Archaeopteryx

Welcome to the monthly update for openSUSE Tumbleweed for February 2024. This month we get one more day in February because of Leap year, but here is what we have for the month. This blog aims to provide readers with an overview of the key changes, improvements and issues addressed in openSUSE Tumbleweed snapshots throughout the month. Should readers desire a more frequent amount of information about openSUSE Tumbleweed snapshots, readers are advised to subscribe to the openSUSE Factory mailing list.

New Features and Enhancements

• Linux Kernel: February brought updates to the Linux kernel, progressing through versions 6.7.2 to 6.7.6. These updates focus on enhancing memory management, addressing some security vulnerabilities, and introducing support for new hardware models, ensuring improved compatibility and performance across various systems.

  • Fixes for various issues, including null-pointer dereference in powerpc/mm, incorrect node setting for arm64 irq, and build errors in powerpc architecture.
  • Correcting the node assignment for VMAP stack in the arm64 irq module.
  • Fix for a null-pointer dereference in pgtable_cache_add in the powerpc/mm module.
  • Fixes for various issues in filesystems like ext4 and JFS.
  • Ensuring proper handling of NMIs during very early boot in the x86/boot module.
  • New hardware support or models:
  • Colorful X15 AT 23 Laptop

• KDE Frameworks: Update for version 5.115.0.

  • xtra CMake Modules: The ECMUninstallTarget now ports generated code away from deprecated exec_program, enhancing compatibility and maintainability.
  • KHolidays: Adds St Brigid’s Day.
  • KIO: Once again KDirModel, allows expanding network directories in file picker.
  • prison : Enables exceptions for videoscannerworker.cpp.

• Mesa: Updates to 23.3.6

  • zink: Addresses flickering artifacts in Selaco, broken colors/dual-source blending on PinePhone Pro, and fixes sparse bo placement.
  • panfrost: Resolves graphical artifacts on T604 (T600), fixes intermittent compiler failures when building valhall tests, and pads compute jobs with zeros on v4.
  • radeonsi: Fixes unsynchronized flips/tearing with KMS DRM rendering on 780M and addresses heavy corruption in Amnesia: The Dark Descent.
  • VK: Various fixes for flaky tests, fullscreen “banding” artifacts in Age of Empires IV, and failures in dEQP-VK pipeline tests.

• systemd: Updates to version 254.9.

  • vconsole-setup: Resolved issue where vconsole-setup would fail if the only found vc is already used by plymouth.
  • systemd-testsuite: Dependency updated to “qemu” instead of “qemu-kvm”, the latter being obsolete.
  • test/test-shutdown.py: Option added to display test I/Os in a dedicated log file.
  • man pages: Documentation update to include ranges for distributions config files and local config files.
  • libbpf: Version of libbpf dlopened by systemd updated (weak dependency).

• glibc: Updated from version 2.38 to 2.39,

  • PLT Rewrite: Introduction of a new tunable, glibc.cpu.plt_rewrite, allows for enabling PLT rewrite on x86-64 architectures.
  • Sync with Linux Kernel 6.6: Synchronization with Linux kernel 6.6 shadow stack interface.
  • New Functions: Addition of new functions on Linux, including posix_spawnattr_getcgroup_np, posix_spawnattr_setcgroup_np, pidfd_spawn, pidfd_spawp, and pidfd_getpid.
  • scanf-family functions: Support for the wN format length modifiers for arguments pointing to specific types.
  • Memory Allocation Tunable: Introduction of a new tunable, glibc.mem.decorate_maps, for adding additional information on underlying memory allocated by glibc.
  • ISO C2X: Inclusion of the <stdbit.h> header from ISO C2X.
  • AArch64: Addition of new symbols to libmvec on AArch64.
  • ldconfig Enhancements: ldconfig now skips file names containing specific characters and patterns.
  • Dynamic Linker Improvements: The dynamic linker calls the malloc and free functions in more cases during TLS access if a shared object with dynamic TLS is loaded and unloaded.

• Cups-Filters: Updates to version 1.28.17

  • Improved Printer Capability Discovery: Enhancements to more reliably discover all printer capabilities from driverless printers, particularly borderless printing. This includes preferring Apple Raster over PWG Raster or PCLM formats.
  • PPD Generator Optimization: The PPD generator now creates only one *cupsFilter2 line for raster, utilizing the most desirable/reliable format, usually Apple Raster.
  • Media Database Handling: Enhancements in handling media-col-database and media-col-ready IPP attributes separately if needed, revealing important functionality like borderless printing.
  • Margin Alternatives Consideration: Consideration of all margin alternatives when generating PPD files for driverless printers, ensuring the discovery of borderless functionality for many printers.
  • Image Printing Enhancements: Images are now printed in their original size with “print-scaling=none”, and deprecated data types for reading TIFF images have been replaced with modern equivalents.

• openvpn: Updates to version 2.6.9

  • Enhanced Logging: SSL alerts are now logged more prominently, improving visibility into SSL-related issues.
  • Documentation Improvements: Clarifications and additions to documentation, including the documentation of the tls-exit option as a primarily test option.
  • Code Cleanup: Removal of unused function prototypes and redundant code, ensuring cleaner codebase and improved maintainability.
  • Error Handling: Addition of missing error checks and enhancements to error messages for better debugging and troubleshooting.
  • Security Enhancements: Implementation of the --tls-export-cert feature and addition of checks for TLS 1.0 PRF availability, improving security measures.
  • Configuration Clarifications: Clarifications regarding the tls-crypt-v2-verify option and removal of redundant options like --tls-export-cert.
  • Library Compatibility: Support added for newer versions of dependencies like mbedtls 3.x.y, with TLS 1.3 support disabled.

Security Updates

This month’s updates include critical security patches and bug fixes for glibc, GStreamer, Salt, Xen and many other packages.

Bug Fixes

• glibc: Had a few Common Vulnerabilities and Exposures fixed. CVE-2023-6246, CVE-2023-6779, which was a buffer overflow, CVE-2023-6780, which was an integer overflow, both that lead to an incorrect calculation of the buffer size.
• GStreamer: CVE-2024-0444 made it possible for a malicious third party to trigger a crash in the application.
• Salt: CVE-2024-22231 was vulnerable to a directory traversal attack and CVE-2024-22232, with a specially crafted url, could lead to a directory traversal in the salt file server.
• Xen: CVE-2023-46839 had a high complexity and required high privileges.
• dnsmasq: Both CVE-2023-50387 and CVE-2023-50868 could allow for remote attackers to cause a denial of service.
• qemu: CVE-2023-6693 could allow a hacker to steal data via a network device.
• bind: CVE-2023-50387 was associated with a “KeyTrap” DNS flaw lets attackers overload servers remotely. The other three were CVE-2023-4408, CVE-2023-5679 and CVE-2023-6516.
• Node.js: Multiple CVEs were fixed. These were CVE-2024-21892, which let unprivileged users gain elevated rights, CVE-2024-22019, which was a flaw that let attackers crash servers with malformed requests, and [CVE-2024-22017][(https://www.suse.com/security/cve/CVE-2024-22017.html), which was a path traversal bug via Buffer manipulation in an experimental feature. There was also CVE-2024-21896, CVE-2023-46809, CVE-2024-21891, CVE-2024-21890, CVE-2024-22025 and CVE-2024-24758, which kept Proxy-Authentication headers after redirects; upgrade as needed.

Conclusion

February 2024 for openSUSE Tumbleweed showcases a diverse range of updates and improvements across essential components. There were critical security patches for software like glibc, GStreamer and Salt. The kernel updated from 6.7.2 at the beginning of the month to 6.7.6. There were updates for KDE Frameworks, Mesa, systemd, Cups-Filters and other core components. Other significant upgrades during the month included fwupd 1.9.13, PostgreSQL 16.2, Pulseaudio 17.0, GTK 4.12.5, Python 3.11.8, RPM 4.19.1.1, Mozilla Firefox 122.0.1, PHP 8.2.16, Poppler 24.02.0, Shadow 4.14.5, binutils 2.42, Qemu 8.2.1 and, Python 3.12. Next month should see systemd 255.3 arrive in the rolling release as the package is currently in staging.. The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions. Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

Like many open-source projects, the Uyuni Project has a long tradition of fostering community engagement and open dialogue, which is why those who are interested in configuration management should consider joining the Uyuni Community Hours scheduled for Feb. 24 at 15:00 UTC.

Uyuni Community Hours sessions take place on the last Friday of the month. The sessions offer an invaluable opportunity for both the community and the project’s development team to come together.

During these sessions, participants are presented with the latest developments surrounding Uyuni. This open forum allows the community to ask questions, provide feedback and suggest features or enhancements directly to the development team. This proactive approach helps Uyuni to evolve and align with the needs and expectations of its user base.

The session for this Friday addresses the community’s feedback and needs:

• Meeting Migration Recap: An overview of recent changes to the meeting platform, enhancing accessibility and participation for the community.
• What’s New in Uyuni: A detailed exploration of the latest features and improvements in the February 2024 release of Uyuni.
• Containerized Uyuni: Release Strategy: Insights into the future of Uyuni’s deployment and management within containerized environments.
• Uyuni Health Check: Running on top of a “supportconfig”: Introduction of a new tool designed to simplify and streamline health checks for Uyuni servers.
• One Shot Execution of Recurring Actions: A discussion on enhancing task management and execution within the Uyuni framework.
• Testing, Building, and Publishing the Documentation with GitHub Actions: An innovative approach to maintaining and distributing up-to-date documentation for Uyuni users and developers.

This session is accessible with a detailed agenda and is meant to keep the contributing community well-informed of upcoming topics and discussions. Whether a developer, administrator or an open-source software enthusiast, join the Uyuni Community Hours to offer valuable insights into the project’s progress and future initiatives. ___

Like many open-source projects, the Uyuni Project has a long tradition of fostering community engagement and open dialogue, which is why those who are interested in configuration management should consider joining the Uyuni Community Hours scheduled for Feb. 24 at 15:00 UTC.

Uyuni Community Hours sessions take place on the last Friday of the month. The sessions offer an invaluable opportunity for both the community and the project’s development team to come together.

During these sessions, participants are presented with the latest developments surrounding Uyuni. This open forum allows the community to ask questions, provide feedback and suggest features or enhancements directly to the development team. This proactive approach helps Uyuni to evolve and align with the needs and expectations of its user base.

The session for this Friday addresses the community’s feedback and needs:

• Meeting Migration Recap: An overview of recent changes to the meeting platform, enhancing accessibility and participation for the community.
• What’s New in Uyuni: A detailed exploration of the latest features and improvements in the February 2024 release of Uyuni.
• Containerized Uyuni: Release Strategy: Insights into the future of Uyuni’s deployment and management within containerized environments.
• Uyuni Health Check: Running on top of a “supportconfig”: Introduction of a new tool designed to simplify and streamline health checks for Uyuni servers.
• One Shot Execution of Recurring Actions: A discussion on enhancing task management and execution within the Uyuni framework.
• Testing, Building, and Publishing the Documentation with GitHub Actions: An innovative approach to maintaining and distributing up-to-date documentation for Uyuni users and developers.

This session is accessible with a detailed agenda and is meant to keep the contributing community well-informed of upcoming topics and discussions. Whether a developer, administrator or an open-source software enthusiast, join the Uyuni Community Hours to offer valuable insights into the project’s progress and future initiatives. ___

For our German-speaking retrogaming and Ambermoon fans, here are two podcasts from Stay Forever:

• Stay Forever - Ambermoon
• Stay Forever - Ambermoon-Interview

From Wikipedia, the free encyclopedia: Ambermoon is a role-playing game developed and published by Thalion Software, released in 1993 for the Amiga. It was the second part of an unfinished trilogy (Amberstar, released in 1992, being the first).