BusyBox, systemd, Gear update in Tumbleweed

openSUSE Tumbleweed started the new year just like it finished the last; on a roll and giving users freshly updated software packages.

The rolling release has been on a daily release streak since the beginning of December and since the beginning of October has only missed one daily snapshot; !

The latest snapshot to arrive was 20230111 and it brought an update in yast2 that gives help text within the YaST Control Center from the 4.5.21 update. A migration of the Pluggable Authentication Module settings to /usr/lib/pam.d took place in a samba 4.17.4+git update. There was a 1.0.2+git update with kdump, which improved the generation of calibrate.conf; it uses static IP addresses for calibration. The package also fixed s390x build dependencies and fixed the package summary in the spec file. The second Linux Kernel update this week arrived in this snapshot; kernel-source 6.1.4 fixed the grub2 menu handling for rebooting. Advanced Linux Sound Architecture changes with the kernel update applied a dual codec fixup for Dell Latitude laptops. An update from this year of ncurses improves configure-script macros vs compiler warnings, and vim’s benevolent dictator for life Bram Moolenaar suggested ncurses add an RV report+version, which was implemented in the release, according to the changlog. Several other packages updated in the snapshot, which included several libqt5 cross-platform application and User Interface framework packages.

Snapshot 20230110 updated a package that several small or embedded system developers are finding useful; busybox, which combines tiny versions of many common UNIX utilities into a single small executable. This package fixes a Common Vulnerability and Exposure. CVE-2022-30065 did not properly sanitize while processing a crafted awk pattern, leading to possible code execution. The package also had various other fixes and enabled SHA hardware acceleration. GNOME’s virtual file system gvfs updated to version 1.50.3 and fixes hangs when a connection is released. It also prevent automounts from resuming after a suspension, and the package update adds support for xx-large and x-large thumbnails. Notification about unprepared critical updates were stopped in the gnome-software 43.3 update. GNOME’s evolution 3.46.3 fixed a few memory leaks and some bugs; like a crash when RSS is reading a feed with an empty author, or like duplicating of attachments when forwarding personal information management application. The image processing package GraphicsMagick updated to version 1.3.39 and added new features like support reading AV1 Image File Format via libheif if it supports the decoding of AVIF. Members of the project and its principal maintainer are asking for volunteers to help maintain the 26-year-old package. An update of php8 8.1.14 took care of CVE-2022-31631, which occurred due to an uncaught integer overflow that made it possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place. The package fixed several bugs including two failures related to OpenSSL. Along with yast2-installation and yast2-trans several other packages updated in the snapshot.

A total of two packages updated in the 20230109 snapshot. One of the packages, hidapi, updated for version 0.13.0. The library for communicating with USB and Bluetooth devices added a Meson build script and added support for devices over the Serial Peripheral Interface, which is an interface specification used for short-distance communication primarily with embedded systems. The other package to update was libmfx 22.6.5. The Intel Media SDK dispatcher library package added security reporting information.

Three packages were updated in snapshot 20230108. The updates included libstorage-ng 4.5.62 receiving updated Macedonian translations using Weblate. A major version python-cryptography dropped support for LibreSSL below version 3.5. The 39.0.0 cryptographic package also removed support for OpenSSL 1.1.0. The tool that generates smaller dumpfiles from kdump memory dumps was the last package to update. This 1.7.2 makedumpfile added support for the Linux Kernel update to version 6.0 that is specific to x86_64.

The 44.1 major version of gedit arrived in snapshot 20230107. The general-purpose text editor had some code refactorings, updated translations and makes more use of Tepl features related to GtkSourceView-based. KDE Gear 22.12.1 had tons of fixes. Kdenlive has a new camera proxy for the Akaso action camera. The video editing package fixed a couple crashes like one where the app kept dropping an effect with a scene and a zoom that was behaving incorrectly. An update of KMail fixed a bug where opening a progress window did nothing and a fix for Kontact crashing upon startup. The kitinerary added support for international tickets with Italy’s primary train operator Trenitialia. Several other KDE Gear packages were updated in the snapshot. An update of systemd 252.4 added several patches and fixed CVE-2022-4415, which was a security flaw that could cause a local-information leak due to systemd-coredump not respecting a kernel setting. A CVE-2022-46908 patch was dropped and SQL functions removed related to its harmful side-effects with the update of sqlite3 3.40.1; the script did not properly implement the azProhibitedFunctions protection mechanism. The sqlite package also fixed a potential infinite loop in alternative memory. A crash that might occur when managing browser history was fixed with Mozilla Firefox 108.0.2 update. There were several other packages updated in the snapshot including firewalld 1.3.0, btrfsprogs 6.1.2, zypper 1.14.59 and more.

Chess players using GNOME will have a keyboard shortcut fix with gnome-chess 43.1, which arrived in snapshot 20230106. The screen reader for those with no or limited sight will benefit from the Orca 43.1 update. There were many bug fixes with the speech and refreshable braille package, which included several issues related to preferring the TableCell interface and a fix for repetition of text elements during Orca’s Say All command for web content. Bugfix release KDE Plasma 5.26.5 fixed the initialization order with KSignalHandler in the kscreenlocker package. There was a fix for connecting to WPA3-personal networks in the plasma-nm update. The KDE update also brought many fixes for the Window Manager and Wayland Compositor KWin. One of those requires a reboot after changing a primary selection option. There was an update of fetchmail 6.4.35 that now warns about OpenSSL with version before 1.1.1s or 3.0.7, and the update rejects wolfSSL older than version 5.5.0. It also updated Swedish and Esperanto translations. The super-thin layer on the DBus interface fwupd added many new features in the 1.8.9 update. It added SHA384 support for Trusted Platform Module hashes and categories like X-FingerprintReader, X-GraphicsTablet, X-Dock and X-UsbDock. The kernel received it’s first update of the week in this snapshot from last Friday.