New Tumbleweed snapshot 20230804 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20230804 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (23.1.4 -> 23.1.5) Mesa-drivers (23.1.4 -> 23.1.5) SDL2 (2.28.1 -> 2.28.2) colord dracut (059+suse.476.g5e324584 -> 059+suse.488.g81715832) grub2 ibus-m17n (1.4.19 -> 1.4.20) openSUSE-repos-Tumbleweed (20230731.a018a46 -> 20230804.41e41a9) openssl-3 (3.1.1 -> 3.1.2) openssl (3.1.1 -> 3.1.2) setools (4.4.2 -> 4.4.3) tar util-linux util-linux-systemd zsh === Details === ==== Mesa ==== Version update (23.1.4 -> 23.1.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1 - Update to bugfix release 23.1.5 - -> https://docs.mesa3d.org/relnotes/23.1.4.html ==== Mesa-drivers ==== Version update (23.1.4 -> 23.1.5) Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2 - Update to bugfix release 23.1.5 - -> https://docs.mesa3d.org/relnotes/23.1.4.html ==== SDL2 ==== Version update (2.28.1 -> 2.28.2) - Update to release 2.28.2 * Fixed 8BitDo gamepad mapping when in XInput mode on Linux * Fixed controller lockup initializing some unofficial PS4 replica controllers * Fixed video initialization on headless Linux systems using VNC ==== colord ==== Subpackages: colord-color-profiles colord-lang libcolord2 libcolorhug2 - Reduce memory constraints for riscv64 ==== dracut ==== Version update (059+suse.476.g5e324584 -> 059+suse.488.g81715832) - Update to version 059+suse.488.g81715832: This is the 3rd backport of the most important fixes and features from the upstream master branch, while the release date of version 060 is still undefined. * fix(systemd-udevd): add missing override paths * fix(systemd-journald): add systemd-sysusers dependency * fix(base): correct handling of quiet in loginit * chore(suse): require gawk instead of awk * refactor(install): log about missing firmware only once * fix(integrity): do not require ls * fix(dracut-init.sh): `module_check` method ignores `forced` option * fix(man): add missing initrd-root-device.target to flow chart * fix(dracut-init.sh): use the local _ret variable * fix(dracut.sh): use gawk for strtonum * fix(man): remove duplicate entry ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Change the bash-completion directory (bsc#1213855) * grub2-change-bash-completion-dir.patch ==== ibus-m17n ==== Version update (1.4.19 -> 1.4.20) - Update to 1.4.20 * Reduce preedit flicker * Remove xml:lang="en" from the screenshot in appdata.xml * Use ibus_text_new_from_string (string) instead of ibus_text_new_from_static_string (string) in ibus_m17n_engine_commit_string() * Add missing g_free (buf) in ibus_m17n_mtext_to_utf8() ==== openSUSE-repos-Tumbleweed ==== Version update (20230731.a018a46 -> 20230804.41e41a9) - Update to version 20230804.41e41a9: * Add NVIDIA repo. Issue #28 * Add supplements for all NVIDIA cards * Add NVIDIA obsoletes for migration from Leap 15 * Add spec comment about suggests in release package * Add download.opensuse.org-non-oss.repo in legacy backup list ==== openssl-3 ==== Version update (3.1.1 -> 3.1.2) Subpackages: libopenssl3 libopenssl3-32bit - Update to 3.1.2: * Fix excessive time spent checking DH q parameter value (bsc#1213853, CVE-2023-3817). The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped. * Fix DH_check() excessive time with over sized modulus (bsc#1213487, CVE-2023-3446). The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Do not ignore empty associated data entries with AES-SIV (bsc#1213383, CVE-2023-2975). The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. The fix changes the authentication tag value and the ciphertext for applications that use empty associated data entries with AES-SIV. To decrypt data encrypted with previous versions of OpenSSL the application has to skip calls to EVP_DecryptUpdate() for empty associated data entries. * When building with the enable-fips option and using the resulting FIPS provider, TLS 1.2 will, by default, mandate the use of an extended master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will not operate with truncated digests (FIPS 140-3 IG G.R). * Update openssl.keyring with the OTC members that sign releases * Remove openssl-z16-s390x.patch fixed upstream in https://github.com/openssl/openssl/pull/21284 * Remove security patches fixed upstream: - openssl-CVE-2023-2975.patch - openssl-CVE-2023-3446.patch - openssl-CVE-2023-3446-test.patch ==== openssl ==== Version update (3.1.1 -> 3.1.2) - Update to 3.1.2 ==== setools ==== Version update (4.4.2 -> 4.4.3) Subpackages: python311-setools setools-console - Update to version 4.4.3: * Fix compilation with Cython 3.0.0. * Improve man pages. * Remove neverallow options in sediff. * Add -r option to seinfoflow to get flows into the source type. * Reject a rule with no permissions as invalid policy. ==== tar ==== Subpackages: tar-lang tar-rmt - Run testsuite also on qemu build ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang - Disable last and lastb for ALP, too. ==== util-linux-systemd ==== - Disable last and lastb for ALP, too. ==== zsh ==== - Enable testsuite in qemu build
participants (1)
-
Dominique Leuenberger