Reading view

There are new articles available, click to refresh the page.

Leap Micro 6.1 Release Candidate

Release Candidate images of Leap Micro 6.1 can be found at get.opensuse.org.

At this point we’re only awaiting confirmation of the Leap Micro 6.1 maintenance setup prior making an official release; hopefully coming later this week.

Please be aware that the release of Leap Micro 6.1 means the end of life for Leap Micro 5.5.

Users are advised to upgrade to either Leap Micro 6.0 or 6.1 and can find details about release cycle on the openSUSE wiki.

Users upgrading from previous releases can consider our experimental opensuse-migration-tool. The migration tool will be part of Leap Micro 6.1+; users from older release can still get the tool from git.

See our Leap Micro upgrade wiki for more information about upgrade options.

See SLE Micro 6.1 Release notes and a summary for a list of changes in the Leap Micro 6.1 Alpha announcement.

openSUSE Empowers Creative Professionals

Creative professionals exploring alternatives that allow them to continue working without investing in costly new hardware and software upgrades can look at Linux as the end of Windows 10 approaches.

Distributions and flavors like openSUSE’s Tumbleweed, Leap, Slowroll, Kalpa and Aeon and other Linux distributions offer an excellent platform for creators with a wide variety of powerful, open-source tools designed to meet the needs of artists, designers, photographers, videographers and video editors.

From Indie short films to podcasts, open-source software and tools are available as a Flatpak, AppImage or as a native applications for creative people to create.

Many user-friendly tools are viable alternatives to popular, proprietary commercial applications like Photoshop, Illustrator, Final Cut Pro and others.

This article explores some of the top creative tools available on Linux and how transitioning to openSUSE can help creative professionals maintain, or even improve, their productivity.

Transitioning from Photoshop to GIMP

For many creatives, Photoshop is the go-to application for photo editing and graphic design. However, GIMP is an excellent open-source alternative that provides a wide range of professional-grade features.

GIMP supports many file formats, including PSD and offers powerful tools for retouching, editing and manipulating images. Creative professionals will find familiar features like layers, masks, blending modes and a variety of brushes. GIMP also supports high-bit-depth images and allows users to create professional-quality designs.

GIMP may have a slightly different workflow than Photoshop, but it is flexible, customizable and its plugin support makes it a highly versatile tool for image editing and graphic design. Many users find that GIMP offers all the functionality they need to complete complex projects.

Alternatives to Illustrator: Inkscape

For vector graphics, Inkscape is a known alternative to Illustrator. Inkscape is a powerful, free tool for creating logos, illustrations and scalable graphics. It supports common vector formats, including SVG, AI, and EPS, which make it easy to integrate into existing workflows.

Inkscape’s interface is intuitive for Illustrator users and features many of the same tools, such as the Pen tool, curves, shape tools and layer management. Its active development community ensures frequent updates, and the software is highly customizable through extensions and plugins.

For those focused on scalable design and illustration, Inkscape provides a professional-grade environment without the subscription fees associated with cloud creative services. This saves costs and opens people’s minds to the alternatives that are available.

Video Editing: Kdenlive and Blender

Creative professionals working in video production and editing have strong options to use both Kdenlive and Blender. Kdenlive, which is part of the KDE ecosystem, is a feature-rich video editor that provides tools for cutting, splitting and arranging video clips. It supports multiple video and audio tracks, transitions, effects and keyframe animation, which makes it suitable for everything from simple edits to more complex projects.

Blender is an industry-leading, open-source application meant for those working on 3D animation, video effects or visual effects (VFX). Blender’s capabilities include 3D modeling, animation, rendering and compositing, as well as a fully functional video editor. Blender is widely used in professional studios for film, game development and visual effects, which makes it a powerful option for creative professionals. Blender’s source code is governed by the GNU General Public License, embodying the same principles of freedom and collaboration that drives distributions like openSUSE and others.

Audio Production: Ardour and Audacity

Creative professionals working in music production, sound design or podcasting have options. Software packages like Ardour and Audacity offer powerful audio editing solutions. Ardour is a digital audio workstation (DAW) that supports multi-track recording, mixing and mastering. It is widely used for professional audio production, supporting VST plugins and offers advanced feature sets comparable to Logic Pro and Pro Tools.

Audacity is a simple and easy-to-use tool for audio editing; it’s ideal for basic recording, podcasting and sound editing tasks. It’s perfect for quick edits and simple projects, with support for a variety of audio formats and built-in effects.

3D Modeling and Animation: Blender

Blender deserves a second mention here because of its dominance in the field of 3D modeling and animation. Blender’s comprehensive suite of tools allows users to create everything from character animations to architectural models. It offers sculpting tools, UV unwrapping, rigging, particle simulation, and more.

For creative professionals used to proprietary 3D modeling software like Autodesk Maya or 3ds Max, Blender provides a comparable, if not superior, set of features with the added benefit of being open-source.

Publishing and Layout: Scribus

For professionals in publishing or those who need to create print-ready materials, Scribus is a capable desktop publishing tool. It provides features for designing brochures, books, magazines and other print materials. It’s similar to InDesign and just as functional.

Scribus supports advanced typography, CMYK colors, ICC color profiles and PDF export, which makes it a professional solution for designers working on print projects. With a clean, organized interface, it makes a transition from InDesign relatively smooth.

Why openSUSE?

Besides Windows 10 expiring and having to spend more than $100 USD for an upgrade depending on the country you live in, openSUSE provides a solid environment for creative professionals to transition to a new operating system. It offers stability, security and flexibility that allows users to customize their systems to fit their specific needs. Tumbleweed, which is openSUSE’s rolling release version, ensures access to the latest versions of creative software, while the Leap version offers long-term stability with fewer updates; Leap is ideal for users who prefer to avoid frequent changes.

With software centers and tools like openSUSE’s YaST configuration tool, managing software and updates are incredibly easy; this can be a big advantage for those new to Linux.

Creative professionals can continue producing high-quality work without the need for expensive software subscriptions or hardware upgrades. From GIMP and Inkscape to Blender and Ardour, the open-source Linux ecosystem offers powerful, free alternatives that rival commercial counterparts.

The “Upgrade to Freedom!” campaign is here to help creative people make the switch. By choosing openSUSE, you not only gain access to a suite of professional-grade tools but also extend the life of your hardware and avoid contributing to e-waste.

Now is the perfect time for creative professionals to embrace the freedom of open-source software and continue thriving on Linux.

This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.Those who would like to order a laptop with Linux, can visit slimbook.com or other providers of Linux machines.

Upgrading to Leap Micro 6.1 Beta with opensuse-migration-tool

Leap Micro 6.1 Beta was released last Wednesday. Images can be found at get.opensuse.org As this is mostly a rebrand of SUSE Linux Enterprise Micro 6.1, unless some serious issues are found, users can expect a quick transition to RC and GA next week.

We’re introducing a new migration tool with Leap Micro 6.1 which should hopefully ease future upgrades to a Leap Micro releases, specifically new major versions. Let’s have a look at how to deploy it from git on older Leap Micro releases as well as how to install it on Leap Micro 6.1 Beta.

The main benefit for the user is that you don’t have to deal manually with any repository changes that might have been introduced in a new releases. This will hopefully lead to smoother and more straightforward upgrades. As of now the opensuse-migration-tool is still experimental.

Testing the tool with Leap Micro container from your Leap or Tumbleweed

We have to be running an older version of Leap Micro to be able to upgrade to 6.1.

Since we’re using distrobox in this example our host can be running Leap, Tumbleweed, Aeon. Distrobox will have access to your home directory, including the git checkout.

The key is to use –pre-release to have Leap Micro 6.1 as an available upgrade target.

$ git clone https://github.com/openSUSE/opensuse-migration-tool.git
$ cd opensuse-migration-tool
$ distrobox create --image registry.opensuse.org/opensuse/leap-micro/6.0/toolbox --name micro60
$ distrobox enter micro60 # from now on inside distrobox
$ zypper in bc jq curl dialog sed gawk
$ ./opensuse-migration-tool --pre-release --dry-run
$ sudo ./opensuse-migration-tool --pre-release # Chooose Leap Micro 6.1
$ cat /etc/os-release # should confirm that you've upgraded to 6.1

Enjoy your new Leap Micro 6.1 Beta container

If you trash your container, just type exit podman stop micro60 or docker stop micro60 followed by distrobox rm micro60. And you can start all over again.

Testing the tool on Leap Micro host or inside the VM

Here we have to use transactional-update shell as we’re working inside Leap Micro 6.0 or even 5.5 host or a VM. Just like in the previous case, the important piece is to try it from a Leap Micro release older than 6.1, as otherwise, the only migration target would be MicroOS.

Make sure to use –pre-release to have 6.1 Beta as a viable migration target.

$ sudo transactional-update shell # from now on inside shell
$ zypper in git bc jq curl dialog sed gawk 
$ git clone https://github.com/openSUSE/opensuse-migration-tool.git
$ cd opensuse-migration-tool
$ ./opensuse-migration-tool --pre-release --dry-run
$ sudo ./opensuse-migration-tool --pre-release  # Choose Leap Micro 6.1 as a target
$ reboot

*Enjoy Leap Micro 6.1 Beta

Don’t worry In case you mess up, we’re using transactional-update shell. You can always boot the previous snapshot.

Testing Leap Micro 6.1 to MicroOS upgrade migration

Since there is no newer point release than Leap Micro 6.1 Beta, the only migration/upgrade target would be MicroOS.

The point of this example is to show that the Leap Micro 6.1 repository already contains the opensuse-migration-tool Therefore there is no need to run it from a git checkout unless you want to tinker with it.

$ sudo transactional-update shell
$ zypper in opensuse-migration-tool # Will work only on Leap Micro 6.1
$ sudo opensuse-migration-tool --dry-run # to oversee what would change
$ sudo opensuse-migration-tool # MicroOS is expected to be the only migration option from Leap Micro 6.1 Beta

Don’t bother re-running the opensuse-migration-tool once you upgrade to MicroOS which is in fact openSUSE Tumbleweed. There is really nothing newer that you could migrate to, and you’ll get the message that openSUSE Tumbleweed is unsupported. This behavior is expected.

Known issues

Bug 1233982 - Upgrade to 6.1 (netcfg) failed

This particular issue will for sure pop up in your distrobox-based experiments. Distrobox mounts over /etc/hostname with a bind mount and the upgrade of netcfg will fail on post-script. This is safe to ignore (type i in interactive zypper dup).

The migration tool tries to run non-interactively at first, and in case it fails it leaves problem resolution on the user by re-running zypper dup in interactive mode.

Contributing

If you’re interested in contributing feel free to send PR, report issues or features against openSUSE/opensuse-migration-tool Github repository

Tumbleweed Monthly Update - November 2024

This month, the rolling-release continues to shine as a well-oiled machine. November brings key updates for Mesa, gtk4, php8, postgresql17 and more. Alongside these key updates, important security fixes arrived for mozjs128, postgresql, Firefox, and OpenSC, which resolved several CVEs to help bolster your system’s resilience. The fresh design introduced last month, with its revamped logo and day/night-themed wallpapers, continues to enhance Tumbleweed’s aesthetic appeal while the updates this month improve functionality and security.

As always, remember to roll back using snapper if any issues arise.

Happy updating and tumble on!

For more details on the change logs for the month, visit the openSUSE Factory mailing list.

New Features and Enhancements

  • GTK4 4.16.6 and 4.16.7: The newest version reduces the size of error underlines in text rendering for better visual clarity. The 4.16.6 version provides fixes for a smoother user experience. Wayland color management is now opt-in, helping prevent compatibility issues with KWin. Users can experiment with this feature by setting GDK_DEBUG=color-mgmt. Improvements include preventing emoji selection when inserted in GtkText, setting default window icons from the application ID in GtkApplication and enhancing GtkFontChooser to make its dialog more adaptable.The release also includes updated translations.
  • postgresql 17.2: The package received two updates this month and resolves an ABI break affecting extensions that interact with ResultRelInfo and restores the functionality of ALTER {ROLE|DATABASE} SET role. Logical replication slots now handle restart_lsn correctly to avoid backward movement. The update prevents deletion of required WAL files during pg_rewind and fixes race conditions with shared statistics entries. Index statistics in contrib/bloom are now correctly counted. The update fixes an assertion failure in regular expression parsing caused by disconnected NFA sub-graphs.
  • gnutls 3.8.8: Improvements in this package were made in post-quantum cryptography and Online Certificate Status Protocol handling. Experimental support for X25519MLKEM768 and SecP256r1MLKEM768 key exchange algorithms in TLS 1.3 were added that align with the final ML-KEM standard. This update requires liboqs 0.11.0 or newer. Additionally, the library now validates all records in OCSP responses, ensuring the server certificate is checked against all available records instead of only the first. Improvements in handling malformed compress_certificate extensions bring stricter RFC 8879 compliance, replacing incorrect alerts with illegal_parameter and rejecting overlong extension data.
  • KDE Plasma 6.2.3:
    Bluedevil improves PIN entry behavior, while Breeze resolves a potential null pointer issue. Discover updates its backend for compatibility with fwupd 2.0.0 and corrects review visibility in the Application Page. KWin receives extensive updates, including fixes for crashes, colormap leaks, file descriptor handling, and HDR brightness management. Plasma Desktop fixes app tooltips, task manager icon alignment, emoji search, and optimizes activity management. Other components like KPipeWire, KSystemStats, and Powerdevil improve stream handling, sensor robustness, and brightness adjustments, respectively. Plasma Mobile simplifies and cleans up the Action Drawer and enhances app list navigation and search functionality. Plasma Audio Volume Control ensures accurate device name updates, while Plasma Workspace adjusts logout screen behavior, theme defaults, and mobile user interface fixes.
  • KDE Gear 24.08.3: Elisa fixes missing icons on certain platforms. K3b corrects file pattern parsing for ripped files and removes deprecated MusicBrainz code. KAccounts-Integration improves logging, fixes dangling references, and handles missing files gracefully. Kate addresses session group saving, export order for SQL and builds on openSUSE with updated dependencies. Kdenlive resolves multiple crashes and improves project handling, proxy generation, and timeline management. KIO-Extras adds WebP thumbnail support. Kitinerary expands ticket extraction support for multiple transport services and improves handling of Renfe and Agoda formats. Konsole fixes issues with OSC color commands.
  • KDE Frameworks 6.8.0: Baloo now excludes model/obj and text/rust from indexing. Breeze Icons adds support for text/x-typst mimetype icons and unifies index themes for better consistency. Extra CMake Modules gain Python bindings and improved static Qt6 support. KIO sees improvements in http handling, resizing in KFilePlacesView, and overall UX enhancements. Kirigami resolves various issues with icons, themes, and overlays, improving usability. KTextEditor enhances session restore, template handling, and introduces comprehensive swap file tests. Solid restores media change handling for audio CDs and adopts libmount on Linux for better functionality. This release also includes numerous bug fixes, CI improvements for static builds, enhanced Qt 6 compatibility, and updated translations.
  • gnome-control-center 47.2: GNOME users see accessibility improvements by removing excessive “screen” labels. The appearance settings fix accidental resets of accent colors. Lemory leak are addressed in the Apps section, while Color ensures profiles are connected before use. Printers fix an incorrect tooltip in the “Add Printer” button. Updated translations are included.
  • ruby3.3 3.3.6: This update includes the merging of JSON 2.7.2 and reline 0.5.10, along with an upgrade to REXML 3.3.9. The release resolves significant bugs, such as improper object freeing when using Data_Make_Struct, broken IO#close functionality under Fiber scheduling, and errors with multibyte path names on Windows. Additional fixes address issues with Float handling ASCII-incompatible strings, memory management in IO::Buffer operations, and discrepancies in instance_method behavior across Ruby versions. This version also corrects corrupt RUBY_DESCRIPTION metadata when specific flags are used and improves hash key retrieval after Process.warmup.

Key Package Updates

  • Mesa 24.3.0: The package introduces a new stable release with updates enhancing its graphical capabilities and addressing security and build issues. The update refreshes patches for various vulnerabilities, including CVE-2023-45913, CVE-2023-45919, and CVE-2023-45922, while incorporating fixes for Python 3.6 build compatibility and other adjustments. Deprecated options like -Ddri3=enabled and -Ddri-search-path have been removed to streamline the build configuration. Vulkan 1.3 is now supported on Raspberry Pi 4 and 5 via v3dv, while the NVK driver adds support for important extensions like VK_EXT_descriptor_buffer, VK_KHR_dynamic_rendering_local_read, and VK_KHR_pipeline_binary. RADV sees new features and Shader support is significantly enhanced. Full details can be accessed in the release notes.
  • kernel-source 6.11.8: Key updates for the Linux Kernel address issues like dangling pointers in virtual socket and hyper-v socket initialization, improved support for AMD audio on certain laptops, and fixes for display rendering and timeout handling in Intel and AMD graphics drivers. The update resolves several memory management, file system and USB-related bugs, which includes USB Type-C and serial device handling. Fixes were made to Thunderbolt connections, media device parsing, and the management of system clocks and platformance features for AMD processors. Updates to the Btrfs file system enhance subvolume flag management and quota handling.
  • GStreamer 1.24.9: Fixes include better timestamp handling in flvmux, RTPManager keyframe management and enhanced SRT and V4L2 support. Updates optimize aggregator, playbin3, and qtdemux, with broader format and library compatibility.
  • gpgme 1.24.0: This package brings several significant enhancements and fixes, including extended decryption and verification commands that now support direct file output. Encryption and signing commands also allow input data to be read from files. Additional features include improved handling of designated revocation keys, new context flags for advanced operations like importing options and processing all signatures and the introduction of an easier method to change owner trust and enable or disable keys. The Qt library now supports simultaneous builds for Qt 5 and Qt 6, enabling file-based operations for encryption and signing while offering better integration for importing options and appending detached signatures.
  • gtk4 4.16.3: This update enhances how default cursor themes are handled by searching within XDG directories to ensure better compatibility with Wayland environments. The default cursor size now matches the gsettings schema and provides a more consistent user experience. The fallback process for portal settings was refined as settings_portal is cleared when switching to fallback without portal settings. This release also includes updated translations.
  • php8 8.3.14: Fixes include addressing segmentation faults in DOM, GD, and FFI, memory leak in Reflection and OpenSSL, and use-after-free vulnerabilities in SPL and sockets. The update also resolves overflows in multiple modules, such as mbstring, streams and GMP for more stable and secure handling of edge cases. Notable security improvements include patches for out-of-bounds writes in LDAP CVE-2024-8932, heap buffer over-reads in MySQLnd CVE-2024-8929, and CRLF injection vulnerabilities in streams CVE-2024-11234.
  • ibus 1.5.31: This includes enhanced CI support for both generic setups and Wayland environments, as well as updates to compose keys based on the latest Xorg and GTK standards. The release transitions to using localectl for XKB configuration retrieval in Wayland, enhancing integration. Security improvements include a change to the IBus unique name, while updates to XKB engines and Unicode categories ensure broader compatibility. This version resolves various issues, including problems with X11 applications and games, Emoji handling, Flatpak integration, and preedit behavior in specific input methods like m17n:sa:itrans.

Bug Fixes and Security Updates

Several key security vulnerabilities were addressed this month:

  • Firefox 132:
  • CVE-2024-10458: Permission leak via embed or object elements.
    • CVE-2024-10459: Use-after-free in layout with accessibility, potentially leading to an exploitable crash.
    • CVE-2024-10460: Confusing display of origin for external protocol handler prompt.
    • CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response.
    • CVE-2024-10462: Origin of permission prompt could be spoofed by a long URL.
    • CVE-2024-10463: Cross-origin video frame leak in some conditions.
    • CVE-2024-10468: Race conditions in IndexedDB could cause memory corruption and a potentially exploitable crash.
    • CVE-2024-10464: History interface could cause a Denial of Service condition.
    • CVE-2024-10465: Clipboard “paste” button persisted across tabs, allowing a potential spoofing attack.
    • CVE-2024-10466: DOM push subscription message could hang Firefox, causing it to become unresponsive.
    • CVE-2024-10467: Memory safety bugs fixed, potentially exploitable to run arbitrary code.
  • php8 8.3.14:
    • CVE-2024-8932: An out-of-bounds access in the LDAP extension’s ldap_escape function.
    • CVE-2024-8929: A heap buffer over-read in MySQLnd that could leak partial heap content.
    • CVE-2024-11233: An issue in the Streams component allowing potential CRLF injection via proxy configurations.
    • CVE-2024-11234: A vulnerability in the Streams component related to CRLF injection.
    • CVE-2024-11236: Integer overflows in PDO DBLIB and PDO Firebird quoters, leading to out-of-bounds writes.
  • opensc 0.26.0:
    • CVE-2024-45615: Uninitialized values in libopensc and pkcs15init could lead to undefined behavior.
    • CVE-2024-45616: Incorrect checks or usage of APDU response values in libopensc may result in uninitialized values.
    • CVE-2024-45617: Missing or incorrect return value checks in libopensc can cause uninitialized values.
    • CVE-2024-45618: Similar issues in pkcs15init due to improper return value handling.
    • CVE-2024-45619**: Improper handling of buffer or file lengths in libopensc.
    • CVE-2024-45620**: Similar buffer or file length handling issues in pkcs15init.
    • CVE-2024-8443**: A heap buffer overflow in the OpenPGP driver during key generation.
  • libsoup:
    • CVE-2024-52531: A buffer overflow in soup_header_parse_param_list_strict could occur during UTF-8 conversion in applications using libsoup versions prior to 3.6.1. This issue cannot be triggered by input received over the network.
    • CVE-2024-52532: An infinite loop and excessive memory consumption were possible when reading certain patterns of WebSocket data from clients in libsoup versions before 3.6.1.
  • mozjs128 128.4.0:
    • CVE-2024-10458: Permission leak via embed or object elements.
    • CVE-2024-10459: Use-after-free in layout with accessibility.
    • CVE-2024-10460: Confusing display of origin for external protocol handler prompt.
    • CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response.
    • CVE-2024-10462: Origin of permission prompt could be spoofed by long URL.
    • CVE-2024-10463: Cross-origin video frame leak.
    • CVE-2024-10464: History interface could cause a Denial of Service condition.
    • CVE-2024-10465: Clipboard “paste” button persisted across tabs.
    • CVE-2024-10466: DOM push subscription message could hang Firefox.
    • CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
  • postgresql17 17.1:
    • CVE-2024-10976: Incomplete tracking of tables with row-level security could allow reused queries to access unintended rows.
    • CVE-2024-10977: Error messages during SSL or GSS protocol negotiation could be spoofed by a man-in-the-middle.
    • CVE-2024-10978: Incorrect privilege assignment could allow less-privileged users to view or modify unintended rows.
    • CVE-2024-10979: In PL/Perl, unprivileged database users could alter sensitive process environment variables, potentially leading to arbitrary code execution.
  • libssh2_org 1.11.1:
    • CVE-2023-48795: A vulnerability that could cause mishandled handshake and sequence numbers, allowing attackers to bypass integrity checks and downgrade security features in certain OpenSSH extensions.
  • Xen 4.19.0_06:
    • CVE-2024-45818: Fixed a deadlock in x86 HVM standard VGA handling.
    • CVE-2024-45819: Only x86 systems running PVH guests are affected; HVM and PV guests are not vulnerable. The libxl toolstack may leak data to PVH guests via ACPI tables.
  • python-tornado6 6.4.2:
    • CVE-2024-52804: The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue

Conclusion

November 2024 was another stellar month for Tumbleweed as it showcased its commitment to delivering the newest software with an impressive array of updates. Notable updates to Mesa, GTK4, KDE Plasma, PostgreSQL and more provide rolling release users with the latest in open-source technology for a secure and robust system. Keep rolling forward, and don’t forget to check out the detailed changelogs and discussions on the openSUSE Factory mailing list. Here’s to another month of seamless updates—happy tumbling!

Slowroll Arrivals

Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users.

Contributing to openSUSE Tumbleweed

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

Project to have AMA with SUSE’s GM

The openSUSE community is invited to an online engagement with SUSE’s General Manager for Business Critical Linux on Dec. 3 at 16:00 UTC.

Rick Spencer, who leads the SUSE Linux Enterprise and SUSE Multi-Linux Manager teams, works closely with those contributing to openSUSE as part of his day-to-day roles. He is eager to strengthen the ties between SUSE and the openSUSE communities.

The Ask Me Anything session is an opportunity for open dialogue with members of the project and open-source contributors.

Participants can ask questions, share insights and learn about SUSE’s ongoing initiatives involving openSUSE and open-source development. Questions can also be submitted in advance to Rick Spencer or Gerald Pfeifer to guide the discussion.

Event Details:

  • Event: openSUSE Open Door Session with Rick Spencer

  • Date: Dec. 3, 2024

  • Time: 17:00–17:45 CET / 11:00–11:45 ET

  • Location: Online

How to Participate:

Spencer provided the keynote at this year’s openSUSE Conference.

Transition from Windows to Linux: A Step-by-Step Guide

With Microsoft ending support for Windows 10 in October 2025, millions of users are looking for alternatives that avoid costly hardware upgrades, additional upgrade costs to Windows 11 depending on the country a person is in or to mitigate security risks.

A compelling options for many are open-source operating systems. Linux distributions like openSUSE and others extend the life of hardware, enhance security and provide flexibility without additional expenses.

For those who reached this point, this Upgrade to Freedom guide will detail a beginner-friendly approach to transitioning from Windows to one of openSUSE’s distributions, which are known for being user-friendly, stable, and powerful.


Step 1: Prepare Your System

Before diving into the installation process, take the following steps to prepare:

  1. Back Up Your Data
    Save important files to an external drive, cloud storage or another secure location. Transitioning to Linux distributions typically involves reformatting your hard drive, which will erase existing data.

  2. Check Your Hardware Compatibility
    Most modern hardware works well with Linux, but it’s good practice to confirm compatibility. Visit the openSUSE wiki for more information.

  3. Choose Your Version of openSUSE
    openSUSE offers two versions:

    • Leap: A stable release designed for extended reliability and maintenance.
    • Tumbleweed: A rolling release with the latest updates.

    Beginners often prefer Leap for its stability. Tumbleweed will have constant, almost daily updates. Tumbleweed is favored by enthusiasts and developers who prioritize access to the newest features, technologies, and software update


Step 2: Download openSUSE

  1. Visit get.opensuse.org.
  2. Select the version you prefer (Leap or Tumbleweed).
  3. Download the ISO file to your computer.

Step 3: Create a Bootable USB

You’ll need a USB drive (at least 8GB) to install openSUSE.

  1. Insert a USB Drive
    Plug the USB drive into your computer.

  2. Create the Bootable USB
    Use software like:

    • Rufus (Windows)
    • Etcher (cross-platform)

    Select the downloaded openSUSE ISO file and follow the tool’s instructions to write the ISO to the USB drive.


Step 4: Boot Into the Installer

  1. Restart Your Computer
    During the boot process, press the key to enter your BIOS or boot menu (typically F2, F10, F12, or Delete).

  2. Select the USB Drive
    From the boot menu, choose your USB drive as the boot device. Then save and exit.

  3. Start the Installation
    When the openSUSE installer loads, select “Install.”


Step 5: Install openSUSE

The openSUSE installer will guide you through the setup process.

  1. Select Your Language and Region
    Choose your preferred language and time zone.

  2. Partition Your Drive
    • Select automatic partitioning if you’re unsure.
    • For advanced users, manual partitioning allows custom setups.
  3. Create a User Account
    Set up a username, password, and root (administrator) password.

  4. Review and Confirm
    The installer will show a summary of your settings. Confirm to begin the installation.

There are options to select Desktop Environments (DE) during instalations. GNOME, KDE Plasma, Xfce and more. It’s a good idea to research these DEs beforehand to find one that matches your preferences. Many new users find GNOME reminiscent of macOS, while KDE Plasma and Xfce are often compared by new users to the traditional Windows desktop.


Step 6: Configure Your System

Once the installation is complete, restart your computer and remove the USB drive. openSUSE will boot up, and you can begin configuring your system.

  1. Set Up Updates
    Run the following command in the terminal to update your system: Leap
    sudo zypper update
    

    Tumbleweed

    sudo zypper dup
    

    Congratulations on your Upgrade to Freedom!!!

Moving to Linux offers significant environmental benefits, as highlighted by Joanna Murzyn at the 2024 KDE Akademy conference, where she warned about the growing e-waste crisis and emphasized the importance of extending the lifespan of perfectly usable computers in her presentation, Only Hackers Will Survive.

This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.Those who would like to order a laptop with Linux, can visit slimbook.com or other providers of Linux machines.

https://news.opensuse.org/2024/11/26/2024-11-26-transition-from-windows-step-by-step/

With Microsoft ending support for Windows 10 in October 2025, millions of users are looking for alternatives that avoid costly hardware upgrades, additional upgrade costs to Windows 11 depending on the country a person is in or to mitigate security risks.

A compelling options for many are open-source operating systems. Linux distributions like openSUSE and others extend the life of hardware, enhance security and provide flexibility without additional expenses.

For those who reached this point, this Upgrade to Freedom guide will detail a beginner-friendly approach to transitioning from Windows to one of openSUSE’s distributions, which are known for being user-friendly, stable, and powerful.


Step 1: Prepare Your System

Before diving into the installation process, take the following steps to prepare:

  1. Back Up Your Data
    Save important files to an external drive, cloud storage or another secure location. Transitioning to Linux distributions typically involves reformatting your hard drive, which will erase existing data.

  2. Check Your Hardware Compatibility
    Most modern hardware works well with Linux, but it’s good practice to confirm compatibility. Visit the openSUSE wiki for more information.

  3. Choose Your Version of openSUSE
    openSUSE offers two versions:

    • Leap: A stable release designed for extended reliability and maintenance.
    • Tumbleweed: A rolling release with the latest updates.

    Beginners often prefer Leap for its stability. Tumbleweed will have constant, almost daily updates. Tumbleweed is favored by enthusiasts and developers who prioritize access to the newest features, technologies, and software update


Step 2: Download openSUSE

  1. Visit get.opensuse.org.
  2. Select the version you prefer (Leap or Tumbleweed).
  3. Download the ISO file to your computer.

Step 3: Create a Bootable USB

You’ll need a USB drive (at least 8GB) to install openSUSE.

  1. Insert a USB Drive
    Plug the USB drive into your computer.

  2. Create the Bootable USB
    Use software like:

    • Rufus (Windows)
    • Etcher (cross-platform)

    Select the downloaded openSUSE ISO file and follow the tool’s instructions to write the ISO to the USB drive.


Step 4: Boot Into the Installer

  1. Restart Your Computer
    During the boot process, press the key to enter your BIOS or boot menu (typically F2, F10, F12, or Delete).

  2. Select the USB Drive
    From the boot menu, choose your USB drive as the boot device. Then save and exit.

  3. Start the Installation
    When the openSUSE installer loads, select “Install.”


Step 5: Install openSUSE

The openSUSE installer will guide you through the setup process.

  1. Select Your Language and Region
    Choose your preferred language and time zone.

  2. Partition Your Drive
    • Select automatic partitioning if you’re unsure.
    • For advanced users, manual partitioning allows custom setups.
  3. Create a User Account
    Set up a username, password, and root (administrator) password.

  4. Review and Confirm
    The installer will show a summary of your settings. Confirm to begin the installation.

There are options to select Desktop Environments (DE) during instalations. GNOME, KDE Plasma, Xfce and more. It’s a good idea to research these DEs beforehand to find one that matches your preferences. Many new users find GNOME reminiscent of macOS, while KDE Plasma and Xfce are often compared by new users to the traditional Windows desktop.


Step 6: Configure Your System

Once the installation is complete, restart your computer and remove the USB drive. openSUSE will boot up, and you can begin configuring your system.

  1. Set Up Updates
    Run the following command in the terminal to update your system: Leap
    sudo zypper update
    

    Tumbleweed

    sudo zypper dup
    

    Congratulations on your Upgrade to Freedom!!!

Moving to Linux offers significant environmental benefits, as highlighted by Joanna Murzyn at the 2024 KDE Akademy conference, where she warned about the growing e-waste crisis and emphasized the importance of extending the lifespan of perfectly usable computers in her presentation, Only Hackers Will Survive.

This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.

💾

Leap Micro 6.1 Alpha is now available. Get ready for Leap Micro 5.5 End of Life.

Leap Micro 6.1 Alpha images can be found at get.opensuse.org. Unless some serious issues are found, users can expect a quick transition to GA within a few weeks.

About Leap Micro

Leap Micro 6.1 is a rebranded SUSE Linux Enterprise Micro 6.1 which is an ultra-reliable container and Virtual Machine host by SUSE. Leap Micro is released twice a year and has support over two releases.

Leap Micro 5.5 will be EOL with the release of Leap Micro 6.1

With the release of Leap Micro 6.1, Leap Micro 5.5 reaches End Of Life; users will no longer receive maintenance updates and are advised to upgrade to 6.1.

More conservative users can stay on Leap Micro 6.0, which will receive updates until the release of Leap Micro 6.2.

Notable changes

Users performing clean install will notice visible changes to the first boot wizard. The jeos-firstboot wizard can now create an additional user and optionally the 2FA secret but the PAM config is missing. It will be added with the GM builds.

We’ve added soft-reboot support.

Inclusion of vhostmd for SAP Virtualization. Addition of chrony-pool-empty and pf-bb-config. PREEMPT_RT kernel for Arm, ZRAM support, and support for TOTP 2fa for pam login mainly for the cockpit. Working JIT compilation of eBPF rules.

SLE Micro 6.1 received additional support for ppc64le, however, we intend to keep Leap Micro only for x86_64 and aarch64. The main reason is that there is no demand from the community to support these arches.

Understanding individual images

Users can refer to the Leap Micro 6.0 announcement where we already covered this part.

Upgrading from previous release.

A recommendation for migration from 5.X is to make a clean install since this is a brand-new major version.

For those who’d like to try migration, please follow the upgrade guide.

Migration from 6.0 should work with zypper --releasever 6.1 dup inside transactional-update shell

There is a chance that we’ll include a new migration tool which is expected to be developed as part of hackweek in Leap Micro 6.1 Beta. This would make the upgrade more straightforward for the future upgrades.

Release Notes

Users can refer to SLE Micro 6.1 Release notes once available.

Leap Micro 6.1 uses openSUSE-repos for repository management. It is highly recommended to pay attention to this detail, especially for those who migrate. Here is an article explaining how openSUSE repos work.

Just like 6.0, Leap Micro 6.1 has no longer a dedicated SLE update repo. This has been merged into the main repository.

Upgrade to Freedom! The Switch from Windows 10

The end of Windows 10 support in October 2025 presents a great opportunity for the Linux community to collectively help users transition their still-functional hardware to operating systems that can extend the life of their laptops, desktops or other devices.

Millions of users face the prospect of upgrading to a new version of Windows or transition to alternatives like openSUSE’s operating system or other Linux alternatives.

This looming transition sets the stage for Linux communities to embrace the Upgrade to Freedom! campaign; its aims is to help Windows users understand how to continue using their current hardware and switch to a Linux distribution like openSUSE, or others. Many of which are just as user-friendly and familiar in design as paid operating system versions.

This time next year Windows 10 is expected to no longer receive security and maintenance updates, which leaves systems vulnerable to malware, cyberattacks and other threats. This should raise significant concerns about data privacy and system reliability for businesses, governments and individuals.

The Upgrade to Freedom! campaign is designed to encourage people to select an environmentally responsible solution by collectively guiding users through the process of transitioning to a Linux Distribution.

One key argument for moving to Linux is the environmental benefits. Joanna Murzyn, who spoke at the KDE Akademy conference in 2024, warns about the increasing problem of electronic waste (e-waste). In her presentation, titled Only Hackers Will Survive, she highlights the environmental toll of throwing out perfectly usable computers.

E-waste, which includes discarded laptops, desktops and other electronics, releases toxic substances like lead, mercury and cadmium into the environment, according to Murzyn. These substances can contaminate soil and water as well as cause long-term harm to ecosystems and human health. Murzyn urged people to resist the urge to “upgrade” to new hardware and instead explore solutions like Linux that extend the life of existing devices.

Distributions like Ubuntu, Fedora, AlmaLinux and more are likely to do similar campaigns to bring users into the Linux ecosystem. Members of the openSUSE community feel that it would be best to combine forces with these distributions and have a unified and collaborative approach that highlights the shared benefits of transitioning to Linux. Linux communities can amplify their collective impact and make the transition smoother for users.

This campaign has the desired effect to show powerful, secure and customizable alternatives to Windows can be. One of the campaign’s core goals is to show users that their existing hardware is still fully functional, even if Windows 10 is reaching its end-of-life.

For users with older laptops and desktops, especially those incompatible with Windows 11, switching to a Linux distribution is a powerful way to avoid discarding perfectly usable hardware. openSUSE, for example, provides excellent performance on a wide range of hardware, including machines more than a decade old. By choosing Linux, users can continue using their devices for years to come and don’t need to invest in new hardware.

The Upgrade to Freedom! campaign will begin hosting webinars, releasing video tutorials and live Q&A sessions to help users make the switch to Linux. Whether you’re a gamer, a developer, or an everyday user, there are Linux distributions that cater to your needs.

If you decide to make openSUSE your choice as the result of the Freedom Campaign, great! Use the steps below to get started. If you want more exhaustive steps, click here.

How to Download and Install openSUSE:

Step 1: Download the ISO

  1. Go to get.opensuse.org.
  2. Choose your preferred version of openSUSE (E.g. Leap or Tumbleweed).
  3. Download the ISO file to your computer.

Step 2: Create a Bootable USB

  1. Insert a USB drive (at least 4GB) into your computer.
  2. Use software like Etcher, Rufus (Windows), or Impression (Linux) to write the openSUSE ISO to the USB drive.
  3. Select the downloaded ISO file and start the process to create a bootable USB.

Step 3: Install openSUSE

  1. Once the system boots from the USB, select “Install openSUSE.”
  2. Follow the on-screen instructions to choose your language, region, and partition your hard drive.
  3. Confirm the installation and let the process complete.

Step 4: Restart and Enjoy

  1. Once the installation is complete, restart your computer.
  2. Remove the USB drive.
  3. Boot into your new openSUSE system and enjoy!

Steps if you have problems

  1. Check your bios options in Window and change it for the USB.
  2. If you encounter issues, reach out to the openSUSE forum.

Ignite Creativity in Hack Week

Open-source software developers, tech enthusiasts and innovators worldwide are set for Hack Week 24 that starts today and runs through Nov. 22.

The event is a cornerstone of fostering creativity and collaboration and invites participants to explore personal and community-driven projects.

Hack Week provides a unique opportunity for developers to step away from their usual tasks and dive into passion projects, learning new skills and forge new connections.

This year’s theme is “Train of Thought” and draws inspiration from the idea that seemingly unrelated ideas can connect to spark innovative breakthroughs.

Here are some Hack Week 24 projects that are garnering attention.

  • New openSUSE-welcome: This project aims to revamp the openSUSE Welcome app to enhance the first-time user experience. Key goals include integrating end-of-life (EOL) notifications for openSUSE Leap, addressing potential upgrade notifications and ensuring the application is rebranded and maintained. The updated application will be submitted to openSUSE Factory and Leap 16.0, with corresponding updates to openQA testing.
  • Port Classic Games to Linux: Revive 1990s-era games by reverse-engineering their data and creating open-source engines.
  • Cluster API Provider for Harvester: This project builds on progress made in Hack Week 23 to create an infrastructure provider for Harvester using Cluster API (CAPI). Enhancements for 2024 include adding support for ClusterClass, improved CI and end-to-end testing. Developers are also exploring packaging templates as Helm Charts and testing with newer Harvester versions. The project encourages collaboration from those familiar with CAPI, Harvester, and related technologies.
  • openSUSE on LoongArch: Targeting a new architecture from China, this project focuses on building openSUSE support for LoongArch, which has already seen adoption in Debian Ports and Gentoo. The initial goal is to integrate LoongArch into OBS (Open Build Service) and build a minimal set of packages.

Other projects range from deep learning integration to creating openSUSE images for emerging architectures like Arm and RISC-V. Participants can also join efforts to modernize system tools or explore creative avenues like applying AI to board games or designing user-friendly command-line tools.

Hack Week thrives on collaboration and participants are encouraged to join discussions through platforms like the Uyuni Gitter channel or work on group projects.

Whether you’re an experienced coder or a curious learner, Hack Week 24 offers a welcoming environment to push the boundaries of open-source innovation.

For more details, visit the Hack Week website.

Community Call for Involvement With Project’s Governance, Rebranding

The openSUSE Board is calling for the formation of a working group to explore topics focused on project governance, operational models and rebranding for the project.

This follows a call on the openSUSE Project mailing list to formalize efforts, ideas and suggestions by community members in a centralized location.

The openSUSE Board emphasizes its role as a facilitator rather than the sole driver as community participation should shape the project.

“The strength of open-source projects like openSUSE comes from the community,” was posted in an email to the openSUSE Project mailing list.

Objectives of the Work Group:

  • Exploring Models for Project Governance
  • Examining Operational Improvements
  • Determining Resources for Effective Project Rebranding

The work group will concentrate community discussions and propose actionable options within 90 days; this will provide opportunities for the wider community to weigh in on the items proposed. Key governance documents, such as the current Board guidelines and election rules, should be reviewed to assess potential updates.

Discussions will be organized centrally in a separate section of the openSUSE forums to foster constructive debate and minimize off-topic discussions. This forum will be heavily moderated. openSUSE community members interested in participating can request access to the forum; the discussions will be publicly viewable.

Board Election for Three Seats Opens

Members of the openSUSE’s election committee have provided notice to the project about the start of this year’s board election. This election there are three board seats up for grabs.

The election begins its nomination process on Nov. 15 and invites all eligible openSUSE members to participate in shaping the community’s future.

The open seats are currently held by Douglas DeMaio, Neal Gompa, and Patrick Fitzgerald. Board members serve as guides for the community, oversee some key project functions, facilitate community initiatives and handle responsibilities from organizing board meetings to managing openSUSE domains and trademarks. They also play a role in upholding community standards, including overseeing complaint processes and ensuring compliance with openSUSE’s Code of Conduct.

Election Timeline The election process will unfold over the next month. The plan is to follow this official schedule:

  • Nov. 15: Official announcement, nominations open, membership drive begins
  • Nov. 30: Final candidate list announced; campaign begins
  • Dec. 1: Voting opens
  • Dec. 15: Voting closes
  • Dec. 16: Election results announced

How to Participate Any openSUSE member can stand for election by sending an email to project@lists.opensuse.org and election-officials@lists.opensuse.org. Members may also nominate others by contacting the Election Committee, who will follow up with the nominee to confirm their interest.

Eligibility Requirements According to the organization’s Election Rules, only current members are eligible to run for board positions. While new members are welcome to join during the membership drive and participate in the voting process, they will not be eligible to stand as candidates. The election committee overseeing this year’s event includes members Ish Sookun, Edwin Zakaria, and Ariez Vachha. The committee is responsible for ensuring a smooth election process and for finalizing the list of candidates by Nov. 30.

Project Welcomes rsync.net as Gold Sponsor

The openSUSE Project is excited to announce rsync.net as the latest Gold Sponsor!

The company’s support will empower the openSUSE community to continue building open-source solutions that serve users worldwide.

Rsync.net’s secure cloud storage and data backup solutions can assist openSUSE members with projects and package development. This is an excellent solution for securing offsite backups of critical data for a system. The cloud storage company rsync.net dedicates resources not only to the openSUSE Project, but to other open-source projects like Debian developers.

Through this partnership, openSUSE community members with an openSUSE email address can access 500 GB of free-forever storage. Members can also gain the additional benefits from rsync.net with affordable options for those who need even more space:

  • Standard Single Region: $0.008 per GB per month, ensuring 99.9999% resiliency.
  • Geo-Redundant Storage: $0.014 per GB per month, with automatic replication across regions for enhanced security.

Storage locations in Silicon Valley, Denver, Zurich, and Hong Kong can help to best suit developer needs.

The openSUSE Project values this partnership with rsync.net and its members appreciate the company’s commitment to support our community and open-source efforts.

For openSUSE members interested in rsync.net’s support, click here.

Members were informed about the sponsorship through the Factory mailing list. Members of openSUSE can view the perks of being a member of the project on the wiki.

Companies interested in supporting the openSUSE Community can find sponsorship details on our sponsors page. The project also accepts donations to support the community through the Geeko Foundation.

Streamlining openSUSE Translations Upstream

Managing localization of desktop menus and applications takes a specific tool and approach that fills a gap but leaves inconsistent upstream translations.

Open-source translation standards have advanced over the years and the downstream-only model being used has proven to become inefficient, which is why Update-Desktop-Files Deprecation efforts are developing.

Over the past two decades, SUSE’s translation system has grown to cover more than 5,747 packages, with a total of about 380,000 translated strings. These efforts are labor-intensive and often redundant since many translations upstream already exist. The update-desktop-files tool contradicts an upstream-first policy. The SUSE-specific translations override upstream versions, causing inconsistencies and duplicating translation work. It also limits package maintainers’ control as translations are often integrated during runtime, which then appear different from what package maintainers expect. The tool adds complexity and requires SUSE-specific infrastructure (e.g., SUSE intranet and OpenQA VPN) that complicates maintenance and makes it challenging to align with certain open-source practices.

Given these challenges, transitioning to an upstream-first approach aligns with openSUSE’s goals of reducing redundancy, improving translation quality and supporting community collaboration.

Starting with the new update-desktop-files release to Factory in November 2024, package maintainers are encouraged to check build logs for instructions on upstreaming SUSE-specific translations.

Below is the roadmap for these effort:

  • November 2024: New version in Factory enables upstreaming of translations done over the past 20 years.
  • Early 2025: Packages using the opaque translation process will start upstreaming changes.
  • March 2025: Package maintainers review and propose changes to upstream projects.
  • End of 2025: Upstream responses are integrated; package maintainers import changes to Factory.
  • 2026: Any remaining SUSE-specific desktop files are patched. By year-end, the use of update-desktop-files will trigger errors, phasing it out completely.

To help in this transition, package maintainers should verify translations for Name, GenericName, Comment, and Keywords against upstream standards. Where applicable, patches can be generated using the update-desktop-files.tar.gz files, which provide various patch formats (e.g., -downstream-translated.diff for direct translations). Package maintainers should also update spec files, remove %suse_update_desktop_file and use the appropriate upstream translation mechanisms. Following the guidelines outlined in the openSUSE wiki page will help those who have questions.

The change is expected to use the upstream translations wherever possible, so the community can focus on openSUSE translations.

For more information, visit openSUSE wiki or subscribe to the translations mailing list.

Project Launches Recognition Platform

The openSUSE Project has announced the launch of a new initiative aimed at highlighting contributions of its diverse community members.

Dubbed “Contributor in the Spotlight,” the project aims to feature a different contributor each month and showcase their work in areas such as coding, art, documentation and more.

“It’s a great opportunity to get involved in the community and help ensure that our contributors receive the recognition they deserve,” wrote Tobias Görgens and Gertjan Lettink in an email on the project mailing list.

The program aims to increase visibility, provide recognition, express gratitude and to inspire others to contribute to open-source.

Many contributors’ efforts often go unnoticed and this initiative seeks to change this by sharing their stories and acknowledging their efforts to enhance open source development.

Contributors can apply to be featured by self-nomination though submitting an application by the 15th of each month. Nominations are permissible with the consent of the person being nominated. The selection process will focus on impact, uniqueness and relevance of their work to the project and beyond. Those chosen will be spotlighted in a blog post on the first Monday of the following month.

In addition to encouraging submissions, members of the project seek volunteers to help manage the initiative. Organizers will review applications, create blog posts and promote the project within the community.

Applications are now open, with the first feature expected to be published soon.

For more information, visit the mailing list email or the openSUSE GitHub page.

Tumbleweed Monthly Update - October 2024

This month, the rolling-release ran like a well-tuned engine as it powered through important updates and bug fixes with precision and speed. Updates were available for GNOME, systemd, qemu and more alongside important security patches. Various CVEs were addressed, particularly for Firefox, openssl, and virtualbox packages, to improve systems’ security. Desktop components for GNOME and KDE were also refreshed this month.

In addition to all the package updates this month, the rolling release received a fresh visual overhaul that revamped Tumbleweed’s logo and new wallpapers with both day and night themed variants.

As always, remember to roll back using snapper if any issues arise.

Happy updating and tumble on!

For more details on the change logs for the month, visit the openSUSE Factory mailing list.

New Features and Enhancements

  • LibreSSL 4.0: Major version 4.0 brings several significant changes and removals. Notably, the cms command in openssl(1) now supports the CRLfile option to specify additional CRLs during verification. The update also changes protocol handling in libtls, completely ignoring unsupported TLSv1.0 and TLSv1.1 protocols. The potentially dangerous EVP_PKEY*_check(3) functions were removed, and the Whirlpool hash function is no longer supported.
  • bind 9.20.3: a new WALLET record type was added and allows mapping domain names to cryptocurrency wallets. The release also introduces query response logging features that provide summaries through the responses category and an important change was made that includes the ability to fall back from IXFR to AXFR during DNS record transfers if too many records cause a failure. Bug fixes address issues such as incorrect statistics in forward-only zones, a static-stub bug that causes misdirected queries and improvements to long-running processes like DNSSEC validation and zone file operations.
  • GNOME 47.1: Enhancements to gnome-shell include improved accessibility for quick settings, better tablet UI accent color usage and more accurate inset box shadows. Various layout fixes, padding adjustments and a crash fix are included with translation updates. The gnome-shell-extensions package adds missing top-bar indicators in the classic mode and gnome-sudoku users will enjoy the several UI fixes, including improvements to tooltips in light mode along with better handling of the undo function. The update of gnome-text-editor introduces fixes for documents defaulting to implicit trailing newlines and improves text wrapping on small screens. An update of gnome-bluetooth resolves a crash when canceling pairing and adds support for the Kawai CA501 music keyboard, alongside other improvements. With gnome-control-center, a fix was made for an accessibility regression in background name handling; the package also added improvements to various modules like Appearance, Color, and Users.
  • xz 5.6.3: Key changes include a fix for x86-64 inline assembly compatibility with older versions of GNU Binutils and a build fix for GCC 4.2 on OpenBSD/sparc64. The xzdec tool now correctly displays errors if unsupported options like -M are used, and lzmainfo addresses integer overflow issues when rounding dictionary and uncompressed sizes. In terms of build improvements, the Autotools-based build system now handles link-time optimization (-flto) better, and Solaris users benefit from a fix in version.sh for regenerating configure files. The CMake system also sees improvements, including preferring C11 over C99 compilers, and avoiding unnecessary threading flags when linking against shared liblzma. Additionally, translations have been updated for Catalan, Simplified Chinese, and Brazilian Portuguese.
  • KDE Plasma 6.2.1: A fix was made for Breeze with checkbox sizing when no text or icons are present. Discover addresses a crash related to null channels in Snap packages for those who use it and Plasma Addons improves the web browser applet’s scale selection. KWin saw multiple fixes, including optimized rendering with custom geometry, proper handling of X11 keyboard modifiers and preventing crashes related to window stacking and timestamps. Powerdevil introduces improvements in brightness control and fixing issues with display sliders. Spacebar fixed an issue with SMS sending to further refine communication capabilities in Plasma Mobile environments.
  • KDE Gear 24.08.2: Dolphin fixes issues related to trailing slashes in URLs and ampersand display in filenames while Elisa resolves a problem preventing tracks without metadata from playing. Video editor Kdenlive had multiple bug fixes to include title producer updates, crash fixes and improved handling of effects and keyframes. Improvements in screenshot sharpness were made to Spectacle along with user interface elements like the blur and pixelate tools.
  • Qt 6.8.0: This release provides key updates across the Qt framework, improving performance and stability. Core libraries like libQt6Core and libQt6Gui receive bug fixes and performance boosts. Qt Multimedia improves support for system Eigen headers and optimizes x86 compatibility. Qt WebEngine and Qt WebView enhance web rendering and include patches to prevent build failures on ARM systems. Graphics modules like Qt Quick 3D and Qt ShaderTools provide better 3D rendering and shader handling. Overall, this update enhances functionality across UI, multimedia, and web components.
  • NetworkManager 1.50.0: In this update, support for dhclient was deprecated, and it is no longer built by default unless explicitly enabled. The internal DHCP client, which has been the default since version 1.20, is now recommended. The package now considers /etc/hosts when performing reverse DNS lookups for the system hostname. Support has been added for multiple gateways on a single network through ndisc, and channel-width configuration for Wi-Fi AP mode is now supported. Other enhancements include improved handling of VLANs on bridge ports and better handling of malformed LLDP packages to avoid crashes.
  • cups 2.4.11: This update addresses several issues related to Internet Printing Protocol (IPP) response validation, PostScript Printer Description (PPD) value processing and enhancements in the Web UI. Notable changes include updating the maximum file descriptor limit for cupsd to 64k-1 and fixing the lpoptions -d command for discovered but unadded printers. Support for checkboxes in the Web UI was also enhanced, along with improved printer state notifications and IPP Everywhere printer setups. Several commits related to IPP validation and PPD string processing were also included that address issues such as localized string handling.

Key Package Updates

  • systemd 256.7: This version contribution by 26 developers with 83 commits. Key improvements include refined support for managing nspawn containers, handling of ld.so.cache and better logging mechanisms in the query response systems. The release also addresses issues with seccomp synchronization and improves error handling in the ARP protocol (sd-ipv4acd).
  • kernel-source 6.11.3: Key updates include improvements in static call handling, specifically in module failures and static key decrements. Several SCSI fixes address issues like input/output errors on empty drive resets and PCI queue mapping overwrites. On the graphics side, the Intel and AMD GPU drivers see optimizations that include fixes for power management and display rendering. Networking updates include fixes for Realtek PHY drivers, VLAN handling, and preventing potential underflow conditions in packet length initialization. The update also introduces various memory leak fixes, improvements to Bluetooth, and enhancements to netfilter and IPv4/IPv6 handling.
  • gpg2 2.5.1: New commands like --add-recipients and --change-recipients provide added flexibility in managing recipients, and the --proc-all-sigs option has been added for signature processing. Improvements include fixes for key retrieval, PKCS#12 parsing updates and a resolution for the KEYTOCARD command when using loopback pinentry. The version update also now leverages the process spawn Application Programming Interfaces from libgpg-error for greater system compatibility.
  • gtk4 4.16.3: This update enhances how default cursor themes are handled by searching within XDG directories to ensure better compatibility with Wayland environments. The default cursor size now matches the gsettings schema and provides a more consistent user experience. The fallback process for portal settings was refined as settings_portal is cleared when switching to fallback without portal settings. This release also includes updated translations.
  • php8 8.3.13: Some essential fixes arrived in this package for its core and extensions. The Calendar extension addresses overflows in date functions like jdtounix, while CLI updates prevent duplicate HTTP headers. The core updates resolve segmentation faults, memory leaks and assertion errors, which stabilize nested frames and hash tables. In DOM, null pointer and memory leak issues are fixed for smoother XML handling. LDAP now handles memory leaks in ldap_modify_batch and SOAP patches address segmentation faults and memory leaks.
  • wicked 0.6.77: This release enhances IPv4/IPv6 node generation and interface-specific settings. It improves sysctl inheritance across interfaces, including loopback, but excludes settings like use_tempaddr and accept_dad. Routing updates resolve destination processing issues, and manpage enhancements clarify configuration details. New options include an ignore-rfc3927-1-6 setting for DHCP4. Compatibility improvements address deprecated INTERFACETYPE=dummy, and the package update fixes data leaks in ethtool operations.

Bug Fixes and Security Updates

Several key security vulnerabilities were addressed this month:

  • Firefox 131.0.3:
    • CVE-2024-9936 was a vulnerability that allowed attackers to manipulate selection node cache, potentially causing crashes.
    • CVE-2024-9392 could allow arbitrary cross-origin page loading in Firefox and Thunderbird versions below 131.
  • libnbd 1.20.3:
    • CVE-2024-7383 allows man-in-the-middle attacks due to improper TLS certificate verification when connecting to NBD servers.
  • Openssl:
    • CVE-2024-9143 was a flaw that may cause out-of-bounds memory access that potentially leads to crashes or remote code execution, but was a low likelihood.
    • CVE-2023-50782 was a flaw that amy have allowed a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges leading to exposure of confidential or sensitive data.
  • qemu 9.1.0:
    • CVE-2024-8612 may leak uninitialized data and lead to potential information exposure.
  • virtualbox 7.1.4:
    • CVE-2024-21248 allows low-privileged attackers to compromise the system that could potentially lead to unauthorized data access, modification or partial denial of service.
    • CVE-2024-21273 allows high-privileged attackers to gain unauthorized access to all data, potentially impacting other products.
    • CVE-2024-21259 allows high-privileged attackers to potentially take over the system, impacting confidentiality, integrity and availability.
    • CVE-2024-21263 allows low-privileged attackers to cause a complete denial of service and gain unauthorized read access to some data.
  • libarchive 3.7.6:
  • webkit2gtk3 2.46.1:
  • gnome-shell:
    • CVE-2024-36472 could allow the launching of a portal helper based on network responses that would enable untrusted JavaScript execution that could potentially cause resource consumption or other impacts.
  • oath-toolkit 2.6.11.12:
    • CVE-2024-47191 could allow root privilege escalation via improper users file access to include symlink handling.
  • unbound 1.21.1
    • CVE-2024-8508 allows denial of service that could cause excessive CPU usage during name compression.

Conclusion

October 2024 brought significant updates to Tumbleweed users and gave them a secure and performant system. Updating critical packages like systemd, pgp, php, GTK4 and more keeps your system up-to-date with the latest snapshots. Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list.

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Contributing to openSUSE Tumbleweed

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

Leap, Tumbleweed Get Makeovers

Branding for Tumbleweed and Leap 16.0 are moving along with the creation of a visual identity for these two distinct operating system flavors.

For two of openSUSE’s most notable Linux distributions, there is an updated logo and new digital wallpaper themes that feature beloved chameleons that represent the community projects.

The Tumbleweed logo has been revamped and transitions from a horizontal format to a new design that aligns with logos of other openSUSE flavors like Leap, MicroOS, Aeon, Leap Micro and Slowroll. Communication and input from Logo Contest participants helped the group to collaborate on crafting a new logo. This new logo decided on by the release team took elements from the contest. The new logo has recognizable brand elements that reinforce a connection to the openSUSE ecosystem.

During a Leap 16.0 branding focus group at an openSUSE Conference in 2024, community contributors began creating designs and developing plans for evolving visually engaging wallpapers that display day or night and light or dark variants.

Ideas from the session centered around nature-themed day and night variants featuring desert and jungle landscapes with complimentary stylized chameleons along with the use of creatively displaying the Leap logo. This Leap logo concept incorporated a constellation pattern in the night’s sky design and a subtle Leap logo concept as a cloud.

The new wallpapers reflect the versatility of openSUSE Project that blend creativity with the stability and reliability users expect, said Leap release manager Lubos Kocman. The goal is to offer visually stunning designs that capture both the light of day and the tranquility of night, all while showcasing the adaptability of our beloved chameleon mascot. A photo of the Bluetail Day Gecko, which aligns with Geekos.org, offers a timely opportunity to feature a gecko with a chameleon-like appearance.

Designs began to take shape through collaborative efforts on the project’s branding repository on GitHub. Contributors shared drafts and provided feedback. Kocman himself has shared several iterations, experimenting with gradients and textures in the night scene and refining the sky’s appearance with gradients of purple and blue. One design even featured Aurora Borealis; after some community feedback, the contributors realized that Van Gogh wasn’t coming back to paint it for the release, so the team opted for a simpler starry night sky that better complemented the openSUSE brand’s clean and minimalist aesthetic. Kocman tried incorporating more complex elements like the Aurora Borealis, but sometimes simplicity speaks louder, Kocman commented. The design with a clean blue sky and soft starry details of a constallation felt more in line with openSUSE’s overall philosophy.

Many contributors in the community suggested incorporating constellations such as Aquila, Sagittarius and Lyra into the night design. These subtle additions give the wallpaper a sense of place, further emphasizing the natural beauty the team aims to capture. And, hey, if people squint hard enough, the Leap constellation is basically the Big Dipper’s cooler cousin!

The new wallpapers are just one component of a broader branding overhaul for Leap 16 and openSUSE’s rolling-release Tumbleweed. The branding team is exploring more abstract, distribution-agnostic wallpapers that can be used across different openSUSE flavors like Slowroll, Kalpa, and Aeon.

The community’s role in shaping the new look of Leap 16 and Tumbleweed didn’t stop at design suggestions. The branding team announced a photo competition inviting users to submit high-resolution photographs featuring chameleons or objects resembling the mascot. This competition is open until Nov. 1 and encourages users to submit original, landscape-oriented images through the branding repository.

Submissions are already rolling in, with some stunning entries showcasing natural landscapes that align with the day and night wallpaper themes.

To learn more about the wallpaper development process and contribute to the conversation, visit github.com/openSUSE/branding.

Leap 15.6 started to use a new logo. Logos for openSUSE distributions and flavors can be found in the project’s distribution-logos repository.

The last update for Tumbleweed’s wallpaper happened in 2018 and Leap’s wallpaper changed in 2022 with version 15.4.

People who are interested in advancing the openSUSE Welcome package or those who would like to share ideas about advancing it, can join a group working on it during HackWeek.

Many thanks to the marketing teams that helped to create this change for the project.

Workshop Continues with GNOME Extensions

The openSUSE Project will live-stream Episode 10 of it Contribution Workshop series on Oct. 24 at 18:00 UTC on openSUSE’s YouTube and X platforms for a GNOME Extensions workshop.

The session will cover how to enhance and customize the GNOME desktop environment using powerful extensions that add functionality, streamline workflows and personalize the desktop experience.

GNOME Extensions are an excellent way for users to expand the capabilities of their GNOME environment and make desktop use more efficient and tailored to individual needs.

Episode 10: GNOME Extensions

These workshops offer a platform for learning and for contributors to ask questions and engage directly with developers, maintainers and experienced members of the openSUSE community.

Whether you’re new to open-source contributions or a seasoned developer, the openSUSE Contribution Workshops offer valuable learning opportunities to improve your skills, engage with the community, and contribute effectively to the openSUSE Project.

The espisdoes for the Contribution Workshop go over a variety of topics including package maintenance, infrastructure or understanding the overall project landscape. These following episodes are tailored to provide an overview and practical advice for open-source software development, use and contribution.

The following episodes were already released:

Note: The live stream was unavailable for openSUSE’s X platform.

(Image made with DALL-E)

Community Plans Tech Summit

The openSUSE community is preparing for the Early Adopter Tech Summit on March 14 and 15, 2025, in Orlando, Florida.

This event will take place at Loews Sapphire Falls Resort at Universal Orlando Resort and will take place as SUSECON concludes.

Partners of SUSE, openSUSE, open-source community projects and community members are all encouraged to register for the summit and submit a talk. There are two types of talks available:

  • Short Talk: 15 minutes
  • Standard Talk: 30 minutes

The call for papers is open until January 15, 2025.

We welcome submissions from anyone passionate about open-source software and community development.

The summit’s schedule will be published in February 2025. Visit events.opensuse.org for more information.

Presenting GRUB2 BLS

GRUB2 with BLS is now in MicroOS and Tumbleweed

Recently the openSUSE project released for MicroOS and Tumbleweed a new version of the GRUB2 package, with a new subpackage grub2-$ARCH-efi-bls. This subpackage deliver a new EFI file, grubbls.efi, that can be used as replacement of the traditional grub.efi.

The new PE binary is a version of GRUB2 that includes a set of patches from Fedora, which makes the bootloader follow the Boot Loader Specification (BLS). This will make GRUB2 understand the boot entries from /boot/efi/loader/entries, and dynamically generate the boot menu showed during boot time.

This is really important for full disk encryption (FDE) because this means that now we can re-use all the architecture and tools designed for systemd-boot. For example, installing or updating the bootloader can now be done with sdbootutil install, the suse-module-tools scriptlets will create new BLS entries when a new kernel is installed, and the tukit and snapper plugins will take care of doing the right thing when snapshots are created or removed.

Reusing all those tools without modification was a significant win, but even better, many of the quirks that classical GRUB2 had when extending the event log are no longer present. Before this package, sdbootutil needed to take ownership of the grub.conf file, as this will be measured by GRUB2 by executed lines. That is right! For each line that is read and executed by the GRUB2 parser, a new PCR#8 will take place, and because GRUB2 support conditional as other complex constructors, it is very hard to predict the final value of PCR#8 without imposing a very minimal and strict grub.conf.

However, with the new BLS subpackage, this file, along with the fonts and graphical assets for the theme, and the necessary modules (such as bli.mod), are now included in the internal squashfs within the EFI binary. GRUB2 will no longer measure those internal files without compromising security guarantees because now it is the firmware that measures the entire EFI when the bootloader is executed during the boot process.

As today, we cannot use YaST2 to install GRUB2 with BLS, but we can do that manually very easily. We need to make a systemd-boot installation, replace LOADER_TYPE from systemd-boot to grub2-bls in /etc/sysconfig/bootloader, install the new GRUB2 BLS package, and do sdbootutil install. Another option is to play with one of the available images for MicroOS or Tumbleweed.

Have a lot of fun!

❌