KDE Gear, FreeRDP update in Tumbleweed

This week’s openSUSE Tumbleweed snapshots varied from large to small and there was also an updated arm Tumbleweed snapshot released.

Packages to arrive so far this month have touched several portions of the rolling release.

Snapshot 20230904 had security fixes for two packages. The XML parsing package libxml2 addresses CVE-2023-39615, which pertains to a crafted XML that could potentially lead to a global buffer overflow, and libxml2-python mitigates this vulnerability with a patch.

An update of FreeRDP arrived in snapshot 20230902. The update of freerdp 2.11.0 had various input validation fixes and addresses potential vulnerabilities to enhance security. The package introduces various CMake options to provide more flexibility in building the package. There are fixes related to LibreSSL and the inclusion of support for big endian systems. The package also had changes in handling the H.264 codec by adopting a new FFmpeg Application Programming Interface. An update of php8 8.2.10 fixes a command-line interface (CLI) server crash and addresses issues in the MySQLnd extension to ensure proper authentication with password accounts and prevents segfaults. SDL2 2.28.3 introduces a gamepad mapping for the G-Shark GS-GP702 and the package fixes touchpad events for the Razer Wolverine V2 Pro controller in PS5 mode. An update of xdg-utils merges an upstream patch and has changes to support KDE Plasma 6 when releases. Several other packages updated in the snapshot including suse-module-tools 16.0.34, virtiofsd 1.7.2 and more.

More than 30 software packages were updated in the first snapshot of September. Updates for KDE Gear arrived in snapshot 20230901. File manager Dolphin can now hide temporary and backup files, which unclutters the user’s file view. Dolphin also introduces features like showing the progress of size calculations. Document viewer Okular enhances digital signing by allowing additional metadata like reason and location to be added to signatures. KDE’s travel assistant package Itinerary now supports importing online railway tickets and improves the extraction of data from various companies’ documents like Air Asia, B&B Hotels, Deutsche Bahn, Eventbrite, FlixBus and more. An update of Mozilla Firefox 117.0 has changes to take care of memory corruption in various components and fixes issues related to an integer overflow and unencrypted push notifications. The web browser update addresses 13 Common Vulnerabilities and Exposures. An update of git 2.42.0 had some notable changes that includes the ability to tweak the reference hierarchy using patterns with git pack-refs and uses a new hook program in git pack-objects to enumerate extra objects for anchoring. There are also improvements in handling GPG signature verification and the package enhances compatibility with the sparse index feature. An update of Linux Kernel 6.4.12 fixes error handling in crypto and Common Internet File System. It also has some Advanced Linux Sound Architecture (ALSA) System on Chip changes (ASoC) and stability improvements. Several other packages updated in the snapshot including PipeWire 0.3.79, python-pip 23.2.1, LibreOffice 7.6.1.1, Mesa 23.1.6, AppStream 0.16.3, samba 4.18.6 and more.

A new arm Tumbleweed snapshot 20230904 included all the package updates from the software highlighted above.