Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&ve... https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&...
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: at-spi2-core (2.40.0 -> 2.40.1) cups glib-networking (2.68.0 -> 2.68.1) installation-images-MicroOS (17.0 -> 17.2) lcms2 (2.11 -> 2.12) libjpeg-turbo libressl (3.2.5 -> 3.3.3) librsvg (2.50.4 -> 2.50.5) mokutil selinux-policy snapper yast2 (4.4.2 -> 4.4.3) zchunk (1.1.9 -> 1.1.11)
=== Details ===
==== at-spi2-core ==== Version update (2.40.0 -> 2.40.1) Subpackages: libatspi0
- Update to version 2.40.1: + Fix double free when removing event listeners. + Fix numlock detection.
==== cups ==== Subpackages: cups-config libcups2
- When cupsd creates directories with specific owner group and permissions (usually owner is 'root' and group matches "configure --with-cups-group=lp") specify same owner group and permissions in the RPM spec file to ensure those directories are installed by RPM with the right settings because if those directories were installed by RPM with different settings then cupsd would use them as is and not adjust its specific owner group and permissions which could lead to privilege escalation from 'lp' user to 'root' via symlink attacks e.g. if owner is falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
==== glib-networking ==== Version update (2.68.0 -> 2.68.1)
- Update to version 2.68.1: + Fix threadsafety issue in certificate verification. + Temporarily remove support for downloading missing intermediate certificates with GnuTLS 3.7.
==== installation-images-MicroOS ==== Version update (17.0 -> 17.2)
- merge gh#openSUSE/installation-images#506 - gdb extension: include debuginfod-find (debuginfod-client.rpm) (bsc#1182649) - Document API of ResolveDeps and friends - Moved resolve_deps_libsolv to its own module - Add data files for testing ResolveDepsLibsolv. - resolve_deps_libsolv: add basic tests, don't hardcode solv filename - BuildRequire debuginfod-client - 17.2 - merge gh#openSUSE/installation-images#509 - trigger automatic nvme discovery in udev start script (bsc#1184908) - create NVMe config files before udevd is started (bsc#1184908) - 17.1
==== lcms2 ==== Version update (2.11 -> 2.12)
- update to 2.12: * Added build system for fast-float plugin (see plugin documentation) * Added new build-in sigmoidal tone curve * Added XCode 12 project * Added support for multichannel input up to 15 channels * Fix LUT8 write matrix * Fix version mess on 10/11 * Fix tools & samples xgetopt * Fix warnings on different function pointers * Fix matlab MEX compilation * plugin: cleanup and better SSE detection * plugin: add lab to any on float * plugin: it can now be compiled as C++ * recover PDF documentation, but try to keep it under a resonable size. * Prevent a rare but possible out-of-bounds read in postscript generator * Fix some compiler warnings * Add named color profile building sample to testbed
==== libjpeg-turbo ====
- disable SIMD for armv6hl, not available
==== libressl ==== Version update (3.2.5 -> 3.3.3) Subpackages: libcrypto46 libssl48 libtls20
- Update to release 3.3.3 * Support for DTLSv1.2. * Continued rewrite of the record layer for the legacy stack. * Numerous bugs and interoperability issues were fixed in the new verifier. A few bugs and incompatibilities remain, so this release uses the old verifier by default. * The OpenSSL 1.1 TLSv1.3 API is not yet available.
==== librsvg ==== Version update (2.50.4 -> 2.50.5) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2
- Update to version 2.50.5: + Images embedded as data: URLs didn't render if they had a MIME type with a charset parameter. + Don't allow number lists with unbounded lengths in tableValues attributes, for feComponentTransfer and feConvolveMatrix. + Negative rx/ry in rect element should be ignored.
==== mokutil ====
- spec file cleanup
==== selinux-policy ==== Subpackages: selinux-policy-targeted
- Updated fix_networkmanager.patch to allow NetworkManager to watch its configuration directories - Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207)
==== snapper ==== Subpackages: libsnapper5
- fixed systemd sandboxing (bsc#1185596)
==== yast2 ==== Version update (4.4.2 -> 4.4.3)
- Do not crash when a client execution return false (related to bsc#1185561, and bsc#1180954). - 4.4.3
==== zchunk ==== Version update (1.1.9 -> 1.1.11)
- Update to version 1.1.11 * Fix memory leak of zck->prep_digest * Fix argp detection * Handle certain rare web servers that don't start with \r\n - Drop upstream merged fix-test-argp.patch