Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20241021 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (131.0.2 -> 131.0.3) dav1d (1.4.3 -> 1.5.0) evolution (3.54.0 -> 3.54.1) evolution-data-server (3.54.0 -> 3.54.1) evolution-ews (3.54.0 -> 3.54.1) gimp gtk2 gtk3 gvfs (1.56.0 -> 1.56.1) libnbd (1.20.2 -> 1.20.3) libpipeline (1.5.7 -> 1.5.8) libunistring (1.2 -> 1.3) man (2.12.1 -> 2.13.0) nbdkit (1.40.3 -> 1.40.4) nvidia-open-driver-G06-signed-cuda (555.42.06_k6.11.3_1 -> 555.42.06_k6.11.3_2) openSUSE-release (20241018 -> 20241021) openssl-3 selinux-policy (20240930 -> 20241018) unbound (1.21.1 -> 1.22.0) xf86-input-evdev (2.10.6 -> 2.11.0) xf86-input-libinput (1.4.0 -> 1.5.0) === Details === ==== MozillaFirefox ==== Version update (131.0.2 -> 131.0.3) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 131.0.3 * some users could not access the Bill Pay portion of their bank's site (bmo#1923500) * some VR180 and 360 videos were not properly rendering on YouTube (bmo#1922278) * Fixed a crash that Windows users with Avast or AVG security software were experiencing when visiting certain sites. (bmo#1919678) * "List all tabs" button was not able to be moved from the toolbar (bmo#1918681) NFSA 2024-53 * CVE-2024-9936 (bmo#1920381) Undefined behavior in selection node cache - remove obsolete mozilla-rust-disable-future-incompat.patch ==== dav1d ==== Version update (1.4.3 -> 1.5.0) - Update to version 1.5.0 * WARNING: we removed some of the SSE2 optimizations, so if you care about systems without SSSE3, you should be careful when updating! * Optimize index offset calculations for decode_coefs * picture: copy HDR10+ and T35 metadata only to visible frames * SSSE3 new optimizations for 6-tap (8bit and hbd) * AArch64/SVE: Add HBD subpel filters using 128-bit SVE2 * AArch64: Add USMMLA implempentation for 6-tap H/HV * AArch64: Optimize Armv8.0 NEON for HBD horizontal filters and 6-tap filters * Power9: Optimized ITX till 16x4. * Loongarch: numerous optimizations * RISC-V optimizations for pal, cdef_filter, ipred, mc_blend, mc_bdir, itx * Allow playing videos in full-screen mode in dav1dplay ==== evolution ==== Version update (3.54.0 -> 3.54.1) Subpackages: evolution-lang evolution-plugin-spamassassin - Update to version 3.54.1: + Bug Fixes: Missing sender's S/MIME certificate import button + Miscellaneous: - libgnomecanvas: Add few checks for argument validity - WebKitGTK 2.46.1: Middle mouse button inserts primary clipboard twice + Updated translations. ==== evolution-data-server ==== Version update (3.54.0 -> 3.54.1) Subpackages: evolution-data-server-lang libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-3 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4 - Update to version 3.54.1: + Bug Fixes: - Pass GError instead of CamelException to camel_movemail_solaris - Fix argument types in ENABLE_BROKEN_SPOOL code - Use GIConv instead of iconv_t with iconv wrappers - ESoupSession: Sometimes accesses server without OAuth2 token + Updated translations. ==== evolution-ews ==== Version update (3.54.0 -> 3.54.1) Subpackages: evolution-ews-lang - Update to version 3.54.1: + Bug Fixes: - m365: Mails do not have set size in summary - m365: Fails to save a message in the Drafts folder - m365: Cannot delete instance of a recurring event + Miscellaneous: - m365: Camel: Correct message ID calculation for folder summary - m365: Read 'bodyPreview' for mail messages - m365: Handle SyncStateNotFound error + Updated translations. ==== gimp ==== Subpackages: gimp-plugin-aa libgimp-2_0-0 libgimpui-2_0-0 - Add gtk-update-icon-cache BuildRequires: Ensure /usr/bin/gtk-update-icon-cache is present during build, as configure checks for it. ==== gtk2 ==== Subpackages: gtk2-data gtk2-immodule-xim gtk2-lang gtk2-tools libgtk-2_0-0 - Eliminate usage of update-alternatives: + Drop gtk-update-icon-cache and relevant man page. We rely solely on GTK3 to perform this caching task. ==== gtk3 ==== Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-lang gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Eliminate usage of update-alternatives: GTK2 no longer provides gtk-update-icon-cache, thus eliminating the need for this extra complexity. ==== gvfs ==== Version update (1.56.0 -> 1.56.1) Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang - Update to version 1.56.1: + udisks2: Increasing reference count when updating volume to fix crashes + onedrive: - Use names instead of id for events to fix monitoring - Add missing replace stream to fix crashes - onedrive: Fix double free during cache rebuild to fix crashes + dav: Recognize the 409 status to fix creation of parent directories + Updated translations. ==== libnbd ==== Version update (1.20.2 -> 1.20.3) Subpackages: libnbd0 - Update to version 1.20.3: * Version 1.20.3. * interop: Skip nbd-server test on Alpine * ci: Update CI files * rust: Parse perlpod L<https://...> (external links) to rust markup * podwrapper: Add some simple checks for cross-references within manual pages. * docs/libnbd-release-notes-1.10.pod: Remove broken link to "nbd_connect(3)" * docs/nbd_create.pod: Cross-reference nbd_shutdown(3) * docs: Use "oldstyle servers" in preference to "older servers" * docs: Mention newstyle and oldstyle servers in main docs * README: Fix bold markdown * README: Mention 'make install DESTDIR=...' * README: Mention the ./run script * build: Prefer "for developers" in ./configure --help output * build: Fix ./configure --help output for --enable-python-code-style * .gitignore: Remove unused line * ci: Drop Alma Linux 8 * lib/crypto.c: Check <gnutls/socket.h> works before including it * docs/libnbd-security.pod: Assign CVE-2024-7383 * jsc#PED-8910 ==== libpipeline ==== Version update (1.5.7 -> 1.5.8) - Update to 1.5.8 (27 August 2024): * Upgrade to Gnulib `stable-202407`. Building libpipeline now requires Automake >= 1.14. * Use C23-style `nullptr`. ==== libunistring ==== Version update (1.2 -> 1.3) Subpackages: libunistring5 libunistring5-32bit - update to 1.3: * Support Unicode version 16.0.0 ==== man ==== Version update (2.12.1 -> 2.13.0) - Update to man-db 2.13.0 (29 August 2024) * Drop support for versions of groff before 1.21 (released on 2010-12-31). * Fix `man-suffixed-extension` test failure when not using the GNU hierarchy organization. * Fix `-Wmissing-variable-declarations` warnings with GCC 14. * Fix `-Wflex-array-member-not-at-end` warning with GCC 14. * Upgrade to Gnulib `stable-202407`. * Support running the test suite against an installed package; this is useful for systems such as Debian's autopkgtest framework. - Remove patch man-db-2.6.3-chinese.dif as not supported anymore due to newer groff versions - Port patches * man-db-2.6.3-listall.dif * man-db-2.7.1-zio.dif * man-db-2.9.4.patch * man-propose-online.patch ==== nbdkit ==== Version update (1.40.3 -> 1.40.4) Subpackages: nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin nbdkit-vddk-plugin - Update to version 1.40.4: * Version 1.40.4. * ci: Update CI files * docs/nbdkit-service.pod: Add KeepAlive and User/Group settings * tests/test-ondemand.sh: Refine qemu exportname skips * tests/test-ondemand.sh: Work around bug in qemu 9.1 exportname handling * ondemand: Serialize the .open method * ondemand: Delete the disk if creation fails * ondemand, tmpdisk: Don't allow parameters containing '-' * ondemand: Be less strict about filenames * tests: bzip2, curl, ext2, file, gzip, memory, offset, xz: Don't leak 'data' returned by guestfs_cat * Fix documented default value for xz-max-depth * bzip2: Fix version where this filter first appeared * filters/qcow2dec/qcow2dec.c: Fix format specifier in error message * tests: old-plugins: Fix srcdir != builddir * tests: Rearrange some filter tests in alphabetical order * server: Clear conn->magic when freeing a connection * jsc#PED-8910 ==== nvidia-open-driver-G06-signed-cuda ==== Version update (555.42.06_k6.11.3_1 -> 555.42.06_k6.11.3_2) - cuda-flavor * provide nvidia-open-driver-G06-kmp = %version to workaround broken cuda-drivers - nv-prefer-signed-open-driver * added comments for requirements - latest change hardcoded to 555.42.06; we no longer need this for 560 - nv-prefer-signed-open-driver: * added specicic versions of cuda-drivers/cuda-drivers-xxx as preconditions for requiring specific version of nvidia-compute-G06 - nv-prefer-signed-open-driver: * no longer require a specific version of nvidia-open-driver-G06-signed-cuda-kmp, so it can select the correct open driver KMP matching the cuda-runtime version - cuda-flavor: * added nvidia-compute-G06 = %version to preconditions for requiring kernel-firmware-nvidia-gspx-G06, since nvidia-compute-utils-G06 does not have a version-specific requires on nvidia-compute-G06 - cuda-flavor: * require kernel-firmware-nvidia-gspx-G06 instead of kernel-firmware-nvidia-gspx-G06-cuda (which provides also kernel-firmware-nvidia-gspx-G06) * trigger removal of driver modules also on kernel-firmware-nvidia-gspx-G06 - no longer hard-require kernel firmware package, but install it automatically once nvidia-compute-utils-G06 gets installed - trigger removal of driver modules with non-existing or wrong firmware when (new) firmware gets installed ==== openSUSE-release ==== Version update (20241018 -> 20241021) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssl-3 ==== Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3 - Security fix: [bsc#1231741, CVE-2024-9143] * Low-level invalid GF(2^m) parameters lead to OOB memory access * Add openssl-CVE-2024-9143.patch - Security fix: [bsc#1220262, CVE-2023-50782] * Implicit rejection in PKCS#1 v1.5 * Add openssl-CVE-2023-50782.patch ==== selinux-policy ==== Version update (20240930 -> 20241018) Subpackages: selinux-policy-targeted - Update to version 20241018: * Allow slpd to create TCPDIAG netlink socket (bsc#1231491) * Allow slpd to use sys_chroot (bsc#1231491) * Allow openvswitch-ipsec use strongswan (bsc#1231493) ==== unbound ==== Version update (1.21.1 -> 1.22.0) Subpackages: libunbound8 unbound-anchor - Update to 1.22.0: Features: * Add iter-scrub-ns, iter-scrub-cname and max-global-quota configuration options. * Merge patch to fix for glue that is outside of zone, with `harden-unverified-glue`, from Karthik Umashankar (Microsoft). Enabling this option protects the Unbound resolver against bad glue, that is unverified out of zone glue, by resolving them. It uses the records as last resort if there is no other working glue. * Add redis-command-timeout: 20 and redis-connect-timeout: 200, that can set the timeout separately for commands and the connection set up to the redis server. If they are not specified, the redis-timeout value is used. * Log timestamps in ISO8601 format with timezone. This adds the option `log-time-iso: yes` that logs in ISO8601 format. * DNS over QUIC. This adds `quic-port: 853` and `quic-size: 8m` that enable dnsoverquic, and the counters `num.query.quic` and `mem.quic` in the statistics output. The feature needs to be enabled by compiling with libngtcp2, with `--with-libngtcp2=path` and libngtcp2 needs openssl+quic, pass that with `--with-ssl=path` to compile unbound as well. Bug Fixes: * unbound-control-setup hangs while testing for openssl presence starting from version 1.21.0. * Fix error: "memory exhausted" when defining more than 9994 local-zones. * Fix documentation for cache_fill_missing function. * Fix Loads of logs: "validation failure: key for validation <domain>. is marked as invalid because of a previous" for non-DNSSEC signed zone. * Fix that when rpz is applied the message does not get picked up by the validator. That stops validation failures for the message. * Fix that stub-zone and forward-zone clauses do not exhaust memory for long content. * Fix to print port number in logs for auth zone transfer activities. * b.root renumbering. * Add new IANA trust anchor. * Fix config file read for dnstap-sample-rate. * Fix alloc-size and calloc-transposed-args compiler warnings. * Fix to limit NSEC and NSEC3 TTL when aggressive nsec is enabled (RFC9077). * Fix dns64 with prefetch that the prefetch is stored in cache. * Attempt to further fix doh_downstream_buffer_size.tdir flakiness. * More clear text for prefetch and minimal-responses in the unbound.conf man page. * Fix cache update when serve expired is used. Expired records are favored over resolution and validation failures when serve-expired is used. * Fix negative cache NSEC3 parameter compares for zero length NSEC3 salt. * Fix unbound-control-setup hangs sometimes depending on the openssl version. * Fix Cannot override tcp-upstream and tls-upstream with forward-tcp-upstream and forward-tls-upstream. * Fix to limit NSEC TTL for messages from cachedb. Fix to limit the prefetch ttl for messages after a CNAME with short TTL. * Fix to disable detection of quic configured ports when quic is not compiled in. * Fix harden-unverified-glue for AAAA cache_fill_missing lookups. * Fix contrib/aaaa-filter-iterator.patch for change in call signature for cache_fill_missing. * Fix to display warning if quic-port is set but dnsoverquic is not enabled when compiled. * Fix dnsoverquic to extend the number of streams when one is closed. * Fix for dnstap with dnscrypt and dnstap without dnsoverquic. * Fix for dnsoverquic and dnstap to use the correct dnstap environment. - Update keyring ==== xf86-input-evdev ==== Version update (2.10.6 -> 2.11.0) - update to version 2.11.0 * FTBFS fixes on non-linux platforms and dropping some ancient quirks * Fixes for the Compose and Kana LEDs * we remap some higher keycodes to FK20 and friends, paving the way for systemd/udev to map those properly in their hwdb files ==== xf86-input-libinput ==== Version update (1.4.0 -> 1.5.0) - Update to version 1.5.0: * the compose and kana LEDs are now supported * tablet tools now have a property to indicate the tool serial and hw id (if any) * libinput's tablet tool pressure range config is now supported * libinput's clickfinger button map config is now supported * we remap some higher keycodes to FK20 and friends, paving the way for systemd/udev to map those properly in their hwdb files