Virtualbox, grep, gawk update in Tumbleweed
21. Sep 2022 | Douglas DeMaio | CC-BY-SA-3.0
The rhythm of openSUSE Tumbleweed snapshots being released this week continues at a steady pace.
The rolling release appears to be producing consistent snapshots since the 20220903 release.
Two packages were released in snapshot 20220919. An update of libksba 1.6.1, which works with X.509 certificates, fixed rpmlint warnings and now ensures an Online Certificate Status Protocol server does not to return the sent nonce. The other package to update was xfce4-pulseaudio-plugin 0.4.5, which fixed the accidental toggling of the mute switch and compilation with GNU Compiler Collection 10.
An update of virtualbox 6.1.38 arrived in snapshot 20220918. This version upgrade fixed a couple Common Vulnerabilities and Exposures. Both CVE-2022-21571 and CVE-2022-21554 could allow virtual machine access and result in an unauthorized ability to cause a hang or repeatable crash. An update of the virtualbox-kmp package introduced initial support for Linux Kernel 6.0. The package also fixes the permission problem with /dev/vboxuser
. Other packages to update in the snapshot were ibus-m17n 1.4.17, python-charset-normalizer 2.1.1 and python-idna 3.4, which updated to the recently announced Unicode 15.0.0.
Several packages were updated in snapshot 20220917. Static code analysis tool cppcheck 2.9 propagated condition values from outer function calls, and it enabled the evaluation of more math functions in valueflow
. An update of dracut changed the default persistent policy and fixed “directories not owned by a package” caused by bash-completion directories not owned by the package. An update of yast2 4.5.14 removed some patterns from the code and yast2-network 4.5.7 had a change activating s390 devices before importing and reading the network configuration; otherwise the related Linux devices will not be present and could be ignored. Some other packages that updated in the snapshot were microos-tools 2.17 and python310 3.10.7, which solved a flaw in the language labeled as CVE-2020-10735.
An update of grep 3.8 arrived in snapshot 20220916; the package now warns that egrep
and fgrep
are both becoming obsolete in favor of grep -E
and grep -F
. An update of pipewire 0.3.58 fixes some regressions and potential crashes when starting system streams. The package while using the filter chain now warns when a non-existing control property is used in the config file. File-type identification package file 5.43 added zstd decompression support and support for ndjson.org. An update of gawk 5.2.0 now supports Terence Kelly’s persistent malloc allowing the utility interpreter to preserve its variables, arrays and user-defined functions between runs. Some other packages to update in the snapshot were fuse3 3.12.0, hdparm 9.65, ncurses and more.
Starting off the updates this week was snapshot 20220915. The snapshot updated ffmpeg-5 5.1.1, which addressed CVE-2022-2566. The package also fixed the use of an uninitialized value. The rsync 3.2.6 made some improvements in the file-list validation code and added a safety check for the file transferring package. A few other packages were updated in the snapshot.
Read more about the packages arriving in Tumbleweed in the mailing list review.