Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20231215 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: curl (8.4.0 -> 8.5.0) gupnp gupnp-av kernel-firmware (20231128 -> 20231214) libheif libnbd libsoup2 libstorage-ng (4.5.161 -> 4.5.162) libzypp (17.31.23 -> 17.31.25) luit (20221028 -> 20230201) perl-Bootloader (1.8 -> 1.9) procps procps4 python-Babel (2.12.1 -> 2.13.1) python-alembic (1.12.1 -> 1.13.0) python-argon2-cffi (21.3.0 -> 23.1.0) python-ldap (3.4.3 -> 3.4.4) python-pycurl python-pysmbc (1.0.23 -> 1.0.25.1) python-setproctitle sdbootutil (1+git20231114.6bcf1d3 -> 1+git20231214.b186b2d) sqlite3 (3.44.1 -> 3.44.2) suse-module-tools (16.0.38 -> 16.0.39) yast2-network (5.0.0 -> 5.0.1) zypper (1.14.67 -> 1.14.68) === Details === ==== curl ==== Version update (8.4.0 -> 8.5.0) Subpackages: libcurl4 - Update to 8.5.0: * Security fixes: - [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass - [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents * Changes: - gnutls: support CURLSSLOPT_NATIVE_CA - HTTP3: ngtcp2 builds are no longer experimental * Bugfixes: - asyn-thread: use pipe instead of socketpair for IPC when available - cmake: fix OpenSSL quic detection in quiche builds - conncache: use the closure handle when disconnecting surplus connections - content_encoding: make Curl_all_content_encodings allocless - cookie: lowercase the domain names before PSL checks - Curl_http_body: cleanup properly when Curl_getformdata errors - CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range - doh: provide better return code for responses w/o addresses - doh: use PIPEWAIT when HTTP/2 is attempted - duphandle: also free 'outcurl->cookies' in error path - duphandle: make dupset() not return with pointers to old alloced data - duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set - easy: in duphandle, init the cookies for the new handle - easy_lock: add a pthread_mutex_t fallback - fopen: create new file using old file's mode - fopen: create short(er) temporary file name - getenv: PlayStation doesn't have getenv() - hostip: show the list of IPs when resolving is done - hsts: skip single-dot hostname - HTTP/2, HTTP/3: handle detach of onoing transfers - http: allow longer HTTP/2 request method names - hyper: temporarily remove HTTP/2 support - IPFS: fix IPFS_PATH and file parsing - multi: during ratelimit multi_getsock should return no sockets - multi: use pipe instead of socketpair to *wakeup() - ngtcp2: fix races in stream handling - ntlm_wb: use pipe instead of socketpair when possible - openssl: avoid BN_num_bits() NULL pointer derefs - openssl: fix building with v3 `no-deprecated` + add CI test - openssl: fix infof() to avoid compiler warning for %s with null - openssl: identify the "quictls" backend correctly - openssl: include SIG and KEM algorithms in verbose - openssl: two multi pointer checks should probably rather be asserts - openssl: when a session-ID is reused, skip OCSP stapling - quic: make eyeballers connect retries stop at weird replies - quic: manage connection idle timeouts - setopt: check CURLOPT_TFTP_BLKSIZE range on set - socks: better buffer size checks for socks4a user and hostname - socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice - tool: fix --capath when proxy support is disabled - tool_getparam: limit --rate to be smaller than number of ms - transfer: abort pause send when connection is marked for closing - transfer: avoid calling the read callback again after EOF - transfer: only reset the FTP wildcard engine in CLEAR state - url: don't touch the multi handle when closing internal handles - urlapi: avoid null deref if setting blank host to url encode - urlapi: skip appending NULL pointer query - urlapi: when URL encoding the fragment, pass in the right length - vtls: cleanup SSL config management - vtls: consistently use typedef names for OpenSSL structs - vtls: late clone of connection ssl config - vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0 * Rebase curl-secure-getenv.patch * Add curl-tests-errorcodes.patch ==== gupnp ==== - Add 00514fb6.patch: Fix compatibility with libxml2 2.12.x. ==== gupnp-av ==== Subpackages: libgupnp-av-1_0-3 - Add 1e10a41f.patch: Fix compatibility with libxml2 2.12.x. ==== kernel-firmware ==== Version update (20231128 -> 20231214) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20231214 (git commit b80907ec3a81): * qcom: Add Audio firmware for SM8650 QRD * qcom: Add Audio firmware for SM8550 QRD * Add rdfind for deb/rpm build jobs * wfx: update to firmware 3.17 * wfx: fix broken firmware - Update to version 20231205 (git commit bfc33c1e308e): * linux-firmware: Update AMD cpu microcode * cxgb4: Update firmware to revision 1.27.5.0 * linux-firmware: add firmware for en8811h 2.5G ethernet phy * s5p-mfc: Add MFC v12 Firmware * qcom: update qrb4210 firmware * qcom: update qcm2290 firmware * qcom: update qcm2290/qrb4210 WiFi firmware file * qcom: update Venus firmware file for v6.0 ==== libheif ==== Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - remove usage of presets to allow any cmake - remove plugin conditional, to provide plugins on Leap as well - remove rav1e conditional, because it is always available ==== libnbd ==== - Use ocaml-rpm-macros to track OCaml ABI ==== libsoup2 ==== Subpackages: libsoup-2_4-1 libsoup2-lang - Add ced3c5d8.patch: Fix build with libxml2-2.12.0 and clang-17. ==== libstorage-ng ==== Version update (4.5.161 -> 4.5.162) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#969 - factor out common code - 4.5.162 ==== libzypp ==== Version update (17.31.23 -> 17.31.25) - Fix build issue with zchunk build flags (fixes #500) - version 17.31.25 (22) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Avoid using select() since it does not support fd numbers > 1024 (fixes #447) - tools/DownloadFiles: use standard zypp progress bar (fixes #489) - Revert "Color download progress bar" (fixes #475) Cyan is already used for the output of RPM scriptlets. Avoid this colorific collision between download progress bar and scriptlet output. - Fix ProgressBar's calculation of the printed tag position (fixes #494) - Switch zypp::Digest to Openssl 3.0 Provider API (fixes #144) - Fix usage of deprecated CURL features (fixes #486) - version 17.31.24 (22) ==== luit ==== Version update (20221028 -> 20230201) - fixed upstream tarball URL - Update to version 2.0.20230201 * correct conversion to/from codes past BMP (patch by Ben Wong, Debian #1027414) * fix a few compiler-warnings in configure-checks ==== perl-Bootloader ==== Version update (1.8 -> 1.9) - merge gh#openSUSE/perl-bootloader#159 - rewrite pbl in sh (bsc#1214361) - adjust Makefile - add tests - Makefile cleanup - 1.9 ==== procps ==== Subpackages: libprocps8 procps-lang - procps-3.3.17-ignore-sysctl_conf.patch: ignore dangling symlink to missing /etc/sysctl.conf file [bsc#1217990] ==== procps4 ==== Subpackages: libproc2-0 procps4-lang - Add patch procps-ng-4.0.4-ignore-sysctl_conf.patch * ignore dangling symlink to missing /etc/sysctl.conf file [bsc#1217990] (Backport of the patch of Thorsten Kukuk) ==== python-Babel ==== Version update (2.12.1 -> 2.13.1) - deleted patches - fix-tests.patch (upstreamed) - update to 2.13.1: * Fix a typo in ``_locales_to_names`` * Fix ``setuptools`` dependency for Python 3.12 * This version, Babel 2.13, is the last version of Babel to support Python 3.7. * Add flag to ignore POT-Creation-Date for updates * Support 't' specifier in keywords * Add f-string parsing for Python 3.12 (PEP 701) * Various typing-related fixes * babel.messages.catalog: deduplicate _to_fuzzy_match_key logic * Freeze format_time() tests to a specific date to fix test failures * Spelling and grammar fixes * Renovate lint tools * Use SPDX license identifier * Use aware UTC datetimes internally ==== python-alembic ==== Version update (1.12.1 -> 1.13.0) - update to 1.13.0: * Fixed issue where the ``alembic check`` command did not function correctly with upgrade structures that have multiple, top-level elements, as are generated from the "multi-env" environment template. * Updated logic introduced in :ticket:`151` to allow ``if_exists`` and ``if_not_exists`` on index operations also on SQLAlchemy 1.4 series. Previously this feature was mistakenly requiring the 2.0 series. * Replaced ``python-dateutil`` with the standard library module zoneinfo. * Alembic 1.13 now supports Python 3.8 and above. * Fixed autogenerate issue where ``create_table_comment()`` and ``drop_table_comment()`` rendering in a batch table modify would include the "table" and "schema" arguments, which are not accepted in batch as these are already part of the top level block. * Additional fixes to PostgreSQL expression index compare feature. The compare now correctly accommodates casts and differences in spacing. * Added detection logic for operation clauses inside the expression, skipping the compare of these expressions. * To accommodate these changes the logic for the comparison of the indexes and unique constraints was moved to the dialect implementation, allowing greater flexibility. ==== python-argon2-cffi ==== Version update (21.3.0 -> 23.1.0) - update to 23.1.0: * The only new feature is the possibility to pass an own salt to `argon2.PasswordHasher.hash()`, however a lot has changed around documentation and packaging to make *argon2-cffi* maintainable in the future. * Python 3.6 is not supported anymore. * The `InvalidHash` exception is deprecated in favor of `InvalidHashError`. No plans for removal currently exist and the names can (but shouldn't) be used interchangeably. * `argon2.hash_password()`, `argon2.hash_password_raw()`, and `argon2.verify_password()` that have been soft-deprecated since 2016 are now hard-deprecated. They now raise `DeprecationWarning`s and will be removed in 2024. * Official support for Python 3.11 and 3.12. No code changes were necessary. * `argon2.exceptions.InvalidHashError` as a replacement for `InvalidHash`. * *salt* parameter to `argon2.PasswordHasher.hash()` to allow for custom salts. This is only useful for specialized use- cases -- leave it on None unless you know exactly what you are doing. \#153 ==== python-ldap ==== Version update (3.4.3 -> 3.4.4) - update to 3.4.4: * Reconnect race condition in ReconnectLDAPObject is now fixed * Socket ownership is now claimed once we've passed it to libldap LDAP_set_option string formats are now compatible with Python 3.12 ==== python-pycurl ==== - Add patch pause-unpause-xfail.patch: * XFAIL a test due to gh#pycurl/pycurl#729 (bsc#1218062) ==== python-pysmbc ==== Version update (1.0.23 -> 1.0.25.1) - update to 1.0.25.1: * Introduced use_kerberos keyword to allow Kerberos authentication * Added new test cases to verify setxattr() input and getxattr() output * smbc/context.c: Fix PY_MAJOR_VERSION define ==== python-setproctitle ==== - Skip testsuite under qemu emulation ==== sdbootutil ==== Version update (1+git20231114.6bcf1d3 -> 1+git20231214.b186b2d) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20231214.b186b2d: * Fix exit code * Revert "Add pcr predictions to initrd for now" - Update to version 1+git20231213.2a07af6: * Add update-predictions command * Predict all the entries - Update to version 1+git20231211.01c6a76: * Add ExclusiveArch for 64-bit EFI architectures - Update to version 1+git20231129.d7f3909: * Add pcr predictions to initrd for now * Generate new TPM2 predictions with pcr-oracle * Update file triggers * Fix exit code of update command * Add a %transfiletriggerin to update EFI binaries * Update help text ==== sqlite3 ==== Version update (3.44.1 -> 3.44.2) Subpackages: libsqlite3-0 libsqlite3-0-x86-64-v3 sqlite3-tcl - Fix Version to advertise as 3.44.2, matching the tarball version. ==== suse-module-tools ==== Version update (16.0.38 -> 16.0.39) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.39: * Add more modules to file system blacklist (jsc#PED-6167) Blacklisted filesystem modules that aren't officially supported by SUSE: f2fs, hfsplus, jfss2, kafs, ntfs3, orangefs, pstore, romfs, zonefs. As usual, the blacklist entries can be removed by running an explicit "modrobe $FS_MODULE" command. ==== yast2-network ==== Version update (5.0.0 -> 5.0.1) - Read all the driver modules from hwinfo instead of just the first driver ones (bsc#1217652). - 5.0.1 ==== zypper ==== Version update (1.14.67 -> 1.14.68) Subpackages: zypper-log zypper-needs-restarting - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) The switch makes search commands return 0 rather than 104 for empty search results. - version 1.14.68