Tumbleweed Continues Release Streak

2. Sep 2022 | Douglas DeMaio | CC-BY-SA-3.0

Tumbleweed Continues Release Streak

Tumbleweed’s continuous daily release streak has reached an astounding 26 snapshots.

The streak of openSUSE’s rolling release continued this week and packages like glibc, ibus, Mozilla Firefox and sudo all received updates.

Will the streak continue beyond snapshot 20220829? Users should know soon.

Snapshot 20220829 provided package updates for AppArmor and libapparmor3.0.7. The new versions fixed the setuptools-version detection in buildpath.py. The Man pages for Japanese made some improvements with the man-pages-ja 20220815 update. The tree 2.0.3 update provided multiple fixes for .gitignore functionality and fixed a couple segfaults.

The 20220828 snapshot had ten packages updated. Among the updated packages were ibus 1.5.27, which enabled an ibus restart in GNOME desktop and disabled XKB engines in Plasma Wayland. The update of webkit2gtk3 2.36.7 fixed several crashes and rendering issues as well as addressed a Common Vulnerabilities and Exposure related to Apple’s use of the package. The Python web framework and asynchronous networking library python-tornado6 6.2 enabled SSL certificate verification and hostname checks by default and its Continuous Integration has moved from Travis and Appveyor to Github Actions. Another package to update in the snapshot was font handler libXfont2 2.0.6. The new version fixed some spelling and wording issues. It also fix comments to reflect the removal of legacy Operating System/2 support.

A new major version of the Mozilla Firefox browser arrived in snapshot 20220827. Firefox 104.0 addressed multiple CVEs to include an address bar spoofing to disguise a URL; another fixed an exploit that showed evidence of memory corruption and the possibility to running arbitrary code. The update of the GNU C Library added major new features; glibc 2.36 added process_madvise and process_mrelease functions. Support for the DT_RELR relocation format was added and socket connection fsopen and many other sorting features were added. VMware’s open-vm-tools 12.1.0 package, which enables several features to better manage seamless user interactions with guests, fixed a vulnerability that allowed for local privilege escalation; it also had a fix for the build of the ContainerInfo plugin for a 32-bit Linux release. A few RubyGems like rubygem-faraday-net_http 3.0.0, rubygem-parser and rubygem-rubocop 1.35.1 were also updated in the snapshot.

A total of three packages were updated in snapshot 20220826. The simple PIN- or passphrase-secure reader pinentry updated to 1.2.1; the package improved accessibility and fixed the handling of an error during initialization. The package update also made sure an entered PIN is always cleared from memory. Its graphical user interface pinentry-gui was also updated to the 1.2.1 version. The shadow package, which converts UNIX password files to the shadow password format, updated to version 4.12.3. It fixed a 9-year-old CVE. CVE-2013-4235 fixed the time-of-check time-of-use race condition when copying and removing directory trees. The package also updated and fixed some Spanish and French translations.

A minor update to sudo 1.9.11p3 arrived in snapshot 20220825. The update fixed a crash in the Python module with Python 3.9.10 on some systems and AppArmor integration was made available for Linux, so a sudoers rule can now specify an APPARMOR_PROFILE option to run a command confined by the named AppArmor profile. The sudo package also fixed a regression introduced in 1.9.11p1 that caused a warning when logging to sudo_logsrvd if the command returned no output. That regression was never released in a Tumbleweed snapshot. An update of the open-source disk encryption package cryptsetup updated to 2.5.0. This new version removed cryptsetup-reencrypt tool from the project and move reencryption to an already existing cryptsetup reencrypt command. Other packages to update in the snapshot were gnome-bluetooth 42.3, device memory enabler ndctl 74, yast2-tune 4.5.1 and more.

Share this post: