The first packages of the new COSMIC desktop has landed in openSUSE. List of packages: * [https://download.opensuse.org/tumbleweed/repo/oss/x86\_64/?P=\*cosmic](https://download.opensuse.org/tumbleweed/repo/oss/x86_64/?P=*cosmic)\* Development branch of COSMIC (stable) * [https://build.opensuse.org/project/show/X11:COSMIC:Factory](https://build.opensuse.org/project/show/X11:COSMIC:Factory) ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world)
Issue [#99](https://kbin.run/tag/99) of Commodore Free Magazine for July 2024 has been released. Commodore Free Magazine is a free-to-download magazine dedicated to Commodore computers. Available as PDF, ePUB, D64 disk image and other formats.
Archaeopteryx
3mo ago
•
100%
What was the issue with NetworkManager? Right now, everything is working fine on my machine.
news.opensuse.org
Welcome to the monthly update for openSUSE Tumbleweed for July 2024. Last month was busy with events like the [Community Summit in Berlin](https://events.opensuse.org/conferences/CSBerlin) and the [openSUSE Conference](https://events.opensuse.org/conferences/oSC24). Both events were productive and well-received. Despite the busy schedule and follow on discussion from the conference about the [Rebranding of the Project](https://lists.opensuse.org/archives/list/project@lists.opensuse.org/thread/E3EQOFD5NVWTM4MHLNA5MT5BGWQLUZ5U/), a number of snapshots continued to roll out to users this month. Stay tuned and tumble on! Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the [openSUSE Factory mailing list](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/). ### New Features and Enhancements ### * [Linux Kernel](https://www.kernel.org/) 6.9.9: This kernel introduces several important fixes and enhancements across various subsystems. Key updates include the introduction of `devm_mutex_init()` for mutex initialization in multiple components, addressing issues in the [Hisilicon](https://www.hisilicon.com) debugfs uninit process, and resolving shared IRQ handling in DRM Lima drivers. Fixes in the PowerPC architecture avoid `nmi_enter/nmi_exit` in real mode interrupts, while networking improvements prevent unnecessary `BUG()` calls in `net/dql`. Enhancements in WiFi drivers such as RTW89 include improved handling for 6 GHz channels. Updates in DRM/AMD drivers address multiple issues, from uninitialized variable warnings to ensuring proper timestamp initialization and memory management. The [RISC-V](https://riscv.org/) architecture receives a fix for initial sample period values, and several BPF selftests see adjustments for better error detection. These updates collectively enhance system stability, performance, and security. * [KDE Plasma 6.1.3](https://kde.org/announcements/plasma/6/6.1.3/): [Discover](https://invent.kde.org/plasma/discover) now auto-handles [Flatpak](https://flatpak.org/) rebases from runtimes and properly uninstalls EOL refs without replacements. In [Kglobalacceld](https://github.com/KDE/kglobalacceld), invalid keycodes are explicitly processed. Kpipewire introduces proper cleanup on deactivate and fixes thread handling for PipeWireSourceStream. [KScreen](https://github.com/KDE/kscreen) now uses ContextualHelpButton from [Kirigami](https://kde.org/products/kirigami/), and Kscreenlocker adds a property to track past prompts. [KWin](https://userbase.kde.org/KWin) sees numerous improvements: relaxed nightlight constraints, simplified [Wayland](https://wayland.freedesktop.org/) popup handling, better input method windows, and enhanced screencast plugins. Plasma Mobile enhancements improve home screen interactions, translation issues, and swipe detection. Plasma Networkmanager and Plasma Workspace benefit from shared QQmlEngine and various bug fixes, including avatar image decoding and pointer warping on Wayland. * [Frameworks 6.4.0](https://kde.org/announcements/frameworks/6/6.4.0/): [Attica](https://api.kde.org/frameworks/attica/html/index.html) updates its gitignore to include VS Code directories. [Baloo](https://community.kde.org/Baloo) reverts a QCoreApplication change and ports QML modules. Breeze Icons introduces a ColorScheme-Accent and fixes data-warning icons. KArchive now rejects tar files with negative sizes and fixes crashes with malformed files. KAuth and KBookmarks add VS Code directories to gitignore. KCalendarCore adds missing QtCore dependencies and QML bindings for calendar models. KIO improves systemd process handling and deprecates unused features. [Kirigami](https://kde.org/products/kirigami/) enhances navigation and dialog components. KTextEditor adds a tool for testing JavaScript scripts and ensures even indent sizes, fixing multiple bugs. * [KDE Gear 24.05.2](https://kde.org/announcements/gear/24.05.2/): [Akonadi-calendar](https://api.kde.org/kdepim/akonadi-calendar/html/index.html) adds missing change notifications. [Dolphin](https://apps.kde.org/dolphin/) updates Meta-Object Compiler generation. [Filelight](https://apps.kde.org/filelight/) enables appx building and ensures hicolor icon presence while [Itinerary](https://apps.kde.org/itinerary/) fixes calendar permissions, corrupted notes, and the package introduces new extractors. [Kdenlive](https://kdenlive.org/en/) addresses timeline, aspect ratio, and compilation issues. [Okular](https://okular.kde.org/) fixes a crash with certain PDF actions. * [Supermin](https://github.com/libguestfs/supermin) 5.3.4: This update introduces several key enhancements, including support for OCaml 5 and kylinsecos. It improves package management by detecting [dnf5](https://github.com/rpm-software-management/dnf5) and omitting missing options. The update also refines OCaml compilation by using `-output-complete-exe` instead of `-custom` that fixes kernel filtering for the aarch64 architecture, and enables kernel uncompression on RISC-V. The update removes previously applied patches now included in the new tarball, helping to streamline the codebase and improve maintainability. * [Checkpolicy 3.7](https://github.com/SELinuxProject/selinux/releases/tag/3.7): The latest update brings support for Classless Inter-Domain Routing notation in nodecon statements, enhancing SELinux policy definition capabilities. Error messages are now more descriptive, and error handling has been improved. Key bug fixes include handling unprintable tokens, avoiding garbage value assignments, freeing temporary bounds types and performing contiguous checks in host byte order. ### Key Package Updates ### * [NetworkManager](https://networkmanager.dev/) 1.48.4: This update introduces support for matching Open vSwitch (OVS) system interfaces by MAC address, enhancing network interface management. Additionally, NetworkManager now considers the contents of `/etc/hosts` when determining the system hostname from reverse DNS lookups of configured interface addresses, improving hostname resolution accuracy. Subpackages updated include NetworkManager-bluetooth, NetworkManager-lang, NetworkManager-tui, NetworkManager-wwan, libnm0, and typelib-1\_0-NM-1\_0. These enhancements contribute to more robust and precise network configuration handling in Linux environments. * [libguestfs](https://libguestfs.org/) 1.53.5: This update includes significant enhancements and fixes. The `--chown` parameter is now correctly split on the ':' character, and a new checksum command is supported. Detection for Circle Linux and support for the LoongArch architecture have been added, including file architecture translation fixes. The update allows nbd+unix:// URIs and reimplements GPT partition functions using `sfdisk`. DHCP configuration improvements and a new `virt-customize --inject-blnsvr` operation enhance usability. Deprecated features include the removal of gluster, sheepdog, and tftp drive support. New APIs such as `findfs_partuuid` and `findfs_partlabel` improve functionality, while inspection tools now resolve PARTUUID and PARTLABEL in `/etc/fstab`. These updates enhance compatibility, performance, and functionality across various environments. * [glib2](https://wiki.gnome.org/Projects/GLib) 2.80.4: The latest update backports key patches: mapping `EADDRNOTAVAIL` to `G_IO_ERROR_CONNECTION_REFUSED`, handling files larger than 4GB in `g_file_load_contents()`, and correcting GIR install locations and build race conditions. Additionally, improvements in `gthreadedresolver` ensure returned records are properly reference-counted in `lookup_records()`. * [ruby3.3](https://www.ruby-lang.org/en/) 3.3.4: This release addresses a regression where dependencies were missing in the gemspec for some bundled gems such as net-pop, net-ftp, net-imap, and prime. Other fixes include preventing `Warning.warn` calls for disabled warnings, correcting memory allocation sizes in `String.new(:capacity)` and resolving string corruption issues. * [libgcrypt](https://gnupg.org/software/libgcrypt/index.html) 1.11.0: The latest update introduces several new interfaces and performance enhancements. New features include an API for Key Encapsulation Mechanism (KEM), support for algorithms like [Streamlined NTRU Prime](https://ntruprime.cr.yp.to/) sntrup761, Kyber, and Classic McEliece, and various Key Derivation Functions (KDFs) including HKDF and X963KDF. Performance improvements feature optimized implementations for SM3, SM4, and other cryptographic operations on ARMv8/AArch64, PowerPC, and AVX2/AVX512 architectures. Other changes include various enhancements for constant time operations and deprecates the `GCRYCTL_ENABLE_M_GUARD` control code. ### Bug Fixes ### * [orc](https://gstreamer.freedesktop.org/modules/orc.html) 0.4.39: * [CVE-2024-40897](https://www.suse.com/security/cve/CVE-2024-40897.html) was solved with versions before 0.4.39, which had a buffer overflow vulnerability in `orcparse.c`. * [java-21-openjdk](https://openjdk.org/projects/jdk/21/) 21.0.4.0: * [CVE-2024-21131](https://www.suse.com/security/cve/CVE-2024-21131.html) was a difficult-to-exploit vulnerability allowing unauthorized data modifications. * [CVE-2024-21138](https://www.suse.com/security/cve/CVE-2024-21138.html) was a vulnerability causing partial denial of service. * [CVE-2024-21140](https://www.suse.com/security/cve/CVE-2024-21140.html) was a vulnerability allowing unauthorized data access and modification; * [CVE-2024-21145](https://www.suse.com/security/cve/CVE-2024-21145.html) was similar. * [CVE-2024-21147](https://www.suse.com/security/cve/CVE-2024-21147.html) was the same, but for more critical data. * [ovmf](https://github.com/tianocore/tianocore.github.io/wiki/OVMF) 202402 had three months of CVE patches in its quarterly update. * [Mozilla Firefox](https://www.mozilla.org) 128.0: This release fixes 16 CVEs. The most severe was [CVE-2024-6604](https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6604); this was a memory safety bug in Firefox 128, Firefox ESR 115.13, Thunderbird 128 and Thunderbird 115.13. These bugs showed evidence of memory corruption that potentially allowed arbitrary code execution. * [ghostscript](https://www.ghostscript.com/index.html) 10.03.1) * [CVE-2024-33869](https://www.suse.com/security/cve/CVE-2024-33869.html) allowed bypassing restrictions via crafted PostScript documents. * [CVE-2023-52722](https://www.suse.com/security/cve/CVE-2023-52722.html) * [CVE-2024-33870](https://www.suse.com/security/cve/CVE-2024-33870.html) allows access to arbitrary files via crafted PostScript documents. * [CVE-2024-33871](https://www.suse.com/security/cve/CVE-2024-33871.html) allowed arbitrary code execution via crafted PostScript documents using custom Driver libraries in `contrib/opvp/gdevopvp.c`. * [CVE-2024-29510](https://www.suse.com/security/cve/CVE-2024-29510.html) allowed memory corruption and SAFER sandbox bypass via format string injection in a uniprint device. * [xwayland](https://wayland.freedesktop.org/) 24.1.1 3: * [CVE-2024-31080](https://www.suse.com/security/cve/CVE-2024-31080.html) had a vulnerability that could allow attackers to trigger the X server to read and transmit heap memory values, leading to a crash. * [CVE-2024-31081](https://www.suse.com/security/cve/CVE-2024-31081.html) could cause memory leakage and segmentation faults, leading to a crash. * [CVE-2024-31083](https://www.suse.com/security/cve/CVE-2024-31083.html) allowed arbitrary code execution by authenticated attackers through specially crafted requests. * [libreoffice](https://www.libreoffice.org/) 24.2.5.2: * [CVE-2024-5261](https://www.suse.com/security/cve/CVE-2024-5261.html) allows fetching remote resources without proper security checks. * [GTK3](https://www.gtk.org/) 3.24.43: * [CVE-2024-6655](https://www.suse.com/security/cve/CVE-2024-6655.html) allowed a library injection into a GTK application from the current working directory under certain conditions. * [netpbm](https://netpbm.sourceforge.net/) 11.7.0: * [CVE-2024-38526](https://www.suse.com/security/cve/CVE-2024-38526.html): doc, which provides API documentation for Python projects, had a vulnerability where pdoc --math linked to malicious JavaScript files from polyfill.io. ### Conclusion ### The month of July 2024 was marked by significant updates, security fixes and enhancements. The Linux Kernel 6.9.9 update introduced several key fixes and improvements across various subsystems, enhancing overall stability and performance. KDE Plasma 6.1.3 brought numerous UI improvements and better handling of Flatpak rebases. The updates to Frameworks 6.4.0 and KDE Gear 24.05.2 provided additional enhancements and bug fixes, improving user experience and system reliability. Critical security vulnerabilities were addressed in various packages, including Firefox, ghostscript, and xwayland, ensuring Tumbleweed remains secure, efficient, and feature-rich for all users. Additionally, the Aeon team announced the release of [Aeon Desktop to Release Candidate 3 status](https://www.reddit.com/r/AeonDesktop/comments/1edi3tr/aeon_rc3_released/) that came from the release of a [Tumbleweed snapshot](https://news.opensuse.org/2024/07/28/rc-image-released/) last week. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the [openSUSE Factory mailing list ](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/). The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions. ### Contributing to openSUSE Tumbleweed ### Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued. ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world) (Image made with DALL-E)
news.opensuse.org
Welcome to the monthly update for openSUSE Tumbleweed for July 2024. Last month was busy with events like the [Community Summit in Berlin](https://events.opensuse.org/conferences/CSBerlin) and the [openSUSE Conference](https://events.opensuse.org/conferences/oSC24). Both events were productive and well-received. Despite the busy schedule and follow on discussion from the conference about the [Rebranding of the Project](https://lists.opensuse.org/archives/list/project@lists.opensuse.org/thread/E3EQOFD5NVWTM4MHLNA5MT5BGWQLUZ5U/), a number of snapshots continued to roll out to users this month. Stay tuned and tumble on! Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the [openSUSE Factory mailing list](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/). ### New Features and Enhancements ### * [Linux Kernel](https://www.kernel.org/) 6.9.9: This kernel introduces several important fixes and enhancements across various subsystems. Key updates include the introduction of `devm_mutex_init()` for mutex initialization in multiple components, addressing issues in the [Hisilicon](https://www.hisilicon.com) debugfs uninit process, and resolving shared IRQ handling in DRM Lima drivers. Fixes in the PowerPC architecture avoid `nmi_enter/nmi_exit` in real mode interrupts, while networking improvements prevent unnecessary `BUG()` calls in `net/dql`. Enhancements in WiFi drivers such as RTW89 include improved handling for 6 GHz channels. Updates in DRM/AMD drivers address multiple issues, from uninitialized variable warnings to ensuring proper timestamp initialization and memory management. The [RISC-V](https://riscv.org/) architecture receives a fix for initial sample period values, and several BPF selftests see adjustments for better error detection. These updates collectively enhance system stability, performance, and security. * [KDE Plasma 6.1.3](https://kde.org/announcements/plasma/6/6.1.3/): [Discover](https://invent.kde.org/plasma/discover) now auto-handles [Flatpak](https://flatpak.org/) rebases from runtimes and properly uninstalls EOL refs without replacements. In [Kglobalacceld](https://github.com/KDE/kglobalacceld), invalid keycodes are explicitly processed. Kpipewire introduces proper cleanup on deactivate and fixes thread handling for PipeWireSourceStream. [KScreen](https://github.com/KDE/kscreen) now uses ContextualHelpButton from [Kirigami](https://kde.org/products/kirigami/), and Kscreenlocker adds a property to track past prompts. [KWin](https://userbase.kde.org/KWin) sees numerous improvements: relaxed nightlight constraints, simplified [Wayland](https://wayland.freedesktop.org/) popup handling, better input method windows, and enhanced screencast plugins. Plasma Mobile enhancements improve home screen interactions, translation issues, and swipe detection. Plasma Networkmanager and Plasma Workspace benefit from shared QQmlEngine and various bug fixes, including avatar image decoding and pointer warping on Wayland. * [Frameworks 6.4.0](https://kde.org/announcements/frameworks/6/6.4.0/): [Attica](https://api.kde.org/frameworks/attica/html/index.html) updates its gitignore to include VS Code directories. [Baloo](https://community.kde.org/Baloo) reverts a QCoreApplication change and ports QML modules. Breeze Icons introduces a ColorScheme-Accent and fixes data-warning icons. KArchive now rejects tar files with negative sizes and fixes crashes with malformed files. KAuth and KBookmarks add VS Code directories to gitignore. KCalendarCore adds missing QtCore dependencies and QML bindings for calendar models. KIO improves systemd process handling and deprecates unused features. [Kirigami](https://kde.org/products/kirigami/) enhances navigation and dialog components. KTextEditor adds a tool for testing JavaScript scripts and ensures even indent sizes, fixing multiple bugs. * [KDE Gear 24.05.2](https://kde.org/announcements/gear/24.05.2/): [Akonadi-calendar](https://api.kde.org/kdepim/akonadi-calendar/html/index.html) adds missing change notifications. [Dolphin](https://apps.kde.org/dolphin/) updates Meta-Object Compiler generation. [Filelight](https://apps.kde.org/filelight/) enables appx building and ensures hicolor icon presence while [Itinerary](https://apps.kde.org/itinerary/) fixes calendar permissions, corrupted notes, and the package introduces new extractors. [Kdenlive](https://kdenlive.org/en/) addresses timeline, aspect ratio, and compilation issues. [Okular](https://okular.kde.org/) fixes a crash with certain PDF actions. * [Supermin](https://github.com/libguestfs/supermin) 5.3.4: This update introduces several key enhancements, including support for OCaml 5 and kylinsecos. It improves package management by detecting [dnf5](https://github.com/rpm-software-management/dnf5) and omitting missing options. The update also refines OCaml compilation by using `-output-complete-exe` instead of `-custom` that fixes kernel filtering for the aarch64 architecture, and enables kernel uncompression on RISC-V. The update removes previously applied patches now included in the new tarball, helping to streamline the codebase and improve maintainability. * [Checkpolicy 3.7](https://github.com/SELinuxProject/selinux/releases/tag/3.7): The latest update brings support for Classless Inter-Domain Routing notation in nodecon statements, enhancing SELinux policy definition capabilities. Error messages are now more descriptive, and error handling has been improved. Key bug fixes include handling unprintable tokens, avoiding garbage value assignments, freeing temporary bounds types and performing contiguous checks in host byte order. ### Key Package Updates ### * [NetworkManager](https://networkmanager.dev/) 1.48.4: This update introduces support for matching Open vSwitch (OVS) system interfaces by MAC address, enhancing network interface management. Additionally, NetworkManager now considers the contents of `/etc/hosts` when determining the system hostname from reverse DNS lookups of configured interface addresses, improving hostname resolution accuracy. Subpackages updated include NetworkManager-bluetooth, NetworkManager-lang, NetworkManager-tui, NetworkManager-wwan, libnm0, and typelib-1\_0-NM-1\_0. These enhancements contribute to more robust and precise network configuration handling in Linux environments. * [libguestfs](https://libguestfs.org/) 1.53.5: This update includes significant enhancements and fixes. The `--chown` parameter is now correctly split on the ':' character, and a new checksum command is supported. Detection for Circle Linux and support for the LoongArch architecture have been added, including file architecture translation fixes. The update allows nbd+unix:// URIs and reimplements GPT partition functions using `sfdisk`. DHCP configuration improvements and a new `virt-customize --inject-blnsvr` operation enhance usability. Deprecated features include the removal of gluster, sheepdog, and tftp drive support. New APIs such as `findfs_partuuid` and `findfs_partlabel` improve functionality, while inspection tools now resolve PARTUUID and PARTLABEL in `/etc/fstab`. These updates enhance compatibility, performance, and functionality across various environments. * [glib2](https://wiki.gnome.org/Projects/GLib) 2.80.4: The latest update backports key patches: mapping `EADDRNOTAVAIL` to `G_IO_ERROR_CONNECTION_REFUSED`, handling files larger than 4GB in `g_file_load_contents()`, and correcting GIR install locations and build race conditions. Additionally, improvements in `gthreadedresolver` ensure returned records are properly reference-counted in `lookup_records()`. * [ruby3.3](https://www.ruby-lang.org/en/) 3.3.4: This release addresses a regression where dependencies were missing in the gemspec for some bundled gems such as net-pop, net-ftp, net-imap, and prime. Other fixes include preventing `Warning.warn` calls for disabled warnings, correcting memory allocation sizes in `String.new(:capacity)` and resolving string corruption issues. * [libgcrypt](https://gnupg.org/software/libgcrypt/index.html) 1.11.0: The latest update introduces several new interfaces and performance enhancements. New features include an API for Key Encapsulation Mechanism (KEM), support for algorithms like [Streamlined NTRU Prime](https://ntruprime.cr.yp.to/) sntrup761, Kyber, and Classic McEliece, and various Key Derivation Functions (KDFs) including HKDF and X963KDF. Performance improvements feature optimized implementations for SM3, SM4, and other cryptographic operations on ARMv8/AArch64, PowerPC, and AVX2/AVX512 architectures. Other changes include various enhancements for constant time operations and deprecates the `GCRYCTL_ENABLE_M_GUARD` control code. ### Bug Fixes ### * [orc](https://gstreamer.freedesktop.org/modules/orc.html) 0.4.39: * [CVE-2024-40897](https://www.suse.com/security/cve/CVE-2024-40897.html) was solved with versions before 0.4.39, which had a buffer overflow vulnerability in `orcparse.c`. * [java-21-openjdk](https://openjdk.org/projects/jdk/21/) 21.0.4.0: * [CVE-2024-21131](https://www.suse.com/security/cve/CVE-2024-21131.html) was a difficult-to-exploit vulnerability allowing unauthorized data modifications. * [CVE-2024-21138](https://www.suse.com/security/cve/CVE-2024-21138.html) was a vulnerability causing partial denial of service. * [CVE-2024-21140](https://www.suse.com/security/cve/CVE-2024-21140.html) was a vulnerability allowing unauthorized data access and modification; * [CVE-2024-21145](https://www.suse.com/security/cve/CVE-2024-21145.html) was similar. * [CVE-2024-21147](https://www.suse.com/security/cve/CVE-2024-21147.html) was the same, but for more critical data. * [ovmf](https://github.com/tianocore/tianocore.github.io/wiki/OVMF) 202402 had three months of CVE patches in its quarterly update. * [Mozilla Firefox](https://www.mozilla.org) 128.0: This release fixes 16 CVEs. The most severe was [CVE-2024-6604](https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/#CVE-2024-6604); this was a memory safety bug in Firefox 128, Firefox ESR 115.13, Thunderbird 128 and Thunderbird 115.13. These bugs showed evidence of memory corruption that potentially allowed arbitrary code execution. * [ghostscript](https://www.ghostscript.com/index.html) 10.03.1) * [CVE-2024-33869](https://www.suse.com/security/cve/CVE-2024-33869.html) allowed bypassing restrictions via crafted PostScript documents. * [CVE-2023-52722](https://www.suse.com/security/cve/CVE-2023-52722.html) * [CVE-2024-33870](https://www.suse.com/security/cve/CVE-2024-33870.html) allows access to arbitrary files via crafted PostScript documents. * [CVE-2024-33871](https://www.suse.com/security/cve/CVE-2024-33871.html) allowed arbitrary code execution via crafted PostScript documents using custom Driver libraries in `contrib/opvp/gdevopvp.c`. * [CVE-2024-29510](https://www.suse.com/security/cve/CVE-2024-29510.html) allowed memory corruption and SAFER sandbox bypass via format string injection in a uniprint device. * [xwayland](https://wayland.freedesktop.org/) 24.1.1 3: * [CVE-2024-31080](https://www.suse.com/security/cve/CVE-2024-31080.html) had a vulnerability that could allow attackers to trigger the X server to read and transmit heap memory values, leading to a crash. * [CVE-2024-31081](https://www.suse.com/security/cve/CVE-2024-31081.html) could cause memory leakage and segmentation faults, leading to a crash. * [CVE-2024-31083](https://www.suse.com/security/cve/CVE-2024-31083.html) allowed arbitrary code execution by authenticated attackers through specially crafted requests. * [libreoffice](https://www.libreoffice.org/) 24.2.5.2: * [CVE-2024-5261](https://www.suse.com/security/cve/CVE-2024-5261.html) allows fetching remote resources without proper security checks. * [GTK3](https://www.gtk.org/) 3.24.43: * [CVE-2024-6655](https://www.suse.com/security/cve/CVE-2024-6655.html) allowed a library injection into a GTK application from the current working directory under certain conditions. * [netpbm](https://netpbm.sourceforge.net/) 11.7.0: * [CVE-2024-38526](https://www.suse.com/security/cve/CVE-2024-38526.html): doc, which provides API documentation for Python projects, had a vulnerability where pdoc --math linked to malicious JavaScript files from polyfill.io. ### Conclusion ### The month of July 2024 was marked by significant updates, security fixes and enhancements. The Linux Kernel 6.9.9 update introduced several key fixes and improvements across various subsystems, enhancing overall stability and performance. KDE Plasma 6.1.3 brought numerous UI improvements and better handling of Flatpak rebases. The updates to Frameworks 6.4.0 and KDE Gear 24.05.2 provided additional enhancements and bug fixes, improving user experience and system reliability. Critical security vulnerabilities were addressed in various packages, including Firefox, ghostscript, and xwayland, ensuring Tumbleweed remains secure, efficient, and feature-rich for all users. Additionally, the Aeon team announced the release of [Aeon Desktop to Release Candidate 3 status](https://www.reddit.com/r/AeonDesktop/comments/1edi3tr/aeon_rc3_released/) that came from the release of a [Tumbleweed snapshot](https://news.opensuse.org/2024/07/28/rc-image-released/) last week. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the [openSUSE Factory mailing list ](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/). The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions. ### Contributing to openSUSE Tumbleweed ### Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued. ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world) (Image made with DALL-E)
Archaeopteryx
3mo ago
•
100%
Yeah. That case is amazing.
Join me on this retro journey where we explore the Schmolz Unternehmensberatung Compucase 64d conversion kit for the Commodore 64. We look inside, socket the...
Data East's Lemmings Arcade was never made....until now! We scratch build our imagining o...
news.opensuse.org
An experimental "Pre-RC3" image for the [Aeon Desktop](https://aeondesktop.org) has been published and testers are encouraged to try out the final prototype before it becomes the official Release Candidate 3 (RC3). The new image can be downloaded from the [openSUSE development repository](https://download.opensuse.org/repositories/devel:/microos:/aeon:/images/devel_aeon/Aeon-Installer.x86_64.raw.xz). This prototype, which has been submitted to [openSUSE Factory](https://en.opensuse.org/Portal:Factory), introduces some significant changes and improvements. Notably, the `dd` backend in the tik installer has been replaced with a new `systemd-repart` backend. This change allows for the installation of Aeon with [Full Disk Encryption](https://en.opensuse.org/index.php?title=Portal:Aeon/Encryption) that enhances the security features of the operating system. Existing users of Aeon RC2 and earlier versions will need to perform a reinstall to take advantage of the new features destined for RC3. Due to the fundamental changes in partition layout necessary for the new encryption features, an in-place upgrade from RC2 is not feasible without risking data integrity, according to a post on the new [Aeon Desktop subreddit](https://www.reddit.com/r/AeonDesktop/). Users can utilize Aeon's [reinstall feature](https://en.opensuse.org/Portal:Aeon/InstallGuide#Backup_Existing_Users), which facilitates the backup and restoration of user data as long as a sufficiently large USB stick is used. Users installing the prototype image may encounter some packages from the OBS devel project. These can be removed by running `transactional-update --interactive dup` and selecting solutions that replace devel:microos packages with official ones. Testers are encouraged to provide feedback and report any issues encountered during the testing phase on the [Aeon Desktop bug report page](https://bugzilla.opensuse.org/enter_bug.cgi?product=openSUSE+Aeon&format=guided). Next Steps ---------- If the prototype is accepted into Factory and becomes RC3, the development of Aeon will be in its final stages before an official release. RC3 will serve as the basis for writing openQA tests for Aeon, which are crucial for ensuring the desktop's stability and functionality. There is a possibility of an RC4, which aims to streamline the installer process by embedding the full Aeon install within the installer image, potentially reducing the download size by 50 percent. If this approach is not feasible in the short term, it may be revisited post-release. [Full Disk Encryption](https://en.opensuse.org/index.php?title=Portal:Aeon/Encryption) is set up in one of two modes: Default or Fallback. Get more info about that in the [Aeon Desktop Introduces Comprehensive Full Disk Encryption](https://news.opensuse.org/2024/07/12/aeon-desktop-intros-fde/) article. ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world)
news.opensuse.org
An experimental "Pre-RC3" image for the [Aeon Desktop](https://aeondesktop.org) has been published and testers are encouraged to try out the final prototype before it becomes the official Release Candidate 3 (RC3). The new image can be downloaded from the [openSUSE development repository](https://download.opensuse.org/repositories/devel:/microos:/aeon:/images/devel_aeon/Aeon-Installer.x86_64.raw.xz). This prototype, which has been submitted to [openSUSE Factory](https://en.opensuse.org/Portal:Factory), introduces some significant changes and improvements. Notably, the `dd` backend in the tik installer has been replaced with a new `systemd-repart` backend. This change allows for the installation of Aeon with [Full Disk Encryption](https://en.opensuse.org/index.php?title=Portal:Aeon/Encryption) that enhances the security features of the operating system. Existing users of Aeon RC2 and earlier versions will need to perform a reinstall to take advantage of the new features destined for RC3. Due to the fundamental changes in partition layout necessary for the new encryption features, an in-place upgrade from RC2 is not feasible without risking data integrity, according to a post on the new [Aeon Desktop subreddit](https://www.reddit.com/r/AeonDesktop/). Users can utilize Aeon's [reinstall feature](https://en.opensuse.org/Portal:Aeon/InstallGuide#Backup_Existing_Users), which facilitates the backup and restoration of user data as long as a sufficiently large USB stick is used. Users installing the prototype image may encounter some packages from the OBS devel project. These can be removed by running `transactional-update --interactive dup` and selecting solutions that replace devel:microos packages with official ones. Testers are encouraged to provide feedback and report any issues encountered during the testing phase on the [Aeon Desktop bug report page](https://bugzilla.opensuse.org/enter_bug.cgi?product=openSUSE+Aeon&format=guided). Next Steps ---------- If the prototype is accepted into Factory and becomes RC3, the development of Aeon will be in its final stages before an official release. RC3 will serve as the basis for writing openQA tests for Aeon, which are crucial for ensuring the desktop's stability and functionality. There is a possibility of an RC4, which aims to streamline the installer process by embedding the full Aeon install within the installer image, potentially reducing the download size by 50 percent. If this approach is not feasible in the short term, it may be revisited post-release. [Full Disk Encryption](https://en.opensuse.org/index.php?title=Portal:Aeon/Encryption) is set up in one of two modes: Default or Fallback. Get more info about that in the [Aeon Desktop Introduces Comprehensive Full Disk Encryption](https://news.opensuse.org/2024/07/12/aeon-desktop-intros-fde/) article. ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world)
www.timeextension.com
"We worked very closely with Capcom, and our relationship definitely grew in the process"
news.opensuse.org
[Full Disk Encryption](https://en.wikipedia.org/wiki/Disk_encryption) is planned to be introduced in the forthcoming release candidate of the [Aeon Desktop](https://aeondesktop.org) to enhance data security for its users. The feature is expected to be included in the upcoming Release Candidate 3 (RC3). [Full Disk Encryption](https://en.opensuse.org/index.php?title=Portal:Aeon/Encryption) is designed to protect data in cases of device loss, theft or unauthorized booting into an alternative operating system. Depending on the hardware configuration of a system, Aeon's encryption will be set up in one of two modes: Default or Fallback. ### Default Mode ### The Default Mode is the preferred method of encryption provided the system has the required hardware. This mode utilizes the [Trusted Platform Module](https://en.wikipedia.org/wiki/Trusted_Platform_Module)(TPM) 2.0 chipset with `PolicyAuthorizeNV` support (TPM 2.0 version 1.38 or newer). In this mode, Aeon Desktop measures several aspects of the system's integrity. These including: * [UEFI Firmware](https://en.wikipedia.org/wiki/UEFI) * [Secure Boot](https://en.wikipedia.org/wiki/UEFI#Secure_Boot) state (enabled or disabled) * Partition Table * Boot loader and drivers * Kernel and `initrd` (including kernel command line parameters) These measurements are stored in the system's TPM. During startup, the current state is compared with the stored measurements. If these match, the system boots normally. If discrepancies are found, users are prompted to enter a Recovery Key provided during installation. This safeguard ensures that unauthorized changes or tampering attempts are flagged. ### Fallback Mode ### The Fallback Mode is employed when the necessary hardware for Default Mode is not detected. This mode requires users to enter a passphrase each time the system starts. While it does not check system integrity as comprehensively as Default Mode, [Secure Boot](https://en.wikipedia.org/wiki/UEFI#Secure_Boot) is strongly recommended to ensure some level of security, confirming that the bootloader and kernel have not been tampered with. Contrary to initial concerns, Default Mode is not less secure than Fallback Mode despite not requiring a passphrase at startup. The strong integrity checks in Default Mode protect against attacks that could bypass normal authentication methods. For example, it can detect changes to the kernel command line that could otherwise allow unauthorized access. Furthermore, it safeguards against modifications to `initrd` thereby preventing potential passphrase capture in Fallback Mode. [Secure Boot](https://en.wikipedia.org/wiki/UEFI#Secure_Boot), while optional in Default Mode due to the comprehensive integrity checks, is critical in Fallback Mode to maintain system security. Disabling [Secure Boot](https://en.wikipedia.org/wiki/UEFI#Secure_Boot) in Fallback Mode increases vulnerability to tampering and attacks aimed at capturing the passphrase. Aeon's implementation of Full Disk Encryption provides robust security options tailored to the capabilities of users' hardware. By offering both Default and Fallback modes, Aeon ensures that all users can benefit from enhanced data protection. The inclusion of this feature in RC3 marks a significant step forward in safeguarding user data against potential threats. Aeon users are encouraged to read and bookmark the [Aeon Encryption Guide](https://en.opensuse.org/index.php?title=Portal:Aeon/Encryption). ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world) (Image made with DALL-E)
news.opensuse.org
[Full Disk Encryption](https://en.wikipedia.org/wiki/Disk_encryption) is planned to be introduced in the forthcoming release candidate of the [Aeon Desktop](https://aeondesktop.org) to enhance data security for its users. The feature is expected to be included in the upcoming Release Candidate 3 (RC3). [Full Disk Encryption](https://en.opensuse.org/index.php?title=Portal:Aeon/Encryption) is designed to protect data in cases of device loss, theft or unauthorized booting into an alternative operating system. Depending on the hardware configuration of a system, Aeon's encryption will be set up in one of two modes: Default or Fallback. ### Default Mode ### The Default Mode is the preferred method of encryption provided the system has the required hardware. This mode utilizes the [Trusted Platform Module](https://en.wikipedia.org/wiki/Trusted_Platform_Module)(TPM) 2.0 chipset with `PolicyAuthorizeNV` support (TPM 2.0 version 1.38 or newer). In this mode, Aeon Desktop measures several aspects of the system's integrity. These including: * [UEFI Firmware](https://en.wikipedia.org/wiki/UEFI) * [Secure Boot](https://en.wikipedia.org/wiki/UEFI#Secure_Boot) state (enabled or disabled) * Partition Table * Boot loader and drivers * Kernel and `initrd` (including kernel command line parameters) These measurements are stored in the system's TPM. During startup, the current state is compared with the stored measurements. If these match, the system boots normally. If discrepancies are found, users are prompted to enter a Recovery Key provided during installation. This safeguard ensures that unauthorized changes or tampering attempts are flagged. ### Fallback Mode ### The Fallback Mode is employed when the necessary hardware for Default Mode is not detected. This mode requires users to enter a passphrase each time the system starts. While it does not check system integrity as comprehensively as Default Mode, [Secure Boot](https://en.wikipedia.org/wiki/UEFI#Secure_Boot) is strongly recommended to ensure some level of security, confirming that the bootloader and kernel have not been tampered with. Contrary to initial concerns, Default Mode is not less secure than Fallback Mode despite not requiring a passphrase at startup. The strong integrity checks in Default Mode protect against attacks that could bypass normal authentication methods. For example, it can detect changes to the kernel command line that could otherwise allow unauthorized access. Furthermore, it safeguards against modifications to `initrd` thereby preventing potential passphrase capture in Fallback Mode. [Secure Boot](https://en.wikipedia.org/wiki/UEFI#Secure_Boot), while optional in Default Mode due to the comprehensive integrity checks, is critical in Fallback Mode to maintain system security. Disabling [Secure Boot](https://en.wikipedia.org/wiki/UEFI#Secure_Boot) in Fallback Mode increases vulnerability to tampering and attacks aimed at capturing the passphrase. Aeon's implementation of Full Disk Encryption provides robust security options tailored to the capabilities of users' hardware. By offering both Default and Fallback modes, Aeon ensures that all users can benefit from enhanced data protection. The inclusion of this feature in RC3 marks a significant step forward in safeguarding user data against potential threats. Aeon users are encouraged to read and bookmark the [Aeon Encryption Guide](https://en.opensuse.org/index.php?title=Portal:Aeon/Encryption). ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world) (Image made with DALL-E)
news.opensuse.org
Welcome to the monthly update for openSUSE Tumbleweed for June 2024. This month was busy with events like the [Community Summit in Berlin](https://events.opensuse.org/conferences/CSBerlin) and the [openSUSE Conference](https://events.opensuse.org/conferences/oSC24), but a number of snapshots continued to roll out to users. Developers, system administrators and users receive updates designed to enhance your experience and ensure high levels of security and performance. Should readers desire a more frequent amount of information about snapshot updates, readers are encouraged to subscribe to the [openSUSE Factory mailing list](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/). Let’s go! ### New Features and Enhancements ### * [Linux Kernel](https://www.kernel.org/) 6.9.7: This kernel introduces several important fixes and enhancements across various subsystems. Key updates include addressing undefined references in netfilter when `CONFIG_SYSCTL` is disabled, correcting [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) Fast Open handling, and resolving a conflicting quirk in [Advanced Linux Sound Architecture](https://en.wikipedia.org/wiki/Advanced_Linux_Sound_Architecture) for Realtek devices. Improvements in file system writeback operations, multi-threaded path handling and memory management for [Hisilicon](https://www.hisilicon.com) crypto drivers enhance stability. Networking updates include fixes for race conditions in [netpoll](https://github.com/cloudwego/netpoll), enhancements for specific SFP modules, and improvements in WiFi drivers such as RTW89, Ath9k, Ath12k, and MT76. Additional platform-specific updates address issues in ACPI, ARM64 configurations, HID device handling, and Bluetooth driver fixes. * [PipeWire](https://pipewire.org/) 1.2.0 and [WirePlumber](https://github.com/PipeWire/wireplumber) 0.5.4: PipeWire 1.2.0 introduces asynchronous processing, node.sync-group for synchronized scheduling, and improved config parsing error reporting. It also adds mandatory metadata support for buffer parameters, multiple data-loops with CPU affinity, and dynamic log level adjustments. Key fixes include RTP-SAP module enhancements, ROC 0.3 support, and improved Bluetooth BAP broadcast code parsing. WirePlumber 0.5.4 refines the role-based linking policy, allowing role-based sinks alongside standard audio operations and enabling regular filters to act as best targets. It addresses startup crashes due to empty config files, improves Bluetooth profile auto-switching, and fixes issues with DSP filters and infinite loop scenarios in autoswitching scripts. Together, these updates enhance the flexibility, reliability, and overall performance of audio management in Linux environments. Both also received updates in snapshot [20240627](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/NX4WPXDCZIOL4SIPB3XQ45BENOXZYMDY/) * [Mesa](https://www.mesa3d.org/) and [Mesa-drivers](https://www.mesa3d.org/) 24.1.2: Both packages underwent a specfile cleanup, involving the relocation of Rust crate sources into subprojects folders and updates to `baselibs.conf`. Due to the maintenance burden associated with Rust crates as system dependencies, these crates are now downloaded as vendored dependencies, as detailed in the README-suse-maintenance.md. The update adds support for building libvulkan\_nouveau, including necessary Rust crates such as paste-1.0.14, proc-macro2-1.0.70, quote-1.0.33, syn-2.0.39, and unicode-ident-1.0.12. However, building libvulkan\_nouveau on [Leap](http://get.opensuse.org/leap/) is not possible due to the requirement for rust-cbindgen \>= 0.25. For more details, refer to the release notes at [https://docs.mesa3d.org/relnotes/24.1.2](https://docs.mesa3d.org/relnotes/24.1.2). * [KDE Plasma](https://kde.org/announcements/changelogs/plasma/6/6.1.0-6.1.1/) 6.1.1: [Discover](https://invent.kde.org/plasma/discover) improves UI elements and Packagekit support, while Dr Konqi corrects the Sentry dbus interface usage. Plasma Addons addresses reference issues in Effects/cube, and krdp ensures version compatibility and resolves session controller bugs. Kscreenlocker improves greeter functionality, and KWin introduces multiple fixes for shaders, tiling, and input panels. Libkscreen and libplasma update protocol versions and fix plugin loading issues. Plasma Desktop enhances task icon sizing, panel opacity and file dragging across screens. Plasma Audio Volume Control removes unnecessary symlinks, and Plasma Systemmonitor correctly positions loading overlays. Powerdevil improves battery protection UI and limits backlighthelper calls. * [Python-setuptools](https://pypi.org/project/setuptools/) 70.0: Key features in this new major version include emitting warnings for ignored [tools.setuptools] entries in `pyproject.toml`, improved error messaging for `pkg_resources.EntryPoint.require` and handling `None` location distributions more gracefully. The update also refreshes unpinned vendored dependencies, supports PEP 625 by standardizing package name and version in filenames and ensures encoding consistency for `.pth` files. Obsolete Python \< 3.8 code has been removed, and `pkg_resources` now uses `stdlib` `importlib.machinery`. Bug fixes address race conditions in the install command, improve handling of nested namespaces with `package_dir` and correct various `pkg_resources` method behaviors. The patch for reproducibility has also been refreshed. * [Xen](https://xenproject.org/) 4.18.2\_06: This version resolves intermittent system hangs when Power Control Mode is set to Minimum Power. Patches also improve CPU mask handling and interrupt movement in various scenarios. Upstream bug fixes include improvements in scheduler resource data management and include fixes for building with [GNU Compiler Collection](https://gcc.gnu.org/) 14. ### Key Package Updates ### * [NetworkManager](https://networkmanager.dev/) 1.48.2: This package updates support for matching OVS system interfaces by MAC address and fixes port reactivation and VPN secrets handling for 2-factor authentication. It saves connection timestamps during shutdown for proper autoactivation after restart. Key changes in 1.48.0 deprecate autotools building, add support for changing [OpenSSL](https://www.openssl.org/) ciphers for 802.1X authentication, and set unmanaged device reasons in the `StateReason` property visible in nmcli. Additionally, it replaces the `mac-address-blacklist` property with `mac-address-denylist`, improves WiFi 6 GHz band detection and optimizes performance to avoid high CPU usage during route updates. Previous version 1.46 adds brought dynamic SSID-based stable IDs, randomized MAC addresses and several enhancements for handling IPv6, D-Bus and cloud setup. * [ibus-table](https://mike-fabian.github.io/ibus-table/) 1.17.6: This update drops Python2 support, transitioning all scripts to [Python3](https://www.python.org/) using pyupgrade. It now allows the use of keys with Unicode keysyms in keybindings, enhancing customization and flexibility. Additionally, the `frames_per_buffer=chunk_size` option is now utilized in `self._paudio.open()` for improved audio handling. The update also includes translation enhancements from [Weblate](https://weblate.org/), with Czech translations reaching 36.6 percent, Japanese at 45.3 percent, and Chinese (Simplified) at 92.0 percent. * [btrfsprogs](https://btrfs.wiki.kernel.org/) 6.9: The `mkfs` utility now halts if the mount status cannot be determined when using the `--force` option and corrects the minimum size calculation for zoned devices. The check command removes the `--clear-ino-cache` option, shifting its functionality to the `rescue` command group, and adds detection and repair for incorrect file extent item `ram_bytes` values. The qgroup commands now sync the filesystem before searching for stale entries, handle uncleaned subvolumes and `squota` enabled scenarios, and display the cleaning status of subvolumes. The `receive` command fixes stream parsing for strict alignment hosts, and `tune change-csum` and `dump-tree` commands include updates for handling `dev-replace` status items. The `convert` command improves extent iteration for preallocated/unwritten extents. The build process now ensures compatibility with e2fsprogs 1.47.1 and improves header file dependency tracking. Documentation was also updated. * GNU’s [Emacs](https://www.gnu.org/software/emacs/) 29.4: An emergency bugfix took place in this release. In this update, arbitrary shell commands are no longer executed when enabling Org mode, significantly enhancing security by preventing the execution of potentially malicious commands. ### Bug Fixes ### * Python-dnspython 2.6.1: * [CVE-2023-29483](https://www.suse.com/security/cve/CVE-2023-29483.html) - Eventlet before 0.35.2 in dnspython allows remote "TuDoor" DNS attack interference. * [php8](https://www.php.net/) 8.3.8: * [CVE-2012-1823](https://www.suse.com/security/cve/CVE-2012-1823.html) involved a vulnerability where attackers could inject arguments into PHP-CGI, leading to potential security issues. The new vulnerability, [CVE-2024-4577](https://www.suse.com/security/cve/CVE-2024-4577.html), was discovered to bypass this original fix, allowing the same or similar types of argument injection attacks. The update ensures that this bypass is no longer possible, reinforcing the security measures originally put in place for CVE-2012-1823. * Similarly, the bypass of [CVE-2024-1874](https://www.suse.com/security/cve/CVE-2024-1874.html) was made with the fix to [CVE-2024-5585](https://www.suse.com/security/cve/CVE-2024-5585.html). * kernel-firmware-nvidia-gspx-G06 (NVIDIA GPU driver) * [CVE-2024-0090](https://www.suse.com/security/cve/CVE-2024-0090.html) was a vulnerability where a user can cause an out-of-bounds write. * [CVE-2024-0091](https://www.suse.com/security/cve/CVE-2024-0091.html) was a vulnerability where a user can cause an untrusted pointer dereference. A successful exploit of this vulnerability might lead to denial of service. * [CVE-2024-0092](https://www.suse.com/security/cve/CVE-2024-0092.html) was an improper check or improper handling of exception conditions might lead to denial of service. * XZ 5.6.2: * [CVE-2024-3094](https://www.suse.com/security/cve/CVE-2024-3094.html) Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. More details in snapshot [20240605](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3UNI5PRCGMBHLATQTHC5WRXK3D5HDNGK/) * cJSON v1.7.17: * [CVE-2024-31755](https://www.suse.com/security/cve/CVE-2024-31755.html) - A segmentation violation, which can trigger through the second parameter. ### Conclusion ### The month of June 2024 saw a range of significant updates, security fixes and enhancements. The Linux Kernel 6.9.7 update improved stability and performance. Mesa and Mesa-drivers 24.1.2 introduced Rust crate dependencies and improved Vulkan support. KDE Plasma 6.1.1 brought UI improvements and a major version of Python-setuptools 70.0 arrived for rolling release users. A few critical security vulnerabilities were taken care of and fixes related to the [XZ backdoor](https://news.opensuse.org/2024/04/12/learn-from-the-xz-backdoor/) continued, so that Tumbleweed remains secure, efficient and feature-rich for all users. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the [openSUSE Factory mailing list ](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/). The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions. ### Contributing to openSUSE Tumbleweed ### Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued. ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world) (Image made with DALL-E)
news.opensuse.org
Welcome to the monthly update for openSUSE Tumbleweed for June 2024. This month was busy with events like the [Community Summit in Berlin](https://events.opensuse.org/conferences/CSBerlin) and the [openSUSE Conference](https://events.opensuse.org/conferences/oSC24), but a number of snapshots continued to roll out to users. Developers, system administrators and users receive updates designed to enhance your experience and ensure high levels of security and performance. Should readers desire a more frequent amount of information about snapshot updates, readers are encouraged to subscribe to the [openSUSE Factory mailing list](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/). Let’s go! ### New Features and Enhancements ### * [Linux Kernel](https://www.kernel.org/) 6.9.7: This kernel introduces several important fixes and enhancements across various subsystems. Key updates include addressing undefined references in netfilter when `CONFIG_SYSCTL` is disabled, correcting [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) Fast Open handling, and resolving a conflicting quirk in [Advanced Linux Sound Architecture](https://en.wikipedia.org/wiki/Advanced_Linux_Sound_Architecture) for Realtek devices. Improvements in file system writeback operations, multi-threaded path handling and memory management for [Hisilicon](https://www.hisilicon.com) crypto drivers enhance stability. Networking updates include fixes for race conditions in [netpoll](https://github.com/cloudwego/netpoll), enhancements for specific SFP modules, and improvements in WiFi drivers such as RTW89, Ath9k, Ath12k, and MT76. Additional platform-specific updates address issues in ACPI, ARM64 configurations, HID device handling, and Bluetooth driver fixes. * [PipeWire](https://pipewire.org/) 1.2.0 and [WirePlumber](https://github.com/PipeWire/wireplumber) 0.5.4: PipeWire 1.2.0 introduces asynchronous processing, node.sync-group for synchronized scheduling, and improved config parsing error reporting. It also adds mandatory metadata support for buffer parameters, multiple data-loops with CPU affinity, and dynamic log level adjustments. Key fixes include RTP-SAP module enhancements, ROC 0.3 support, and improved Bluetooth BAP broadcast code parsing. WirePlumber 0.5.4 refines the role-based linking policy, allowing role-based sinks alongside standard audio operations and enabling regular filters to act as best targets. It addresses startup crashes due to empty config files, improves Bluetooth profile auto-switching, and fixes issues with DSP filters and infinite loop scenarios in autoswitching scripts. Together, these updates enhance the flexibility, reliability, and overall performance of audio management in Linux environments. Both also received updates in snapshot [20240627](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/NX4WPXDCZIOL4SIPB3XQ45BENOXZYMDY/) * [Mesa](https://www.mesa3d.org/) and [Mesa-drivers](https://www.mesa3d.org/) 24.1.2: Both packages underwent a specfile cleanup, involving the relocation of Rust crate sources into subprojects folders and updates to `baselibs.conf`. Due to the maintenance burden associated with Rust crates as system dependencies, these crates are now downloaded as vendored dependencies, as detailed in the README-suse-maintenance.md. The update adds support for building libvulkan\_nouveau, including necessary Rust crates such as paste-1.0.14, proc-macro2-1.0.70, quote-1.0.33, syn-2.0.39, and unicode-ident-1.0.12. However, building libvulkan\_nouveau on [Leap](http://get.opensuse.org/leap/) is not possible due to the requirement for rust-cbindgen \>= 0.25. For more details, refer to the release notes at [https://docs.mesa3d.org/relnotes/24.1.2](https://docs.mesa3d.org/relnotes/24.1.2). * [KDE Plasma](https://kde.org/announcements/changelogs/plasma/6/6.1.0-6.1.1/) 6.1.1: [Discover](https://invent.kde.org/plasma/discover) improves UI elements and Packagekit support, while Dr Konqi corrects the Sentry dbus interface usage. Plasma Addons addresses reference issues in Effects/cube, and krdp ensures version compatibility and resolves session controller bugs. Kscreenlocker improves greeter functionality, and KWin introduces multiple fixes for shaders, tiling, and input panels. Libkscreen and libplasma update protocol versions and fix plugin loading issues. Plasma Desktop enhances task icon sizing, panel opacity and file dragging across screens. Plasma Audio Volume Control removes unnecessary symlinks, and Plasma Systemmonitor correctly positions loading overlays. Powerdevil improves battery protection UI and limits backlighthelper calls. * [Python-setuptools](https://pypi.org/project/setuptools/) 70.0: Key features in this new major version include emitting warnings for ignored [tools.setuptools] entries in `pyproject.toml`, improved error messaging for `pkg_resources.EntryPoint.require` and handling `None` location distributions more gracefully. The update also refreshes unpinned vendored dependencies, supports PEP 625 by standardizing package name and version in filenames and ensures encoding consistency for `.pth` files. Obsolete Python \< 3.8 code has been removed, and `pkg_resources` now uses `stdlib` `importlib.machinery`. Bug fixes address race conditions in the install command, improve handling of nested namespaces with `package_dir` and correct various `pkg_resources` method behaviors. The patch for reproducibility has also been refreshed. * [Xen](https://xenproject.org/) 4.18.2\_06: This version resolves intermittent system hangs when Power Control Mode is set to Minimum Power. Patches also improve CPU mask handling and interrupt movement in various scenarios. Upstream bug fixes include improvements in scheduler resource data management and include fixes for building with [GNU Compiler Collection](https://gcc.gnu.org/) 14. ### Key Package Updates ### * [NetworkManager](https://networkmanager.dev/) 1.48.2: This package updates support for matching OVS system interfaces by MAC address and fixes port reactivation and VPN secrets handling for 2-factor authentication. It saves connection timestamps during shutdown for proper autoactivation after restart. Key changes in 1.48.0 deprecate autotools building, add support for changing [OpenSSL](https://www.openssl.org/) ciphers for 802.1X authentication, and set unmanaged device reasons in the `StateReason` property visible in nmcli. Additionally, it replaces the `mac-address-blacklist` property with `mac-address-denylist`, improves WiFi 6 GHz band detection and optimizes performance to avoid high CPU usage during route updates. Previous version 1.46 adds brought dynamic SSID-based stable IDs, randomized MAC addresses and several enhancements for handling IPv6, D-Bus and cloud setup. * [ibus-table](https://mike-fabian.github.io/ibus-table/) 1.17.6: This update drops Python2 support, transitioning all scripts to [Python3](https://www.python.org/) using pyupgrade. It now allows the use of keys with Unicode keysyms in keybindings, enhancing customization and flexibility. Additionally, the `frames_per_buffer=chunk_size` option is now utilized in `self._paudio.open()` for improved audio handling. The update also includes translation enhancements from [Weblate](https://weblate.org/), with Czech translations reaching 36.6 percent, Japanese at 45.3 percent, and Chinese (Simplified) at 92.0 percent. * [btrfsprogs](https://btrfs.wiki.kernel.org/) 6.9: The `mkfs` utility now halts if the mount status cannot be determined when using the `--force` option and corrects the minimum size calculation for zoned devices. The check command removes the `--clear-ino-cache` option, shifting its functionality to the `rescue` command group, and adds detection and repair for incorrect file extent item `ram_bytes` values. The qgroup commands now sync the filesystem before searching for stale entries, handle uncleaned subvolumes and `squota` enabled scenarios, and display the cleaning status of subvolumes. The `receive` command fixes stream parsing for strict alignment hosts, and `tune change-csum` and `dump-tree` commands include updates for handling `dev-replace` status items. The `convert` command improves extent iteration for preallocated/unwritten extents. The build process now ensures compatibility with e2fsprogs 1.47.1 and improves header file dependency tracking. Documentation was also updated. * GNU’s [Emacs](https://www.gnu.org/software/emacs/) 29.4: An emergency bugfix took place in this release. In this update, arbitrary shell commands are no longer executed when enabling Org mode, significantly enhancing security by preventing the execution of potentially malicious commands. ### Bug Fixes ### * Python-dnspython 2.6.1: * [CVE-2023-29483](https://www.suse.com/security/cve/CVE-2023-29483.html) - Eventlet before 0.35.2 in dnspython allows remote "TuDoor" DNS attack interference. * [php8](https://www.php.net/) 8.3.8: * [CVE-2012-1823](https://www.suse.com/security/cve/CVE-2012-1823.html) involved a vulnerability where attackers could inject arguments into PHP-CGI, leading to potential security issues. The new vulnerability, [CVE-2024-4577](https://www.suse.com/security/cve/CVE-2024-4577.html), was discovered to bypass this original fix, allowing the same or similar types of argument injection attacks. The update ensures that this bypass is no longer possible, reinforcing the security measures originally put in place for CVE-2012-1823. * Similarly, the bypass of [CVE-2024-1874](https://www.suse.com/security/cve/CVE-2024-1874.html) was made with the fix to [CVE-2024-5585](https://www.suse.com/security/cve/CVE-2024-5585.html). * kernel-firmware-nvidia-gspx-G06 (NVIDIA GPU driver) * [CVE-2024-0090](https://www.suse.com/security/cve/CVE-2024-0090.html) was a vulnerability where a user can cause an out-of-bounds write. * [CVE-2024-0091](https://www.suse.com/security/cve/CVE-2024-0091.html) was a vulnerability where a user can cause an untrusted pointer dereference. A successful exploit of this vulnerability might lead to denial of service. * [CVE-2024-0092](https://www.suse.com/security/cve/CVE-2024-0092.html) was an improper check or improper handling of exception conditions might lead to denial of service. * XZ 5.6.2: * [CVE-2024-3094](https://www.suse.com/security/cve/CVE-2024-3094.html) Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. More details in snapshot [20240605](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3UNI5PRCGMBHLATQTHC5WRXK3D5HDNGK/) * cJSON v1.7.17: * [CVE-2024-31755](https://www.suse.com/security/cve/CVE-2024-31755.html) - A segmentation violation, which can trigger through the second parameter. ### Conclusion ### The month of June 2024 saw a range of significant updates, security fixes and enhancements. The Linux Kernel 6.9.7 update improved stability and performance. Mesa and Mesa-drivers 24.1.2 introduced Rust crate dependencies and improved Vulkan support. KDE Plasma 6.1.1 brought UI improvements and a major version of Python-setuptools 70.0 arrived for rolling release users. A few critical security vulnerabilities were taken care of and fixes related to the [XZ backdoor](https://news.opensuse.org/2024/04/12/learn-from-the-xz-backdoor/) continued, so that Tumbleweed remains secure, efficient and feature-rich for all users. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the [openSUSE Factory mailing list ](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/). The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions. ### Contributing to openSUSE Tumbleweed ### Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued. ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world) (Image made with DALL-E)
news.opensuse.org
[Slowroll](https://en.opensuse.org/openSUSE:Slowroll), which has a more modest update cadence than [Tumbleweed](https://get.opensuse.org/tumbleweed/), is gaining acceptance as a balance between the rapid updates of Tumbleweed's rolling releases and the traditional [Leap](https://get.opensuse.org/tumbleweed/) release. Slowroll is nearly ready for full deployment and the development team has been working diligently to prepare the next version bump, with planned updates scheduled for July 9, August 9 and Sept. 9. These updates are expected to maintain a consistent monthly cadence to ensure users have timely and stable updates. One of the critical updates pulled in will include the latest [OpenSSH](https://github.com/openssh/openssh-portable) CVE fixes, which have already been made available in Tumbleweed. This fix enhances the security of Slowroll & ensure that it remains a robust and reliable distribution for users. ### Highlighted Features of Slowroll ### Balanced Update Cadence: Slowroll offers a monthly rolling update cycle that provides users with the latest features and security updates while ensuring stability through extensive testing and validation. Beta Phase: Slowroll is now in the Beta phase, indicating its near readiness for full deployment. Users can expect a reliable experience with continuous improvements. Continuous Improvement: The distribution integrates big updates approximately every month, alongside continuous bug fixes and security patches, ensuring a secure and up-to-date system. ### Statistics and Status ### According to the latest statistics available on the [Slowroll Stats page](http://stage3.opensuse.org:17080/munin/opensuse.org/stage3.opensuse.org/slowrollstats.html): * Tumbleweed had 2813 updated packages since the last version bump * Slowroll received 1316 updates from 871 different packages and only 339 updated rpms are Slowroll-specific builds ### Origins and Purpose ### Slowroll, introduced in 2023, was designed as an experimental distribution. Its primary goal is to offer a slower rolling release compared to Tumbleweed, thus enhancing stability without compromising on access to new features. The distribution continuously evolves with big updates integrated approximately every month, supported by regular bug fixes and security updates. It's crucial to understand that Slowroll is not intended to replace Leap. Instead, it provides an alternative for users who desire more up-to-date software at a slower pace than Tumbleweed but faster than Leap. If you try Slowroll, have a lot of fun - rolling... slowly! ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world) (Image made with DALL-E)
Archaeopteryx
4mo ago
•
100%
Firejail is great. I can recommend it.
news.opensuse.org
A new major version of Leap Micro is now available! Leap Micro 6.0 images can be found at [get.opensuse.org](https://get.opensuse.org/leapmicro/6.0/). Leap Micro 6.0 uses a brand-new codebase, comes with plenty of new appliances and, for the first time, enters images for public cloud. About Leap Micro ---------- Leap Micro 6.0 is a rebranded [SUSE Linux Enterprise Micro 6.0](https://www.suse.com/products/micro/) which is an ultra-reliable container and Virtual Machine host by SUSE. Leap Micro is released twice a year and has support over two releases. Leap Micro 5.4 is now EOL ---------- With the release of [Leap Micro 6.0](https://get.opensuse.org/leapmicro/6.0/), [Leap Micro 5.4](https://news.opensuse.org/2023/04/27/leap-micro-54-leap-155-enters-rc/) reaches End Of Life; users will no longer receive maintenance updates and are advised to upgrade. More conservative users can stay on Leap Micro 5.5, which will receive updates until the release of Leap Micro 6.1. Understanding Image variants ---------- All of Leap and SLE Micro generally come in two variants either Base or Default. Both Base and Default have a container stack, but only the Default variant has the Virtual Machine stack. If you do not plan to use VMs and you care for space, then the Base might be a variant just for you. All of our images offered at [get-o-o](https://get.opensuse.org/leapmicro/6.0/) are the Default ones (VMs+containers) as we expect they're suitable for most users. All appliances including Base variants (without virtualization stack) can be downloaded directly from [https://download.opensuse.org/distribution/leap-micro/6.0/appliances/](https://download.opensuse.org/distribution/leap-micro/6.0/appliances/) Explaining individual appliances ---------- A general recommendation for everyone use is the [self-install image](https://www.youtube.com/watch?v=j8kWT7HSjbw). It's a bootable image with a quick wizard that writes the preconfigured image to your drive and grows the root partition. This process from boot takes about 5 minutes. The preconfigured image is a raw bootable image you can manually write/dd to the disk or SD card. Images can be configured via Ignition/Combustion or will default to the jeos-firsboot wizard. We have a Real-time image with kernel-rt, qcow image for KVM, VMWare image, and a brand new raw image with [Full Disk Encryption](https://www.youtube.com/watch?v=Zd0kLDQsz88). Users who want to try our FDE image within a VM will need to make sure that they're using emulated tpm-2 chip and UEFI. This can be achieved easily with virt-manager. SLE Micro 6.0 dropped the traditional installer in favor of self-install media, therefore Leap Micro 6.0 doesn't have it either. The new Packages image is not a bootable media. This is just an image with an offline repository in case you need it. Leap Micro 6.0 comes for the first time also with [Public Cloud Images](https://build.opensuse.org/project/show/Cloud:Images:LeapMicro_6.0). Images will soon be available with all major public cloud providers. Upgrading from 5.X ---------- A recommendation is to make a clean install since this is a brand-new major version. For those who'd like to try migration, please follow the [upgrade guide](https://en.opensuse.org/SDB:System_upgrade_to_LeapMicro_6.0). Release Notes ---------- Users can refer to [SLE Micro 6.0 Release notes](https://www.suse.com/releasenotes/x86_64/SL-Micro/6.0/index.html). Leap Micro 6.0 uses [openSUSE-repos](https://github.com/openSUSE/openSUSE-repos) for repository management. It is highly recommended to pay attention to this detail, especially for those who migrate. Here is an [article explaining how openSUSE repos work](https://news.opensuse.org/2023/07/31/try-out-cdn-with-opensuse-repos/). Leap Micro 6.0 has no longer a [dedicated SLE update repo](https://github.com/openSUSE/openSUSE-repos/blob/main/opensuse-leap-micro5-repoindex.xml). This has been merged into the [main repository](https://github.com/openSUSE/openSUSE-repos/blob/main/opensuse-leap-micro6-repoindex.xml). ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world)
news.opensuse.org
A new major version of Leap Micro is now available! Leap Micro 6.0 images can be found at [get.opensuse.org](https://get.opensuse.org/leapmicro/6.0/). Leap Micro 6.0 uses a brand-new codebase, comes with plenty of new appliances and, for the first time, enters images for public cloud. About Leap Micro ---------- Leap Micro 6.0 is a rebranded [SUSE Linux Enterprise Micro 6.0](https://www.suse.com/products/micro/) which is an ultra-reliable container and Virtual Machine host by SUSE. Leap Micro is released twice a year and has support over two releases. Leap Micro 5.4 is now EOL ---------- With the release of [Leap Micro 6.0](https://get.opensuse.org/leapmicro/6.0/), [Leap Micro 5.4](https://news.opensuse.org/2023/04/27/leap-micro-54-leap-155-enters-rc/) reaches End Of Life; users will no longer receive maintenance updates and are advised to upgrade. More conservative users can stay on Leap Micro 5.5, which will receive updates until the release of Leap Micro 6.1. Understanding Image variants ---------- All of Leap and SLE Micro generally come in two variants either Base or Default. Both Base and Default have a container stack, but only the Default variant has the Virtual Machine stack. If you do not plan to use VMs and you care for space, then the Base might be a variant just for you. All of our images offered at [get-o-o](https://get.opensuse.org/leapmicro/6.0/) are the Default ones (VMs+containers) as we expect they're suitable for most users. All appliances including Base variants (without virtualization stack) can be downloaded directly from [https://download.opensuse.org/distribution/leap-micro/6.0/appliances/](https://download.opensuse.org/distribution/leap-micro/6.0/appliances/) Explaining individual appliances ---------- A general recommendation for everyone use is the [self-install image](https://www.youtube.com/watch?v=j8kWT7HSjbw). It's a bootable image with a quick wizard that writes the preconfigured image to your drive and grows the root partition. This process from boot takes about 5 minutes. The preconfigured image is a raw bootable image you can manually write/dd to the disk or SD card. Images can be configured via Ignition/Combustion or will default to the jeos-firsboot wizard. We have a Real-time image with kernel-rt, qcow image for KVM, VMWare image, and a brand new raw image with [Full Disk Encryption](https://www.youtube.com/watch?v=Zd0kLDQsz88). Users who want to try our FDE image within a VM will need to make sure that they're using emulated tpm-2 chip and UEFI. This can be achieved easily with virt-manager. SLE Micro 6.0 dropped the traditional installer in favor of self-install media, therefore Leap Micro 6.0 doesn't have it either. The new Packages image is not a bootable media. This is just an image with an offline repository in case you need it. Leap Micro 6.0 comes for the first time also with [Public Cloud Images](https://build.opensuse.org/project/show/Cloud:Images:LeapMicro_6.0). Images will soon be available with all major public cloud providers. Upgrading from 5.X ---------- A recommendation is to make a clean install since this is a brand-new major version. For those who'd like to try migration, please follow the [upgrade guide](https://en.opensuse.org/SDB:System_upgrade_to_LeapMicro_6.0). Release Notes ---------- Users can refer to [SLE Micro 6.0 Release notes](https://www.suse.com/releasenotes/x86_64/SL-Micro/6.0/index.html). Leap Micro 6.0 uses [openSUSE-repos](https://github.com/openSUSE/openSUSE-repos) for repository management. It is highly recommended to pay attention to this detail, especially for those who migrate. Here is an [article explaining how openSUSE repos work](https://news.opensuse.org/2023/07/31/try-out-cdn-with-opensuse-repos/). Leap Micro 6.0 has no longer a [dedicated SLE update repo](https://github.com/openSUSE/openSUSE-repos/blob/main/opensuse-leap-micro5-repoindex.xml). This has been merged into the [main repository](https://github.com/openSUSE/openSUSE-repos/blob/main/opensuse-leap-micro6-repoindex.xml). ### More Information about openSUSE: ### **Official** * [openSUSE News](https://news.opensuse.org/) * [openSUSE Mailing List](https://lists.opensuse.org/archives/) * [openSUSE Wiki](https://en.opensuse.org/Main_Page) **Fediverse** * [https://discuss.tchncs.de/c/opensuse@lemmy.world](https://discuss.tchncs.de/c/opensuse@lemmy.world)
news.opensuse.org
[Leap 15.6](https://news.opensuse.org/2024/06/12/leap-unveils-choices-for-users/) install media were refreshed to address an issue with old secure boot signing key for [ppc64le](https://bugzilla.suse.com/show_bug.cgi?id=1226272#c7) and [s390x](https://bugzilla.suse.com/show_bug.cgi?id=1226215). Refreshed images from Leap 15.6 [Build 710.3](https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.6&build=710.3&groupid=50) are already available for download at [get.opensuse.org](https://get.opensuse.org/leap/15.6/). So now you can enjoy installation with secure boot on more exotic architectures. Happy Hacking!
news.opensuse.org
[Leap 15.6](https://news.opensuse.org/2024/06/12/leap-unveils-choices-for-users/) install media were refreshed to address an issue with old secure boot signing key for [ppc64le](https://bugzilla.suse.com/show_bug.cgi?id=1226272#c7) and [s390x](https://bugzilla.suse.com/show_bug.cgi?id=1226215). Refreshed images from Leap 15.6 [Build 710.3](https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.6&build=710.3&groupid=50) are already available for download at [get.opensuse.org](https://get.opensuse.org/leap/15.6/). So now you can enjoy installation with secure boot on more exotic architectures. Happy Hacking!
news.opensuse.org
openSUSE Leap Micro 6.0 Beta is now available! We expect that it will very quickly transition to RC and GA as the infra readiness advances. Leap Micro 6.0 Beta images can be found at [get.opensuse.org](https://get.opensuse.org/leapmicro/6.0/) or directly at [download.opensuse.org](https://download.opensuse.org/distribution/leap-micro/6.0/appliances/). About Leap Micro ---------- Leap Micro 6.0 is a rebranded [SUSE Linux Enterprise Micro 6.0](https://www.suse.com/products/micro/) which is an ultrareliable container and VM host by SUSE. This is the first publicly released product based on the fresh code base "SUSE Linux Framework One" (previously known as ALP). Leap Micro 6.X is available for x86\_64 and aarch64, released every 6 months, and supported until the next-next release is out. That means that Leap Micro 6.0 will become EOL once Leap Micro 6.2 gets released. All pieces related to [Rancher and Elemental](https://elemental.docs.rancher.com/) are purposely excluded from Leap Micro 6.X as SLE Micro for Rancher is free for use without any subscription within Rancher deployments. No more traditional installer ---------- Leap Micro 6.X is deployed via [self-install image](https://www.youtube.com/watch?v=j8kWT7HSjbw) which writes a preconfigured image to the disk and enlarges root partition. Users can use [combustion, ignition](https://documentation.suse.com/sle-micro/6.0/html/Micro-deployment-raw-images/index.html#deployment-preparing-configuration-device) or default to the jeos-firstboot wizard to do the initial setup of the system. Do not get mistaken by the availability of openSUSE-Leap-Micro-6.0-\*.iso is not installable. We refer to the image as a Packages image, which is basically an offline repository on a DVD. New FDE, VMWare, and Cloud images ---------- Aside from the self-install image Micro 6.0 comes with qcow, Full Disk Encryption, and RealTime images. All images can be found at [download.opensuse.org](https://download.opensuse.org/distribution/leap-micro/6.0/appliances/) For the first time Leap Micro 6.X has also cloud-init therefore shortly after the release we will also have [cloud images](https://build.opensuse.org/project/show/Cloud:Images:LeapMicro_6.0) available on GCP, Azure, and AWS. Changes to the product building ---------- Leap Micro 6.X is using the new [product composer](https://build.opensuse.org/package/show/openSUSE:Tools/product-composer) instead of the old product builder. This allowed us to consume update-info from the newly designed maintenance workflow of SLE Micro 6.0 and was preferred by the openSUSE maintenance team. Changes to the repositories and maintenance workflow ---------- Leap Micro 5.X users receive all updates released for relevant SLE Micro version via a repository named [repo-sle-update](https://github.com/openSUSE/openSUSE-repos/blob/main/opensuse-leap-micro5-repoindex.xml#L26). This particular repository no longer exists in Leap Micro 6.X. Instead, the [repo-main](https://github.com/openSUSE/openSUSE-repos/blob/main/opensuse-leap-micro6-repoindex.xml#L8) repository will contain all released updates for the relevant version of SUSE Linux Micro to date. Please note that the repository path slightly changed too, we'll ensure that migration via transactional-update shell followed by zypper dup --releaser 6.0 works via compatibility symlinks on download server. New way of managing repository definitions ---------- [openSUSE-repos](https://news.opensuse.org/2023/07/31/try-out-cdn-with-opensuse-repos/) is not new to our users, however, for the first time, openSUSE Leap Micro 6.0 deployments come with openSUSE-repos preinstalled. openSUSE repos uses a local [RIS](https://en.opensuse.org/openSUSE:Standards_Repository_Index_Service) service that easily lets us maintain repository definitions with a package update. Users migrating from 5.5/5.4 releases are advised to install `zypper in openSUSE-repos` to ensure they have up-to-date [repository paths](https://download.opensuse.org/distribution/leap-micro/6.0/product/repo/). Documentation ---------- Please refer to [SLE Micro 6.0 documentation](https://documentation.suse.com/sle-micro/6.0/) including Release notes. Reporting Issues ---------- Please refer to the Leap Micro section in our [Submitting bug reports page](https://en.opensuse.org/openSUSE:Submitting_bug_reports#Regular_release_products). Next steps ---------- Missing maintenance setup was a long-term blocker for the transition out from Alpha, otherwise, the distribution itself is stable and feature-full. Now that we have it, we need to polish some remaining infrastructure issues and users can expect a release within the next few days. Ideally before [oSC2024](https://events.opensuse.org/conferences/oSC24/) next week.
news.opensuse.org
openSUSE Leap Micro 6.0 Beta is now available! We expect that it will very quickly transition to RC and GA as the infra readiness advances. Leap Micro 6.0 Beta images can be found at [get.opensuse.org](https://get.opensuse.org/leapmicro/6.0/) or directly at [download.opensuse.org](https://download.opensuse.org/distribution/leap-micro/6.0/appliances/). About Leap Micro ---------- Leap Micro 6.0 is a rebranded [SUSE Linux Enterprise Micro 6.0](https://www.suse.com/products/micro/) which is an ultrareliable container and VM host by SUSE. This is the first publicly released product based on the fresh code base "SUSE Linux Framework One" (previously known as ALP). Leap Micro 6.X is available for x86\_64 and aarch64, released every 6 months, and supported until the next-next release is out. That means that Leap Micro 6.0 will become EOL once Leap Micro 6.2 gets released. All pieces related to [Rancher and Elemental](https://elemental.docs.rancher.com/) are purposely excluded from Leap Micro 6.X as SLE Micro for Rancher is free for use without any subscription within Rancher deployments. No more traditional installer ---------- Leap Micro 6.X is deployed via [self-install image](https://www.youtube.com/watch?v=j8kWT7HSjbw) which writes a preconfigured image to the disk and enlarges root partition. Users can use [combustion, ignition](https://documentation.suse.com/sle-micro/6.0/html/Micro-deployment-raw-images/index.html#deployment-preparing-configuration-device) or default to the jeos-firstboot wizard to do the initial setup of the system. Do not get mistaken by the availability of openSUSE-Leap-Micro-6.0-\*.iso is not installable. We refer to the image as a Packages image, which is basically an offline repository on a DVD. New FDE, VMWare, and Cloud images ---------- Aside from the self-install image Micro 6.0 comes with qcow, Full Disk Encryption, and RealTime images. All images can be found at [download.opensuse.org](https://download.opensuse.org/distribution/leap-micro/6.0/appliances/) For the first time Leap Micro 6.X has also cloud-init therefore shortly after the release we will also have [cloud images](https://build.opensuse.org/project/show/Cloud:Images:LeapMicro_6.0) available on GCP, Azure, and AWS. Changes to the product building ---------- Leap Micro 6.X is using the new [product composer](https://build.opensuse.org/package/show/openSUSE:Tools/product-composer) instead of the old product builder. This allowed us to consume update-info from the newly designed maintenance workflow of SLE Micro 6.0 and was preferred by the openSUSE maintenance team. Changes to the repositories and maintenance workflow ---------- Leap Micro 5.X users receive all updates released for relevant SLE Micro version via a repository named [repo-sle-update](https://github.com/openSUSE/openSUSE-repos/blob/main/opensuse-leap-micro5-repoindex.xml#L26). This particular repository no longer exists in Leap Micro 6.X. Instead, the [repo-main](https://github.com/openSUSE/openSUSE-repos/blob/main/opensuse-leap-micro6-repoindex.xml#L8) repository will contain all released updates for the relevant version of SUSE Linux Micro to date. Please note that the repository path slightly changed too, we'll ensure that migration via transactional-update shell followed by zypper dup --releaser 6.0 works via compatibility symlinks on download server. New way of managing repository definitions ---------- [openSUSE-repos](https://news.opensuse.org/2023/07/31/try-out-cdn-with-opensuse-repos/) is not new to our users, however, for the first time, openSUSE Leap Micro 6.0 deployments come with openSUSE-repos preinstalled. openSUSE repos uses a local [RIS](https://en.opensuse.org/openSUSE:Standards_Repository_Index_Service) service that easily lets us maintain repository definitions with a package update. Users migrating from 5.5/5.4 releases are advised to install `zypper in openSUSE-repos` to ensure they have up-to-date [repository paths](https://download.opensuse.org/distribution/leap-micro/6.0/product/repo/). Documentation ---------- Please refer to [SLE Micro 6.0 documentation](https://documentation.suse.com/sle-micro/6.0/) including Release notes. Reporting Issues ---------- Please refer to the Leap Micro section in our [Submitting bug reports page](https://en.opensuse.org/openSUSE:Submitting_bug_reports#Regular_release_products). Next steps ---------- Missing maintenance setup was a long-term blocker for the transition out from Alpha, otherwise, the distribution itself is stable and feature-full. Now that we have it, we need to polish some remaining infrastructure issues and users can expect a release within the next few days. Ideally before [oSC2024](https://events.opensuse.org/conferences/oSC24/) next week.
Archaeopteryx
4mo ago
•
100%
I second this. XnView MP is one of the best free programs out there.
Archaeopteryx
4mo ago
•
100%
I am using Lutris for Windows games (sometimes Windows applications, too) almost exclusively on my rig. It works perfectly fine.
Archaeopteryx
4mo ago
•
100%
Yeah. Will do the update on my server playground today :)
Archaeopteryx
5mo ago
•
100%
The issue is resolved.
Archaeopteryx
5mo ago
•
100%
True :D but my link goes directly to the snapper section of the wiki^^.
Archaeopteryx
5mo ago
•
100%
SUSE & openSUSE also have a great documentation about the snapper snapshot tool which is also available in many distributions:
Snapper Documentation
Archaeopteryx
5mo ago
•
100%
Arkenfox is not unmaintained but rolls a bit slower than Betterfox. But I will try Betterfox as well.
Archaeopteryx
5mo ago
•
100%
I also would vote for uBlock Origins. This is by far the best solution on the market. It blocks more than just ads and trackers. uBlock blocks also malware sites, popups, miners and other annoyances. Or you can also use it as an URL shortener tool to get rid of the tracking parameters in the URLs.
Something I've also been looking at more closely for a few days now is Arkenfox to hardening my Firefox more effective. Does anyone here has some experiences with Arkenfox?
Archaeopteryx
5mo ago
•
100%
I have used PhotoRec in the past (~10 years or so) when I needed to restore pictures from a SD-Card (FAT). It worked pretty well. If there are more modern solutions I would also like to get to know them.
Archaeopteryx
5mo ago
•
100%
There is still an issue that the update want delete the steam package because of a broken dependency.
2 Problems:
Problem: 1: the installed calibre-7.4.0-2.3.x86_64 requires 'libQt6Gui.so.6(Qt_6.7.0_PRIVATE_API)(64bit)', but this requirement cannot be provided
deleted providers: libQt6Gui6-6.7.0-2.2.x86_64
Problem: 2: the installed steam-1.0.0.79-1.4.x86_64 requires 'glibc-locale-base-32bit', but this requirement cannot be provided
deleted providers: glibc-locale-base-32bit-2.39-7.1.x86_64
Problem: 1: the installed calibre-7.4.0-2.3.x86_64 requires 'libQt6Gui.so.6(Qt_6.7.0_PRIVATE_API)(64bit)', but this requirement cannot be provided
deleted providers: libQt6Gui6-6.7.0-2.2.x86_64
Solution 1: Following actions will be done:
keep obsolete libQt6Gui6-6.7.0-2.2.x86_64
keep obsolete libQt6Core6-6.7.0-2.2.x86_64
keep obsolete libQt6DBus6-6.7.0-2.2.x86_64
keep obsolete libQt6OpenGL6-6.7.0-2.2.x86_64
keep obsolete libQt6Widgets6-6.7.0-2.2.x86_64
Solution 2: deinstallation of calibre-7.4.0-2.3.x86_64
Solution 3: break calibre-7.4.0-2.3.x86_64 by ignoring some of its dependencies
Choose from above solutions by number or skip, retry or cancel [1/2/3/s/r/c/d/?] (c): 2
Problem: 2: the installed steam-1.0.0.79-1.4.x86_64 requires 'glibc-locale-base-32bit', but this requirement cannot be provided
deleted providers: glibc-locale-base-32bit-2.39-7.1.x86_64
Solution 1: deinstallation of steam-1.0.0.79-1.4.x86_64
Solution 2: keep obsolete glibc-locale-base-32bit-2.39-7.1.x86_64
Solution 3: break steam-1.0.0.79-1.4.x86_64 by ignoring some of its dependencies
Choose from above solutions by number or skip, retry or cancel [1/2/3/s/r/c/d/?] (c):
But it looks like there is a fix already in testing.
Archaeopteryx
5mo ago
•
93%
It usually doesn't matter which distribution you use for gaming. Most of major ones are perfectly fitted for gaming. I am using openSUSE Tumbleweed and there is no difference to e.g. Arch or Ubuntu when it comes to gaming.
Archaeopteryx
5mo ago
•
100%
Nice. My next Laptop will be a MNT Reform, but if the performance of the Schenker/Tuxedo ARM laptop is right I wouldn't be averse to buying one as well.
Archaeopteryx
5mo ago
•
100%
Christopher Walken is an amazing actor. I probably watched every single Christopher Walken movie ever made, but I didn't know that he did also a FMV. Thanks for sharing!