While the most recent snapshot didn’t include an update of a KDE package, four out of the six snapshots this week did.
Snapshot 20180220 brought a few lesser known packages. The C library for asynchronous DNS requests known as c-ares updated to version 1.14.0. The c-ares update provided a patch for Common Vulnerabilities and Exposures (CVE)-2017-1000381 to protect against a network attack. The image view Eye of GNOME updated translations with the eog-plugins 3.26.2. The Xfce library targeted at application development known as Exo now has version 0.12.0, which was released from upstream six day before being released in this 20180220 snapshot. The requirements were updated for exo 0.12.0 and they include GTK 2.24, GTK 3.22, GLib 2.42, libxfce4ui 4.12 and libxfce4util 4.12. Developers looking to generate random numbers will find the update of the haveged 1.9.2 package. The Haveged package contains a daemon that generates an unpredictable stream of random numbers and feeds the /dev/random device.
Linux Kernel 4.15.4 provided a fix to auto-negotiate security settings mismatches the 20180219 snapshot. Issues with AppStream required appstream-glib to revert from version 0.7.5 back to 0.7.4. The snapshot brought the first point release for KDE’s Long Term Support release of Plasma 5.12. The Plasma 5.12.1 version fixed several bugs including a fix for the mouse settings module that was crashing on Wayland.
The previous day’s snapshot, 20180218, finished the KDE Frameworks 5.43.0 update. GNOME’s update to chrome-gnome-shell 10 enabled extensions with synchronization in Firefox and added option to check updates of enabled only extensions. There are 0 known vulnerabilities with the command line tool and library for transferring data in the curl 7.58.0 update. Suil 0.10.0, which is a library for loading and wrapping LV2 plugins, added support for X11 in Gtk3 and support for Qt5 in Gtk2. Two other noteworthy packages in the snapshot were flatpak 0.10.4, which now allows a personality syscall in devel mode, and dependency solver libsolv 0.6.32, which fixed a bug that could make fileconflict detection very slow in some cases.
KDE Frameworks 5.43.0 had several packages updated in the 20180216 snapshot. This update offers the possibility to create integrate services and actions on any application without having to implement them specifically; this is done through Purpose, which was updated from 1.2.1 to 5.43.0 and offers mechanisms to list the different alternatives to execute given the requested action type. It will facilitate components so that all the plugins can receive all the information they need. KIO and Kirigami appear to have received the most additions and fixes in the release. There was a temporarily disableablement of KAuth support in KIO. Chat client Irssi restored compatibility with OpenSSL in the irssi 1.1.1 version. Libstorage-ng 3.3.164 added function to immediately activate/deactivate a mount point. Apache tomcat 9.0.5 fix NullPointerException when the certificateFile is not defined on an SSLHostConfig and unify the behavior when a certificateFile is defined but the file does not exist for both Java KeyStore (JKS) and Privacy Enhanced Mail (PEM) file types. Linux syscall tracer strace 4.21 provided several enhancements including implementing decoding of netlink descriptor attributes as file descriptors.
Ffmpeg 3.4.2 fixed integer overflows, multiplication overflows, undefined shifts, and verify buffer lengths in snapshot 20180215. A fix for third-party repository handling in the sources dialog were made with gnome-software 3.26.6 . LibreOffice dropped the libreoffice-poppler-0.62.patch in the updated libreoffice 220.127.116.11 package and it’s recommended to execute everything with python3. The flexible SSL library mbedtls 2.7.0 added support for alternative implementations of Galois Counter Mode (GCM), Elliptic Curve Digital Signature Algorithm (ECDSA), Counter with CBC-MAC (CCM) and Cipher-based Message Authentication Code (CMAC). The openexr 2.2.1 package used for the high dynamic-range (HDR) image format, which is used in motion pictures production, fixed several security vulnerabilities and the speech package for machines, speech-dispatcher 0.8.8, improved the code and add German translation to the package.
Beginning the week was the release of KDE Applications 17.12.2 in snapshot 20180214. The release had about 20 bug fixes and improvements for Kontact, Dolphin, Gwenview, KGet and more. NetworkManager 1.10.4 load jansson at runtime, which solves a clash with json-glib that caused a gnome-control-center crash, but also gets rid of a hard dependency. Browser package epiphany 3.26.6 fixed profile migrator that had delete bookmarks when run multiple times. Firewalld 0.5.1 fixed compatibility issues with python3. Linux Kernel 4.15.3 and Samba 4.7.5 were also in the snapshot.
Tags: 4.15 Apache applications 17.2.2 CVE Eye of GNOME ffmpeg firefox Firewalld frameworks 5.43.0 GNOME software 3.26 gtk2 GTK3 haveged irssi KAuth kernel KIO Kirigami libreoffice libsolv libstorage-ng Linux LTS lv2 mbedtls openexr openssl Plasma 5.12 plugin python3 Qt 5.9 samba speech-dispatch SSL tomcat x11