Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20230913 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (117.0 -> 117.0.1) curl (8.2.1 -> 8.3.0) gptfdisk javapackages-tools libwebp man mcelog (194 -> 195) multipath-tools ocfs2-tools (1.8.7 -> 1.8.8) openldap2 openldap2-contrib-src perl-Mail-DKIM (1.20230630 -> 1.20230911) polkit-default-privs (1550+20230829.1a9a761 -> 1550+20230912.0978001) qemu (8.0.4 -> 8.1.0) rubygem-yast-rake (0.2.48 -> 0.2.50) sudo (1.9.14p1 -> 1.9.14p3) === Details === ==== MozillaFirefox ==== Version update (117.0 -> 117.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 117.0.1 * Fix a bug causing extensions using an event page for long- running tasks to be terminated while running, causing unexpected behavior changes (bmo#1851373) * Temporarily revert an intentional behavior change preventing Javascript from changing URL.protocol (bmo#1850954). * Fix audio worklets not working for sites using WebAssembly exception handling (bmo#1851468) * Fix the Reopen all tabs option in the Recently closed tabs menu sometimes failing to open all tabs (bmo#1850856) * Fix the bookmarks menu sometimes remaining partially visible when minimizing Firefox (bmo#1843700) * Fix an issue causing incorrect time zones to be detected on some sites (bmo#1848615) * MFSA 2023-40 CVE-2023-4863 (boo#1215231) Heap buffer overflow in WebP ==== curl ==== Version update (8.2.1 -> 8.3.0) Subpackages: libcurl4 - Update to 8.3.0: [bsc#1215026, CVE-2023-38039] * Changes: - curl: make %output{} in -w specify a file to write to - gskit: remove - lib: --disable-bindlocal builds curl without local binding support - nss: remove support for this TLS library - tool: add "variable" support - trace: make tracing available in non-debug builds - url: change default value for CURLOPT_MAXREDIRS to 30 - urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name * Bugfixes: - altsvc: accept and parse IPv6 addresses in response headers - asyn-ares: reduce timeout to 2000ms - aws-sigv4: canonicalize the query - aws-sigv4: fix having date header twice in some cases - aws-sigv4: handle no-value user header entries - c-hyper: adjust the hyper to curlcode conversion - c-hyper: fix memory leaks in `Curl_http` - cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP - cf-socket: log successful interface bind - cmake: add GnuTLS option - cmake: add support for `CURL_DEFAULT_SSL_BACKEND` - cmake: detect `SSL_set0_wbio` in OpenSSL - configure: trust pkg-config when it's used for zlib - configure: use the pkg-config --libs-only-l flag for libssh2 - connect: stop halving the remaining timeout when less than 600 ms left - crypto: ensure crypto initialization works - digest: Use hostname to generate spn instead of realm - ftp: fix temp write of ipv6 address - headers: accept leading whitespaces on first response header - http2: fix in h2 proxy tunnel: progress in ingress on sending - http3/ngtcp2: shorten handshake, trace cleanup - http3: quiche, handshake optimization, trace cleanup - http: close the connection after a late 417 is received - http: fix sending of large requests - http: return error when receiving too large header set - lib: fix null ptr derefs and uninitialized vars (h2/h3) - lib: move mimepost data from ->req.p.http to ->state - list-only.d: mention SFTP as supported protocol - ngtcp2: fix handling of large requests - openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` - openssl: clear error queue after SSL_shutdown - openssl: make aws-lc version support OCSP - openssl: Support async cert verify callback - openssl: switch to modern init for LibreSSL 2.7.0+ - openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before - quic: don't set SNI if hostname is an IP address - quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s - quiche: enable quiche to handle timeout events - resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set - schannel: verify hostname independent of verify cert - tool_filetime: make -z work with file dates before 1970 - tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR - tool_operate: make aws-sigv4 not require TLS to be used - transfer: also stop the sending on closed connection - urlapi: fix heap buffer overflow - urlapi: setting a blank URL ("") is not an ok URL ==== gptfdisk ==== - Add patch to fix UUID generation with util-linux >= 2.38: * gptfdisk-1.0.9-libuuid.patch ==== javapackages-tools ==== Subpackages: javapackages-filesystem - Added patch: * 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch + make the aliases and dependencies lists so that the order is kept - Added patch: * 0003-Reproducible-exclusions-order-in-maven-metadata.patch + sort exclusions in maven metadata ==== libwebp ==== Subpackages: libsharpyuv0 libwebp7 libwebpdecoder3 libwebpdemux2 libwebpmux3 - Add 0001-Fix-OOB-write-in-BuildHuffmanTable.patch [boo#1215231] [CVE-2023-4863] ==== man ==== - Add man-db-groff-1.23.0-warnings.patch * Fix build errors with groff 1.23.0 ==== mcelog ==== Version update (194 -> 195) - This contains following features: PED-6122 [GNR] RAS: mcelog Add support for Granite Rapids (ALP) PED-6102 [GNR] RAS: mcelog Add support for Granite Rapids (SLE 15 SP6) PED-6021 [SRF] RAS: mcelog support for Sierra Forest (SLE 15 SP6) PED-6050 [SRF] RAS: mcelog support for Sierra Forest (ALP) - Change git repo in _service file from git to https url - Update to version 195: * mcelog: Wire up model-specific decoding for Sierra Forest * mcelog: Add model-specific decoding for Granite Rapids * client.c: fix build w/ musl libc * mcelog: New model number for Arrowlake * mcelog: Don't overwrite model number when lookup fails * mcelog: Add Graniterapids, Grandridge and Sierraforest * mcelog: New model number for Lunarlake * mcelog: Add Emerald Rapids * Update PFA_test_howto - Adopt to mainline: M email.patch ==== multipath-tools ==== Subpackages: kpartx libmpath0 - Configuration directory should be /etc/multipath/conf.d (broken since 0.9.4+68+suse.98559ea) ==== ocfs2-tools ==== Version update (1.8.7 -> 1.8.8) - Update from 1.8.7 to 1.8.8 (PED-6362) * Upstream only marked a new tag, there is no new feature in this upgrade. * remove patch - ocfs2-tools-kernel33.patch - fixed-mounted.ocfs2-output-when-some-devices-are-Not.patch - update-mounted.ocfs2-mounted.c.patch - libocfs2-roll-back-when-dir_index-creation-fails.patch - fsck.ocfs2-do-not-try-locking-after-replaying-journa.patch - bug-1203166-dump_fs_locks-support-v4.patch ==== openldap2 ==== Subpackages: libldap-data libldap2 libldap2-32bit openldap2-client - Disable SLP by default for Factory and ALP (bsc#1214884) ==== openldap2-contrib-src ==== - Disable SLP by default for Factory and ALP (bsc#1214884) ==== perl-Mail-DKIM ==== Version update (1.20230630 -> 1.20230911) - updated to 1.20230911 see /usr/share/doc/packages/perl-Mail-DKIM/Changes 1.20230911 2023-09-11 UTC * Option to add custom tags to generated ARC signatures and seals ==== polkit-default-privs ==== Version update (1550+20230829.1a9a761 -> 1550+20230912.0978001) - Update to version 1550+20230912.0978001: * udisks2: add additional mount and NVME actions (bsc#1214897) ==== qemu ==== Version update (8.0.4 -> 8.1.0) Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 - Fix bsc#1211000: * [openSUSE] block: Add a thread-pool version of fstat (bsc#1211000) * [openSUSE] block: Convert qmp_query_block() to coroutine_fn (bsc#1211000) * [openSUSE] block: Don't query all block devices at hmp_nbd_server_start (bsc#1211000) * [openSUSE] block: Convert qmp_query_named_block_nodes to coroutine (bsc#1211000) * [openSUSE] block: Convert bdrv_block_device_info into co_wrapper (bsc#1211000) * [openSUSE] block: Convert bdrv_query_block_graph_info to coroutine (bsc#1211000) * [openSUSE] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed (bsc#1211000) * [openSUSE] block: Allow the wrapper script to see functions declared in qapi.h (bsc#1211000) * [openSUSE] block: Remove unnecessary variable in bdrv_block_device_info (bsc#1211000) * [openSUSE] block: Remove bdrv_query_block_node_info (bsc#1211000) - Fix bsc#1213210: * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210) - Update to version 8.1.0. Full list of changes are available at: https://wiki.qemu.org/ChangeLog/8.1 Highlights: * VFIO: improved live migration support, no longer an experimental feature * GTK GUI now supports multi-touch events * ARM, PowerPC, and RISC-V can now use AES acceleration on host processor * PCIe: new QMP commands to inject CXL General Media events, DRAM events and Memory Module events * ARM: KVM VMs on a host which supports MTE (the Memory Tagging Extension) can now use MTE in the guest * ARM: emulation support for bpim2u (Banana Pi BPI-M2 Ultra) board and neoverse-v1 (Cortex Neoverse-V1) CPU * ARM: new architectural feature support for: FEAT_PAN3 (SCTLR_ELx.EPAN), FEAT_LSE2 (Large System Extensions v2), and experimental support for FEAT_RME (Realm Management Extensions) * Hexagon: new instruction support for v68/v73 scalar, and v68/v69 HVX * Hexagon: gdbstub support for HVX * MIPS: emulation support for Ingenic XBurstR1/XBurstR2 CPUs, and MXU instructions * PowerPC: TCG SMT support, allowing pseries and powernv to run with up to 8 threads per core * PowerPC: emulation support for Power9 DD2.2 CPU model, and perf sampling support for POWER CPUs * RISC-V: ISA extension support for BF16/Zfa, and disassembly support for Zcm*/Z*inx/XVentanaCondOps/Xthead * RISC-V: CPU emulation support for Veyron V1 * RISC-V: numerous KVM/emulation fixes and enhancements * s390: instruction emulation fixes for LDER, LCBB, LOCFHR, MXDB, MXDBR, EPSW, MDEB, MDEBR, MVCRL, LRA, CKSM, CLM, ICM, MC, STIDP, EXECUTE, and CLGEBR(A) * SPARC: updated target/sparc to use tcg_gen_lookup_and_goto_ptr() for improved performance * Tricore: emulation support for TC37x CPU that supports ISA v1.6.2 instructions * Tricore: instruction emulation of POPCNT.W, LHA, CRC32L.W, CRC32.B, SHUFFLE, SYSCALL, and DISABLE * x86: CPU model support for GraniteRapids * and lots more... - This also (automatically) fixes: * bsc#1212850 (CVE-2023-3354) * bsc#1213001 (CVE-2023-3255) * bsc#1213925 (CVE-2023-3180) * bsc#1213414 (CVE-2023-3301) * bsc#1207205 (CVE-2023-0330) * bsc#1212968 (CVE-2023-2861) * bsc#1179993, bsc#1181740 ==== rubygem-yast-rake ==== Version update (0.2.48 -> 0.2.50) - Adapt "sle15sp6" to GA as it is still in development and it is now based on previous SP and not on git master (bsc#1213989) - 0.2.50 - Move the "sle_latest" build target to SLE15-SP6 (bsc#1213989) - Added "sle15sp6" and future "sle15sp7" build targets - 0.2.49 ==== sudo ==== Version update (1.9.14p1 -> 1.9.14p3) Subpackages: sudo-plugin-python - Update to 1.9.14p3: * Fixed a crash with Python 3.12 when the sudo Python python is unloaded. This only affects make check for the Python plugin. * Adapted the sudo Python plugin test output to match Python 3.12. - Update to 1.9.14p2: * Fixed a crash on Linux systems introduced in version 1.9.14 when running a command with a NULL argv[0] if log_subcmds or intercept is enabled in sudoers. * Fixed a problem with "stair-stepped" output when piping or redirecting the output of a sudo command that takes user input when running a command in a pseudo-terminal. * Fixed a bug introduced in sudo 1.9.14 that affects matching sudoers rules containing a Runas_Spec with an empty Runas user. These rules should only match when sudoâs -g option is used but were matching even without the -g option. #290.