This month delivered multiple snapshots and a wide range of updates plus a major default change highlighted in mid-February and a major version update of the Mesa 3D Graphic Library. GIMP 3.0.0~RC3 appears close to being final with GTK 3.24.48 integration. KDE Plasma 6.3 enhances fractional scaling, introduces a refined zoom effect, and overhauls drawing tablet settings. Meanwhile, KDE Gear 24.12.2 refines usability, gdb 15.2 improves debugging efficiency and fwupd enhances firmware update handling. Other notable updates include postgresql 17.3, Ruby 3.4.2, and critical security fixes in OpenSSL 3.4.1.

As always, be sure to roll back using snapper if any issues arise.

Happy updating and tumble on!

For more details on the change logs for the month, visit the openSUSE Factory mailing list.

New Features and Enhancements

Mesa 25.0: This release introduces Vulkan 1.4 support on radv/gfx8+, along with multiple new Vulkan extensions for panvk, including VK_KHR_dedicated_allocation, VK_KHR_global_priority, VK_KHR_multiview, VK_KHR_shader_float16_int8, VK_EXT_image_robustness, and more. Initial GFX12 (RDNA4) support is also added for radv. Performance optimizations were made for radv, anv, and panvk, improving stability across different applications. Additional fixes improve Wayland and X11 compatibility, correct video decoding issues, and resolve memory leaks affecting various games and workloads.

GIMP 3.0.0~RC3: The latest RC finalizes GTK 3.24.48 integration, resolves crashes in Wayland and improves Right-To-Left text rendering. Image graph enhancements prevent unnecessary bit-depth conversions, which preserves detail in non-destructive edits. Thread-safe projection fixes eliminate crashes from multi-threading conflicts. The Script-Fu Application Programming Interface introduces a new named-argument syntax to make scripts more flexible and readable. Official AppImage distribution ensures a clean, upstream-supported package for Linux users. GEGL optimizations refine filters and floating-point operations. With only a few remaining bug fixes, GIMP 3.0 is nearly ready for release.

KDE Plasma 6.3: KDE Plasma 6.3 refines fractional scaling in Window Manager and Wayland Compositor KWin to provide sharper visuals and align elements to the pixel grid. The zoom effect provides a pixel-perfect magnification with a grid overlay that can be useful for designers. The Drawing Tablet settings receive a major overhaul with stylus pressure curve adjustments and better calibration. The system monitor improves CPU tracking while using fewer resources; its Info Center now displays GPU details and battery cycle counts. App store Discover enhances security by highlighting permission changes in sandboxed apps, and the Weather widget adds Deutscher Wetterdienst as a data source. Usability tweaks include touchpad auto-disable for mouse users, a reorganized launcher menu, and a refined kickoff behavior that switches categories only on click. Customization options expand with panel cloning, scriptable opacity adjustments, and flexible launcher icons.

gdb 15.2: This major version update improves startup performance with background DWARF reading and refines debugging features, including new commands for missing debug handlers and thread management. GDB now generates sparse core files, provides better error messaging, and supports configurable timeouts for inferior function calls. Changes in GDBserver simplify debugging options, and new Python API functions enhance scripting capabilities. The update also deprecates MPX-related commands and refines existing commands for clarity and consistency.

fwupd: This update introduces new features such as fwupdtool efiboot-hive for setting the nmbl cmdline, improved inhibition reason handling in fwupdmgr, and USB-provided hidraw support for DS-20 descriptors. Bug fixes include proper dbx deployment on MSI hardware, Lenovo version parsing corrections, improved Logitech HID++ detection, and performance optimizations. Additionally, support has been added for HPE Gen10/Gen10+ devices using Redfish, along with better handling of future Huddly devices and more reliable Logitech Rallybar updates.

KDE Frameworks 6.11.0: KDE Frameworks 6.11.0 improves Baloo’s database handling by propagating failure reasons and reducing manual management of m_env. Breeze Icons introduces a 12x12 version of the open-link icon and updates close icons to black X symbols. KConfig now reads defaults from the Windows registry and improves nested group value handling. Kirigami refines SwipeListItem’s keyboard navigation and fixes deep nesting in ActionsMenu. KIO addresses symlink path resolution in file properties and enhances file dialog undo behavior. KTextEditor improves bookmark cycling and refines theme config margins. KSVG enhances render cache thread safety, and KWallet removes unused functions for a leaner codebase.

KDE Gear 24.12.2: KDE’s Dolphin improves icon scaling and overlay handling, while Kdenlive fixes crashes, enhances effect stacking and improves rendering progress visibility. KMail and Kontact streamline account management, preventing duplicate entries when deleting accounts. KTrip and KWeather clean up unused strings for a smoother mobile experience. Kate ensures proper selection handling and fixes search match exports. Okular prevents hangs in forms with numerous choice fields and correctly responds to palette changes.

postgresql 17.3: This update addresses various security fixes and performance improvements. A key security fix strengthens encoding validation in PQescapeString and related functions to prevent potential SQL injection risks. Connection privilege checks and limits are now properly enforced for parallel workers. Several bug fixes improve database stability, including preventing catalog corruption during vacuum operations, fixing race conditions in parallel queries, and resolving unexpected transaction errors. Other enhancements include improved handling of SQL/JSON deparsing, better collation consistency in UNION queries, and optimizations for VACUUM and indexing.

Ruby 3.4.2: Key fixes for this package address segmentation faults in ripper, stack consistency errors in -ne, and unexpected behavior in Array#sum and Numeric subclasses. Parsing issues in prism and parse.y have been resolved, including recursion depth inconsistencies and handling of unnamed forwarding variables. Other fixes include improved compatibility with GNU Compiler Collection 15, corrections for Module#autoload? performance, TCPSocket error handling, and ensuring encoding consistency in ENV.inspect. Additionally, a TLS fix for ARM64 has been backported, and various syntax inconsistencies have been addressed.

wireplumber 0.5.8: This update introduces support for handling UCM SplitPCM nodes in the Advanced Linux Sound Architecture monitor and improves PipeWire channel remapping via loopbacks. New functions enable marking WpSpaDevice child objects as pending, which enhances the handling of asynchronously created loopback nodes. ALSA node name deduplication has been improved, which prevents unnecessary .2, .3 suffixes. Fixes include resolving duplicate Bluetooth SCO (HSP/HFP) sources in UIs, correcting stream-restore behavior for device loopback nodes, and addressing issues in wp_lua_log_topic_copy(). Additionally, test scripts have been updated for improved object identification consistency.

python-cryptography 44.0.0: This major pypi update drops support for LibreSSL < 3.9 and deprecates Python 3.7, which will be removed in a future release. Linux wheels are now compiled with OpenSSL 3.4.0. The update enforces RFC 5280 rules preventing empty extended key usage extensions, allows timestamp extraction for MultiFernet, and relaxes Authority Key Identifier requirements on root CA certificates. Support for Argon2id KDF is added when using OpenSSL 3.2.0+, along with support for the Admissions certificate extension. Additionally, PKCS7 decryption, including S/MIME 3.2, is now supported via new decryption functions.

python-pyOpenSSL 25.0.0: This major pypi update removes deprecated APIs, including CRL, Revoked, dump_crl, and load_crl, and transitions users to cryptography.x509 for CRL functionality. The sign and verify functions have been removed in favor of cryptography.hazmat.primitives.asymmetric signature APIs. Deprecated features include OpenSSL.rand (use os.urandom() instead), X509Extension, and elliptic curve functions. Future deprecations are planned for X509 and PKey objects, with users encouraged to migrate to cryptography.x509.Certificate and cryptography private keys. The update also introduces an as_cryptography argument for get_certificate and related functions, allowing cryptography.x509.Certificate objects to be returned.

Key Package Updates

Kernel Source 6.13.4, 6.13.3, 6.13.2: These updates includes various fixes and improvements across multiple subsystems. It addresses issues in Btrfs, including a lockdep splat fix and better handling of transaction aborts. Security improvements address x86 SRSO mitigation for missing IBPB on VM-Exit, HID device handling fixes for winwing and thrustmaster, and multiple pinctrl bug fixes. The updates also refined DRM and AMD display components, improving HDMI, DSC passthrough, and backlight quirks. Additional fixes improve schedulers, IRQ handling, logging, and filesystem stability. Various DRM bridge, panel, and connector updates enhance ELD handling and synchronization. Other enhancements improve safesetid policy checks, WiFi drivers, and device-specific optimizations.

curl 8.12.1: This update includes various security fixes, such as resolving password leaks between hosts, HSTS cache entry overwrites and an eventfd double-close vulnerability. Enhancements include support for PKCS#11 keys, QUIC 0RTT with GnuTLS, improved HTTP authentication tracking, and extended error handling for connection reuse. Notable bug fixes address TLS upgrade issues, DNS resolution improvements, HTTP retry handling, and performance optimizations across multiple protocols.

selinux-policy 20250211: This update sets SELinux as the default Linux Security Module (LSM) for all new installations. While AppArmor remains available, SELinux will be in enforcing mode by default on fresh installs, including the minimalVM variant. SELinux updates will continue refining the implementation in the coming weeks.

sdbootutil: This update introduces improvements to PCR 15 measurements, including a validator service and predictive capabilities for crypttab changes. The update also refines cryptographic device ordering when using FIDO2 keys and removes the .conf suffix from grubenv. Additional fixes ensure proper generator behavior when /etc/crypttab is missing and improve logging output for PCR validation.

GStreamer 1.24.12: This update resolves shader compilation failures in d3d12 and corrects framerate handling in decklinkvideosink. The gst-libav module now avoids crashes in audio encoders with insufficiently aligned input data and restores compatibility with FFmpeg 4.2. Other fixes include improved seeking and duration handling in oggdemux, PTS wraparound detection in tsdemux, and race condition fixes in vtdec on macOS. Enhancements were made to qtdemux for better matrix transformation and flipping support, while webrtc now prevents duplicate payload types when using RTX and multiple video codecs. Additional refinements were applied to wpe, x264enc, and win32-pluginoader, along with various memory leak and stability fixes.

XFSProgs 6.13.0: This update introduces significant improvements, including enhanced support for realtime volumes, quota handling, and metadata directories. The mkfs tool now allows recursive subvolume deletion and improved protofile parsing. xfs_repair adds support for quota inodes in metadata directories, while xfs_scrub accelerates phase 8 processing using histograms. Additional fixes address error reporting, device encoding, and concurrency improvements for realtime allocation groups. Various build, documentation, and tooling enhancements further refine the XFS ecosystem.

kdump 2.0.16: This update improves reliability with a fix for KDUMP_AUTO_RESIZE, addressing issues in crash dump resizing. The update also resolves a critical bonding configuration bug in dracut, which previously caused network failures in kdump initrd. The issue stemmed from improper parsing of bond device parameters, where MAC address colons led to errors. The fix ensures kdump correctly filters out problematic bond keys, preventing parsing failures.

Bug Fixes and Security Updates

Several key security vulnerabilities were addressed this month. Common Vulnerabilities and Exposures this month are:

qemu:

• CVE-2023-2861: Fixed a flaw in the 9p passthrough filesystem (9pfs) implementation that could allow a malicious client to escape the exported 9p tree by creating and opening a device file in the shared folder.

curl:

• CVE-2024-11053: Fixed a credential leak when using .netrc files in combination with HTTP redirects.
• CVE-2024-9681: Resolved an issue where HSTS subdomain entries could overwrite parent domain cache entries, potentially leading to incorrect HTTPS enforcement.
• CVE-2025-0665: Addressed a double close vulnerability with eventfd, which could lead to undefined behavior or application crashes.

emacs:

• CVE-2025-1244: Details about this CVE are currently unavailable. For the latest information, please refer to the official Emacs news page.

OpenSSL 3.4.1:

• CVE-2024-12797: Fixed an issue where clients using RFC7250 Raw Public Keys (RPKs) might not detect server authentication failures, potentially exposing TLS/DTLS connections to man-in-the-middle attacks.
• CVE-2024-13176: A timing side-channel vulnerability in ECDSA signature computations could allow attackers to recover private keys. This primarily affects the NIST P-521 curve and requires local access or a high-speed, low-latency network connection to exploit.
• CVE-2024-9143: Fixed an out-of-bounds memory access issue in low-level GF(2^m) elliptic curve APIs, which could lead to memory corruption or crashes.

postgresql 17.3:

• CVE-2025-1094: Fixed an SQL injection vulnerability in the psql interactive tool caused by improper neutralization of quoting syntax in certain functions.

ffmpeg:

• CVE-2025-22921: Addressed a segmentation violation in jpeg2000dec.c, preventing potential crashes.
• CVE-2025-22919: Fixed a reachable assertion in handling crafted AAC files, mitigating denial-of-service risks.
• CVE-2025-0518: Resolved a stack-based buffer overflow allowing remote authenticated attackers to execute arbitrary code.
• CVE-2025-25473: Fixed multiple vulnerabilities enabling authenticated remote attackers to execute arbitrary commands.
• CVE-2024-12361: Addressed a flaw in certificate data handling that could lead to denial-of-service conditions.

grub2:

• CVE-2024-45781: Fixed a strcpy overflow in the UFS filesystem.
• CVE-2024-56737: Resolved a heap-based buffer overflow in the HFS filesystem.
• CVE-2024-45782: Addressed a strcpy overflow in the HFS filesystem.
• CVE-2024-45780: Fixed an overflow issue in TAR/CPIO handling.
• CVE-2024-45783: Corrected a reference count overflow in the HFS+ filesystem.
• CVE-2025-0624: Fixed an out-of-bounds write during the network boot process.
• CVE-2024-45774: Resolved a heap overflow in the JPEG parser.
• CVE-2024-45775: Addressed a missing NULL check in the extcmd parser.
• CVE-2025-0622: Fixed a use-after-free issue when handling hooks during module unload in command/gpg.
• CVE-2024-45776: Corrected an overflow in .MO file handling.
• CVE-2024-45777: Fixed an integer overflow in the gettext function.
• CVE-2025-0690: Resolved an integer overflow that could lead to an out-of-bounds write via the read command.
• CVE-2025-1118: Ensured the dump command is blocked when GRUB is in lockdown mode.
• CVE-2024-45778: Removed the BFS filesystem from lockdown-capable modules.
• CVE-2024-45779: Fixed a heap overflow in the BFS filesystem.
• CVE-2025-0677: Addressed an integer overflow leading to an out-of-bounds write when handling symlinks in UFS.
• CVE-2025-0684: Resolved an integer overflow leading to an out-of-bounds write when handling symlinks in ReiserFS.
• CVE-2025-0685: Fixed an integer overflow leading to an out-of-bounds write when handling symlinks in JFS.
• CVE-2025-0686: Corrected an integer overflow leading to an out-of-bounds write when handling symlinks in ROMFS.
• CVE-2025-0689: Fixed a heap-based buffer overflow in UDF that could lead to arbitrary code execution.
• CVE-2025-1125: Addressed an integer overflow leading to an out-of-bounds write in the HFS filesystem.
• CVE-2025-0678: Resolved an integer overflow leading to an out-of-bounds write in SquashFS.

libtasn1 4.20.0:

• CVE-2024-12133: Fixed inefficient handling of specific certificate data, which could allow an attacker to send a specially crafted certificate, causing a denial of service attack.

libxml2 2.13.6:

• CVE-2025-24928: Fixed a stack-based buffer overflow in the xmlSnprintfElements function, which could be exploited during DTD validation of untrusted documents, leading to denial of service or code execution.
• CVE-2024-56171: Resolved a use-after-free vulnerability in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions, potentially leading to arbitrary code execution when processing crafted XML documents or schemas.
• CVE-2025-27113: Addressed a NULL pointer dereference in the xmlPatMatch function, which could cause application crashes when processing certain inputs.

gnutls 3.8.9:

• CVE-2024-12243: Addressed a flaw where decoding certain DER-encoded certificates could cause excessive resource consumption, leading to denial-of-service conditions.

mozjs128 128.7.0:

• CVE-2025-1009: Fixed a use-after-free vulnerability in XSLT that could lead to an exploitable crash.
• CVE-2025-1010: Resolved a use-after-free issue in the Custom Highlight API, potentially leading to a crash.
• CVE-2025-1011: Addressed a bug in WebAssembly code generation that could result in a crash and possible code execution.
• CVE-2025-1012: Fixed a use-after-free during concurrent delazification, which could lead to a crash.
• CVE-2024-11704: Corrected a potential double-free vulnerability in PKCS#7 decryption handling.
• CVE-2025-1013: Resolved an issue where private browsing tabs could be opened in normal browsing windows, leading to a potential privacy leak.
• CVE-2025-1014: Fixed improper certificate length checking when added to a certificate store.
• CVE-2025-1016: Addressed multiple memory safety bugs that could potentially be exploited to run arbitrary code.
• CVE-2025-1017: Resolved additional memory safety bugs present in the browser engine.

webkit2gtk3:

• CVE-2025-24143: Fixed a vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content.
• CVE-2025-24150: Resolved an issue where visiting a malicious website may lead to address bar spoofing.
• CVE-2025-24158: Addressed a memory corruption issue that could allow an attacker to execute arbitrary code.
• CVE-2024-24162: Fixed a vulnerability where processing maliciously crafted web content could lead to arbitrary code execution.

Python311:

• CVE-2025-0938: Fixed improper URL parsing in urllib.parse functions, which accepted invalid domain names with square brackets, potentially leading to security issues.

PAM-PKCS 0.6.13:

• CVE-2025-24032: Fixed an issue where an attacker could create a token with a user’s public certificate and a known PIN, allowing unauthorized login without requiring the private key.
• CVE-2025-24531: Addressed a potential authentication bypass in error situations when using smart cards for login.

krb5:

• CVE-2025-24528: Resolved a flaw where an authenticated attacker could cause kadmind to write beyond the end of the mapped region, leading to potential security risks.

Users are advised to update to the latest versions to mitigate these vulnerabilities.

Conclusion

KDE users will notice a more polished and efficient experience with the latest KDE Gear, Frameworks and Plasma updates. Beyond the visible improvements, Tumbleweed continues to strengthen its foundation with essential security patches for curl, mozjs128, grub2 and PostgreSQL, along with optimizations in XML processing through libxml2. These ongoing enhancements ensure Tumbleweed remains a dependable, high-performance open-source platform for developers and users alike.

Slowroll Arrivals

Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.

Contributing to openSUSE Tumbleweed

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

Data breaches and cyber threats are becoming increasingly common and securing your personal and professional information has never been more critical.

Users transitioning from Windows to Linux through the Upgrade to Freedom campaign can use openSUSE’s tools to protect sensitive data, which include full disk encryption (FDE).

Full disk encryption during installation ensures maximum security. It safeguards all data on your hard drive by encrypting it and makes it unreadable without an decryption key. This level of protection is vital for preventing unauthorized access if your laptop or desktop is lost or stolen.

FDE with openSUSE is both user-friendly and powerful. The setup with advanced security features is easy.

For users seeking feature parity with Windows BitLocker, openSUSE offers Full Disk Encryption (FDE) secured by a TPM2 chip or a FIDO2 key. This advanced setup enhances security by storing encryption keys within the TPM, which ensures that only a trusted system configuration can unlock the disk. For a step-by-step guide on enabling this feature, read the Quickstart in Full Disk Encryption with TPM and YaST2 article.

Here’s a step-by-step guide to set up FDE on your system:

Step 1: Download and Boot openSUSE

• Visit get.opensuse.org to download the latest version of openSUSE Leap or Tumbleweed.
• Create a bootable USB drive using tools like balenaEtcher or another image writer.
• Restart your computer and boot from the USB drive to begin the installation process.

Step 2: Configure Encryption During Installation

• Once the installer starts, select your preferred language and keyboard layout.
• In the partitioning setup, choose Guided Setup with Encrypted LVM.
• Set a strong passphrase for encryption. This passphrase will be required every time the system boots. Use a mix of upper and lower case letters, numbers and special characters for optimal security.
• Proceed with the installation as directed by the installer.

Step 3: Verify Encryption Settings

After installation is complete and the system restarts, you’ll be prompted to enter your encryption passphrase. Once entered, openSUSE tools will decrypt the disk and boot normally. To confirm encryption is active:

• Open a terminal or console.
• Run the command lsblk -f to verify that your disk is listed with the encryption type (e.g., crypto_LUKS).

The output might look something similar to the following:

NAME        FSTYPE      FSVER LABEL UUID                                   FSAVAIL FSUSE% MOUNTPOINT
sda                                                                                     
├─sda1      ext4        1.0     4a83v1e1-e8d2-4e38-815d-fd79j194f5   25G    30%    /
└─sda2      swap        1           d2e18c23-9w4b-4d26-p1s2-cm2sd64tx9de                
sdb                                                                                     
└─sdb1      crypto_LUKS 1           10bb2vca-81r4-418b-a2c4-e0f6585f2c7a                
  └─luks    ext4        1.0         8a9wka1b-7e9c-1a1f-a9f7-3c82x1e4e87f   150G    10%    /mnt/data

Step 4: Regular Backups

While FDE protects your data, it does not prevent data loss from hardware failure or accidental deletion. Regularly back up your data to an encrypted external drive or a secure cloud service to ensure its safety.

Post-Installation Encryption If you want to encrypt an existing partition after installation, visit the openSUSE wiki page about encryption.

Enhanced Security for Modern Challenges

Setting up full disk encryption on openSUSE not only protects your data but also aligns with the Upgrade to Freedom campaign’s mission of empowering users to maintain control over their hardware and privacy. By combining open-source software with good security practices, openSUSE ensures that users can confidently embrace a more secure digital future.

For additional guidance and community support, visit the openSUSE forums or join discussions at your local Linux user group.

Please be aware that some hardware configurations may require additional drivers or BIOS settings adjustments for full disk encryption to fully function properly. Check your device’s compatibility and update your firmware before proceeding.

The Reproducible-openSUSE (RBOS) project, which is a proof-of-concept fork of openSUSE, has reached a significant milestone after demonstrating a usable Linux distribution can be built with 100% bit-identical packages.

Reproducible builds ensure software can be rebuilt in an identical, bit-for-bit manner anywhere at any time using the same tools. This means that someone rebuilding the software from the same source code will get exactly the same results.

Why is this important? Because it’s a crucial aspect for supply-chain security.

This milestone for RBOS, led by openSUSE member Bernhard Wiedemann, advances software supply-chain security.

Reproducible builds allow us to confirm that the binaries used are correct, which ensures software has not been tampered with during the build process. By comparing identical outputs from different build environments, developers can detect issues such as accidental errors or malicious alterations. Without it, developers have to trust the build-process blindly or review binary-diffs manually, which is hard and time consuming.

In practice, reproducible-builds have found dozens of bug from race-conditions to compiling for incompatible CPUs with flags like via -march=native. Since Linux is a major component that operates the Internet, which is not only servers and routers but also client machines, improving security is vital.

The nice people at the nlnet foundation’s NGI0 Entrust fund sponsor open-source initiatives that improve the security of the internet. Wiedemann took on this 4-month-long project to create a fork of openSUSE that has 100% bit-reproducible packages. So far ring0 (aka bootstrap) and ring1 with 3,300 software packages have all successfully been patched and tested. Overall, the 16,000 source packages in openSUSE Factory have around 300 packages with issues left and information about this can be found in the following links:

• https://en.opensuse.org/openSUSE:Reproducible_openSUSE
• https://en.opensuse.org/openSUSE:Reproducible_openSUSE/Part1
• https://en.opensuse.org/openSUSE:Reproducible_openSUSE/Part2

Approximately 40 patches were needed and some more were completed before this project. Usually half of these patches are upstreamed.

With this, it is now possible to do a change in a toolchain package, rebuild everything and see exactly what changed as a result of the change.

RBOS does not receive security updates, so it is not recommended for productive use; it does however demonstrate how a full-bit-reproducible OS could be produced.

As patches make their way into openSUSE Factory, it should become easier to create a refresh in a year or two. Maybe it will become so little effort that each of the monthly Slowroll snapshots can be adapted into an RBOS-snapshot.

Ongoing work on a git-based OBS workflow could further support this effort, as tools like ‘git rebase’ can streamline and automate the process of integrating and updating patches.

How to test:

Grab the altimagebuild VM image with:

wget https://download.opensuse.org/repositories/home:/bmwiedemann:/reproducible:/distribution:/ring1/standard/src/altimagebuild-1-1.1.src.rpm

or

wget https://rb.zq1.de/RBOS/ring1/_build.standard.x86_64/altimagebuild/altimagebuild-1-1.1.x86_64.rpm

and run it as documented in https://en.opensuse.org/openSUSE:Reproducible_openSUSE/Part2#How_to_run_a_VM

Where does reproducible builds not help?

• bugs + backdoors in the source (e.g. xz-5.6.0) need source-code reviews
• backdoors in used build tools can be found with diverse-double-compilation = https://dwheeler.com/trusting-trust/ or be avoided with bootstrapping = https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/. Both of these methods only help if you have reproducible builds.

The milestone RBOS reached is an ongoing effort to provide more transparent, verifiable and secure software.

Tumbleweed has adopted SELinux as the default Linux Security Module (LSM) for new installations after a recent snapshot.

The transition was announced on the mailing list in July and marks a significant development for the rolling release. A new announcement on the factory mailing list yesterday confirms this to take place with the release of Tumbleweed snapshot 20250211. This change also applies to the openSUSE Tumbleweed minimalVM, which will ship with SELinux enabled by default.

“Users installing openSUSE Tumbleweed via the ISO image will see SELinux in enforcing mode as default option in the installer,” wrote SELinux Security Engineer Cathy Hu in the email announcement. “If the user prefers to use AppArmor instead of SELinux, they are able to change the selection to AppArmor manually in the installer.”

Tumbleweed has used AppArmor as its default LSM. This marks a shift in the default Mandatory Access Control (MAC) system for new installations as SELinux replaces AppArmor as the default choice. SELinux will be enabled in enforcing mode by default only for new installations. Existing installations will not be affected by the change and will retain the option to select AppArmor during installation if they prefer.

The switch to install SELinux by default is going through implementation and aligns with a decision to grow adoption of SELinux for both SUSE and openSUSE. It’s expected to increase security by confining more services by default. SELinux is known for its rich security features and widespread use in enterprise environments.

The move is expected to bring tighter access controls to Tumbleweed. Users may encounter bugs or issues, but openQA tests for Tumbleweed have played a key role in identifying and resolving potential problems in the early adoption phase.

Contributors were encouraged to report any bugs that arise and can refer to the SELinux bug report guide for help.

There is no plan to change the kernel configuration yet, with the installer handling SELinux activation on new installations.

The community response to this change has been largely positive, though some users, particularly those who rely on highly customized AppArmor profiles, expressed concerns. AppArmor will continue to be supported and users can opt to install it manually if desired.

The change does not affect the Leap 15.x release. The first boot might take a little time. Expect updates for SELinux to roll out with fixes and tweeks over the next several weeks.

Developers of the openSUSE community continue their commitment toward improving legal compliance and software transparency with the release of the Cavil Legal Text dataset on Hugging Face.

This dataset is designed to enhance automated legal text classification, which reduces manual review efforts and improves accuracy in identifying legal snippets within software projects.

“Open sourcing the dataset is cooler than just open sourcing the weights to a model fine-tuned by us because everyone can use it to make their own versions based on whatever open weight model they want,” said Sebastian Riedel, one of the developers behind the project.

The Cavil Legal Text dataset supports Cavil, which is a system built to automate the extraction and classification of potential legal texts in software packages. By leveraging AI, Cavil minimizes false positives when detecting license information, copyright statements and compliance-related content; this ensures that legal experts can focus on critical cases rather than sorting through large amounts of irrelevant data.

With 150,000 labeled samples, the dataset is instrumental in training AI models to distinguish between legal and non-legal text with a high degree of accuracy. It enables legal review workflows by improving text classifications, pattern matching and reduces the dependency of human intervention.

Cavil consists of three key parts: a user-friendly web application with a REST API, a job queue for handling background tasks like pattern matching and analysis, and an AI-powered text classification server that continually improves its ability to recognize legal texts. All these components interact seamlessly through PostgreSQL and HTTP; this allows human experts and lawyers to efficiently validate software licenses at scale.

Currently, Cavil employs a Character-level Convolutional Neural Network (CNN) model in production due to its efficiency and compatibility with existing infrastructure. However, an alternative approach using fine-tuned LLMs is under exploration. The LLM-lawyer experiment suggests that large language models could provide more adaptable and context-aware classifications with less frequent retraining.

The dataset is licensed under GPL-2.0-or-later and is freely available on Hugging Face for researchers, developers, and compliance teams to explore and contribute. Open-source contributors can refine AI classification models, propose new legal text patterns, and support the ongoing improvement of automated legal compliance in software projects.

Those interested can explore the dataset on Hugging Face, read the Cavil documentation, experiment with Llama-3 through the Llama-Lawyer repository, and contribute to openSUSE’s compliance efforts through GitHub.

The promising new package management tool Myrlyn now includes a much-requested feature: repository configuration. Users can now easily manage their repos, adjust priorities, enable auto-refresh, and even add well-known community repositories like packman, openh264, libdvdcss, and NVIDIA; all with Myrlyn’s streamlined UI!

Key Features:

• View repo details, including priority, auto-refresh status, and URL.
• Modify repo settings directly from the interface.
• Add custom repos with libzypp variables like $releasever.
• Select community repos automatically tailored for Leap, Tumbleweed or Slowroll.
• Enable read-only mode for non-privileged users.

Some users have been exclusively managing their systems with Myrlyn, which showcases its reliability. Myrlyn was developed during Hack Week 24 and is a standalone Qt-based package manager, free from YaST dependencies.

Ready to configure your repos? Head to Extras → Configure Repositories (Ctrl+Shift+O) and give it a spin!

Tumbleweed remains a strong example of a reliable rolling release as we step into 2025. This month delivered multiple snapshots and a wide range of updates! Two much anticipated major version updates arrived in snapshots this month; GIMP’s release candidate is giving users a good look into the 3.0 version and libvirt 11.0.0 improves virtualization performance, stability and flexibility. KDE Gear 24.12.1 improves app usability and KDE Plasma 6.2.5 brings some additional stability.

As always, be sure to roll back using snapper if any issues arise.

Happy updating and tumble on!

For more details on the change logs for the month, visit the openSUSE Factory mailing list.

New Features and Enhancements

GIMP 3.0.0~RC2: This makes a major leap to version 3.0 with significant updates and fixes. The build process is streamlined with improved handling of fonts, such as replacing Bitstream Vera with Google Noto Sans and ensuring stability even when fonts are missing. The Python runtime dependencies and enhanced debugging support with libbacktrace ensure smoother builds and better issue resolution. Experimental features like the Lua plugin are now gated for optional use, and Fedora-imported patches improve system monitor profile defaults, external help browser support, and privacy settings. These updates modernize GIMP’s architecture and prepare it for the final 3.0 release.

KDE Gear 24.12.1: Notable updates in this release were made to Dolphin, which improved behavior on X11, fixed thumbnail updates on renaming, and ensured search box initialization fixes. With Itinerary, enhancements for trip group handling were made; there were also improvement made to weather forecasts and it was optimized for crash prevention. Kdenlive addressed timeline issues, fixed crashes, improved layout handling and restored effects presets. KMail improved search functionalities and KPublicTransport enhanced station name recognition.

KDE Plasma 6.2.5: The Discover app store fixes overlapping update descriptions text and kpipewire fixes issues when streaming fails to update. The plasma update also prevents crashes by adding a dummy clipboard. Some screencasting was resolved with KWin. PowerDevil resolves crashes in unloadAllActiveActions and Plasma Networkmanager reverts fixing an issue with the connection speed tab remaining visible after disconnecting.

Rsync 3.4.1: This update brings critical bug fixes and security enhancements. Key updates include improved handling of the -H flag, resolution of a use-after-free issue in rename logging, and removal of the dependency on alloca() in the bundled popt. Security fixes address multiple vulnerabilities such as CVE-2024-12747, which mitigates a race condition in handling symbolic links, as well as CVE-2024-12084 through CVE-2024-12088, tackling heap buffer overflows, information leaks, and directory traversal risks. The update also introduces protocol version 32 and refines developer tools for improved permissions handling.

libvirt 11.0.0: This major release adds VLAN tagging and trunking support for network interfaces on Linux host bridges and enables domains to use advanced tlbflush Hyper-V features. User-defined aliases for devices in domain XML and virtiofs read-only mode are now supported. Enhanced vGPU migration between mdev and SRIOV VF devices is also introduced. Key fixes address transient domain TPM profile crashes, disk image deletion with snapshots, and post-copy migration recovery errors, alongside improvements in domain XML formatting and CPU model support.

libcdio 2.2.0: The library now uses GNU/Linux’s new ioctl with kernel 5.16+ and incorporates GitHub CI checks for better development workflow. Additionally, the update ensures compatibility with widestring APIs and provides better pkg-config detection.

Amarok 3.2.1 & 3.2.2: Amarok introduces Qt6 and KF6 compatibility, enabling support for gpodder, last.fm, and the Wikipedia context applet. The collection can now be filtered by empty tags, and the context view applet for the current track is displayed by default. Key fixes address crashes during file transfers to MTP devices, Ampache logins, and collection filtering. Additional improvements include reduced MTP device query flooding, refined font size limitations in the context view, and enhanced compatibility across compiler and Qt6 versions. Amarok now depends on KDE Frameworks 5.108, marking a step toward modernized builds and better stability.

libxml2 2.13.5: New features include API additions for more reliable malloc failure reporting and context-specific error handlers, such as xmlCtxtSetErrorHandler. The update introduces the XML_PARSE_NO_XXE parser option, enhancing security by disabling external entity loading. Key bug fixes address regressions in xmlIO, xmlreader, and handling of parameter entities. Additionally, significant optimizations ensure better compatibility with modern systems, improved error handling, and support for new configurations. Deprecated features such as HTTP POST support and legacy FTP functionality are gradually being phased out, which reflects a shift toward streamlined and secure XML processing.

Key Package Updates

Kernel Source 6.12.8, 6.12.10 and 6.13.0: The rolling release was one of the first to update to the 6.13 kernel and notable changes for it include a PCI/DPC quirk for PIO log size adjustments on Intel Raptor Lake-P (bsc#1234623). The update also drops a mainline patch for Nouveau backlight control and includes refreshed configurations. Enhanced USB handling, better support for various arm platforms and multiple bug fixes for IIO devices arrived in a previous kernel update. Key changes address vulnerabilities, improve stability and refine hardware compatibility across various subsystems. Version 6.12.8 had enhancements to ALSA and Bluetooth subsystems to address issues like memory leaks and invalid parameter handling. Btrfs received fixes for race conditions and improvements to power supply drivers were made.

btrfs-progs 6.12: This update includes recursive subvolume deletion for accessible subvolumes and the --subvol option in mkfs to create subvolumes with specific properties (read-only, read-write, or default). Other notable improvements include hard link detection in the --rootdir option, refined verbosity in receive and more accurate handling of compressed extents in check. The release also addresses several bugs, such as false positive checksum reports and improper subvolume iteration in rescue clear-ino-cache.

Systemd 257.2: Key updates in this package include improvements to user@.service. Various patches, such as fixes for TPM2 utilities and initrd_prepare behavior, have been integrated upstream. While the testsuite now requires cloning the systemd repository due to upstream changes; efforts are underway to adapt the sub-package.

Mesa 24.3.3: Fixes in this release include resolving rendering issues in Portal 2 and Half-Life 2, addressing crashes in Artifact Classic, and correcting a regression that broke Wayland on RS480M GPUs. Additional updates fix prop disc rendering in X-Plane 12, improve H264/H265 VAAPI encoding on R6700XT with proper QP value handling, and resolve missing text in Age of Mythology Retold on Arc b580 GPUs.

HarfBuzz 10.2.0: Font handling improvements arrive in this package. Unicode Variation Selectors are now considered during “cmap” table subsetting, while malformed UTF-8 strings are better guarded in hb_cairo_glyphs_from_buffer(). Rendering and parsing see significant fixes, including corrected scaling for “COLR” v1 glyphs and locale-independent double number parsing in the hb-subset tool. New APIs enable advanced font table serialization, repacking, and font variation settings conversion.

Coreutils 9.6: This release addresses multiple bug fixes, such as correcting issues in cp, mv, ls and tail, improving reliability and compliance with POSIX standards. Enhancements include new features like CRC32b support in cksum, indexed arguments in printf, and POSIX:2024 string comparison in test. Performance improvements touch key utilities like wc, cksum and sort to ensure faster operations on modern systems.

PHP 8.3.16: This package delivers a wide range of bug fixes and stability improvements across core features and extensions. Enhancements include addressing issues in DatePeriod, SimpleXML and FFI, resolving memory leaks in components like LibXML and Sockets, and improving compliance with standards such as RFC 6890 for IP filtering. Key fixes span vulnerabilities like use-after-free (UAF) in DOM and Iconv, segmentation faults in Gettext and Phar, and overflow issues in Streams. Developers benefit from improved error handling, compatibility updates, and hardened security measures for critical functions like proc_open().

Flatpak 1.16.0: The latest version has new environment variables like FLATPAK_TTY_PROGRESS, FLATPAK_DATA_DIR, and FLATPAK_DOWNLOAD_TMPDIR offer greater flexibility for configuring runtime behavior, such as progress indicators and alternative directory paths. Notable bug fixes include improved handling of dangling symlinks, corrections to introspection annotations in libflatpak, and resolving regressions with Wayland socket handling. Other refinements ensure smoother operation and compatibility, including fixes for terminal progress indicators and the installation of missing test data.

Bug Fixes and Security Updates

Several key security vulnerabilities were addressed this month:

Rsync 3.4.1:

• CVE-2024-12747: Fixed a race condition in handling symbolic links.
• CVE-2024-12084: Resolved a heap buffer overflow in checksum parsing.
• CVE-2024-12085: Fixed an information leak via uninitialized stack contents, defeating ASLR.
• CVE-2024-12086: Addressed server leakage of arbitrary client files.
• CVE-2024-12087: Resolved an issue allowing a server to make clients write files outside the destination directory using symbolic links.
• CVE-2024-12088: Fixed a bypass for --safe-links functionality.

git 2.48.1:

• CVE-2024-50349: Fixed an issue where crafted URLs could inject ANSI escape sequences, potentially misleading users into sending credentials to malicious hosts.
• CVE-2024-52006: Addressed incorrect handling of line endings in credential helpers, preventing credential exposure.

HPLIP:

• CVE-2020-6923: Fixed a memory buffer overflow vulnerability in HPLIP versions 3.20.8 and earlier, which could allow arbitrary code execution or denial of service.

libxml2 2.13.5:

• CVE-2024-40896: Fixed an out-of-bounds read and write vulnerability when processing HEIF files with forged overlay image offsets.

Raptor:

• CVE-2024-57823: Patch added to fix an integer underflow, which could lead to potential vulnerabilities.

Mozilla Firefox 134.0:

• CVE-2025-0244: Address bar spoofing using an invalid protocol scheme on Firefox for Android.
• CVE-2025-0245: Lock screen setting bypass in Firefox Focus for Android.
• CVE-2025-0246: Address bar spoofing using an invalid protocol scheme on Firefox for Android.
• CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack.
• CVE-2025-0238: Use-after-free when breaking lines in text.
• CVE-2025-0239: Alt-Svc ALPN validation failure when redirected.
• CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module.
• CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation.
• CVE-2025-0242: Memory safety bugs fixed across multiple versions of Firefox and Thunderbird.
• CVE-2025-0243: Memory safety bugs affecting Firefox, Thunderbird, and ESR versions.
• CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird 134.

openssl-3

• CVE-2024-13176: A timing side-channel vulnerability in ECDSA signature computations could allow attackers to recover private keys.

Conclusion

KDE users will appreciate the refined experience offered by the latest KDE Gear and Plasma releases, with improved usability and bug fixes. Under the hood, Tumbleweed continues to receive critical updates, including security enhancements for Rsync and improved XML processing with libxml2. These updates, along with numerous others continue to make Tumbleweed a secure, stable and useful open-source platform.

Slowroll Arrivals

Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.

Contributing to openSUSE Tumbleweed

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

The call for papers for openSUSE Conference 2025 is open.

The conference is scheduled to take place June 26 to 28 in Nuremberg, Germany.

Until April 30, people can submit proposals for a talk or workshop to share insights and their expertise.

People have 97 days to submit a talk for the conference and are encouraged to submit talks based on the following length and topics:

Presentations can be submitted for the following length of time:

• Lightning Talk (10 mins)
• Short Talk (30 mins)
• Virtual Talk (30 mins)
• Long Talk (45 mins)
• Workshop (1 hour)

The following tracks are listed for the conference:

• Cloud and Containers
• Community
• Embedded Systems and Edge Computing
• New Technologies
• Open Source
• openSUSE
• Open Source for Business: Beyond Code into Sustainability Track

Volunteers who would like to help the with the organization of the conference are encouraged to email ddemaio@opensuse.org or attend a weekly community meetings.

Conferences need sponsors to support community driven events to keep events free and open to new contributing members. Companies can find sponsorship information or donate to the Geeko Foundation to assist with funds that will go toward the conference.

Members of the openSUSE Election Committee have informed the project that Board elections are underway.

Four candidates are running for three open seats.

The final candidate list is:

• Chuck Payne
• Ish Sookun
• Jeff Mahoney
• Rachel Schrader

Key Dates

• Jan. 19, 2025: Voting opens
• Feb. 2, 2025: Voting closes
• Feb. 3, 2025: Results announced

For more information about the candidates and the election, visit the project mailing list where candidates are answering questions and informing members of their platform.

Board members serve as guides for the community, handle key project functions, facilitate initiatives, organize meetings, and manage openSUSE domains and trademarks. They also uphold community standards, including overseeing complaints and ensuring compliance with the openSUSE Code of Conduct.

Per the Election Rules, only current members are eligible to run for board positions. New members joining during the membership drive can participate in voting but cannot stand as candidates.

The election is overseen by committee members Edwin Zakaria, and Ariez Vachha. Their responsibilities include finalizing the candidate list and ensuring a smooth election process.

Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of Windows 10 support in October next year.

The good news is that gaming on Linux has never been better, and openSUSE is a powerful and versatile platform for gamers to continue enjoying their favorite titles.

Linux gaming has evolved significantly over the past decade. Thanks to tools like Proton, Steam and Lutris, a large number of Windows-exclusive games are now playable on Linux. openSUSE is an excellent choice for gamers making the switch since it’s well known for its stability, flexibility and hardware support.

Why Choose openSUSE for Gaming? openSUSE brings a unique combination of features that make it a desired Linux distribution for gamers:

• Stability and Performance: openSUSE Leap provides a reliable environment for gaming, while Tumbleweed offers the latest software and drivers for cutting-edge performance.
• Wide Hardware Support: Whether you’re using NVIDIA or AMD GPUs, openSUSE has excellent driver support.
• Customizability: openSUSE allows you to easily tailor your system for gaming with access to tools and tweaks.

Distributions of openSUSE will breathe new life into your existing hardware, help you to avoid costly upgrades and keep gaming without interruption.

Setting Up Gaming on openSUSE

Step 1: Install Steam

Steam is the cornerstone of Linux gaming, providing access to thousands of native and Proton-supported games. Open the software center (Discover for KDE Plasma, GNOME Software for GNOME) or use the terminal.

Install Steam: sudo zypper install steam

Launch Steam, log in, and enable Steam Play:

• Go to Settings > Steam Play.
• Enable Steam Play for supported titles and Steam Play for all other titles.
• Select the latest version of Proton.

Steam Play allows you to run many Windows games seamlessly on Linux.

Step 2: Install Lutris

Lutris is a game manager that simplifies the installation and configuration of games from sources like GOG, Epic Games, and even emulators. Install Lutris via the terminal: sudo zypper install lutris

• Open Lutris and log in to your account. Use Lutris’s library to install and manage your games. It provides pre-configured setups for many popular titles, making the process effortless.

Step 3: Configure Your GPU Drivers

Proper GPU drivers are essential for gaming performance.

For NVIDIA GPUs:

Add the NVIDIA repository: sudo zypper addrepo --refresh https://download.nvidia.com/opensuse/tumbleweed NVIDIA

Install the NVIDIA drivers:

sudo zypper search nvidia (package) sudo zypper install (package)

For AMD GPUs:

AMD GPUs work out of the box with open-source Mesa drivers. To ensure optimal performance, update your system: sudo zypper dup

Check out the GPU Switching if you use multiple GPUs.

Step 4: Optimize Your System

Install MangoHud: Monitor FPS and system performance in games. sudo zypper install mangohud

Use GameMode: Optimize system resources for gaming performance. sudo zypper install gamemode

Popular Games on openSUSE

Many games have native Linux versions that run flawlessly on openSUSE:

• Counter-Strike: Global Offensive
• Dota 2
• Sid Meier’s Civilization VI
• Hades
• Valheim

Proton, Steam’s compatibility layer, allows you to play many Windows games on Linux:

• The Witcher 3: Wild Hunt
• Cyberpunk 2077
• Red Dead Redemption 2
• Elden Ring
• No Man’s Sky

Retro Gaming

For retro gaming enthusiasts, tools like RetroArch and Dolphin Emulator enable you to relive classic titles from consoles like the Nintendo 64, GameCube, and PlayStation.

Resources and Support

Need help? The Linux gaming community is active and ready to assist. Check out these resources:

• Proton – Find information about how well your favorite games run on Linux.
• Lutris – Guides and tips for setting up games.
• openSUSE Forums – Connect with the community for support.

Gaming on Linux, particularly with openSUSE, is no longer a compromise. Whether you’re playing AAA titles, indie games or retro classics, openSUSE offers the tools and performance you need to enjoy a seamless gaming experience.

Don’t wait until Windows 10 support ends; make the switch today and keep your gaming journey alive on openSUSE.

Upgrading to Windows 11 may require new hardware, which could add significant costs. Switching to openSUSE not only extends the life of your current hardware but also gives you access to a modern, secure gaming platform. By adopting openSUSE, you avoid contributing to e-waste caused by discarding perfectly functional machines and take advantage of a free, open-source operating system tailored for performance and reliability. This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.

Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of Windows 10 support in October next year.

The good news is that gaming on Linux has never been better, and openSUSE is a powerful and versatile platform for gamers to continue enjoying their favorite titles.

Linux gaming has evolved significantly over the past decade. Thanks to tools like Proton, Steam and Lutris, a large number of Windows-exclusive games are now playable on Linux. openSUSE is an excellent choice for gamers making the switch since it’s well known for its stability, flexibility and hardware support.

Why Choose openSUSE for Gaming? openSUSE brings a unique combination of features that make it a desired Linux distribution for gamers:

• Stability and Performance: openSUSE Leap provides a reliable environment for gaming, while Tumbleweed offers the latest software and drivers for cutting-edge performance.
• Wide Hardware Support: Whether you’re using NVIDIA or AMD GPUs, openSUSE has excellent driver support.
• Customizability: openSUSE allows you to easily tailor your system for gaming with access to tools and tweaks.

Distributions of openSUSE will breathe new life into your existing hardware, help you to avoid costly upgrades and keep gaming without interruption.

Setting Up Gaming on openSUSE

Step 1: Install Steam Steam is the cornerstone of Linux gaming, providing access to thousands of native and Proton-supported games. Open the software center (Discover for KDE Plasma, GNOME Software for GNOME) or use the terminal. Install Steam: sudo zypper install steam Launch Steam, log in, and enable Steam Play:

• Go to Settings > Steam Play.
• Enable Steam Play for supported titles and Steam Play for all other titles.
• Select the latest version of Proton. Steam Play allows you to run many Windows games seamlessly on Linux. Step 2: Install Lutris Lutris is a game manager that simplifies the installation and configuration of games from sources like GOG, Epic Games, and even emulators. Install Lutris via the terminal: sudo zypper install lutris
• Open Lutris and log in to your account. Use Lutris’s library to install and manage your games. It provides pre-configured setups for many popular titles, making the process effortless.

Step 3: Configure Your GPU Drivers Proper GPU drivers are essential for gaming performance.

For NVIDIA GPUs: Add the NVIDIA repository: sudo zypper addrepo --refresh https://download.nvidia.com/opensuse/tumbleweed NVIDIA

Install the NVIDIA drivers: sudo zypper search nvidia (package) sudo zypper install (package)

For AMD GPUs: AMD GPUs work out of the box with open-source Mesa drivers. To ensure optimal performance, update your system: sudo zypper dup

Check out the GPU Switching if you use multiple GPUs.

Step 4: Optimize Your System Install MangoHud: Monitor FPS and system performance in games. sudo zypper install mangohud Use GameMode: Optimize system resources for gaming performance. sudo zypper install gamemode

Popular Games on openSUSE Native Linux Games Many games have native Linux versions that run flawlessly on openSUSE:

• Counter-Strike: Global Offensive
• Dota 2
• Sid Meier’s Civilization VI
• Hades
• Valheim

Windows Games with Proton Proton, Steam’s compatibility layer, allows you to play many Windows games on Linux:

• The Witcher 3: Wild Hunt
• Cyberpunk 2077
• Red Dead Redemption 2
• Elden Ring
• No Man’s Sky

Retro Gaming For retro gaming enthusiasts, tools like RetroArch and Dolphin Emulator enable you to relive classic titles from consoles like the Nintendo 64, GameCube, and PlayStation.

Resources and Support Need help? The Linux gaming community is active and ready to assist. Check out these resources: ProtonDB: protondb.com – Find information about how well your favorite games run on Linux. Lutris Wiki: lutris.net – Guides and tips for setting up games. openSUSE Forums: forums.opensuse.org – Connect with the community for support.

Gaming on Linux, particularly with openSUSE, is no longer a compromise. Whether you’re playing AAA titles, indie games or retro classics, openSUSE offers the tools and performance you need to enjoy a seamless gaming experience.

Don’t wait until Windows 10 support ends; make the switch today and keep your gaming journey alive on openSUSE.

Upgrading to Windows 11 may require new hardware, which could add significant costs. Switching to openSUSE not only extends the life of your current hardware but also gives you access to a modern, secure gaming platform. By adopting openSUSE, you avoid contributing to e-waste caused by discarding perfectly functional machines and take advantage of a free, open-source operating system tailored for performance and reliability.

This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.

The openSUSE Innovator initiative and the Intel Innovator program play a crucial role in ensuring that the openVINO repository remains up to date for the openSUSE Linux distribution community, which I continually to strive to help.

OpenVINO (Open Visual Inference and Neural Network Optimization) is one of the most crucial tools in the AI ecosystem, especially for applications requiring optimized performance for deep learning model inference. The 2024.6.0 release that arrived in Tumbleweed brings significant advancements in compatibility, optimizations and support for complex models, including those used in Generative AI, such as Large Language Models (LLMs).

The Importance of OpenVINO on openSUSE Linux

• Seamless Hardware and Software Integration: OpenVINO provides native acceleration for Intel CPUs and GPUs while maintaining flexibility to support other platforms. When paired with openSUSE Linux’s optimized kernel and advanced library compatibility, OpenVINO reaches its full potential.
• Generative AI in Open Source: In the era of Generative AI, tools like OpenVINO democratize access to cutting-edge technologies and allow developers of all levels to create advanced solutions directly on openSUSE without requiring expensive proprietary hardware.
• Performance and Efficiency: OpenVINO significantly reduces inference times and resource usage, which is a critical feature for LLM-based applications processing large amounts of data in real-time.
• Developer Simplicity: One of OpenVINO’s greatest advantages is its accessibility. It enables even beginner developers to build robust applications with minimal code while still offering flexibility and customization for advanced projects.

Building an LLM Application in 3 Lines of Code

With OpenVINO, creating an application using a generative language model is as simple as:

import openvino_genai as ov_genai
pipe = ov_genai.LLMPipeline("TinyLlama-1.1B-Chat-v1.0/", "CPU")
print(pipe.generate("Openvino é", max_new_tokens=100, do_sample=False))

This simplicity highlights how OpenVINO allows seamless integration of Generative AI technologies into openSUSE Linux, combining optimization with ease of use.

Conclusion

The presence of OpenVINO on openSUSE Linux reinforces the role of open source in leading technological advancements in the AI era. It empowers businesses, independent developers and enthusiasts to build efficient, scalable and impactful applications. With tools like OpenVINO, openSUSE positions itself as a powerful platform for innovation in Generative AI.

Feedback and suggestions for the evolution of work can be sent to Alessandro de Oliveira Faria (A.K.A. CABELO) cabelo@pensuse.org

With the release of LXQt 2.1, we are pleased to announce the availability of Wayland compatibility for LXQt within Tumbleweed.

This support is to be considered experimental at this point, and for most users, is likely not ready for daily driving.

LXQt, unlike many other desktop environments, does not provide its own Window Manager. Under X11, the openSUSE-LXQt team defaults to using Openbox as its Window Manager. This decision carries over from upstream to the new Wayland support; the initial release of lxqt-wayland-sessions supports the following Wayland Compositors:

• Hyprland
• Kwin
• labwc
• niri
• river
• Sway
• Wayfire

At present, not all of LXQt’s built-in configuration tools work with all compositors, nor do all compositors support all features of LXQt components. Most notably:

• lxqt-globalkeys does not work with Wayland, and setting keybinds must be done through each individual compositor’s configuration files.
• lxqt-panel’s desktop switcher, and LXQt Power Manager’s settings for controlling displays are only compatible with KWin.
• With the exception of KWin and labwc, configuration is done by editing the text configuration files of individual compositors. KWin can be configured through GUI tools, provided the relevant parts of KDE System Settings are installed. labwc offers labwc-tweaks, which allows certain configurations through a GUI, but it is not comprehensive.

The openSUSE-LXQt team is not currently making any recommendations as to a “default” Wayland compositor for LXQt since this support is still in active development, but we do make the following suggestions to help you decide. If you don’t know which compositor you would like to try, take the following considerations:

• KWin provides the most complete Wayland session, workspace support, and with the right parts of Plasma installed, can be configured through the GUI rather than by editing text files.
• labwc is roughly based on the idea of “Openbox for Wayland” and will feel more “at home” for existing LXQt users.
• If you prefer Floating/Stacking desktops, Kwin, labwc, or Wayfire are your best current choices.
• If you like tiling desktops, Hyprland, niri, river, or Sway may be to your liking.
• If you like lots of desktop effects and “bling”, Kwin, Hyprland, or Wayfire are probably good places to start.

For more detailed information, please visit the openSUSE LXQt Wayland wiki.

The openSUSE Slowroll community has welcomed the January version bump that was completed recently.

Slowroll’s snapshots mark the beginning of fresh updates with the initial updates now accessible on mirrors globally.

This month’s bump comes a day early to avoid interruptions caused by routine maintenance on critical infrastructure. Updates are rolling out and users get new Tumbleweed versions from the 20250101 snapshot.

The updates integrate advancements from the openSUSE reproducibility initiative, which derive from Factory/Tumbleweed. Key improvements include enhanced tools for reproducible builds and fixes for dependency handling, parallelism and race conditions in packages such as Python, Qt and others.

Slowroll’s smart roll approach delivers a dependable foundation for users seeking a reliable system with essential security updates that avoid frequent changes seen in traditional rolling-release models. The balance makes it an excellent choice for those who want a balance of stability and access to modern software.

Updates for Slowroll arrive between an average of 5 to 10 days after being released in Tumbleweed. Users can read the latest monthly update for Tumbleweed to see what packages are arriving in Slowroll; recent updates include QEMU 9.2.0, which adds 3D acceleration for Vulkan apps and enhanced crypto support, and GPG 2.5.2, which features ECC+Kyber key generation and improved smart card handling.

While still marked as experimental (for lack of automated tests), Slowroll continues to evolve and offers users a dependable and innovative alternative in the openSUSE ecosystem.

For more details, visit the project’s roadmap.

Tumbleweed continues to exemplify a solid rolling release and December 2024 wraps up a year of several snapshots and large array of updates! KDE Gear 24.12 improves app usability, SQLite introduces innovative query features and snapshots brought critical patches across various packages for enhanced security. These updates not only strengthen functionality but also set the stage for an exciting 2025.

As always, remember to roll back using snapper if any issues arise.

Happy updating and tumble on!

For more details on the change logs for the month, visit the openSUSE Factory mailing list.

New Features and Enhancements

• KDE Gear 24.12: This update delivers many enhancements across KDE’s diverse application suite. Dolphin now boasts better keyboard navigation, file sorting and a new mobile-optimized interface for Plasma Mobile. Document viewer Okular enhances its annotation, form-handling and digital signing capabilities, while Kdenlive introduces features like timeline item resizing and proxy generation improvements. Other apps like certificate manage Kleopatra and KDE Connect also see notable upgrades that includes improved cryptography tools and improved Bluetooth connectivity.
• KDE Ships Frameworks 6.9.0: Key highlights include better accessibility, improved file handling and updated icon sets across various modules. Frameworks like Baloo and Kirigami received significant updates for test reliability and usability, while Breeze Icons introduced new symbolic versions for better UI consistency. The transition to Qt6 progresses with many components now optimized for compatibility, and new Python bindings extend functionality in multiple libraries. Other improvements address cryptographic handling, better integration with Flatpak, and fixes for platform-specific builds like Haiku.
• sqlite 3.47.1 & 3.47.2: The 3.47.1 version fixes makefile DESTDIR handling, addresses issues with certain IN queries and resolves bugs from prior releases. The upgrade introduces arbitrary expressions for RAISE, enhanced query optimizations, improved group_concat behavior and new CLI features like median() and .www. Several query planner improvements boost performance, while SQLite now avoids “long double” usage for better compatibility. Additional enhancements include custom locale-aware FTS5 tokenizers, contentless FTS5 tables, and an experimental sqlite3_rsync tool. Compatibility for TCL9 is added, and JavaScript OPFS VFS issues are fixed. The 3.47.2 version resolves a text-to-floating-point conversion issue affecting specific numeric text values on x64 and i386 systems, introduced in version 3.47.0. Minor bug fixes are included, and the session extension is now enabled to support NodeJS 22.
• Kernel-firmware 20241128: This introduces extensive updates that include the i915 Xe2LPD DMC v2.24, new Cirrus CS35L56 firmware for Dell laptops, and multiple amdgpu updates. It also adds new aliases for kernel 6.13-rc1 and enhances support for various AMD GPUs, iwlwifi and other devices.
• gpg 2.5.2: This update introduces ECC+Kyber key generation, trustdb validation post-key import and improved handling of expired trusted keys. Enhancements include fixes for encryption issues, robust error handling for smart cards and performance boosts for certificate listings. Other updates refine ADSK key usage, address database race conditions and optimize directory creation during extraction.
• curl 8.11.1: This release addresses a critical security issue involving netrc and redirect credential leaks. Improvements include fixes for cookie handling, enhanced trace timestamps and better error messaging for expired certificates. Updates also resolve issues with netrc parsing, libssh IPv6 handling and HTTP content decoding.

Key Package Updates

• Kernel Source 6.12.6: The kernel introduces numerous improvements and fixes. Key updates include enhanced USB support, addresses issues in device suspension and improves audio compatibility for specific devices. Other notable fixes involve enhancements to scheduling, block storage, network protocols and RISC-V architecture. It also includes critical patches for BPF, IOMMU, and several drivers.
• Flatpak 1.15.12: This fixes crashes during app installations by reverting to process IDs in cgroup names, introduces USB metadata parameters (--usb, --no-usb), enhances accessibility with --a11y-own-name, improves debugging with flatpak run -vv, adds KDE search completion support and includes build fixes, updated dependencies, and memory leak resolutions.
• systemd 256.9 and 256.10: This 256.9 update clarifies $WATCHDOG_USEC usage for the shutdown binary and addresses SAS wide ports in udev-builtin-path_id. It reverts a commit causing regressions, disables EFI on non-compliant architectures, and removes /run/systemd when switching root. The 256.10 update includes fixes for VLAN ranges, improved WireGuard key error reporting and adjustments to systemctl for better user feedback.
• LLVM 19.1.5 and 19.1.6: This minor update provides bug fixes and the llvm-do-not-install-static-libraries.patch was rebased to align with the update.
• qemu 9.2.0: This update introduces 3D acceleration for Vulkan apps via virtio-gpu, enhanced crypto with SHA-384 support and QATzip migration compression. arm gains FEAT_EBF16 emulation, two-stage SMMU and CPU Security Extensions for xilinx-zynq-a9. RISC-V sees IOMMU support, extensions for control flow integrity and improved vector performance. x86 highlights include a new Nitro Enclave machine type and AVX10 KVM enhancements.
• GStreamer 1.24.10: This update addresses more than 40 security vulnerabilities in components like MP4, Matroska and Ogg demuxers and includes fixes for avviddec assertions, appsink/appsrc, decodebin3, closed captioning and pipeline graph generation.
• vim 9.1.0908: This update includes new file type recognitions, enhancements to documentation, better syntax support for various languages and numerous bug fixes across features like completion, file operations, and plugins. It also refreshes translations and improves runtime components like netrw and termdebug.
• libzypp 17.35.15: This update updates to treat = as a safe character in URL query values, adds support for recognizing rpmdb.sqlite as a database file, fixes a typo and adjusts the FastCGI header.
• gedit 48.1: This update removes plugins like External Tools, Snippets and Python Console. The package rewrites the Text Size plugin in C, and eliminates the background-pattern grid feature. Fixes include Wayland unmaximize bug and compilation warnings, alongside code refactoring and updated translations. The gedit-plugins-python-env.patch was dropped as obsolete.
• AppStream 1.0.4: This release brings new features, including AS_BUNDLE_KIND_SYSUPDATE for system updates and dark theme support for Plasma and Pantheon. Improvements were made to memory size detection for Illumos, Solaris, and GNU/Hurd along with enhanced branding color exposure in Qt. Bug fixes address race conditions in GResource loading, timezone handling and legacy compatibility tags.

Bug Fixes and Security Updates

Several key security vulnerabilities were addressed this month:

• avahi:
  • CVE-2024-52616: Predictable Avahi-daemon DNS transaction IDs enable potential spoofing attacks.
• mozjs128 128.5.1:
  • CVE-2024-11691: Out-of-bounds write in Apple GPU drivers via WebGL.
  • CVE-2024-11692: Select list elements could display over another site.
  • CVE-2024-11694: CSP bypass and XSS exposure via Web Compatibility Shims.
  • CVE-2024-11695: URL bar spoofing through manipulated Punycode and whitespace characters.
  • CVE-2024-11696: Unhandled exception during add-on signature verification.
  • CVE-2024-11697: Improper keypress handling in executable file confirmation dialog.
• curl 8.11.1:
  • CVE-2024-11053: Versions 6.5–8.11.0 leaked .netrc passwords during HTTP redirects.
• libheif:
  • CVE-2023-0996: Addressed out-of-bounds read and write issues during HEIF file decoding with forged overlay image offsets.
  • CVE-2024-41311 : Fixes mitigating vulnerabilities that could lead to memory corruption during malformed HEIF file handling.
  • CVE-2023-29659: Enhances overall security and addresses security flaws in HEIF file processing to prevent out-of-bounds access.
• socat 1.8.0.2:
  • CVE-2024-54661: Predictable temp file paths in socat may allow arbitrary file overwrites.
• emacs:
  • CVE-2024-53920: On untrusted Emacs, Lisp code can trigger unsafe macro expansion, allowing arbitrary code execution.

Conclusion

December 2024 capped off the year with significant updates. Notable enhancements include QEMU’s improved virtualization features, systemd’s refined user feedback and hardware compatibility, and the kernel’s advancements in boosting device support and performance. Updates to Flatpak and AppStream further enhance the ecosystem, providing better app management and integration. As Tumbleweed users roll into 2025, they can count on a comfortable, secure open-source software experience. Happy tumbling!

Slowroll Arrivals

Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.

Contributing to openSUSE Tumbleweed

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

Members of the openSUSE Election Committee have provided an update regarding this year’s Board election. This election will fill three board seats. All eligible openSUSE members are encouraged to participate in shaping the future of the project.

The nomination process, originally scheduled for completion in December, has been extended due to an insufficient number of candidates. The updated timeline aims to provide more opportunities for members to engage in the process.

Revised Election Timeline

• Jan. 3, 2025: Extension for nominations and applications for Board candidacy; membership drive begins
• Jan. 18, 2025: Final candidate list announced; campaign begins; membership drive continues (new members can vote but not run)
• Jan. 19, 2025: Voting opens
• Feb. 2, 2025: Voting closes
• Feb. 3, 2025: Election results announced

The three open seats are held by Douglas DeMaio, Neal Gompa, and Patrick Fitzgerald. Board members serve as guides for the community, handle key project functions, facilitate initiatives, organize meetings, and manage openSUSE domains and trademarks. They also uphold community standards, including overseeing complaints and ensuring compliance with the openSUSE Code of Conduct.

How to Participate

Any openSUSE member can stand for election by sending an email to project@lists.opensuse.org and election-officials@lists.opensuse.org. Members can also nominate others by contacting the Election Committee, who will confirm the nominee’s interest.

Eligibility Requirements

Per the Election Rules, only current members are eligible to run for board positions. New members joining during the membership drive can participate in voting but cannot stand as candidates.

The election is overseen by committee members Ish Sookun, Edwin Zakaria, and Ariez Vachha. Their responsibilities include finalizing the candidate list and ensuring a smooth election process.

Let’s work together to make this election a success and continue driving openSUSE forward into 2025!

The name for this project was updated to Myrlyn on Jan. 9, 2025.

YQPkg, a promising new package management tool for openSUSE, is preparing to make waves in the Linux community.

Designed as a standalone GUI, the software package offers a lightweight, intuitive alternative to traditional tools like YaST for users of openSUSE distributions.

YQPkg provides a glimpse into the future of package management on openSUSE systems. The usable alpha when packaged and released for Tumbleweed and Slowroll will include most of the key features necessary for effective package management.

YQPkg was developed during Hack Week 24 and is a standalone Qt-based package manager, free from YaST dependencies. It supports real package installation, updates, and removals with dependency resolution and user feedback. It’s alpha but usable, with read-only and root modes.

Users can run it as root for full functionality or as a regular user in read-only mode. It features a straightforward progress bar and users can toggle detailed views during operations.

However, some limitations remain. Repository refresh operations and gpg key handling are not yet implemented, so users are advised to manually refresh repositories (sudo zypper ref) before starting the program. YQPkg is still in active development, with known bugs and potential issues; IT IS RECOMMENDED TO AVOID USING IT ON CRITICAL PRODUCTION SYSTEMS AT THIS POINT.

Unlike its predecessor, YQPkg does not depend on YaST infrastructure as it relies only on libzypp. This independence ensures a streamlined experience and reduces some complexity. Libzypp is a C++-based package management library that handles package dependency resolution and management, independent of any graphical user interface framework like Qt.

The tool will introduce flexible summary views, allowing users to review completed tasks or return to previous steps for additional changes. Preferences like summary page settings and countdown timers are saved for future sessions.

Users wanting to explore YQPkg will be able to easily get started upon its release; after refreshing repositories with sudo zypper ref, users can download the latest alpha release and run the tool in either non-root read-only mode or with root permissions for full functionality; this accessibility ensures YQPkg is ready to meet the needs of both casual users and power users alike.

Though still in development, YQPkg is steadily evolving. Future updates promise enhancements like improved error handling, GPG key management, and repository refresh prompts. YQPkg is shaping up for a bright future related to package management within the openSUSE ecosystem.

You can build it from source from its GitHub repo. The current development status and screenshots are available here; scroll down for the latest news.

The release of Leap 15.6 on June 12 set in motion the End of Life for maintenance and security for Leap 15.5, which will happen at the end of December.

Users should upgrade to openSUSE Leap 15.6 to continue to receive security and maintenance updates. Leap versions have a six-month end-of-life period after the release of a new version.

The openSUSE Project is in the development for stage forLeap 16.0 with the pre-Alpha version people can test.

Early adopters and contributors are encouraged to explore this release and provide feedback to shape the next Leap release, which will come with the Agama installer.

Visit get.opensuse.org to try an openSUSE distribution. For users seeking extended support, SUSE offers long-term support options through its subscription services.

The openSUSE community will celebrate the 5-year anniversary of the openSUSE Bar on Dec. 19. Join people in the bar and celebrate this social space where open-source enthusiasts, developers and like minded individuals can come together to discuss open source and other topics.

The bar has become more than just a meeting place; it is a space to collaborate, connect and a welcoming atmosphere for sharing ideas. For years, the space has had countless informal meetups and networking events, celebratory moments after openSUSE milestones and is a place for openSUSE fans to gather.

People are invited to join in the celebration and to share memories or stories of their experience in the openSUSE Bar.

You can find a video about the beginning of the openSUSE Bar from a talk at openSUSE Conference 2022.

Most people don’t give much thought to their operating system, but with Windows 10 support ending in October 2025, many will start searching for alternatives that keep them secure without spending more than $100 for a software upgrade or on hardware that still works perfectly.

User-friendly Linux distribution like openSUSE and others offer an excellent solution for everyday tasks like social media, video conferencing, web browsing and more.

If you’re a casual computer user wondering whether you can accomplish the same tasks on Linux that you’ve been doing on Windows, the answer is a resounding YES!

From messaging apps like Telegram to video conferencing with Zoom, openSUSE has you covered. This guide will show you how easy it is to get started with Linux and continue using the apps and tools you’re familiar with.

Get the below applications as a Flatpak in the software center of your desktop environment.

Web Browsing: Chrome, Firefox, Brave, and More

Browsing the web on Linux is just as simple as it is on Windows or macOS. openSUSE supports a wide range of web browsers, including some of the most popular names in the market.

• Mozilla Firefox comes pre-installed with most Linux distributions, including openSUSE. It’s fast, privacy-focused, and supports all major web standards, making it perfect for everything from casual browsing to online shopping and video streaming.
• Google Chrome is available on Linux and can be installed easily on openSUSE. If you’re used to Chrome’s features, including syncing bookmarks and settings across devices, you’ll feel right at home.
• Brave is another great option for privacy-conscious users. It blocks trackers and ads by default and gives people a fast and secure browsing experience. Brave is also easy to install on openSUSE. All these browsers support extensions and features you’re already familiar with, so switching to Linux won’t feel like a big leap.

Social Media Apps: Telegram, Discord, and More

Staying connected on social media is easy, especially getting your favorite apps for messaging, video calls and group chats. Whether as a native downloadable app or as Flatpak app, you will hardly know a difference.

• Telegram is available for Linux and can be installed directly from the openSUSE software repositories. It works just like the version you’re used to. It allows you to chat, make voice calls and share media with your contacts.
• Discord, a popular platform for gamers and communities, this also works seamlessly on Linux. You can download the Linux version from the Discord website or install it as a Flatpak for easy updates. Whether you’re chatting with friends or joining online communities, Discord on openSUSE is just as powerful as its Windows counterpart.
• Signal, a privacy-focused messaging app, is available for Linux and ensures that your chats are secure with end-to-end encryption. It’s a great alternative to WhatsApp for privacy-conscious users.

Video Conferencing: Zoom and Alternatives

Video conferencing has become a staple for work and personal use, and openSUSE has strong support for popular platforms like Zoom and others.

• Zoom offers a Linux version that works just like the Windows app. You can download it from Zoom’s official website or use the Flatpak version. Whether you’re attending work meetings, online classes or virtual hangouts with friends, Zoom on openSUSE is fully functional and reliable.

• Jitsi Meet is a free, open-source alternative to Zoom that doesn’t require any installation. You can use it directly from your web browser. The project even uses it for its online bar making it a quick and easy option for video conferencing without the need for additional software. Visit the openSUSE Bar and the may be some people there ready to explain how easy it is to move to Linux.
• Google Meet and Microsoft Teams are also fully supported on Linux via web browsers like Chrome or Firefox, so you can join meetings without any issues. There is even an unofficial Flatpak app for Teams.

Email: Thunderbird, Evolution, and More

Managing your email is easy through the browser or on with several great apps to choose from.

• Mozilla Thunderbird is a popular email client that comes pre-installed on many Linux distributions, including openSUSE. It supports multiple email accounts, calendars and task management, which makes it great for everyday use.
• Evolution is another feature-rich email client that supports Microsoft Exchange, Google accounts, and more. It’s an option if you need advanced email, calendar, and task management features.
• Gmail, Outlook, and other web-based email services are fully accessible via your preferred browser, just as they are on Windows.

Streaming and Multimedia: Spotify, VLC and More

Linux supports popular platforms for streaming music, videos and other media.

• Spotify has an official Linux client that you can install on openSUSE. It works the same as it does on other operating systems, giving you access to your playlists, podcasts and favorite music.
• VLC Media Player is the go-to app for playing virtually any media file. Whether you’re watching movies, TV shows or home videos, VLC’s powerful playback features make it a top choice on a Linux distribution.
• YouTube and other streaming services, such as Netflix, Hulu, and Disney+, are fully supported on Linux via web browsers like Chrome or Firefox.

File Sharing and Cloud Storage: Dropbox, Google Drive, and Nextcloud

Managing your files and cloud storage is simple on openSUSE.

• Nextcloud is a popular open-source alternative to commercial cloud storage services. It allows you to host your own cloud storage solution, giving you full control over your files.
• Dropbox has a Linux client that integrates seamlessly with your desktop and allows you to sync files just as you would on Windows or macOS.
• Google Drive can be accessed through the web browser.

How to Install

Users transitioning from Windows 10 to openSUSE should know it has the same functionality for common tasks like browsing, messaging, video conferencing, and media streaming, but without the need for expensive hardware and software upgrades. Here is an easy step-by-step guide to downloading software on your openSUSE Linux distribution:

KDE Plasma: Using Discover Software Center

KDE Plasma’s default software center is called Discover, which provides an easy way to search for and install applications.

Plasma Step 1: Open Discover

1. Click on the Application Launcher (bottom-left corner of your screen, represented by a green chameleon logo or KDE logo).
2. Type Discover in the search bar, and click on the Discover app to open it.

Plasma Step 2: Search for Software

1. Once Discover is open, you’ll see a search bar at the top.
2. Type the name of the software you’re looking for, such as “Firefox,” “Telegram,” or “Zoom.”

Plasma Step 3: Install the Application

1. Click on the application from the search results.
2. Click the Install button.
3. Wait for the installation process to complete. Once done, the Install button will change to Launch.

Plasma Step 4: Launch the Application

1. You can launch the newly installed application from the Discover window by clicking Launch, or find it in your Application Launcher.

GNOME: Using GNOME Software Center

GNOME’s default software center is called GNOME Software, which functions similarly to an app store.

GNOME Step 1: Open GNOME Software

1. Click on Activities in the top-left corner of your screen.
2. Type Software in the search bar, and click on GNOME Software to open it.

GNOME Step 2: Search for Software

1. At the top of the GNOME Software window, there’s a search bar.
2. Type the name of the software you want to install, such as “Brave,” “Signal,” or “Spotify.”

GNOME Step 3: Install the Application

1. Select the application from the search results.
2. Click the Install button.
3. GNOME Software will handle the download and installation. Once finished, you can launch the app directly from the software center.

GNOME Step 4: Launch the Application

1. After installation, you can click the Launch button in the software center, or find the app in the Activities overview by searching for it.

Whether you’re using KDE Plasma or GNOME, installing software on openSUSE is straightforward with the software centers. Both Discover (KDE) and GNOME Software provide user-friendly interfaces that allow you to search for, install, and manage your applications just like you would in an app store. This makes it easy for users transitioning from Windows 10 to feel comfortable using their new Linux system for everyday tasks.

This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.