New Arm Tumbleweed snapshot 20231221 released!
Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20231221 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apr ceph discover dracut (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa) fwupd jbigkit jq (1.7 -> 1.7.1) kdump krb5 (1.21.1 -> 1.21.2) libpwquality libssh2_org libstorage-ng (4.5.162 -> 4.5.163) libvirt metamail mozilla-nss (3.94 -> 3.95) mutter open-vm-tools perl-Bootloader (1.9 -> 1.10) ppp (2.4.9 -> 2.5.0) python-hiredis (2.2.2 -> 2.3.2) python-lxml (4.9.3 -> 4.9.4) python311 python311-core rsync sudo (1.9.15p2 -> 1.9.15p4) systemd vim (9.0.2146 -> 9.0.2181) vinagre vte (0.74.1 -> 0.74.2) wtmpdb (0.9.3 -> 0.10.0) zbar === Details === ==== apr ==== - Add reproducible.patch to drop build host name (boo#1084909) ==== ceph ==== Subpackages: librados2 librbd1 - Add ceph-cmake-3.28.patch: Fix build with cmake 3.28 and no git command found (https://github.com/ceph/ceph/pull/54963, boo#1218111). ==== discover ==== Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang - Update appstream build requirement for compatibility with 1.0.0 (boo#1217047) - Remove obsolete version checks ==== dracut ==== Version update (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa) - Update to version 059+suse.533.g5a7cf9fa: * feat(dracut.sh): protect `push_host_devs` function * fix(dracut.sh): do not add device if `find_block_device` returns an error ==== fwupd ==== Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Own %{_modulesloaddir}: used to be present via udev-mini -> kmod - > suse-module-tools dependency before. ==== jbigkit ==== - security update - added patches fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler + jbigkit-CVE-2022-1210.patch ==== jq ==== Version update (1.7 -> 1.7.1) Subpackages: libjq1 - Update to version 1.7.1 Security * Fix CVE-2023-50246 (boo#1218034) + Fix heap buffer overflow in jvp_literal_number_literal. * Fix CVE-2023-50268 (boo#1218038) fix stack-buffer-overflow if comparing nan with payload. CLI changes * Make the default background color more suitable for bright backgrounds. * Allow passing the inline jq script after --. * Fix possible uninitialised value dereference if jq_init() fails Language changes * Simplify paths/0 and paths/1. * Reject U+001F in string literals. * Remove unused nref accumulator in block_bind_library. * Remove a bunch of unused variables, and useless assignments. * main.c: Remove unused EXIT_STATUS_EXACT option. * Actually use the number correctly casted from double to int as index. * src/builtin.c: remove unnecessary jv_copy-s in type_error/type_error2. * Remove undefined behavior caught by LLVM 10 UBSAN. * Convert decnum to binary64 (double) instead of decimal64. This makes jq behave like the JSON specification suggests and more similar to other languages. * Fix memory leaks on invalid input for ltrimstr/1 and rtrimstr/1. * Fix memory leak on failed get for setpath/2. * Fix nan from json parsing also for nans with payload that start with 'n'. * Allow carriage return characters in comments. Documentation changes * Generate links in the man page. libjq * Add extern C for C++. ==== kdump ==== - Update calibrate values for riscv64 ==== krb5 ==== Version update (1.21.1 -> 1.21.2) Subpackages: krb5-client - update to 1.21.2 (bsc#1218211, CVE-2023-39975): * Fix double-free in KDC TGS processing [CVE-2023-39975]. ==== libpwquality ==== Subpackages: libpwquality1 pam_pwquality - add: prereq "pam-config" in baselibs.conf * post scriptlet in pam_pwquality-32bit runs: pam-config ==== libssh2_org ==== - Security fix: [bsc#1218127, CVE-2023-48795] * Add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" * Add libssh2_org-CVE-2023-48795.patch ==== libstorage-ng ==== Version update (4.5.162 -> 4.5.163) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#970 - consistent (and original) naming of bcache operations - coding style - improved logging - updated integration tests - fixed typo - 4.5.163 ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - apparmor: Add capabilities for PCI passthrough to virtxend profile bsc#1216656 ==== metamail ==== - Have fixed date in mgrep.1 (boo#1047218) ==== mozilla-nss ==== Version update (3.94 -> 3.95) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.95 * bmo#1842932 - Bump builtins version number. * bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates * bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS. * bmo#1850982 - Remove Camerfirma root certificates from NSS. * bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional Certificate. * bmo#1860670 - Add four Commscope root certificates to NSS. * bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates. * bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL* * bmo#1861728 - Include P-256 Scalar Validation from HACL*. * bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * bmo#1837987 - Add means to provide library parameters to C_Initialize * bmo#1573097 - clang format * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection. * bmo#1858241 - Typo in ssl3_AppendHandshakeNumber * bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber * bmo#1573097 - Fix Invalid casts in instance.c ==== mutter ==== - Add mutter-fix-text-input-delete-surrounding.patch: text-input-v3 requrires byte based offset but Clutter uses char based offset for delete_surrounding_text, fix it by converting before passing arguments (glgo#GNOME/mutter#2146, glgo#GNOME/mutter!2712). ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Own %{_modulesloaddir}: used to be present via udev-mini -> kmod - > suse-module-tools dependency before. ==== perl-Bootloader ==== Version update (1.9 -> 1.10) - merge gh#openSUSE/perl-bootloader#160 - fix 'pbl --version' to show correct version number - 1.10 ==== ppp ==== Version update (2.4.9 -> 2.5.0) - Update to version 2.5.0. This release is a major release of pppd which contains breaking changes for third-party plugins, a complete revamp of the build-system and that allows for flexibility of configuring features as needed. * CVE-2022-4603, bsc#1218251: improper validation of array index of the component pppdump * Support for PEAP authentication * Support for loading PKCS12 certificate envelopes * Adoption of GNU Autoconf / Automake build environment * Support for pkgconfig * Bunch of fixes and cleanup to PPPoE and IPv6 support * Major revision to PPPD's Plugin API * Lots of internal fixes and cleanups for Radius and PPPoE * Dropped IPX support, as Linux has dropped it in version 5.15 * Pppd is no longer installed setuid-root * New pppd options: - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber, ipv6-up-script, ipv6-down-script - -v, show-options - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip * On Linux, any baud rate can be set on a serial port provided the kernel serial driver supports that. - Obsoleted patches: * ppp-lib64.patch * ppp-compiling-with-clang-encounters-an-error-in-eap-tls..patch * ppp-pie.patch - Source file pppoe-discovery.8.gz is now part of the tarball. - Enable support for systemd notification. ==== python-hiredis ==== Version update (2.2.2 -> 2.3.2) - update to 2.3.2: * Added Python 3.12 to test matrix and classifiers (#174) * Linking to Redis learning resources (#173) * Updating client license to clear, MIT (#170) * Integrating spellcheck into CI (#169) * hiredis 1.2.0 support, versioning as 2.3.0 (#168) * Fix including tests in sdist (#166) * Use absolute imports and remove __init__.py from tests. * Implement garbage collection support in Reader (#162) (#163) ==== python-lxml ==== Version update (4.9.3 -> 4.9.4) - update to 4.9.4: * LP#2046398: Inserting/replacing an ancestor into a node's children could loop indefinitely. * LP#1980767, GH#379: ``TreeBuilder.close()`` could fail with a ``TypeError`` after parsing incorrect input. * LP#1522052: A file-system specific test is now optional and should no longer fail on systems that don't support it. * Built with Cython 0.29.37. - drop libxml2212-tests.patch (upstream) ==== python311 ==== Subpackages: python311-curses python311-dbm - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. ==== rsync ==== - Moved rsyncd.conf and rsyncd.secrets to /usr/etc. * Add rsync-usr-etc.patch ==== sudo ==== Version update (1.9.15p2 -> 1.9.15p4) Subpackages: sudo-plugin-python - For existing products (SLE15-SP* and older) keep using /etc and don't switch to /usr/etc. So only SLES16/ALP, Tumbleweed and newer products will use both /etc and /usr/etc locations. - Update to 1.9.15p4: * Fixed a bug introduced in sudo 1.9.15 that could prevent a userâs privileges from being listed by sudo -l if the sudoers entry in /etc/nsswitch.conf contains [SUCCESS=return]. This did not affect the ability to run commands via sudo. Bug #1063. - Update to 1.9.15p3: * Always disable core dumps when sudo sends itself a fatal signal. Fixes a problem where sudo could potentially dump core dump when it re-sends the fatal signal to itself. This is only an issue if the command * received a signal that would normally result in a core dump but the command did not actually dump core. * Fixed a bug matching a command with a relative path name when the sudoers rule uses shell globbing rules for the path name. Bug #1062. * Permit visudo to be run even if the local host name is not set. GitHub issue #332. * Fixed an editing error introduced in sudo 1.9.15 that could prevent sudoreplay from replaying sessions correctly. GitHub issue #334. * Fixed a bug introduced in sudo 1.9.15 where sudo -l > /dev/null could hang on Linux systems. GitHub issue #335. * Fixed a bug introduced in sudo 1.9.15 where Solaris privileges specified in sudoers were not applied to the command being run. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-coredump udev - udev: only require kmod in the full flavor. udev-mini is only used inside OBS in a strictly defined setup and udev will never have to load device drivers there. - Import commit 071ac409a0564863657d8f8a5a35e6a4f914695f 071ac409a0 rules: set up tty permissions and group for /dev/hvc* nodes f693b3ed8a vconsole-setup: remember the correct error value when open_terminal() fails 963d838bad vconsole-setup: handle the case where the vc is in KD_GRAPHICS mode more gracefully (bsc#1215282) 6f53f71d2d vconsole-setup: simplify error handling ==== vim ==== Version update (9.0.2146 -> 9.0.2181) Subpackages: vim-data vim-data-common xxd - update to 9.0.2181: * Vim9: missing error messages * update helptags * POSIX function name in exarg causes issues * no filetype detection for execline scripts * reg_executing() wrong for :normal with range * Wrong cursor position when dragging out of window * Update Serbian messages translation * runtime(netrw): prevent E11 on FocusGained autocommand * Update Japanese translation * runtime(8th): updated 8th syntax * change dependabot prefix to "CI" * Update change.txt * Compile error with Motif UI + mouse support * Create Changelog until v9.0.2175 * Update Italian translations * Update tmux syntax rules * Update Turkish translations * Compiler warning for uninitialized var * update fortran syntax rules and doc notes * Vim9: segfault when assigning to type * remove deprecation warning for gdefault * Vim9: crash when compiling for statement and non-existing type * Vim9: compiling :defer may fail * Updated Irish translation * Update Logtalk runtime files for the latest language spec * update Racket runtime files * Update colorschemes * The options[] array is still not sorted alphabetically * Vim9: no support for const/final class/objects vars * Vim9: builtin funcs may accept a non-value * Moving tabpages on :drop may cause an endless loop * sync runtime files with upstream * grammar & typo fixes * add Tbreak command * Vim9: not consistently using :var for declarations * Memory leak in Configure Script when checking GTK * Vim9: can simplify arg type checking code * Vim9: can use type a func arg/return value * escape curdir in BrowseUpDir * Vim9: type can be assigned to list/dict * Vim9: type documentation out-dated * Vim9: not able to use imported interfaces and classes * instanceof() should use varargs as second arg * Update syntax file, fix missing for highlight * screenpos() may crash with neg. column * [security]: use-after-free in check_argument_type * Vim9: incorrectly parses :def func definitions * Vim9: can use typealias in assignment * ft detection maybe wrong if 'fic' set for *.[CH] * re-generate helptags * do not set b:did_ftplugin before sourcing scala ftplugin(#13657) * Fix `w:netrw_bannercnt` ref error with `netrw_fastbrowse=2` * fix examples in comments for JSON formatting * Add json formating plugin (Issue #11426) * Update syntax file * link cmdline completion to to |wildcards| and fix typos * Update eval.txt * Vim9: type not kept when assigning vars * The option[] array is not sorted * unlet b:filetype_in_cpp_family for cpp & squirrel * fix typo in change.txt * update syntax and ftplugins * Update syntax file and syntax test * Sort options.txt alphabetically * update todo items * sort option-list alphabetically * no support to build on OpenVMS * Using type unknown for List/Dict containers * 'breakindent' is not drawn after diff filler lines * remove non-existent parameter in shift-command * Using int for errbuflen in option funcs * [security]: use-after-free in exec_instructions() * Vim does not detect pacman.log file * reference 'go-!' inside os_win32.txt for !start * Type check tests fail without the channel feature ==== vinagre ==== - Disable RDP support for the time being: vinagre has been archived upstream and does not support freerdp 3.0. If you rely on RDP connections, please switch to GNOME Connections. ==== vte ==== Version update (0.74.1 -> 0.74.2) Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91 - Update to version 0.74.2: * lib,bidi: Work on the heap rather than the stack * stream: Fix a rare corruption when advancing the tail * widget: Fix initial cursor blink state * build: Post release version bump ==== wtmpdb ==== Version update (0.9.3 -> 0.10.0) Subpackages: libwtmpdb0 - Update to version 0.10.0 - last: support matching for username and/or tty ==== zbar ==== - security update: * CVE-2023-40889 [bsc#1214770] Fix heap based buffer overflow in qr_reader_match_centers() + zbar-CVE-2023-40889.patch * CVE-2023-40890 [bsc#1214771] Fix stack based buffer overflow in lookup_sequence() + zbar-CVE-2023-40890.patch
participants (1)
-
Guillaume Gardet