Node.js, curl update in Tumbleweed

30. Jul 2021 | Douglas DeMaio | CC-BY-SA-3.0

Node.js, curl update in Tumbleweed

Six openSUSE Tumbleweed snapshots were released this week.

Among the updated packages that landed this week in the rolling release were curl, GNU Compiler Collection, Node.js, redis and LibreOffice.

The office suite package LibreOffice came in snapshot 20210728. The update to version provided bugfixes addressing some regressions and a few fixes were made to prevent crashes in Writer. Linux Kernel firmware was updated in the snapshot and PDF rendering library poppler 21.07.0 provided some minor code improvements for build systems while also fixing a memory leak on broken files. The 2.32.3 webkit2gtk3 fixed several crashes and rendering issues and addressed a dozen Common Vulnerabilities and Exposures.

The 20210727 snapshot provided just a single package update to gcc11. The update of the head branch included the 11.2 release candidate and a corrected adjustment to the General Public License version 3.0. The package update also provided a libc-bootstrap cross compiler for AArch64 and RISC-V.

Snapshot 20210726 provided four package updates. Updated packages include gnome-sudoku 40.2 that fixed complex text for printing sudokus, The Linux networking package iputils 20210722 added a build requirement and fixed a broken start of services function. The two openSUSE packages updated in the snapshot were to polkit-default-privs and module manager yast2-nfs-server 4.4.1, which had a fix to properly determine a client name.

Node.js upgraded some dependencies in version 16.5.0 and has an experimental implementation of the Web Streams API in snapshot 20210725. The 6.2.5 version of redis, which supports different kinds of abstract data structures, fixed a CVE integer overflow. A few YaST packages were updated in the snapshot like yast2-control-center 4.4.1 and yast2-iscsi-client 4.4.2. The 0.17.3 version of createrepo_c dropped Python2 support and removed some distutils, which were deprecated in Python3. An update to the newest python-setuptools 57.4 was made in the snapshot; the jump from the 57.0 version revamped the backward and cross-tool compatibility section to remove confusion and the package now relies on a native SSL implementation.

Just two packages were update in snapshot 20210724. The 5.13.4 version of the Linux Kernel brought the patch for the Sequoia CVE-20212-33909. The kernel also fixed some ethernet plugin detections problems for arm as well as a duplication of a USB4 target module node. The same version for kvm_stat added a restart patch to enable a kvm service reboot as systemd’s initial attempt to start the kvm unit file may fail; this appears to be done in case the kvm module is not loaded.

The snapshot that started off the week, 20210723, brought some fixes to Mozilla Firefox 90. The 90.0.1 version updated a rare crash on shutdown and fixed a looping process of some HTTP3 responses. Daniel Stenberg provided an update of the curl 7.78.0 security fixes, which is a popular library and command-line tool that transfers data using various network protocols. The curl team addressed a few CVEs including CVE-2021-22924 that had a bad connection based on the config matching function. GTK3 3.24.30 had some accessibility improvements and fixed a memory leak. The updated version NetworkManager 1.32.4 changed some IPv4 configuration and fixed a nftables backend. The compiler plugin that allows clang to understand Qt semantics, called clazy, updated to version 1.10 and fixed a crash when the Platform Controller Hub is enabled. Other packages to updated in the snapshot were virtualbox 6.1.24, ncurses, yast2-network 4.4.21 and webkit2gtk3 2.32.2.

Share this post: