New Tumbleweed snapshot 20230812 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20230812
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
GraphicsMagick
MozillaFirefox (115.0.3 -> 116.0.2)
NetworkManager (1.42.8 -> 1.44.0)
amavisd-new
bluez (5.66 -> 5.68)
catfish (4.16.4 -> 4.18.0)
dcraw
dracut (059+suse.488.g81715832 -> 059+suse.491.g87f19c22)
glibc (2.37 -> 2.38)
gspell (1.12.1 -> 1.12.2)
java-11-openjdk
libcloudproviders (0.3.1 -> 0.3.2)
libgweather4 (4.2.0 -> 4.3.2)
liborcus
opensuse-welcome (0.1.9+git.0.66be0d8 -> 0.1.9+git.35.4b9444a)
perl-Image-ExifTool (12.64 -> 12.65)
signon (8.60 -> 8.61)
systemd (253.7 -> 253.8)
=== Details ===
==== GraphicsMagick ====
Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config
- add strlcpy-wrong-sizing.patch: fix incorrect usages of
strlcpy and strlcat detected by glibc 2.38's fortify
==== MozillaFirefox ====
Version update (115.0.3 -> 116.0.2)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 116.0.2
* fixes for other platforms
- Fix OOM when linking on 32-bit
- Mozilla Firefox 116.0.1
* fixes for other platforms
- ship vaapitest binary for supported archs
- re-enable ppc64le
- ship v4l2test binary for supported archs
- drop obsolete mozilla-bmo1775202.patch
- Mozilla Firefox 116.0
* https://www.mozilla.org/en-US/firefox/116.0/releasenotes/
MFSA 2023-29 (bsc#1213746)
* CVE-2023-4045 (bmo#1833876)
Offscreen Canvas could have bypassed cross-origin restrictions
* CVE-2023-4046 (bmo#1837686)
Incorrect value used during WASM compilation
* CVE-2023-4047 (bmo#1839073)
Potential permissions request bypass via clickjacking
* CVE-2023-4048 (bmo#1841368)
Crash in DOMParser due to out-of-memory conditions
* CVE-2023-4049 (bmo#1842658)
Fix potential race conditions when releasing platform objects
* CVE-2023-4050 (bmo#1843038)
Stack buffer overflow in StorageManager
* CVE-2023-4051 (bmo#1821884)
Full screen notification obscured by file open dialog
* CVE-2023-4052 (bmo#1824420)
File deletion and privilege escalation through Firefox uninstaller
* CVE-2023-4053 (bmo#1839079)
Full screen notification obscured by external program
* CVE-2023-4054 (bmo#1840777)
Lack of warning when opening appref-ms files
* CVE-2023-4055 (bmo#1782561)
Cookie jar overflow caused unexpected cookie jar state
* CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235,
bmo#1842325, bmo#1843847)
Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14
* CVE-2023-4057 (bmo#1841682)
Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,
and Thunderbird 115.1
* CVE-2023-4058 (bmo#1819160, bmo#1828024)
Memory safety bugs fixed in Firefox 116
- require NSS 3.91
- remove obsolete mozilla-fix-top-level-asm.patch
- re-enable LTO
==== NetworkManager ====
Version update (1.42.8 -> 1.44.0)
Subpackages: NetworkManager-bluetooth NetworkManager-lang NetworkManager-pppoe NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0
- Update to version 1.44.0:
+ Introduce a new "link" setting that holds properties related to
the kernel link such as "tx-queue-length", "gso-max-size",
"gso-max-segments", "gro-max-size".
+ Support sending a DHCPv6 prefix delegation hint via the
"ipv6.dhcp-pd-hint" connection property.
+ Support new bond options: "arp_missed_max", "lacp_active",
"ns_ip6_target".
+ Add new "initial-eps-bearer-configure" and
"initial-eps-bearer-apn" properties in the GSM setting.
+ Setting "connection.stable-id=default${CONNECTION}" changed
behavior to be identical to the built-in default value when the
stable-id is not set.
+ Add a "[keyfile].rename" option to NetworkManager.conf to force
renaming profiles on disk when their name changes.
+ The ifcfg-rh plugin is deprecated; it will only receive
bugfixes and no new features. A warning is emitted the log when
a connection in ifcfg-rh format is found.
+ To automatically migrate existing ifcfg-rh connections to the
keyfile format, a new configuration option
"main.migrate-ifcfg-rh" is provided. Migration is disabled by
default, but the default value can be changed at build time via
"--with-config-migrate-ifcfg-rh-default=yes".
+ When configuring hostnames in non-public TLD (like
"example.local"), use the TLD as default search domain instead
of the full hostname.
+ Always apply DNS options from the [global-dns] configuration
section
+ The NetworkManager daemon now acquires the D-Bus name only
after populating the D-Bus tree. This can add a delay during
startup but it is required to avoid race conditions with other
services depending on NM.
+ Add a "version-id" argument to the Update2() D-Bus call to
guard against concurrent modifications of profiles.
+ Don't use tentative IPv6 addresses to resolve the system
hostname via DNS.
+ Track the number of autoconnect retries left for each device
and connection. Previously it was tracked only per connection
and this lead to unexpected behaviors in case of multiconnect
profiles.
+ Set VLAN filtering options on bridge via netlink instead of
sysfs.
+ nm-cloud-setup now supports IMDSv2 on Amazon EC2.
+ nmtui now allows to enable or disable Wi-Fi and WWAN radios.
+ Honor ignore-carrier=no for bond/bridge/team devices.
+ Add version mismatch warning when running nmcli commands.
- Rebase patches with quilt.
==== amavisd-new ====
Subpackages: amavisd-new-docs
- Package failed to rebuild on Perl version changes due to missing
%{perl_requires}
==== bluez ====
Version update (5.66 -> 5.68)
Subpackages: bluez-auto-enable-devices bluez-cups bluez-zsh-completion libbluetooth3
- 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch be
removed by Timo Jyrinki when updating to 5.68. I saw some reasons:
- Upstream didn't take this patch:
https://www.spinics.net/lists/linux-bluetooth/msg40136.html
- Fedora also marked this patch in bluez.spec since bluez-5.68-2.fc39
https://src.fedoraproject.org/rpms/bluez/blob/2b133d795f4f823c8b22ef5a075697...
We didn't put any bug number of this patch when it be introduced
to bluez.spec since Nov 23, 2021. So, let's remove this patch unless
upstream or Fedora add it back.
- update to 5.68
* Fix issue with A2DP and handling of Transport.Acquire.
* Fix issue with BAP and initiating QoS and Enable procedures.
* Fix issue with BAP and detaching streams when PAC is removed.
* Fix issue with BAP and reading all instances of PAC.
* Fix issue with BAP and not being able to reconfigure.
* Fix issue with BAP and transport configuration changes.
* Fix issue with BAP and handling unexpected disconnect.
* Fix issue with GATT and not removing pending services.
* Fix issue with GATT and client ready handling.
* Fix issue with handling fallback to transient hostname.
* Add support for SecureConnections configuration option.
* Add support for Mesh Remove Provisioning.
* Add support for Mesh Private Beacons.
- Remove patches that are not needed with the new upstream.
==== catfish ====
Version update (4.16.4 -> 4.18.0)
Subpackages: catfish-lang
- Update to version 4.18.0
* Filters: Add Archives, Other, update Apps
* Use Gio to open files, fix "no default app" issue
* Add symlink emblem to thumbnails in thumbnail mode
* config: Prefer plocate over mlocate if available
* window: Avoid IndexError on right click when selection is empty
* Create shared filetype lists for searching and filtering
* Ensure site-packages directory is prepended to sys.path
* Fix double border between sidebar and results area
* window: Fix and refactor new_column()
* window: Fix markup warnings in thumbnail view
* Fix GtkBuilder warnings
* Revert "Suppress the various GTK warnings GtkBuilder outputs"
* Fix crash and translations when install prefix != /usr
* Update `.gitignore`
* Remove generated file po/catfish.pot
* Performance improvements (fix #79)
* Translation Updates
- Refresh 0001-Force-disable-Zeitgeist-support.patch
- Remove _service file
==== dcraw ====
Subpackages: dcraw-lang
- add dcraw-glibc-2.38.patch to fix prototype clash on memmem with glibc 2.38+
==== dracut ====
Version update (059+suse.488.g81715832 -> 059+suse.491.g87f19c22)
- Update to version 059+suse.491.g87f19c22:
* fix(dracut-install): protect against broken links pointing to themselves
* fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081)
==== glibc ====
Version update (2.37 -> 2.38)
Subpackages: glibc-32bit glibc-devel glibc-extra glibc-lang glibc-locale glibc-locale-base nscd
- Update to glibc 2.38
* When C2X features are enabled and the base argument is 0 or 2, the
following functions support binary integers prefixed by 0b or 0B as
input
* PRIb*, PRIB* and SCNb* macros from C2X have been added to
participants (1)
-
Dominique Leuenberger