Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20241011 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (131.0 -> 131.0.2) gnome-software (47.0+23 -> 47.1) libzypp (17.35.11 -> 17.35.12) numactl (2.0.18.0.g3871b1c -> 2.0.18.10.g6c14bd5) python-gevent (24.2.1 -> 24.10.1) rdma-core (53.0 -> 54.0) salt tdb (1.4.10 -> 1.4.12) === Details === ==== MozillaFirefox ==== Version update (131.0 -> 131.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 131.0.2 MFSA 2024-51 (bsc#1231413) * CVE-2024-9680 (bmo#1923344) Use-after-free in Animation timeline ==== gnome-software ==== Version update (47.0+23 -> 47.1) Subpackages: gnome-software-lang gnome-software-plugin-packagekit - Update to version 47.1: + Fix crash in snap plugin when launching apps + Fix display of versions for packages being installed as part of an update + Various minor improvements to the review submission dialog + Fix a crash in the DKMS plugin + Updated translations. ==== libzypp ==== Version update (17.35.11 -> 17.35.12) - PluginFrame: Send unescaped colons in header values (bsc#1231043) According to the STOMP protocol it would be correct to escape a colon in a header-value, but it breaks plugin receivers which do not expect this. The first colon separates header-name from header-value, so escaping in the header-value is not needed anyway. Escaping in the header-value affects especially the urlresolver plugins. The input URL is passed in a header, but sent back as raw data in the frames body. If the plugin receiver does not correctly unescape the URL we may get back a "https\c//" which is not usable. - Do not ignore return value of std::remove_if in MediaSyncFacade (fixes #579) - Fix hang in curl code with no network connection (bsc#1230912) - version 17.35.12 (35) ==== numactl ==== Version update (2.0.18.0.g3871b1c -> 2.0.18.10.g6c14bd5) Subpackages: libnuma1 - Update to version 2.0.18.10.g6c14bd5: * Save and restore errno when probing for SET_PREFERRED_MANY * libnuma: fix nodemask allocation size for get_mempolicy * Update numactl.c * numastat: eliminate hard-coded tables * Don't fail build when set_mempolicy_home_node syscall is unknown * numactl: Add documentation for weighted interleave * numactl: Fix RESOURCE_LEAK in show() * numademo: Fix the using of the uninitialized value * Add `-w` and `--weighted-interleave` for weighted interleave mode * Fix fallback for set_mempolicy_home_node syscall - Update to version 2.0.18.5.g4bfdcc6: * numactl: Add documentation for weighted interleave * numactl: Fix RESOURCE_LEAK in show() * numademo: Fix the using of the uninitialized value * Add `-w` and `--weighted-interleave` for weighted interleave mode * Fix fallback for set_mempolicy_home_node syscall ==== python-gevent ==== Version update (24.2.1 -> 24.10.1) - Update to 24.10.1 * Update the bundled c-ares to 1.33.1. * Add support for Python 3.13. - The functions and classes in ``gevent.subprocess`` no longer accept ``stdout=STDOUT`` and raise a ``ValueError``. Several additions and changes to the ``queue`` module, including: - ``Queue.shutdown`` is available on all versions of Python. - ``LifoQueue`` is now a joinable queue. * gevent.monkey changed from a module to a package. The public API remains the same. For this release, private APIs (undocumented, marked internal, or beginning with an underscore) are also preserved. However, these may be changed or removed at any time in the future. If you are using one of these APIs and cannot replace it, please contact the gevent team. * For platforms that don't have ``socketpair``, upgrade our fallback code to avoid a security issue. See :issue:`2048`. * Remove support for Python 3.8, which has reached the end of its support lifecycle. See :issue:`remove_py38`. - Drop gh-113964-fix-tests-3.12.3.patch, fixed upstream - Renumber patches ==== rdma-core ==== Version update (53.0 -> 54.0) Subpackages: libefa1 libhns1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - Update to rdma-core v54.0 - No release notes available ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Make Salt Bundle more tolerant to long running jobs (bsc#1228690) - Added: * enhance-cleanup-mechanism-after-salt-bundle-upgrade-.patch - Fix additional x509 tests and test_suse tests for SLE12 - Added: * fix-x509-private-key-tests-and-test_suse-on-sle12-68.patch - Fix failing x509 tests with OpenSSL < 1.1 - Added: * fix-x509-test-fails-on-old-openssl-systems-682.patch ==== tdb ==== Version update (1.4.10 -> 1.4.12) Subpackages: libtdb1 libtdb1-32bit python3-tdb - Update to 1.4.12 * Regression fix for ABI problem TDB_1_4_11 vs. TDB_1.4.11 - Update to 1.4.11 * Add tdbdump -x option to output all data as hex values * Add missing overflow check for num_values in pytdb.c * Remove Py2 related tests * Update times in tdb_transaction_commit per fd, not per name * Fix compilation with TDB_TRACE=1 * Allow tracing of internal tdb