Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20220122
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apparmor
autoyast2 (4.4.25 -> 4.4.26)
cifs-utils (6.13 -> 6.14)
expat (2.4.2 -> 2.4.3)
fcitx
gstreamer-editing-services
gstreamer-plugins-bad
ldb
libapparmor
nvme-cli (1.16 -> 2.0~0)
psmisc (23.3 -> 23.4)
python-ipython (7.30.1 -> 8.0.1)
rpm-config-SUSE (0.g89 -> 0.g93)
spamassassin
sssd
systemd-rpm-macros (14 -> 15)
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb;
(bsc#1192684).
==== autoyast2 ====
Version update (4.4.25 -> 4.4.26)
Subpackages: autoyast2-installation
- Fix handling of add-on signature settings, introduced when fixing
bsc#1192437 (bsc#1194881).
- 4.4.26
==== cifs-utils ====
Version update (6.13 -> 6.14)
- Update cifs-utils.spec:
* Remove unused
!BuildIgnore: samba-client
BuildRequires: libwbclient-devel
- Update to cifs-utils 6.14
* smbinfo is enhanced with capability to display alternate data streams
* setcifsacl is improved to optionally reorder ACEs in preferred order
* cifs.upcall regression in kerberos mount is fixed
* remove cifs-utils-6.13.tar.bz2
* remove cifs-utils-6.13.tar.bz2.asc
* add cifs-utils-6.14.tar.bz2
* add cifs-utils-6.14.tar.bz2.asc
- Drop upstream fixed patches:
* 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch
==== expat ====
Version update (2.4.2 -> 2.4.3)
Subpackages: libexpat-devel libexpat1 libexpat1-32bit
- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
* CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
""
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
* CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
* CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.
==== fcitx ====
Subpackages: fcitx-branding-openSUSE fcitx-gtk2 fcitx-gtk3 fcitx-pinyin fcitx-table fcitx-table-cn-wubi fcitx-table-cn-wubi-pinyin libfcitx-4_2_9
- Fix xim.d script for KDE Plasma (boo#1194916);
$WINDOWMANAGER check needs to be adjusted
==== gstreamer-editing-services ====
Subpackages: libges-1_0-0 typelib-1_0-GES-1_0
- Fix parameters passed to meson: gtk_doc should be doc. Meson 0.60
became strict and no longer accepts invalid parameters.
- Drop hotdoc BuildRequires: as we pass -Ddoc=disabled to meson,
this dependency is not needed.
==== gstreamer-plugins-bad ====
Subpackages: gstreamer-plugins-bad-lang gstreamer-transcoder libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 typelib-1_0-GstTranscoder-1_0
- Drop conditionals for fdk_aac, explicitly add fdk-aac-free-devel
BuildRequires, and build it for the main package.
==== ldb ====
Subpackages: libldb2 libldb2-32bit python3-ldb
- Modify packaging to allow parallel installation with libldb1
(bsc#1192684):
+ Private libraries are installed in %{_libdir}/ldb2/
+ Modules are installed in %{_libdir}/ldb2/modules
==== libapparmor ====
Subpackages: libapparmor1 libapparmor1-32bit
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb;
(bsc#1192684).
==== nvme-cli ====
Version update (1.16 -> 2.0~0)
Subpackages: nvme-cli-bash-completion
- Fix zsh completion package depenedencies.
- Use osc_scm to manage upstream input source.
- Fix version string.
- Update Source URL and introduce a variable for the release canditate
version string.
- Update to v2.0-rc0
* Depends on libnvme
* rename harden_nvmf-connect@.service.patch to 0100-harden_nvmf-connect@.service.patch
* drop 0102-nvme-cli-Add-script-to-determine-host-NQN.patch
==== psmisc ====
Version update (23.3 -> 23.4)
Subpackages: psmisc-lang
- Update to 23.4:
* killall: Dynamically link to selinux and use security attributes
* pstree: Do not crash on missing processes !21
* pstree: fix layout when using -C !24
* pstree: add time namespace !25
* pstree: Dynamically link to selinux and use attr
* fuser: Get less confused about duplicate dev_id !10
* fuser: Only check pathname on non-block devices !31
- Rebase 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- Rebase 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch
- Port psmisc-22.21-pstree.patch
- Delete psmisc-v23.3-selinux.patch as not needed anymore
- Rename psmisc-v23.3.dif which is now psmisc-v23.4.dif with correct offsets
==== python-ipython ====
Version update (7.30.1 -> 8.0.1)
- Update to 8.0.1
* Security fix CVE-2022-21699: change some default values in
order to prevent potential Execution with Unnecessary
Privileges.
* Almost all version of IPython looks for configuration and
profiles in current working directory. Since IPython was
developed before pip and environments existed it was used a
convenient way to load code/packages in a project dependant
way.
* In 2022, it is not necessary anymore, and can lead to confusing
behavior where for example cloning a repository and starting
IPython or loading a notebook from any Jupyter-Compatible
interface that has ipython set as a kernel can lead to code
execution.
* The current working directory is not searched anymore for
profiles or configurations files.
* Added a __patched_cves__ attribute (set of strings) to IPython
module that contain the list of fixed CVE. This is
informational only.
- Fixes boo#1194936, CVE-2022-21699
- Update requirements.
- Requires the full stdlib including sqlite3
- Revert some spec-cleaner edits
- Update to 8.0.0:
- Minimum supported traitlets version if now 5+
- we now require stack_data
- Minimal Python is now 3.8
- pytest replaces nose.
- iptest/iptest3 cli entrypoints do not exists anymore.
- minimum officially support numpy version has been bumped, but
this should not have much effect on packaging.
- Backport some fixes for Python 3.10 (PR #13412)
- use full-alpha transparency on dvipng rendered LaTeX (PR #13372)
- Traceback improvements
- Autosuggestons
- Show pinfo information in ipdb using ??? and ????
- Autoreload 3 feature
- Auto formatting with black in the CLI
- History Range Glob feature
- Don?t start a multi line cell with sunken parenthesis
- IPython shell for ipdb interact
- Automatic Vi prompt stripping
- Empty History Ranges
- Windows time-implementation: Switch to process_time
- Re-added support for XDG config directories
- Add skip-network-test.patch to skip (gh#ipython/ipython#13468).
==== rpm-config-SUSE ====
Version update (0.g89 -> 0.g93)
- Update to version 0.g93:
* locale.attr: Match all files inside LC_MESSAGES (boo#1194865)
* remove leap_version as it's obsolete
==== spamassassin ====
Subpackages: perl-Mail-SpamAssassin spamassassin-spamc
- Drop ProtectHome from spamd.service and spampd.service. Unfortunately
spamassing writes there, so ProtectHome=read-only doesn't work.
Whitelisting a specific part has a too high chance of breaking for
this package (bsc#1193248)
==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap
- Upgrade LDB_DIR shell variable to %ldbdir macro.
==== systemd-rpm-macros ====
Version update (14 -> 15)
- Bump to version 15
- %sysusers_create_inline was wrongly marked as deprecated
- %sysusers_create can be useful in certain cases and won't go away until we'll
move to file triggers. So don't mark it as deprecated too