Mesa, Disk Encryption, Xfce Packages Update in Tumbleweed

This week has provided many openSUSE Tumbleweed snapshots focusing on hardware, graphics, desktop environment and more.

From Mesa to the disk encryption package cryptsetup and Xfce software to GraphicsMagick, the snapshots are rolling with new software updates.

The GraphicsMagick 1.3.40 package arrived in the most recent snapshot, 20230215. The ImageMagick fork that focuses on programming Application Programming Interfaces and command-line options fixed a 20-year old bug in the WordPerfect Graphics header reading. The package also provided some new features and has PCX and DCX file support for writing an uncompressed format. An update of gnome-shell 43.3 plugged a leak, fixed a crash and cleaned up some code. A major version update of text shaping engine harfbuzz arrived in the snapshot; moving from the 6.0 version to the 7.0 version, the package brought experimental support to cubic curves in the glyf data table, and it has a new command line utility, hb-info, for querying various font information. A few other updates were made in the snapshot.

Snapshot 20230214 delivered the disk encryption package with the cryptsetup 2.6.1 update. The version fixed a possible iteration overflow in the OpenSSL2 PBKDF2 cryptography backend. The package also fixes a possible hash offset setting overflow, and it does not initiate a re-encryption command when the header and data devices are the same. The changelog states that if data device reduction is not requested, it leads to data corruption since the Linux Unified Key Setup metadata would be written over the data device. An update of NetworkManager 1.42.0 adds support for source load balancing for ethernet bonds and adds support of IPv4 for the Equal-Cost Multi-Path routes. The ECMP routes will be merged. A Common Vulnerability and Exposure patch was dropped in the guestfs-tools 1.50.0 package. CVE-2022-2211 is a flaw that leads to a denial of service either by mistake or by a malicious actor, but it is considered to have a low impact for the package that is used for accessing and modifying virtual machine disk images. The updated package also has a new ‘virt-drivers’ tool; the tool can be pointed at a disk image that lacks metadata and, in some circumstances, can determine useful information about it such as what bootloader it contains and what device emulation it needs to boot. The update of kernel-firmware 20230210 adds missing tuning files for HP Laptops using Cirrus Amplifiers and adds firmware for Cirrus CS35L41 on an ASUS laptops. Some other packages to update in the snapshot were gnome-control-center 43.4.1, libzypp 17.31.8, yast2 4.5.24, vim 9.0.1307 and more.

The 20230212 snapshot focused mostly on updates for Xfce users. The xfce4-power-manager 4.18.1 version updated translations, fixed the management of source identification and implemented a fall back on the lock command with the screensaver should the D-Bus call fail. Some memory leaks were fixed with the xfce4-session 4.18.1 update. Several blurry icons were made more sharp with the update of xfce4-settings 4.18.2, and a duplicated configuration line was removed. The update of patterns-xfce 20230212 replaced gnome-calculator with galculator since it better integrates with the Xfce look and feel. A few changes were also made to the yast2-iscsi-client 4.5.7 version.

An update of nodejs19 19.6.0 in the 20230211 snapshot upgraded the npm dependency to version 9.4.0, and it removed an s390 patch after the fix upstream was accepted. An update of gnome-software 43.4 had some AppStream changes, and gnome-contacts 43.1 fixed several bugs when updating or editing a contact. The GTK+ bluetooth manager, blueman, updated to version 2.3.5 and enabled a plugin that was providing connection errors to devices as well as fixing a right click with a wrong pointer. The update of the dbus-1 1.14.6 version fixed a crash with some glibc versions when non-auditable SELinux events are logged. The updated version also fixed some documentation. GNOME’s personal management application evolution was updated to version 3.46.4, and converts the mail signature into markdown language, which was co-developed by Aaron Swartz.

The 20230210 snapshot from last Friday brought Mesa and Mesa-drivers 22.3.5, which had no new features, but it did fix null descriptors and had a fix for RB+ for sRGB formats. Xfce’s text editor mousepad had some code refactoring and code cleanup in the 0.6.0 version. The 15.2 postgresql15 release took care of CVE-2022-41862, which a server could report an error message containing uninitialized bytes and could make a message accessible to an attacker. A few other packages were updated in the snapshot.