New Tumbleweed snapshot 20240919 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20240919 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apr (1.7.4 -> 1.7.5) libeconf (0.7.2 -> 0.7.3) patterns-media shim-leap tiff (4.6.0 -> 4.7.0) virt-manager yast2-kdump (5.0.1 -> 5.0.2) === Details === ==== apr ==== Version update (1.7.4 -> 1.7.5) - version update to 1.7.5 [bsc#1229783] CVE-2023-49582 * ) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()" and "classic mmap" shared memory implementations. [Joe Orton, Ruediger Pluem] * ) Fix missing ';' for XML/HTML hex entities from apr_escape_entity(). [Yann Ylavic] * ) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner. [Yann Ylavic] * ) Improve platform detection by updating config.guess and config.sub. [Rainer Jung] * ) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov] * ) CMake: Enable support for MSVC runtime library selection by abstraction. [Ivan Zhakov] * ) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1) to apr:: namespace. [Ivan Zhakov] - modified patches % apr-visibility.patch (refreshed) % reproducible.patch (refreshed) ==== libeconf ==== Version update (0.7.2 -> 0.7.3) Subpackages: libeconf0 libeconf0-32bit - Update to version 0.7.3: * Groups handled in an own list (#218) * Add econftool as dependency of its tests * Simplify snprintf call * Remove unused functions and reduce variable visibility (#213) * Fix typos (#212) ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - pam-extra needs to be present for upgraders, as pam_limits.so moved from pam to pam-extra. Ensure it's added to the DVD. ==== shim-leap ==== - RelEng emergency fix: fux source number to install shim-install. - Update shim version for aarch64 to shim-15.8-lp155.8.8.aarch64.rpm coming from openSUSE secure-boot 15.5 + To avoid failure check by robot, SOURCEs in spec file are redefined. + Version: 15.8, "Jan 23 2024" + Include the bug fixes for bsc#1215099,bsc#1215098,bsc#1215100,bsc#1215101, bsc#1215102, and bsc#1215103. ==== tiff ==== Version update (4.6.0 -> 4.7.0) - Update to 4.7.0: * This version restores in the default build the availability of the tools that had been dropped in v4.6.0 See https://libtiff.gitlab.io/libtiff/rfcs/rfc2_restoring_needed_tools.html#rfc2... * Software configuration changes: + autoconf build: configure.ac: avoid -Werror passed to CFLAGS to interfere with feature detection + autoconf build: fix error when running make clean (fixes issue #630) + autoconf build: back off the minimum required automake version to 1.11 + autoconf.ac: fix detection of windows.h for mingw (fixes issue #605) + libtiff-4.pc: Fix Requires.private missing Lerc. It provides a .pc file starting from version 4 (in autoconf builds, we assume that liblerc is at least version 4) + CMake: Fix TIFF_INCLUDE_DIRS + CMake: MinGW compilers don't need a .def file for shared library + CMake: move libdeflate and Lerc to Requires.private + CMake: enable resource compilation on all Windows. * Library changes: + Add TIFFOpenOptionsSetMaxCumulatedMemAlloc(). This function complements TIFFOpenOptionsSetMaxSingleMemAlloc() to define the maximum cumulated memory allocations in byte, for a given TIFF handle, that libtiff internal memory allocation functions are allowed. + TIFFWriteDirectory(): Avoid overwriting following data if an IFD is enlarged. + TIFFXYZToRGB: avoid integer overflow (fixes issue #644) + uv_decode() and uv_encode(): avoid potential out-of-bounds array index (fixes issue #645) + Fix cases where tif_curdir is set incorrectly. Fix cases where the current directory number (tif_curdir) is set inconsistently or incorrectly, depending on the previous history. + TIFFRead[Scanline/EncodedStrip/EncodeTile]: 0-initialize output buffer if setupdecode fails ; most codecs: zero-initialize (not-yet-written parts of) output buffer if failure (fixes issue #375) + OJPEG: reset subsampling_convert_state=0 in OJPEGPreDecode (fixes issue #183) + ThunderRLE: fix failure when decoding last run. Bug seen with GhostPDL + LERC codec: deal with issues with multi-band PlanarConfig=Contig and NaN values + tif_fax3.c: error out after a number of times end-of-file has been reached (fixes issue #583) + LZW: avoid warning about misaligned address with UBSAN (fixes issue #616) + TIFFReadRGBAStrip/TIFFReadRGBATile: add more validation of col/row (fixes issue #622, CVE-2023-52356) + tif_dirread.c: only issue TIFFGetFileSize() for large enough RAM requests + Avoid FPEs (division by zero) in tif_getimage.c. + Avoiding FPE (division by zero) for TIFFhowmany_32() and TIFFhowmany_64() macros by checking for denominator not zero before macros are executed. (fixes issue #628) + Add non-zero check before division in TIFFComputeStrip() + Fix wrong return of TIFFIsBigTIFF() in case byte-swapping is active + Setting the TIFFFieldInfo field set_field_type should consider field_writecount not field_readcount + Avoid memory leaks when using TIFFCreateDirectory() by releasing the allocated memory in the tif-structure. + For non-terminated ASCII arrays, the buffer is first enlarged before a NULL is set at the end to avoid deleting the last character. (fixes issue #579) + Check return value of _TIFFCreateAnonField(). (fixes issue #624, CVE-2024-7006) + Prevent some out-of-memory attacks (https://gitlab.com/libtiff/libtiff/-/issues/614#note_1602683857) + Ensure absolute seeking is forced independent of TIFFReadDirectory success. (fixes issue #618) + tif_dirinfo.c: re-enable TIFFTAG_EP_CFAREPEATPATTERNDIM and TIFFTAG_EP_CFAPATTERN tags (fixes issue #608) + Fix warnings with GCC 14 + tif_dir.c: Log source file, line number, and input tif for directory count error (fixes issue #627) + Last usage of get_field_type of TIFFField structure at TIFFWriteDirectorySec() changed to using set_field_type. + tif_jpeg.c/tif_ojpeg.c: remove likely ifdef tricks related to old compilers or unusual setups + Remove _TIFFUInt64ToFloat() and _TIFFUInt64ToDouble() + Remove support for _MSC_VER < 1500. + Use #ifdef _WIN32 to test for Windows, and tiffio.h: remove definition of __WIN32__ * Documentation: + Amend manpages for changes in current directory index behaviour + Note on using TIFFFlush() before TIFFClose() to check that the data has been successfully written to the file. (fixes issue #506) + Update TIFF documentation about TIFFOpenOptions.rst and TIFFOpenOptionsSetMaxSingleMemAlloc() usage and some other small fixes (relates to CVE-2024-7006) * Re-added tools: + fax2ps + fax2tiff + pal2rgb + ppm2tiff + raw2tiff + rgb2ycbcr (not installed) + thumbnail (not installed) + tiff2bw + tiff2rgba + tiffcmp + tiffcrop + tiffdither + tiffgt + tiffmedian + tiff2ps + tiff2pdf * New/improved functionality: + tiff2rgba: Add background gradient option for alpha compositing + tiffcp: -i flag restored * Bug fixes for tools: + tiffcrop: address Coverity scan issues 1605444, 1605445, and 16054 + tiffcrop: Apply "Fix heap-buffer-overflow in function extractImageSection" + tiffcrop: fix buffer overflows, use after free (fixes issue #542, issue #550, issue #552) + tiff2pdf: address Coverity scan issues + tiff2pdf: fix inconsistent PLANARCONFIG value for the input and output TIFF + tiff2pdf: fix issue with JPEG restart-interval marker when converting from JPEG-compressed files (fixes issue #539) + tiff2pdf: red and blue were being swapped for RGBA decoding (fixes issue #253) + tiff2pdf: fixes issue #596 + thumbnail: address Coverity scan issues + tiffcp: Add check for limitMalloc return to fix Coverity 1603334 + tiffcp: preserve TIFFTAG_REFERENCEBLACKWHITE when doing YCbCr JPEG -> YCbCr JPEG + tiffcp: replace PHOTOMETRIC_YCBCR with PHOTOMETRIC_RGB when outputing to compression != JPEG (refs issue #571) + tiffcp: do not copy tags YCBCRCOEFFICIENTS, YCBCRSUBSAMPLING, YCBCRPOSITIONING, REFERENCEBLACKWHITE. Only set YCBCRSUBSAMPLING when generating YCbCr JPEG + tiffcp: Check also codec of input image, not only from output image (fixes issue #606) + Add some basic sanity checks for tiffcp and tiffcrop RGB->YCbCr JPEG conversions. + fax2ps and fax2tiff: memory leak fixes (fixes issue #476) + tiffmedian: memory leak fixes (fixes issue #599) + fax2tiff: fix EOFB interpretation (fixes issue #191) + fax2tiff: fix issue with unreasonable width input (fixes issue #249) + tiffcp and tiffcrop: fixes issue #228 ... changelog too long, skipping 10 lines ... - Tools are not built for now due to test failure: `FAIL: tiffcp-32bpp-None-jpeg.sh` ==== virt-manager ==== Subpackages: virt-install virt-manager-common - Fix SUSE SL Micro detection virtinst-add-slem60-detection-support.patch - Solve bsc#1228384 --dry-run creating pools in a different way virtinst-dont-create-storage-pool-for-dryrun.patch - Upstream bug fixes (bsc#1027942) (jsc#PED-8910) 094-uitests-handle-newer-libvirt-test-driver-UpdateDevice-support.patch 095-uitests-force-internal-snapshots-in-test_snapshot.py.patch ==== yast2-kdump ==== Version update (5.0.1 -> 5.0.2) - Don't write empty fadump="" kernel parameter (bsc#1230359) - 5.0.2
participants (1)
-
Dominique Leuenberger