Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20240202 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: 389-ds (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57) crypto-policies emacs (29.1 -> 29.2) glibc (2.38 -> 2.39) gstreamer (1.22.8 -> 1.22.9) gstreamer-plugins-bad (1.22.8 -> 1.22.9) gstreamer-plugins-base (1.22.8 -> 1.22.9) gstreamer-plugins-good (1.22.8 -> 1.22.9) gstreamer-plugins-libav (1.22.8 -> 1.22.9) gstreamer-plugins-ugly (1.22.8 -> 1.22.9) inxi (3.3.31 -> 3.3.32) libusb-1_0 (1.0.26 -> 1.0.27) libzio (1.08 -> 1.09) netpbm (11.2.0 -> 11.5.2) perl-gettext python-jmespath python-pip python-pytz (2023.3.post1 -> 2023.4) python-rpm python-setuptools (69.0.2 -> 69.0.3) salt strace systemd-presets-common-SUSE virt-v2v xen (4.18.0_04 -> 4.18.0_06) === Details === ==== 389-ds ==== Version update (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57) Subpackages: lib389 libsvrcore0 - Update to version 3.0.1~git1.1f95b57: * Issue 6061 - Certificate lifetime displayed as NaN * Bump version to 3.0.1 * Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045) * Issue 3555 - Remove audit-ci from dependencies (#6056) * Issue 6052 - Paged results test sets hostname to `localhost` on test collection * Issue 6051 - Drop unused pytest markers * Issue 6049 - lmdb - changelog is wrongly recreated by reindex task (#6050) * Issue 6047 - Add a check for tagged commits * Issue 6041 - dscreate ds-root - accepts relative path (#6042) * Switch default backend to lmdb and bump version to 3.0 (#6013) * Issue 6032 - Replication broken after backup restore (#6035) * Issue 6037 - Server crash at startup in vlvIndex_delete (#6038) * Issue 6034 - Change replica_id from str to int ==== crypto-policies ==== Subpackages: crypto-policies-scripts - avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros: we only need python3-base here, we don't need the python macros as no module is being built ==== emacs ==== Version update (29.1 -> 29.2) Subpackages: emacs-el emacs-eln emacs-info emacs-nox emacs-x11 etags - Update to GNU Emacs version 29.2 * Startup Changes in Emacs 29.2 On GNU/Linux, Emacs is now the default application for 'org-protocol'. Org mode provides a way to quickly capture bookmarks, notes, and links using 'emacsclient': emacsclient "org-protocol://store-link?url=URL&title=TITLE" * This is a bug-fix release with no new features. * Changes in Specialized Modes and Packages in Emacs 29.2 - Tramp New user option 'tramp-show-ad-hoc-proxies'. When non-nil, ad-hoc definitions are kept in remote file names instead of showing the shortcuts. * Incompatible Lisp Changes in Emacs 29.2 'with-sqlite-transaction' rolls back changes if its BODY fails. If the BODY of the macro signals an error, or committing the results of the transaction fails, the changes will now be rolled back. - Port patches mainly by correcting hunk offsets * emacs-24.1-ps-mule.patch * emacs-24.4-ps-bdf.patch * emacs-25.2-ImageMagick7.patch * emacs-27.1-Xauthority4server.patch * emacs-27.1-pdftex.patch * emacs-29.1.dif * pdump.patch ==== glibc ==== Version update (2.38 -> 2.39) Subpackages: glibc-32bit glibc-devel glibc-extra glibc-lang glibc-locale glibc-locale-base nscd - Update to glibc 2.39 * A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT rewrite on x86-64 * Sync with Linux kernel 6.6 shadow stack interface * struct statvfs now has an f_type member, equal to the f_type statfs member * On Linux, the functions posix_spawnattr_getcgroup_np and posix_spawnattr_setcgroup_np have been added, along with the POSIX_SPAWN_SETCGROUP flag * On Linux, the pidfd_spawn and pidfd_spawp functions have been added * On Linux, the pidfd_getpid function has been added * scanf-family functions now support the wN format length modifiers for arguments pointing to types intN_t, int_leastN_t, uintN_t or uint_leastN_t * A new tunable, glibc.mem.decorate_maps, can be used to add additional information on underlying memory allocated by the glibc * The <stdbit.h> header has been added from ISO C2X * On AArch64 new symbols were added to libmvec * The ldconfig program now skips file names containing ';' or ending in ".dpkg.tmp" or ".dpkg.new" * The dynamic linker calls the malloc and free functions in more cases during TLS access if a shared object with dynamic TLS is loaded and unloaded - aarch64-rawmemchr-unwind.patch, cache-amd-legacy.patch, cache-intel-shared.patch, call-init-proxy-objects.patch, fstat-implementation.patch, gb18030-2022.patch, getaddrinfo-eai-memory.patch, getaddrinfo-memory-leak.patch, getcanonname-use-after-free.patch, iconv-error-verbosity.patch, intl-c-utf-8-like-c-locale.patch, ldconfig-process-elf-file.patch, libio-io-vtables.patch, libio-wdo-write.patch, no-aaaa-read-overflow.patch, posix-memalign-fragmentation.patch, ppc64-flock-fob64.patch, qsort-invalid-cmp.patch, sem-open-o-creat.patch, setxid-propagate-glibc-tunables.patch, syslog-buffer-overflow.patch, tls-modid-reuse.patch, tunables-string-parsing.patch: Removed - syslog-buffer-overflow.patch: syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, bsc#1218863, bsc#1218867, bsc#1218868) - qsort-invalid-cmp.patch: qsort: handle degenerated compare function (bsc#1218866) - Change minimum GCC to 13 - Split off libnsl.so.1 into a separate package ==== gstreamer ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.22.9: + Highlighted bugfixes in 1.22.9 - More Security fixes for the AV1 video codec parser - va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2 - v4l2src: Consider framerate during caps selection - v4l2codec: decoder fixes - rtspsrc: multicast fixes - camerabin viewfinder fixes - various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer - aggregator: fix use-after-free in queries processing - multiqueue: Ignore queue fullness for most events - Rebase reduce-required-meson.patch ==== gstreamer-plugins-bad ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.22.9: + av1parser: Fix potential stack overflow during tile list parsing (CVE-2024-0444, bsc#1219453, ZDI-CAN-22300) + camerabin: Correctly relink viewfinderbin_queue + GstPlay: Fix error details parsing + h264decoder: Handle malformed avc/avc3 packets + h264decoder: h265decoder: Align with wraparound fix + vp8decoder: vp9decoder: av1decoder: mpeg2decoder: Fix multiplication wraparound + vah264enc/vah264dec issues after recent upgrade to 1.22.8 from 1.22.7 + va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2 + vp9parse: Fix critical warning during caps negotiation - Rebase reduce-required-meson.patch ==== gstreamer-plugins-base ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.22.9: + audiobasesink: Don't wait on gap events + audioconvert: change gst_audio_convert_get_unit_size() log levels + glcolorconvert: Correct transform_caps direction + gloverlay: Apply updated overlay coordinates correctly + videorate: keep pool if max_buffers is unlimited - Rebase reduce-required-meson.patch ==== gstreamer-plugins-good ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-lang gstreamer-plugins-good-qtqml - Update to version 1.22.9: + rtpsession: Only warn once if configured latency needs to be known but isn't yet + rtphdrext-clientaudiolevel: Fix level value being written by the extension + rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL + v4l2object: clear old fds when initializing poll during opening v4l2 device + v4l2src: Consider framerate during caps selection + vpxdec: Use appropriate domain and code for decoding errors - Rebase reduce-required-meson.patch ==== gstreamer-plugins-libav ==== Version update (1.22.8 -> 1.22.9) - Update to version 1.22.9: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-ugly ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-plugins-ugly-lang - Update to version 1.22.9: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== inxi ==== Version update (3.3.31 -> 3.3.32) - - Updated to version 3.3.32: + /usr/share/doc/packages/inxi/inxi.changelog. ==== libusb-1_0 ==== Version update (1.0.26 -> 1.0.27) - Update to version 1.0.27 * New libusb_init_context API to replace libusb_init * New libusb_get_max_alt_packet_size API * New libusb_get_platform_descriptor API (BOS) * Allow setting log callback with libusb_set_option/libusb_init_context * New WebAssembly + WebUSB backend using Emscripten * Fix regression in libusb_set_interface_alt_setting * Fix sync transfer completion race and use-after-free * Fix hotplug exit ordering * Linux: NO_DEVICE_DISCOVERY option set per context - added signature and keyring. (key received via keyserver) ==== libzio ==== Version update (1.08 -> 1.09) - Version 1.09: Allow to create files without suffix as well ==== netpbm ==== Version update (11.2.0 -> 11.5.2) Subpackages: libnetpbm11 - version update to 11.5.2 Release 11.05.02 + ppmtowinicon: fix array overrun with 4 and 8 bits per pixel. Release 11.05.01 Fix typo in ppmforge test case. Release 11.05.00 + pnmpad: Add -color, -promote, -extend-edge, -detect-background . + pnmconvol: Restore ability of convolution matrix to be a pseudo-plain-PNM with samples that exceed the maxval. Lost in 10.30 (October 2005) because maxval-checking code was added to libnetpbm. (Was fixed in 10.47.08 in November 2010, but only in the 10.47 series). + pnmindex: Improve failure mode when -size or -across is zero. + pnmindex: Make -plain work. + pnmpad: fix behavior with -left, -right, and -width together or - top, -bottom, -height together: ignores -width where it should fail. Broken in Netpbm 10.72 (September 2015). + pamtosvg: fix "zero determinant" failure. Introduced in Netpbm 11.04 (September 2023). + pjtoppm: fix crash based on uninitialized variable. Introduced in Netpbm 11.04 (September 2023). + ppmtopcxl: fix incorrect output with > 256 colors. Always broken. (Program was added in primordial Netpbm in 1990). + pbmtext: fix buffer overrun with insanely large input. + picttoppm: fix buffer overrun with insanely wide input. + ppmtoxpm: fix incorrect output with insanely large number of colors. + pnmscalefixed: fix incorrect output with really big image and - pixels option. + ppmdither: fix buffer overrun with insanely large dithering matrix. + pnmpad: no longer accept old-style options (e.g. -t50). + libnetpbm: Add pm_feed_from_file, pm_accept_to_files, pm_accept_to_filestream Standard Input feeder, Output accepter for pm_system. + libnetpbm, programs that use color maps: fix buffer overrun with insanely deep images. + merge build: Fix 'pnmcat'. Introduced in Netpbm 11.00 (September 2023). Release 11.04.00 + pamaddnoise: add -salt. + pamaddnoise: reject options that aren't meaningful for the type of noise specified rather than just ignore them. + ppmtosixel: Add -7bit, so it works on more terminals, including xterms. Thanks Scott Pakin. + g3topbm: Add -correctlong + pnmtojpeg: minor improvement to error messages about bad files. + pammixmulti: Remove disclaimer of patent license. + pamstack: Fix bug: acts like -firstmaxval specified when it wasn't. Introduced in Netpbm 11.03 (June 2023). + pamstack: Fix -lcmmaxval: chooses wrong maxval. Always broken (-lcmmaxval was new in Netpbm 11.03 (June 2023)). + pamstack: Fail gracefully when total number of planes is too large for unsigned integer. Always broken (Pamstack was new in Netpbm 10.0 (June 2002). + pamtosvg: fix hang. + ppmfade: fix "file not found" crash for most fade modes. Introduced in Netpbm 10.98 (March 2022). + ppmfade: fix incorrect block mode fade. Always broken (ppmfade was new in Netpbm 8.4 (April 2000)). + pamaddnoise: fix very incorrect noise added for all types. Introduced in Netpbm 10.94 (March 2021). + ppmrough: fix buffer overrun. Always broken (Ppmrough was new in Netpbm 10.9 (September 2002). ppmrough: fix excessive roughness. Introduced in Netpbm 10.94 (March 2021). + pgmtexture: Fix buffer overflow with maxval > 255. Always broken. Maxvals > 255 were possible starting in Netpbm 9.0 (April 2000). + pgmtexture: Fix bug: ignores -d. Introduced in Netpbm 10.56 (September 2011). + xwdtopnm Fix spurious output with really wide/deep rows. + imgtoppm: Fix spurious output with really wide/deep rows. + pbmtopgm: Fix error message for excessive -width. + pbmtoxbm: Fix spurious output with really wide rows. + tifftopnm: Fix incorrect output with insanely wide/deep rows. + thinkjettopbm: Fix incorrect output with insanely wide rows. + ybmtopbm: Fix incorrect output with insanely wide rows. + pjtoppm: Fix incorrect output with insanely large number of rows. + library: add check of maxval for computable size. + Build: Include LDFLAGS in link of shared library. * Release 11.03.00 + pamstack: Add -firstmaxval, -lcmmaxval + pnmcolormap: make result independent of how system's qsort orders records with equal keys. Affects pnmquant. + pamtopng: fix typo in error message about -chroma option. + pamtopng, pnmtopng, pngtopam: fix error message when something fails in libpng. Always broken (the programs were new in Netpbm 8.1 (March 2000)). - modified patches % netpbm-gcc-warnings.patch (refreshed) % netpbm-security-code.patch (refreshed) ==== perl-gettext ==== - Run testsuite with locale LANG=en_US.UTF. It fails otherwise with glibc 2.39 ==== python-jmespath ==== - switch to PEP517 / wheel build ==== python-pip ==== - Drop deprecated setup.py installmethod, bootstrap PEP517 with built-in pip instead - python3XX-pip-wheel can now be a regular subpackage - Drop obsolete python2 directives in specfile ==== python-pytz ==== Version update (2023.3.post1 -> 2023.4) - update to 2023.4: * Update olson to 2023d ==== python-rpm ==== - buildrequire setuptools ==== python-setuptools ==== Version update (69.0.2 -> 69.0.3) - update to 69.0.3: * Bugfixes - Retain valid names with underscores in egg_info. ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Prevent directory traversal when creating syndic cache directory on the master (CVE-2024-22231, bsc#1219430) - Prevent directory traversal attacks in the master's serve_file method (CVE-2024-22232, bsc#1219431) - Added: * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch ==== strace ==== - Enable SELinux Context Printing (--secontext). ==== systemd-presets-common-SUSE ==== - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. ==== virt-v2v ==== Subpackages: virt-v2v-bash-completion - Relax the openssh requirement. Options passed to scp are known by openssh 8.4 - Move autoreconf from prep to build, to simplify quilt setup. ==== xen ==== Version update (4.18.0_04 -> 4.18.0_06) Subpackages: xen-libs xen-tools xen-tools-domU - Upstream bug fixes (bsc#1027519) 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) 65b8f9ab-VT-d-else-vs-endif-misplacement.patch - Patches dropped / replaced by newer upstream versions xsa449.patch xsa450.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) xsa450.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) xsa449.patch