Tumbleweed Monthly Update - August 2024

Welcome to the monthly update for Tumbleweed for August 2024. This month has been a productive period with significant progress and updates. The rolling-release team is making headway on longer-term projects like dbus-broker showing promising progress and the transition to GNU Compiler Collection 14 as the default compiler is in its second phase as there are ongoing efforts to address the remaining build failures. Those efforts for GCC 14 becoming the default compiler are likely to arrive in the 20240827 snapshot. Go 1.22 became the default go compiler this month and ffmpeg switched from version 6 to 7. However, a critical issue emerged with the network stack in recent builds due to a race condition. Those using Wicked, which is a network configuration tool, were advised to delay updates or rollback using snapper while ongoing efforts focused on resolving the problem. A submit request for Wicked was made on August 28 for resolving the issue and will likely address the networking issue in a snapshot before August ends. Those not dependent on Wicked are encouraged to proceed with updates as usual.

Stay tuned and tumble on!

Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the openSUSE Factory mailing list.

New Features and Enhancements

• Linux Kernel 6.10.4: This update has some key changes including a fix to the klp_symbols macro in the kernel spec file, which addresses errors in the build process for openSUSE Tumbleweed. Networking improvements resolve issues in the bnxt_en driver and multiple fixes were made to the MPTCP protocol, which multiple path connection use while maximizing throughput and increasing redundancy. Updates to the DRM subsystem include fixes for memory leaks in Mesa’s V3D driver, handling issues in the AMD GPU driver and addressing black screen issues in the AST driver after resume. The update also includes critical bug fixes for the ALSA sound system, Btrfs file system and various other components.
• GNOME 46.4: This update brings a series of enhancements and fixes across several core GNOME packages. While the gnome-bluetooth package updated to version 46.1, it addresses a bug that prevented some device icons from appearing correctly and includes updates for translations. The control center improves accessibility, resolves a memory leak in the default apps page and fixes issues related to network settings, Bolt visibility, and fingerprint enrollment. The gnome-software update corrects AppStream metadata formatting, includes translation updates and refreshes user docs and Help documentation.
• php 8.3.10: This update brings a series of critical fixes and enhancements. In the core, it resolves several issues, including memory leaks, segmentation faults and support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1. Notable bug fixes include addressing a use-after-free in property coercion with __toString() and resolving crashes in DOMDocument::xinclude(). The updated package improves compatibility with libxml2 versions 2.13.0 and 2.13.2 and fixes issues in extensions like PDO. The update fixes buffer overflows, stream wrapper truncations and memory leaks.
• KDE Plasma 6.1.4: This Konqi update brings a variety of fixes and improvements across several core components of the Plasma desktop environment. Discover addresses bugs related to license text parsing, icon caching and visibility calculations. The Crash handler Dr Konqi enhances reporting by integrating version information and improving metadata synthesis for crashes in kwin_x11. KPipeWire adds resilience to stream handling during PipeWire restarts and introduces a new encoder using libopenh264. KWin includes numerous fixes, such as improving window focus management, addressing crashes and enhancing rendering performance. Updates to the Plasma Desktop refine folder view behavior, applet layouts and visual configurations.
• Frameworks 6.5.0: This update sees Attica add support for a new version field in DownloadDescription. Bluez Qt fixes connections related to the connectedDevices list property. Breeze Icons introduces new category icons and resolves issues with symlinks for various applications. Extra CMake Modules adds MANPATH support and improves WaylandScanner handling. KAuth enhances dbus backend functionality and KIO improves file handling, enhances logging and optimizes connection management. Additionally, Kirigami refines dialog behavior and accessibility features, while KTextEditor adds new actions for space and tab conversion along with improving drag behavior with wrapped lines. These updates collectively enhanced the functionality, stability and user experience across the KDE Plasma ecosystem.
• systemd 256.5: The update restores the 32-bit version of libudev.so, which was inadvertently dropped during the merge of libudev-devel into systemd-devel. This restoration is essential for enabling plug-and-play support in Wine for 32-bit Windows applications. For a detailed list of changes, users can visit its GitHub changelog.
• KDE Gear 24.08: Just in time for the upcoming Akademy 2024, KDE Gear 24.08 arrives with a fresh wave of updates across a broad range of applications. The release introduces new features for Dolphin like easier file management with administrative privileges and a streamlined Move to New Folder option. The disk visualizer Filelight has a friendlier interface and improves Windows version, which helps you visualize disk usage right from within Dolphin. Konsole makes navigating long outputs easier with a new bookmarking feature and video editor Kdenlive advances keyframe curve editing and refined effects handling. Travel apps like Itinerary and conference tracker Kongress are updated to assist you during Akademy, offering detailed travel plans and venue maps.

Key Package Updates

• NetworkManager 1.48.8: The latest update resolves an issue with Open vSwitch (OVS) where stage3 activation could be triggered without an initialized DHCP client and improves configuration parsing by correctly handling the autoconnect-ports value to provide better control over automatic connections. Enhancements to IPv6 networking were made by preserving router preferences in neighbor discovery (NDISC).
• pavucontrol 6.1: The major version of PulseAudio Volume Control package addresses issues such as translations not being correctly applied, a bug where unplugged audio cards would not disappear from the interface and a misalignment in Bluetooth codec selection. The application name in the desktop file has also been corrected to Volume Control. Version 6 introduces significant changes that including a migration from Gtk 3 to Gtk 4, embedded UI resources and improved support for 144 Hz monitors.
• binutils 2.43: A new .base64 pseudo-op allows encoding data as base64 strings and Intel APX support is expanded with new instructions like CFCMOV and CCMP. The x86 Intel syntax now provides more warnings for mnemonic suffixes, and macros in assembly code can use \+ to track execution counts. Significant updates include support for armv9.5-a in AArch64 and new extensions in RISC-V, along with improved data handling in s390 and MIPS. The arm architecture drops support for outdated co-processors, while LoongArch gains finer control over assembly options. Enhancements in tools like readelf and objdump offer more detailed outputs, particularly for .eh_frame sections. The linker now includes options for segment handling and ISA level reporting. These updates enhance binutils’ functionality and adaptability across a wide range of platforms.
• curl 8.9.1: This update addresses a critical regression fixing proper handling of sigpipe signals by initializing the struct correctly. Bug fixes include better detection of libssh and nettle in CMake providing better connection shutdown handling for event-based processing and more robust socket code for the --ip-tos option. Updates also improve compatibility and stability across different platforms, including fixes for 32-bit systems, OS400 builds and defensive coding for NULL inputs.
• bash 5.2.32: Key fixes include correcting an inverted configure test for strtoimax(3) and resolving a problem where a DEBUG trap in an asynchronous process could mistakenly take control of the terminal, causing the calling shell to exit. The update corrects an issue where functions containing coprocesses were displayed with an erroneous COPROC command, making them unreadable as input.

Bug Fixes

• orc 0.4.39:
  • CVE-2024-40897 was solved with versions before 0.4.39, which had a buffer overflow vulnerability in orcparse.c.
• curl 8.9.1:
  • CVE-2024-7264 was a parser flaw that may cause crashes or leak heap contents.
• Flatpak 1.15.10:
  • CVE-2024-424721 was a flaw that allows unauthorized file access via symlink in persistent directories.
• tiff:
  • CVE-2024-7006 was a null pointer flaw that may cause crashes, which could lead to denial of service.
• unbound 1.21.0:
  • CVE-2024-43167 was a null pointer flaw that may cause crashes, leading to a denial of service as well.
• Mozilla Firefox 129.0: This release fixes 14 CVEs, which addresses multiple vulnerabilities, including fullscreen notification dialog obscuration with CVE-2024-7518, CVE-2024-7523, and CVE-2024-7529. There was an out-of-bounds memory access CVE-2024-7519 and CVE-2024-7522. There was type confusion and incomplete exception handling in WebAssembly with CVE-2024-7520 and CVE-2024-7521 along with some other CVEs affecting security and memory handling.
• python311:
  • CVE-2024-6923 was a medium severity vulnerability in CPython’s email module that allows header injection due to improper quoting of newlines during email serialization.

Conclusion

August 2024 saw significant improvements for Tumbleweed users. Security fixes were made across multiple packages to ensure Tumbleweed remains stable and secure. Significant improvements were made in tools like pavucontrol, binutils and curl, with enhanced compatibility, performance and security. Noteworthy changes in packages such as php, systemd, and NetworkManager are crucial fixes. These updates collectively contribute to a more refined and stable rolling release environment.

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

_{^{(Image made with DALL-E)}}