Firefox, systemd update in Tumbleweed

Snapshots of openSUSE Tumbleweed are continuously rolling forward.

Several medium sized snapshots this week provided an array of system component updates for rolling release users.

Snapshot 20230404 provided an update of systemd 253.2; this update moved the file system checker logic systemd-fsck items to a udev userspace sub-package. The spec file also added files coredump. Mozilla Firefox squashed 13 Common Vulnerabilities and Exposures. One of those was CVE-2023-28176 that has important severity and was described as a memory safety bug. The Web Service Discovery host daemon updated to version 0.7.1. This wsdd new version fixes regression due to changed Application Programming Interfaces in Python 3.10 and it also makes a point to force the use of this Python version for openSUSE Leap. The hardware identification and configuration data package hwdata updates Peripheral Component Interconnect, USB and vendor identities in its 0.369 version.The yast2-storage-ng 4.6.4 version exports thin Logical Volume Manage volumes when being cloned. A few more YaST packages had updates in the snapshot.

Snapshot 20230403 had just a few packages update. The aaa_base package added back a conditional glibc requirement and made it a fixed requirement. The libcap 2.68 update forced some internal functions to be hidden outside the library. The package also cleaned up and added support for documentation and manpages respectively. A major version update of systemd-rpm-macros 20 deprecated some support options and makes sure to restart services if /etc/sysconfig/service is not present.

The command line interface utility for NVMe storage was updated in snapshot 20230402. The nvme-cli 2.4 version added a smart cloud log plugin, and enabled a few options to include --tls_key and --tls. Another NVMe related package to update in the snapshot was libnvme 1.4, which added define for Direct Media Interface (DMI) sysinfo and filters out invalid UUIDs from DMI. CVE-2023-1393 was fixed with the xwayland 23.1.1 and xorg-x11-server 21.1.8; it could have lead to an escalation of local privileges. Brazilian Portuguese translations were made with the libstorage-ng 4.5.92 andyast2-storage-ng 4.6.3 updates.

The 20230401 snapshot starting off the month updated the Linux Kernel; kernel-source 6.2.9 disabled hibernation mode of Atheros’ 4th generation AR8031. Multiple fixes related to arm architectures were resolved. A few GNOME packages were updated in the snapshot. Both gnome-shell 44.0+42 and gnome-control-center 44.0+20 updated. The latter fixed a Network Time Protocol switch that was out of sync. GNOME’s wayland display server and window manager mutter 44.0+18 cleaned up the spec file and makes use of a more interoperable path for bash. Xen had an update to 4.17.0_06. There were multiple patches for the virtualization package related to GNU Compiler Collection 13 issues. Text editor vim 9.0.1392, xfce4-panel 4.18.3, coreutils 9.2 and several other packages updated in the snapshot.

Both snapshot 20230331 and 20230330 has a smaller amount of packages to update in the snapshot. Some of the key packages to update in it were ImageMagick 7.1.1.5, which eliminated a memory leak when writing the JPS image format, and ruby3.2 3.2.2, which took care of two CVEs. CVE-2023-28755 fixed the URI parser that mishandles invalid URLs and CVE-2023-28756 fixed the time parser that mishandled invalid strings. Graphics library gegl 0.4.44 fixed a crash unmasked by glib 2.75.3 and yast2 4.6.2 replaced modules calls to mkinitrd with dracut.