The trend this week is like Tumbleweed on cruise control just rolling out snapshot after snapshot.
Among the updated packages in snapshot 20220816, postgresql14 14.5 made a splash with fixing a Common Vulnerability and Exposure; with CVE-2022-2625, the extensions use of
CREATE OR REPLACE or
CREATE IF NOT EXISTS are not being adhered to according to the documented rules and attacker can run arbitrary code as the victim role, which may be a superuser. PostgreSQL is blocking this attack in the core server, so there is no need to modify individual extension scripts. Moving on to a more lighter subject, the snapshot provided an update of filesystem utility xfsprogs 5.19.0. The newer version update provides more autoconf modernization and fixes a memory leak. It’s counterpart, xfsdump 3.1.10, fixed bind mount handling that was corrupting dumps and removed Data Management Application Programming Interface support. Xfce users can now have window capture in HiDPI mode thanks to an update of xfce4-screenshooter 1.9.11.
KDE Frameworks 5.97.0 glided into snapshot 20220815 and gave Plasma Desktop users several fixes. Frameworks updated blur and other window effects when the dialog changes size and the password storage KWallet Framework introduced a Secret Service API. User Interface framework Kirigami added workaround for the Qt horizontal scroll-view bug. KIO had an update to better prevent duplicate bookmarks for the same Hypertext REFerence. Text editor vim saw its second update of the week; its 9.0.0203 version had some fixes for invalid memory access and a fix for extra space of virtual text when ‘linebreak’ is set. The diagnostic, debugging and instructional userspace package strace updated to version 5.19. The update had changes in behavior and implemented some decoding socket option and netlink attributes. The last package to update in the snapshot was hdf5 1.12.2; this general purpose library and file format for storing scientific data dropped one patch, disabled another and enabled the rpm and deb CPack generators on Linux.
Snapshot 20220814 updated the distribution to Linux Kernel 5.19.1. Nearly a third of all the updates for the kernel were related to bluetooth and most of those were for the RTL8852C wireless module. An update of gnome-shell 42.4 improved the overview animation performance and had a fix for remembering the set up of bluetooth devices. GNOME’s layout and text rendering package pango updated to 1.50.9 and fixed a thread-safety problem. There was a minor update to the boot splash package plymouth; the update can be used to check the secure boot configuration and put a red warning image on the screen if the secure boot is disabled, according to the changelog. NetworkManager 1.38.4 and mutter 42.4 were also updated in the snapshot.
GNU’s collection of binary tools binutils 2.39 was the lone package to update in snapshot 20220813. The ELF linker now supports a
--package-metadata option that allows embedding a JSON payload in accordance to the Package Metadata specification. The linker can also now generate a warning message if the stack is made executable.
Snapshot 20220812 had relatively few packages updated. The one major version update was made to the parse and domain-name decomposer rubygem-public_suffix 5.0.0. The new major version updated definitions and requires a minimum Ruby 2.6 version. The use of importlib-metadata for runtime package version lookups was made in the python-pbr 5.9.0 update, which is used to manage setuptools packaging. Another package to update in the snapshot was ncurses, which trimed out some unwanted linker options seen in Fedora 36.
The 20220811 snapshot started off the week with updates to Mozilla Firefox 103.0.2. The browser update fixed menu shortcuts for users of the JAWS screen reader and fixed an occasional non-overridable certificate error. The 42.4 version of gnome-desktop made Italian and Serbian translation changes and fixed detail text when it contained markup. An update of icewm 2.9.8 made a change that a restart will start icewm if no Window Manager is active and the package also updated the grouping menu when removing a task. Vim had its first update of the week in this snapshot and iproute2 5.19 added a
set command and a group
link with it ipstats. Intel had a CVE fixed in the ucode-intel 20220809 update; the company thanked those involved for helping find and solve CVE-2022-21233, which affected some processors.