Apache, Plasma, firewalld updates in Tumbleweed

This week saw a major transition in openSUSE Tumbleweed for YaST as it moved to a new major version.

Several other packages like Apache, Redis, GVfs, Vim, KDE Plasma 5.27.9 and Frameworks updated in the rolling release this week.

KDE Plasma 5.27.9 arrives in snapshot 20231025. The latest update for the Plasma Desktop makes implements changes to avoid recursively adding every copied file to the desktop. Its recent files component ensures compatibility with an older Frameworks version of kconfigwidgets. Kwin resolves a misgenerated QHoverEvent and enhances functionality by adding QKeySequence functionality to a part of the Virtual Desktop Manager. An update of firewalld 2.0.1 resolves issues related to the command-line interface (CLI) by ensuring that the --list-all-zones output is consistent and that the default zone attribute is correctly displayed. Active attributes for zones and policies are shown accurately, and the --get-active-zones command includes the default zone. There were also enhancements in the nftables integration, so the main table is now always flushed upon the start. Several other issues were resolved, including the proper usage of IPv6 names for ICMPv6 and the configuration of IP ranges and values for ipsets when working with nftables. Updates for GNOME users also arrived in the snapshot. An update of gnome-control-center 45.1 includes enhancing the ability to close the Cursor Size and Shortcuts dialogs using the Escape key. It also supports more types of processors in the About section. A lower timeout when downloading service files, which leads to improved performance was made in the gnome-maps 45.1. This snapshot also updates gnome-terminal to version 3.50.1, which has checks for alternate terminals within the Flatpak environment and improves the handling of the headerbar preference. The second kernel-firmware of the month to version 20231019 fixes the robot email script, updates AMD CPU microcode and introduces support for sending emails during PR/patch processing. The 7.2.2 version of redis has a critical Common Vulnerability and Exposure fix; CVE-2023-45145 creates a race condition that potentially leads to unauthorized Unix socket permissions upon startup, which had existed since the 2.6.0 release candidate version. Several more packages were updated in the snapshot.

Snapshot 20231023 brought updates of some GNOME packages like gvfs, evolution and gnome-software 45.1. The latter update brings various styling fixes, an ability to report PackageKit GPG-related errors in the graphical user interface and it improves Flatpak permission checks. The update also includes translation updates. With evolution 3.50.1, the personal information management application fixes bugs like correcting the conversion of UTF-16 encoded text files, enabling spell checking for editable fields and updates default calendar colors. A fix warning about the failure to solve a puzzle when loading games was made in the gnome-sudoku 45.2 update. Another GNOME package to update was gvfs 1.52.1. This Virtual filesystem implementation addresses issues including the prevention of returning invalid mount cache entries in the client, fixes authentication problems when using DNS-Service Discovery Uniform Resource Identifiers (URI) and resolves IPv6 URI handling problems in the Network File System component. An update of harfbuzz 8.2.2 fixes a regression from 8.1.0 in shaping fonts with duplicate feature tags and resolves a regression from in parsing CSS-style feature strings. The update ofvirtualbox 7.0.12 addresses multiple CVEs like CVE-2023-22098, CVE-2023-22099 and CVE-2023-22100, which would lead to can lead to unauthorized access and system crashes. Several other packages were updated in the snapshot including rubygem-agama 5, which has enhancements like not reusing pre-existing swap partitions in the storage proposal, extends the Software service to configure selected patterns and adapts storage settings for ALP Dolomite.

The update of apache2 2.4.58 arrives in snapshot 20231022. Apache2 addresses CVE-2023-45802, which relates to stream memory management, and CVE-2023-43622, which addresses a DoS vulnerability. The updates include various improvements like enhanced support for WebSockets via HTTP/2 and the introduction of new directives for better control and logging in various scenarios. A 16.2.14.66 update of ceph takes care of issues related to minimal file system BlueFS and enables a 4K allocation unit for it. The package also enables building for RISC-V. An update of dracut addresses issues related to FIPS (Federal Information Processing Standards) setup that was causing test failures and core dumps in various test scenarios. An update of the Linux Kernel had enhancements for Advanced Linux Sound Architecture among other things. The kernel-source 6.5.8 package has network-related component changes, such as net drivers and protocols, and addresses other issues with audio and sound support like that of ALSA System on Chip for a non-functioning mic on Lenovo 82YM. An update of pipewire 0.3.83 fixes a regression, reduces memory usage in audio conversion and removes the buffer-size limit with JACK. The update of xfce4-terminal 1.1.1 improves X11 and Wayland compatibility. Among the other packages to update were libstorage-ng 4.5.149, yast2-storage-ng 5.0.3, freerdp 2.11.2 and more.

The update of the man package 2.12.0 in snapshot 20231020 addresses manual page portability issues and enables timestamps beyond 2038 for the Y2K38 event that’s a long time away.An update of nftables 1.0.9 introduces improvements like custom conntrack timeouts and better support for dynamic sets. Plus it fixes a crash with a log prefix longer than 127 bytes. The sqlite3 3.43.2 update fixes memory leaks, and enhances the JSON processing performance. The version also adds support for Full-Text Search version 5 (FTS5) Indexes that allows for the deletion of indexed records without retaining the content of the deleted records. A ton of version 5 packages in the snapshot align YaST’s versioning with SUSE versions and the service packs it supports; more than 50 yast2 packages transitioned to version 5 to align with one of SUSE’s next major releases.

KDE Plasma users who did a zypper dup with snapshot 20231019 and later received KDE Frameworks 5.111.0 updates. The KIO made improvements to dbusactivationrunner’s service activation and fixes some object paths. A fix in Kirigami allows customizing ‘donateUrl’ in AboutPage for Donate button removal. KImageFormats brings support for repetition count in the avif format, has fixes for multi-image loading in the raw format, and resolves various issues, including crashes in the High Dynamic Rang and Gimp’s xcf formats. The libnvme 1.6+5 update fixes an issue by avoiding stack corruption caused by unaligned direct memory access to user space buffers, as reported. The regular expressions library oniguruma updates to version 6.9.9 in the snapshot. This update includes updating Unicode to version 15.1.0, introducing a new API called and, addressing issues related to character classes and POSIX brackets. Rendering library virglrenderer had its first major release with version 1.0.0. The update transitions to the Venus protocol, eliminating the experimental label from the Venus configuration option. This release also improves the handling of fences between guest and host for synchronization purposes. More major versions of YaST 5 arrived and there were a few other updates to include a 4.19.2 version of samba.

Only three packages updated in snapshot 20231018 from last week that did not make it in our weekly review. That update includes enhancements and improvements to the kernel module management tools kmod; version 31 includes in-kernel decompression for performance and depmod now supports a separate output directory. Another package to update was python-pytz 2023.3.post1 that is replacing deprecated datetime.utcfromtimestamp() and is adding support for Python 3.12. Text editor vim 9.0.2043 was also in the snapshot and enhances documentation, translations and provides a few fixes.