Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20230806 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: libssh libvirt (9.5.0 -> 9.6.0) libzypp (17.31.17 -> 17.31.18) plasma5-desktop (5.27.7 -> 5.27.7.1) python-libvirt-python (9.5.0 -> 9.6.0) python311 python311-core webkit2gtk3 (2.40.4 -> 2.40.5) webkit2gtk3-soup2 (2.40.4 -> 2.40.5) xen === Details === ==== libssh ==== Subpackages: libssh-config libssh4 - Add fix to spec file for the incorrect include path as a result of the default openSSH move to /usr/etc, (boo#1211718). ==== libvirt ==== Version update (9.5.0 -> 9.6.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Add upstream commit 3d2f3fb72b to fix max file limits in systemd services - Update to libvirt 9.6.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v9-6-0-2023-08-01 - jsc#PED-3725 - spec: Unconditionally enable modular daemons - spec: Remove logic handling package upgrade from old libvirtd ==== libzypp ==== Version update (17.31.17 -> 17.31.18) - SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the zypp-rpm lock (fixes openSUSE/openSUSE-repos#29) - version 17.31.18 (22) ==== plasma5-desktop ==== Version update (5.27.7 -> 5.27.7.1) Subpackages: plasma5-desktop-emojier plasma5-desktop-lang - Update to 5.27.7.1: * Panel: fix applet not returning focus after pressing applet shortcut (kde#472909) * Migrate missing key handling/accessibility features from default CompactRepresentation ==== python-libvirt-python ==== Version update (9.5.0 -> 9.6.0) - Update to 9.6.0 - Add all new APIs and constants in libvirt 9.6.0 - jsc#PED-3725 ==== python311 ==== Subpackages: python311-curses python311-dbm - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). ==== webkit2gtk3 ==== Version update (2.40.4 -> 2.40.5) Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.40.5 (boo#1213905): + Fix several crashes and rendering issues. + Security fixes: CVE-2023-38133, CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595, CVE-2023-38597,, CVE-2023-38599,, CVE-2023-38600, CVE-2023-38611. ==== webkit2gtk3-soup2 ==== Version update (2.40.4 -> 2.40.5) Subpackages: WebKitGTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.40.5 (boo#1213905): + Fix several crashes and rendering issues. + Security fixes: CVE-2023-38133, CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595, CVE-2023-38597,, CVE-2023-38599,, CVE-2023-38600, CVE-2023-38611. ==== xen ==== Subpackages: xen-libs xen-tools xen-tools-domU - Add more debug to libxc-sr-track-migration-time.patch This is supposed to help with doing the math in case xl restore fails with ERANGE as reported in bug#1209311 - bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed (XSA-433) 64bea1b2-x86-AMD-Zenbleed.patch