openSUSE News

Planet News Roundup

admin@opensuse.org (Douglas DeMaio) — Fri, 08 May 2026 07:00:00 +0000

This is a roundup of articles from the openSUSE community listed on planet.opensuse.org.

The community blog feed aggregator lists the featured highlights below from May 1 to 7.

Blogs this week cover a Tumbleweed review, syslog-ng with Fedora 44, the openSUSE Summit in the Americas, SUSE response to the Copy Fail kernel vulnerability, KDE’s participation in Google Summer of Code 2026 and and much more.

Here is a summary and links for each post:

Playing .wma Files with Amarok in openSUSE

Victorhck shares a practical tip for openSUSE Tumbleweed users who find that the Amarok music player won’t play .wma audio files. The root cause is that Amarok relies on GStreamer and lacks certain codec packages by default, unlike VLC which bundles its own. The fix is straightforward: add the Packman repository and install gstreamer-plugins-bad, gstreamer-plugins-ugly, and gstreamer-plugins-libav via zypper.

Mix of KDE Gear 26.04 Highlights – “KDE at 30” Edition

The KDE Blog wraps up its series on KDE Gear 26.04 with a roundup of smaller improvements across many applications in what is dubbed the “KDE at 30” edition, which celebrates three decades of KDE. Highlights include bug fixes for Akregator and Alligator, Angelfish defaulting to the AI-free version of DuckDuckGo, RAR extraction support in Ark’s Flatpak version, and NeoChat gaining a rich text editor with thread support.

Fedora 44, CentOS 7 and Amazon Linux syslog-ng Questions

Peter Czanik’s blog reports that Fedora 44 has shipped with syslog-ng 4.11 and that a quick test confirms everything works as expected. The post raises two open questions for the community: whether anyone is still using syslog-ng packages on the end-of-life RHEL 7 / CentOS 7, and whether the Amazon Linux 2023 Copr package should be updated to a newer release.

Victorhck presents a Spanish-language summary and translation of the May 2026 Free Software Foundation newsletter. Among the stories covered are Amazon’s upcoming May 20 Kindle shutdown affecting older devices and the FSF’s critique of DRM restrictions, as well as France’s announced plan to migrate some government computers from Windows to Linux.

What’s New in Kdenlive in KDE Gear 26.04 – “KDE at 30” Edition

The KDE Blog covers improvements coming to the Kdenlive video editor as part of the KDE Gear 26.04 release. The post highlights new features and refinements aimed at both new and experienced video editors on Linux.

Summit Draws Landmark Regional Gathering

openSUSE News reports that 321 developers, students, and technology professionals gathered at Universidad Libre in Barranquilla, Colombia, for the first-ever openSUSE Summit in the Americas. The event marked a landmark moment for the community’s reach in the region and brought together contributors from across many nations.

Tumbleweed Monthly Update – April 2026

openSUSE News recaps a busy April for Tumbleweed, which highlighted the arrival of GNOME 50 and KDE Gear 26.04, and critical fixes for “Copy Fail”, which has now been patched for both Tumbleweed and Slowroll users who ran zypper dup. The Linux kernel advanced to 7.0.2 and Mesa to 26.0.5 with raytracing fixes. Security received heavy attention with WebKitGTK, CUPS, Python, Flatpak, sudo, and OpenEXR all receiving multiple CVE fixes.

Accessing openSUSE Cockpit from a Remote Machine

Victorhck continues his series on the Cockpit tool being developed as a replacement for YaST in openSUSE. The tutorial walks through enabling port 9090 in the firewall to make remote access possible. This follows his earlier posts on installing Cockpit and managing software and repositories through its interface.

Neon Multicolor Icons for Your PC: BeatyBeam

The KDE Blog presents BeatyBeam, a neon multicolor icon pack for KDE Plasma that is well-suited for dark themes. The pack brings vibrant, colorful icons to the desktop for users looking to personalize their visual environment.

Managing Software and Repositories in openSUSE via Cockpit

Victorhck explains how to use Cockpit that is being developed to succeed YaST in openSUSE to manage software repositories and install or remove packages directly from the browser. The post covers the relevant Cockpit modules needed for these tasks and how they compare to equivalent YaST functionality.

Tux Manager – The Linux Clone of Windows Task Manager

CubicleNate’s Blog takes a look at Tux Manager, a task manager application for Linux that closely mirrors the look and feel of the Windows Task Manager. The app is aimed at users coming from Windows who want a familiar interface for monitoring processes and system resources on KDE Plasma.

AutoRound: State of the Art in Quantization for CPU/XPU/NVIDIA GPU

Alessandro introduces AutoRound, an Intel-developed quantization toolkit for LLMs and VLMs that reduces model weights to 2, 3, 4, or 8 bits while maintaining high accuracy using signed gradient descent. Unlike naive rounding, AutoRound learns the optimal way to round weights and adjust clipping limits to minimize output error.

Invest in Your Identity

Cornelius Schumacher’s Blog offers a thoughtful reflection on the importance of building a genuine personal digital identity in the age of AI agents. The author argues that decades of authentic writing, publishing, and presentations create a personal corpus that can anchor AI tools to who you actually are.

exeLearning 4.0 Released

The KDE Blog announces the release of eXeLearning 4.0, which is an open-source tool for creating interactive educational content. The new major version demonstrates that the project remains active and evolving with new features for educators building digital learning materials.

Linux Saloon 199 | Ubuntu 26.04

CubicleNate’s Blog recaps episode 199 of the Linux Saloon podcast, which focused on Ubuntu 26.04 LTS and its various flavors, including user experiences and installation challenges. Participants shared their impressions of the new LTS release and discussed differences across the Ubuntu ecosystem.

Background Apps and Zoom Scaling – This Week in Plasma

The KDE Blog translates and summarizes the latest “This Week in Plasma” development report and covers work on background application handling. The post highlights ongoing refinements across several Plasma components aimed at improving usability and visual consistency.

Free Software from North to South, East to West: 6 LibreLocal Meetups

Victorhck highlights May 2026 as “LibreLocal month,” promoted by the Free Software Foundation as an occasion for free software supporters to organize local meetups to share ideas, learn from each other, and celebrate free software. The post spotlights six upcoming LibreLocal meetups taking place across Spain.

KDE Participates in Google Summer of Code 2026

The KDE Blog announces that KDE is once again participating in Google Summer of Code (GSoC) 2026, welcoming student developers to contribute to KDE projects over the summer. The post outlines how the program works and encourages interested learners to apply and get involved with the KDE community.

SUSE Responds to the copy.fail Vulnerability

SUSE Communities details the company’s response to Copy Fail, a critical Linux kernel vulnerability in the algif_aead module that allows a local non-root user to gain full root access. The post, written by Marcus Meissner, outlines which SUSE and openSUSE products are affected and confirms that patches have been issued. Users are strongly advised to apply the available updates immediately.

View more blogs or learn to publish your own on planet.opensuse.org.

Summit Draws Landmark Regional Gathering

admin@opensuse.org (Douglas DeMaio) — Tue, 05 May 2026 11:00:00 +0000

Three hundred twenty-one developers, students and technology professionals converged on Universidad Libre in Barranquilla, Colombia, for the first-ever openSUSE America Summit.

It was a two-day event held at Universidad Libre’s campuses that wrapped up on May 1 with calls to expand open-source culture and contribution across the region.

A capture the flag competition added a hands-on cybersecurity dimension to the summit, challenging participants to test their offensive and defensive skills in a live environment. The exercise drew significant interest from students and IT professionals alike.

The conference drew presenters from across the globe, which reflects the international reach of the open-source community. Speakers representing Colombia, Argentina, Brazil, Mexico, the Dominican Republic, India, the United Kingdom, Germany and the United States addressed topics ranging from cybersecurity and cloud infrastructure to machine learning and community development.

Luis Delascar of Colombia opened Day 2 with a presentation on Kuná Red, an offline-first, open-source mesh networking solution designed to enable communication in rural and underserved regions lacking reliable internet or cellular infrastructure. Diego Córdoba of Argentina delivered a deep dive into Netfilter and firewall architecture in openSUSE using nftables, while compatriot Andrea Navarro, also from Argentina, addressed the use of Jupyter notebooks in educational settings as an alternative to commercial cloud platforms.

Patrick Fitzgerald made the case for Linux migration in an update talk titled about migrating from Windows to Linux citing growing concerns around data sovereignty, tariffs, and unreliable international partnerships as compelling reasons for individuals and organizations to move to Linux.

Ram Mohan Rao Chukka and Shibi Ramachandran, both from India, presented two sessions; one on improving end-to-end testing using Kuttl to reduce broken builds, and another on intelligent drift detection and auto-remediation in ArgoCD for enterprise Kubernetes environments.

Walddys Dorrejo of the Dominican Republic, an openSUSE moderator, presented on unified observability and security using Wazuh. Gabriel Bazzotti of Brazil introduced Git-based packaging for openSUSE and Anuar Harb of Mexico spoke about open-source infrastructure as the foundation for connected digital ecosystems in emerging regions.

Colombian speakers were featured prominently throughout the program. Jorge Lambrano presented a full machine learning workflow. Jorge Aguilar addressed building modern, robust open-source data platforms for demanding analytics workloads. Jesuse Bossa explored the historical and philosophical purpose of engineering and Deiner Bello showcased VisitChocó, an interactive tourism platform built with React, TypeScript and geospatial data promoting the Colombian department of Chocó. Integration of Weblate to enable community-driven translations and expand the platform’s reach to broader audiences across Latin America and beyond is being considered.

Johannes Segitz delivered two sessions. His talk about the current AI landscape and how LLMs are reshaping how people code, patch and package software was a crowd pleaser.

Organized by sponsorship lead Astian Inc., which the company behind the Midori light-weight Web Browser along with a network of local support from LinuxBQ and Red Team Barranquilla, Barranquilla’s community of free and open-source software enthusiasts organized and ran the summit April 29 through May 1.

Having the event at two campuses, Universidad Libre’s Central Campus on April 29 and North Campus on April 30, was a natural fit for the open-source event. Attendees included speakers, IT professionals and students from university had hours of discussions about openSUSE and the broader open-source ecosystem.

The event was made possible with support from SUSE and the Geeko Foundation, both of which help to champion growth of the openSUSE Project and the global open-source community.

The choice of Barranquilla as host city may prove to be more than symbolic. Organizers and attendees have begun discussing the possibility of transforming the openSUSE America Summit into a recurring, traveling event modeled after the openSUSE.Asia Summit, which rotates among countries throughout Asia. Each host nation contributes its own cultural identity and local community to the gathering.

Colombia, with its growing technology sector, strong university ecosystem and passionate open-source community, makes a compelling case as a starting point and center of gravity for future events. The LinuxBQ community’s enthusiasm and the active participation of Universidad Libre students signal that the conditions for a sustainable, grassroots open-source movement in the region are already in place. If the model takes hold, future editions of the summit could travel to other nations across the Americas and the Caribbean, amplifying the voices of tech leaders throughout the region and building a collective, traveling community of experts much as the Asia Summit has done across that continent.

A community barbecue on May 1 brought speakers and volunteers together to close out the event. Sessions were livestreamed and are available for viewing on the LinuxBQ YouTube channel.

Tumbleweed Monthly Update - April 2026

admin@opensuse.org (Douglas DeMaio) — Mon, 04 May 2026 11:00:00 +0000

There were several software package updates for openSUSE Tumbleweed during April and the later half of the month brought some urgency with Copy Fail, which is now safe for users of the rolling release and Slowroll for those who have done a zypper dup at the end of the month.

The information about affected flavors of openSUSE was covered in a blog by the security team.

April brought a major desktop release of GNOME 50 and there was a fourth Plasma 6.6 point release. PHP, GTK4 with the new native GtkSvg renderer, SQLite, iproute2, and nano were among some of the develop packages updated this month. The Linux kernel advances to 7.0.2, and Mesa progressed through 26.0.4 and 26.0.5 with raytracing fixes ahead of upcoming game releases. Security received heavy attention with WebKitGTK, Python, CUPS, Flatpak, sudo, and OpenEXR all receiving multiple Common Vulnerabilities and Exposures fixes.

As always, be sure to roll back using snapper if any issues arise.

For more details on the change logs for the month, visit the openSUSE Factory mailing list.

New Features and Enhancements

KDE Gear 26.04.0: This major release updates 129 packages from the 25.12.3 series across the core PIM suite (Akonadi, KMail, Kontact, KOrganizer), graphics tools (Gwenview, Okular), development tools (Kate, Kompare, Umbrello), and system utilities (Dolphin, Konsole, Kleopatra). Dolphin prevents re-entrant signal activation across multiple view states, and Ark prevents silent replacement of existing files by directory entries during extraction. Okular avoids processing HTML with QDomDocument and improves certificate selection, and kdegraphics-thumbnailers addresses multiple crashes for malformed files. Infrastructure-wide changes include CMake modernization, a port to QDoc documentation, and migration toward modern C++ patterns such as std::shared_ptr over QSharedPointer. The companion ktextaddons library jumps from 1.8.0 to 2.0.1.

KDE Frameworks 6.25.0: This release emphasizes code quality, memory safety, and developer experience. KIO reverts a problematic permissions-based readability check, restores proper FTP UTF-8 negotiation, fixes WebDAV copy/move headers, and resolves multiple memory leaks across file operations and preview jobs. KCodecs streamlines encoding detection with safer initialization, improved codec lookup performance, and removes obsolete code since Qt 6.8+ is required.Kirigami enhances component reliability by preventing dialog layer leaks and adds a configurable textFormat property to TitleSubtitle, while Breeze Icons expands the icon set with new status icons. KTextEditor improves document handling by using the first line as a fallback title and adding relevant MIME types to save dialogs.

GNOME 50 for developers: This release brings significant improvements to the development stack. Builder gains a new save delegate system for better draft handling, refined dark theme colors matching the Adwaita palette, and more integrated help documentation. Flatpak support now moves deleted files to the trash, the LSP client better handles delete notifications, and the build pipeline supports more flexible post-install commands. Mutter Devkit receives a major feature expansion including HiDPI and fractional scaling simulation, multi-monitor support within a single session, clipboard integration between host and Devkit, and resizable virtual displays with emulated monitor modes — reducing the need for physical multi-monitor test setups. GTK 4.22 introduces GtkSvg, a new native in-process SVG renderer integrated with the GTK Scene Graph that supports SVG animations, passes over 1,250 tests in the resvg test suite, and maintains 60fps+ performance for trusted system icons and application resources (untrusted SVGs should still use the sandboxed Glycin library). Libadwaita 1.9 introduces new sidebar widgets including AdwSidebar and AdwViewSwitcherSidebar (replacing GtkStackSidebar), automatic support for the system-wide reduced motion preference across most widgets, context menus on AdwAboutDialog link rows, and GTK_DEBUG=builder diagnostics for all standard widgets. Autoloaded style resources are deprecated in favor of standard CSS media queries.

GDM 50.0: The most significant change for this in the GNOME 50 release is the complete removal of X11 support for GDM’s own sessions, which now always run on Wayland. Features like XDMCP and the system-wide Xserver are gone, though launching other desktops’ X11 sessions via per-user X servers is still possible. Compiling GDM without Wayland support is no longer possible. With systemd v260+, remote desktop sessions and local background sessions are now granted GPU access, enabling accelerated graphics for remote sessions on distributions that restrict GPU device node permissions. service simplifies starting headless graphical sessions for RDP purposes. The gdm/gdm3` user is no longer needed since GDM now fully relies on dynamically allocated users. Wtmp/utmp/btmp records now contain more useful values, especially for Wayland and headless RDP sessions.

Plasma 6.6.4: KWin fixes blur flickering after wobbly windows, improves startup feedback icon clarity, resolves crashes with accessibility keyboards, and enhances pointer scaling and key repeat handling on Wayland. The Oxygen theme addresses pixelated buttons under fractional scaling, restores missing menu shadows, and adds a missing switch SVG. Usability improvements include better RTL support in Kicker, proper drag initiation only after pointer movement, and refined shortcut conflict prevention in keyboard settings. Plasma Keyboard hardens virtual input handling with UTF-8 length fixes and disables predictive text during capture. Other fixes improve Discover by correcting how it tracks the number of active transactions, Dr Konqi with more reliable crash debugging, and Spectacle with a workaround for an overlay issue introduced in Qt 6.11. Several system tray and menu rendering glitches across multiple applets are also resolved, resulting in a smoother and more resilient desktop experience.

w3m 0.5.6: This is a major update for the terminal web browser. New features include commands to scroll the current line to top/bottom, a change directory (CD) command, a vim-like smartcase search option, recognition of aria-label for buttons, gopher protocol support, and experimental session store and restore. The image display in the kitty terminal is fixed, and slow backward search in long lines is improved.

LibreOffice 26.2.2.2: This is a major version upgrade with completely new features, improvements, and bug fixes across Writer, Calc, Impress, Draw, Math, and Base. Detailed release notes are available at The Document Foundation wiki. Bundled components are refreshed including PDFium updated from 7012 to 7471 and 2D Graphics Library Skia updated from milestone 136 to 142.

SDL3 3.4.2: This update adds SDL_HINT_OPENGL_FORCE_SRGB_FRAMEBUFFER to control sRGB behavior for OpenGL and OpenGL ES contexts. A long startup time on Windows caused by non-compliant input devices was fixed, along with a divide-by-zero when using Nintendo Switch 2 controllers and improved GameCube adapter handling in PC mode. Support for the Razer Raiju V5 Pro is added.

cryptsetup 2.8.6: This update has several disk encryption fixes. The resumed device UUID is now verified against the UUID stored in metadata, and the LUKS2 reencryption lock name was corrected. FileVault (fvault2) metadata parsing is fixed, including reading from the correct image offset. The OpenSSL crypto backend works again when built with LibreSSL and allows up to 64 concurrent threads.

Mozilla Firefox 149.0.2: This update addresses multiple security vulnerabilities, including integer overflow and memory safety bugs in Graphics: Text and Graphics: WebGPU components. The update also includes enterprise-related features such as AI-feature management, prevention of built-in VPN and IP protection, and correct application of browser homepage and start page policies. Other fixes include resolution of layout issues with graphics (SVG), crash prevention for security keys and WebAuthn features, and improved handling of web page printing and website error pages. Additionally, the build process is updated to be compatible with clang-based building on Leap, with the necessary libraries specified. [Linux]

PHP 8.5.5: This minor version bump from the 8.4 series brings numerous bug fixes across the core, DOM, Opcache, and OpenSSL modules. Notable fixes address JIT compiler arithmetic errors, memory leaks, and use-after-free vulnerabilities. The package now requires libcapstone as a dependency.

nano 9.0: This is a major version bump for the popular terminal text editor. The release improves horizontal scrolling, changes how macro recording is handled, and brings other usability refinements that build on the 8.x series.

iproute2 7.0: A major version bump for the Linux network configuration toolkit. New features include CAN XL support and DPLL mode setting, both of which extend networking and timing capabilities for newer hardware platforms.

iw 6.17: This wireless configuration tool sees a significant jump from 6.9. It adds support for WPA3 SAE association, EHT rate and bitrate handling for Wi-Fi 7, multi-radio RTS configuration, and endianness fixes across the wireless stack.

GIMP 3.2.4: This minor update to the GNU Image Manipulation Program continues the 3.2 series with bug fixes and incremental improvements following the 3.2.2 release.

xterm 407: New private modes for UTF-8 and character width reporting are introduced, and Unicode handling and window resizing functionality are improved.

gnome-remote-desktop 50.1: This minor update to the GNOME 50 release fixes a black-screen issue when using NVIDIA GPUs.

Key Package Updates

Linux kernel 6.19.11 - 7.0.2: The 7.0.2 update fixes an SMB client out-of-bounds read in smb2_ioctl_query_info, DACL validation in cifsacl, and directory separator handling in SMB1 UNIX mounts. F2FS receives multiple fixes including a use-after-free in f2fs_compress_write_end_io() and f2fs_write_end_io(), a memory leak in f2fs_rename(), and improved sanity checks. FUSE fixes several issues including rejection of oversized dirents in page cache, aborting on fatal signals during sync init, and ensuring device file initialization before cloning. A TOCTOU race in net/packet on mmap’d vnet_hdr in tpacket_snd() is corrected, and crypto fixes address async decrypt skipping hash verification in krb5enc and failed PSP command handling in the CCP driver. The 7.0.1 version sees KVM SEV receive several hardening fixes including locking all vCPUs when synchronizing VMSAs for SNP launch finish, disallowing LAUNCH_FINISH if vCPUs are actively being created, and protecting sev_mem_enc_register_region() with proper locking. Multiple use-after-free bugs are resolved across subsystems including bcache (crash in cached_dev.sb_bio), ocfs2 (fault handling with VM_FAULT_RETRY), the em28xx media driver, blk-cgroup writeback, and ALSA 6fire on USB disconnect. The 6.19.11 update brings several BPF fixes including reset of register ID for BPF_END value tracking, constant blinding for PROBE_MEM32 stores, undefined behavior in interpreter sdiv/smod for INT_MIN, and unsound scalar forking in maybe_fork_scalars(). CXL receives multiple corrections including a use-after-free of parent_port in cxl_detach_ep() and a leak in region construction. NVMe-PCI now caps queue creation to used queues, and platform support is expanded with several HP Omen and Victus laptops, OneXPlayer handheld variants, and Dell 14 Plus 2-in-1 keyboard support.

Mesa 26.0.4 & 26.0.5: The 26.0.4 out-of-schedule release combines bugfix updates and important raytracing fixes for an upcoming game. RADV corrects an invalid hitAttributeEXT value when using function-call RT pipelines, fixes a memory leak in radv_rt_nir_to_asm, and emits BOP events after every draw to work around a VRS bug on GFX12. RadeonSI fixes a missing ground texture and ANV (Intel) addresses flashing effects in Horizon Forbidden West. Nouveau fixes a segmentation fault in gm200_validate_sample_locations triggered by Firefox on GTX 1070 Ti, and NVK corrects barrier cache invalidation and viewport handling on Turing with FSR. The 26.0.5 follow-up is another bugfix release that refreshes the GL headers from libglvnd and disables Vulkan and Panfrost on armv6. Full release notes are available at the Mesa documentation site.

SQLite 3.53.0: A new Query Result Formatter library is introduced in this release for the popular embedded database, and ALTER TABLE is enhanced with additional capabilities. The jump from 3.51.3 also brings query planner refinements and incremental improvements that benefit any application linking against the system SQLite.

libxml2 2.15.3: A point release follow-up to the major 2.15 update. Multiple security fixes are included for type confusion, double-free, and use-after-free issues in the XML parser.

libpng16 1.6.57: A small but security-relevant point release that fixes a use-after-free in chunk setters tracked as CVE-2026-34757.

libjpeg-turbo 3.1.4.1: This update to the widely used JPEG codec includes multiple API hardening fixes and improved buffer handling, providing a more robust foundation for image-processing software across the system.

libarchive 3.8.7: A heap buffer overflow in CAB archive handling is fixed, along with a buffer overflow in the ISO9660 reader. As libarchive is used by package managers and archive tools across the distribution, this update is broadly relevant.

mozilla-nss 3.122.1: This release of the Network Security Services library brings 30+ bug fixes, including patches for multiple heap use-after-free, integer overflow, and ASN.1 parsing vulnerabilities that affect TLS handling in Firefox, Thunderbird, and other consumers.

pipewire 1.6.4: This audio and video pipeline server resolves segmentation faults, improves JACK compatibility, and corrects regressions in the RAOP (AirPlay) module.

SSSD 2.13.0: The pam_sss_gss module can now read SIDs from the Kerberos ticket PAC and apply authentication indicators via the new pam_gssapi_indicators_apply option, supporting Active Directory’s Authentication Mechanism Assurance (AMA). Active Directory Foreign Security Principals (FSP) are now properly detected and ignored when reading nested group members. Support for the KDE Plasma Login Manager is added. New options include avoid_by_id_lookups for preferring name-based lookups, and interactive/interactive_prompt for customizing OAuth2 prompting behavior. Cache performance is optimized for large deployments.

mpc 1.4.1: This complex-number arithmetic library steps from 1.3.1 to 1.4.1 and adds new functions including mpc_exp10, mpc_exp2, and mpc_log2. Sign handling for imaginary parts is improved and pkg-config generation is included.

leancrypto 1.7.2: This cryptographic library jumps from 1.6.0 and adds post-quantum primitives ML-DSA, SLH-DSA, and ML-KEM along with an X.509 fix tracked as CVE-2026-34610.

SELinux Policy 20260410: This update contains a wide range of policy refinements. Missing Nextcloud file contexts are added, the openSUSE /var/lib/php8 path and /srv/www/htdocs Apache DocumentRoot are properly labeled. Cloud-init is now allowed to domtrans into ssh-keygen, and accountsd gains proper D-Bus communication with systemd-homed along with corrected file context labeling for /usr/share/accountsservice. OpenSSH receives a policy adjustment allowing sshd-session to send a generic signal to sshd-auth. Polkit support is updated for its agent helper. Additional permissions are granted for staff and sysadm users, including reading PID1 process state, connecting to systemd-logind and lvm over Unix stream sockets, mounting /proc, and gaining sandboxing features. Virtualization policies gain several adjustments for virtqemud and virtnetworkd, and a new local_login_allow_accountutils_fallback_mode boolean is introduced. The snapper sdbootutil plugin is allowed to read kernel modules. The embedded container-selinux is updated to v2.247.0.

texinfo 7.3: The documentation format package adds new title-page commands, flexible node headings, and cross-reference features. texi2any gains major HTML speedups, optional C implementation, improved diagnostics, and defaults updates. HTML, Info, LaTeX, XML, and info tool receive enhancements and cleanups. The updated deprecated @clickstyle and removed old patches.

XZ Utils 5.8.3: This update fixes a buffer overflow in lzma_index_append() and an invalid memory access in xz when using --files and --files0 options. Arabic man page translations are added.

GTK4 4.22.2: The headline change is native SVG rendering via the new GtkSvg renderer, which drops the librsvg dependency entirely for icon and image rendering. The new renderer supports animations, state names, and SVG filters, with filters now operating in linear RGB by default. The GStreamer media backend now supports gapless looping with GStreamer 1.28, and gtk4-rendernode-tool gains a new filter command for node manipulation. Several drag-and-drop fixes are included, notably restoring the DropTarget::leave signal emission when a drop finishes. Vulkan handling is improved with fixes for SWAPCHAIN_MAINTENANCE checks, pending offset resets on Wayland, and invalid reads. Symbolic icon fallback rendering is corrected, dmabuf support now handles fewer fds than planes, and drop shadow rendering no longer darkens transparent textures. For Tumbleweed users, this brings major rendering architecture improvements and broad stability fixes to GTK4 applications.

webkitgtk3 and webkitgtk4 2.52.1: Numerous security vulnerabilities are patched across both releases. Touch scrolling for small movements is smoother, and scrollend events are now correctly emitted after scroll animations. Async scrolling is improved when the main thread is busy by rendering scrollbars from the scrolling thread. The GPU process is disabled by default in this cycle. A build option to disable USE_GSTREAMER is added for configurations without multimedia support.

Security Updates

Python:

CVE-2026-25645: Addresses an issue in Python allowing a local attacker to pre-create malicious files that could be reused and loaded without validation.
CVE-2026-4519: Fixes a command-line option injection in Python’s webbrowser.open() where leading dashes in URLs could be interpreted as browser command-line arguments.
CVE-2025-13462: Addresses an issue where Python’s tarfile module can cause crafted archives to be misinterpreted.
CVE-2026-4224: Resolves a stack overflow that could lead to a crash.

python-cryptography 46.0.7:

CVE-2026-39892: Fixes a buffer overflow that can occurr when a non-contiguous buffer was passed to APIs accepting Python buffers.

w3m 0.5.6:

CVE-2023-38252: Fixes an out-of-bounds read that could allow a crafted HTML file to cause a denial of service.
CVE-2023-38253: Fixes an out-of-bounds read that could allow a crafted HTML file to cause a denial of service.

webkitgtk3 and webkitgtk4 2.52.1:

CVE-2025-43213: Fixes an issue where processing maliciously crafted web content could lead to an unexpected crash.
CVE-2025-43214: Addresses a flaw where processing maliciously crafted web content could cause an unexpected crash.
CVE-2025-43457: Resolves a vulnerability where processing maliciously crafted web content could lead to an unexpected crash.
CVE-2025-43511: Fixes an issue where processing maliciously crafted web content could lead to memory corruption.
CVE-2025-46299: Addresses a flaw in WebKit where processing maliciously crafted web content could lead to unexpected behavior.
CVE-2026-20608: Resolves a vulnerability where processing maliciously crafted web content could lead to memory corruption.
CVE-2026-20635: Fixes a WebKit flaw where processing maliciously crafted web content could cause an unexpected crash.
CVE-2026-20636: Addresses an issue where processing maliciously crafted web content could lead to memory corruption.
CVE-2026-20644: Resolves a WebKit vulnerability where processing maliciously crafted web content could lead to an unexpected crash.
CVE-2026-20652: Fixes an issue where processing maliciously crafted web content could cause memory corruption.
CVE-2026-20676: Addresses a WebKit flaw where processing maliciously crafted web content could lead to unexpected behavior or a crash.
CVE-2026-20643: Resolves a cross-origin issue in the Navigation API where processing maliciously crafted web content could bypass the Same Origin Policy.
CVE-2026-20664: Fixes a WebKit memory handling flaw where processing maliciously crafted web content could cause an unexpected process crash.
CVE-2026-20665: Addresses an issue where processing maliciously crafted web content could prevent Content Security Policy from being enforced.
CVE-2026-20691: Resolves an authorization flaw where a maliciously crafted webpage could be used to fingerprint the user.
CVE-2026-28857: Fixes a WebKit memory handling issue where processing maliciously crafted web content could cause an unexpected process crash.
CVE-2026-28859: Addresses a flaw where a malicious website could process restricted web content outside the sandbox.
CVE-2026-28861: Resolves a logic issue where a malicious website could access script message handlers intended for other origins.
CVE-2026-28871: Fixes a logic flaw where visiting a maliciously crafted website could lead to a cross-site scripting attack.

libcap 2.78:

CVE-2026-4878: Addresses a race condition that could lead to local privilege escalation.

OpenJDK 25 25.0.3:

CVE-2026-22007: Fixes an information disclosure vulnerability in the Security component of Java SE that could allow a local attacker to read a subset of accessible data.
CVE-2026-22008: Addresses a flaw in the Libraries component of Java SE that could allow an unauthenticated network attacker to modify some accessible data.
CVE-2026-22013: Resolves an information disclosure vulnerability in the JGSS component of Java SE that could expose critical data to an unauthenticated network attacker.
CVE-2026-22016: Fixes an information disclosure flaw in the JAXP component of Java SE that could allow an unauthenticated attacker to access critical data via network protocols.
CVE-2026-22018: Addresses a denial-of-service vulnerability in the Libraries component of Java SE that could be triggered by an unauthenticated network attacker.
CVE-2026-22021: Resolves a denial-of-service flaw in the JSSE component of Java SE exploitable via HTTPS by an unauthenticated attacker.
CVE-2026-23865: Fixes a vulnerability in the bundled FreeType library that could allow memory corruption when processing crafted font data.
CVE-2026-34268: A patch was added for an information disclosure issue in the Security component of Java SE that could allow a local attacker to read a subset of accessible data.
CVE-2026-34282: Addresses a denial-of-service vulnerability in the Networking component of Java SE that could allow an unauthenticated attacker to cause a complete crash or hang.

Flatpak 1.16.6:

CVE-2026-34078: Fixes a sandbox escape where the portal accepted app-controlled symlinks in sandbox-expose paths, allowing arbitrary host file access and code execution in the host context.
CVE-2026-34079: Addresses a path traversal flaw that could allow an app to delete arbitrary files on the host.

libinput 1.31.1:

CVE-2026-35093: Fixes a code injection flaw where a local attacker could place a crafted Lua bytecode file in system or user configuration directories to bypass security restrictions and execute code with the privileges of the affected program.
CVE-2026-35094: Addresses a dangling pointer that could leak memory contents to system logs.

opensc 0.27.1:

CVE-2025-49010: Fixes a stack buffer overflow that could cause memory corruption.
CVE-2025-66215: Fixes a stack buffer overflow that could cause memory corruption. .
CVE-2025-66038: Addresses an out-of-bounds read that could lead to memory corruption during smart card processing.
CVE-2025-66037: Addresses an out-of-bounds heap read that could lead to denial of service.
CVE-2025-13763: Fixes several uses of potentially uninitialized memory in OpenSC detected by fuzzers.

XZ Utils 5.8.3:

CVE-2026-34743: Fixes a heap buffer overflow in XZ Utils where decoding an empty Index left lzma_index in a state that caused undersized allocation in a subsequent lzma_index_append() call.

389ds 3.1.4+e2562f589:

CVE-2025-14905: Fixes a heap buffer overflow caused by incorrect buffer size calculation that could potentially lead to denial of service or remote code execution.

openexr 3.4.9:

CVE-2026-34589: Fixes a heap out-of-bounds write that could lead to memory corruption.
CVE-2026-34588: Addresses a signed 32-bit overflow leading to out-of-bounds read/write.
CVE-2026-34380: Resolves a signed integer overflow that could allow bounds-check bypass during PXR24 decompression.
CVE-2026-34379: Fixes a misaligned write leading to undefined behavior.
CVE-2026-34378: Addresses a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x values.
CVE-2026-34543: Resolves a heap information disclosure that could cause uninitialized heap memory to leak into output pixel data.
CVE-2026-34544: Fixes a signed integer overflow that could lead to an out-of-bounds write and memory corruption.

evolution-data-server 3.60.0:

CVE-2026-2604: The advisory for this vulnerability indicates it involves an insecure local cache file removal.

SSSD 2.13.0:

CVE-2026-6245: Fixes an out-of-bounds read in the PAM passkey responder.

glib2 2.88.0:

CVE-2026-23868: Fixes a vulnerability caused by a shallow copy that may lead to memory corruption.
CVE-2026-32776: Fixes a NULL pointer dereference when processing empty external parameter entity content.
CVE-2026-32777: Addresses an issue that could result in an infinite loop while parsing DTD content, potentially leading to a denial of service.
CVE-2026-32778: Resolves a NULL pointer dereference following an earlier out-of-memory condition.

sudo:

CVE-2026-35535: Fixes a privilege escalation in sudo where a failed setuid, setgid, or setgroups call during the privilege drop was not treated as a fatal error.

CUPS 2.4.17:

CVE-2026-27447: Fixes a case-sensitivity vulnerability in user/group handling that could allow access bypass.
CVE-2026-34978: Addresses a directory traversal flaw in the RSS notifier.
CVE-2026-34979: Resolves insufficient memory allocation for job options that could lead to buffer issues.
CVE-2026-34980: Fixes incomplete control character filtering in option values.
CVE-2026-34990: Addresses missing certificate validation over loopback connections.
CVE-2026-39314: Resolves a job password range check flaw.
CVE-2026-39316: Fixes a scheduler subscription bug that could be abused to disrupt printing.

mozilla-nss 3.122.1:

This release rolls up more than 30 fixes across the Network Security Services library, including patches for multiple heap use-after-free, integer overflow, and ASN.1 parsing vulnerabilities affecting TLS handling.

ruby4.0 4.0.3:

CVE-2026-41316: Fixes a vulnerability in the ERB component affecting Marshal.load operations with untrusted data.

python-lxml 6.1.0:

CVE-2026-41066: Fixes an external entity injection (XXE) vulnerability in iterparse() that could allow disclosure of local files or server-side request forgery.

libXpm:

CVE-2026-4367: Addresses an out-of-bounds read when parsing crafted XPM image files that could lead to information disclosure or a crash.

dnsmasq:

CVE-2026-6507: Fixes an out-of-bounds write in DHCP BOOTREPLY processing that could be triggered by a malicious DHCP server response.

libpng16 1.6.57:

CVE-2026-34757: Fixes a use-after-free in chunk setters that could lead to memory corruption.

libarchive 3.8.7:

Fixes a heap buffer overflow in CAB archive handling and a buffer overflow in the ISO9660 reader. Both flaws could be triggered by crafted archive files and are relevant given libarchive’s broad use across packaging and extraction tools.

libxml2 2.15.3:

This release rolls up multiple security fixes including a type confusion issue, a double-free, and a use-after-free in the XML parser.

ImageMagick 7.1.2.19:

CVE-2026-33905: Fixes a flaw that could be triggered by crafted images and lead to a crash or memory corruption.

GraphicsMagick:

CVE-2026-33535: Addresses an out-of-bounds write in X11 display interaction that could lead to a crash or potential code execution.
CVE-2026-26284: Fixes a heap overflow that could be triggered while processing crafted images.

leancrypto 1.7.2:

CVE-2026-34610: Fixes an X.509 parsing flaw that could lead to certificate validation bypass.

openldap2 2.6.13:

Addresses a heap buffer overflow in parse_whsp and a potential NULL pointer dereference, both of which could be triggered by malformed input to the LDAP server.

Users are advised to update to the latest versions to mitigate these vulnerabilities.

Conclusion

April 2026 was a busy month for openSUSE Tumbleweed with two of the largest desktop releases of the year landing back to back: GNOME 50 and KDE Gear 26.04.0. GTK4 4.22 introduced the new native GtkSvg renderer and dropped the librsvg dependency for icon rendering, while LibreOffice 26.2 brought a fresh major office suite. Developers received major version bumps across PHP 8.5, SQLite 3.53, iproute2 7.0, nano 9.0, and the iw wireless tool. Security continued to be a heavy theme with WebKitGTK, CUPS, Python, Flatpak, sudo, and OpenEXR all receiving multiple CVE fixes alongside a steady cadence of cryptographic library hardening from mozilla-nss, libgcrypt, and leancrypto.

Slowroll Arrivals

Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users. Updated packages for Slowroll are regularly published in emails on openSUSE Factory mailing list.

Contributing to openSUSE Tumbleweed

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

openSUSE Asia Summit 2026 Call for Speakers

admin@opensuse.org (openSUSE Asia Summit Team) — Wed, 29 Apr 2026 17:30:00 +0000

We are excited to announce that the Call for Speakers for openSUSE.Asia Summit 2026 is now open! This year, the Summit will take place on October 3–4, 2026, at the Teaching Industry Learning Center (TILC), Vocational School, Universitas Gadjah Mada (UGM), Yogyakarta, Indonesia. For more details, stay tuned to our official channels and news portal.

The openSUSE.Asia committee invites speakers from all backgrounds to share their knowledge, experience, and passion for openSUSE and open source. Speakers may also apply for support from the openSUSE Travel Support Program (TSP). We encourage everyone, near or far, to submit their proposals and join us in Yogyakarta!

Topics

The examples of the topics (not limited to) are as the following:

openSUSE (e.g., Leap, Tumbleweed, Micro OS, Open Build Services, openQA, YaST)
Desktop environments and applications (e.g., GNOME, KDE, XFCE)
Office suite, graphic art, multimedia (e.g., LibreOffice, Calligra, GIMP, Inkscape)
Multilingualization support (e.g., input methods, translation)
Cloud, Virtualization, Container, and Container Orchestration (e.g., Kubernetes, Rancher)
Package supply-chain security, vulnerability management
Embedded and IoT
Other applications running on openSUSE

Topics that are not related to a specific technology are also welcome. For example:

An overview of FLOSS technologies
Development, Quality Assurance, Translation
Tips & Tricks, Experience stories (success or fail), Best practice
Marketing and community management
Education

Types of sessions

We are inviting proposals for these two types of sessions.

Long talks with presentation (45 min. + Q&A)
Short talks with presentation (30 min. + Q&A)

Lighting talk sessions (5 min.) will be announced later.

Schedule

Proposal submission deadline: 1 July, 2026
Notification to speakers: 21 July, 2026

How to submit your proposal document

Please submit your proposal at events.opensuse.org. If you do not have a SUSE community account, please sign up before submitting your proposal.

You must follow the openSUSE Conference Code of Conduct.
Your proposal should be written in English, between 130 and 250 words, and have a clear, relevant title.
Please check for spelling and grammar before submitting, using tools like LibreOffice, Google Docs, or Grammarly.
See our guide for tips on writing a great proposal.
If you need help, contact committee members in your country or region.

Requirements for your presentation

You may present in English or Bahasa Indonesia, but all documents and slides must be in English.
Speakers must be present at the venue; prerecorded videos and remote presentations are not allowed.

Quantum-Resilient Cryptography in the openSUSE Ecosystem

admin@opensuse.org (Alessandro de Oliveira Faria) — Tue, 28 Apr 2026 04:00:00 +0000

It is with great joy that I officially announce the release in the openSUSE family (Leap and Tumbleweed) of the new package focused on cryptography resistant to the post-quantum era.

The libzupt library is designed to offer encryption and decryption of files and binary data in memory using a hybrid approach based on ML-KEM-768 + X25519.

libzupt is a modern SDK that simplifies the adoption of post-quantum cryptography in real-world applications. Currently, it has initial support for C++, Python, and Java, with support for Node.js (under development). Its goal is to make the implementation of advanced cryptographic mechanisms accessible without compromising usability for developers.

libzupt, created by Alessandro de Oliveira Faria, is a modern SDK that simplifies the adoption of post-quantum cryptography in real-world applications. Currently, it has initial support for C++, Python, and Java, with Node.js support (under development). Its goal is to make the implementation of advanced cryptographic mechanisms accessible without compromising usability for developers.

The project originates from the Zupt initiative, conceived by Cristian Cezar Moisés. As a tribute, the library inherited the name of the original project. Zupt, in turn, is a compression and backup tool that already incorporated advanced concepts such as authenticated AES-256 encryption and post-quantum key encapsulation.

The motivation behind libzupt is directly linked to the evolution of modern cryptography. The ML-KEM algorithm was standardized by NIST on August 13, 2024, as a secure key encapsulation mechanism for post-quantum scenarios. It allows for the secure establishment of keys even in insecure channels, anticipating future threats.

Below is a simple example of using libzupt in Python:

import zupt
encryptor = zupt.Encryptor(keypair.public_key)
message = b"Hello, Post-Quantum World! This is a secret message."
ciphertext, enc_header = encryptor.encrypt(message)

The main benefit of natively providing this library in openSUSE, is that it allows current applications to be prepared for a scenario where quantum computing could compromise classical algorithms, such as Shor’s Algorithm.

By combining traditional cryptography with mechanisms resistant to quantum computing, libzupt adds a strategic layer of protection. This enables the development of more resilient systems, ensuring the confidentiality and integrity of data in the long term, even in the face of technological evolution.

For more information, go to software opensuse or the source.

Planet News Roundup

admin@opensuse.org (Douglas DeMaio) — Mon, 27 Apr 2026 08:00:00 +0000

This is a roundup of articles from the openSUSE community listed on planet.opensuse.org.

The community blog feed aggregator lists the featured highlights below from April 17 to 23.

Blogs this week cover a Tumbleweed weekly review delivering seven snapshots with notable updates including GNOME 50, KDE Plasma 6.6.4, and Linux kernel 6.19.12. The week also features the venue announcement for openSUSE.Asia Summit 2026 in Yogyakarta, a SUSE Security Team winter spotlight, performance tuning improvements in syslog-ng, a hands-on look at Cockpit as a YaST replacement, and more.

Here is a summary and links for each post:

Kookbook Updates to Version 0.3.0

The KDE Blog covers the 0.3.0 release of Kookbook, a recipe management application created by KDE developer Sune Vuorela. The update brings minor bug fixes along with a migration to Qt6. The application stores recipes as Markdown files and offers ingredient indexing, tag-based organization, and flexible synchronization through external tools like Git or Nextcloud.

Testing Cockpit, the YaST Replacement in openSUSE Tumbleweed

Victorhck in the Free World explores Cockpit, the web-based system management tool that is replacing YaST in openSUSE. After installing the cockpit-client-launcher and resolving missing GTK dependencies, the author found the interface clean and well-organized with familiar configuration options alongside modern features for managing storage, networks, and software repositories.

New Performance Tuning Possibilities in syslog-ng

Peter Czánik’s Blog discusses performance enhancements coming to syslog-ng 4.12 that achieved seven million events per second under laboratory conditions. While the figure represents a benchmark rather than a real-world deployment number, Peter explains that the underlying technologies are already available on the development branch or have existed for some time but lacked sufficient promotion and testing.

Best JPG to PDF Converters for Speed and Ease

The KDE Blog evaluates a range of JPG to PDF conversion tools, from desktop options like KDE Plasma’s Service Menus to online platforms such as Adobe Acrobat Online and iLovePDF. The post weighs each tool’s strengths regarding conversion speed, ease of use, and privacy, and also covers mobile solutions like CamScanner for document digitization.

AI Workshop at Linux Center Valencia

The KDE Blog announces a free AI-focused event organized by Slimbook at their Linux Center facility in Paterna, Valencia on April 25, 2026. The workshop features three sessions: an overview of current AI tools, a hands-on tutorial for running AI locally using Ollama and Fox, and an advanced session on creating autonomous AI assistants for personal computers.

From Virtual Desktop Deployment to Running Local AI – New Barcelona Free Software Talk

The KDE Blog announces a Barcelona Free Software talk on Tuesday April 28, 2026 at 19:00 at Akasha Hub in Barcelona, featuring Alberto Larraz, co-founder of IsardVDI. The talk traces IsardVDI’s 14-year journey from a Free Software alternative to Citrix and VMware Horizon in educational settings to a versatile platform that now leverages GPU management to run local AI inference workloads. Attendees will learn how IsardVDI can be used to generate images, run LLM chats, and power local code assistants using sovereign AI models.

SUSE Security Team Spotlight Winter 2025/2026

The SUSE Security Team winter report documents code review activities across multiple software projects. The team examined systemd releases v258 through v260, snapd transparency features, various D-Bus services including bootkitd and rtkit, and investigated SteamOS and Deepin desktop components. A revisit of Deepin software revealed persistent vulnerabilities in the accounts service, prompting the team to deprioritize future Deepin reviews.

openSUSE.Asia Summit 2026 Announces Venue at Universitas Gadjah Mada

openSUSE News announces that the openSUSE.Asia Summit 2026 will be held October 3–4 at the Teaching Industry Learning Center of Universitas Gadjah Mada in Yogyakarta, Indonesia. Organizers anticipate around 350 participants over two days of talks, workshops, and community activities. The venue was selected for its modern facilities and the university’s strong reputation as a leading Indonesian institution focused on education, research, and innovation.

Per-Screen Virtual Desktops and Wayland Session Restore – This Week in Plasma

The KDE Blog covers the latest This Week in Plasma highlights, including a major new feature in Plasma 6.7 that allows each monitor to independently switch between virtual desktops. KWin has also gained support for the Wayland session management protocol, paving the way for applications to remember their size and position after a system restart. The edition also rounds up numerous UI improvements, such as drag-and-drop support for app launchers, a new standard Badge component in Kirigami, and a range of bug fixes across Plasma 6.6.4, 6.6.5, and 6.7.

Hello Old New ‘Projects’ Directory!

Matthias Klumpp’s Blog introduces the xdg-user-dirs 0.20 release, which now enables a Projects directory by default in Linux home folders. The folder offers a standardized location for project files that do not cleanly belong in existing categories like Documents or Music. Users who prefer the old layout can simply delete the folder and the utility will adjust accordingly, while administrators can customize default locations through configuration files.

Tumbleweed – Review of the Week 2026/16

Victorhck and dimstar cover a busy week with seven Tumbleweed snapshots delivered in seven days across snapshots 0410 through 0416. Major updates included GNOME 50, KDE Plasma 6.6.4, Samba 4.23.6, PHP 8.4.20, GStreamer 1.28.2, and Linux kernel 6.19.12, along with improvements to transactional-update’s soft-reboot functionality. Looking ahead, the team is preparing significant upgrades such as Linux kernel 7.0, LLVM 22, and GCC 16 as the system compiler.

Episode 72 of KDE Express: Plasma 6.6.4, Gear 26.04 and More News

The KDE Blog shares the latest episode of KDE Express, a Spanish-language podcast covering the KDE community and open source software. The episode highlights significant releases including Plasma 6.6.4 and KDE Gear 26.04, along with developments across various KDE applications and distributions.

View more blogs or learn to publish your own on planet.opensuse.org.

openSUSE.Asia Summit 2026 Announces Venue at Universitas Gadjah Mada

admin@opensuse.org (openSUSE Asia Summit Team) — Sun, 19 Apr 2026 17:30:00 +0000

The openSUSE.Asia Summit 2026 team is excited to announce the official venue for this year’s conference. The summit will be held at Universitas Gadjah Mada (UGM) in Yogyakarta, Indonesia.

The event will take place at the Teaching Industry Learning Center (TILC) of the Vocational School, a modern facility designed to support collaboration, learning, and industry engagement. The summit is expected to welcome around 350 participants over two days of talks, workshops, and community activities.

Date & Venue

Dates: 3–4 October 2026
Venue: Teaching Industry Learning Center (TILC), Vocational School
Universitas Gadjah Mada (UGM)
Jl. Blimbingsari No.37, Caturtunggal, Depok, Sleman
Special Region of Yogyakarta, Indonesia
OpenStreetMap

We look forward to welcoming you to the UGM campus — a place where academic excellence meets a vibrant student and technology community.

About Universitas Gadjah Mada

Founded in 1949, Universitas Gadjah Mada is one of Indonesia’s leading universities and a symbol of national education and cultural identity. Starting with just six faculties, UGM has grown into a comprehensive institution with 18 faculties, a graduate school, and a vocational school. Today, UGM continues to play a key role in education, research, and innovation, making it an ideal setting for the openSUSE.Asia Summit.

Who Should Attend

We expect more than 350 participants, including:

openSUSE contributors and users
ICT professionals and industry representatives
Free and Open Source Software (FOSS) enthusiasts
Students interested in open-source technologies and development

We can’t wait to welcome you to Yogyakarta — see you on campus at Universitas Gadjah Mada! 🦎🌏

Planet News Roundup

admin@opensuse.org (Douglas DeMaio) — Fri, 17 Apr 2026 08:00:00 +0000

This is a roundup of articles from the openSUSE community listed on planet.opensuse.org.

The community blog feed aggregator lists the featured highlights below from April 10 to 16.

Blogs this week cover a combined two-week Tumbleweed review delivering 10 snapshots with notable updates including the Linux kernel, Qt 6.11.0, and GIMP 3.2.2. A follow-up on the growing ARMv9 build infrastructure, an updated version of OpenVINO, KDE Akademy 2026 in Graz, and more.

Here is a summary and links for each post:

OpenVINO 2026.1: More Models, Performance and a Real Jump in Multimodal AI

Alessandro’s Blog covers the release of OpenVINO 2026.1. The post highlights expanded support for large and multimodal models like GPT-OSS 120B running on CPU and Qwen3-VL across CPU and GPU while pointing out improvements to the OpenVINO Model Server. Alessandro emphasizes the practical value of dynamic LoRA for vision-language models, which lets teams swap adapters at runtime without reloading the base model, which helps cut memory overhead and latency in production.

Discussing RTO in My Genesi T-Shirt

Peter Czánik’s Blog reflects on a conversation with friends about return-to-office policies, prompted by wearing a t-shirt from Genesi, the US company where he first experienced fully remote work in the early days of his career. The post contrasts that flexible, asynchronous work culture with the rigid schedules of other professions like teachers.

New Configurator for Plasma 6.6

The KDE Blog highlights the new Plasma Setup wizard introduced in Plasma 6.6, which is a first-run tool that creates and configures user accounts independently of the operating system installation process. The separation of technical installation steps from user setup steps makes it easier to hand off a device. It is part of Plasma 6.6’s broader focus on improving usability and accessibility for new and reconditioned hardware.

Streaming syslog-ng Data to Your Lakehouse Using OpenTelemetry

Peter Czánik’s Blog explains how Databricks contributed OAuth2 authentication improvements to syslog-ng 4.11.0, which enables customers to stream logs to data lakehouses via the OpenTelemetry protocol. The contributions extended OAuth2 support to gRPC-based destinations including OpenTelemetry, Loki, BigQuery, and ClickHouse.

LibreCan 2026: The meeting of free software in the Canary Islands grows

Victorhck in the Free World promotes the second edition of LibreCan, a free software and hacker culture meetup taking place in the Canary Islands in May 2026. The event has grown since its first edition in 2025 and brings together free software enthusiasts from across the islands.

La Palma Tech Tagoror regresa este 2026

The KDE Blog discusses a series of meetups of the group “San Miguel de la Palma Tech”. The event is planned for April 23, 2026, from 18:00 to 20:00 (Canary time) and is being nicknamed “La Palma Tech Spring 2026”.

eQuest Icon Theme – Elegant Grey and Orange (or Blue or Green) Icons for Your PC

The KDE Blog presents the eQuest icon theme by Thalic with a set of elegant desktop icons combining grey with a vivid accent color such as orange, blue, or green. The pack is designed to complement desktops with matching wallpaper tones and is available through the KDE Store.

120+ Icons and Counting

Jakub Steiner’s Blog celebrates the milestone of over 120 completed app icon requests through the GNOME app-icon-requests project on GitLab. Each icon represents a collaborative design process between a contributor and an app developer following the modern GNOME icon style introduced in 2019.

Magic Folder – Automatically Sort Files with This Plasmoid for Plasma 6 (28)

The KDE Blog presents Magic Folder, the 28th entry in their Plasma 6 plasmoid series, which automatically moves files dropped onto its panel icon into predefined folders. The widget is aimed at users who want to bring order to a cluttered desktop without manual file management. It is a practical addition to the growing library of Plasma 6-native widgets available in the KDE Store.

Following Up on ARMv9 Build Infrastructure

openSUSE News provides an update on the native ARMv9 build capacity added to the Open Build Service following the arrival of NVIDIA Grace Hopper hardware last June. OBS worker dashboards now show active ARMv9 builds across a wide range of packages including the Linux kernel, LLVM, GCC, Python, and Qt. The post also invites hardware vendors to donate or lend equipment to expand multi-architecture coverage further.

release.gnome.org Refactor

Jakub Steiner’s Blog describes porting the GNOME Release Notes website from Jekyll to Zola after his successful migration of his personal blog. The move unlocks two long-missing features: a native RSS feed for GNOME releases and a fully navigable archive of release notes going all the way back to GNOME 2.x. The site now runs as a single binary with zero dependency management, making it far easier for contributors who just want to write markdown.

Submit Your Talk for Akademy 2026 in Graz, Austria

The KDE Blog encourages readers to submit talk proposals for KDE community conference Akademy 2026, which will be held in Graz, Austria from September 19 to 24 as a special edition marking KDE’s 30th anniversary. The event follows a hybrid format, with in-person and online participation. The talks will take place on the first two days with the remainder reserved for working sessions and BoFs. .

Linux Saloon 195 | Open Mic Night

CubicleNate’s Blog recaps episode 195 of the Linux Saloon podcast, which covered a range of tech topics. The episode also touched on critical security flaws in Telegram, and discusses Android malware. The open mic format allowed contributors to share their own perspectives on the week’s developments.

25th Update of KDE Frameworks 6 and the BluezQt Library

The KDE Blog announces the release of KDE Frameworks 6.25. As part of an ongoing series, the post also profiles the BluezQt library, which provides Bluetooth management for KDE Plasma and enables everyday tasks like connecting wireless headphones and monitoring peripheral battery levels.

openSUSE Tumbleweed Weekly Review – Week 14 & 15

Victorhck and dimstar publish a combined two-week Tumbleweed review covering weeks 14 and 15. Ten snapshots were released during the fortnight, delivering updates including the Linux kernel 6.19.10 and 6.19.11, Mozilla Firefox 149.0, Qt 6.11.0, Mesa 26.0.4, GIMP 3.2.2, and LibreOffice 26.2.2.2. Looking ahead, the post previews upcoming changes such as GNOME 50, KDE Plasma 6.6.4, GCC 16 as the default compiler, and LLVM 22.

Moving to Zola

Jakub Steiner’s Blog details the migration of his personal blog from Jekyll to the Rust-based static site generator Zola, driven by frustration with Ruby dependency management. Key benefits highlighted include near-instant build times, a single binary with no external dependencies, and native support for asset colocation keeping images alongside their posts. The post also notes CSS-only dark mode theming and improved font legibility as welcome side effects of the overhaul.

View more blogs or learn to publish your own on planet.opensuse.org.

Following Up on ARMv9 Build Infrastructure

admin@opensuse.org (Douglas DeMaio) — Mon, 13 Apr 2026 11:00:00 +0000

The arrival of NVIDIA Grace Hopper in the Open Build Service (OBS) infrastructure last June signaled more than new hardware; it launched a new era of native ARMv9 build capacity for the openSUSE Project.

The results are becoming visible and more meaningful months later.

The OBS worker monitoring dashboards shows a picture that tells the story better than any changelog. Across dozens of build workers spanning architectures from x86_64 and aarch64 to ppc64le, s390x, and the newer armv9-class machine is humming with activity.

Projects have been underway rebuilding a subset of Tumbleweed packages for ARMv9, and the worker dashboard reflects these efforts.

The dashboard reveals not only the heavy load on aarch64 and armv9 workers but also the remarkable diversity of packages building for the target. From the Linux kernel and compiler toolchains like LLVM and GNU Compiler Collection (GCC), Python packages, Qt frameworks, and more, the workers are compiling these complex workloads with good success rates.

This activity is instrumental to ARMv9, demonstrating that it is evolving beyond its proof-of-concept into an active development distribution path alongside the main Tumbleweed tree.

NVIDIA Grace uses high-performance arm-based CPU cores with the Hopper GPU architecture, linked by NVIDIA’s NVLink™-C2C (Chip-to-Chip) interface. The architecture allows both processors to access data in place, which results in significantly faster compilation and reduced latency for complex workloads. It provides better efficiency across OBS pipelines.

The architectural difference is not an abstract specification point. It translates directly into shorter queue times for contributors, faster feedback loops for package maintainers, and the ability to handle the kinds of large, parallel builds that a rolling-release distribution like Tumbleweed demands.

Integrating native ARMv9 hardware within OBS was essential to unlock maximum performance gains and successfully validate builds optimized for the architecture.

Native builds eliminate the risks of emulated cross-compilation, which often masks critical Application Binary Interface mismatches, instruction scheduling errors, and performance regressions. Deploying the Grace Hopper in production ensures ARMv9 targets are validated on actual silicon, guaranteeing real-world reliability and peak performance.

Collaboration that made this possible is a model worth repeating in its structure, a template. The efforts reflect a shared commitment to open-source and the need for cutting-edge build capabilities. This isn’t just a philosophical framing but a practical argument other hardware companies across the industry can consider.

The openSUSE Project actively welcomes hardware vendors who may want to lend or donate hardware to enable openSUSE on their systems, test openSUSE on their systems, or add more build power to the build system.

Consider what lent or donated hardware to OBS actually achieves for a company. When a vendor’s silicon appears in OBS as a native build target, thousands of open-source packages begin being compiled, tested, and validated continuously and automatically against that architecture. It’s a hardware vendors QA dream!

Every successful build validates software readiness on contributed hardware, while every failure proactively resolves compatibility issues before impacting end users. Continuous integration coverage delivers critical risk mitigation for new processor launches at a negligible infrastructure cost.

The OBS worker pool has comprehensive multi-architecture coverage as seen with Intel/AMD handling the bulk load alongside dedicated ARM, POWER, and Z Systems nodes. The diverse infrastructure, secured through partnerships and community contributions, ensures validation across a large hardware spectrum.

A machine lent, donated or co-located with the project becomes a continuous, automated test bed for software compatibility, running 24 hours a day, maintained by the community, and producing results visible to every Linux developer who watches the Tumbleweed package feed.

The NVIDIA collaboration demonstrates this in practice. OBS’ thriving build farm benefits every distribution user, every application developer, and every hardware vendor whose products run Linux.

If your company makes chips, accelerators, or servers and you want your products to run on Linux, get your hardware into the hands of the people who build the software. The openSUSE Project is ready to put it to work.

For more information, email ddemaio@opensuse.org

Planet News Roundup

admin@opensuse.org (Douglas DeMaio) — Fri, 10 Apr 2026 07:00:00 +0000

This is a roundup of articles from the openSUSE community listed on planet.opensuse.org.

The community blog feed aggregator lists the featured highlights below from April 3 to 9.

Blogs this week cover the fourth bugfix update to KDE Plasma 6.6, Slimbook’s refreshed Creative ultrabook featuring the AMD Ryzen AI 9 365 with a dedicated AI NPU, and the promotion of Slimbook Days 2026, which the sales help support donations to KDE. Blogs also highlight two new Plasmoids for Plasma 6. One is the Aero Weather weather viewer and the other is Battery Plasmoid Boero. There were also practical tips for openSUSE users on using Rufus in DD mode when writing USB install media.

Here is a summary and links for each post:

Use DD Mode When Creating an openSUSE DVD Image with Rufus

The Geeko Blog warns openSUSE users that writing a DVD image to a USB drive using Rufus in ISO mode can silently skip files, resulting in a broken installer that fails to boot mid-installation. The author discovered this when attempting a fresh install of openSUSE 16.0 on physical hardware and confirmed the issue across multiple machines. Switching Rufus to DD mode resolved the problem entirely, and readers are advised to always use DD mode when creating openSUSE USB media.

The KDE Blog presents Aero Weather; it’s a desktop weather viewer widget for KDE Plasma. The plasmoid displays current conditions and a multi-day weather forecast directly on the desktop. It also has support for automatic IP-based location detection or manual coordinates along with customizable font colors.

New Slimbook Creative, Renewing its High-End Model

The KDE Blog covers Slimbook’s 2026 refresh of its Creative ultrabook that features the AMD Ryzen AI 9 365 processor with a dedicated NPU designed for local AI workloads. The updated model also brings improvements in performance, design, personalization, and portability.

Fourth Update of Plasma 6.6

The KDE Blog announces the fourth bugfix update of KDE Plasma 6.6, released on April 7, 2026, continuing the project’s regular maintenance cadence following the feature release. The post recaps the major new features introduced in the full Plasma 6.6 release, including the new Plasma Keyboard on-screen keyboard, OCR text extraction in Spectacle, and a new Plasma Setup configuration wizard. As with all bugfix updates, the release is strongly recommended for all users.

Battery Plasmoid Boero – Visual Plasmoids for Plasma 6 (27)

The KDE Blog presents Battery Plasmoid Boero, which is a widget that provides detailed battery monitoring including charge/discharge graphs and power mode settings. The plasmoid is aimed at laptop users who want more granular control over battery status than the default widget provides. Users interested in energy-efficient computing should visit eco.kde.org.

Interface and Stability Improvements – This Week in Plasma

The KDE Blog translates and summarizes the latest “This Week in Plasma” development report, covering ongoing work on interface refinements and stability fixes headed toward Plasma 6.7. The post highlights improvements across several Plasma components aimed at making the desktop feel more polished and reliable for daily use. This is part of the blog’s ongoing series of Spanish-language translations of Nate Graham’s weekly KDE development updates.

Linux Saloon 194 | News Flight Night

CubicleNate’s Blog recaps episode 194 of the Linux Saloon podcast, which focused on a range of current tech topics including Google’s Android ecosystem changes and sideloading restrictions. Participants also discussed the Claude Code source leak, critical security vulnerabilities in Telegram, and a notable increase in Steam’s reported Linux usage share. Yay!

Japan

Jakub Steiner’s Blog shares a personal travel post about a return trip to Japan. This time focused on Tokyo and a short excursion to Kawaguchiko during cherry blossom season. The post reflects on shooting with a Fuji X-T20 camera rather than relying solely on a smartphone, and includes a link to a full photo gallery on the author’s photo website.

Slimbook Days 2026

The KDE Blog announces the arrival of Slimbook Days 2026, which is a promotional sale period for the GNU/Linux hardware brand happening between April 8 to 12. The post encourages readers to take advantage of the event, noting that Slimbook devices come fully pre-configured for GNU/Linux and come with a portion of each sale supporting the KDE community.

Screenshots and Screen Recording in Plasma 6.6

The KDE Blog examines the screenshot and screen recording improvements in KDE Plasma 6.6, with a particular focus on Spectacle’s new ability to recognize and extract text from captured images using OCR. This addition is highlighted as a significant usability and accessibility improvement and makes it easier to create alt text for visual content.

View more blogs or learn to publish your own on planet.opensuse.org.