Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20240403 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: bash bubblewrap (0.8.0 -> 0.9.0) c-ares (1.27.0 -> 1.28.1) emacs freerdp2 (2.11.2 -> 2.11.5) harfbuzz (8.3.0 -> 8.4.0) kate kernel-source (6.8.1 -> 6.8.2) libproxy-backend (0.5.3 -> 0.5.4) libproxy-client (0.5.3 -> 0.5.4) libssh2_org libuv (1.47.0 -> 1.48.0) libvirt (10.1.0 -> 10.2.0) libx86emu libzypp (17.32.0 -> 17.32.2) openSUSE-release (20240402 -> 20240403) pango plasma6-desktop python-cryptography (42.0.4 -> 42.0.5) python-httpcore (1.0.4 -> 1.0.5) python-libvirt-python (10.1.0 -> 10.2.0) python-numpy python-pyzmq === Details === ==== bash ==== Subpackages: bash-lang bash-sh - Help dependcy resolver to identify package split done with bash-sh ==== bubblewrap ==== Version update (0.8.0 -> 0.9.0) Subpackages: bubblewrap-zsh-completion - update to v0.9.0: * Build system changed to Meson from Autotools * Add --argv0 https://github.com/containers/bubblewrap/issues/91 * --symlink is now idempotent, meaning it succeeds if the symlink already exists and already has the desired target * Clarify security considerations in documentation * Clarify documentation for --cap-add * Report a better error message if mount(2) fails with ENOSPC * Fix a double-close on error reading from --args, --seccomp or - -add-seccomp-fd argument * Improve memory allocation behaviour ==== c-ares ==== Version update (1.27.0 -> 1.28.1) - c-ares 1.28.1 Features: * Emit warnings when deprecated c-ares functions are used. This can be disabled by passing a compiler definition of `CARES_NO_DEPRECATED`. [PR #732] * Add function `ares_search_dnsrec()` to search for records using the new DNS record data structures. [PR #719] * Rework internals to pass around `ares_dns_record_t` instead of binary data, this introduces new public functions of `ares_query_dnsrec()` and `ares_send_dnsrec()`. [PR #730] Changes: * tests: when performing simulated queries, reduce timeouts to make tests run faster * Replace configuration file parsers with memory-safe parser. [PR #725] * Remove `acountry` completely, the manpage might still get installed otherwise. [Issue #718] Bugfixes: * CMake: don't overwrite global required libraries/definitions/includes which could cause build errors for projects chain building c-ares. [Issue #729] * On some platforms, `netinet6/in6.h` is not included by `netinet/in.h` and needs to be included separately. [PR #728] * Fix a potential memory leak in `ares_init()`. [Issue #724] * Some platforms don't have the `isascii()` function. Implement as a macro. [PR #721] * CMake: Fix Chain building if CMAKE runtime paths not set * NDots configuration should allow a value of zero. [PR #735] ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Fix the temporary parking path by using %{version} (hint from Andre Barros) ==== freerdp2 ==== Version update (2.11.2 -> 2.11.5) Subpackages: libfreerdp2-2 libwinpr2-2 - Update Source0 URL to make it valid with the actual Source0. - Fix file conflict of wlog.7 with freerdp3 - Update to version 2.11.5: * Fix integer overflow in progressive decoder * Update OpenSSL API usage for compatiblility with newer versions (#9747) * Prevent NULL dereference for single thread decoder (#9712) - Modify package names to freerdp2: * This allows to have a freerdp version 2 and freerdp version 3 simultaneously installed - Add freerdp-CVE-2023-40574-to-2023-40576.patch * Fix CVE-2023-40574 - bsc#1214869 Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX * Fix CVE-2023-40575 - bsc#1214870 Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX * Fix CVE-2023-40576 - bsc#1214871 Out-Of-Bounds Read in RleDecompress ==== harfbuzz ==== Version update (8.3.0 -> 8.4.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - update to version 8.4.0: + When subsetting, place variation store at the end of âGDEFâ table to fix shaping issues with some versions of Adobe InDesign. + Various build fixes - update to version 8.3.1: + Fix hb_style_get_value() in fonts with âSTATâ table + Properly handle negative offsets in CFF table + Update IANA Language Subtag Registry to 2024-03-07 + Subsetter now supports subsetting âBASEâ table + Subsetter will update âhheaâ font metrics in sync with âOS/2â ones. + â--variationsâ option of âhb-subsetâ now supports leaving out values that should be unchanged, e.g. âwght=:500:â will change the default and keep max and min unchanged. It also supports â*=dropâ to to pin all axes to default location. + Fix hb_ot_math_get_glyph_kerning() to match updated âMATHâ table spec. + Support legacy MacRoman encoding in âcmapâ table. + Various build fixes. + Various subsetting and instancing fixes. ==== kate ==== Subpackages: kate-lang kate-plugins - Add a couple recommended plugins to preview files in kate ==== kernel-source ==== Version update (6.8.1 -> 6.8.2) - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync (bluetooth-fix). - commit 2eb0f0f - Revert "io_uring: remove unconditional looping in local task_work handling" (liburing_failure). - commit 5b857cb - powerpc/crypto/chacha-p10: Fix failure on non Power10 (boo#1218114). - commit 9b2d264 - Linux 6.8.2 (bsc#1012628). - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (bsc#1012628). - workqueue.c: Increase workqueue name length (bsc#1012628). - workqueue: Move pwq->max_active to wq->max_active (bsc#1012628). - workqueue: Factor out pwq_is_empty() (bsc#1012628). - workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work() (bsc#1012628). - workqueue: Move nr_active handling into helpers (bsc#1012628). - workqueue: Make wq_adjust_max_active() round-robin pwqs while activating (bsc#1012628). - workqueue: RCU protect wq->dfl_pwq and implement accessors for it (bsc#1012628). - workqueue: Introduce struct wq_node_nr_active (bsc#1012628). - workqueue: Implement system-wide nr_active enforcement for unbound workqueues (bsc#1012628). - workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() (bsc#1012628). - iomap: clear the per-folio dirty bits on all writeback failures (bsc#1012628). - fs: Fix rw_hint validation (bsc#1012628). - io_uring: remove looping around handling traditional task_work (bsc#1012628). - io_uring: remove unconditional looping in local task_work handling (bsc#1012628). - s390/dasd: Use dev_*() for device log messages (bsc#1012628). - s390/dasd: fix double module refcount decrement (bsc#1012628). - fs/hfsplus: use better @opf description (bsc#1012628). - md: fix kmemleak of rdev->serial (bsc#1012628). - rcu/exp: Fix RCU expedited parallel grace period kworker allocation failure recovery (bsc#1012628). - rcu/exp: Handle RCU expedited grace period kworker allocation failure (bsc#1012628). - nbd: null check for nla_nest_start (bsc#1012628). - fs/select: rework stack allocation hack for clang (bsc#1012628). - block: fix deadlock between bd_link_disk_holder and partition scan (bsc#1012628). - md: Don't clear MD_CLOSING when the raid is about to stop (bsc#1012628). - kunit: Setup DMA masks on the kunit device (bsc#1012628). - ovl: Always reject mounting over case-insensitive directories (bsc#1012628). - kunit: test: Log the correct filter string in executor_test (bsc#1012628). - lib/cmdline: Fix an invalid format specifier in an assertion msg (bsc#1012628). - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (bsc#1012628). - time: test: Fix incorrect format specifier (bsc#1012628). - rtc: test: Fix invalid format specifier (bsc#1012628). - net: test: Fix printf format specifier in skb_segment kunit test (bsc#1012628). - drm/xe/tests: Fix printf format specifiers in xe_migrate test (bsc#1012628). - drm: tests: Fix invalid printf format specifiers in KUnit tests (bsc#1012628). - md/raid1: factor out helpers to add rdev to conf (bsc#1012628). - md/raid1: record nonrot rdevs while adding/removing rdevs to conf (bsc#1012628). - md/raid1: fix choose next idle in read_balance() (bsc#1012628). - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr (bsc#1012628). - io_uring/net: move receive multishot out of the generic msghdr path (bsc#1012628). - io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1012628). - nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() (bsc#1012628). - x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (bsc#1012628). - x86/resctrl: Remove hard-coded memory bandwidth limit (bsc#1012628). - x86/resctrl: Read supported bandwidth sources from CPUID (bsc#1012628). - x86/resctrl: Implement new mba_MBps throttling heuristic (bsc#1012628). - x86/sme: Fix memory encryption setting if enabled by default and not overridden (bsc#1012628). - timekeeping: Fix cross-timestamp interpolation on counter wrap (bsc#1012628). - timekeeping: Fix cross-timestamp interpolation corner case decision (bsc#1012628). - timekeeping: Fix cross-timestamp interpolation for non-x86 (bsc#1012628). - x86/asm: Remove the __iomem annotation of movdir64b()'s dst argument (bsc#1012628). - sched/fair: Take the scheduling domain into account in select_idle_smt() (bsc#1012628). - sched/fair: Take the scheduling domain into account in select_idle_core() (bsc#1012628). ... changelog too long, skipping 1132 lines ... - commit 6a29422 ==== libproxy-backend ==== Version update (0.5.3 -> 0.5.4) - Update to version 0.5.4: + Add golang link to application page. + Improve libproxy test coverage. + Improve coverage. + Specify library version more completely. + Use the correct separator character for Windows ProxyOverride. + Improve handling of Windows proxy settings. + Add curl option to the generated config for backend instead. + Set initial state to online. + Windows: Detect scheme presence in proxy URLs more robustly. + Fix broken WPAD proxy resolution. ==== libproxy-client ==== Version update (0.5.3 -> 0.5.4) - Update to version 0.5.4: + Add golang link to application page. + Improve libproxy test coverage. + Improve coverage. + Specify library version more completely. + Use the correct separator character for Windows ProxyOverride. + Improve handling of Windows proxy settings. + Add curl option to the generated config for backend instead. + Set initial state to online. + Windows: Detect scheme presence in proxy URLs more robustly. + Fix broken WPAD proxy resolution. ==== libssh2_org ==== - Fix an issue with Encrypt-then-MAC family. [bsc#1221622] * Test the ETM feature in the remote end's configuration when receiving data. Upstream issue: #1331. * Add libssh2_org-ETM-remote.patch - Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically. * Add libssh2_org-CVE-2023-48795-ext.patch ==== libuv ==== Version update (1.47.0 -> 1.48.0) - Update to version 1..48.0 * CVE-2024-24806: Improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724) * misc: remove deprecated stalebot file * misc: ignore libuv-release-tool files * build,win: remove extraneous -lshell32 * build,win: work around missing uuid.dll on MinGW * build: disable windows asan buildbot * build: add .cache clangd folder to .gitignore * build: re-enable msvc-asan job on CI * linux: disable io_uring on hppa below kernel 6.1.51 * linux: remove HAVE_IFADDRS_H macro * linux: fix bind/connect for abstract sockets * linux: retry fs op if unsupported by io_uring * linux: disable io_uring on ppc64 and ppc64le * unix,win: utility for setting priority for thread * unix,win: fix read past end of pipe name buffer * unix,win: fix busy loop with zero timeout timers * unix,win: reset the timer queue on stop * unix: ignore ifaddrs with NULL ifa_addr * unix: unbreak macOS < 10.14 * unix: correct pwritev conditional * unix: support full TCP keep-alive on Solaris * unix: optimize uv__tcp_keepalive cpp directives * freebsd: fix F_KINFO file path handling * freebsd: fix build on non-intel archs * aix: disable ipv6 link local * aix,ibmi: use uv_interface_addresses instead of getifaddrs * win: remove check for UV_PIPE_NO_TRUNCATE * win: honor NoDefaultCurrentDirectoryInExePath env var * win: stop using deprecated names * win: replace c99 comments with c89 comments * win: fix ESRCH implementation * win/spawn: optionally run executable paths with no file extension * test: don't run tcp_writealot under msan * test: check if ipv6 link-local traffic is routable * test: skip tcp-write-in-a-row on IBM i * test: empty strings are not valid IDNA * test_fs.c: Fix issue on 32-bit systems using btrfs * idna: fix compilation warning * pipe: add back error handling to connect / bind * fix: always zero-terminate idna output * fix: reject zero-length idna inputs * doc: move cjihrig to emeriti * doc: add very basic Security Policy document * Merge pull request from GHSA-f74f-cvh7-c6q6 - Remove ppc64-disable-liburing.patch because it was applied in the current source code ==== libvirt ==== Version update (10.1.0 -> 10.2.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Update to libvirt 10.2.0 - CVE-2024-2494 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v10-2-0-2024-04-02 ==== libx86emu ==== - fix build on non-suse distributions ==== libzypp ==== Version update (17.32.0 -> 17.32.2) - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) Fixed the name of the keyword to "support_superseded" as it was agreed on in jsc#OBS-301. - version 17.32.2 (32) - Add resolver option 'removeUnneeded' to file weak remove jobs for unneeded packages (bsc#1175678) - version 17.32.1 (32) ==== openSUSE-release ==== Version update (20240402 -> 20240403) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== pango ==== Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - added GraphicsMagick package as Recommends. The invocation of pango-view with the ft2 backend requires the gm command found in that package ==== plasma6-desktop ==== Subpackages: plasma6-desktop-emojier plasma6-desktop-lang plasma6-kimpanel-ibus - Add "-DBUILD_KCM_MOUSE_X11=OFF" for s390x - Move touchpad and mouse configuration to all (also for s390x) ==== python-cryptography ==== Version update (42.0.4 -> 42.0.5) - update to 42.0.5: * Limit the number of name constraint checks that will be performed in :mod:`X.509 path validation <cryptography.x509.verification>` to protect against denial of service attacks. * Upgrade pyo3 version, which fixes building on PowerPC. ==== python-httpcore ==== Version update (1.0.4 -> 1.0.5) - update to 1.0.5: * Handle `EndOfStream` exception for anyio backend. * Allow trio `0.25.*` series in package dependancies. ==== python-libvirt-python ==== Version update (10.1.0 -> 10.2.0) - Update to 10.2.0 - Add all new APIs and constants in libvirt 10.2.0 ==== python-numpy ==== - Add patch to fix detection of some features: * 0001-feature-module-Fix-handling-of-multiple-conflicts-pe.patch - Add patch to fix test failure on some platforms (boo#1221902): * 0001-BUG-Fix-test_impossible_feature_enable-failing-witho.patch ==== python-pyzmq ==== - Add %{?sle15_python_module_pythons}