Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20210106 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (20.2.4 -> 20.3.2) Mesa-drivers (20.2.4 -> 20.3.2) NetworkManager busybox (1.32.0 -> 1.32.1) libebml (1.4.0 -> 1.4.1) libstorage-ng (4.3.76 -> 4.3.78) nodejs14 (14.15.3 -> 14.15.4) openssh tlp virt-manager xen (4.14.1_02 -> 4.14.1_05) yast2-pkg-bindings (4.3.4 -> 4.3.5) === Details === ==== Mesa ==== Version update (20.2.4 -> 20.3.2) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 20.3.2 * third bugfix release for the 20.3 branch - drm and surfaceless are not specified as platforms anymore, remove them from egl_platforms ==== Mesa-drivers ==== Version update (20.2.4 -> 20.3.2) Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - update to 20.3.2 * third bugfix release for the 20.3 branch - drm and surfaceless are not specified as platforms anymore, remove them from egl_platforms ==== NetworkManager ==== Subpackages: NetworkManager-lang libnm0 typelib-1_0-NM-1_0 - Second attempt to exclude systemd.automount from nfs processing: fix boo#1116625 ==== busybox ==== Version update (1.32.0 -> 1.32.1) Subpackages: busybox-static - Update to version 1.32.1 - fixes a case where in ash, "wait" never finishes. - sendmail-ignore-F-option.patch: ignore -F option as used by cron (workaround for [bbn#13426]) ==== libebml ==== Version update (1.4.0 -> 1.4.1) - Update to version 1.4.1 * Fixed a case EbmlMaster::Read where the element returned via UpperEltFound and FountElt points to a just-deleted element, causing callers to think the memory returned is valid, potentially leading to use-after-free/double-free errors. This can happen if the specific element's Read function throws an exception when encountering certain invalid data constellations. ==== libstorage-ng ==== Version update (4.3.76 -> 4.3.78) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Finnish) (bsc#1149754) - 4.3.78 - Translated using Weblate (Russian) (bsc#1149754) - 4.3.77 ==== nodejs14 ==== Version update (14.15.3 -> 14.15.4) Subpackages: npm14 - New upstream LTS version 14.15.4: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Support /usr/etc/pam.d ==== tlp ==== Subpackages: tlp-rdw - Use the same value for TLP_ULIB in the %build phase and the %install phase (boo#1180495): + BuildRequire pkgconfig(udev) + Use pkg-config --variable udev_dir udev for the value of TLP_ULIB. ==== virt-manager ==== Subpackages: virt-install virt-manager-common - bsc#1180062 - virt-install uses isoinfo. Include mkisofs in the spec file. virt-manager.spec ==== xen ==== Version update (4.14.1_02 -> 4.14.1_05) Subpackages: xen-libs xen-tools xen-tools-domU - Update libxl.set-migration-constraints-from-cmdline.patch Remove code which handled --max_factor. The total amount of transferred data is no indicator to trigger the final stop+copy. This should have been removed during upgrade to Xen 4.7. Fix off-by-one in --max_iters, it caused one additional copy cycle. Reduce default value of --max_iters from 5 to 2. The workload within domU will continue to produce dirty pages. It is unreasonable to expect any slowdown during migration. Now there is one initial copy of all memory, one instead of four iteration for dirty memory, and a final copy iteration prior move. ==== yast2-pkg-bindings ==== Version update (4.3.4 -> 4.3.5) - Set the previous "distro_target" option when restarting the package manager (bsc#1176275), fixes upgrade from SLE12 via SMT - 4.3.5