Node.js, OpenSSL, Mesa Update in Tumbleweed
23. Oct 2020 | Douglas DeMaio | CC-BY-SA-3.0
The past week has delivered two openSUSE Tumbleweed snapshot.
Some of the package updates in the snapshots include newer versions of Node.js, OpenSSL, Mesa, Apparmor, ImageMagick and AutoYaST.
The latest snapshot, 20201021, is trending stable at a 98 rating on the Tumbleweed snapshot reviewer. This snapshot updated Mozilla Thunderbird to version 78.3.3 and improved support for encrypting with subkeys with OpenPGP. The new email client version also added support for wayland mode/autodetection in a startup wrapper. The security kernel module Apparmor added missing permissions to several profiles and abstractions. The 5.9 version of ethtool arrived in the snapshot and improved compatibility between system call ioctl and netlink output. The Linux Kernel updated to 5.8.15 and fixed a close proximity Common Vulnerabilities and Exposure, CVE-2020-12352, that could allow a remote attacker in adjacent range to use the flaw to leak small portions of stack memory by sending specially crafted Bluetooth AMP Packets. Node.js 14.14.0 had some bug fixes and a few changes like the behaviour of a new fs.rm method that follows the UNIX rm command. The update of the ruby2.7 package to 2.7.2 turned off deprecation warnings by default.
The 20201019 updated several RubyGems; also known as Rails version 6.0.3.4, the gems’ update addressed CVE-2020-8264, which was a XSS vulnerability while the application server was in development mode. ImageMagick had a small update in the 7.0.10.34 version to check for linux-compatible sendfiles. Mesa and Mesa-drivers were updated to version 20.2.1; the graphics library includes Intel Rocket Lake Platform Support. NetworkManager 1.26.4 added support for the DHCPv4 vendor class identifier options and fixed peer group tracking of Wi-Fi P2P connections. GNU’s bison parser updated to version 3.7.3; the bison executable is no longer linked uselessly against libreadline. AutoYaST has a few changes from its previous version in the rolling release and the minor release fixed the progress bar length during autoinstallation initialization. OpenSSL’s 1.1.1h version enabled ‘MinProtocol’ and ‘MaxProtocol’ to configure both TLS and DTLS contexts. YaST had several package updates including an update to yast2-firewall 4.3.6, which warns users when the SSH port is closed or when the service is disabled and the configured authentication is only based on the SSH key. Other notable packages to update in the snapshot were libstorage-ng translations, pipewire 0.3.13, qrencode 4.1.1 and vim 8.2.1840, which included several fixes and a few that addressed crashes of the text editor. The snapshot is trending stable at a 97 rating.