Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20241114 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: gnome-session gnome-shell-extensions libgpg-error (1.50 -> 1.51) libsolv (0.7.30 -> 0.7.31) libssh2_org (1.11.0 -> 1.11.1) libzypp (17.35.12 -> 17.35.13) openSUSE-release (20241113 -> 20241114) ovmf permissions (1699_20240522 -> 1699_20241029) plasma6-desktop plasma6-workspace qt6-tools rpm-config-SUSE (20240214 -> 20241031) webkit2gtk3 zypper (1.14.77 -> 1.14.78) === Details === ==== gnome-session ==== Subpackages: gnome-session-core gnome-session-wayland gnome-session-xsession - Move update-alternative post/postun scriptlets from the main package to the xsession sub-package (boo#1233299). - Drop gnome-session-default-session: this was there to also support the alternative fallback-session, but that one was dropped at the times of GNOME 3.8. ==== gnome-shell-extensions ==== Subpackages: gnome-shell-classic gnome-shell-extensions-common - Split out gnome-shell-classic-xsession sub-package. ==== libgpg-error ==== Version update (1.50 -> 1.51) - Update to 1.51: * Add GPGRT_PROCESS_ALLOW_SET_FG for gpgrt_process_spawn. [rEb79d4206f4] * Add new spawn function to modify the environment. [T7307] * Fix missing environ var for macOS and others. [T7169,T7307] * Fix forgotten _gpgrt_post_syscall on create pipe failure. [rEbcab96484d] * Let gpgrt_poll return an error for a closed fd. [rE4a3dc85f69] * Fix build error introduced by C-committee stupidity. [T7344] * Interface changes relative to the 1.50 release: - _gpg_w32_gettext_use_utf8 EXTN (new value 2). - gpgrt_spawn_actions_set_env_rev NEW. - GPGRT_PROCESS_ALLOW_SET_FG NEW. * Release-info: https://dev.gnupg.org/T7164 * Rebase libgpg-error-nobetasuffix.patch ==== libsolv ==== Version update (0.7.30 -> 0.7.31) Subpackages: libsolv-tools-base ruby-solv - fix replaces_installed_package using the wrong solvable id when checking the noupdate map - make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - add rpm_query_idarray query function - support rpm's "orderwithrequires" dependency - bump version to 0.7.31 ==== libssh2_org ==== Version update (1.11.0 -> 1.11.1) - Update to 1.11.1: * build: enable '-pedantic-errors' * build: add 'LIBSSH2_NO_DEPRECATED' option * build: stop requiring libssl from openssl * disable DSA by default * hostkey: do not advertise ssh-rsa when SHA1 is disabled * kex: prevent possible double free of hostkey * kex: always check for null pointers before calling _libssh2_bn_set_word * kex: fix a memory leak in key exchange * kex: always add extension indicators to kex_algorithms * md5: allow disabling old-style encrypted private keys at build-time * openssl: free allocated resources when using openssl3 * openssl: fix memory leaks in '_libssh2_ecdsa_curve_name_with_octal_new' and '_libssh2_ecdsa_verify' * openssl: fix calculating DSA public key with OpenSSL 3 * openssl: initialize BIGNUMs to NULL in 'gen_publickey_from_dsa' for OpenSSL 3 * openssl: fix cppcheck found NULL dereferences * openssl: delete internal 'read_openssh_private_key_from_memory()' * openssl: use OpenSSL 3 HMAC API, add 'no-deprecated' CI job * openssl: make a function static, add '#ifdef' comments * openssl: fix DSA code to use OpenSSL 3 API * openssl: fix 'EC_KEY' reference with OpenSSL 3 'no-deprecated' build * openssl: use non-deprecated APIs with OpenSSL 3.x * openssl: silence '-Wunused-value' warnings * openssl: add missing check for 'LIBRESSL_VERSION_NUMBER' before use * packet: properly bounds check packet_authagent_open() * pem: fix private keys encrypted with AES-GCM methods * reuse: provide SPDX identifiers * scp: fix missing cast for targets without large file support * session: support server banners up to 8192 bytes * session: add 'libssh2_session_callback_set2()' * session: handle EINTR from send/recv/poll/select to try again as the error is not fatal * sftp: increase SFTP_HANDLE_MAXLEN back to 4092 * sftp: implement posix-rename@openssh.com * src: implement chacha20-poly1305@openssh.com * src: check the return value from '_libssh2_bn_*()' functions * src: support RSA-SHA2 cert-based authentication (rsa-sha2-512_cert and rsa-sha2-256_cert) * src: check hash update/final success * src: check hash init success * src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" * transport: fix unstable connections over non-blocking sockets * transport: check ETM on remote end when receiving * transport: fix incorrect byte offset in debug message * userauth: avoid oob with huge interactive kbd response * userauth: add a new structure to separate memory read and file read * userauth: check whether '*key_method' is a NULL pointer instead of 'key_method' * Rebase libssh2-ocloexec.patch * Remove patches fixed upstream: - libssh2_org-CVE-2023-48795.patch - libssh2_org-CVE-2023-48795-ext.patch - libssh2_org-ETM-remote.patch ==== libzypp ==== Version update (17.35.12 -> 17.35.13) - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - version 17.35.13 (35) ==== openSUSE-release ==== Version update (20241113 -> 20241114) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Add ovmf-x86_64-sev-code.bin and ovmf-x86_64-sev-vars.bin back because -code/-vars mode still be used in some cases. (bsc#1232762) - Add 60-ovmf-x86_64-sev.json to descriptors.tar.xz for -code/-vars mode against SEV: - Removed features tag: "acpi-s4", "acpi-s3", "requires-smm", "secure-boot", "enrolled-keys" - Add features tag: "amd-sev", "amd-sev-es", "amd-sev-snp" - The 50-ovmf-x86_64-sev.json is for ovmf-x86_64-sev.bin unified image which is stateless mode. - The 60-ovmf-x86_64-sev.json is for ovmf-x86_64-sev-code/vars.bin. Please note that the -vars storage is non-secure because SEV does NOT support SMM (requires-smm). ==== permissions ==== Version update (1699_20240522 -> 1699_20241029) Subpackages: permctl permissions-config - Update to version 1699_20241029: * Add RPM macros; moved from rpm-config-SUSE * package RPM macros together with permctl, to avoid having to setup an extra sub-package. ==== plasma6-desktop ==== Subpackages: plasma6-desktop-emojier - Replace plasma6-framework-components 'Requires' with libplasma6-components ==== plasma6-workspace ==== Subpackages: plasma6-session plasma6-session-x11 plasma6-workspace-libs sddm-qt6-branding-openSUSE - Replace '%requires_ge plasma6-desktop' with 'Requires: plasma6-desktop' ==== qt6-tools ==== Subpackages: libQt6Designer6 libQt6Help6 libQt6UiTools6 qt6-tools-qdbus - Reintroduce proper %requires_eq on libclang, it's needed to ensure that qdoc pulls in a libclang suitable for the used libclang-cpp. ==== rpm-config-SUSE ==== Version update (20240214 -> 20241031) - Update to version 20241031: * Merge in changes that already happened in the package - Update to version 20241031: * Drop {set,verify}_permissions macros * Strip the explicit /bin/bash dependency for ksym macros * locale.prov: handle glibc-locale-base (boo#1221250) * lang_package: Add 'basename' option * %requires_eq|ge(): Report error if package version cannot be determined ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Add 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch: Fix aspect ratio in videos with gststreamer-1.24.9. ==== zypper ==== Version update (1.14.77 -> 1.14.78) Subpackages: zypper-log zypper-needs-restarting - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) - man: Update 'search' command description. Hint to "se -v" showing the matches within the packages metadata. Explain that search strings starting with a "/" will implicitly look into the filelist as well. Otherfise an explicit "-f" is needed. - version 1.14.78