Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20221028 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (106.0.1 -> 106.0.2) fwnn gcr3 gdk-pixbuf (2.42.9 -> 2.42.10) gnome-keyring gpgme (1.16.0 -> 1.18.0) guestfs-tools kernel-source (6.0.3 -> 6.0.5) kvm_stat (6.0.3 -> 6.0.5) libosinfo libstorage-ng (4.5.47 -> 4.5.48) libyuv (20220713+d248929c -> 20220920+f9fda6e) mosh (1.4.0.rc1 -> 1.4.0) openldap2 openldap2-contrib-src osinfo-db (20220830 -> 20221018) plymouth (22.02.122+77.c09c651 -> 22.02.122+94.4bd41a3) python310 (3.10.7 -> 3.10.8) python310-core (3.10.7 -> 3.10.8) rubygem-oauth2 (1.4.9 -> 2.0.9) spice-gtk sudo (1.9.11p3 -> 1.9.12) supermin tracker (3.4.0 -> 3.4.1) tracker-miners (3.4.0 -> 3.4.1) usbutils (014 -> 015) virt-manager virt-v2v xerces-c (3.2.3 -> 3.2.4) yast2-firstboot (4.5.4 -> 4.5.5) yast2-packager (4.5.5 -> 4.5.6) === Details === ==== MozillaFirefox ==== Version update (106.0.1 -> 106.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 106.0.2 * Fix missing content on some PDF forms (bmo#1794351) * Fix column width for the Notification sub-panel in Settings (bmo#1793558) * Fix a browser freeze with accessibility enabled on some sites such as the Proxmox Web UI (bmo#1793748) * Fix page reloading not working with Firefox View and not refreshing synced data (bmo#1792680, bmo#1794474) ==== fwnn ==== - Fix generation of debuginfo packages. The IMake based build system by default strips binaries during `make install` phase already. Avoid this by overriding the corresponding make variable. ==== gcr3 ==== Subpackages: gcr3-data gcr3-lang gcr3-prompter gcr3-ssh-agent gcr3-ssh-askpass libgck-1-0 libgcr-3-1 - Have libgcr-3-1 require gcr3-ssh-askpass when gnome-keyring is present: gnome-keyring interacts deeper with this library, which justifies a hard dep in this case (boo#1204071). ==== gdk-pixbuf ==== Version update (2.42.9 -> 2.42.10) Subpackages: gdk-pixbuf-lang gdk-pixbuf-query-loaders gdk-pixbuf-query-loaders-32bit gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 libgdk_pixbuf-2_0-0-32bit typelib-1_0-GdkPixbuf-2_0 - Update to version 2.42.10: + Search for rst2man.py. + Update the memory size limit for JPEG images. + Updated translations. - Drop patch fixed upstream (with different limit): + 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch ==== gnome-keyring ==== Subpackages: gnome-keyring-32bit gnome-keyring-lang gnome-keyring-pam gnome-keyring-pam-32bit libgck-modules-gnome-keyring - Use %_pam_moduledir instead of %{_lib}/security (boo#1191034). ==== gpgme ==== Version update (1.16.0 -> 1.18.0) Subpackages: libgpgme11 libgpgmepp6 - gpgme 1.18.0 * New keylist mode to force refresh via external methods * The keylist operations now create an import result to report the result of the locate keylist modes * core: Return BAD_PASSPHRASE error code on symmetric decryption failure * cpp, qt: Do not export internal symbols anymore * cpp, qt: Support revocation of own OpenPGP keys * qt: The file name of (signed and) encrypted data can now be set * cpp, qt: Support setting the primary user ID * python: Fix segv(NULL) when inspecting contect after exeception - includes changes from version 1.17.1: * qt: Fix a bug in the ABI compatibility of 1.17.0 - includes changes from 1.17.0: * New context flag "key-origin" * New context flag "import-filter" * New export mode to export secret subkeys * Detect errors during the export of secret keys * New function gpgme_op_receive_keys to import keys from a keyserver without first running a key listing * Detect bad passphrase error in certificate import * Allow setting --key-origin when importing keys * Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr", "pinentry", and "socketdir" in gpgme_get_dirinfo * Under Unix use poll(2) instead of select(2), when available. * Fix results returned by gpgme_data_* functions * Support closefrom also for glibc (drop upstream gpgme-use-glibc-closefrom.patch * cpp,qt: Add support for export of secret keys and secret subkeys. * cpp,qt: Support for adding existing subkeys to other keys * qt: Extend ChangeExpiryJob to change expiration of primary key and of subkeys at the same time * qt: Support WKD lookup without implicit import * qt: Allow specifying an import filter when importing keys * qt: Allow retrieving the default value of a config entry - drop patches included upstream * gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch * gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch - add patches to fix tests: * gpgme-1.18.0-T6137-qt_test.patch ==== guestfs-tools ==== - jsc#PED-2104 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ==== kernel-source ==== Version update (6.0.3 -> 6.0.5) - Linux 6.0.5 (bsc#1012628). - Revert "btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure" (bsc#1012628). - clk: tegra: Fix Tegra PWM parent clock (bsc#1012628). - commit 7359656 - Linux 6.0.4 (bsc#1012628). - Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()" (bsc#1012628). - fbdev/core: Remove remove_conflicting_pci_framebuffers() (bsc#1012628). - io-wq: Fix memory leak in worker creation (bsc#1012628). - gcov: support GCC 12.1 and newer compilers (bsc#1012628). - efi: ssdt: Don't free memory if ACPI table was loaded successfully (bsc#1012628). - efi: efivars: Fix variable writes without query_variable_store() (bsc#1012628). - dm clone: Fix typo in block_device format specifier (bsc#1012628). - drm/amd/pm: update SMU IP v13.0.4 driver interface version (bsc#1012628). - drm/amd/pm: fulfill SMU13.0.0 cstate control interface (bsc#1012628). - drm/amd/pm: disable cstate feature for gpu reset scenario (bsc#1012628). - drm/amd/pm: add SMU IP v13.0.4 IF version define to V7 (bsc#1012628). - drm/amd/pm: fulfill SMU13.0.7 cstate control interface (bsc#1012628). - net: flag sockets supporting msghdr originated zerocopy (bsc#1012628). - HID: playstation: add initial DualSense Edge controller support (bsc#1012628). - HID: playstation: stop DualSense output work on remove (bsc#1012628). - io_uring/net: fail zc send when unsupported by socket (bsc#1012628). - thermal: intel_powerclamp: Use first online CPU as control_cpu (bsc#1012628). - pinctrl: amd: change dev_warn to dev_dbg for additional feature support (bsc#1012628). - drm/i915/bios: Use hardcoded fp_timing size for generating LFP data pointers (bsc#1012628). - drm/i915/bios: Validate fp_timing terminator presence (bsc#1012628). - commit 12375d5 - arm64: Update config files. (bsc#1203558) Enable Renesas serial console and earlycon. - commit e782884 - Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()" (bsc#1204679). - commit df34d12 - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (CVE-2022-3640 bsc#1204619). - commit c41533c ==== kvm_stat ==== Version update (6.0.3 -> 6.0.5) - Fix security issue about debugfs described in bsc#1202924 * Added patches: tools-kvm_stat-fix-attack-vector-with-user-controlle.patch ==== libosinfo ==== Subpackages: libosinfo-1_0-0 libosinfo-lang typelib-1_0-Libosinfo-1_0 - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ==== libstorage-ng ==== Version update (4.5.47 -> 4.5.48) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#901 - set used feature flag for quota (bsc#1204773) - 4.5.48 ==== libyuv ==== Version update (20220713+d248929c -> 20220920+f9fda6e) - Update to version 20220920+f9fda6e: * Fix shift amount for SSSE3 assembly for I012 format conversions * 10/12 bit YUV replicate upper bits to low bits before converting to RGB * Fix immediate offsets for row_neon build on gcc - Update to version 20220920+248172e: * I422ToRGB24, I422ToRAW, I422ToRGB24MatrixFilter conversion functions added. * Remove include resource.h for Fuchsia build * I420ToRGB24MatrixFilter function added * SSE2 MM21->YUY2 conversion * MM21ToYUY2 and ABGRToJ420 conversion * AB64ToARGB fix for inplace conversion * Bump up version to 1838 * Add I422ToRGB565Matrix * RAWToJ400 require multiple of 16 pixels for NEON * row_neon*: Explicitly initialize pad in RgbConstants * Fix MSVC warnings by adding casts * Define _CRT_SECURE_NO_WARNINGS if MSVC CRT is used * Reduce cmake verbosity and update min version * Set IMPORT_PREFIX to "lib" on Windows * Android.bp: Remove reference to LICENSE_THIRD_PARTY * Fix SSE2 version of ScalePlaneUp2_16_Bilinear * Disable bilinear 16 bit scale up for SSE2 * Add .vpython3 to libyuv. * Switch from python to python3. ==== mosh ==== Version update (1.4.0.rc1 -> 1.4.0) - Update to version 1.4.0: * New features: Support OSC 52 clipboard copy integration (Alex Cornejo) Allow non-inserting prediction (--predict-overwrite) (John Hood) Don't do prediction on large pastes into mosh-client (John Hood) Add true color support (Kang Jianbin) Add syslog logging of connections (Tom Judge) If exec()ing the remote command fails, pause briefly (John Hood) * Bug fixes: ignore unknown renditions (Keith Winstein) Overlays were getting set to the wrong colors (John Hood) Fix issue with incorrect true-color background erase colors (John Hood) Use HAVE_UTEMPTER instead of HAVE_UPTEMPTER (Michael Jarvis) Apply latest consecutive resize, not earliest (Peter Edwards) Use CLOCK_MONOTONIC_RAW when available (Harry Sintonen) Add tmux and alacritty to title_term_types (Naïm Favier) Don't sometimes hang just after launching ssh (Kalle Samuels) * Internal changes: Reformat printed strings in source (John Hood) Code cleanups (John Hood, Anders Kaseorg, Benjamin Barenblat, Alex Chernyakhovsky) Always use non-blocking sockets for recvmsg() (John Hood) Add Perl compile (John Hood) Improvements to the test suite (John Hood) Fixes to autoconf configure (Anders Kaseorg) Cleanups to our cryptography code (Benjamin Barenblat, Alex Chernyakhovsky) * Infrastructure changes: Add support for OCLint static checker (John Hood) Switch from Travis-CI to Github Actions (Wolfgang E. Sanyer, Alex Chernyakhovsky) Add code coverage and fuzzing infrastructure (Alex Chernyakhovsky) ==== openldap2 ==== Subpackages: libldap-data libldap2 libldap2-32bit openldap2-client - bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands. ==== openldap2-contrib-src ==== - bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user to privilege escalate to root due to unbound chown commands. ==== osinfo-db ==== Version update (20220830 -> 20221018) - Update to database version 20221018 osinfo-db-20221018.tar.xz - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ==== plymouth ==== Version update (22.02.122+77.c09c651 -> 22.02.122+94.4bd41a3) Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Update to version 22.02.122+94.4bd41a3: * plugins: label-freetype: Fixes calculation of line width. * plugins: label-freetype: Fix font alignment. * populate-initrd: Install label-freetype plugin into initrd if available. * plugins: Add FreeType-based label plugin. * ply-label: Don't crash if label plugin fails. * details: Don't replay boot buffer on serial consoles. * main: Add "reload" command. * ply-device-manager: Add plymouth.force-frame-buffer-on-boot parameter, allow to choose force framebuffer mode. * systemd: Add mkinitcpio support to plymouth-switch-root-initramfs.service. * Rebase plymouth-only_use_fb_for_cirrus_bochs.patch; for build success. * Rebase plymouth-watermark-config.patch; for build success. * Drop 0001-Add-label-ft-plugin.patch; for already merged by upstream. * Drop 0002-Install-label-ft-plugin-into-initrd-if-available.patch for already merged by upstream. * Drop 0003-fix_null_deref.patch for already merged by upstream. * Drop 0004-label-ft-fix-alignment.patch for already merged by upstream. ==== python310 ==== Version update (3.10.7 -> 3.10.8) Subpackages: python310-curses python310-dbm python310-tk - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesnât fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments ânameâ and âvariableâ are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: donât call the previous signal handler if itâs NULL. - In inspect, fix overeager replacement of âtyping.â in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that itâs not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so ... changelog too long, skipping 10 lines ... - Remove upstreamed test-int-timing.patch. ==== python310-core ==== Version update (3.10.7 -> 3.10.8) Subpackages: libpython3_10-1_0 python310-base - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which requested to drop the GIL, whereas the thread already exited. To fix the race condition, the thread which requested the GIL drop now resets its request before exiting. - Fix a possible assertion failure, fatal error, or SystemError if a line tracing event raises an exception while opcode tracing is enabled. - Fix undefined behaviour in C code of null pointer arithmetic. - Do not expose KeyWrapper in _functools. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Disable incorrect pickling of the C implemented classmethod descriptors. - Fix AttributeError missing name and obj attributes in . object.__getattribute__() bpo-42316: Document some places . where an assignment expression needs parentheses . - Wrap network errors consistently in urllib FTP support, so the test suite doesnât fail when a network is available but the public internet is not reachable. - Fixes AttributeError when subprocess.check_output() is used with argument input=None and either of the arguments encoding or errors are used. - Avoid spurious tracebacks from asyncio when default executor cleanup is delayed until after the event loop is closed (e.g. as the result of a keyboard interrupt). - Avoid a crash in the C version of asyncio.Future.remove_done_callback() when an evil argument is passed. - Remove tokenize.NL check from tabnanny. - Make Semaphore run faster. - Fix generation of the default name of tkinter.Checkbutton. Previously, checkbuttons in different parent widgets could have the same short name and share the same state if arguments ânameâ and âvariableâ are not specified. Now they are globally unique. - Update bundled libexpat to 2.4.9 - Fix race condition in asyncio where process_exited() called before the pipe_data_received() leading to inconsistent output. - Fixed check in multiprocessing.resource_tracker that guarantees that the length of a write to a pipe is not greater than PIPE_BUF. - Corrected type annotation for dataclass attribute pstats.FunctionProfile.ncalls to be str. - Fix the faulthandler implementation of faulthandler.register(signal, chain=True) if the sigaction() function is not available: donât call the previous signal handler if itâs NULL. - In inspect, fix overeager replacement of âtyping.â in formatting annotations. - Fix asyncio.streams.StreamReaderProtocol to keep a strong reference to the created task, so that itâs not garbage collected - Fix handling compiler warnings (SyntaxWarning and DeprecationWarning) in codeop.compile_command() when checking for incomplete input. Previously it emitted warnings and raised a SyntaxError. Now it always returns None for incomplete input without emitting any warnings. - Fixed flickering of the turtle window when the tracer is turned off. - Allow asyncio.StreamWriter.drain() to be awaited concurrently by multiple tasks. - Fix broken asyncio.Semaphore when acquire is cancelled. - Fix ast.unparse() when ImportFrom.level is None - Improve performance of urllib.request.getproxies_environment when there are many environment variables - Fix ! in c domain ref target syntax via a conf.py patch, so ... changelog too long, skipping 10 lines ... - Remove upstreamed test-int-timing.patch. ==== rubygem-oauth2 ==== Version update (1.4.9 -> 2.0.9) updated to version 2.0.9 see installed CHANGELOG.md updated to version 2.0.7 see installed CHANGELOG.md [#]# [2.0.7] - 2022-08-22 [#]## Added - [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta) [#]## Fixed - [#626](https://github.com/oauth-xx/oauth2/pull/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) - Note: This fixes compatibility with `omniauth-oauth2` and AWS - [#625](https://github.com/oauth-xx/oauth2/pull/625) - Fixes the printed version in the post install message (@hasghari) updated to version 2.0.6 see installed CHANGELOG.md ==== spice-gtk ==== Subpackages: libspice-client-glib-2_0-8 libspice-client-glib-helper libspice-client-gtk-3_0-5 typelib-1_0-SpiceClientGlib-2_0 typelib-1_0-SpiceClientGtk-3_0 - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ==== sudo ==== Version update (1.9.11p3 -> 1.9.12) Subpackages: sudo-plugin-python - Update to 1.9.12: * Dropped sudo-1.9.10-update_sudouser_to_utf8.patch * Changes in Sudo 1.9.12: * Fixed a bug when logging the commandâs exit status in intercept mode. The wrong command could be logged with the exit status. * For ptrace-based intercept mode, sudo will now attempt to verify that the command path name, arguments and environment have not changed from the time when they were authorized by the security policy. The new intercept_verify sudoers setting can be used to control this behavior. * Fixed running commands with a relative path (e.g. ./foo) in intercept mode. Previously, this would fail if sudoâs current working directory was different from that of the command. * Sudo now supports passing the execve(2) system call the NULL pointer for the argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer like an empty array. * The sudoers LDAP schema now allows sudoUser, sudoRunasUser and sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII. * Fixed a problem with sudo -i on SELinux when the target userâs home directory is not searchable by sudo. GitHub issue #160. * Neovim has been added to the list of visudo editors that support passing the line number on the command line. * Fixed a bug in sudoâs SHA384 and SHA512 message digest padding. * Added a new -N (no-update) command line option to sudo which can be used to prevent sudo from updating the userâs cached credentials. It is now possible to determine whether or not a userâs cached credentials are currently valid by running: $ sudo -Nnv and checking the exit value. One use case for this is to indicate in a shell prompt that sudo is âactiveâ for the user. * PAM approval modules are no longer invoked when running sub-commands in intercept mode unless the intercept_authenticate option is set. There is a substantial performance penalty for calling into PAM for each command run. PAM approval modules are still called for the initial command. * Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2) if available. * The XDG_CURRENT_DESKTOP environment variable is now preserved by default. This makes it possible for graphical applications to choose the correct theme when run via sudo. * On 64-bit systems, if sudo fails to load a sudoers group plugin, it will use system-specific heuristics to try to locate a 64-bit version of the plugin. * The cvtsudoers manual now documents the JSON and CSV output formats. GitHub issue #172. * Fixed a bug where sub-commands were not being logged to a remote log server when log_subcmds was enabled. GitHub issue #174. * The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers settings can be used to support more fine-grained I/O logging. The sudo front-end no longer allocates a pseudo-terminal when running a command if the I/O logging plugin requests logging of stdin, stdout, or stderr but not terminal input/output. * Quieted a libgcrypt run-time initialization warning. This fixes Debian bug #1019428 and Ubuntu bug #1397663. * Fixed a bug in visudo that caused literal backslashes to be removed from the EDITOR environment variable. GitHub issue #179. * The sudo Python plugin now implements the find_spec method instead of the the deprecated find_module. This fixes a test failure when a newer version of setuptools that doesnât include find_module is found on the system. * Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created the process ID file, usually /var/run/sudo/sudo_logsrvd.pid, as a directory instead of a plain file. The same bug could result in I/O log directories that end in six or more Xâs being created literally in addition to the name being used as a template for the mkdtemp(3) function. * Fixed a long-standing bug where a sudoers rule with a command line argument of ââ, which indicates the command may be run with no arguments, would also match a literal "" on the command line. GitHub issue #182. * Added the -I option to visudo which only edits the main sudoers file. Include files are not edited unless a syntax error is found. * Fixed sudo -l -U otheruser output when the runas list is empty. Previously, sudo would list the invoking user instead of the list user. GitHub issue #183. * Fixed the display of command tags and options in sudo -l output when the RunAs user or group changes. A new line is started for RunAs changes which means we need to display the command tags and options again. GitHub issue #184. * The sesh helper program now uses getopt_long(3) to parse the command line options. * The embedded copy of zlib has been updated to version 1.2.13. * Fixed a bug that prevented event log data from being sent to the log server when I/O logging was not enabled. This only affected systems without PAM or configurations where the pam_session and pam_setcred options were disabled in the sudoers file. * Fixed a bug where sudo -l output included a carriage return after the newline. This is only needed when displaying to a terminal in raw mode. Bug #1042. ==== supermin ==== - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ==== tracker ==== Version update (3.4.0 -> 3.4.1) Subpackages: libtracker-sparql-3_0-0 tracker-data-files tracker-lang typelib-1_0-Tracker-3_0 - Update to version 3.4.1: + Fixes to VAPI file. + Fixes to IRI escaping checks in TrackerResource. + Move fts: prefix definition to base ontology. + Improve memory usage of already executed TrackerBatch objects for GC languages. + Replace deprecated egrep tool usage in bash completion script. + Fixes for memory leaks and invalid memory access. + Fix endpoint-side cancellation of client-side D-Bus cancelled queries. + Updated translations. - Drop tracker-no-egrep.patch: Fixed upstream. ==== tracker-miners ==== Version update (3.4.0 -> 3.4.1) Subpackages: tracker-miner-files tracker-miners-lang - Update to version 3.4.1: + Warning fixes to gstreamer extractor. + Silence EXDEV warnings on FANotify monitor failures, likely in some systems. + New handled syscalls in seccomp: set_mempolicy, get_mempolicy, epoll_create1. + Improve performance of lookups of related CUE files for gstreamer media. + Fix memory leaks. + Updated translations. ==== usbutils ==== Version update (014 -> 015) - update to 015: * usb-devices: list the root devices in numerical order * usb-devices: use 'local' variable type to handle recursion * lsusb: remove unused wireless check * lsusb: remove wireless descriptor information * usb-devices: fix field width on device speed field * lsusb: fix up Midi Device specification devices * Fix an runtime error reported by undefind sanitizer * lsusb: Improve status display for SuperSpeedPlus hubs * lsusb-t: Fix recursive sorting on child devices. ==== virt-manager ==== Subpackages: virt-install virt-manager-common - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ==== virt-v2v ==== Subpackages: virt-v2v-bash-completion - jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen and KVM Management ==== xerces-c ==== Version update (3.2.3 -> 3.2.4) - update to 3.2.4: * [XERCESC-2195] - Invalid attribute in .gitattributes file * [XERCESC-2196] - cross-compiling issue * [XERCESC-2214] - Wrong delete[] in MemBufInputSource dtor * [XERCESC-2217] - ICUTranscoder::transcodeFrom buffer overflow * [XERCESC-2218] - CurlURLInputStream constructor memory leak * [XERCESC-2219] - XMLReader constructor: memory leak when refreshRawBuffer() throws * [XERCESC-2221] - InMemMsgLoader::loadMsg(): fix memory leak when transcoding fails * [XERCESC-2222] - DFAContentModel::checkUniqueParticleAttribution(): fix memory leak * [XERCESC-2223] - SAX2XMLReaderImpl::error(): potential memory leak * [XERCESC-2225] - Link to installed CMake targets of CURL * [XERCESC-2227] - Memleak fixes in ContentSpecNode and ComplexTypeInfo classes * [XERCESC-2228] - DFAContentModel: fix memory leaks when OutOfMemoryException occurs * [XERCESC-2229] - IGXMLScanner::scanDocTypeDecl(): fix memory leak on exception * [XERCESC-2230] - DFAContentModel::buildSyntaxTree(): fix memory leaks when OutOfMemoryException occurs * [XERCESC-2235] - DFAContentModel::buildDFA(): correctly zero-initialize fFollowList * [XERCESC-2236] - Dependencies aren't loaded when using provided CMake config package * [XERCESC-2241] - Integer overflows in DFAContentModel class * [XERCESC-2242] - Non-default curl location breaks autoconf link detection ==== yast2-firstboot ==== Version update (4.5.4 -> 4.5.5) - Compute properly dependencies of WSL GUI pattern (jsc#PM-3439) - 4.5.5 ==== yast2-packager ==== Version update (4.5.5 -> 4.5.6) - support 'repo' scheme for add-ons (jsc#SLE-22578, jsc#SLE-24584) - 4.5.6