Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20230315 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: AppStream Mesa Mesa-drivers PackageKit SDL2 (2.26.3 -> 2.26.4) apache2-mod_php8 branding-openSUSE (84.87.20210910 -> 84.87.20230227) ffmpeg-5 flac fmt git (2.39.2 -> 2.40.0) grub2 iso-codes (4.12.0 -> 4.13.0) kbd (2.4.0 -> 2.5.1) kernel-firmware (20230210 -> 20230313) lame libcamera libguestfs libjpeg-turbo libstorage-ng (4.5.83 -> 4.5.85) libvirt libvorbis microos-tools (2.18 -> 2.19) mozilla-nss (3.87 -> 3.88.1) mozjs102 (102.8.0 -> 102.9.0) mutter ncurses (6.4.20230225 -> 6.4.20230311) nftables (1.0.6 -> 1.0.7) nodejs19 openexr (3.1.5 -> 3.1.6) osinfo-db (20221130 -> 20230308) pam-config (1.8 -> 1.9) pam_kwallet perl-Net-DNS (1.36 -> 1.37) perl-Net-Server (2.013 -> 2.014) php8 python-cryptography (39.0.1 -> 39.0.2) python310 python310-core rubygem-excon (0.94.0 -> 0.99.0) rubygem-rack-2.2 (2.2.6.2 -> 2.2.6.4) sqlite3 totem vim whois (5.5.15 -> 5.5.16) xz yast2-add-on (4.6.0 -> 4.6.1) yast2-installation (4.6.0 -> 4.6.1) yast2-storage-ng (4.6.0 -> 4.6.1) yast2-trans (84.87.20230306.ba31ff5670 -> 84.87.20230312.2a5006f40f) zvbi (0.2.39 -> 0.2.41) === Details === ==== AppStream ==== Subpackages: libAppStreamQt2 libappstream4 - Add upstream fix for new glib-2.76: * bfa8fa6ac4ef645368a93384a6c16ac551a40922.patch ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch * reverse apply this patch to fix a regression caused by this commit, which resulted in gnome-shell constantly crashing, which is making a GNOME/X11 session impossible (boo#1209005) ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch * reverse apply this patch to fix a regression caused by this commit, which resulted in gnome-shell constantly crashing, which is making a GNOME/X11 session impossible (boo#1209005) ==== PackageKit ==== Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Add PackageKit-fix-pkcon-permission.patch: trivial: Drop unnecessary x permission (gh#PackageKit/PackageKit/commit/47b7f97bc, bsc#1209138) ==== SDL2 ==== Version update (2.26.3 -> 2.26.4) - Update to release 2.26.4 * Fixed using older game controller mappings on Linux ==== apache2-mod_php8 ==== - update to newest systzdata patch [bsc#1208199] - deleted patches - php-systzdata-v21.patch (upstreamed) - added patches fix use of the system timezone database + php-systzdata-v23.patch ==== branding-openSUSE ==== Version update (84.87.20210910 -> 84.87.20230227) Subpackages: grub2-branding-openSUSE libreoffice-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE - Make title QToolButton backgrounds transparent - Drop optipng requirement ==== ffmpeg-5 ==== Subpackages: libavcodec59 libavdevice59 libavfilter8 libavformat59 libavutil57 libpostproc56 libswscale6 - Add soname.diff to get libswresample4 nonconflicting with ffmpeg-6. - Actually enable libjxl backend ==== flac ==== Subpackages: libFLAC++10 libFLAC12 - Build AVX2 enabled hwcaps library for x86_64-v3 ==== fmt ==== - Use -ffloat-store as a fix for excessive precision provided by X87 on i686 target (https://github.com/fmtlib/fmt/issues/3337). ==== git ==== Version update (2.39.2 -> 2.40.0) Subpackages: git-core git-email git-gui git-svn git-web gitk perl-Git - git 2.40.0: * backward incompatible change: The format.attach configuration variable lacked a way to override a value defined in a lower-priority configuration file (e.g. the system one) by redefining it in a higher-priority configuration file. Now, setting format.attach to an empty string means show the patch inline in the e-mail message, without using MIME attachment. * multiple commands and workflows gained additional options, compatible functionality, or more helpful output * "grep -P" learned to use Unicode Character Property to grok character classes when processing \b and \w etc. * under-the-hood improvements and bug fixes - The scripted "git add -p/-i" implementation was removed upstream. The openSUSE package already preferred the C implementation. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Discard cached key from grub shell and editor mode * 0001-clean-up-crypttab-and-linux-modules-dependency.patch * 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch ==== iso-codes ==== Version update (4.12.0 -> 4.13.0) Subpackages: iso-codes-lang - update to version 4.13.0: + ISO 3166-1: Add missing common names for Laos, Iran, and Syria. + ISO 3166-3: Fix withdrawal dates of AN, CS and YU. + Updated translations. ==== kbd ==== Version update (2.4.0 -> 2.5.1) Subpackages: kbd-legacy - Update to version 2.5.1 - Add Irish keyboard map - Add PinePhone keyboard keymap - Added braces to IT keyboard map - Add Euro at Portuguese keyboards - Fix incorrect acentuation pt-latin9 - fa.map: drop high codepoint character that chokes loadkeys - data/keymaps/i386/neo: use Delete instead of Backspace - Fix documentation for a few program options - Fix some memory leaks - Update translations - autogen.sh missing from release tarball, copy from git - Remove upstreamed patches - 0001-libkfont-Initialize-kfont_context-options.patch - kbd-1.15.2-dumpkeys-C-opt.patch - kbd-2.0.2-comment-typo-qwerty.patch ==== kernel-firmware ==== Version update (20230210 -> 20230313) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20230313 (git commit 5bc279fb161d): * iwlwifi: update core69 and core72 firmwares for So device * qat: update licence text * rtl_bt: Update RTL8822C BT USB firmware to 0x0CC6_D2E3 * rtl_bt: Update RTL8822C BT UART firmware to 0x05C6_D2E3 * WHENCE: remove duplicate File entries * WHENCE: remove trailing white space * linux-firmware: add fw for qat_4xxx (jsc#PED-3699) * Fix symlinks for Intel firmware * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * linux-firmware: update firmware for MT7921 WiFi device * iwlwifi: update core69 and core72 firmwares for Ty device * rtlwifi: Add firmware v16.0 for RTL8710BU aka RTL8188GU * brcm: Add nvram for the Lenovo Yoga Book X90F / X90L convertible * brcm: Fix Xiaomi Inc Mipad2 nvram/.txt file macaddr * brcm: Add nvram for the Advantech MICA-071 tablet * rtl_bt: Update RTL8852C BT USB firmware to 0xD7B8_FABF * rtl_bt: Add firmware and config files for RTL8821CS * rtw89: 8852b: update fw to v0.29.29.0 * rtw89: 8852b: update fw to v0.29.26.0 * liquidio: remove lio_23xx_vsw.bin * intel: avs: Add AudioDSP base firmware for CNL-based platforms * intel: avs: Add AudioDSP base firmware for APL-based platforms * intel: avs: Add AudioDSP base firmware for SKL-based platforms * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: WCN6750 hw1.0: update board-2.bin * ath11k: IPQ5018 hw1.0: add to WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ5018 hw1.0: add board-2.bin * ath10k: QCA6174 hw3.0: update firmware-sdio-6.bin to version WLAN.RMH.4.4.1-00174 * ath10k: WCN3990 hw1.0: update board-2.bin * cnm: update chips&media wave521c firmware. * amdgpu: Update GC 11.0.1 firmware * intel: catpt: Add AudioDSP base firmware for BDW platforms - Update topics for catpt/avs - Update aliases - Update spec template ==== lame ==== Subpackages: libmp3lame0 - Build AVX2 enabled hwcaps library for x86_64-v3 ==== libcamera ==== Subpackages: libcamera-base0_0_4 libcamera0_0_4 - Disable warning in silent-Werror_dangling-reference.patch based compiler version. - Add silent-Werror_dangling-reference.patch that addressed a false-positive warning in GCC: https://bugs.libcamera.org/show_bug.cgi?id=185. ==== libguestfs ==== Subpackages: libguestfs-xfs libguestfs0 - Configure with --enable-appliance-format-auto to allow qcow2-format fixed appliances. ==== libjpeg-turbo ==== Subpackages: libjpeg8 libturbojpeg0 - Build AVX2 enabled hwcaps library for x86_64-v3 ==== libstorage-ng ==== Version update (4.5.83 -> 4.5.85) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#918 - allow trailing space when parsing btrfs version (bsc#1209252) - 4.5.85 - merge gh#openSUSE/libstorage-ng#917 - extended error logging - 4.5.84 ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-libs - libxl: Support custom firmware paths bf3be5b7-libxl-Support-custom-firmware-path.patch, 705525cb-libxl-Support-custom-firmware-path-conversion.patch bsc#1209161 - spec: Move ovmf dependency to correct package ==== libvorbis ==== Subpackages: libvorbis0 libvorbisenc2 libvorbisfile3 - Build AVX2 enabled hwcaps library for x86_64-v3 - Small spec file cleanup ==== microos-tools ==== Version update (2.18 -> 2.19) - Update URL - Update to version 2.19: - configure.ac: Run autoupdate to fix some deprecation warnings - Clean up selinux-autorelabel-generator and make it compatible with systemd 253 ==== mozilla-nss ==== Version update (3.87 -> 3.88.1) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.88.1 * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types - update to NSS 3.88 * bmo#1815870 - use a different treeherder symbol for each docker image build task * bmo#1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images * bmo#1810702 - remove nested table in rst doc * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. * bmo#1812671 - build failure while implicitly casting SECStatus to PRUInt32 * bmo#1212915 - Add check for ClientHello SID max length * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim * bmo#1790357 - ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * bmo#1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * bmo#1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * bmo#1771100 - Added Bogo ECH rejection test support * bmo#1771100 - Added ECH 0Rtt support to BoGo shim * bmo#1747957 - RSA OAEP Wycheproof JSON * bmo#1747957 - RSA decrypt Wycheproof JSON * bmo#1747957 - ECDSA Wycheproof JSON * bmo#1747957 - ECDH Wycheproof JSON * bmo#1747957 - PKCS#1v1.5 wycheproof json * bmo#1747957 - Use X25519 wycheproof json * bmo#1766767 - Move scripts to python3 * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz. * bmo#1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * bmo#1804091 - NSS needs to move off of DSA for integrity checks * bmo#1805815 - Add initial testing with ACVP vector sets using acvp-rust * bmo#1806369 - Don't clone libFuzzer, rely on clang instead ==== mozjs102 ==== Version update (102.8.0 -> 102.9.0) - Update to version 102.9.0: + Various security fixes. + CVE-2023-25751: Incorrect code generation during JIT compilation. + CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. + CVE-2023-28162: Invalid downcast in Worklets. + CVE-2023-25752: Potential out-of-bounds when accessing throttled streams. + CVE-2023-28163: Windows Save As dialog resolved environment variables. + CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9. ==== mutter ==== - Add mutter-prevent-newly-focused-windows-to-steal-focus-from-shell.patch: Revert wrong commit and try a third approach to fix focus (bsc#1208494). ==== ncurses ==== Version update (6.4.20230225 -> 6.4.20230311) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230311 + improve manpage description for addch versus unctrl format used for non-printable characters. + modify version-check for gcc/g++, now works for msys2. + modify check in _nc_write_entry() for multiply defined aliases to report problems within the current runtime of tic rather than for conflicts with pre-existing terminal descriptions. + allow for MinGW32-/64-bit configurations to use _DEFAULT_SOURCE + clarify interaction of -R option versus -C, -I and -r in infocmp manpage. + build-fix in lib_win32con.c (cf: 20230211). ==== nftables ==== Version update (1.0.6 -> 1.0.7) Subpackages: libnftables1 python3-nftables - Update to release 1.0.7 * Support for vxlan/geneve/gre/gretap matching * auto-merge support for partial set element deletion * Allow for NAT mapping with concatenation and ranges * Support for quota in sets ==== nodejs19 ==== Subpackages: npm19 - relax Requires to Suggests for alts on TW ==== openexr ==== Version update (3.1.5 -> 3.1.6) Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - update to 3.1.6: * NEON optimizations for ZIP reading * Enable fast Huffman & Huffman zig-zag transform for Arm Neon * Support relative and absolute libdir/includedir in pkg-config generation * Fix for reading memory mapped files with DWA compression * Enable SSE4 support on Windows * Fast huf decoder - Drop gcc13-fix.patch ==== osinfo-db ==== Version update (20221130 -> 20230308) - Update to database version 20230308 osinfo-db-20230308.tar.xz ==== pam-config ==== Version update (1.8 -> 1.9) - Update to version 1.9 - Add support for pam_lastlog2 ==== pam_kwallet ==== Subpackages: pam_kwallet-common - Add patches for handling edge cases and hardening: * 0001-Verify-that-XDG_RUNTIME_DIR-is-usable.patch * 0002-Don-t-do-anything-if-the-password-is-empty.patch * 0003-Exit-early-if-the-target-user-is-root.patch * 0004-Don-t-call-pam_sm_open_session-within-pam_sm_authent.patch ==== perl-Net-DNS ==== Version update (1.36 -> 1.37) - updated to 1.37 see /usr/share/doc/packages/perl-Net-DNS/Changes ==== perl-Net-Server ==== Version update (2.013 -> 2.014) - Remove patch fix-UDB-receiving-in-Fork-server.patch, has been fixed upstream. https://rt.cpan.org/Ticket/Display.html?id=146575 https://bugzilla.suse.com/show_bug.cgi?id=1206763 - updated to 2.014 see /usr/share/doc/packages/perl-Net-Server/Changes 2.014 Mar 14 2023 - Apply patch to Fork for UDP - Fix tests on perls without threads - Add fix-UDB-receiving-in-Fork-server.patch https://bugzilla.suse.com/show_bug.cgi?id=1206763 https://rt.cpan.org/Ticket/Display.html?id=146575 ==== php8 ==== Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - update to newest systzdata patch [bsc#1208199] - deleted patches - php-systzdata-v21.patch (upstreamed) - added patches fix use of the system timezone database + php-systzdata-v23.patch ==== python-cryptography ==== Version update (39.0.1 -> 39.0.2) - update to 39.0.2: * Fixed a bug where the content type header was not properly encoded for PKCS7 signatures when using the ``Text`` option and ``SMIME`` encoding. ==== python310 ==== Subpackages: python310-curses python310-dbm python310-tk - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). ==== python310-core ==== Subpackages: libpython3_10-1_0 python310-base - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). ==== rubygem-excon ==== Version update (0.94.0 -> 0.99.0) - updated to version 0.99.0 among other changes, a fix for bsc#1209175, yast2-docker: - fix for URI gem changes when host empty for unix urls ==== rubygem-rack-2.2 ==== Version update (2.2.6.2 -> 2.2.6.4) - updated to version 2.2.6.4 [CVE-2023-27539] Avoid ReDoS in header parsing - updated to version 2.2.6.3 [CVE-2023-27530] Possible DoS Vulnerability in Multipart MIME parsing ==== sqlite3 ==== Subpackages: libsqlite3-0 sqlite3-tcl - Build AVX2 enabled hwcaps library for x86_64-v3 ==== totem ==== Subpackages: totem-plugins - Drop obsolete and unused intltool, vala and pkgconfig(libepc-ui-1.0) BuildRequires. ==== vim ==== Subpackages: vim-data vim-data-common - Update spec.skeleton to use autosetup in place of setup macro. ==== whois ==== Version update (5.5.15 -> 5.5.16) - update to 5.5.16: * Add bash completion support, courtesy of Ville Skyttä. * Updated the .tr TLD server. * Removed support for -metu NIC handles. ==== xz ==== Subpackages: liblzma5 - Build AVX2 enabled hwcaps library for x86_64-v3 ==== yast2-add-on ==== Version update (4.6.0 -> 4.6.1) - Removed unnecessary executable flag from file add-on-workflow.rb (bsc#1209094) - 4.6.1 ==== yast2-installation ==== Version update (4.6.0 -> 4.6.1) - Removed unnecessary executable flag from file security_proposal.rb (bsc#1209094) - 4.6.1 ==== yast2-storage-ng ==== Version update (4.6.0 -> 4.6.1) - Removed unnecessary executable flags from files (bsc#1209094) - 4.6.1 ==== yast2-trans ==== Version update (84.87.20230306.ba31ff5670 -> 84.87.20230312.2a5006f40f) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20230312.2a5006f40f: * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * New POT for text domain 'online-update'. * Translated using Weblate (Javanese) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Javanese) * Translated using Weblate (Georgian) ==== zvbi ==== Version update (0.2.39 -> 0.2.41) - update to 0.2.41: * src/libzvbi.h: In libzvbi.h, remove #include version.h and replace with version number macros * po/*.po: Update Project-Id-Version.