Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20210901 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: bind (9.16.19 -> 9.16.20) ekiga graphviz graphviz-addons kcalendarcore kmod libjpeg-turbo (2.1.0 -> 2.1.1) libmodulemd (2.12.1 -> 2.13.0) libqmi (1.28.6 -> 1.28.8) okular === Details === ==== bind ==== Version update (9.16.19 -> 9.16.20) Subpackages: bind-doc bind-utils python3-bind - Upgrade to 9.16.20 Bugs fixed: * An assertion failure occurred when named attempted to send a UDP packet that exceeded the MTU size, if Response Rate Limiting (RRL) was enabled. (CVE-2021-25218) * Zones using KASP and inline-signed zones failed to apply changes from the unsigned zone to the signed zone under certain circumstances. * "rndc reload <zonename>" could trigger a redundant reload for an inline-signed zone whose zone file was not modified since the last "rndc reload". * named failed to check the opcode of responses when performing zone refreshes, stub zone updates, and UPDATE forwarding. * Some changes to "zone-statistics" settings were not properly processed by "rndc reconfig". * The "check DS" code failed to release all resources upon named shutdown when a refresh was in progress. * Authentication of rndc messages could fail if a "controls" statement was configured with multiple key algorithms for the same listener. More changes see CHANGES in the source package. [bsc#1189460, CVE-2021-25218] ==== ekiga ==== Subpackages: ekiga-lang ekiga-plugins-evolution - Add python3-libxml2 as build requirement (fixes Factory build) - Spec cleanup ==== graphviz ==== Subpackages: graphviz-plugins-core libgraphviz6 - Changelog Update for SLES: The Following patches have been backported to SLES and are therefore missing from the Factory changelog: * graphviz-2.40.1-fix-dot-segfault.patch (bsc#1151207) * graphviz-out-of-bounds-write.patch (bsc#1185833) * graphviz-null_dereference.patch (bsc#1185833) ==== graphviz-addons ==== Subpackages: graphviz-gd graphviz-gnome - Changelog Update for SLES: The Following patches have been backported to SLES and are therefore missing from the Factory changelog: * graphviz-2.40.1-fix-dot-segfault.patch (bsc#1151207) * graphviz-out-of-bounds-write.patch (bsc#1185833) * graphviz-null_dereference.patch (bsc#1185833) ==== kcalendarcore ==== - Disable lto for ppc64 builds. ==== kmod ==== Subpackages: kmod-bash-completion libkmod2 - Add ZSTD support on Tumbleweed only. Add a way to detect ZSTD. ==== libjpeg-turbo ==== Version update (2.1.0 -> 2.1.1) Subpackages: libjpeg8 libturbojpeg0 - version update to 2.1.1 1. Fixed a regression introduced in 2.1.0 that caused build failures with non-GCC-compatible compilers for Un*x/Arm platforms. 2. Fixed a regression introduced by 2.1 beta1[13] that prevented the Arm 32-bit (AArch32) Neon SIMD extensions from building unless the C compiler flags included -mfloat-abi=softfp or -mfloat-abi=hard. 3. Fixed an issue in the AArch32 Neon SIMD Huffman encoder whereby reliance on undefined C compiler behavior led to crashes ("SIGBUS: illegal alignment") on Android systems when running AArch32/Thumb builds of libjpeg-turbo built with recent versions of Clang. 4. Added a command-line argument (-copy icc) to jpegtran that causes it to copy only the ICC profile markers from the source file and discard any other metadata. 5. libjpeg-turbo should now build and run on CHERI-enabled architectures, which use capability pointers that are larger than the size of size_t. 6. Fixed a regression introduced by 2.1 beta1[5] that caused a segfault in the 64-bit SSE2 Huffman encoder when attempting to losslessly transform a specially-crafted malformed JPEG image. ==== libmodulemd ==== Version update (2.12.1 -> 2.13.0) - Update to 2.13.0 + Add /data/demodularized/rpms list to modulemd and modulemd-packager formats. + modulemd-validator enables you to constrain a document type with a new "--type" option. + Reject invalid integers. Purely non-numeric values and negative numbers where an unsigned type is mandated by a specification raise a parser error now. + Handle a failed g_setenv() call in modulemd-validator. + Prevent from dereferencing a NULL pointer when reporting invalid subdocuments. + "modulemd-validator --version" command returns 0 exit code now. ==== libqmi ==== Version update (1.28.6 -> 1.28.8) Subpackages: libqmi-glib5 libqmi-tools - Update to version 1.28.8 * libqmi-glib: - Fix CTL "Set Data Format" output TLV prerequisites. - Fix double free in the qmiwwan based net port manager. ==== okular ==== Subpackages: okular-spectre - Disable lto for ppc64 builds.