Greetings from the latest recap of openSUSE Tumbleweed for June 2024. This past month was filled with important events such as the Community Summit held in Berlin and the openSUSE Conference. Despite the busy schedule, a continuous stream of snapshots was rolled out to users. These updates were crafted by developers, system administrators, and users to enrich your interactions and ensure top-notch security and performance levels.

For those eager for more frequent updates on snapshot releases, we recommend subscribing to the openSUSE Factory mailing list to stay in the know.

Let’s dive into the details!

Fresh Additions and Improvements

• Linux Kernel 6.9.7: This kernel version comes packed with significant fixes and improvements across various subsystems. Notable updates include rectifying undefined references in netfilter when CONFIG_SYSCTL is disabled, addressing TCP Fast Open issues, and resolving conflicts in the Advanced Linux Sound Architecture for Realtek devices. Enhancements in file system writeback operations, multi-threaded path handling, and memory management for Hisilicon crypto drivers have bolstered system stability. Networking updates encompass fixes for race conditions in netpoll, enhancements for specific SFP modules, and improvements in WiFi drivers like RTW89, Ath9k, Ath12k, and MT76. Additionally, platform-specific updates focus on ACPI, ARM64 configurations, HID device management, and Bluetooth driver fixes.
• PipeWire 1.2.0 and WirePlumber 0.5.4: PipeWire 1.2.0 brings in asynchronous processing, node.sync-group for synchronized scheduling, and refined config parsing error reporting. The update also introduces mandatory metadata support for buffer parameters, multiple data-loops with CPU affinity, and dynamic log level adjustments. WirePlumber 0.5.4 refines the role-based linking policy, enabling role-based sinks alongside standard audio operations, and enhancing regular filters to function as optimal targets. This iteration addresses startup crashes due to empty config files, improves Bluetooth profile auto-switching, and resolves issues with DSP filters and infinite loop events in autoswitching scripts. Together, these updates elevate the flexibility, reliability, and overall performance of audio management within Linux setups. Both received these upgrades in snapshot 20240627.
• Mesa and Mesa-drivers 24.1.2: These packages underwent a specfile cleanup, involving the relocation of Rust crate sources into subprojects folders and updates to baselibs.conf. Rust crates are now downloaded as vendored dependencies due to the maintenance burden linked to them as system dependencies. Support for building libvulkan_nouveau is now available, including essential Rust crates like paste-1.0.14, proc-macro2-1.0.70, quote-1.0.33, syn-2.0.39, and unicode-ident-1.0.12. Note that building libvulkan_nouveau on Leap isn’t feasible due to the rust-cbindgen >= 0.25 requirement. For more in-depth details, consult the release notes at https://docs.mesa3d.org/relnotes/24.1.2.
• KDE Plasma 6.1.1: Discover improves UI elements and Packagekit support, while Dr Konqi corrects the Sentry dbus interface usage. Various enhancements are made across different components such as Plasma Addons, krdp, Kscreenlocker, KWin, Libkscreen, and libplasma, addressing issues and refining functionalities. Plasma Desktop now brings enhancements to task icon sizing, panel opacity, and file dragging between screens. Additionally, Plasma Audio Volume Control streamlines unnecessary symlinks and Plasma Systemmonitor correctly positions loading overlays. Powerdevil enhances the battery protection user interface and governs backlighthelper calls effectively.
• Python-setuptools 70.0: Notable features in this significant version update involve warning emission for ignored [tools.setuptools] entries in pyproject.toml, refined error messaging for pkg_resources.EntryPoint.require, and better handling of None location distributions. The update also refreshes unpinned vendored dependencies, conforms to PEP 625 by standardizing package name and version in filenames, and ensures encoding consistency for .pth files. Obsolete Python < 3.8 code has been eliminated, and pkg_resources now leverages stdlib importlib.machinery. Bug fixes concentrate on streamlining install command race conditions, enhancing handling of nested namespaces with package_dir, and rectifying various pkg_resources method behaviors. The reproducibility patch has also been refreshed.
• Xen 4.18.2_06: This version resolves intermittent system hangs when Power Control Mode is set to Minimum Power. Patches additionally improve CPU mask handling and interrupt movement in diverse scenarios. Upstream bug fixes focus on scheduler resource data management improvements and include fixes for GNU Compiler Collection 14 compatibility during the build process.

Prominent Package Upgrades

• NetworkManager 1.48.2: This update bolsters support for matching OVS system interfaces by MAC address and corrects issues related to port reactivation and VPN secrets handling for 2-factor authentication. Connection timestamps are now saved during shutdown to enable proper autoactivation post-restart. Key changes in version 1.48.0 include the deprecation of autotools building, the addition of support for changing OpenSSL ciphers for 802.1X authentication, and the visibility of unmanaged device reasons in the StateReason property through nmcli. Moreover, it replaces the mac-address-blacklist property with mac-address-denylist, improves WiFi 6 GHz band detection, and optimizes performance to prevent high CPU usage during route updates. Version 1.46 introduced dynamic SSID-based stable IDs, randomized MAC addresses, and various enhancements for managing IPv6, D-Bus, and cloud configurations.
• ibus-table 1.17.6: This update bids farewell to Python2 support and transitions all scripts to Python3 using pyupgrade. It now supports utilizing keys with Unicode keysyms in keybindings, enriching customization capabilities. Additionally, the frames_per_buffer=chunk_size option is now integrated into self._paudio.open() for refined audio handling. The update also features translation improvements from Weblate, with Czech reaching 36.6 percent, Japanese at 45.3 percent, and Chinese (Simplified) at 92.0 percent.
• btrfsprogs 6.9: The mkfs utility now halts if the mount status remains undetermined with the --force option and corrects the minimum size calculation for zoned devices. The check command removes the --clear-ino-cache option, transferring its functionality to the rescue command group, and adds detection and rectification for inaccurate file extent item ram_bytes values. The qgroup commands now synchronize the filesystem before searching for stale entries, manage uncleaned subvolumes and squota enabled scenarios, and exhibit the cleaning status of subvolumes. The receive command fixes stream parsing for strict alignment hosts, and tune change-csum and dump-tree commands incorporate updates for handling dev-replace status items. The convert command bolsters extent iteration for preallocated/unwritten extents. The build process now ensures compatibility with e2fsprogs 1.47.1 and enhances header file dependency tracking. Documentation has also undergone an update.
• GNU’s Emacs 29.4: An emergency bug fix was swiftly implemented in this release. The patch ensures that arbitrary shell commands are no longer executed when enabling Org mode, thus significantly boosting security by preventing the execution of potentially harmful commands.

Resolutions for Bugs

• Python-dnspython 2.6.1:
  • CVE-2023-29483 – Eventlet prior to 0.35.2 in dnspython allows remote “TuDoor” DNS attack interference.
• php8 8.3.8:
  • CVE-2012-1823 raised a vulnerability where attackers could insert arguments into PHP-CGI, leading to potential security complications. A subsequent vulnerability, CVE-2024-4577, bypassed the initial fix, enabling similar argument injection attacks. The update eradicates this bypass, fortifying the security protocols established for CVE-2012-1823. Similarly, the bypass of CVE-2024-1874 was addressed with the fix to CVE-2024-5585.
• kernel-firmware-nvidia-gspx-G06 (NVIDIA GPU driver)
  • CVE-2024-0090: a vulnerability where a user could trigger an out-of-bounds write.
  • CVE-2024-0091: a vulnerability where a user could cause an untrusted pointer dereference, potentially leading to denial of service. Successful exploitation of this vulnerability may result in service disruption.
  • CVE-2024-0092: involved improper checks or handling of exception conditions that might cause service disruptions.
• XZ 5.6.2:
  • CVE-2024-3094: Through intricate obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file embedded in the source code. This file is employed to modify specific functions within the liblzma code, resulting in an altered liblzma library that can intercept and modify data interactions with any software linked against it. More detailed information is available in snapshot 20240605.
• cJSON v1.7.17:
  • CVE-2024-31755 – A segmentation violation initiated through the second parameter.

Wrapping Up

The month of June 2024 witnessed a host of notable updates, security patches, and enhancements. The Linux Kernel 6.9.7 update brought advancements in stability and performance, while Mesa and Mesa-drivers 24.1.2 introduced Rust crate dependencies and enhanced Vulkan support. KDE Plasma 6.1.1 unveiled UI enhancements, and a major version update of Python-setuptools 70.0 was rolled out to users on the rolling release channel. Several critical security vulnerabilities were tended to, with efforts continuing to address the XZ backdoor, ensuring Tumbleweed remains a secure, efficient, and feature-rich offering for all users.

For Tumbleweed users eager to contribute or engage in detailed tech-related discussions, subscribing to the openSUSE Factory mailing list is recommended. The openSUSE team values user participation in the form of bug reports, feature suggestions, and engaging discussions.

Contributing to openSUSE Tumbleweed

Your contributions and feedback play a pivotal role in enhancing openSUSE Tumbleweed with each update. Whether through bug reports, feature ideas, or active involvement in community conversations, your engagement is highly cherished.

_{^{(Image created using DALL-E)}}