New Tumbleweed snapshot 20221215 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20221215
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
7zip
elfutils-debuginfod
gcc13 (12.2.1+git537 -> 13.0.0+git197351)
gucharmap (14.0.3 -> 15.0.2)
linux-glibc-devel (6.0 -> 6.1)
mozilla-nss (3.84 -> 3.85)
mozjs102 (102.5.0 -> 102.6.0)
ovmf
python-importlib-resources (5.10.0 -> 5.10.1)
python-pycares (4.2.2 -> 4.3.0)
rsyslog (8.2210.0 -> 8.2212.0)
selinux-policy
shotwell (0.31.5 -> 0.31.7)
speech-dispatcher (0.10.2 -> 0.11.4)
xorg-x11-server
xwayland
xz
yast2-packager (4.5.8 -> 4.5.9)
yast2-trans (84.87.20221203.a7355e12ff -> 84.87.20221210.680714a939)
zlib
=== Details ===
==== 7zip ====
- build for x86_64 subarchs the same way like for baseline
==== elfutils-debuginfod ====
Subpackages: debuginfod-profile libdebuginfod1
- Remove dependency to not used sysconfig package
- Weaken systemd dependency, no hard requires necessary
==== gcc13 ====
Version update (12.2.1+git537 -> 13.0.0+git197351)
Subpackages: libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgfortran5 libgomp1 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1
- Bump to 0a43f7b1a73c8e3b9cefffe430274d0a3d6d3291, git197351.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Sync cross.spec.in changes from gcc12 package.
- Bump to 380d62c14c99d8df13b7a86660e7ee67d01ad827, git197210.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Bump to de144fdab17dbbb64ccb540056ab78b4ffb3fbbc, git197173.
- Depend on at least LLVM 13 for GCN cross compiler.
- Bump to 4304e09a1617bcf1c87f5bc96017ae5017379d75, git197155.
- Rebase gcc44-rename-info-files.patch.
- Bump to d13c359a49291f0a1206adbad4065677010b7e4b, git197143.
- Sync changes from gcc12 package
- Update embedded newlib to version 4.2.0
* includes newlib-4.1.0-aligned_alloc.patch
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
- Bump to 2b0ae7fb91f64fb005abf7d7903fd4c0764bb45c, git197102.
- Handle new libstdc++exp.a lib.
- Bump to 5c0d171f67d082c353ddc319859111d3b9126c17, git196938.
- Add 2 new headers.
- Bump to b457b779427b0f7b3fbac447811c9c52db5bc79e, git196485.
==== gucharmap ====
Version update (14.0.3 -> 15.0.2)
Subpackages: gucharmap-lang libgucharmap_2_90-7
- Update to version 15.0.2:
+ metainfo: Add screenshots and link them from metainfo.
+ build: Use GNOME module post_install().
+ all: Update to unicode 15.0.0.
+ Updated translations.
==== linux-glibc-devel ====
Version update (6.0 -> 6.1)
- Update to kernel headers 6.1
==== mozilla-nss ====
Version update (3.84 -> 3.85)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.85
* bmo#1792821 - Modification of the primes.c and dhe-params.c in
order to have better looking tables
* bmo#1796815 - Update zlib in NSS to 1.2.13
* bmo#1796504 - Skip building modutil and shlibsign when building
in Firefox
* bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
* bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
* bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
and -Wtype-limits warnings
* bmo#1796281 - Followup: add missing stdint.h include
* bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
* bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
warnings on Windows
* bmo#1796079 - Fix -Wstring-conversion warnings
* bmo#1796075 - Fix -Wempty-body warnings
* bmo#1795242 - Fix unused-but-set-parameter warning
* bmo#1795241 - Fix unreachable-code warnings
* bmo#1795222 - Mark _nss_version_c unused on clang-cl
* bmo#1795668 - Remove redundant variable definitions in lowhashtest
* Add note about python executable to build instructions.
==== mozjs102 ====
Version update (102.5.0 -> 102.6.0)
- Update to version 102.6.0:
+ Various stability, functionality, and security fixes.
+ CVE-2022-46880: Use-after-free in WebGL.
+ CVE-2022-46872: Arbitrary file read from a compromised content
process.
+ CVE-2022-46881: Memory corruption in WebGL.
+ CVE-2022-46874: Drag and Dropped Filenames could have been
truncated to malicious extensions.
+ CVE-2022-46875: Download Protections were bypassed by .atloc
and .ftploc files on Mac OS.
+ CVE-2022-46882: Use-after-free in WebGL.
+ CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and
Firefox ESR 102.6.
==== ovmf ====
Subpackages: qemu-ovmf-x86_64
- Add ovmf-OvmfPkg-PlatformInitLib-Fix-integrity-checking-faile.patch
to avoid "NvVarStore Variable header State was invalid" issue when
rebooting or booting second time. System hangs when booting. (bsc#1206078)
The error message in ovmf log:
Select Item: 0x19
Select Item: 0x25
Reserved variable store memory: 0x7FF7C000; size: 528kb
NvVarStore Variable header State was invalid.
ASSERT /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202211/OvmfPkg/Library/PlatformInitLib/Platform.c(807): ((BOOLEAN)(0==1))
==== python-importlib-resources ====
Version update (5.10.0 -> 5.10.1)
- Update to v5.10.1
* v5.10.1
[#274]: Fixed ResourceWarning in _common.
==== python-pycares ====
Version update (4.2.2 -> 4.3.0)
- Update to version 4.3.0
* Bump cibuildwheel to build for Python 3.11 + CI total time speedups by @Jackenmen in #174
Fix tests that depended on external sites by @Jackenmen in #180
Complete the Python 3.11 support by @Jackenmen in #179
Drop CPython 3.6 by @saghul in #181
Improve test compatibility with pytest by @saghul in #182
Update c-ares submodule to 1.18.1 by @saghul in #183
==== rsyslog ====
Version update (8.2210.0 -> 8.2212.0)
- Upgrade to rsyslog 8.2212.0
* 2022-12-05: testbench: make python http server based tests more reliable
* 2022-12-05: omprog bugfix: invalid status handling at called program startup
* 2022-11-29: testbench bugfix: wrong message injection object of instance 1
* 2022-11-21: rsyslog.conf man page bugfix: description of selectors
* 2022-11-18: imtcp bugfix: legacy config directives did no longer work
* 2022-11-16: ksi bugfix: sending of too many signing requests fixed.
* 2022-11-14: bugfix: prevent potential segfault when switchung to queue emergency mode
* 2022-11-02: imjournal: add second fallback to _COMM
* 2022-10-25: core bugfix: local hostname invalid if no global() config object given
* 2022-10-25: testbench bugfix: fixed timing issue that sometimes lead to test failure
==== selinux-policy ====
Subpackages: selinux-policy-targeted
- Added policy for wicked scripts under /etc/sysconfig/network/scripts
(bnc#1205770)
- Add fix_sendmail.patch
* fix context of custom sendmail startup helper
* fix context of /var/run/sendmail and add necessary rules to manage
content in there
==== shotwell ====
Version update (0.31.5 -> 0.31.7)
Subpackages: shotwell-lang
- Update to version 0.31.7:
+ Actually run database upgrade necessary for date/time changes.
+ Fix comparing unset date/time values.
- Changes from version 0.31.6:
+ Improved interaction when exporting files that end up with a
similar name.
+ Google Photos: Fix batch uploading.
+ Tumblr: Fix not remembering login credentials.
+ Improve handling of images that do not have a GPS altitude.
+ Have import from folder follow symlinks.
+ Add an user interface to interact with the new profile feature.
+ Make a couple of UI strings clearer.
+ Remove video interpreter state handling - completely broken
and potentially responsible for causing indefinite re-checking
of video files.
+ Improve touchpad scaling vs scrolling.
+ Always enable face tagging. Face detection and recognition is
still opt-in on compile time due to the rather large OpenCV
dependency.
+ Support creating hierarchical tags by using
/a/sytax/with/slashes.
+ Use libportal to implement SendTo and Wallpaper settings.
+ Initial support for having multiple accounts per publishing
service. So far only works for Piwigo instances.
+ Create a new plugin preferences panel (prepare for account
management).
+ Convert all publishing processes to async libsoup3. With
HTTPS/2 becoming more prominent, the old method broke really
hard and was a bad habit anyway.
+ Fix an issue with the Saturation slider.
+ Remove a bunch of deprecated calls.
+ Remove deprecated date/time handling. Use DateTime more or less
everywhere.
+ Allow media to have exposure dates before 1.1.1970 00:00.
+ Updated translations.
- Drop -Dextra_plugins=true meson parameter: no longer supported.
- Drop pkgconfig(gdk-3.0) BuildRequires: no longer needed.
- Add pkgconfig(libportal-gtk3) BuildRequires: new dependency.
==== speech-dispatcher ====
Version update (0.10.2 -> 0.11.4)
Subpackages: libspeechd2 python3-speechd
- Update to version 0.11.4:
- Update CLDR to version 42 and symbols from NVDA.
- Fix audio plugin loading with dlopen.
- Fix atomicity of getting reply in threaded mode.
- Changes from 0.11.3:
- Fix back DefaultModule configuration.
- pico: Avoid falling to english when passed a bogus voice name.
- espeak: Fix setting voice type.
- Changes from 0.11.2:
- Fix loading xx-yy locales.
- Various memory leaks fixes.
- Add mimic3 configuration file.
- pico: Fix setting language vs voice.
- Make sure that modules report a list of voices.
- Update CLDR to version 41, symbols from NVDA and orca.
- Allow building without ltdl.
- Re-enable SSML in espeak-ng-mbrola module.
- Changes from 0.11.1:
- Add SPEECHD_PLUGIN_DIR environment variable.
- Fix listing voices of the default module.
- Changes from 0.11
- Support playing audio through the server.
- modules: Add support for loading from user's
.local/libexec/speech-dispatcher.
- symbols: Process symbols.dic before emojis.dic.
- symbols: Enable speechd symbols processing by default.
- modules: Moved speech dispatcher modules to
/usr/libexec/speech-dispatcher-modules
- espeak-ng: Add support for mbrola voices.
- mary: Add auto-detection.
- mary: Add newer voices.
- mary: Add volume, pitch, and rate support.
- ivona: Add auto-detection.
- festival: Strip head silence.
- generic: Add DefaultVoice option.
- es_ES: Add some gender neutral rules.
- Add SPEECHD_CMD environment variable.
- modules: Rewrite main functions with BSD licence, to let
proprietary modules easily reuse this as a basis.
- modules: Add skeletons ready for use as a basis for new
modules.
- Add script to run speechd from the build tree.
- Update CLDR to version 39, symbols from NVDA and orca.
- Add Esperanto translation.
- Sort modules by quality, let the best quality module be the
default.
- Rebase harden_speech-dispatcherd.service.patch.
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_speech-dispatcherd.service.patch
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk
- U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
* XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283,
bsc#1206017)
- U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
* Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265,
CVE-2022-46340, bsc#1205874)
- U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
* Xi: return an error from XI property changes if verification
failed (no ZDI-CAN id, no CVE id, bsc#1205875)
- U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
* Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405,
CVE-2022-46344, bsc#1205876)
- U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
* Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381,
CVE-2022-46341, bsc#1205877)
- U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
* Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404,
CVE-2022-46343, bsc#1205878)
- U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
* Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400,
CVE-2022-46342, bsc#1205879)
==== xwayland ====
- U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
* XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283,
bsc#1206017)
- U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
* Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265,
CVE-2022-46340, bsc#1205874)
- U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
* Xi: return an error from XI property changes if verification
failed (no ZDI-CAN id, no CVE id, bsc#1205875)
- U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
* Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405,
CVE-2022-46344, bsc#1205876)
- U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
* Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381,
CVE-2022-46341, bsc#1205877)
- U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
* Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404,
CVE-2022-46343, bsc#1205878)
- U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
* Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400,
CVE-2022-46342, bsc#1205879)
==== xz ====
Subpackages: liblzma5 liblzma5-32bit xz-lang
- Rename xz-static-devel -> xz-devel-static to follow the general
naming used in openSUSE.
==== yast2-packager ====
Version update (4.5.8 -> 4.5.9)
- Merged PR https://github.com/yast/yast-packager/pull/623
by Christopher Yeleighton
participants (1)
-
Dominique Leuenberger