Sync Update for Week 39, 2023

EbonJaeger

Heya folks! Your weekly sync news has arrived! We have some critical CVE fixes this week, so make sure to apply updates as soon as possible. Some of them are actively being exploited in the wild.

@ermo made changes to our bash package to support ~/.bashrc.d/ script sourcing, similar to Fedora. Any files in ~/.bashrc.d/* are sourced after all other /usr/share/defaults/etc/profile.d/ and /etc/profile.d/ scripts are sourced. This in effect makes it simple to perform per-user changes to override system settings, by copying changed files into .bashrc.d/ and editing them there as per user requirements. Additionally, this feature also has the nice side effect that it becomes simpler and easier to save and restore user shell customizations across installations without having to edit the default ~/.bashrc file.

@ReillyBrogan has enabled the BORE scheduler for our Linux kernel. The BORE CPU scheduler is implemented as a series of patches to the default CFS scheduler that use heuristics to identify threads/processes that are likely interactive, so it can prioritize them over those that are likely not. This results in improved system latency under load, which is generally a good thing for a desktop-oriented distribution like Solus. The con is that there is likely a slight reduction in throughput, though most users would prefer having an interactive system (IE they can still use it during things that take a lot of CPU) over one that finishes builds a few seconds faster but that the system is generally unusable.

The BORE scheduler is disabled by default. If testing goes well, it may be enabled by default later down the road. See this issue if you would like to help test this feature and provide feedback on it.

@ZachBacon has been working on the GNOME 45 update recently. It hasn’t landed in the Solus repository yet, but keep an eye out in the coming weeks for more news. Check out the GNOME release blog if you want to know what’s changed in 45.

Have you ever wondered what it takes to update a package? This is the perfect time to learn! The Communications Team have made further passes at the documentation this week to make them even easier to follow. We always welcome new contributors, and we’re on Matrix in the packaging channel if you need help. A great way to get started would be helping to solve this issue to add proper homepages to packages. So what are you waiting for? Visit here to get started.

Security updates include:

Bind-utils (CVE-2023-3341 and CVE-2023-4236)
Hwloc (CVE-2022-47022)
Terraform (CVE-2023-4782)
Mdadm (CVE-2023-27836 and CVE-2023-28938)
Mujs (CVE-2022-44789)
Libvpx (CVE-2023-5217)

Other notable updates this week include:

Hardware support:

Kernel 6.5.5 and LTS kernel 5.15.133
Updated Linux firmware
Libdrm 2.4.116
libratbag 0.17
Xorg libinput driver has been updated
Xorg users with synaptics hardware will now use the libinput driver instead of the deprecated dedicated synaptics driver
libevdev 1.13.1. This will hopefully fix some issues users have been experiencing with devices not showing up when connected
mdadm 4.2
solaar 1.1.10 (Thanks Chax!)

General software:

Firefox 118.0.1
Thunderbird 115.3.1
Brave 1.58.135
Thonny 4.1.3
Openshot-qt 3.1.1
LyX 2.3.7.1
Signal-desktop 6.32.0
Cherrytree 1.0.2
Opera Stable 102.0.4880.78
Vivaldi Stable 6.2.3105.54
Tailscale 1.50.0 (Thanks Nazar!)
gpxsee 13.9 (Thanks Nazar!)
kitty 0.30.0 (Thanks Nazar!)
celluloid 0.26 (Thanks Staudey!)
inxi 3.3.30
github-cli 2.35.0
nemo 5.8.5
weechat 4.0.5
eza 0.13.1
hyperfine 1.17.0
lyx 2.3.7.1
terraform 1.5.7
lf 31
Strawberry 1.0.20
Papirus-icon-theme 20230901 (Thanks Staudey!)
Bitwarden-desktop now creates the window decorations correctly on GNOME Wayland (Thanks Joey!)
Bandwhich 0.21.0 (Thanks Nazar!)
font-iosevka-ttf 27.0.2 (Thanks Nazar!)
yt-dlp 2023.09.24 (Thanks Harvey!)
Gnome-mahjongg had a longstanding issue fixed where it would grow in resource usage over time and eventually crash. Now you can play Mahjongg forever! (Thanks Staudey!)
KDE Frameworks updated to 5.110.0
Hugo 0.118.2 (Thanks David!)

Gaming Updates:

Linux-steam-integration: The native runtime is now disabled by default. This was a cause of MANY issues for gamers (Thanks Harvey!)
mangohud 0.7.0
OpenMW 0.48.0 (Thanks Staudey!)
godot 3.5.3 (Thanks Staudey!)
libTAS 1.4.4

Language Updates:

Openjdk-11 and openjdk-17 have been updated to 11.0.20.1 and 17.0.8.1 respectively
mujs 1.3.3
Juliaup is now in the repos! This replaces our existing julia packages.

Those are all the updates we have for this week! See you here for the next one.

brent

EbonJaeger the firefox weekly update are interesting to read when I make the time to scan changelog:

"CVE-2023-5217 A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library."

these things are probably more common than I thought. As a layman I think either bad guy tried to implement or a white hat go there first..

unclemez

EbonJaeger
I love the way you organized the thing this week.
Much more explicit with a good taste of honesty here by giving credit to him/her who deserve it

LarryNG

EbonJaeger Everything appears to be fine on Budgie. Thunderbird required re-entering passwords for my spam-bucket hotmail/live/outlook accounts, but that was a change in Thunderbird, not an update problem. Thank you everyone for the updates! You are appreciated!

EbonJaeger

RESERVED FOR CELTIC MAGIC

brent

just got home from work, updated 42 critical packages: kernel, firefox, nemo, glibc, breeze icons, and all else you had in there.
rebooted. all icons good, folders normal, apps all launch, no problems.

As a user I could not be happier with Solus leadership and crew after the power came back on at the beginning of the year.

WetGeek

brent just got home from work, updated 42 critical packages

I just installed 111 on my Plasma laptop. Lots of packages with names starting with "K". As before, when I rebooted, my Bluetooth was disabled. No real biggie this time, as I now knew what to do. I plugged in the dongle for a wireless mouse, and used it to enable Bluetooth in my System Settings. After that, no more problems.

WetGeek

WetGeek As before, when I rebooted, my Bluetooth was disabled.

Team, any idea what might be doing this? The first time it happened, it took me by surprise. It had never happened in all the years I've been doing weekly updates. All I knew was that my mouse didn't work, and my keyboard didn't work. I could do nothing with this laptop. So I used that occasion to reinstall the OS, making some small improvements as I did.

The next week, I accidentally found out that Bluetooth was disabled after the update, so I dug out a wireless mouse, plugged the dongle in, and used that mouse to enable Bluetooth in the system settings. That's all it took to make my mouse and keyboard both work normally again. They even connected automatically.

So, every week since then I've known what to do, and it doesn't take me long to enable things again, but it's really annoying. Plasma system here. Low priority problem. If I should file a bug report, let me know and I'll do that.

UncleSlacky

The update went well as usual, but I wonder why the papirus-icon-theme package always takes so long to install compared with pretty much any other package?

Harvey

UncleSlacky

It contains 100,049 files: https://raw.githubusercontent.com/getsolus/packages/f65561579085342c31f9649b17574bad823b7ca5/packages/p/papirus-icon-theme/pspec_x86_64.xml

brent

UncleSlacky I also noticed the update kind of parked itself there for a long while. reckoned it was many files. sometimes these theme folders have. sometimes these theme packages surprise you.

ReillyBrogan

brent The former unfortunately. The libvpx vulnerability and last weeks libwebp vulnerability were both discovered being actively exploited in the wild. Hence the rush to patch them across all affected software immediately.

ermo

WetGeek If I should file a bug report, let me know and I'll do that.

I think you should. Then we can make it a point of focus to figure out if this is a general issue, an issue that affects certain hardware etc.

Thanks for reporting and for being so patient with us while we get our ducks in a row.

elfprince

Is there a real need to use Papirus theme? It does take 'eons'....... 😆

ReillyBrogan

elfprince It looks nice and that's good enough for me. It's not like waiting a minute or two for an update to install for it is an actual deal breaker.

elfprince

ReillyBrogan a minute or two? On my machine it takes many minutes.... But I get it. No problemos.

WetGeek

ermo I think you should.

Done. #416.

ReillyBrogan

BTW, let us know if you think this summarized changelog is something you find valuable or not. It takes a fair amount of time to sort it out and we won't do it if it's not useful enough to people (we could be updating more packages with that time instead).

Please mention if you'd be willing to help support someone doing this on a weekly basis via additional opencollective donations.

ermo

ReillyBrogan BTW, let us know if you think this summarized changelog is something you find valuable or not.

I may not be your typical user, but I find it to be a very nice addition to the sync notes.

Top Job! 💪😎👍️

kaktuspalme

ReillyBrogan I like those a lot. It gives somewhat more insight then just looking at the package update list. It also shows how active the development is and might help attracting new users which might help raising more donations. Just restarted my small monthly contribution 😉

But I would understand if you stop it because of the work something like this needs.

zeeleeuw

ReillyBrogan

ReillyBrogan Really liking the summarized changelog 👍. Also happy 😊 with update on LyX. Thanks

Steph

Update ok
Note for Firefox, it was no longer in French but in English, I had to redownload the language fr

davidjharder

Steph Would you mind posting your firefox localization settings to this thread https://discuss.getsol.us/d/9689-firefox-dont-keep-language-setting-after-update/5

ReillyBrogan

Steph This issue has been resolved in unstable and the fix will be in the next sync. Firefox will now automatically adapt to the system locale, and this setting should persist through future updates. You will not need to install any languages manually, the correct one will be installed and configured automatically. Note that existing Firefox profiles will be in English the first time you launch them after the update, but subsequent launches should be in the correct language.