Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20230121 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa Mesa-drivers MozillaFirefox (108.0.2 -> 109.0) container-selinux (2.188.0 -> 2.198.0) crash ctags ddclient fwupd git (2.39.0 -> 2.39.1) gnome-software highway (1.0.2 -> 1.0.3) icewm (3.2.2 -> 3.3.0) iptables (1.8.8 -> 1.8.9) kernel-firmware libeconf (0.5.0 -> 0.5.1) libinput (1.22.0 -> 1.22.1) libksane libreoffice (7.4.3.2 -> 7.4.4.2) libspectre (0.2.11 -> 0.2.12) libxmlb libzypp-plugin-appdata (1.0.1+git.20220816 -> 1.0.1+git.20230117) llvm15 (15.0.6 -> 15.0.7) mozilla-nss (3.85 -> 3.86) mozjs102 (102.6.0 -> 102.7.0) multipath-tools netpbm raspberrypi-firmware (2022.12.12 -> 2023.01.18) raspberrypi-firmware-config (2022.12.12 -> 2023.01.18) raspberrypi-firmware-dt (2022.12.21 -> 2023.01.20) rubygem-ruby-dbus (0.18.1 -> 0.19.0) salt tcpdump (4.99.2 -> 4.99.3) thunar (4.18.2 -> 4.18.3) tpm2-0-tss translation-update u-boot-rpiarm64 (2022.10 -> 2023.01) xfce4-notifyd (0.6.5 -> 0.7.1) xfce4-whiskermenu-plugin (2.7.1 -> 2.7.2) xfdesktop (4.18.0 -> 4.18.1) xfsprogs (6.1.0 -> 6.1.1) yast2 (4.5.21 -> 4.5.22) yast2-network (4.5.11 -> 4.5.12) zlib (1.2.12 -> 1.2.13) === Details === ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Add support for Rusticl - Mesa's new OpenCL implementation. * See https://docs.mesa3d.org/rusticl You will need to set your environment to use it * See https://docs.mesa3d.org/envvars#rusticl-environment-variables - Compile with gcc12 on Leaps: building drivers fails with: /usr/include/dxguids/dxguids.h:70:1: internal compiler error: in cxx_eval_bit_field_ref, at cp/constexpr.c:2578 - Fix some deprecation warnings * WARNING: option "false" deprecated, please use "disabled" instead. * WARNING: option "true" deprecated, please use "enabled" instead. ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Add support for Rusticl - Mesa's new OpenCL implementation. * See https://docs.mesa3d.org/rusticl You will need to set your environment to use it * See https://docs.mesa3d.org/envvars#rusticl-environment-variables - Compile with gcc12 on Leaps: building drivers fails with: /usr/include/dxguids/dxguids.h:70:1: internal compiler error: in cxx_eval_bit_field_ref, at cp/constexpr.c:2578 - Fix some deprecation warnings * WARNING: option "false" deprecated, please use "disabled" instead. * WARNING: option "true" deprecated, please use "enabled" instead. ==== MozillaFirefox ==== Version update (108.0.2 -> 109.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 109.0 MFSA 2023-01 (bsc#1207119) * CVE-2023-23597 (bmo#1538028) Logic bug in process allocation allowed to read arbitrary files * CVE-2023-23598 (bmo#1800425) Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599 (bmo#1777800) Malicious command could be hidden in devtools output on Windows * CVE-2023-23600 (bmo#1787034) Notification permissions persisted between Normal and Private Browsing on Android * CVE-2023-23601 (bmo#1794268) URL being dragged from cross-origin iframe into same tab triggers navigation * CVE-2023-23602 (bmo#1800890) Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers * CVE-2023-23603 (bmo#1800832) Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive * CVE-2023-23604 (bmo#1802346) Creation of duplicate <code>SystemPrincipal</code> from less secure contexts * CVE-2023-23605 (bmo#1764921, bmo#1802690, bmo#1806974) Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 * CVE-2023-23606 (bmo#1764974, bmo#1798591, bmo#1799201, bmo#1800446, bmo#1801248, bmo#1802100, bmo#1803393, bmo#1804626, bmo#1804971, bmo#1807004) Memory safety bugs fixed in Firefox 109 - requires NSS 3.86 - rebased patches ==== container-selinux ==== Version update (2.188.0 -> 2.198.0) - Update to version 2.198.0: * Fix spc_t transition rules on tmpfs_t - Changes from 2.197.0: * Add boolean containers_use_ecryptfs policy - Changes from 2.195.1: * Readd missing allow rules for container_t - Changes from 2.194.0: * Allow syslogd_t to use tmpfs files created by container runtime - Changes from 2.193.0: * Allow containers to mount tmpfs_t file systems * Label spc_t as a init initrc daemon * Allow userdomains to run containers - Changes from 2.191.0: * Create container_logwriter_t type - Changes from 2.190.1: * Support BuildKit * container.fc: Set label for kata-agent * support nerdctl - Changes from 2.190.0: * Packit: initial enablement * Allow iptables to list directories labeled as container_file_t - Changes from 2.189.0: * Dont audit searching other processes in /proc. ==== crash ==== - Added crash-trace-2021-02-08.tar.bz2 and modified project to create the crash-trace package. If installed with crash installed the extension can be used for diagnosing kernel trace data. ==== ctags ==== - CVE-2022-4515.patch: fixes arbitrary command execution via a tag file with a crafted filename (bsc#1206543, CVE-2022-4515) - Stop resetting ctags update-alternative priority back to auto. These are admin settings. - Remove u-a links in the correct scriptlet ==== ddclient ==== - Add curl as BuildRequires/Requires to be able to use the '-curl' option (eg. in DDCLIENT_OPTIONS in /etc/sysconfig/ddclient). ==== fwupd ==== Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Fix error generating grub.cfg when an update is available. + uefi-capsule-Do-not-call-grub2-probe-without-argumen.patch ==== git ==== Version update (2.39.0 -> 2.39.1) Subpackages: git-core git-email git-gui git-svn git-web gitk perl-Git - git 2.39.1, fixing two security issues that could allow remote code execution when accessing specially crafted repositories: * CVE-2022-41903: log format integer overflow boo#1207033 * CVE-2022-23521: gitattributed parsing integer overflow boo#1207032 ==== gnome-software ==== Subpackages: gnome-software-plugin-packagekit - Also add download.opensuse.org-non-oss (NON-OSS repo) download.opensuse.org-oss (OSS repo), and download.opensuse.org-tumbleweed (Update repo) to software-opensuse.gschema.override, declaring them also official repositories (the names match the ones picked by the NET installer). ==== highway ==== Version update (1.0.2 -> 1.0.3) - Update to release 1.0.3 * Add RearrangeToOddPlusEven, Xor3, 8-bit CompressStore, HWY_ASSUME * Add contrib/bit_pack for 8/16-bit lanes * Update for new RVV intrinsics; faster WASM min/max and extmul/q15mul ==== icewm ==== Version update (3.2.2 -> 3.3.0) Subpackages: icewm-config-upstream icewm-default icewm-lang icewm-lite - Update to 3.3.0: * Prevent a derefence of a null-Pixel in xftColor. * Add "getClass" and "setClass" commands to icesh. * Support tabs in task grouping. * Use spaces instead of dots when printing WM_COMMAND. * When a focused window hides or rolls up, focus some other window. * When looking for a focusable window, avoid rolled up windows. * Fix for setting focus on passive motif dialogs * Fallback to rolled up windows in the second pass of getLastFocus. * Use CurrentTime when setting focus to a passive client in the timeout. * On icon not found, report dimensions. * Don't refocus a focused window in focusLastWindow. * Don't activate an active window when receiving an activation message. * Ignore duplicate map requests. * Let icesh implicitly select windows at most once. * Add support for nanosvg for issue #695. * Add preference ToolTipIcon=1 for issue #637. * Add nanosvg to .gitignore. * Remove unneeded logevent from icesh. - Remove unknown options from configure - Rebase icewm-preferences.patch - update to 3.2.3: * Only freeze the task pane layout when a button was removed, * which fixes the KeySysWorkspaceNext+Prev+Last bug. * Ensure that a task button is updated once it is mapped, * which prevents stale task button titles. * Show a big icon in the tooltip of a toolbar button and the tray. * All of the winoptions are now fully tab-aware. * More documentation about tabbing in the icewm manpage. * Document the "workspace" directory for icons on workspace buttons. * Add "loadicon" and "saveicon" commands to icesh. * Updated translations: Catalan, Dutch, Slovak, Japanese, * Portuguese + Brazil, Macedonian. ==== iptables ==== Version update (1.8.8 -> 1.8.9) Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - Update to release 1.8.9 * arptables-nft: Support --exact flag * Support more chunk types in the "sctp" extension * Print `--` in ip6tables' "opt" column for consistency with iptables * More verbose error messages if iptables-nft-restore fails * Support `-p Length` with ebtables-nft, needed for 802_3 extension. ==== kernel-firmware ==== Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Correct alias list for ACPI entries (bsc#1207211) ==== libeconf ==== Version update (0.5.0 -> 0.5.1) - Update to version 0.5.1: * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless there is a /etc/_example_._suffix_ file. (#175) ==== libinput ==== Version update (1.22.0 -> 1.22.1) Subpackages: libinput-udev libinput10 - Update to release 1.22.1: * This version includes quirks for laptops from Apple and Dell, as well as for the Glorious Model 0 mouse. It also backports a meson fix for use of libinput as subproject and a fix for libinput debug-events not flushing the output, resulting in truncated information. * Finally, the tablet touch arbitration rectangle was increased by 50mm in both directions to reduce the number of misdetected touches. - Use ldconfig_scriptlets macro for post(un) handling. ==== libksane ==== Subpackages: libKF5Sane5 libksane-lang - Add patch to avoid -devel depending on KSaneCore: * 0001-Don-t-search-for-KSane-Core-in-KF5SaneConfig.patch ==== libreoffice ==== Version update (7.4.3.2 -> 7.4.4.2) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 7.4.4.2: https://wiki.documentfoundation.org/Releases/7.4.4/RC2 https://wiki.documentfoundation.org/Releases/7.4.4/RC1 - Updated bundled dependencies: * poppler-22.09.0.tar.xz -> poppler-22.12.0.tar.xz ==== libspectre ==== Version update (0.2.11 -> 0.2.12) - update to 0.2.12: * This is another bugfix only release in the libspectre's 0.2 series. * Fix exporting to PDF with newer ghostscript (Albert Astals Cid) ==== libxmlb ==== - build hwcaps optimized libraries ==== libzypp-plugin-appdata ==== Version update (1.0.1+git.20220816 -> 1.0.1+git.20230117) - Update to version 1.0.1+git.20230117: * InstallAppdata: use subprocess.run instead of os.system (CVE-2023-22643) - Update to version 1.0.1+git.20220909: * Add dist directory, for openSUSE packaging ==== llvm15 ==== Version update (15.0.6 -> 15.0.7) Subpackages: clang-tools clang15 libLLVM15 libclang-cpp15 libclang13 llvm15-gold - Update to version 15.0.7. * This release contains bug-fixes for the LLVM 15.0.0 release. This release is API and ABI compatible with 15.0.0. - Rebase llvm-do-not-install-static-libraries.patch. - Build stage 2 with -fno-plt on x86_64: since building with - Wl,-z,now the PLT stubs are basically dead code, so eliminating the indirection reduces the number of branches and improves code locality for the quite frequent cross-DSO calls. - Add llvm-workaround-superfluous-branches.patch: hints LLVM to eliminate branches until gh#llvm/llvm-project#28804 is solved. ==== mozilla-nss ==== Version update (3.85 -> 3.86) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.86 * bmo#1803190 - conscious language removal in NSS * bmo#1794506 - Set nssckbi version number to 2.60 * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS * bmo#1797559 - Remove EC-ACC root cert from NSS * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS * bmo#1794495 - Remove Network Solutions Certificate Authority * bmo#1802331 - compress docker image artifact with zstd * bmo#1799315 - Migrate nss from AWS to GCP * bmo#1800989 - Enable static builds in the CI * bmo#1765759 - Removing SAW docker from the NSS build system * bmo#1783231 - Initialising variables in the rsa blinding code * bmo#320582 - Implementation of the double-signing of the message for ECDSA * bmo#1783231 - Adding exponent blinding for RSA. ==== mozjs102 ==== Version update (102.6.0 -> 102.7.0) - Update to version 102.7.0: + Various stability, functionality, and security fixes. + CVE-2022-46871: libusrsctp library out of date. + CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux. + CVE-2023-23599: Malicious command could be hidden in devtools output on Windows. + CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation. + CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers. + CVE-2022-46877: Fullscreen notification bypass. + CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive. + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7. ==== multipath-tools ==== Subpackages: kpartx libmpath0 - Fix "rpm --verify" (bsc#1207232) ==== netpbm ==== Subpackages: libnetpbm11 - Drop patch big-endian.patch, already in upstream since 10.87.00 ==== raspberrypi-firmware ==== Version update (2022.12.12 -> 2023.01.18) - Update to 2578acb89 (2023-01-18): * kernel: overlays: i2c-sensor: Add mpu6050 and mpu9250 See: raspberrypi/linux#5325 * firmware: arm_dispmanx: Correct support for NV21, and add support for YV16 See: #1767 * firmware: arm_dispmanx: Fix FKMS to adopt pre-multiplied alpha See: #1773 * firmware: hdmi_2711: Make some clock setup unconditional so booting without hdmi setup is possible See: https://forums.raspberrypi.com/viewtopic.php?t=345362 * firmware: Actually rebuild firmware described in previous commit * firmware: Add D flag to video= cmdline option when hotplug is forced See: https://forums.raspberrypi.com/viewtopic.php?p=2067109#p2067109 ==== raspberrypi-firmware-config ==== Version update (2022.12.12 -> 2023.01.18) - Update to 2578acb89 (2023-01-18): * kernel: overlays: i2c-sensor: Add mpu6050 and mpu9250 See: raspberrypi/linux#5325 * firmware: arm_dispmanx: Correct support for NV21, and add support for YV16 See: #1767 * firmware: arm_dispmanx: Fix FKMS to adopt pre-multiplied alpha See: #1773 * firmware: hdmi_2711: Make some clock setup unconditional so booting without hdmi setup is possible See: https://forums.raspberrypi.com/viewtopic.php?t=345362 * firmware: Actually rebuild firmware described in previous commit * firmware: Add D flag to video= cmdline option when hotplug is forced See: https://forums.raspberrypi.com/viewtopic.php?p=2067109#p2067109 ==== raspberrypi-firmware-dt ==== Version update (2022.12.21 -> 2023.01.20) - Update to 194f76d49a89 (2023-01-20) ==== rubygem-ruby-dbus ==== Version update (0.18.1 -> 0.19.0) - 0.19.0 API: * Added a ObjectManager mix-in to implement the service-side ObjectManager interface. Bug fixes: * dbus_attr_accessor and friends validate the signature * (gh#mvidner/ruby-dbus#120). * Declare the Introspectable interface in exported * objects (gh#mvidner/ruby-dbus#99). * Do reply with an error when calling a nonexisting object with an existing path prefix (gh#mvidner/ruby-dbus#121). ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Control the collection of lvm grains via config (bsc#1204939) - Added: * control-the-collection-of-lvm-grains-via-config.patch ==== tcpdump ==== Version update (4.99.2 -> 4.99.3) - update to 4.99.3: * Updated printers: PTP: Use the proper values for the control field and print un-allocated values for the message field as "Reserved" instead of "none". * Source code: smbutil.c: Replace obsolete function call (asctime) * Documentation: Reformat the installation notes (INSTALL.txt) in Markdown. Convert CONTRIBUTING to Markdown. CONTRIBUTING.md: Document the use of "protocol: " in a commit summary. Add a README file for NetBSD. Fix CMake build to set man page section numbers in tcpdump.1 ==== thunar ==== Version update (4.18.2 -> 4.18.3) Subpackages: libthunarx-3-0 thunar-lang - Update to 4.18.3: * Prevent critical when changing directory (gxo#xfce/thunar#1014) * Keep hidden toolbar hidden after Ctrl+L (gxo#xfce/thunar#1011) * Prevent jumping cursor on file deletion (gxo#xfce/thunar#910) * Prevent Critical when file counting is enabled * Properly handle resident thunar plugins (gxo#xfce/thunar#1007) * Translation Updates ==== tpm2-0-tss ==== Subpackages: libtss2-esys0 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tctildr0 - add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large RC values passed to the TSS2 function could lead to memory overread or memory overread. This patch is not yet part of any upstream git tag. ==== translation-update ==== - Update translation list (add az, ms and oc). ==== u-boot-rpiarm64 ==== Version update (2022.10 -> 2023.01) Subpackages: u-boot-rpiarm64-doc - Remove obsolete riscv64 libgcc hack - Update to 2023.01: * Full changelog available at: https://source.denx.de/u-boot/u-boot/-/compare/v2022.10...v2023.01 ==== xfce4-notifyd ==== Version update (0.6.5 -> 0.7.1) Subpackages: xfce4-notifyd-lang - Update to 0.7.1: * Fix incorrect usage of XDT_CHECK_OPTIONAL_PACKAGE * Properly validate markup * Update glade file to remove use of deprecated properties * Support the 'action-icons' hint * Add support for notification sounds * Clean up notification ID storage * Return replaces_id if provided * Remove xfconf prop name define duplication * Add ability to disallow certain apps to send critical notifications * Add a context menu that allows individual known application deletion * Fix a slide-out loop when the mouse pointer is in the way * Add option to hide panel button when no unread notifications * Remove more pre-GTK-3.22 guards * Bump GTK minimum to 2.22 and remove/ifdef X11-isms * Support Wayland * Don't set a nonsensical icon name * Clean up xfce_notify_window_set_icon_pixbuf() * xfce_notify_window_set_icon_pixbuf() shouldn't take ownership * Move urgency hint fetch inside check for correct type * DRY up the configuration handling * Add pref to show summary & body with gauge values * Update glade file to latest version * settings: Disable single click to mute apps (gxo#apps/xfce4-notifyd#5) * Do not treat zero expiration time as urgent * Add compile_flags.txt generation * Fix incorrect icon name for preview notification * Fix blurry icons when UI scale factor > 1 * build: Let xdt-depends.m4 macros set GLib macros * Translation Updates ==== xfce4-whiskermenu-plugin ==== Version update (2.7.1 -> 2.7.2) Subpackages: xfce4-whiskermenu-plugin-lang - Update to version 2.7.2 * Fix missing version number * Fix memory leak when adding launchers to panel * Fix skipping first treeview item when switching modes * Fix clipping when changing application icon size * Fix missing NULL checks with String class * Use Thunar for adding launchers to desktop * Translation Updates ==== xfdesktop ==== Version update (4.18.0 -> 4.18.1) Subpackages: xfdesktop-lang - Update to version 4.18.1: * Load removable volume information asynchronously * Fix apps menu not popping up when menu icons disabled * Translation Updates ==== xfsprogs ==== Version update (6.1.0 -> 6.1.1) Subpackages: libhandle1 xfsprogs-scrub - update to 6.1.1: - scrub: fix warnings/errors due to missing include - debian: Add missing pkg version to the changelog ==== yast2 ==== Version update (4.5.21 -> 4.5.22) Subpackages: yast2-logs - Replace transitional %usrmerged macro with regular version check (boo#1206798) - 4.5.22 ==== yast2-network ==== Version update (4.5.11 -> 4.5.12) - Copy only the specific backend configuration to the target system having a clean installation (bsc#1206723) - 4.5.12 ==== zlib ==== Version update (1.2.12 -> 1.2.13) Subpackages: libminizip1 libz1 zlib-devel - Update to 1.13: * Fix configure issue that discarded provided CC definition * Correct incorrect inputs provided to the CRC functions * Repair prototypes and exporting of new CRC functions * Fix inflateBack to detect invalid input with distances too far * Have infback() deliver all of the available output up to any error * Fix a bug when getting a gzip header extra field with inflate() * Fix bug in block type selection when Z_FIXED used * Tighten deflateBound bounds * Remove deleted assembler code references * Various portability and appearance improvements - Added patches: * zlib-1.2.13-IBM-Z-hw-accelerated-deflate-s390x.patch * zlib-1.2.13-fix-bug-deflateBound.patch * zlib-1.2.13-optimized-s390.patch - Refreshed patches: * zlib-1.2.12-add-optimized-slide_hash-for-power.patch * zlib-1.2.12-add-vectorized-longest_match-for-power.patch * zlib-1.2.12-s390-vectorize-crc32.patch - Removed patches: * zlib-1.2.12-fix-configure.patch * zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch * zlib-1.2.12-optimized-crc32-power8.patch * zlib-1.2.12-correct-inputs-provided-to-crc-func.patch * zlib-1.2.12-fix-CVE-2022-37434.patch * zlib-1.2.11-optimized-s390.patch