Tumbleweed Update Highlights Redis, HarfBuzz Changes

This week’s openSUSE Tumbleweed updates had changes for harfbuzz, xterm, Redis, Audacity and more

Snapshots have been rolling out consistently this week.

The 20230718 snapshot updated two packages. Changes in the pentobi 23.1 update include a fix for an issue related to overwriting game files on Android and the zlib-ng-compat 2.1.3 had improvements and implemented updates to make the library more robust and efficient. The data compression optimizer package also dropped a patch that was no longer needed with the upstream changes.

Among the packages to update in snapshot 20230717 was a new major version of ext shaping engine harfbuzz; the 8.0.1 version includes a number of new features like an experimental, WebAssembly (WASM) shaper, as well as a number of bug fixes. The shaper offers increased flexibility for shaping fonts by utilizing WebAssembly embedded within the font file, but the WASM shaper is disabled by default and needs to be enabled during the build process. There were also several optimizations with the package. Font render freetype2 2.13.1 had a number of new features and bug fixes. The most notable changes are the addition of a new function FT_Get_Default_Named_Instance , FT_GlyphSlot_AdjustWeight, which can be used to adjust the glyph weight either horizontally or vertically. The fuse3 3.15.1 includes a reduction in the default write size by half. An update of poppler 23.07.0 made improvements and addresses issues such as reading UTF8-with-BOM files, rendering malformed documents, and took care of crashes related to overprint preview and signature handling. An update of xterm 384 also corrected the rendering of double-width characters with bitmap fonts, and fixes problems related to Remote Graphic Instruction Set, including handling color initialization and whitespace for color values. Overall, the snapshot covered a common theme of improving and enhancing various packages related to font rendering, shaping, document handling, and terminal emulation. Several other packages updated in the snapshot including krb5 1.21.1 and rsyslog 8.2306.0.

Mozilla Firefox updated in snapshot 20230716. Version 115.0.2 had a number of bug fixes and a Common Vulnerabilities and Exposures fix. CVE-2023-3600 was a use-after-free vulnerability that could be exploitable through a crash. In the macvlan component of iproute2 6.4, a new parameter called bclim was added. The Linux Kernel updated to version 6.4.3 after a hold in openSUSE’s bugzilla with issue 1012628. Another package to update in the snapshot was libvirt 9.5.0. The new version includes important changes such as the ability to configure the discard-no-unref feature of the qcow2 driver in qemu, which is expected to reduce cluster fragmentation of the image. Other improvements were made in the handling of CPU compatibility and proper handling of memory slots for non-DIMM devices. Several other packages were updated in the snapshot.

Snapshot 20230714 updated redis to version 7.0.12, which took care of two CVEs. CVE-2022-24834 was related to Lua scripts that can be executed to perform various operations. The flaw would have allowed a specially crafted Lua script to trigger a heap overflow in the cjson library. The other, CVE-2023-36824, was related to extracting key names from a command and a list of arguments and, in certain cases, had an extraction process that could also trigger a heap overflow. An update of ibus-table 1.17.1 updated translations and function get_active_window_xprop() is expected to return an empty values as pointed out in a resolved Fedora issue. Added support for Python 3.12, and compatibility updates with the railroad-diagrams package was made in the python311-pyparsing 3.1.0 update.. Netfilter library libnftnl 1.2.6 introduced a new expression for routing tables and GTK4 map widget libshumate 1.0.4 had change to the download process during animations.

No packages received a new version is snapshot 20230713, but it had a small change with audacity that updated constraints for the RISC-V architecture. The glibc package also had a change to improve its functionality and reliability. Changes were also made so that the package is compatible with the latest GNU Compiler Collection 12 version, which were helpful for builds arriving later in the week. A change was made to the libguestfs package to resolve an issue with resolve an issue with finding the supermin tool.