Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20211128 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: autoyast2 (4.4.22 -> 4.4.23) ibmtss kdump libdrm (2.4.107 -> 2.4.109) libjpeg-turbo (2.1.1 -> 2.1.2) openvpn (2.5.3 -> 2.5.4) policycoreutils python-fastparquet (0.7.1 -> 0.7.2) python-packaging (21.2 -> 21.3) python-requests-toolbelt ruby2.7 (2.7.4 -> 2.7.5) ruby3.0 (3.0.2 -> 3.0.3) smartmontools wsdd (0.6.4 -> 0.7.0) yast2-bootloader (4.4.8 -> 4.4.9) yast2-installation (4.4.22 -> 4.4.23) === Details === ==== autoyast2 ==== Version update (4.4.22 -> 4.4.23) Subpackages: autoyast2-installation - During autoupgrade merge the selected product workflow in order to execute 2nd stage modules (bsc#1192437) - 4.4.23 ==== ibmtss ==== Subpackages: ibmtss-base libibmtss1 - Fix certificate list, run all tests. ==== kdump ==== - kdump-Store-kdump-initrd-in-kernel-image-path.patch: Fix kdumprd location for usrmerge kernels (boo#1190920). ==== libdrm ==== Version update (2.4.107 -> 2.4.109) Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_etnaviv1 libdrm_exynos1 libdrm_freedreno1 libdrm_nouveau2 libdrm_radeon1 libdrm_tegra0 - update to 2.4.109: * amdgpu: add new function to get fd * radeon: remove duplicate struct declaration * xf86drm: fix compiler warnings * ci fixes - update to 2.4.108: * amdgpu: add amdgpu_stress utility v2 * amdgpu: add marketing names from 21.30 * amdgpu: add new marketing name * amdgpu: Make marketing names consistent * amdgpu: use drmCloseBufferHandle * build: bump version to 2.4.108 * drm_fourcc: sync drm_fourcc with latest drm-next kernel * etnaviv: use drmCloseBufferHandle * exynos: use drmCloseBufferHandle * Fix -Werror=format build errors on FreeBSD * freedreno: use drmCloseBufferHandle * headers: drm: Sync with drm-next * intel: Do not assert on unknown chips in drm_intel_decode_context_alloc * intel: Drop legacy execbuffer support * intel: sync ADL-S PCI IDs with kernel * intel: Sync pci ids * intel: use drmCloseBufferHandle * man: refer to drmCloseBufferHandle instead of DRM_IOCTL_GEM_CLOSE * meson: Build libdrm.so as an unversioned lib on Android. * meson: Don't build libkms for Android. * nouveau: print bo address in the GPU/CPU vm and its size * nouveau: use drmCloseBufferHandle * omap: use drmCloseBufferHandle * radeon: use drmCloseBufferHandle * tegra: use drmCloseBufferHandle * test/amdgpu: Bob to Alice copy should be TMZ in secure bounce test * tests/amdgpu: Fix TMZ secure bounce test * xf86drm: add GEM_CLOSE ioctl wrapper * xf86drm: add iterator API for DRM/KMS IN_FORMATS blobs * xf86drm: fix mem leak in drm_usb_dev_path() * xf86drmMode: make drm_property_type_is arg const * xf86drmMode: simplify drm_property_type_is * xf86drmMode: switch to standard inline qualifier * xf86drm: Update drmGetFormatModifierNameFromArm to handle AFRC ==== libjpeg-turbo ==== Version update (2.1.1 -> 2.1.2) Subpackages: libjpeg8 libturbojpeg0 - update to 2.1.2: * Fixed a regression introduced by 2.1 beta1[13] that caused the remaining GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used by default with GCC for performance reasons) to be placed in the `.rodata` section rather than in the `.text` section. This caused the GNU linker to automatically place the `.rodata` section in an executable segment, which prevented libjpeg-turbo from working properly with other linkers and also represented a potential security risk. * Fixed an issue whereby the `tjTransform()` function incorrectly computed the MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus unduly rejected some cropping regions, even though those regions aligned with 8x8 MCU block boundaries. * Fixed a regression introduced by 2.1 beta1[13] that caused the build system to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy architectures that do not support Neon instructions. * libjpeg-turbo now performs run-time detection of AltiVec instructions on FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile time. This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be supported using the same build of libjpeg-turbo. * cjpeg now accepts a `-strict` argument similar to that of djpeg and jpegtran, which causes the compressor to abort if an LZW-compressed GIF input image contains incomplete or corrupt image data. ==== openvpn ==== Version update (2.5.3 -> 2.5.4) - update to 2.5.4: * fix prompting for password on windows console if stderr redirection is in use - this breaks 2.5.x on Win11/ARM, and might also break on Win11/adm64 when released. * fix setting MAC address on TAP adapters (--lladdr) to use sitnl (was overlooked, and still used "ifconfig" calls) * various improvements for man page building (rst2man/rst2html etc) * minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on at least one platform strictly checking this) * fix minor memory leak under certain conditions in add_route() and add_route_ipv6() * documentation improvements * copyright updates where needed * better error reporting when win32 console access fails ==== policycoreutils ==== Subpackages: policycoreutils-python-utils python3-policycoreutils - finish UsrMerge (bsc#1191089) - Add run_init.pamd.patch to adjust to SUSE pam setup. Removed run_init_use_pam_keyinit.patch and included it in the new patch (bsc#1190098) ==== python-fastparquet ==== Version update (0.7.1 -> 0.7.2) - update to version 0.7.2: * Ability to remove row-groups in-place for multifile datasets * Accept pandas nullable Float type * allow empty strings and fix min/max when there is no data * make writing statistics optional * row selection in to_pandas() ==== python-packaging ==== Version update (21.2 -> 21.3) - update to 21.3: * Add a pp3-none-any tag (gh#pypa/packaging#311) * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion (gh#pypa/packaging#481), (gh#pypa/packaging#486) * Fix a spelling mistake (gh#pypa/packaging#479) ==== python-requests-toolbelt ==== - Regenerate test_certs.p12 due to the upstream certificate expiring ==== ruby2.7 ==== Version update (2.7.4 -> 2.7.5) Subpackages: libruby2_7-2_7 - update to 2.7.5 (boo#1193081 boo#1193080 boo#1193035) https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/ - CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods - CVE-2021-41816: Buffer Overrun in CGI.escape_html - CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse ==== ruby3.0 ==== Version update (3.0.2 -> 3.0.3) Subpackages: libruby3_0-3_0 - update to 3.0.3 (boo#1193081 boo#1193080 boo#1193035) https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/ - CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods - CVE-2021-41816: Buffer Overrun in CGI.escape_html - CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse ==== smartmontools ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_smartd.service.patch Modified: * smartd_generate_opts.service ==== wsdd ==== Version update (0.6.4 -> 0.7.0) - Update sources - Version 0.7.0 * Using the server interface it is now possible to start and stop the host functionality (discoverable device) without terminating and restarting the daemon. * Support multiple IP addresses in 'hello' messages from other hosts (#89) * Support interfaces with IPv6-only configuration (#94) * Re-enable 'probe' command of API (#116) * Removed code marked as deprecated starting with Python 3.10. * The example systemd unit file now uses DynamicUser instead of the unsafe nobody:nobody combination. It also employs the rundir as chroot directory. * Code changed to use asyncio instead of selector-based * The server interface does not close connections after each command anymore. * For the 'list' command of the server interface, the list of discovered devices is terminated with a line containing only a single dot ('.') * Log device discovery only once per address and interface - Some systemd hardening ==== yast2-bootloader ==== Version update (4.4.8 -> 4.4.9) - bnc#1193016 - fixed crash due to missing require - 4.4.9 ==== yast2-installation ==== Version update (4.4.22 -> 4.4.23) - Remove no longer used extra warning about destructive actions before starting the installation process (related to bsc#1057437). - 4.4.23