Flatpak, OpenVPN, Bash update in Tumbleweed

This week has produced more than a few openSUSE Tumbleweed snapshots with a moderate downloaded size of packages for those who did a zypper dup.

Snapshot 20231122 is the latest to arrive for openSUSE’s rolling release users. An update of the super-thin layer on the DBus interface, fwupd, arrived in the snapshot; the 1.9.9 version includes a new generic request feature that identifies the device power cable status to enhance devices’ power management capabilities. The package also incorporates support for specific hardware like the Lenovo X1 Yoga Gen 7 530E. The update of git 2.43.0 had a multitude of enhancements, which includes improvements in handling the --rfc option within git format-patch and the package enhances maintenance job schedules, updates handling of authentication data in libsecret keyrings and adds flexibility for aliases in command-line completion scripts. The update of transactional-update 4.5.0 improves handling of permissions when creating overlays in libtukit, introduces support for rollback via the library, implements snapshot delete and rollback methods in tukitd and adding checks for missing arguments in tukit commands like close and abort. There was also some code cleanup for the software package. A few more packages updated in the snapshot like xen 4.18.0_04 and package installer python-pip 23.3.1, which resolves issues related to error handling, metadata normalization, and handling of removed versions.

An update of openvpn 2.6.8 arrived in snapshot 20231121. The new version fixes issues such as a SIGSEGV crash caused by an unsuccessful TLS handshake that had memory issues leading to sending freed memory to the peer and fixes hard incompatibilities between client and server versions. The update removes certain obsolete features, adds warnings for specific configuration combinations and introduces improvements to the build systems for Windows platforms. A 17.0.5 update of llvm17 made adjustments for testing clang-tools-extra and liker LLD components while maintaining consistency in test adaptations. The Linux Kernel also updates in the snapshot as kernel-source updates to version 6.6.2 and resolves multiple issues within the Wi-Fi subsystem, including RCU usage warnings and other improvements across the kernel codebase. Several other packages updated in the snapshot including ImageMagick 7.1.1.21, yast2-trans and more.

While not having the most packages of the week, snapshot 20231120 was fairly sizable due to an update of libreoffice 7.6.3.1. The updated office suite version fixes crash occurrences, misalignments in document layout, errors in the PDF export and the incorrect display of tables and text frames in .DOCX files. For more in-depth information can be found in the LibreOffice changelog. The update of gnutls 3.8.2 resolves a timing side-channel vulnerability within the RSA-PSK key exchange that was known as CVE-2023-5981. The utility also introduces Application Programming Interfaces functions enabling Elliptic Curve Diffie-Hellman and Diffie–Hellman key protocol agreement. The update of image editor inkscape 1.3.1 addresses more than 30 crashes and freezes, which particularly impacts PDF import and Live Path Effects. The package provides two new features; the first is the ability to split text into individual letters while the other new feature allows for a disablement of snapping to grid lines. Gradient dithering is now also available. More than half a dozen other packages were updated in the snapshot.

Flatpak 1.15.6 and harfbuzz 8.3.0 both updated in snapshot 20231119. The 8.3.0 version of the text shaping engine enhances the memory barrier to prevent potential segfaults and various fixes related to subsetting and instancing. The option name hb-subset has been renamed to --variations for consistency among tools. Flatpak mandates a requirement for bubblewrap version 0.8.0 in distributions that compile Flatpak separately.The package enhances security by setting user namespace limits and improves the handling of environment variables for subsandboxes initiated by flatpak-portal. The gnome-bluetooth 42.7 resolves issues related to the Obex Push server’s automatic acceptance of files from paired devices. The bluez-gnome fork tackles bugs causing inconsistencies between the device’s connection switch appearance and the actual connection state. The update of webkit2gtk3 2.42.2 addresses a Content Security Policy regression that previously impacted Unity WebGL applications. The package also resolves CVE-2023-41983 and CVE-2023-42852, which allowed for the processing of web content that may have led to arbitrary code execution. A few other packages updated in the snapshot.

Snapshot 20231117 has several package update. Bash 5.2.21 includes multiple upstream patches to address various issues like resolving an off-by-one error causing command substitutions to fail within a here-document. The package fixes cases where the shell incorrectly attempted to set the terminal’s process group back to the shell’s and also fixes for problems related to returning tokens during syntax errors. An update of AppStream 0.16.4 introduces new features including the allowance of hyphens in the last segment of a component-ID and the implementation of the developer element for unique developer IDs. The update of bind 9.18.20 addresses issues such as incorrect resigning of unsigned inline-signed zones containing DNSSEC records and Service Location Protocol has been disabled by default for openSUSE Factory and ALP due to bsc#1214884. Other packages to update in the snapshot were gstreamer 1.22.7, libcrypt 1.10.3, libstorage-ng 4.5.157, nodejs21 21.2.0, pipewire 0.3.85, poppler 23.11.0 and several more.