Heya folks! Your weekly sync news has arrived! We have some critical CVE fixes this week, so make sure to apply updates as soon as possible. Some of them are actively being exploited in the wild.

@ermo made changes to our bash package to support ~/.bashrc.d/ script sourcing, similar to Fedora. Any files in ~/.bashrc.d/* are sourced after all other /usr/share/defaults/etc/profile.d/ and /etc/profile.d/ scripts are sourced. This in effect makes it simple to perform per-user changes to override system settings, by copying changed files into .bashrc.d/ and editing them there as per user requirements. Additionally, this feature also has the nice side effect that it becomes simpler and easier to save and restore user shell customizations across installations without having to edit the default ~/.bashrc file.

@ReillyBrogan has enabled the BORE scheduler for our Linux kernel. The BORE CPU scheduler is implemented as a series of patches to the default CFS scheduler that use heuristics to identify threads/processes that are likely interactive, so it can prioritize them over those that are likely not. This results in improved system latency under load, which is generally a good thing for a desktop-oriented distribution like Solus. The con is that there is likely a slight reduction in throughput, though most users would prefer having an interactive system (IE they can still use it during things that take a lot of CPU) over one that finishes builds a few seconds faster but that the system is generally unusable.

The BORE scheduler is disabled by default. If testing goes well, it may be enabled by default later down the road. See this issue if you would like to help test this feature and provide feedback on it.

@ZachBacon has been working on the GNOME 45 update recently. It hasn’t landed in the Solus repository yet, but keep an eye out in the coming weeks for more news. Check out the GNOME release blog if you want to know what’s changed in 45.

Have you ever wondered what it takes to update a package? This is the perfect time to learn! The Communications Team have made further passes at the documentation this week to make them even easier to follow. We always welcome new contributors, and we’re on Matrix in the packaging channel if you need help. A great way to get started would be helping to solve this issue to add proper homepages to packages. So what are you waiting for? Visit here to get started.

Security updates include:

Other notable updates this week include:

Hardware support:

General software:

Gaming Updates:

Language Updates:

  • Openjdk-11 and openjdk-17 have been updated to 11.0.20.1 and 17.0.8.1 respectively
  • mujs 1.3.3
  • Juliaup is now in the repos! This replaces our existing julia packages.

Those are all the updates we have for this week! See you here for the next one.

How did the sync go for you?

This poll has ended.

    just got home from work, updated 42 critical packages: kernel, firefox, nemo, glibc, breeze icons, and all else you had in there.
    rebooted. all icons good, folders normal, apps all launch, no problems.

    As a user I could not be happier with Solus leadership and crew after the power came back on at the beginning of the year.

      brent just got home from work, updated 42 critical packages

      I just installed 111 on my Plasma laptop. Lots of packages with names starting with "K". As before, when I rebooted, my Bluetooth was disabled. No real biggie this time, as I now knew what to do. I plugged in the dongle for a wireless mouse, and used it to enable Bluetooth in my System Settings. After that, no more problems.

          Merged 2 posts from Thanks for the Updates.

          The update went well as usual, but I wonder why the papirus-icon-theme package always takes so long to install compared with pretty much any other package?

            UncleSlacky I also noticed the update kind of parked itself there for a long while. reckoned it was many files. sometimes these theme folders have. sometimes these theme packages surprise you.

              EbonJaeger the firefox weekly update are interesting to read when I make the time to scan changelog:

              "CVE-2023-5217 A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library."

              these things are probably more common than I thought. As a layman I think either bad guy tried to implement or a white hat go there first..

                  brent The former unfortunately. The libvpx vulnerability and last weeks libwebp vulnerability were both discovered being actively exploited in the wild. Hence the rush to patch them across all affected software immediately.

                    WetGeek As before, when I rebooted, my Bluetooth was disabled.

                    Team, any idea what might be doing this? The first time it happened, it took me by surprise. It had never happened in all the years I've been doing weekly updates. All I knew was that my mouse didn't work, and my keyboard didn't work. I could do nothing with this laptop. So I used that occasion to reinstall the OS, making some small improvements as I did.

                    The next week, I accidentally found out that Bluetooth was disabled after the update, so I dug out a wireless mouse, plugged the dongle in, and used that mouse to enable Bluetooth in the system settings. That's all it took to make my mouse and keyboard both work normally again. They even connected automatically.

                    So, every week since then I've known what to do, and it doesn't take me long to enable things again, but it's really annoying. Plasma system here. Low priority problem. If I should file a bug report, let me know and I'll do that.

                    • ermo replied to this.

                        elfprince It looks nice and that's good enough for me. It's not like waiting a minute or two for an update to install for it is an actual deal breaker.

                            WetGeek If I should file a bug report, let me know and I'll do that.

                            I think you should. Then we can make it a point of focus to figure out if this is a general issue, an issue that affects certain hardware etc.

                            Thanks for reporting and for being so patient with us while we get our ducks in a row.

                                BTW, let us know if you think this summarized changelog is something you find valuable or not. It takes a fair amount of time to sort it out and we won't do it if it's not useful enough to people (we could be updating more packages with that time instead).

                                Please mention if you'd be willing to help support someone doing this on a weekly basis via additional opencollective donations.

                                  ReillyBrogan BTW, let us know if you think this summarized changelog is something you find valuable or not.

                                  I may not be your typical user, but I find it to be a very nice addition to the sync notes.

                                  Top Job! 💪😎👍

                                    ReillyBrogan I like those a lot. It gives somewhat more insight then just looking at the package update list. It also shows how active the development is and might help attracting new users which might help raising more donations. Just restarted my small monthly contribution 😉

                                    But I would understand if you stop it because of the work something like this needs.

                                      Update ok
                                      Note for Firefox, it was no longer in French but in English, I had to redownload the language fr