New Tumbleweed snapshot 20240509 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20240509
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
cheese
ffmpeg-4
libguestfs
libstorage-ng (4.5.202 -> 4.5.203)
llvm18 (18.1.4 -> 18.1.5)
openSUSE-release (20240508 -> 20240509)
openssl-3
osinfo-db
taglib
transactional-update (4.6.6 -> 4.6.8)
unbound (1.19.3 -> 1.20.0)
virt-manager
wicked (0.6.74 -> 0.6.75)
wtmpdb (0.11.0 -> 0.12.0+git.20240508)
yast2-installation (5.0.9 -> 5.0.10)
yast2-storage-ng (5.0.13 -> 5.0.14)
=== Details ===
==== cheese ====
Subpackages: cheese-lang libcheese-common libcheese-gtk25 libcheese8 typelib-1_0-Cheese-3_0
- Add cheese-c99.patch: fix cast to invalid pointer type
(glgo#GNOME/cheese!70).
==== ffmpeg-4 ====
Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9
- Add ffmpeg-CVE-2023-50010.patch:
Backporting e4d2666b from upstream, fixes the out of array access.
(CVE-2023-50010 bsc#1223256)
==== libguestfs ====
Subpackages: libguestfs-appliance libguestfs-winsupport libguestfs-xfs libguestfs0
- Set Recommends on zerofree and ntfsprogs for libguestfs-appliance
==== libstorage-ng ====
Version update (4.5.202 -> 4.5.203)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#992
- fixed typos
- added .codespellrc
- 4.5.203
==== llvm18 ====
Version update (18.1.4 -> 18.1.5)
Subpackages: clang-tools clang18 libLLVM18 libclang-cpp18 libclang13 llvm18-gold
- Update to version 18.1.5.
* This release contains bug-fixes for the LLVM 18.1.0 release.
This release is API and ABI compatible with 18.1.0.
- Rebase llvm-do-not-install-static-libraries.patch.
==== openSUSE-release ====
Version update (20240508 -> 20240509)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== openssl-3 ====
Subpackages: libopenssl3 libopenssl3-32bit libopenssl3-x86-64-v3
- Add ktls capability [bsc#1216950]
Already added in January, but not mentioned in this changelog.
- Security fix: [bsc#1222548, CVE-2024-2511]
* Fix unconstrained session cache growth in TLSv1.3
* Add openssl-CVE-2024-2511.patch
==== osinfo-db ====
- bsc#1222738 - virt-manager shows SLE Micro 6.0 in suggested OS
version should be SL Micro 6.0
add-slm6.0-support.patch
Drop add-slem6.0-support.patch
==== taglib ====
Subpackages: libtag2 libtag_c2
- USe %autosetup macro: allows us to eliminate usage of
deprecated %patchN syntax.
==== transactional-update ====
Version update (4.6.6 -> 4.6.8)
Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit
- Version 4.6.8
- tukit: Properly handle overlay syncing failures: If the system
would not be rebooted and several snapshots accumulated in the
meantime, it was possible that the previous base snapshot -
required for /etc syncing - was deleted already. In that case
changes in /etc might have been reset.
[gh#openSUSE/transactional-update#116]
[gh#kube-hetzner/terraform-hcloud-kube-hetzner#1287]
- soft-reboot: Log requested reboot type
- soft-reboot: Don't force hard reboot on version change only
- Version 4.6.7
- Add support for snapper 0.11.0; also significantly decreases
cleanup time [boo#1223504]
==== unbound ====
Version update (1.19.3 -> 1.20.0)
Subpackages: libunbound8 unbound-anchor
- Update to 1.20.0:
Features:
* The config for discard-timeout, wait-limit, wait-limit-cookie,
wait-limit-netblock and wait-limit-cookie-netblock was added,
for the fix to the DNSBomb issue.
* Merge GH#1027: Introduce 'cache-min-negative-ttl' option.
* Merge GH#1043 from xiaoxiaoafeifei: Add loongarch support;
updates config.guess(2024-01-01) and config.sub(2024-01-01),
verified with upstream.
* Implement cachedb-check-when-serve-expired: yes option, default
is enabled. When serve expired is enabled with cachedb, it
first checks cachedb before serving the expired response.
* Fix GH#876: [FR] can unbound-checkconf be silenced when
configuration is valid?
Bug Fixes:
* Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to
Xiang Li from the Network and Information Security Lab of
Tsinghua University for reporting it.
* Update doc/unbound.doxygen with 'doxygen -u'. Fixes option
deprecation warnings and updates with newer defaults.
* Remove unused portion from iter_dname_ttl unit test.
* Fix validator classification of qtype DNAME for positive and
redirection answers, and fix validator signature routine for
dealing with the synthesized CNAME for a DNAME without
previously encountering it and also for when the qtype is
DNAME.
* Fix qname minimisation for reply with a DNAME for qtype CNAME
that answers it.
* Fix doc test so it ignores but outputs unsupported doxygen
options.
* Fix GH#1021 Inconsistent Behavior with Changing
rpz-cname-override and doing a unbound-control reload.
* Merge GH#1028: Clearer documentation for tcp-idle-timeout and
edns-tcp-keepalive-timeout.
* Fix GH#1029: rpz trigger clientip and action rpz-passthru not
working as expected.
* Fix rpz that the rpz override is taken in case of clientip
triggers. Fix that the clientip passthru action is logged. Fix
that the clientip localdata action is logged. Fix rpz override
action cname for the clientip trigger.
* Fix to unify codepath for local alias for rpz cname action
override.
* Fix rpz for cname override action after nsdname and nsip
triggers.
* Fix that addrinfo is not kept around but copied and freed, so
that log-destaddr uses a copy of the information, much like NSD
does.
* Merge GH#1030: Persist the openssl and expat directories for
repeated Windows builds.
* Fix that rpz CNAME content is limited to the max number of
cnames.
* Fix rpz, it follows iterator CNAMEs for nsip and nsdname and
sets the reply query_info values, that is better for debug
logging.
* Fix rpz that copies the cname override completely to the temp
region, so there are no references to the rpz region.
* Add rpz unit test for nsip action override.
* Fix rpz for qtype CNAME after nameserver trigger.
* Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix
that clientip and nsip can give a CNAME.
* Fix localdata and rpz localdata to match CNAME only if no
direct type match is available.
* Merge GH#831 from Pierre4012: Improve Windows NSIS installer
script (setup.nsi).
* For GH#831: Format text, use exclamation icon and explicit label
names.
* Fix name of unit test for subnet cache response.
* Fix GH#1032: The size of subnet_msg_cache calculation mistake
cause memory usage increased beyond expectations.
* Fix for GH#1032, add safeguard to make table space positive.
* Fix comment in lruhash space function.
* Fix to add unit test for lruhash space that exercises the
routines.
* Fix that when the server truncates the pidfile, it does not
follow symbolic links.
* Fix that the server does not chown the pidfile.
* Fix GH#1034: DoT forward-zone via unbound-control.
* Fix for crypto related failures to have a better error string.
* Fix GH#1035: Potential Bug while parsing port from the
"stub-host" string; also affected forward-zones and
remote-control host directives.
* Fix GH#369: dnstap showing extra responses; for client responses
right from the cache when replying with expired data or
prefetching.
* Fix GH#1040: fix heap-buffer-overflow issue in function
cfg_mark_ports of file util/config_file.c.
* For GH#1040: adjust error text and disallow negative ports in
other parts of cfg_mark_ports.
* Fix comment syntax for view function views_find_view.
* Fix GH#595: unbound-anchor cannot deal with full disk; it will
now first write out to a temp file before replacing the
original one, like Unbound already does for
auto-trust-anchor-file.
* Fixup compile without cachedb.
* Add test for cachedb serve expired.
* Extended test for cachedb serve expired.
* Fix makefile dependencies for fake_event.c.
* Fix cachedb for serve-expired with serve-expired-reply-ttl.
* Fix to not reply serve expired unless enabled for cachedb.
... changelog too long, skipping 32 lines ...
* Fix doxygen comment for errinf_to_str_bogus.
==== virt-manager ====
Subpackages: virt-install virt-manager-common
- bsc#1222738 - virt-manager shows SLE Micro 6.0 in suggested OS
version should be SL Micro 6.0
virtinst-add-slm-detection-support.patch
==== wicked ====
Version update (0.6.74 -> 0.6.75)
Subpackages: wicked-service
- Update to version 0.6.75:
- cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
- cleanup: fix overflow warnings in a socket testcase on i586
- ifcheck: report new and deleted configs as changed (bsc#1218926)
- man: improve ARP configuration options in the wicked-config.5
- bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
- cleanup: fix interface dependencies and shutdown order (bsc#1205604)
- Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
and consistently use config and state info attached to the port
interface as in rtnetlink(7).
- Cleanup ifcfg parsing, schema configuration and service properties
- Migrate ports in xml config and policies already applied in nanny
- Remove "missed config" generation from finite state machine, which
is completed while parsing the config or while xml config migration.
- Issue a warning when "lower" interface (e.g. eth0) config is missed
while parsing config depending on it (e.g. eth0.42 vlan).
- Resolve ovs master to the effective bridge in config and wickedd
- Implement netif-check-state require checks using system relations
from wickedd/kernel instead of config relations for ifdown and add
linkDown and deleteDevice checks to all master and lower references.
- Add a `wicked
participants (1)
-
Dominique Leuenberger