Tumbleweed Monthly Update - July 2024

Welcome to the monthly update for openSUSE Tumbleweed for July 2024. Last month was busy with events like the Community Summit in Berlin and the openSUSE Conference. Both events were productive and well-received. Despite the busy schedule and follow on discussion from the conference about the Rebranding of the Project, a number of snapshots continued to roll out to users this month.

Stay tuned and tumble on!

Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the openSUSE Factory mailing list.

New Features and Enhancements

• Linux Kernel 6.9.9: This kernel introduces several important fixes and enhancements across various subsystems. Key updates include the introduction of devm_mutex_init() for mutex initialization in multiple components, addressing issues in the Hisilicon debugfs uninit process, and resolving shared IRQ handling in DRM Lima drivers. Fixes in the PowerPC architecture avoid nmi_enter/nmi_exit in real mode interrupts, while networking improvements prevent unnecessary BUG() calls in net/dql. Enhancements in WiFi drivers such as RTW89 include improved handling for 6 GHz channels. Updates in DRM/AMD drivers address multiple issues, from uninitialized variable warnings to ensuring proper timestamp initialization and memory management. The RISC-V architecture receives a fix for initial sample period values, and several BPF selftests see adjustments for better error detection. These updates collectively enhance system stability, performance, and security.
• KDE Plasma 6.1.3: Discover now auto-handles Flatpak rebases from runtimes and properly uninstalls EOL refs without replacements. In Kglobalacceld, invalid keycodes are explicitly processed. Kpipewire introduces proper cleanup on deactivate and fixes thread handling for PipeWireSourceStream. KScreen now uses ContextualHelpButton from Kirigami, and Kscreenlocker adds a property to track past prompts. KWin sees numerous improvements: relaxed nightlight constraints, simplified Wayland popup handling, better input method windows, and enhanced screencast plugins. Plasma Mobile enhancements improve home screen interactions, translation issues, and swipe detection. Plasma Networkmanager and Plasma Workspace benefit from shared QQmlEngine and various bug fixes, including avatar image decoding and pointer warping on Wayland.
• Frameworks 6.4.0: Attica updates its gitignore to include VS Code directories. Baloo reverts a QCoreApplication change and ports QML modules. Breeze Icons introduces a ColorScheme-Accent and fixes data-warning icons. KArchive now rejects tar files with negative sizes and fixes crashes with malformed files. KAuth and KBookmarks add VS Code directories to gitignore. KCalendarCore adds missing QtCore dependencies and QML bindings for calendar models. KIO improves systemd process handling and deprecates unused features. Kirigami enhances navigation and dialog components. KTextEditor adds a tool for testing JavaScript scripts and ensures even indent sizes, fixing multiple bugs.
• KDE Gear 24.05.2: Akonadi-calendar adds missing change notifications. Dolphin updates Meta-Object Compiler generation. Filelight enables appx building and ensures hicolor icon presence while Itinerary fixes calendar permissions, corrupted notes, and the package introduces new extractors. Kdenlive addresses timeline, aspect ratio, and compilation issues. Okular fixes a crash with certain PDF actions.
• Supermin 5.3.4: This update introduces several key enhancements, including support for OCaml 5 and kylinsecos. It improves package management by detecting dnf5 and omitting missing options. The update also refines OCaml compilation by using -output-complete-exe instead of -custom that fixes kernel filtering for the aarch64 architecture, and enables kernel uncompression on RISC-V. The update removes previously applied patches now included in the new tarball, helping to streamline the codebase and improve maintainability.
• Checkpolicy 3.7: The latest update brings support for Classless Inter-Domain Routing notation in nodecon statements, enhancing SELinux policy definition capabilities. Error messages are now more descriptive, and error handling has been improved. Key bug fixes include handling unprintable tokens, avoiding garbage value assignments, freeing temporary bounds types and performing contiguous checks in host byte order.

Key Package Updates

• NetworkManager 1.48.4: This update introduces support for matching Open vSwitch (OVS) system interfaces by MAC address, enhancing network interface management. Additionally, NetworkManager now considers the contents of /etc/hosts when determining the system hostname from reverse DNS lookups of configured interface addresses, improving hostname resolution accuracy. Subpackages updated include NetworkManager-bluetooth, NetworkManager-lang, NetworkManager-tui, NetworkManager-wwan, libnm0, and typelib-1_0-NM-1_0. These enhancements contribute to more robust and precise network configuration handling in Linux environments.
• libguestfs 1.53.5: This update includes significant enhancements and fixes. The --chown parameter is now correctly split on the ':' character, and a new checksum command is supported. Detection for Circle Linux and support for the LoongArch architecture have been added, including file architecture translation fixes. The update allows nbd+unix:// URIs and reimplements GPT partition functions using sfdisk. DHCP configuration improvements and a new virt-customize --inject-blnsvr operation enhance usability. Deprecated features include the removal of gluster, sheepdog, and tftp drive support. New APIs such as findfs_partuuid and findfs_partlabel improve functionality, while inspection tools now resolve PARTUUID and PARTLABEL in /etc/fstab. These updates enhance compatibility, performance, and functionality across various environments.
• glib2 2.80.4: The latest update backports key patches: mapping EADDRNOTAVAIL to G_IO_ERROR_CONNECTION_REFUSED, handling files larger than 4GB in g_file_load_contents(), and correcting GIR install locations and build race conditions. Additionally, improvements in gthreadedresolver ensure returned records are properly reference-counted in lookup_records().
• ruby3.3 3.3.4: This release addresses a regression where dependencies were missing in the gemspec for some bundled gems such as net-pop, net-ftp, net-imap, and prime. Other fixes include preventing Warning.warn calls for disabled warnings, correcting memory allocation sizes in String.new(:capacity) and resolving string corruption issues.
• libgcrypt 1.11.0: The latest update introduces several new interfaces and performance enhancements. New features include an API for Key Encapsulation Mechanism (KEM), support for algorithms like Streamlined NTRU Prime sntrup761, Kyber, and Classic McEliece, and various Key Derivation Functions (KDFs) including HKDF and X963KDF. Performance improvements feature optimized implementations for SM3, SM4, and other cryptographic operations on ARMv8/AArch64, PowerPC, and AVX2/AVX512 architectures. Other changes include various enhancements for constant time operations and deprecates the GCRYCTL_ENABLE_M_GUARD control code.

Bug Fixes

• orc 0.4.39:
  • CVE-2024-40897 was solved with versions before 0.4.39, which had a buffer overflow vulnerability in orcparse.c.
• java-21-openjdk 21.0.4.0:
  • CVE-2024-21131 was a difficult-to-exploit vulnerability allowing unauthorized data modifications.
  • CVE-2024-21138 was a vulnerability causing partial denial of service.
  • CVE-2024-21140 was a vulnerability allowing unauthorized data access and modification;
  • CVE-2024-21145 was similar.
  • CVE-2024-21147 was the same, but for more critical data.
• ovmf 202402 had three months of CVE patches in its quarterly update.
• Mozilla Firefox 128.0: This release fixes 16 CVEs. The most severe was CVE-2024-6604; this was a memory safety bug in Firefox 128, Firefox ESR 115.13, Thunderbird 128 and Thunderbird 115.13. These bugs showed evidence of memory corruption that potentially allowed arbitrary code execution.
• ghostscript 10.03.1)
  • CVE-2024-33869 allowed bypassing restrictions via crafted PostScript documents.
  • CVE-2023-52722
  • CVE-2024-33870 allows access to arbitrary files via crafted PostScript documents.
  • CVE-2024-33871 allowed arbitrary code execution via crafted PostScript documents using custom Driver libraries in contrib/opvp/gdevopvp.c.
  • CVE-2024-29510 allowed memory corruption and SAFER sandbox bypass via format string injection in a uniprint device.
• xwayland 24.1.1 3:
  • CVE-2024-31080 had a vulnerability that could allow attackers to trigger the X server to read and transmit heap memory values, leading to a crash.
  • CVE-2024-31081 could cause memory leakage and segmentation faults, leading to a crash.
  • CVE-2024-31083 allowed arbitrary code execution by authenticated attackers through specially crafted requests.
• libreoffice 24.2.5.2:
  • CVE-2024-5261 allows fetching remote resources without proper security checks.
• GTK3 3.24.43:
  • CVE-2024-6655 allowed a library injection into a GTK application from the current working directory under certain conditions.
• netpbm 11.7.0:
  • CVE-2024-38526: doc, which provides API documentation for Python projects, had a vulnerability where pdoc --math linked to malicious JavaScript files from polyfill.io.

Conclusion

The month of July 2024 was marked by significant updates, security fixes and enhancements. The Linux Kernel 6.9.9 update introduced several key fixes and improvements across various subsystems, enhancing overall stability and performance. KDE Plasma 6.1.3 brought numerous UI improvements and better handling of Flatpak rebases. The updates to Frameworks 6.4.0 and KDE Gear 24.05.2 provided additional enhancements and bug fixes, improving user experience and system reliability. Critical security vulnerabilities were addressed in various packages, including Firefox, ghostscript, and xwayland, ensuring Tumbleweed remains secure, efficient, and feature-rich for all users. Additionally, the Aeon team announced the release of Aeon Desktop to Release Candidate 3 status that came from the release of a Tumbleweed snapshot last week.

For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

More Information about openSUSE:

Official

• openSUSE News
• openSUSE Mailing List
• openSUSE Wiki

Fediverse

• https://discuss.tchncs.de/c/[email protected]

(Image made with DALL-E)