This review will cover the five snapshots made available since August 26. Each of the snapshots delivered about a handful of updated software packages.
Snapshot 20210831 updated bind to version 9.16.20, which fixed a Common Vulnerability and Exposure; CVE-2021-25218 an assertion failure could have allowed an attacker to abused the Path Maximum Transmission Unit Discovery protocol to trick bind into exceeding the interface MTU. The C Library for manipulating module metadata files libmodulemd updated to 2.13.0 and the modulemd-validator enables a user to constrain a document type with a new
--type option. The other packages to update in the snapshot were libqmi 1.28.8 and libjpeg-turbo 2.1.1, which fixed a couple regressions affecting AArch64 and arm 32-bit hardware.
Linux Kernel 5.13.13 was one of the two packages updated in the 20210830 snapshot. The Direct Rendering Manager had some fixes in the kernel update and added an AAL output size configuration. The kernel update also had an Advanced Linux Sound Architecture enablement for the 4-speaker output in the Dell XPS 15 9510 laptop. The other package to update in the snapshot was perl-Image-ExifTool, which had a version bump to 12.30.
Two CVEs were addressed in the update of OpenSSL to version 1.1.1l in snapshot 20210828; one of the CVEs fixed an SM2 Decryption Buffer Overflow that could have allowed for the possibility of changing an application’s behaviour or causing an application to crash. Internal latency of ALSA devices can now be configured with the new PipeWire 0.3.34 version and Tumbleweed enabled the usage of libcamera in the audio and video package to allow for some experimental support. Network protocol analyzer Wireshark 3.4.8 provided a handful of fixes; one of the fixes addressed a dissector bug when processing a Bluetooth Handle Value Notification. Other packages updated in the snapshot were libgcrypt 1.9.4, libssh 0.9.6, pkgconf 1.8.0, python-aioitertools 0.8.0 and yast2-installation 4.4.17, which killed a lot of YCP zombies; YCP is the language YaST was originally written in before moving to Ruby.
Sound artists and musicians can use an updated Audacity that came in snapshot 20210827. The 3.0.4 version of Audacity fixed a compatibility issue with GNU Compiler Collection 11; it also provided some crash fixes affected by the use of multiplied envelope points when using Filter Curve EQ or Graphic EQ. A version bump was made to gnome-desktop 40.4. Eight months worth of mobile-broadband-provider-info updates were in the snapshot and the 20210805 version improved services providers in Europe, Africa and the Americas. Other packages to update in the snapshot were three RubyGems packages, ncurses 6.2.20210814 and publicsuffix 20210823.
Snapshot 20210826 wasn’t covered in the last Tumbleweed blog. The snapshot updated libopenmpt 0.5.11, package management library libzypp 17.28.1, USB network protocol usbredir 0.11.0, the file system debugging tool xfsprogs 5.13.0 and yast2-add-on 4.4.1.
Tags: openSUSE Tumbleweed Developers sysadmin user Open Source Community Pipewire YaST Wireshark Developers Open Source Package manager Audacity Bind Audio gamers GNOME Ruby Superuser distrowatch hacker Linux ALSA Dell Apple ARM Linux CVE Kernel GCC RubyGems OpenSSL Mobile Network