Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20230714 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ibus-table (1.17.0 -> 1.17.1) libnftnl (1.2.5 -> 1.2.6) libshumate (1.0.3 -> 1.0.4) python311-pyparsing (3.0.9 -> 3.1.0) redis (7.0.11 -> 7.0.12) snapper unixODBC === Details === ==== ibus-table ==== Version update (1.17.0 -> 1.17.1) - Update version to 1.17.1 * Fix mypy warnings * Return empty program_name and window_title in get_active_window_xprop() when xprop results are unexpected (Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2215466) * Translation update from Weblate ==== libnftnl ==== Version update (1.2.5 -> 1.2.6) - Update to release 1.2.6 * expr: meta: introduce broute meta expression ==== libshumate ==== Version update (1.0.3 -> 1.0.4) Subpackages: libshumate-1_0-1 libshumate-lang typelib-1_0-Shumate-1_0 - Update to version 1.0.4: + Throttle tile download during animations. ==== python311-pyparsing ==== Version update (3.0.9 -> 3.1.0) - Add upstream patch limit-error-messages.patch as a part of a workaround for boo#1213007 - update to 3.1.0 * API ENHANCEMENT: `Optional(expr)` may now be written as `expr | ""` * Added new class property `identifier` to all Unicode set classes in `pyparsing.unicode`, using the class's values for `cls.identchars` and `cls.identbodychars`. * ParseResults` now has a new method `deepcopy()`, in addition to the current `copy()` method. * Reworked `delimited_list` function into the new `DelimitedList` class. * Added new class method `ParserElement.using_each` * Added new builtin `python_quoted_string`, which will match any form of single-line or multiline quoted strings defined in Python. * `ParserElement.validate()` is deprecated. * Added bool `embed` argument to `ParserElement.create_diagram()`. * Added support for Python 3.12. * Updated `create_diagram()` code to be compatible with railroad-diagrams package version 3.0. * Many other changes, see upstream CHANGES ==== redis ==== Version update (7.0.11 -> 7.0.12) - redis 7.0.12: * (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. (bsc#1213193) * (CVE-2023-36824) Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249) * Re-enable downscale rehashing while there is a fork child * Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count> * Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER, SPOP, and eviction * Fix WAIT to be effective after a blocked module command being unblocked * Avoid unnecessary full sync after master restart in a rare case ==== snapper ==== Subpackages: libsnapper7 snapper-zypp-plugin - document disadvantage of using network users and order services after nss-user-lookup (gh#openSUSE/snapper#823) ==== unixODBC ==== - Add missing requires for glibc-locale-base, required for utf16 codec (bsc#1213242)