested in the topic can engage with the openSUSE Factory mailing list or with the discussion on Reddit discussion about the topic.