Heya folks! We have a lot of items to share this week. Let’s start off with yet more CVE security fixes.

First up is curl, which had two CVE fixes this week, CVE-2023-38545 and CVE-2023-38546. These issues have a severity of HIGH. You can read this blog post for more information. Secondly, we have a security fix for libcue, a library for parsing and extracting data from CUE sheets. CVE-2023-43641 enables GNOME users to be exploited by downloading a malicious cue sheet from a webpage. See this article for more information. Both fixes were cherry-picked to Stable during the week. As always, please make sure you are fully updated!

@ReillyBrogan switched Solus to using systemd-resolved by default, following other distributions. This enables the use of a centralized DNS cache, improving compatibility with VPNs that push DNS servers via NetworkManager integration. The NCSD cache has been disabled, since it is superseded by systemd-resolved. Detailed information about these changes in Fedora can be found here and here. Due to positive feedback in testing, the BORE scheduler has also been enabled by default in this week’s kernel update.

We’ve made some changes to our Firefox package, in addition to updating it to 118.0.2:

  • Launch in Wayland by default (does not affect Budgie or MATE)
  • Switch to managing langpacks similar to Fedora
    • This should hopefully fix issues with language preferences being reset after updates.
    • If it does not fix the issue, then please let us know here.
  • Use more shared system libraries instead of bundled ones
  • Fix default browser detection

@ZachBacon has been hard at work updating our GNOME stack to 45.0. As always, the GNOME stack has taken a lot of work, but it is nearing completion. Keep an eye out for more information regarding this upgrade in Solus Soon:™:! It’s anticipated that this will land in Unstable over the weekend, which means that sync will be deferred next week for testing!

We’re almost halfway through Hacktoberfest already, and we have received and merged almost 60 pull requests adding homepages to packages! If you would like to help out, there’s still plenty of time left, and these tasks aren’t going away! If you’ve never done packaging before, check out our Help Center packaging articles to get started, and check out the issues labeled Good First Issue on our issue tracker.

Other changes this week:

Core system

  • Linux-current 6.5.7 and linux-lts 5.15.135
  • Pipewire v0.3.82
  • Our glibc package had the way it did hwcaps changed to the newer method. Hwcaps are special libraries compiled for newer processors that are loaded on-demand for CPUs that support those instructions. This won’t have any user-facing impact but it does open up the update to a newer glibc!
  • Network-manager saw an overhaul land this sync. It should now use the internal dhcp client rather than the deprecated ISC dhclient, let us know if you have any issues with this. It should also now integrate better with systemd for the network-online target.
  • libicu 73.2 (Thanks Zach!)
  • libwebkit-gtk 2.42.1 (Thanks Zach!)
  • Libvirt now supports firewalld (optional) (Thanks Evan!)
  • sqlite 3.43.2
  • containerd 1.7.7
  • curl 8.4.0 (Thanks Silke!)
  • modem-manager 1.20.6 (Thanks Zach!)
  • libblockdev 3.0.4!<

Codecs (All done by ReillyBrogan except for gstreamer)

Apps

Gaming

Theming/Fonts

Languages

That’s it for this week, folks! Keep a look-out for more news next week! And remember, there will be no sync next week.

How did the sync go for you?

This poll has ended.

    I tried a new thing with spoiler tags, but adding them is a pain because they have to be in just the right place. Still didn't quite get it right. Hrm...

      EbonJaeger I tried a new thing with spoiler tags, but adding them is a pain because they have to be in just the right place. Still didn't quite get it right. Hrm...

      I find them super useful, so if you get them working eventually, I feel it will have been worth it! 😍

        thanks for the CVE info and VERY interesting about firefox/wayland (I don't remember a discussion about that one but things get by me) plus this "Use more shared system libraries instead of bundled ones."

        You guys and girls have been busy. I had 1GB of updates, can't remember that in a while. 106 packages plus a reboot. Everything checks out. Themes, folders, apps all seem ok.

          brent Specifically it now uses the system versions of libaom, libdav1d, libvpx, libwebp, and libwebpdemux.

              ( : @EbonJaeger but to anyone) the daniel sternberg (curl creator orcurl el jefe) explanation was fascinating. he apologized. "I can't believe I didnt see it before" he says. The old way of doing things was to switch the state of things when I filename length (as I understand it) couldn't be resolved instead of adhering to policy and failing to resolve. In that I can see the CVE. this stuff is always buried deep in the catalogs they say.
              This caught my eye:

              bounty hunting is part of your gig?

              @ReillyBrogan thank you for specifics I want to read more about this FF makeover at mozilla later although Brinkman probably has 4 pages about but I've outgrown ghacks. I digress🙂

              EbonJaeger I tried a new thing with spoiler tags, but adding them is a pain because they have to be in just the right place. Still didn't quite get it right. Hrm...

              It's fine without spoilers! I read everything anyway! 😛

                ReillyBrogan brent Specifically it now uses the system versions of libaom, libdav1d, libvpx, libwebp, and libwebpdemux.

                Oh, wait, does that imply that these new libs uses joey's new glibc hwcaps work? I.e., they will support AVX2 and whatnot if the CPU supports it and mesa/nvidia hwdecode of the GPU supports it?

                    With the new update conky seems to be segfaulting inside libcairo

                      EbonJaeger
                      I Love this presentation.
                      Would be cool if the contributor name could be clickable or we just over mouse pointer on it and see avatar and info about the person who worked to make us all proud and cool!
                      Good job Y'all!

                        ermo Yes, if they're built with that option. Some of the referenced libs are.

                          Hi,

                          Nice, having such informative posts is really awesome.
                          Just an idea: bring them to the main website as a regular blog post as it was used to be:
                          https://getsol.us/2017/05/08/this-week-in-solus-install-44/
                          and link the discussion here.

                          Not every newcomer is checking the forums (not sure about that), but everyone considering switching / trying Solus will take a look at the main website / blog. Having more posts there is proving the project is VERY VERY active, which will lead to more users (again not sure about this statement, just thinking aloud).

                          PS: for those of us using dnscrypt and pi-holes at home, what would be the best way to disable the systemd-resolved ? I tried to disable and mask the service, but something keeps removing my custom /etc/resolv.conf ?
                          I really appreciate having one more option to choose from, systemd-resolved is not my thing.

                          Cheers,
                          PY

                            presianbg

                            sudo mkdir -p /etc/tmpfiles.d/
sudo ln -sv /dev/null /etc/tmpfiles.d/systemd-resolve.conf

                            This will disable tmpfilesd from re-creating the /etc/resolve symlink on boot. Although, why not just configure systemd-resolve to use your pi-hole as the DNS server? That would work just as well.

                                ReillyBrogan

                                Thanks, I will try that.
                                I would like to use the dnscrypt-proxy as my local resolver. (for many reasons and functionalities, which are not covered by systemd-resolved).

                                Cheers,
                                PY