New Tumbleweed snapshot 20221230 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20221230 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ddclient (3.9.1 -> 3.10.0) libbpf (1.0.1 -> 1.1.0) libqt5-qtwebengine (5.15.11 -> 5.15.12) vim (9.0.1075 -> 9.0.1107) zvbi (0.2.38 -> 0.2.39) === Details === ==== ddclient ==== Version update (3.9.1 -> 3.10.0) - Update to 3.10.0: * Added support for domaindiscount24.com * Added support for njal.la * Added support for Cloudflare API tokens * Added support for OVH DynHost. * Added support for ClouDNS. * Added support for dinahosting. * Added support for Gandi LiveDNS. * The freedns protocol (for https://freedns.afraid.org) now supports IPv6 addresses. * New ssl_ca_dir and ssl_ca_file options to specify the location of CA certificates. * New built-in IP discovery service shorthands: + googledomains from https://domains.google + he from https://he.net ip+4only.me, ip6only.me from http://whatismyv6.com + ipify-ipv4 and ipify-ipv6 from https://www.ipify.org + myonlineportal from https://myonlineportal.net + noip-ipv4 and noip-ipv6 from https://www.noip.com + nsupdate.info-ipv4 and nsupdate.info-ipv6 from + https://www.nsupdate.info + zoneedit from https://www.zoneedit.com * Added option -curl to access network with system Curl command instead of the Perl built-in IO::Socket classes. * Added option -{no}web-ssl-validate and -{no}fw-ssl-validateto provide option to disable SSL certificate validation. Note that these only apply for network access when obtaining an IP address with use=web or use=fw (any firewall). Network access to Dynamic DNS servers to set or retrieve IP address will always require certificate validation. * The fw-banlocal option is deprecated and no longer does anything. * The if-skip option is deprecated and no longer does anything. * The default server for the dslreports1 protocol changed from members.dyndns.org to www.dslreports.com. * Removed support for defunct dnsspark service * Removed support for defunct dtdns service * Removed support for defunct Hammernode service - Add fix-configure_ac.patch - Add disable-ip-test.patch - Rebase ddclient-config.patch - Rebase ddclient-delay-main-process-for-systemd.patch ==== libbpf ==== Version update (1.0.1 -> 1.1.0) - update to v1.1.0: User space-side features and APIs: * user-space ring buffer (BPF_MAP_TYPE_USER_RINGBUF) support; * new documentation page listing all recognized SEC() definitions; * BTF dedup improvements: * unambiguous fwd declaration resolution for structs and unions; * better handling of some corner cases with identical structs and arrays; * mixed enum and enum64 forward declaration resolution logic; * bpf_{link,btf,pro,mapg}_get_fd_by_id_opts() and bpf_get_fd_by_id_opts() APIs; * libbpf supports loading raw BTF for BPF CO-RE from known search paths; * support for new cgroup local storage (BPF_MAP_TYPE_CGRP_STORAGE); * libbpf will only add BPF_F_MMAPABLE flag for data maps with global (i.e., non-static) vars; * latest Linux UAPI headers with lots of changes synced into include/uapi/linux. BPF-side features and APIs; * BPF_PROG2() macro added that supports struct-by-value arguments; * new BPF helpers: * bpf_user_ringbuf_drain(); * cgrp_storage_get() and cgrp_storage_delete(). Bug fixes * better handling of padding corner cases; * btf__align_of() determines packed structs better now; * improved handling of enums of non-standard sizes; * USDT spec parsing improvements; * overflow handling fixes for ringbufs; * Makefile fixes to support cross-compilation for 32-bit targets; * fix crash if SEC("freplace") programs don't have attach_prog_fd set; * better handling of file existence checks when running as non-root with enhanced capabilities; * a bunch of small fixes: * ELF handling improvements; * fix memory leak in USDT argument parsing logic; * fix NULL dereferences in few corner cases; * improved netlink attribute iteration handling. - drop libbpf-Use-elf_getshdrnum-instead-of-e_shnum.patch, libbpf-Fix-use-after-free-in-btf_dump_name_dups.patch, libbpf-Fix-memory-leak-in-parse_usdt_arg.patch libbpf-Fix-null-pointer-dereference-in-find_prog_by_.patch (upstream) ==== libqt5-qtwebengine ==== Version update (5.15.11 -> 5.15.12) - Update to version 5.15.12: * Bump version to 5.15.12 * Update Chromium: * Bump V8_PATCH_LEVEL * Fixup for patch for CVE-2022-3200 on OpenSuse 15.1 * Fixup the patch for CVE-2022-3200 on 87-based / 5.15 * [Backport] CVE-2022-3038: Use after free in Network Service * [Backport] CVE-2022-3040: Use after free in Layout * [Backport] CVE-2022-3041: Use after free in WebSQL * [Backport] CVE-2022-3046: Use after free in Browser Tag * [Backport] CVE-2022-3075: Insufficient data validation in Mojo * [Backport] CVE-2022-3196: Use after free in PDF * [Backport] CVE-2022-3197: Use after free in PDF * [Backport] CVE-2022-3198: Use after free in PDF * [Backport] CVE-2022-3199: Use after free in Frames. * [Backport] CVE-2022-3200: Heap buffer overflow in Internals * [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (1/2) * [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (2/2) * [Backport] CVE-2022-3304: Use after free in CSS * [Backport] CVE-2022-3370: Use after free in Custom Elements * [Backport] CVE-2022-3373: Out of bounds write in V8 * [Backport] CVE-2022-3445: Use after free in Skia. * [Backport] CVE-2022-3446 and CVE-2022-35737 * [Backport] CVE-2022-3885: Use after free in V8 * [Backport] CVE-2022-3887: Use after free in Web Workers * [Backport] CVE-2022-3889: Type Confusion in V8 * [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad * [Backport] CVE-2022-4174: Type Confusion in V8 * [Backport] CVE-2022-4180: Use after free in Mojo * [Backport] CVE-2022-4181: Use after free in Forms * [Backport] CVE-2022-4262: Type Confusion in V8 * [Backport] Security bug 1356308 * [Backport] Security bug 1378916 * [Backport] Security bugs 1346938 and 1338114 ==== vim ==== Version update (9.0.1075 -> 9.0.1107) Subpackages: gvim vim-data vim-data-common - Updated to version 9.0.1107, fixes the following problems * build fails if the compiler doesn't allow for a declaration right after "case". * ASAN complains about NULL argument. * Can add text property with negative ID before virtual text property. * With the +vartabs feature indent folding may use wrong 'tabstop'. * Leaking memory when defining a user command fails. * The "kitty" terminfo entry is not widespread, resulting in the kitty terminal not working properly. * Using "->" with split lines does not always work. * Some jsonc files are not recognized. * Empty and comment lines in a class cause an error. * Code handling low level MS-Windows events cannot be tested. * Compiler warns for uninitialized variable. * Display wrong in Windows terminal after exiting Vim. * Autocommand test sometimes fails. * Clang warns for unused variable. * unnessary assignment * FHIR Shorthand files are not recognized. * Assignment to non-existing member causes a crash. (Yegappan Lakshmanan) * Search error message doesn't show used pattern. * Using freed memory of object member. (Yegappan Lakshmanan) * Compiler warning when HAS_MESSAGE_WINDOW is not defined. * Using freed memory when declaration fails. (Yegappan Lakshmanan) * Reallocating hashtab when the size didn't change. * Tests are failing. * Code uses too much indent. * Trying to resize a hashtab may cause a problem. ==== zvbi ==== Version update (0.2.38 -> 0.2.39) - update to 0.2.39: * Updates to remove compiler warnings during tests. * Allow autogen.sh and configure to run separately by default. * Add Georgian language translation po files.
participants (1)
-
Dominique Leuenberger