Bash, systemd, libvirt Update in Tumbleweed

There were openSUSE Tumbleweed snapshots every day this week.

Some other noteworthy news within Tumbleweed is that Wicked is being phased out. New installations of Tumbleweed are all using NetworkManager by default. This is not only for desktops, but also for server installs. However, upgraders are not planned as of yet to be migrated away from Wicked.

The latest Tumbleweed snapshot is 20220126. Samba updated twice this week; this snapshot brought in the 4.15.4 version, which provided a bit of cleanup and configuration changes. The 5.16.2 Linux Kernel quickly went from staging to snapshot. The updated kernel had multiple Advanced Linux Sound Architecture fixes for newer Lenovo laptops and KVM fixes for s390 and x86 architectures. The text editor vim had several fixes along with some additional changes for the experimental vim9 fork in its 8.2.4186 version. xlockmore, which is a screen saver and X Window System package, updated an xscreensaver port and fixed some modules in its 5.68 version. The 3.74 version for mozilla-nss replaced four Google Trust Services LLC root certificates, added a few iTrusChina root certificates and added support for SHA-2 hashes in CertIDs in Online Certificate Status Protocol responses.

Snapshot 20220125 brought some exciting system updates. A few patches were added in the bash 5.1.16 update; one of those fixed a corrupted input. Another fixed a tilde expansion following an unquoted colon on the right-hand side of an assignment statement in posix mode. Fedora’s enterprise-class package 389-ds 2.0.13 added a user interface feature and a fixed compiler warning. The cross-platform development library for accessing audio, keyboard, mouse, joystick, and graphics hardware SDL2 2.0.20 improved the accuracy of horizontal and vertical line drawing when using OpenGL. The major version update of pentobi 20.0, which is a computer opponent for the board game Blokus, made a workaround for bugs in Qt 6.2 that sometimes cause the wrong positions of unplayed pieces. Quite a few openSUSE packages were updated in the snapshot. The update of yast2-security 4.4.8 fixed a declarative AppArmor option; an update of libstorage-ng 4.4.76 added support for RAID metadata versions 1.1 and 1.2; yast2-bootloader 4.4.14, yast2-installation 4.4.35, yast2-storage-ng 4.4.33, autoyast2 4.4.27 and yast2 4.4.39 were just a few of the many YaST packages updated.

Snapshot 20220124 updated two packages. Text web browser lynx 2.9.0.10 had some translations and provided several fixes for problems found using asan2 with fuzzer-generated data. The z3 4.8.14 update fixed some constraints and provided some additional user functionality for the theorem prover.

The 20220123 snapshot brought in virtualbox 6.1.32, which fixed a Common Vulnerabilities and Exposures. CVE-2022-21394 would have allowed for unauthorized access to critical data; the package changed the guest RAM management when using Hyper-V to be more compatible with Hypervisor-Protected Code Integrity. The virtual machine package also fixed access to some USB devices and device classes that were not correctly handled. Mozilla Firefox 96.0.2 fixed an issue that caused the tab height to display inconsistently on Linux when audio was played. Bind 9.16.25 had some changes to prevent callbacks from being executed before the current read callback finishes. The highly portable DNS protcol implementation fixed seven more bugs in the update. Samba 4.15.3 fixed CVE-2020-25717 and, with windows active directory, could have allowed for the mapping of domain users to local users in an undesired way. Samba also added python-rpm-macros to the build requirements. Another package to update in the snapshot was webkit2gtk3 2.34.4, which fixed several crashes and rendering issues; the package release also fixes numerous security issues, including a severe issue that allowed websites to read the names of IndexedDB databases created by other websites. Other packages to update in the snapshot were codec2 1.0.3, iso-codes 4.9.0, kdump 1.0 and more.

The handling of add-on signature settings were changed with the autoyast2 4.4.26 update in snapshot 20220122. Three major versions updates came in the snapshot; these were systemd-rpm-macros 15 and userspace tooling package nvme-cli 2.0, which fixed some dependencies and version strings. The major version update of python-ipython 8.0.1 fixed CVE-2022-21699 and backported some fixes from Python 3.10.

Tumbleweeds 20220121 snapshot gave rolling release users systemd 249.9. The updated version moved the network configuration systemd-network-generator in the udev package; this generator can generate .link files and is mainly used in initrd where udev is mandatory. The new systemd also dropped a few patches and fixed undisclosed CVE-2021-3997. The 8.0 major version of libvirt was updated in the snapshot. One of the new features is the qemu synchronous write mode for disk copying operations. Other packages to update in the snapshot were ncurses 6.3.20220115, flatpak 1.12.4, autofs 5.1.8, gnutls 3.7.3 and more.

The snapshot released last Thursday, snapshot 20220120, updated the Linux Kernel to version 5.16.1. That update provided several Bluetooth fixes to include one for the MacBook Air 8,1 and 8,2. An update of the userspace setup tool cryptsetup 2.4.3 fixed CVE-2021-4122 that allowed for possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery, according to the changelog. The sqlite 3.37.2 fixed a bug introduced in version 3.35.0 that could cause database corruption and fix a long-standing problem involving a reset option. The update of yast2-bootloader 4.4.13 added support for password protection and added support for PowerPC secure boot.

Arm specific Tumbleweed snapshots released this week were arm 20220125 and arm 20220123.