QEMU, Vim update in Tumbleweed

Snapshot releases of openSUSE Tumbleweed were plentiful during the month of September with the rolling release delivering 27 snapshots out of 30 days in the month.

Since last Friday, four snapshots have been released.

Several libraries were updated in snapshot 20221003. An update of libva 2.16.0 was among those changed in the snapshot; the Video Acceleration Application Programming Interface for Linux simplified some mapping tables. Another library to update was libcap 2.66. This library made the Makefiles more robust to address an error and the package fixed some documentation typos. The links 2.28 package disabled the cache when following redirects from consent.google.com. An update of yast2-network 4.5.8 fixed an issue when writing the NetworkManager configuration without a gateway. The C library for parsing command line parameters, popt 1.19, fixed multiple resource and memory leaks. It also improved random number handling. There were several other packages to update in the snapshot including libbluray 1.3.3, tdb 1.4.7, python-cryptography 38.0.1 and more.

Text editor vim 9.0.0626 updated in snapshot 20221001 and it fixed a Common Vulnerability and Exposure; CVE-2022-3352. The text editor also fixed the command line window that remained visible when quitting with CTRL-C. An update of qemu 7.1.0 switched QEMU Linux use to emulate the same CPU as the one of the host by default. While controversial and tricky, it should be just fine for Linux users, according to the changelog. The emulator had some fixes for arm and added RISC-V support for privileged spec version 1.12.0. The package also provided optimisations and improvements for the vector extension for RISC-V. The update of php7 7.4.32 was a security release that fixed CVE-2022-31628, which had potential Denial-of-Service issues, and CVE-2022-31629, which had a vulnerability to enable network and same-site attackers to set a standard insecure cookie in the victim’s browser. The super-thin layer on the DBus interface fwupd updated to version 1.7.10. It had several fixes including checking for invalid depth requirements and aligning up addresses greater than 4GB.

A few GNOME packages were updated in snapshot 20220930. Both gnome-logs and the screen-reader speech/braille package orca transitioned from the beta release to version 43. The latter prevents double-presentation of notifications and it fixed the presentation of Nautilus items for GTK4. It also fixed a bug causing the wrong voice to be used. Both gnome-logs and orca updated translations while gnome-logs updated screenshots. GNOME’s spellcheck package gspell 1.12.0 had some small maintenance tasks and simplification changes, and pango 1.50.10, which is a text layout and rendering package, fixed line height computations. A total of three CVEs were fixed in the nodejs18 18.10.0 version, which only CVE-2022-35255 was considered to be greater than a moderate threat. The update of yast2 to version 4.5.15 allows for better detection of yast2-journal. Linux Kernel 5.19.12 had multiple Advanced Linux Sound Architecture for ASUS. Other packages to update in the snapshot were perl-Image-ExifTool 12.45 and xterm 373.

Packages to update in snapshot 20220929 were adwaita-qt-src 1.4.2, libqt5-qttranslations 5.15.6 and v4l2loopback 0.12.7.