Sync Updates for Week 49, 2023

EbonJaeger

Heya folks! We have a bit of a smaller sync this week, on account of the last sync happening on Monday (or Tuesday, depending on where you live). There are still a couple of interesting developments, though!

Starting off, we have an update for Curl which fixes a couple of CVEs. Curl version 8.5.0 addresses CVE-2023-46219 and CVE-2023-46218, as well as including a bunch of regular bug fixes. Similarly, bluez saw a patch for CVE-2023-45866 and python-cryptography was updated for CVE-2023-49083. While these are not high severity vulnerabilities, it is still important to keep up-to-date.

We've changed the default PAM settings for account lockouts when putting in the wrong password. The PAM defaults will lock you out for 10 minutes if you try the wrong password 3 times in 15 minutes. Our updated defaults changes this to a 10-minute lockout after 10 attempts in 15 minutes. Our goal is to be more tolerant of mistakes while still being reasonably secure. We took inspiration from the NIST Digital Identity Guidelines, specifically sections 10.1 and 10.3.

Speaking of usability, you may notice a difference in virtual console text and the GRUB boot menu. The default font is too small on modern high-definition displays, so we've switched to using the Terminus font in a larger 16x32 pixel font size.

This week, Nushell was included in the repository! It is different from more traditional shells in that everything is data, enabling you to filter and sort output. Check it out! Nushell example

If you've been keeping an eye on the 4.5 ISO task, you'll notice that a lot of checkboxes have been ticked. Over the next couple of weeks, we'll be focusing on testing and fixing bugs ahead of a new ISO release. This may mean that some package updates are delayed. Thank you for your patience.

Other updates this week include:

Our rust package was updated to the recently released v1.74.1, bringing a number of new fixes and improvements!
AOM (one of the many AV1 encoders in the repos) was updated to v3.8.0, bringing increased encoding speed and compression ratio
RSS Guard was updated to v4.6.2. You can now use it for podcasts or as a media player!
SMPlayer was updated to v23.6
VS Code was updated to the November 2023 release! This brings many improvements
A driver for certain Realtek USB Wifi 6 chipsets has been added to the repositories. While we do not recommend purchasing this hardware (you should always try to stick to hardware that has in-kernel drivers) if you already have such hardware it should now work once you install the rtl8852bu package.
Tailscale was updated to v1.54.1
minetest was updated to v5.8.0, bringing many improvements to this open source voxel game!
A longstanding issue with usysconf (which is used to run triggers in response to package installation and updates) was resolved that would cause it to sometimes not run the right commands to register newly installed kernel drivers with the system. If you ever installed a new kernel driver and it didn't work right away then this is most likely fixed now!

That’s all for this week, folks! Check back next time for more update goodies!

WetGeek

EbonJaeger This week, Nushell was included in the repository!

After I finished my updates for the day, I was curious about nushell, so I installed it.

At least, I thought I did. But I can't find it anywhere. Not in the menu, and I can't run it from the terminal. What's its secret?

rav101

EbonJaeger Over the next couple of weeks, we'll be focusing on testing and fixing bugs ahead of a new ISO release.

Looking forward to a new iso. I have a framework 13 laptop on order with a Lexar NM790 4tb SSD. The Lexar SSD needs 6.5.5 kernel or newer to be recognised so currently wouldn't work on the curren Solus 4.4 iso first install to get updated to the current latest kernel version.

Patrice

Hi all,
Same problem than on the previous sync occurs with protonmail-bridge with this sync. I filed a bug.

brent

one of the links:
"This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.
It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with domain=co.UK when the URL used a lowercase hostname curl.co.uk, even though co.uk is listed as a PSL domain."

yikes the bad guys never sleep.
this user appreciates the head's up and the special reaading room that comes with the updates🙂

Solarmass

WetGeek At least, I thought I did. But I can't find it anywhere. Not in the menu, and I can't run it from the terminal. What's its secret?

in a nutshell try nu 😉

Solarmass

Our updated defaults changes this to a 10-minute lockout after 10 attempts in 15 minutes.

Thanks! It sounds more sane 👍️
nothing else to report!

Harvey

While you can run nu from the terminal I think I should point out its a shell. Just like bash, dash, fish, tcsh and zsh which are also in the repository ( bash is the default).

To change your default shell for subsequent sessions you should use:
chsh -s /usr/bin/nu

Then reboot.

If someone is looking for an easy contribution to make, the documentation for changing shells could use an update to reflect new shells added to the repo and the usr merge. https://help.getsol.us/docs/user/software/command-line/#changing-shell

knuckle

was hoping this update would undo the bugs introduced in the last one but alas,no joy.Files still crashes Firefox still freezing system not nearly as snappy and quick as it was -- will give it another week or two of updates before rolling back or doing a fresh install

ermo

knuckle was hoping this update would undo the bugs introduced in the last one but alas,no joy.Files still crashes Firefox still freezing system not nearly as snappy and quick as it was -- will give it another week or two of updates before rolling back or doing a fresh install

What are you system specs? From your post, it would appear that you are using gnome (cf. "Files")? Which session type (Wayland)? Which GPU (NVIDIA)?

On GNOME, you can go into "Settings -> About" and copy the settings and paste them in a reply here? We're not mind-readers you know. 🙂

ReillyBrogan

Cherry-picked a fix for Mesa that should fix issues with Flatpaks and Snaps not loading (or loading but throwing a graphics-related error). Please restart your system after applying this fix and things should work again on your next boot.

WetGeek

ReillyBrogan Cherry-picked a fix for Mesa that should fix issues with Flatpaks and Snaps not loading (or loading but throwing a graphics-related error). Please restart your system after applying this fix and things should work again on your next boot.

Apparently this fix destroyed Vivaldi. I wonder if any other Chromium-based browsers were affected. After quite a bit of fuss, I got LastPass installed and working on Firefox, so I was able to log on to the forum aagain.

I can live with Firefox for a while, but it would be great to know how to undo this last fix. In all my years here, I've never needed to know how to undo one of these.

WetGeek

WetGeek it would be great to know how to undo this last fix

I found out about the eopkg history -t command from the help center, and was able to get rid of this version of mesalib. I'm not sure I could have lasted too much longer using Firefox as a substitute for Vivaldi. If it helps with the debugging, I've tried both Wayland (my default) and also X11, and Vivaldi was unusable on both.

I hope this can soon be actually fixed in the repository, so it will be safe to apply the next update. Actually, I'm glad I finally needed to learn how to restore a previous version using eopkg. It's a very useful thing to know, and very easy to do.

tflovik

WetGeek I think you neet to run:
find ~/.cache -name GPUCache -exec rm -rv {} +
find ~/.config -name GPUCache -exec rm -rv {} +

It fixed my Heroic launcher, i think the mesa fix brought back the need to fix chromium based apps.

joluveba

WetGeek I wonder if any other Chromium-based browsers were affected

In my case, after today's update Brave has been behaving strangely, with some images not loading.

ReillyBrogan If you have rendering issues with Chromium apps after the Mesa update please run the commands in our troubleshooting article.

And this solved it. Thank you very much.

brent

WetGeek . I wonder if any other Chromium-based browsers were affected.

my flatpak ungoogled chromium is fine--so a mesa/vivaldi exclusive perhaps.
be curious if the troublshooting article will help you. I know Vivaldi is your daily browser. good luck WG.

edit: brain fart; wrong browser cited for WG. THanks @elfprince !

totalmongobaer

WetGeek

Hi,
you are right with this Bug, Because i have it too on a absolutly normal laptop (Intel i5 onboard GPU) and the stable Vivaldi from the Solus repo!

Axios

Are you using it in a flatpak
Running Brave here no issues but its repo
When you say destroyed?

elfprince

Same here on Solus Brave. Thanks for the fix!

Axios

I never had Vivaldi installed on this machine
Installed both flatpak and repo they both seem to be fine.
(Just info)

ReillyBrogan

If you have rendering issues with Chromium apps after the Mesa update please run the commands in our troubleshooting article.