- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Welcome to the monthly update for openSUSE Tumbleweed for July 2024. Last month was busy with events like the Community Summit in Berlin and the openSUSE Conference. Both events were productive and well-received. Despite the busy schedule and follow on discussion from the conference about the Rebranding of the Project, a number of snapshots continued to roll out to users this month.
Stay tuned and tumble on!
Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the openSUSE Factory mailing list.
New Features and Enhancements
- Linux Kernel 6.9.9: This kernel introduces several important fixes and enhancements across various subsystems. Key updates include the introduction of
devm_mutex_init()
for mutex initialization in multiple components, addressing issues in the Hisilicon debugfs uninit process, and resolving shared IRQ handling in DRM Lima drivers. Fixes in the PowerPC architecture avoidnmi_enter/nmi_exit
in real mode interrupts, while networking improvements prevent unnecessaryBUG()
calls innet/dql
. Enhancements in WiFi drivers such as RTW89 include improved handling for 6 GHz channels. Updates in DRM/AMD drivers address multiple issues, from uninitialized variable warnings to ensuring proper timestamp initialization and memory management. The RISC-V architecture receives a fix for initial sample period values, and several BPF selftests see adjustments for better error detection. These updates collectively enhance system stability, performance, and security. - KDE Plasma 6.1.3: Discover now auto-handles Flatpak rebases from runtimes and properly uninstalls EOL refs without replacements. In Kglobalacceld, invalid keycodes are explicitly processed. Kpipewire introduces proper cleanup on deactivate and fixes thread handling for PipeWireSourceStream. KScreen now uses ContextualHelpButton from Kirigami, and Kscreenlocker adds a property to track past prompts. KWin sees numerous improvements: relaxed nightlight constraints, simplified Wayland popup handling, better input method windows, and enhanced screencast plugins. Plasma Mobile enhancements improve home screen interactions, translation issues, and swipe detection. Plasma Networkmanager and Plasma Workspace benefit from shared QQmlEngine and various bug fixes, including avatar image decoding and pointer warping on Wayland.
- Frameworks 6.4.0: Attica updates its gitignore to include VS Code directories. Baloo reverts a QCoreApplication change and ports QML modules. Breeze Icons introduces a ColorScheme-Accent and fixes data-warning icons. KArchive now rejects tar files with negative sizes and fixes crashes with malformed files. KAuth and KBookmarks add VS Code directories to gitignore. KCalendarCore adds missing QtCore dependencies and QML bindings for calendar models. KIO improves systemd process handling and deprecates unused features. Kirigami enhances navigation and dialog components. KTextEditor adds a tool for testing JavaScript scripts and ensures even indent sizes, fixing multiple bugs.
- KDE Gear 24.05.2: Akonadi-calendar adds missing change notifications. Dolphin updates Meta-Object Compiler generation. Filelight enables appx building and ensures hicolor icon presence while Itinerary fixes calendar permissions, corrupted notes, and the package introduces new extractors. Kdenlive addresses timeline, aspect ratio, and compilation issues. Okular fixes a crash with certain PDF actions.
- Supermin 5.3.4: This update introduces several key enhancements, including support for OCaml 5 and kylinsecos. It improves package management by detecting dnf5 and omitting missing options. The update also refines OCaml compilation by using
-output-complete-exe
instead of-custom
that fixes kernel filtering for the aarch64 architecture, and enables kernel uncompression on RISC-V. The update removes previously applied patches now included in the new tarball, helping to streamline the codebase and improve maintainability. - Checkpolicy 3.7: The latest update brings support for Classless Inter-Domain Routing notation in nodecon statements, enhancing SELinux policy definition capabilities. Error messages are now more descriptive, and error handling has been improved. Key bug fixes include handling unprintable tokens, avoiding garbage value assignments, freeing temporary bounds types and performing contiguous checks in host byte order.
Key Package Updates
- NetworkManager 1.48.4: This update introduces support for matching Open vSwitch (OVS) system interfaces by MAC address, enhancing network interface management. Additionally, NetworkManager now considers the contents of
/etc/hosts
when determining the system hostname from reverse DNS lookups of configured interface addresses, improving hostname resolution accuracy. Subpackages updated include NetworkManager-bluetooth, NetworkManager-lang, NetworkManager-tui, NetworkManager-wwan, libnm0, and typelib-1_0-NM-1_0. These enhancements contribute to more robust and precise network configuration handling in Linux environments. - libguestfs 1.53.5: This update includes significant enhancements and fixes. The
--chown
parameter is now correctly split on the ‘:’ character, and a new checksum command is supported. Detection for Circle Linux and support for the LoongArch architecture have been added, including file architecture translation fixes. The update allows nbd+unix:// URIs and reimplements GPT partition functions usingsfdisk
. DHCP configuration improvements and a newvirt-customize --inject-blnsvr
operation enhance usability. Deprecated features include the removal of gluster, sheepdog, and tftp drive support. New APIs such asfindfs_partuuid
andfindfs_partlabel
improve functionality, while inspection tools now resolve PARTUUID and PARTLABEL in/etc/fstab
. These updates enhance compatibility, performance, and functionality across various environments. - glib2 2.80.4: The latest update backports key patches: mapping
EADDRNOTAVAIL
toG_IO_ERROR_CONNECTION_REFUSED
, handling files larger than 4GB ing_file_load_contents()
, and correcting GIR install locations and build race conditions. Additionally, improvements ingthreadedresolver
ensure returned records are properly reference-counted inlookup_records()
. - ruby3.3 3.3.4: This release addresses a regression where dependencies were missing in the gemspec for some bundled gems such as net-pop, net-ftp, net-imap, and prime. Other fixes include preventing
Warning.warn
calls for disabled warnings, correcting memory allocation sizes inString.new(:capacity)
and resolving string corruption issues. - libgcrypt 1.11.0: The latest update introduces several new interfaces and performance enhancements. New features include an API for Key Encapsulation Mechanism (KEM), support for algorithms like Streamlined NTRU Prime sntrup761, Kyber, and Classic McEliece, and various Key Derivation Functions (KDFs) including HKDF and X963KDF. Performance improvements feature optimized implementations for SM3, SM4, and other cryptographic operations on ARMv8/AArch64, PowerPC, and AVX2/AVX512 architectures. Other changes include various enhancements for constant time operations and deprecates the
GCRYCTL_ENABLE_M_GUARD
control code.
Bug Fixes
-
orc 0.4.39:
- CVE-2024-40897 was solved with versions before 0.4.39, which had a buffer overflow vulnerability in
orcparse.c
.
- CVE-2024-40897 was solved with versions before 0.4.39, which had a buffer overflow vulnerability in
-
java-21-openjdk 21.0.4.0:
- CVE-2024-21131 was a difficult-to-exploit vulnerability allowing unauthorized data modifications.
- CVE-2024-21138 was a vulnerability causing partial denial of service.
- CVE-2024-21140 was a vulnerability allowing unauthorized data access and modification;
- CVE-2024-21145 was similar.
- CVE-2024-21147 was the same, but for more critical data.
-
ovmf 202402 had three months of CVE patches in its quarterly update.
-
Mozilla Firefox 128.0: This release fixes 16 CVEs. The most severe was CVE-2024-6604; this was a memory safety bug in Firefox 128, Firefox ESR 115.13, Thunderbird 128 and Thunderbird 115.13. These bugs showed evidence of memory corruption that potentially allowed arbitrary code execution.
-
ghostscript 10.03.1)
- CVE-2024-33869 allowed bypassing restrictions via crafted PostScript documents.
- CVE-2023-52722
- CVE-2024-33870 allows access to arbitrary files via crafted PostScript documents.
- CVE-2024-33871 allowed arbitrary code execution via crafted PostScript documents using custom Driver libraries in
contrib/opvp/gdevopvp.c
. - CVE-2024-29510 allowed memory corruption and SAFER sandbox bypass via format string injection in a uniprint device.
-
xwayland 24.1.1 3:
- CVE-2024-31080 had a vulnerability that could allow attackers to trigger the X server to read and transmit heap memory values, leading to a crash.
- CVE-2024-31081 could cause memory leakage and segmentation faults, leading to a crash.
- CVE-2024-31083 allowed arbitrary code execution by authenticated attackers through specially crafted requests.
-
libreoffice 24.2.5.2:
- CVE-2024-5261 allows fetching remote resources without proper security checks.
-
GTK3 3.24.43:
- CVE-2024-6655 allowed a library injection into a GTK application from the current working directory under certain conditions.
-
netpbm 11.7.0:
- CVE-2024-38526: doc, which provides API documentation for Python projects, had a vulnerability where pdoc --math linked to malicious JavaScript files from polyfill.io.
Conclusion
The month of July 2024 was marked by significant updates, security fixes and enhancements. The Linux Kernel 6.9.9 update introduced several key fixes and improvements across various subsystems, enhancing overall stability and performance. KDE Plasma 6.1.3 brought numerous UI improvements and better handling of Flatpak rebases. The updates to Frameworks 6.4.0 and KDE Gear 24.05.2 provided additional enhancements and bug fixes, improving user experience and system reliability. Critical security vulnerabilities were addressed in various packages, including Firefox, ghostscript, and xwayland, ensuring Tumbleweed remains secure, efficient, and feature-rich for all users. Additionally, the Aeon team announced the release of Aeon Desktop to Release Candidate 3 status that came from the release of a Tumbleweed snapshot last week.
For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Contributing to openSUSE Tumbleweed
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
More Information about openSUSE:
Official
Fediverse
(Image made with DALL-E)