Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20211128 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: autoyast2 (4.4.22 -> 4.4.23) ibmtss kdump libdrm (2.4.107 -> 2.4.109) libjpeg-turbo (2.1.1 -> 2.1.2) openvpn (2.5.3 -> 2.5.4) policycoreutils python-fastparquet (0.7.1 -> 0.7.2) python-packaging (21.2 -> 21.3) ruby2.7 (2.7.4 -> 2.7.5) ruby3.0 (3.0.2 -> 3.0.3) smartmontools wsdd (0.6.4 -> 0.7.0) yast2-bootloader (4.4.8 -> 4.4.9) yast2-installation (4.4.22 -> 4.4.23) === Details === ==== autoyast2 ==== Version update (4.4.22 -> 4.4.23) Subpackages: autoyast2-installation - During autoupgrade merge the selected product workflow in order to execute 2nd stage modules (bsc#1192437) - 4.4.23 ==== ibmtss ==== Subpackages: ibmtss-base libibmtss1 - Fix certificate list, run all tests. ==== kdump ==== - kdump-Store-kdump-initrd-in-kernel-image-path.patch: Fix kdumprd location for usrmerge kernels (boo#1190920). ==== libdrm ==== Version update (2.4.107 -> 2.4.109) Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1 - update to 2.4.109: * amdgpu: add new function to get fd * radeon: remove duplicate struct declaration * xf86drm: fix compiler warnings * ci fixes - update to 2.4.108: * amdgpu: add amdgpu_stress utility v2 * amdgpu: add marketing names from 21.30 * amdgpu: add new marketing name * amdgpu: Make marketing names consistent * amdgpu: use drmCloseBufferHandle * build: bump version to 2.4.108 * drm_fourcc: sync drm_fourcc with latest drm-next kernel * etnaviv: use drmCloseBufferHandle * exynos: use drmCloseBufferHandle * Fix -Werror=format build errors on FreeBSD * freedreno: use drmCloseBufferHandle * headers: drm: Sync with drm-next * intel: Do not assert on unknown chips in drm_intel_decode_context_alloc * intel: Drop legacy execbuffer support * intel: sync ADL-S PCI IDs with kernel * intel: Sync pci ids * intel: use drmCloseBufferHandle * man: refer to drmCloseBufferHandle instead of DRM_IOCTL_GEM_CLOSE * meson: Build libdrm.so as an unversioned lib on Android. * meson: Don't build libkms for Android. * nouveau: print bo address in the GPU/CPU vm and its size * nouveau: use drmCloseBufferHandle * omap: use drmCloseBufferHandle * radeon: use drmCloseBufferHandle * tegra: use drmCloseBufferHandle * test/amdgpu: Bob to Alice copy should be TMZ in secure bounce test * tests/amdgpu: Fix TMZ secure bounce test * xf86drm: add GEM_CLOSE ioctl wrapper * xf86drm: add iterator API for DRM/KMS IN_FORMATS blobs * xf86drm: fix mem leak in drm_usb_dev_path() * xf86drmMode: make drm_property_type_is arg const * xf86drmMode: simplify drm_property_type_is * xf86drmMode: switch to standard inline qualifier * xf86drm: Update drmGetFormatModifierNameFromArm to handle AFRC ==== libjpeg-turbo ==== Version update (2.1.1 -> 2.1.2) Subpackages: libjpeg8 libjpeg8-32bit libturbojpeg0 - update to 2.1.2: * Fixed a regression introduced by 2.1 beta1[13] that caused the remaining GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used by default with GCC for performance reasons) to be placed in the `.rodata` section rather than in the `.text` section. This caused the GNU linker to automatically place the `.rodata` section in an executable segment, which prevented libjpeg-turbo from working properly with other linkers and also represented a potential security risk. * Fixed an issue whereby the `tjTransform()` function incorrectly computed the MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus unduly rejected some cropping regions, even though those regions aligned with 8x8 MCU block boundaries. * Fixed a regression introduced by 2.1 beta1[13] that caused the build system to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy architectures that do not support Neon instructions. * libjpeg-turbo now performs run-time detection of AltiVec instructions on FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile time. This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be supported using the same build of libjpeg-turbo. * cjpeg now accepts a `-strict` argument similar to that of djpeg and jpegtran, which causes the compressor to abort if an LZW-compressed GIF input image contains incomplete or corrupt image data. ==== openvpn ==== Version update (2.5.3 -> 2.5.4) - update to 2.5.4: * fix prompting for password on windows console if stderr redirection is in use - this breaks 2.5.x on Win11/ARM, and might also break on Win11/adm64 when released. * fix setting MAC address on TAP adapters (--lladdr) to use sitnl (was overlooked, and still used "ifconfig" calls) * various improvements for man page building (rst2man/rst2html etc) * minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on at least one platform strictly checking this) * fix minor memory leak under certain conditions in add_route() and add_route_ipv6() * documentation improvements * copyright updates where needed * better error reporting when win32 console access fails ==== policycoreutils ==== Subpackages: policycoreutils-lang policycoreutils-python-utils python3-policycoreutils - finish UsrMerge (bsc#1191089) - Add run_init.pamd.patch to adjust to SUSE pam setup. Removed run_init_use_pam_keyinit.patch and included it in the new patch (bsc#1190098) ==== python-fastparquet ==== Version update (0.7.1 -> 0.7.2) - update to version 0.7.2: * Ability to remove row-groups in-place for multifile datasets * Accept pandas nullable Float type * allow empty strings and fix min/max when there is no data * make writing statistics optional * row selection in to_pandas() ==== python-packaging ==== Version update (21.2 -> 21.3) - update to 21.3: * Add a pp3-none-any tag (gh#pypa/packaging#311) * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion (gh#pypa/packaging#481), (gh#pypa/packaging#486) * Fix a spelling mistake (gh#pypa/packaging#479) ==== ruby2.7 ==== Version update (2.7.4 -> 2.7.5) Subpackages: libruby2_7-2_7 - update to 2.7.5 (boo#1193081 boo#1193080 boo#1193035) https://www.ruby-lang.org/en/news/2021/11/24/ruby-2-7-5-released/ - CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods - CVE-2021-41816: Buffer Overrun in CGI.escape_html - CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse ==== ruby3.0 ==== Version update (3.0.2 -> 3.0.3) Subpackages: libruby3_0-3_0 - update to 3.0.3 (boo#1193081 boo#1193080 boo#1193035) https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/ - CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods - CVE-2021-41816: Buffer Overrun in CGI.escape_html - CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse ==== smartmontools ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_smartd.service.patch Modified: * smartd_generate_opts.service ==== wsdd ==== Version update (0.6.4 -> 0.7.0) - Update sources - Version 0.7.0 * Using the server interface it is now possible to start and stop the host functionality (discoverable device) without terminating and restarting the daemon. * Support multiple IP addresses in 'hello' messages from other hosts (#89) * Support interfaces with IPv6-only configuration (#94) * Re-enable 'probe' command of API (#116) * Removed code marked as deprecated starting with Python 3.10. * The example systemd unit file now uses DynamicUser instead of the unsafe nobody:nobody combination. It also employs the rundir as chroot directory. * Code changed to use asyncio instead of selector-based * The server interface does not close connections after each command anymore. * For the 'list' command of the server interface, the list of discovered devices is terminated with a line containing only a single dot ('.') * Log device discovery only once per address and interface - Some systemd hardening ==== yast2-bootloader ==== Version update (4.4.8 -> 4.4.9) - bnc#1193016 - fixed crash due to missing require - 4.4.9 ==== yast2-installation ==== Version update (4.4.22 -> 4.4.23) - Remove no longer used extra warning about destructive actions before starting the installation process (related to bsc#1057437). - 4.4.23