Ruby Default Switches in Tumbleweed

This week’s openSUSE Tumbleweed roundup will look at five snapshots that have been released since last Friday.

Snapshots include switching the default Ruby for the rolling release along with software updates for packages like pidgin, parole, OpenSSL, php, sudo, tigervnc and more.

Snapshot, 20230222 updated just four packages. The major release of gnu-unifont-fonts 15.0.01 arrived in the snapshot and it introduced a couple new subpackages and cleaned up the spec file. The curses emulation library ncurses 6.4.20230218 added a patch and provided some configuration script improvements. The ibus-m17n 1.4.19 update added a parrot icon emoji and made some Weblate translations for the Sinhala language, which is spoken in Sri Lanka. There was also an update for Ark Logic video cards with the xf86-video-ark 0.7.6 update, which brings a decade worth of accumulated changes that has the ability to build against xorg-server 1.14 and newer out of the box.

Chat program pidgin updated to version 2.14.12 in snapshot 20230221; it fixed a crash when closing a group chat and updated the about box pointing people to another form of communication besides the mailing. The Wayland display server and X11 window manager and compositor library for GNOME was updated. The 43.3+2 mutter package provided a fix that broke the windows focus where people with a full screen encountered a problem with layers transitioning between Wayland and X11. Binary tools package binutils 2.40 had a rebase and removed a package. A fix for the package that tracks the route taken by packets over an IP network; the traceroute 2.1.2 update fixed an unprivileged Internet Control Message Protocol tracerouting with the Linux Kernel. A couple other packages were updated in the snapshot including yast2-packager 4.5.16.

An update of openssl 3.0.8 arrived in snapshot 20230220. The updated fixed three Common Vulnerabilities and Exposures; a NULL pointer vulnerability was fixed CVE-2023-0401. A denial of service attack could be avoided with the CVE-2023-0217 fix to prevent a crash and CVE-2023-0286 prevents an attacker from reading member contents or enacting a DoS. Xfce’s media player parole 4.18.0 fixed a compilation warning, a memory lead when loading a cover image and updated translations and the copyright year. Tests to handle zstd 1.5.4 were made with the zchunk 1.2.4 update.

The default was changed in snapshot 20230218 from Ruby 3.1 to 3.2. The newer version adds many features and performance improvements. The release provides WASI based WebAssembly support that enables a CRuby binary to be available on a Web browser, a Serverless Edge environment, or other kinds of WebAssembly/WASI embedders. The release improved the regular expression matching algorithm and has a new feature of syntax_suggest, which was formerly dead_end integrated into Ruby.

The snapshot from last Friday, 20230217, had a lengthy amount of package updates. The sudo 1.9.13 update fixed a signal handling bug when running sudo commands in a shell script and fixed potential memory leaks in error paths. The lock key synchronization has been re-enabled in the native tigervnc viewer after being accidentally disabled in 1.11.0 thanks to the 1.13.0 update. An update of php8 8.1.16 was a security release that addresses CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662, which an excessive number of parts in HTTP form uploads can cause high resource consumption and an excessive number of log entries. Rendering of color type 3 fonts were fixed with PDF render poppler 23.02.0 and inkscape 1.2.2 had four fixes for crash, five fixes for extension bugs and 13 improved user interface translations. Other packages to update in the snapshot were bind 9.18.12, webkit2gtk3 2.38.5 and more.