1
submitted 5 months ago* (last edited 5 months ago) by Archaeopteryx@kbin.social to c/openSUSE@kbin.social

Welcome to the monthly update for openSUSE Tumbleweed for May 2024. This month has seen a significant number of updates, enhancements, and crucial security fixes. Whether you are a developer, a system administrator, or a casual user, these updates are designed to enhance your experience and ensure the highest level of security and performance.

Should readers desire a more frequent amount of information about snapshot updates, readers are encouraged to subscribe to the openSUSE Factory mailing list.

Let’s go!

New Features and Enhancements

  • Linux Kernel 6.9.1: The month of May had a couple updates for the Kernel, but so far remains at version 6.9.1, which addresses various issues and enhancing overall stability. The mt76 driver for wifi saw improvements with the addition of missing chanctx operations for the mt7915 wifi card, enhancing functionality. A critical fix was made to the keys subsystem to prevent overwriting key expiration during instantiation, improving security. Support for system suspend/hibernation was enhanced for the Modem Host Interface subsystem with the addition of the mhi_power_down_keep_dev() Application Programming Interfaces, which is beneficial for maintaining device states during power management operations.
  • LLVM 18.1.6: Subpackages that were updated were clang-tools, clang18, libLLVM18, libclang-cpp18, libclang13, llvm18-gold. Fixed issues with generating incorrect thunks for functions with aligned parameters or incorrect return value passing when StructRet was used. -Xclang -target-feature -Xclang +unaligned-scalar-mem for enabling unaligned scalar memory accesses on CPUs without unaligned vector access support were introduced. Build failures when compiling AVX512 code with -march=native on machines without AVX512 were addressed. Crashes in the AArch64 backend related to fcmp instruction operands being true or false at the IR level were fixed and there was a fix to compiler crashes.
  • KDE Frameworks 5.116.0: Breeze Icons received new icons for audio/ogg and audio/x-vorbis+ogg file types, as well as the audio/vnd.wave MIME type, enhancing support for audio file formats. Extra CMake Modules had notable updates including the dropping of attempts to set IMPORTED on targets with installed configurations in ecm_add_qch. KFileMetaData saw a fix with the handling of attribute namespacing and improved metadata accuracy and processing. KService addressed a warning related to the "mimeType x-scheme-handler/file not found" issue.
  • udisks2 2.10.1: This update features updated Ukrainian and German translations, improvements to testing for LVM2 RAID by wiping used devices, settling down before checking properties and rescanning vdevs after tests. Offline and online filesystem grow tests were added, and documentation for the Filesystem.Size property was clarified. A fix was implemented for Python class invocation in nvme tests, and a --no-partition-scan option was added for the loop-setup command in udisksctl. A --no-partition-scan option for the loop-setup command in udisksctl was added.
  • firewalld 2.1.2: The update to 2.1.2 includes several fixes: the policy now allows forwarding ports with the to-addr for egress-zone=HOST, the range check for large rule limits in rich rules has been corrected, and skip detection in the fw-in-container environment has been fixed during testing.
  • snapper 0.11.0: The update introduces asynchronous cleanup of stale btrfs qgroups and reverts some parts to fix the build in the Open Build Service. The cleanup service is now set to run every hour and qgroups are disabled if they do not exist to avoid failure when creating snapshots. Support for quarterly snapshots has been added, and a table-style selection is now based on codeset.
  • GTK3 3.24.42: Printing is improved by avoiding access to freed printers. Wayland fixes include correct monitor sizes, a crash related to tablet removal, inferred resizable edges for tiled windows, and ensuring commits occur soon after acknowledging a configure.
    GTK4 4.14.4: A crash issue when there is no child was resolved and efficiency improvements were made in loading symbolic SVGs and handling color-free symbolics. Accessibility updates include making the gtk-demo sidebar search more accessible and stopping the emission of focus events. GDK introduced support for XDG_ACTIVATION_TOKEN and made defensive improvements for dmabuf. These improvements include handling unknown formats more carefully and using a narrower range for YUV formats.
  • Mozilla Firefox 126.0. The browser brought had a major update and fixed 16 Common Vulnerabilities and Exposures. There was arbitrary JavaScript execution in PDF.js fixed with CVE-2024-4367. A potential permissions request bypass via clickjacking was fixed for CVE-2024-4764. There were memory safety bug fixes addressing CVE-2024-4778 and CVE-2024-4777; the latter helps with those for Firefox ESR 115.11 and Thunderbird 115.11.
    sssd 2.9.5: The update introduces a new configuration option called failover_primary_timeout. This option allows users to configure how often SSSD tries to reconnect to a primary server after successfully connecting to a backup server. Previously, this interval was hardcoded to 31 seconds, which remains the default value.
  • openldap2 2.6.7: The liblber library fixes a missing newline on long messages and libldap addresses exit handling issues with OpenSSL3, TLS usage with multiple LDAP URIs OpenSSL cipher suite handling and handling of Diffie-Hellman parameter files with OpenSSL 3.0. The slapd service now honors the disclose option in matchedDN handling, improves regex testing in ACLs, and fixes sync replication with glued databases.
  • iproute2 6.9: The update introduces several new features and improvements: The m_mirred module now allows mirroring to block and the tc command adds NLM_F_ECHO support for actions and filters. The ip command has been enhanced with coupled_control support for bonding and a new monitor command for IOAM6.
  • xwayland 24.1.0: The feature release addresses several regressions introduced in previous release candidate versions. The eglstreams support has been dropped.
  • AppStream 1.0.3: Key features include enhanced validator checks to ensure description lists aren't translated, improved translation checks for descriptions and the ability to propagate selected custom entries to catalog output via the CLI compose command. Many other features were added.

Key Package Updates

  • tpm2-0-tss 4.1.0: This updated provided a major security fix for CVE-2024-29040. Various bug fixes were implemented, including correcting the length check on FAPI auth callbacks, fixing the deviation from the CEL specification and resolving json syntax errors in FAPI profiles that were previously ignored by json-c. The update also adds support for new features and enables the usage of external keys for Fapi_Encrypt.
  • postgresql16 16.3: A fix was made for CVE-2024-4317, which could allow for an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users.
  • Python 3.x versions had a fix for CVE-2023-6597 A vulnerability was discovered in the CPython. It affected versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, 3.8.18, and earlier. This class would incorrectly follow symlinks during cleanup when there were permission errors. As a result, users with the ability to run privileged programs could potentially change the permissions of files pointed to by symlinks under certain conditions.

Bug Fixes

  • glib2 2.80.2:

    • CVE-2024-34397 - An issue in GNOME GLib allows spoofed D-Bus signals, affecting client behavior
  • qt6-base:

    • CVE-2024-33861 - QStringConverter's invalid pointer callback can modify the stack, risking vulnerabilities in applications using QStringDecoder.
  • libxml2 2.12.7

    • CVE-2024-34459 - Buffer over-read in xmllint --htmlout can cause vulnerabilities in libxml2 before 2.12.7.
  • libarchive 3.7.4:

  • krb5 added some patches to fix memory leaks related to:

  • ovmf

    • CVE-2022-36763 - EDK2 vulnerability in Tcg2MeasureGptTable() allows heap buffer overflow via local network
  • python-Jinja2 3.1.4:

    • CVE-2024-34064 - Jinja's xmlattr filter vulnerability allows non-attribute characters in keys, risking XSS attacks.
  • tpm2-0-tss 4.1.0:

Conclusion

The month of May 2024 had a steady flow of crucial security fixes, important updates, and notable enhancements across various packages for openSUSE Tumbleweed. The updates to the Linux Kernel, LLVM, KDE Frameworks and numerous other components ensure that Tumbleweed systems remain feature-rich and keep rolling. Developers and users alike benefit from the improvements, enhancements and new features.

For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

More Information about openSUSE:

Official

Fediverse

39
submitted 5 months ago by Archaeopteryx@kbin.social to c/linux@lemmy.ml

The openSUSE Project has an official space on Hugging Face, which is a popular platform offering a range of open-source Artificial Intelligence models, tools and resources.

The new namespace can be found at huggingface.co/openSUSE.

Hugging Face is known for facilitating developers and researchers in working with advanced AI applications that include natural language processing (NLP) and computer vision.

Having the openSUSE namespace provides community-driven development toward creating, sharing and improving AI models and datasets.

One dataset has already been added. The first dataset is openSUSE Cavil, which is a tool designed for license compliance, identification and legal reviews. By leveraging the rich AI models and datasets available through the Hugging Face platform, openSUSE Cavil can offer a more advanced and accurate detection of license issues and compliance.

To get involved with the openSUSE Project on Hugging Face, individuals can sign up for an account. The registration process is straightforward and requires only basic information.

Once registered, users can explore the openSUSE and view a collection of AI models and datasets created and shared by the community.

Contributors are encouraged to share their AI models and datasets. Hugging Face offers tools and tutorials to assist with uploading and managing these contributions. Community members can work together on improving existing models or developing new ones.

High-quality documentation and tutorials are vital for the success of the project. Community members can contribute by writing guides, creating video tutorials, or translating existing resources to broaden their accessibility.

Users gain access to cutting-edge AI models and a collaborative environment where they can learn and expand their skills. Contributions to the project support the advancement of AI research and development within the open-source ecosystem.

For more information and to participate, visit huggingface.co/openSUSE.

More Information about openSUSE:

Official

Fediverse

5

The openSUSE Project has an official space on Hugging Face, which is a popular platform offering a range of open-source Artificial Intelligence models, tools and resources.

The new namespace can be found at huggingface.co/openSUSE.

Hugging Face is known for facilitating developers and researchers in working with advanced AI applications that include natural language processing (NLP) and computer vision.

Having the openSUSE namespace provides community-driven development toward creating, sharing and improving AI models and datasets.

One dataset has already been added. The first dataset is openSUSE Cavil, which is a tool designed for license compliance, identification and legal reviews. By leveraging the rich AI models and datasets available through the Hugging Face platform, openSUSE Cavil can offer a more advanced and accurate detection of license issues and compliance.

To get involved with the openSUSE Project on Hugging Face, individuals can sign up for an account. The registration process is straightforward and requires only basic information.

Once registered, users can explore the openSUSE and view a collection of AI models and datasets created and shared by the community.

Contributors are encouraged to share their AI models and datasets. Hugging Face offers tools and tutorials to assist with uploading and managing these contributions. Community members can work together on improving existing models or developing new ones.

High-quality documentation and tutorials are vital for the success of the project. Community members can contribute by writing guides, creating video tutorials, or translating existing resources to broaden their accessibility.

Users gain access to cutting-edge AI models and a collaborative environment where they can learn and expand their skills. Contributions to the project support the advancement of AI research and development within the open-source ecosystem.

For more information and to participate, visit huggingface.co/openSUSE.

More Information about openSUSE:

Official

Fediverse

3

The openSUSE Project has an official space on Hugging Face, which is a popular platform offering a range of open-source Artificial Intelligence models, tools and resources.

The new namespace can be found at huggingface.co/openSUSE.

Hugging Face is known for facilitating developers and researchers in working with advanced AI applications that include natural language processing (NLP) and computer vision.

Having the openSUSE namespace provides community-driven development toward creating, sharing and improving AI models and datasets.

One dataset has already been added. The first dataset is openSUSE Cavil, which is a tool designed for license compliance, identification and legal reviews. By leveraging the rich AI models and datasets available through the Hugging Face platform, openSUSE Cavil can offer a more advanced and accurate detection of license issues and compliance.

To get involved with the openSUSE Project on Hugging Face, individuals can sign up for an account. The registration process is straightforward and requires only basic information.

Once registered, users can explore the openSUSE and view a collection of AI models and datasets created and shared by the community.

Contributors are encouraged to share their AI models and datasets. Hugging Face offers tools and tutorials to assist with uploading and managing these contributions. Community members can work together on improving existing models or developing new ones.

High-quality documentation and tutorials are vital for the success of the project. Community members can contribute by writing guides, creating video tutorials, or translating existing resources to broaden their accessibility.

Users gain access to cutting-edge AI models and a collaborative environment where they can learn and expand their skills. Contributions to the project support the advancement of AI research and development within the open-source ecosystem.

For more information and to participate, visit huggingface.co/openSUSE.

More Information about openSUSE:

Official

Fediverse

2

The openSUSE Project has an official space on Hugging Face, which is a popular platform offering a range of open-source Artificial Intelligence models, tools and resources.

The new namespace can be found at huggingface.co/openSUSE.

Hugging Face is known for facilitating developers and researchers in working with advanced AI applications that include natural language processing (NLP) and computer vision.

Having the openSUSE namespace provides community-driven development toward creating, sharing and improving AI models and datasets.

One dataset has already been added. The first dataset is openSUSE Cavil, which is a tool designed for license compliance, identification and legal reviews. By leveraging the rich AI models and datasets available through the Hugging Face platform, openSUSE Cavil can offer a more advanced and accurate detection of license issues and compliance.

To get involved with the openSUSE Project on Hugging Face, individuals can sign up for an account. The registration process is straightforward and requires only basic information.

Once registered, users can explore the openSUSE and view a collection of AI models and datasets created and shared by the community.

Contributors are encouraged to share their AI models and datasets. Hugging Face offers tools and tutorials to assist with uploading and managing these contributions. Community members can work together on improving existing models or developing new ones.

High-quality documentation and tutorials are vital for the success of the project. Community members can contribute by writing guides, creating video tutorials, or translating existing resources to broaden their accessibility.

Users gain access to cutting-edge AI models and a collaborative environment where they can learn and expand their skills. Contributions to the project support the advancement of AI research and development within the open-source ecosystem.

For more information and to participate, visit huggingface.co/openSUSE.

More Information about openSUSE:

Official

Fediverse

1

The schedule for openSUSE Conference 2024 is out and it is filled with several talks about open-source ecosystem and includes several breaks for networking opportunities.

Open-source enthusiasts, developers and contributors will meet at the Z-Bau from June 27 to June 29 to share, discuss and showcase the latest advancements in open-source technologies, projects and communities.
The conference will feature a series of talks, workshops, meetups and keynote speakers providing valuable insights into current and future directions of open-source software.

Santiago Zarate, Oliver Kurz, and Livdywan are scheduled to kick off with a session on openQA - Current State and Moving Forward. The talk will highlight the evolution of openQA as a crucial tool for ensuring the stability of openSUSE's systems and expanding its impact beyond openSUSE, Fedora and SUSE.

Marcus Meissner and Johannes Segitz will present The XZ Backdoor - Report from Our Side and provide a retrospective on a significant supply chain attack involving the xz compression library. They will discuss the attack's impact, response measures and future security considerations.

Two keynotes will take place on the first day. SUSE’s CEO Dirk-Peter van Leeuwen will speak about the importance of community and fostering collaborative open-source environments.

Luca Di Maio will provide a keynote session on Developing on Aeon with Distrobox. The presentation will introduce Distrobox and demonstrate how it can be used as a development environment within Atomic and Transactional systems like Aeon.

The second day is scheduled to begin with Alfonso Hernandez's Midori is Much More Than a Web Browser talk. Hernandez will explore the features and benefits of Midori, a lightweight, fast and secure browser, and its role in promoting user privacy and security.

Jsrain will provide a SUSE ALP: State of the Matters talk. The session will cover recent developments, upcoming releases and how the openSUSE project can build on SUSE’s ALP development.

Rick Spencer, General Manager at SUSE, will deliver another keynote. His talk Why openSUSE Matters will share his insights on the significance of openSUSE in the broader open-source ecosystem.

The final day will feature Dan Čermák's The Tragedy of Community Enterprise Linux Distributions. Čermák will discuss the challenges faced by community variants of enterprise Linux distributions and propose potential solutions.

Markus Feilner will present Exchange Your Exchange: grommunio - An Open Source Drop-In and So Much More and highlight grommunio as a comprehensive open-source replacement for Microsoft Exchange, which offers groupware, video conferencing, chat, file sync and more.

A Fedora Hatch Meetup, led by Čermák, will provide an informal space for Fedora contributors and enthusiasts to discuss their experiences and network.

Tobias Görgens’ sdbootutil: Mastering the Art of Boot Management talk will introduce a tool designed to simplify bootloader management on openSUSE to make the process more intuitive and robust.

The openSUSE Conference 2024 is expected to be a great informative event for sharing, collaborating, learning and innovating.

For more information and to register, visit events.opensuse.org.

More Information about openSUSE:

Official

Fediverse

1

While focused on the openSUSE Innovator initiative as an openSUSE member and Intel Innovator, it was frustrating for me to see that openVINO did not have support on the openSUSE Linux distribution.

In October 2023, I decided to take the personal initiative to start working on compiling and using OpenVINO from the source code for the openSUSE platform. I humbly contributed and published the first adaptations for our distribution on GitHub.

My motivation for this effort stemmed from the potential of OpenVINO to democratize the use of artificial intelligence for those who do not have the resources to invest in expensive GPUs. This library provides multicore programming and the acceleration registers of Intel processors, as well as the resources of ARM processors, allowing the use of AI on processors from the 6th generation onwards.

With the emergence of technologies such as VPU, NPU, and AMX, it is now possible to run LLMs and generative AI without the need for a dedicated GPU. Therefore, I started working on the RPM packaging for openSUSE. This work would not have been successful without the support and assistance of Ilya Lavrenov from Intel and Atri Bhattacharya on the openSUSE Build Service. They not only shared their knowledge with me but also collaborated to ensure compatibility between Intel and openSUSE's technical policies.

As a result of all this collaborative effort, openSUSE became the first Linux distribution to offer [OpenVINO in its native repository, compiled from the source code. It is a great source of pride to have contributed to this project, which will undoubtedly make a difference in future endeavors. As members of an open-source community, it is our duty to strive to democratize emerging technologies and reduce digital exclusion in society.

For more information, visit here or get it at software.opensuse.org!

Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

More Information about openSUSE:

Archaeopteryx

joined 5 months ago