Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20240516 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: bolt (0.9.7 -> 0.9.8) gdk-pixbuf (2.42.11 -> 2.42.12) git (2.45.0 -> 2.45.1) glib2 (2.80.0 -> 2.80.2) grub2 hwdata (0.380 -> 0.382) iproute2 (6.8 -> 6.9) libbpf (1.4.1 -> 1.4.2) libmodulemd libressl (3.9.1 -> 3.9.2) libxml2 (2.12.6 -> 2.12.7) libxml2-python (2.12.6 -> 2.12.7) makedumpfile (1.7.4 -> 1.7.5) mozilla-nss (3.99 -> 3.100) ovmf (202308 -> 202311) patterns-base perl-Crypt-OpenSSL-Random (0.15 -> 0.160.0) perl-GD (2.78 -> 2.810.0) perl-Net-DNS (1.420.0 -> 1.450.0) perl-URI (5.270.0 -> 5.280.0) pipewire powerdevil6 python-pyudev (0.24.1 -> 0.24.3) python-zope.interface (6.2 -> 6.3) sdbootutil (1+git20240506.573a6a4 -> 1+git20240514.56dc89c) soundtouch (2.3.2 -> 2.3.3) strace (6.8 -> 6.9) wicked xwayland (23.2.6 -> 24.1.0) === Details === ==== bolt ==== Version update (0.9.7 -> 0.9.8) - update to 0.9.8: * A new NHI for REMBRANDT. * CI fixes. * Don't install an empty DB directory. * Fixed: Determine the string length before writing file. * Fixed: Free on error to prevent resource leak. ==== gdk-pixbuf ==== Version update (2.42.11 -> 2.42.12) Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Update to version 2.42.12: + Fix a build failure, + Fix occasional build failures, + ani: Reject files with multiple INA or IART chunks, + ani: Reject files with multiple anih chunks (CVE-2022-48622), + ani: validate chunk size, + Updated translations. - Drop 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: fixed upstream. ==== git ==== Version update (2.45.0 -> 2.45.1) Subpackages: git-core git-email git-svn git-web perl-Git - update to 2.45.1: * CVE-2024-32002: recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (boo#1224168) * CVE-2024-32004: arbitrary code execution during local clones (boo#1224170) * CVE-2024-32020: file overwriting vulnerability during local clones (boo#1224171) * CVE-2024-32021: git may create hardlinks to arbitrary user- readable files (boo#1224172) * CVE-2024-32465: arbitrary code execution during clone operations (boo#1224173) ==== glib2 ==== Version update (2.80.0 -> 2.80.2) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.80.2: + Fix a regression with IBus caused by the fix for CVE-2024-34397. + Fix installation directory of the GVariant specification. + Bugs fixed: - GVariant specification installed in wrong directory. - Backport "gdbusconnection: Fix test signal subscription ordering" to glib-2-80. - Backport âCorrect installation directory of GVariant specificationâ to glib-2-80. - Backport âgdbusconnection: Allow name owners to have the syntax of a well-known nameâ to glib-2-80. - Changes from version 2.80.1 + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. + Updated translations. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Update to the latest upstreaming TPM2 patches * 0001-key_protector-Add-key-protectors-framework.patch - Replace 0001-protectors-Add-key-protectors-framework.patch * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch - Merge other TSS patches * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch * 0003-tpm2-Implement-more-TPM2-commands.patch * 0003-key_protector-Add-TPM2-Key-Protector.patch - Replace 0003-protectors-Add-TPM2-Key-Protector.patch * 0004-cryptodisk-Support-key-protectors.patch * 0005-util-grub-protect-Add-new-tool.patch * 0001-tpm2-Support-authorized-policy.patch - Replace 0004-tpm2-Support-authorized-policy.patch * 0001-tpm2-Add-extra-RSA-SRK-types.patch * 0001-tpm2-Implement-NV-index.patch - Replace 0001-protectors-Implement-NV-index.patch * 0002-cryptodisk-Fallback-to-passphrase.patch * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch * 0004-diskfilter-look-up-cryptodisk-devices-first.patch - Refresh affected patches * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * grub2-bsc1220338-key_protector-implement-the-blocklist.patch - New manpage for grub2-protect - Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226) * grub2-fix-menu-in-xen-host-server.patch ==== hwdata ==== Version update (0.380 -> 0.382) - update to 0.382: * Update pci, usb and vendor ids ==== iproute2 ==== Version update (6.8 -> 6.9) Subpackages: iproute2-bash-completion - Update to release 6.9 * ss: add option to suppress queue columns * m_mirred: allow mirred to block * tc: add NLM_F_ECHO support for actions and filters * ip/bond: add coupled_control support * ss: add support for BPF socket-local storage * ip: ioam6: add monitor command ==== libbpf ==== Version update (1.4.1 -> 1.4.2) - update to 1.4.2: * Another struct_ops-focused bug fix release. It addresses a few more corner cases when dealing with SEC("struct_ops") programs. * It also improves error messaging around common use case of declaring struct_ops BPF program and not referencing it from SEC(".struct_ops") variable (backed by struct_ops BPF map). * This release should improve overall experience of using BPF struct_ops functionality. ==== libmodulemd ==== - Add glib-2.80.2-glibdoc-path.patch: Fix GLib documentation path for GLib 2.80.2 (https://github.com/fedora-modularity/libmodulemd/pull/618). ==== libressl ==== Version update (3.9.1 -> 3.9.2) - Update to release 3.9.2 * A missing bounds check could lead to a crash due to dereferencing a zero-sized allocation. ==== libxml2 ==== Version update (2.12.6 -> 2.12.7) Subpackages: libxml2-2 libxml2-tools - Update to version 2.12.7: + Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459). + xmllint: Fix --pedantic option. + save: Handle invalid parent pointers in xhtmlNodeDumpOutput. ==== libxml2-python ==== Version update (2.12.6 -> 2.12.7) - Update to version 2.12.7: + Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459). + xmllint: Fix --pedantic option. + save: Handle invalid parent pointers in xhtmlNodeDumpOutput. ==== makedumpfile ==== Version update (1.7.4 -> 1.7.5) - Update to 1.7.5: * Support for kernels up to v6.8 (x86_64) * Support for printk caller_id by --dump-dmesg option * [PATCH] ppc64: get vmalloc start address from vmcoreinfo * [PATCH] ppc64: read cur_mmu_type from vmcoreinfo * [PATCH] add PRINTK_CALLER id support to --dump-dmesg option * [PATCH v2 2/2] s390x: uncouple virtual and physical address spaces * [PATCH 1/2] s390x: fix virtual vs physical address confusion Regenerated the content of the makedumpfile-ppc64-VA-range-SUSE.patch file based on version 1.7.5 of the code ==== mozilla-nss ==== Version update (3.99 -> 3.100) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.100 - bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. - bmo#1893752 - remove ckcapi. - bmo#1893162 - avoid a potential PK11GenericObject memory leak. - bmo#671060 - Remove incomplete ESDH code. - bmo#215997 - Decrypt RSA OAEP encrypted messages. - bmo#1887996 - Fix certutil CRLDP URI code. - bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. - bmo#676118 - Add ability to encrypt and decrypt CMS messages using ECDH. - bmo#676100 - Correct Templates for key agreement in smime/cmsasn.c. - bmo#1548723 - Moving the decodedCert allocation to NSS. - bmo#1885404 - Allow developers to speed up repeated local execution of NSS tests that depend on certificates. ==== ovmf ==== Version update (202308 -> 202311) Subpackages: qemu-uefi-aarch64 - Removed ovmf-UefiCpuPkg-BaseXApicX2ApicLib-fix-CPUID_V2_EXTENDED_.patch file which is merged to edk2-stable202311: - 170d4ce8e90a UefiCpuPkg/BaseXApicX2ApicLib: fix CPUID_V2_EXTENDED_TOPOLOGY detection ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - add procps into the base pattern as recommended together with zypper (which dropped the dependency) ==== perl-Crypt-OpenSSL-Random ==== Version update (0.15 -> 0.160.0) - updated to 0.16 see /usr/share/doc/packages/perl-Crypt-OpenSSL-Random/Changes 0.16 2024-04-13 rurban - add github actions, travis and appveyor. - Many patches by Takumi Akiyama. - Fix broken github image for strawberry perl by stripping its PATH. their new mingw is incompatible to their old strawberry 5.32 - minor documentation fixes. ==== perl-GD ==== Version update (2.78 -> 2.810.0) - updated to 2.81 see /usr/share/doc/packages/perl-GD/ChangeLog 2.81 * Change GD::Polygon::transform to match old demos (RT #140043), and GD::Polyline. Add GD::Polygon::rotate(cw-radian) helper. Allow GD::Polygon::scale(2.0). 2.80 * Fix broken copyTranspose and copyReverseTranspose (RT #153300) by Yuriy Yevtukhov. * Add transformation tests * Fix wrong WBMP name and detection * Fix wrong filename extension auto-detection for gd,gd2,wbmp * Fix wrong filename extension auto-detection for xpm, newFromXpm needs the filename, not handle. * Fix wrong libgd doc link (PR #52) by Tsuyoshi Watanabe 2.79 * Improve image type autodetection (RT #153212), add a test * Fix Avif without Heif config * Improve gdlib.pc reader for supported library features ==== perl-Net-DNS ==== Version update (1.420.0 -> 1.450.0) - updated to 1.45 see /usr/share/doc/packages/perl-Net-DNS/Changes ==== perl-URI ==== Version update (5.270.0 -> 5.280.0) - updated to 5.28 see /usr/share/doc/packages/perl-URI/Changes 5.28 2024-03-27 01:49:44Z - Using Scalar::Util::reftype instead of just ref(), but mindful this time about definedness to avoid warnings (GH#140) (Jacques Deguest) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Move modules jack-tunnel and jackdbus-detect to the pipewire-spa-plugins-0_2-jack since those modules should only be used when the real jack server is running. This fixes pipewire starting jackdbus on start. ==== powerdevil6 ==== - Recommend ddcutil-i2c-udev-rules (boo#1224197) ==== python-pyudev ==== Version update (0.24.1 -> 0.24.3) - Update to 0.24.3: * Tidies and Maintenance fixes - Switch to pyproject macros. - No more greedy globs in %files. - Add patch support-pytest-8.patch: * Support pytest 8 changes. ==== python-zope.interface ==== Version update (6.2 -> 6.3) - update to 6.3: * Add preliminary support for Python 3.13 as of 3.13a6. ==== sdbootutil ==== Version update (1+git20240506.573a6a4 -> 1+git20240514.56dc89c) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240514.56dc89c: * Add show-entry command * Add SYSTEMD_COLORS flag * Add byte order mark to boot.csv ==== soundtouch ==== Version update (2.3.2 -> 2.3.3) - Update to 2.3.3: * Fixing compiler warnings, maintenance fixes to make/build files for various systems - Refresh disable-ffast-math.patch ==== strace ==== Version update (6.8 -> 6.9) - Update to strace 6.9 * Implemented --always-show-pid option. * The --user|-u option has learned to recognize numeric UID:GID pair, allowing e.g. statically-built strace to be used without invoking nss plugins. * Implemented decoding of IORING_REGISTER_SYNC_CANCEL, IORING_REGISTER_FILE_ALLOC_RANGE, IORING_REGISTER_PBUF_STATUS, IORING_REGISTER_NAPI, and IORING_UNREGISTER_NAPI opcodes of io_uring_register syscall. * Implemented decoding of BPF_TOKEN_CREATE bpf syscall command. * Updated decoding of io_uring_register and pidfd_send_signal syscalls. * Updated lists of BPF_*, CAN_*, IORING_*, KEY_*, LSM_*, MPOL_*, NT_*, RWF_*, PIDFD_*, PTP_*, TCP_*, and *_MAGIC constants. * Updated lists of ioctl commands from Linux 6.9. ==== wicked ==== Subpackages: wicked-service - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014). [+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch] ==== xwayland ==== Version update (23.2.6 -> 24.1.0) - Update to feature release 24.1.0 * This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI. + xwayland: Send ei_device_frame on device_scroll_discrete + xwayland: Restore the ResizeWindow handler + xwayland: Handle rootful resize in ResizeWindow + xwayland: Move XRandR emulation to the ResizeWindow hook + xwayland: Use correct xwl_window lookup function in xwl_set_shape - eglstreams has been dropped - Update to bug fix relesae 23.2.7 * m4: drop autoconf leftovers * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Call drmFreeDevice for dma-buf default feedback * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done * dri3: Free formats in cache_formats_and_modifiers * xwayland/glamor: Handle depth 15 in gbm_format_for_depth * Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows" * xwayland: Check for outputs before lease devices * xwayland: Do not remove output on withdraw if leased
