Welcome to the latest edition of the openSUSE Tumbleweed monthly report for July 2024. The past month saw a flurry of activities, including the Community Summit in Berlin and the openSUSE Conference, both of which were highly productive and well-received. Despite the busy schedule and ongoing discussions about the Project’s Rebranding post-conference, multiple snapshots were successfully released to users throughout the month.

Stay connected for more updates and keep the momentum going!

If you’re eager for more immediate and detailed information regarding snapshot updates, don’t forget to subscribe to the openSUSE Factory mailing list for regular notifications.

New Enhancements and Features

• Linux Kernel 6.9.9: This kernel version introduces crucial fixes and enhancements across various subsystems. Significant updates include the addition of devm_mutex_init() for mutex initialization in multiple components, resolution of issues in Hisilicon debugfs uninit process, improvements in shared IRQ handling in DRM Lima drivers, avoidance of nmi_enter/nmi_exit in real mode interrupts for PowerPC architecture, networking enhancements to prevent unnecessary BUG() calls in net/dql, and improved functionality in WiFi drivers like RTW89 with better 6 GHz channels handling. Updates in DRM/AMD drivers address issues ranging from uninitialized variable warnings to proper timestamp initialization and memory management. The RISC-V architecture receives fixes for initial sample period values, and adjustments are made to several BPF selftests to enhance error detection. These updates collectively enhance system stability, performance, and security.
• KDE Plasma 6.1.3: Discover now has automated handling of Flatpak rebases from runtimes and proper uninstallation of EOL refs without replacements. In Kglobalacceld, special attention is given to processing invalid keycodes explicitly. Kpipewire now implements proper cleanup upon deactivation and resolves thread handling for PipeWireSourceStream. KScreen now integrates ContextualHelpButton from Kirigami, while Kscreenlocker tracks past prompts using a new property. KWin witnesses numerous improvements such as relaxed nightlight constraints, simplified Wayland popup management, better input method windows, and enhanced screencast plugins. Plasma Mobile upgrades enhance home screen interactions, address translation issues, and improve swipe detection. Plasma Networkmanager and Plasma Workspace benefit from a shared QQmlEngine and various bug fixes, including avatar image decoding and pointer warping on Wayland.
• Frameworks 6.4.0: Key updates include Attica adjusting its gitignore to include VS Code directories, Baloo reverting a QCoreApplication change and transitioning to QML modules, Breeze Icons introducing a ColorScheme-Accent and resolving data-warning icon issues, KArchive now rejects tar files with negative sizes and fixes crashes with malformed files, KAuth and KBookmarks include VS Code directories in gitignore, KCalendarCore adds missing QtCore dependencies and QML bindings for calendar models, KIO enhances systemd process handling and deprecates unused features, Kirigami enhances navigation and dialogue components, while KTextEditor adds a tool for testing JavaScript scripts and ensures uniform indent sizes, addressing multiple bugs.
• KDE Gear 24.05.2: Updates to various KDE applications include Akonadi-calendar adding missing change notifications, Dolphin updating Meta-Object Compiler generation, Filelight enabling appx building and ensuring hicolor icon presence, with Itinerary fixing calendar permission issues, corrupted notes, and introducing new extractors. Kdenlive addresses timeline, aspect ratio, and compilation issues, while Okular resolves a crash related to certain PDF actions.
• Supermin 5.3.4: This update brings crucial enhancements, including support for OCaml 5 and kylinsecos, improved package management detecting dnf5 and excluding missing options, refined OCaml compilation using -output-complete-exe instead of -custom, thereby fixing kernel filtering for the aarch64 architecture and enabling kernel uncompression on RISC-V. The update removes previously applied patches that are now included in the new tarball, streamlining the codebase and enhancing maintainability.
• Checkpolicy 3.7: The latest version introduces support for Classless Inter-Domain Routing notation in nodecon statements, enriching SELinux policy definition capabilities. Descriptive error messages and improved error handling aim to enhance user experience. Notable bug fixes include handling unprintable tokens, avoiding garbage value assignments, freeing temporary bounds types, and conducting contiguous checks in host byte order.

Significant Package Updates

• NetworkManager 1.48.4: This update adds support for matching Open vSwitch (OVS) system interfaces by MAC address, refining network interface management. Additionally, NetworkManager now considers /etc/hosts contents when determining the system hostname based on reverse DNS lookups of configured interface addresses, improving hostname resolution accuracy. Subpackages like NetworkManager-bluetooth, NetworkManager-lang, NetworkManager-tui, NetworkManager-wwan, libnm0, and typelib-1_0-NM-1_0 have been updated, enhancing robust and precise network configuration within Linux environments.
• libguestfs 1.53.5: This update includes significant enhancements and fixes such as correct splitting of the --chown parameter on the ‘:’ character, support for a new checksum command, detection for Circle Linux and LoongArch architecture, as well as file architecture translation fixes. New features like nbd+unix:// URIs, reimplemented GPT partition functions with sfdisk, improved DHCP configuration, and a new virt-customize --inject-blnsvr operation aim to enhance usability. Deprecated features include the removal of gluster, sheepdog, and tftp drive support. New APIs like findfs_partuuid and findfs_partlabel improve functionality, while inspection tools now resolve PARTUUID and PARTLABEL in /etc/fstab, promoting higher compatibility, performance, and functionality across diverse environments.
• glib2 2.80.4: The latest version backports crucial patches, such as mapping EADDRNOTAVAIL to G_IO_ERROR_CONNECTION_REFUSED, handling files larger than 4GB in g_file_load_contents(), correcting GIR install locations, and resolving build race conditions. Improvements in gthreadedresolver ensure proper reference counting of returned records in lookup_records().
• ruby3.3 3.3.4: This release resolves a regression where dependencies were missing in the gemspec for bundled gems like net-pop, net-ftp, net-imap, and prime. Additional fixes include preventing Warning.warn calls for disabled warnings, correcting memory allocation sizes in String.new(:capacity), and addressing string corruption issues.
• libgcrypt 1.11.0: The latest version introduces new interfaces and performance enhancements, including an API for Key Encapsulation Mechanism (KEM), support for algorithms like Streamlined NTRU Prime sntrup761, Kyber, Classic McEliece, and various Key Derivation Functions (KDFs) like HKDF and X963KDF. Performance optimizations include tailored implementations for SM3, SM4, and other cryptographic operations on ARMv8/AArch64, PowerPC, and AVX2/AVX512 architectures. Additional improvements focus on constant time operations, deprecating GCRYCTL_ENABLE_M_GUARD control code.

Resolutions to Security Vulnerabilities

• orc 0.4.39:
  • CVE-2024-40897, a buffer overflow vulnerability in orcparse.c, was addressed in versions before 0.4.39.
• libreoffice 24.2.5.2:
  • CVE-2024-5261 was resolved to prevent fetching remote resources without adequate security checks.
• Mozilla Firefox 128.0:
  • CVE-2024-6604, a memory safety bug allowing potential arbitrary code execution, was fixed in this release along with various other CVE fixes.
• xwayland 24.1.1 3:
  • CVE-2024-31080, CVE-2024-31081, and CVE-2024-31083 were addressed to eliminate vulnerabilities allowing heap memory value transmission, memory leaks, segmentation faults, and arbitrary code execution.
• ghostscript 10.03.1:
  • Various CVEs like CVE-2024-33869, CVE-2023-52722, CVE-2024-33870, CVE-2024-33871, and CVE-2024-29510 were fixed to prevent bypassing restrictions, accessing arbitrary files, executing arbitrary code, memory corruption, and SAFER sandbox bypass.
• GTK3 3.24.43:
  • CVE-2024-6655 was addressed to prevent a library injection vulnerability into GTK applications from the current working directory in specific conditions.
• netpbm 11.7.0:
  • CVE-2024-38526 was fixed, addressing a vulnerability in doc that linked to malicious JavaScript files via pdoc –math.

Summing Up

July 2024 witnessed substantial updates, security patches, and improvements across various system components. The Linux Kernel 6.9.9 update delivered critical fixes and enhancements, bolstering system stability and performance. KDE Plasma 6.1.3 introduced multiple UI enhancements and streamlined handling of Flatpak rebases, while updates to Frameworks 6.4.0 and KDE Gear 24.05.2 further refined user experience and system reliability. Tumbleweed promptly addressed critical security vulnerabilities in packages like Firefox, ghostscript, xwayland, and others, ensuring a secure, efficient, and feature-rich experience for all users. Furthermore, the Aeon team announced the transition of Aeon Desktop to Release Candidate 3 status following a recent Tumbleweed snapshot release.

To actively engage in the Tumbleweed community, and contribute to the ever-evolving openSUSE ecosystem, don’t hesitate to join the openSUSE Factory mailing list. Your inputs through bug reports, feature suggestions, and discussions significantly shape the future of Tumbleweed.

Contributing to openSUSE Tumbleweed

Your involvement and feedback play a pivotal role in shaping the future of openSUSE Tumbleweed with each update. Whether it’s reporting bugs, proposing new features, or participating in technical discussions, your contributions are highly valued.

_{^{(Image generated using DALL-E)}}