New Tumbleweed snapshot 20240403 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20240403
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
bash
bubblewrap (0.8.0 -> 0.9.0)
c-ares (1.27.0 -> 1.28.1)
emacs
freerdp2 (2.11.2 -> 2.11.5)
harfbuzz (8.3.0 -> 8.4.0)
kate
kernel-source (6.8.1 -> 6.8.2)
libproxy-backend (0.5.3 -> 0.5.4)
libproxy-client (0.5.3 -> 0.5.4)
libssh2_org
libuv (1.47.0 -> 1.48.0)
libvirt (10.1.0 -> 10.2.0)
libx86emu
libzypp (17.32.0 -> 17.32.2)
openSUSE-release (20240402 -> 20240403)
pango
plasma6-desktop
python-cryptography (42.0.4 -> 42.0.5)
python-httpcore (1.0.4 -> 1.0.5)
python-libvirt-python (10.1.0 -> 10.2.0)
python-numpy
python-pyzmq
=== Details ===
==== bash ====
Subpackages: bash-lang bash-sh
- Help dependcy resolver to identify package split done with bash-sh
==== bubblewrap ====
Version update (0.8.0 -> 0.9.0)
Subpackages: bubblewrap-zsh-completion
- update to v0.9.0:
* Build system changed to Meson from Autotools
* Add --argv0
https://github.com/containers/bubblewrap/issues/91
* --symlink is now idempotent, meaning it succeeds if the symlink already
exists and already has the desired target
* Clarify security considerations in documentation
* Clarify documentation for --cap-add
* Report a better error message if mount(2) fails with ENOSPC
* Fix a double-close on error reading from --args, --seccomp or
- -add-seccomp-fd argument
* Improve memory allocation behaviour
==== c-ares ====
Version update (1.27.0 -> 1.28.1)
- c-ares 1.28.1
Features:
* Emit warnings when deprecated c-ares functions are used.
This can be disabled by passing a compiler definition of
`CARES_NO_DEPRECATED`. [PR #732]
* Add function `ares_search_dnsrec()` to search for records
using the new DNS record data structures. [PR #719]
* Rework internals to pass around `ares_dns_record_t` instead of
binary data, this introduces new public functions of
`ares_query_dnsrec()` and `ares_send_dnsrec()`. [PR #730]
Changes:
* tests: when performing simulated queries, reduce timeouts
to make tests run faster
* Replace configuration file parsers with memory-safe parser. [PR #725]
* Remove `acountry` completely, the manpage might still get
installed otherwise. [Issue #718]
Bugfixes:
* CMake: don't overwrite global required libraries/definitions/includes
which could cause build errors for projects chain building c-ares.
[Issue #729]
* On some platforms, `netinet6/in6.h` is not included by `netinet/in.h`
and needs to be included separately. [PR #728]
* Fix a potential memory leak in `ares_init()`. [Issue #724]
* Some platforms don't have the `isascii()` function.
Implement as a macro. [PR #721]
* CMake: Fix Chain building if CMAKE runtime paths not set
* NDots configuration should allow a value of zero. [PR #735]
==== emacs ====
Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags
- Fix the temporary parking path by using %{version} (hint from Andre Barros)
==== freerdp2 ====
Version update (2.11.2 -> 2.11.5)
Subpackages: libfreerdp2-2 libwinpr2-2
- Update Source0 URL to make it valid with the actual Source0.
- Fix file conflict of wlog.7 with freerdp3
- Update to version 2.11.5:
* Fix integer overflow in progressive decoder
* Update OpenSSL API usage for compatiblility with newer versions (#9747)
* Prevent NULL dereference for single thread decoder (#9712)
- Modify package names to freerdp2:
* This allows to have a freerdp version 2 and freerdp version 3
simultaneously installed
- Add freerdp-CVE-2023-40574-to-2023-40576.patch
* Fix CVE-2023-40574 - bsc#1214869
Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX
* Fix CVE-2023-40575 - bsc#1214870
Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX
* Fix CVE-2023-40576 - bsc#1214871
Out-Of-Bounds Read in RleDecompress
==== harfbuzz ====
Version update (8.3.0 -> 8.4.0)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0
- update to version 8.4.0:
+ When subsetting, place variation store at the end of âGDEFâ
table to fix shaping issues with some versions of Adobe InDesign.
+ Various build fixes
- update to version 8.3.1:
+ Fix hb_style_get_value() in fonts with âSTATâ table
+ Properly handle negative offsets in CFF table
+ Update IANA Language Subtag Registry to 2024-03-07
+ Subsetter now supports subsetting âBASEâ table
+ Subsetter will update âhheaâ font metrics in sync with âOS/2â
ones.
+ â--variationsâ option of âhb-subsetâ now supports leaving out
values that should be unchanged, e.g. âwght=:500:â will change
the default and keep max and min unchanged. It also supports
â*=dropâ to to pin all axes to default location.
+ Fix hb_ot_math_get_glyph_kerning() to match updated âMATHâ
table spec.
+ Support legacy MacRoman encoding in âcmapâ table.
+ Various build fixes.
+ Various subsetting and instancing fixes.
==== kate ====
Subpackages: kate-lang kate-plugins
- Add a couple recommended plugins to preview files in kate
==== kernel-source ====
Version update (6.8.1 -> 6.8.2)
- Bluetooth: hci_sync: Fix not checking error on
hci_cmd_sync_cancel_sync (bluetooth-fix).
- commit 2eb0f0f
- Revert "io_uring: remove unconditional looping in local
task_work handling" (liburing_failure).
- commit 5b857cb
- powerpc/crypto/chacha-p10: Fix failure on non Power10
(boo#1218114).
- commit 9b2d264
- Linux 6.8.2 (bsc#1012628).
- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
(bsc#1012628).
- workqueue.c: Increase workqueue name length (bsc#1012628).
- workqueue: Move pwq->max_active to wq->max_active (bsc#1012628).
- workqueue: Factor out pwq_is_empty() (bsc#1012628).
- workqueue: Replace pwq_activate_inactive_work() with
[__]pwq_activate_work() (bsc#1012628).
- workqueue: Move nr_active handling into helpers (bsc#1012628).
- workqueue: Make wq_adjust_max_active() round-robin pwqs while
activating (bsc#1012628).
- workqueue: RCU protect wq->dfl_pwq and implement accessors
for it (bsc#1012628).
- workqueue: Introduce struct wq_node_nr_active (bsc#1012628).
- workqueue: Implement system-wide nr_active enforcement for
unbound workqueues (bsc#1012628).
- workqueue: Don't call cpumask_test_cpu() with -1 CPU in
wq_update_node_max_active() (bsc#1012628).
- iomap: clear the per-folio dirty bits on all writeback failures
(bsc#1012628).
- fs: Fix rw_hint validation (bsc#1012628).
- io_uring: remove looping around handling traditional task_work
(bsc#1012628).
- io_uring: remove unconditional looping in local task_work
handling (bsc#1012628).
- s390/dasd: Use dev_*() for device log messages (bsc#1012628).
- s390/dasd: fix double module refcount decrement (bsc#1012628).
- fs/hfsplus: use better @opf description (bsc#1012628).
- md: fix kmemleak of rdev->serial (bsc#1012628).
- rcu/exp: Fix RCU expedited parallel grace period kworker
allocation failure recovery (bsc#1012628).
- rcu/exp: Handle RCU expedited grace period kworker allocation
failure (bsc#1012628).
- nbd: null check for nla_nest_start (bsc#1012628).
- fs/select: rework stack allocation hack for clang (bsc#1012628).
- block: fix deadlock between bd_link_disk_holder and partition
scan (bsc#1012628).
- md: Don't clear MD_CLOSING when the raid is about to stop
(bsc#1012628).
- kunit: Setup DMA masks on the kunit device (bsc#1012628).
- ovl: Always reject mounting over case-insensitive directories
(bsc#1012628).
- kunit: test: Log the correct filter string in executor_test
(bsc#1012628).
- lib/cmdline: Fix an invalid format specifier in an assertion
msg (bsc#1012628).
- lib: memcpy_kunit: Fix an invalid format specifier in an
assertion msg (bsc#1012628).
- time: test: Fix incorrect format specifier (bsc#1012628).
- rtc: test: Fix invalid format specifier (bsc#1012628).
- net: test: Fix printf format specifier in skb_segment kunit test
(bsc#1012628).
- drm/xe/tests: Fix printf format specifiers in xe_migrate test
(bsc#1012628).
- drm: tests: Fix invalid printf format specifiers in KUnit tests
(bsc#1012628).
- md/raid1: factor out helpers to add rdev to conf (bsc#1012628).
- md/raid1: record nonrot rdevs while adding/removing rdevs to
conf (bsc#1012628).
- md/raid1: fix choose next idle in read_balance() (bsc#1012628).
- io_uring/net: unify how recvmsg and sendmsg copy in the msghdr
(bsc#1012628).
- io_uring/net: move receive multishot out of the generic msghdr
path (bsc#1012628).
- io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
(bsc#1012628).
- nvme: host: fix double-free of struct nvme_id_ns in
ns_update_nuse() (bsc#1012628).
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit
type (bsc#1012628).
- x86/resctrl: Remove hard-coded memory bandwidth limit
(bsc#1012628).
- x86/resctrl: Read supported bandwidth sources from CPUID
(bsc#1012628).
- x86/resctrl: Implement new mba_MBps throttling heuristic
(bsc#1012628).
- x86/sme: Fix memory encryption setting if enabled by default
and not overridden (bsc#1012628).
- timekeeping: Fix cross-timestamp interpolation on counter wrap
(bsc#1012628).
- timekeeping: Fix cross-timestamp interpolation corner case
decision (bsc#1012628).
- timekeeping: Fix cross-timestamp interpolation for non-x86
(bsc#1012628).
- x86/asm: Remove the __iomem annotation of movdir64b()'s dst
argument (bsc#1012628).
- sched/fair: Take the scheduling domain into account in
select_idle_smt() (bsc#1012628).
- sched/fair: Take the scheduling domain into account in
select_idle_core() (bsc#1012628).
... changelog too long, skipping 1132 lines ...
- commit 6a29422
==== libproxy-backend ====
Version update (0.5.3 -> 0.5.4)
- Update to version 0.5.4:
+ Add golang link to application page.
+ Improve libproxy test coverage.
+ Improve coverage.
+ Specify library version more completely.
+ Use the correct separator character for Windows ProxyOverride.
+ Improve handling of Windows proxy settings.
+ Add curl option to the generated config for backend instead.
+ Set initial state to online.
+ Windows: Detect scheme presence in proxy URLs more robustly.
+ Fix broken WPAD proxy resolution.
==== libproxy-client ====
Version update (0.5.3 -> 0.5.4)
- Update to version 0.5.4:
+ Add golang link to application page.
+ Improve libproxy test coverage.
+ Improve coverage.
+ Specify library version more completely.
+ Use the correct separator character for Windows ProxyOverride.
+ Improve handling of Windows proxy settings.
+ Add curl option to the generated config for backend instead.
+ Set initial state to online.
+ Windows: Detect scheme presence in proxy URLs more robustly.
+ Fix broken WPAD proxy resolution.
==== libssh2_org ====
- Fix an issue with Encrypt-then-MAC family. [bsc#1221622]
* Test the ETM feature in the remote end's configuration when
receiving data. Upstream issue: #1331.
* Add libssh2_org-ETM-remote.patch
- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
* Add libssh2_org-CVE-2023-48795-ext.patch
==== libuv ====
Version update (1.47.0 -> 1.48.0)
- Update to version 1..48.0
* CVE-2024-24806: Improper Domain Lookup that potentially leads
to SSRF attacks (bsc#1219724)
* misc: remove deprecated stalebot file
* misc: ignore libuv-release-tool files
* build,win: remove extraneous -lshell32
* build,win: work around missing uuid.dll on MinGW
* build: disable windows asan buildbot
* build: add .cache clangd folder to .gitignore
* build: re-enable msvc-asan job on CI
* linux: disable io_uring on hppa below kernel 6.1.51
* linux: remove HAVE_IFADDRS_H macro
* linux: fix bind/connect for abstract sockets
* linux: retry fs op if unsupported by io_uring
* linux: disable io_uring on ppc64 and ppc64le
* unix,win: utility for setting priority for thread
* unix,win: fix read past end of pipe name buffer
* unix,win: fix busy loop with zero timeout timers
* unix,win: reset the timer queue on stop
* unix: ignore ifaddrs with NULL ifa_addr
* unix: unbreak macOS < 10.14
* unix: correct pwritev conditional
* unix: support full TCP keep-alive on Solaris
* unix: optimize uv__tcp_keepalive cpp directives
* freebsd: fix F_KINFO file path handling
* freebsd: fix build on non-intel archs
* aix: disable ipv6 link local
* aix,ibmi: use uv_interface_addresses instead of getifaddrs
* win: remove check for UV_PIPE_NO_TRUNCATE
* win: honor NoDefaultCurrentDirectoryInExePath env var
* win: stop using deprecated names
* win: replace c99 comments with c89 comments
* win: fix ESRCH implementation
* win/spawn: optionally run executable paths with no file
extension
* test: don't run tcp_writealot under msan
* test: check if ipv6 link-local traffic is routable
* test: skip tcp-write-in-a-row on IBM i
* test: empty strings are not valid IDNA
* test_fs.c: Fix issue on 32-bit systems using btrfs
* idna: fix compilation warning
* pipe: add back error handling to connect / bind
* fix: always zero-terminate idna output
* fix: reject zero-length idna inputs
* doc: move cjihrig to emeriti
* doc: add very basic Security Policy document
* Merge pull request from GHSA-f74f-cvh7-c6q6
- Remove ppc64-disable-liburing.patch because it was applied
in the current source code
==== libvirt ====
Version update (10.1.0 -> 10.2.0)
Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs
- Update to libvirt 10.2.0
- CVE-2024-2494
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v10-2-0-2024-04-02
==== libx86emu ====
- fix build on non-suse distributions
==== libzypp ====
Version update (17.32.0 -> 17.32.2)
- Fixup New VendorSupportOption flag VendorSupportSuperseded
(jsc#OBS-301, jsc#PED-8014)
Fixed the name of the keyword to "support_superseded" as it was
agreed on in jsc#OBS-301.
- version 17.32.2 (32)
- Add resolver option 'removeUnneeded' to file weak remove jobs
for unneeded packages (bsc#1175678)
- version 17.32.1 (32)
==== openSUSE-release ====
Version update (20240402 -> 20240403)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== pango ====
Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0
- added GraphicsMagick package as Recommends. The invocation of
pango-view with the ft2 backend requires the gm command found in
that package
==== plasma6-desktop ====
Subpackages: plasma6-desktop-emojier plasma6-desktop-lang plasma6-kimpanel-ibus
- Add "-DBUILD_KCM_MOUSE_X11=OFF" for s390x
- Move touchpad and mouse configuration to all (also for s390x)
==== python-cryptography ====
Version update (42.0.4 -> 42.0.5)
- update to 42.0.5:
* Limit the number of name constraint checks that will be
performed in :mod:`X.509 path validation
participants (1)
-
Dominique Leuenberger