What is openSUSE.Asia Summit?

The openSUSE Project is excited to announce that openSUSE.Asia Summit 2024 will be held in Tokyo, Japan. The openSUSE.Asia Summit is an annual conference for users and contributors of openSUSE and FLOSS enthusiasts. The former summits received major participation from Indonesia, China, Taiwan, Japan, South Korea, and India.

Since the first openSUSE.Asia Summit was held in Beijing in 2014, the summits have been great opportunities for the online community to gather in person, know each other, and share knowledge and experiences about openSUSE including applications running on it. However, COVID-19 made it difficult for 3 years. One of our goals of this year’s summit is to provide a place for communication. Please note that we will not accept talks by video call this year.

The summit dates

The summit will be held on Nov. 2 and 3. An excursion for speakers is expected on Nov. 4, which will be announced later.

You might be interested in Open Source Summit Japan and Open Compliance Summit, held by the Linux Foundation near the venue just before our summit.

Cross-Distro Track

We are going to co-host the Cross-Distro Track by the collaboration with Cross Distro Developers Camp (XDDC). XDDC is a wider developer community of FLOSS OS distribution including openSUSE, Debian and Ubuntu and works together to resolve common issues especially related to Japanese. This year, we are considering inviting speakers and participants from other distribution communities, which will undoubtedly contribute to making the event even more exciting. Furthermore, it will be a great chance to let them know how openSUSE and its community are.

Venue

The openSUSE.Asia Summit 2024 is going to be held in SHIFT Inc., located in Azabudai Hills, Minato-ku, Tokyo, Japan. SHIFT Inc. is a company that supports to create sellable products and services and to grow the business of its customers. It offers integrated IT solutions and consulting services, including development, testing, UI/UX, and security, with its outstanding knowledge in software quality assurance.

• SHIFT Inc.

Azabudai Hills is a large-scale urban redevelopment project completed in November 2023. This area, which combines offices, residential units, retail outlets, and cultural facilities, is also a newly prominent tourist attraction. It is, of course, easy to access from Tokyo/Haneda airport and anywhere in the capital area by public transportation.

Tokyo and Japan

Tokyo is the capital of Japan. Its infrastructure and global connectivity will help attendees travel to the summit. There are direct flights from major cities in Asia Pacific as well as Europe and North America to either Tokyo/Haneda or Tokyo/Narita.

Tokyo is also a popular place for sightseeing with its unique culture, food, etc. Especially, characters from video games, anime, and comics, which are now common globally, attract tourists to Japan. In Tokyo, you can easily find character shops and get items related to works you love.

• Tokyo Manga and Anime Guide — japan-guide.com
• Food & Drink in Tokyo ― GO TOKYO

The number of tourists from abroad has recovered last year to the same level as before COVID-19. Due to the currency exchange rate, it will be a great chance to enjoy your trip to Japan while saving your money.

However, if there is any possibility of attending the summit, you should book your hotel right away with a cancelable plan. Some of our recommended hotels start accepting reservations from 5 months ago, which is June 1. Because Nov. 4 is a public holiday in Japan, rooms in budget hotels become sold out soon, or you will need to pay for your hotel at an inappropriately expensive rate, which might not be covered by the Travel Support Program.

Please also check the following web sites for tourism information in Tokyo and Japan:

• GO TOKYO (Tokyo Convention & Visitors Bureau)
• Travel Japan (Japan National Tourism Organization)
• Japan Guide

Call for speakers

We will start to call for speakers in June. Please read another post for the call for speakers on news.opensuse.org, published in a couple of days.

Wrapping Up

The openSUSE.Asia Summit is a great opportunity for the openSUSE community to meet together. The attendees will be able to enjoy their stay in Tokyo during the summit.

We are looking forward to seeing you this November in Tokyo.

Have a lot of fun!

The content discusses the process of migrating a VDI image of Windows 10 from Virtualbox to Virt-Manager. It outlines the steps of converting VDI to QCOW2, importing it to Virt-Manager, enabling clipboard sharing, setting up a shared folder with the host, and installing essential tools for KVM/QEMU. It also shares the author's experience and thoughts on the process.

I'm glad to say that I'll participate again in the GSoC, as mentor. This year we will continue the work done during the past year, as part of the openSUSE project.

So this summer I'll be mentoring an intern and we'll continue working on improving the testing framework of the rpmlint project.

This year we've a better testing framework, thanks to the work done during the past Summer of Code, by Afrid. So the goal for this year is to try to modernize existing tests and remove as much files as possible from test/binary directory, replacing those with mock packages defined with python code.

The selected intern is Luz Marina Montilla Marín. She has done some initial work in the rpmlint project, creating the mock packages for some tests and we've just started with the work to do during the GSoC program, evaluating the tests that we've right now and planning were to start.

She studies at Córdoba, Spain, my hometown. Every year I try to reach young people at different local universities, here in Andalucía, and sometimes I'm able to convince some students to participate, like the GSoC 2020, when Alejandro Dominguez, from Seville, were working on Fractal. So I'm happy that I'm increasing the number of free software developers in my local community :D

I'm sure that she will be able to achieve great things during these three months, so I'm looking forward to start to code and see how far can we go.

Welcome to the monthly update for openSUSE Tumbleweed for May 2024. This month has seen a significant number of updates, enhancements, and crucial security fixes. Whether you are a developer, a system administrator, or a casual user, these updates are designed to enhance your experience and ensure the highest level of security and performance.

Should readers desire a more frequent amount of information about snapshot updates, readers are encouraged to subscribe to the openSUSE Factory mailing list.

Let’s go!

New Features and Enhancements

• Linux Kernel 6.9.1: The month of May had a couple updates for the Kernel, but so far remains at version 6.9.1, which addresses various issues and enhancing overall stability. The mt76 driver for wifi saw improvements with the addition of missing chanctx operations for the mt7915 wifi card, enhancing functionality. A critical fix was made to the keys subsystem to prevent overwriting key expiration during instantiation, improving security. Support for system suspend/hibernation was enhanced for the Modem Host Interface subsystem with the addition of the mhi_power_down_keep_dev() Application Programming Interfaces, which is beneficial for maintaining device states during power management operations.
• LLVM 18.1.6: Subpackages that were updated were clang-tools, clang18, libLLVM18, libclang-cpp18, libclang13, llvm18-gold. Fixed issues with generating incorrect thunks for functions with aligned parameters or incorrect return value passing when StructRet was used. -Xclang -target-feature -Xclang +unaligned-scalar-mem for enabling unaligned scalar memory accesses on CPUs without unaligned vector access support were introduced. Build failures when compiling AVX512 code with -march=native on machines without AVX512 were addressed. Crashes in the AArch64 backend related to fcmp instruction operands being true or false at the IR level were fixed and there was a fix to compiler crashes.
• KDE Frameworks 5.116.0: Breeze Icons received new icons for audio/ogg and audio/x-vorbis+ogg file types, as well as the audio/vnd.wave MIME type, enhancing support for audio file formats. Extra CMake Modules had notable updates including the dropping of attempts to set IMPORTED on targets with installed configurations in ecm_add_qch. KFileMetaData saw a fix with the handling of attribute namespacing and improved metadata accuracy and processing. KService addressed a warning related to the “mimeType x-scheme-handler/file not found” issue.
• udisks2 2.10.1: This update features updated Ukrainian and German translations, improvements to testing for LVM2 RAID by wiping used devices, settling down before checking properties and rescanning vdevs after tests. Offline and online filesystem grow tests were added, and documentation for the Filesystem.Size property was clarified. A fix was implemented for Python class invocation in nvme tests, and a –no-partition-scan option was added for the loop-setup command in udisksctl. A --no-partition-scan option for the loop-setup command in udisksctl was added.
• firewalld 2.1.2: The update to 2.1.2 includes several fixes: the policy now allows forwarding ports with the to-addr for egress-zone=HOST, the range check for large rule limits in rich rules has been corrected, and skip detection in the fw-in-container environment has been fixed during testing.
• snapper 0.11.0: The update introduces asynchronous cleanup of stale btrfs qgroups and reverts some parts to fix the build in the Open Build Service. The cleanup service is now set to run every hour and qgroups are disabled if they do not exist to avoid failure when creating snapshots. Support for quarterly snapshots has been added, and a table-style selection is now based on codeset.
• GTK3 3.24.42: Printing is improved by avoiding access to freed printers. Wayland fixes include correct monitor sizes, a crash related to tablet removal, inferred resizable edges for tiled windows, and ensuring commits occur soon after acknowledging a configure. GTK4 4.14.4: A crash issue when there is no child was resolved and efficiency improvements were made in loading symbolic SVGs and handling color-free symbolics. Accessibility updates include making the gtk-demo sidebar search more accessible and stopping the emission of focus events. GDK introduced support for XDG_ACTIVATION_TOKEN and made defensive improvements for dmabuf. These improvements include handling unknown formats more carefully and using a narrower range for YUV formats.
• Mozilla Firefox 126.0. The browser brought had a major update and fixed 16 Common Vulnerabilities and Exposures. There was arbitrary JavaScript execution in PDF.js fixed with CVE-2024-4367. A potential permissions request bypass via clickjacking was fixed for CVE-2024-4764. There were memory safety bug fixes addressing CVE-2024-4778 and CVE-2024-4777; the latter helps with those for Firefox ESR 115.11 and Thunderbird 115.11. sssd 2.9.5: The update introduces a new configuration option called failover_primary_timeout. This option allows users to configure how often SSSD tries to reconnect to a primary server after successfully connecting to a backup server. Previously, this interval was hardcoded to 31 seconds, which remains the default value.
• openldap2 2.6.7: The liblber library fixes a missing newline on long messages and libldap addresses exit handling issues with OpenSSL3, TLS usage with multiple LDAP URIs OpenSSL cipher suite handling and handling of Diffie-Hellman parameter files with OpenSSL 3.0. The slapd service now honors the disclose option in matchedDN handling, improves regex testing in ACLs, and fixes sync replication with glued databases.
• iproute2 6.9: The update introduces several new features and improvements: The m_mirred module now allows mirroring to block and the tc command adds NLM_F_ECHO support for actions and filters. The ip command has been enhanced with coupled_control support for bonding and a new monitor command for IOAM6.
• xwayland 24.1.0: The feature release addresses several regressions introduced in previous release candidate versions. The eglstreams support has been dropped.
• AppStream 1.0.3: Key features include enhanced validator checks to ensure description lists aren’t translated, improved translation checks for descriptions and the ability to propagate selected custom entries to catalog output via the CLI compose command. Many other features were added.

Key Package Updates

• tpm2-0-tss 4.1.0: This updated provided a major security fix for CVE-2024-29040. Various bug fixes were implemented, including correcting the length check on FAPI auth callbacks, fixing the deviation from the CEL specification and resolving json syntax errors in FAPI profiles that were previously ignored by json-c. The update also adds support for new features and enables the usage of external keys for Fapi_Encrypt.
• postgresql16 16.3: A fix was made for CVE-2024-4317, which could allow for an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users.
• Python 3.x versions had a fix for CVE-2023-6597 A vulnerability was discovered in the CPython. It affected versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, 3.8.18, and earlier. This class would incorrectly follow symlinks during cleanup when there were permission errors. As a result, users with the ability to run privileged programs could potentially change the permissions of files pointed to by symlinks under certain conditions.

Bug Fixes

• glib2 2.80.2:
  • CVE-2024-34397 - An issue in GNOME GLib allows spoofed D-Bus signals, affecting client behavior
• qt6-base:
  • CVE-2024-33861 - QStringConverter’s invalid pointer callback can modify the stack, risking vulnerabilities in applications using QStringDecoder.
• libxml2 2.12.7
  • CVE-2024-34459 - Buffer over-read in xmllint –htmlout can cause vulnerabilities in libxml2 before 2.12.7.
• libarchive 3.7.4:
  • CVE-2024-26256 - Remote Code Execution Vulnerability.
• krb5 added some patches to fix memory leaks related to:
  • CVE-2024-26458
  • CVE-2024-26461
  • CVE-2024-26462
• ovmf
  • CVE-2022-36763 - EDK2 vulnerability in Tcg2MeasureGptTable() allows heap buffer overflow via local network
• python-Jinja2 3.1.4:
  • CVE-2024-34064 - Jinja’s xmlattr filter vulnerability allows non-attribute characters in keys, risking XSS attacks.
• tpm2-0-tss 4.1.0:
  • CVE-2024-29040 is a flaw that allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.

Conclusion

The month of May 2024 had a steady flow of crucial security fixes, important updates, and notable enhancements across various packages for openSUSE Tumbleweed. The updates to the Linux Kernel, LLVM, KDE Frameworks and numerous other components ensure that Tumbleweed systems remain feature-rich and keep rolling. Developers and users alike benefit from the improvements, enhancements and new features.

For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

_{^{(Image made with DALL-E)}}

Do you want to know how your log messages arrived to syslog-ng? The new $TRANSPORT macro provides you with part of the answer. It shows you the protocol variant for network sources, or the kind of local source used.

Read more at https://www.syslog-ng.com/community/b/blog/posts/the-transport-macro-of-syslog-ng

Contributors developing the Aeon Desktop are happy to announce a major milestone with the launch of Release Candidate 2 (RC2) images.

Within the last 24 hours, an update of aeondesktop.org points to the new images.

Aeon is a cutting-edge operating system with the GNOME desktop that provides automated computing experience. RC2 promises a plethora of innovative features that are not found by default in other openSUSE offerings. Here are some of the key enhancements for Aeon fans.

One of the standout features of Aeon Desktop RC2 is the inclusion of Linux Kernel module zram by default. This feature significantly improves system performance by avoiding the need to swap data to slow hard disk drives (HDDs) or wear-limited solid-state drives (SSDs); this provides users with faster and more efficient memory management.

Another feature introduced in Aeon is a revolutionary image-based installation process powered by the new installer tik. This ensures every user receives an identical configuration out-of-the-box. The customization is made easy and reproducible using Ignition and Combustion, which makes setup and replication a breeze.

For those with large enough USB sticks, tik can migrate existing user accounts, applications, data, WiFi/VPN configurations and even rootless containers to the new install. This feature is perfect for low-impact reinstallations or migrating from the older MicroOS Desktop to the new Aeon Desktop. It will also work for migrating Tumbleweed installs to Aeon, as long as they use the default partition layout. Those interested in installing or migrating should read the Install Guide and report bugs at aeondesktop.org/reportbug.

In a bid to enhance security and improve usability, Aeon does not configure a root account. Instead, the first user created during installation will use their own password with sudo and policykit to run administrative tasks. This reduces the risk of unauthorized root access and avoids the need for a second password to be remembered and/or shared between all the users of the system.

The RC2 will boast a clean and silent boot process, devoid of flickers and random log outputs, thanks to systemd-boot. The boot process is notably fast and is clocking in at approximately 8 seconds on slower machines.

Aeon is the only openSUSE distribution that automatically downloads and updates x86_64_v3 optimized libraries if supported by the hardware. Users don’t need to take any action to enjoy a faster system with these optimizations. The system is tailored for gamers and specific SELinux configurations support gaming while maintaining robust security policies. This unique feature sets it apart from other openSUSE distributions.

As a dedicated desktop operating system, remote access is disabled by default but can be easily enabled and managed through the GNOME settings app. This gives users control over their remote desktop and SSH configurations.

RC2 is the first openSUSE distribution to utilize systemd-repart; this receives benefit from the Linux Userspace API (uapi_group’s) Discoverable Partitions Specification. This makes disk management more intuitive and efficient, as well as tying in nicely with Ignition/Combustion to make reproducible partitioning trivial.

The use of Btrfs compression by default is a game-changer for Aeon. It not only decreases SSD wear but often improves performance and saves more than 40 percent of disk space used by a standard installation.

Aeon is unique in its automatic updating of user distroboxes daily, along with other automated system and flatpak updates. This ensures users always have the latest updates with minimal effort. For those interested in distroboxes, this year’s openSUSE Conference will have founder Luca Di Maio providing a keynote talk at the conference.

The RC2 release is just the beginning and the team of contributors anticipates more contributions from the developer community to elevate this desktop experience even further. As development continues, users can look forward to even more innovative features and improvements.

Stay tuned for the official release and find out more about the Aeon Desktop community at this year’s openSUSE Conference.

Some time ago I quickly wrote a little utility to render XRechnung documents on the free desktop, called XRView. This is the initial Bogpost. It was a very fundamental Qt Widget app that shows e-invoice docs that come in the XRechnung XML format, in a human readable view.

It was never properly released, so recently I decided to wrap it up and finally cut a first release which people can find on the release page on Codeberg.

Technically it uses the XSLT stylesheets provided by Kosit and calls an external java process on the local machine to run that through a specific Saxon processor. For that, XRView requires a java runtime installed.

Since the setup of these dependencies is a bit cumbersome, the new release 1.0 does that for users. It downloads the stylesheets and also the saxon processor runtime from their upstream repositories and stores them on the local machine for future use. Of course it is strongly recommended to double check the downloaded resources for their validity and integrity and not to run software that some other code downloaded.

More new features in this first release are:

• internationalization, first available language is German
• a rudimentary application menu with about dialog and such
• the setup routine as described above

Note that this is the first release of the software. Yet, I think it is useful, and a interesting starting point for further activities in this area. As XRechnung will become a mandatory standard for all companies in Germany (at least) I think it is very important to have a free software alternative. There are already many commercial offerings.

However, I am not feeling to develop and maintain this as an “one man show” forever. Being kind of frustrated about the way how free software is often consumed nowadays, I will happily continue to contribute to it if there is more interest than “gimme for free” by other people or organizations.

Let’s see if this is heading somewhere :-)

Dear Tumbleweed users and hackers,

Week 21 felt somewhat quiet. But then, in my region, it was only a 4-day week with Monday being a holiday, which certainly added to the calm. Yet, we published 6 snapshots (0516, 0517, 0520, 0521, 0522, and 0523) since my last weekly review. According to OBS, we have accepted 590 submit requests during the previous 7 days.

The main changes delivered in this week were:

• Mesa 24.0.7
• OpenLDAP 2.6.7
• KDE Frameworks 5.116.0
• Rust 1.78
• Linux kernel 6.9.1
• Mozilla Firefox 126.0
• GTK 3.24.42
• Snapper 0.11.0
• GCC 13.3.0
• LLVM 18.1.6
• chkstat package renamed to permctl, giving it a better name concerning its functionality
• ninja 1.12.0

The various package maintainers have submitted these things for inclusion into Tumbleweed:

• KDE Gear 24.05.0
• KDE Plasma 6.0.5
• Python requests 2.32.2
• ICU 75.1
• QEmu 9.0.0
• AppArmor 4.0
• dbus-broker: some networking issue after upgrades left to work out
• GCC 14: phase 2: use gcc14 as the default compiler – lots of help needed: https://build.opensuse.org/project/show/openSUSE:Factory:Staging:Gcc7

The openSUSE Project has an official space on Hugging Face, which is a popular platform offering a range of open-source Artificial Intelligence models, tools and resources.

The new namespace can be found at huggingface.co/openSUSE.

Hugging Face is known for facilitating developers and researchers in working with advanced AI applications that include natural language processing (NLP) and computer vision.

Having the openSUSE namespace provides community-driven development toward creating, sharing and improving AI models and datasets.

One dataset has already been added. The first dataset is openSUSE Cavil, which is a tool designed for license compliance, identification and legal reviews. By leveraging the rich AI models and datasets available through the Hugging Face platform, openSUSE Cavil can offer a more advanced and accurate detection of license issues and compliance.

To get involved with the openSUSE Project on Hugging Face, individuals can sign up for an account. The registration process is straightforward and requires only basic information.

Once registered, users can explore the openSUSE and view a collection of AI models and datasets created and shared by the community.

Contributors are encouraged to share their AI models and datasets. Hugging Face offers tools and tutorials to assist with uploading and managing these contributions. Community members can work together on improving existing models or developing new ones.

High-quality documentation and tutorials are vital for the success of the project. Community members can contribute by writing guides, creating video tutorials, or translating existing resources to broaden their accessibility.

Users gain access to cutting-edge AI models and a collaborative environment where they can learn and expand their skills. Contributions to the project support the advancement of AI research and development within the open-source ecosystem.

For more information and to participate, visit huggingface.co/openSUSE.

_{^{(Image made with DALL-E)}}

The openSUSE Project continues its Contribution Workshop series today with a new episode at 19:15 UTC on the project’s YouTube & X channels.

The new episode will take viewers on an insightful journey into the world of testing and breaking builds. The session focuses on the automation of repetitive tasks and will demonstrate how to leverage tools and techniques to automate build testing.

Episode 8: Testing and Breaking Builds - Offloading Repetitive Tasks to Computers, While You Have Fun Exploring

• Date: May 23
• Time: 19:15 UTC
• Where: openSUSE official YouTube & X channels

In the upcoming Episode 8, openQA engineer Santiago Zarate will do a live talk and explain how open-source contributors can maintain high standards of testing quality while reducing the manual workload.

These workshops offer a platform for learning and for contributors to ask questions and engage directly with developers, maintainers and experienced members of the openSUSE community.

The espisdoes for the Contribution Workshop go over a variety of topics including package maintenance, infrastructure, or understanding the overall project landscape. These following episodes are tailored to provide an overview and practical advice for open-source software developments and contributions.

The following episodes were already released:

• Episode 1: openSUSE Contribution Workshop: Basic use of OBS osc using a version bump as an example
• Episode 2: openSUSE Contribution Workshop: From 0 to an rpm package packaging GNU Hello
• Episode 3: openSUSE Contribution Workshop: openSUSE Leap 15.6 Beta Bug Day
• Episode 4: openSUSE Contribution Workshop: Packaging Rust in Open Build Service
• Episode 5: Contributing to openSUSE Leap - Project Structure, Feature Tracking, Package Updates for SLES Packages
• Episode 6: Host Your Own openSUSE Mirror
• Episode 7: openSUSE Contribution Workshop: Custom Leap Micro image spin in a few minutes

_{^{(Image made with DALL-E)}}