Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=Tumbleweed&build=20220323 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: NetworkManager (1.36.2 -> 1.36.4) at-spi2-core (2.42.0 -> 2.44.0) ceph (16.2.7.596+g7d574789716 -> 16.2.7.640+gceb23c7491b) cyrus-sasl (2.1.27 -> 2.1.28) gdk-pixbuf (2.42.6 -> 2.42.8) glib-networking (2.70.1 -> 2.72.0) glib2 (2.70.4 -> 2.70.5) gobject-introspection (1.70.0 -> 1.72.0) gsettings-desktop-schemas (41.0 -> 42.0) libmodulemd libpeas (1.30.0 -> 1.32.0) libxml2 (2.9.12 -> 2.9.13) makedumpfile nfs-utils nghttp2 (1.46.0 -> 1.47.0) rdma-core === Details === ==== NetworkManager ==== Version update (1.36.2 -> 1.36.4) Subpackages: libnm0 - Update to version 1.36.4: + The internal DHCPv4 client now discards NAKs packets coming from servers different from the one that sent the offer. + Fix activation of PPPoE connections with "pppoe.parent" unset. + Fix potential libnm crash when the client object initialization gets canceled. + Other various fixes and improvements. ==== at-spi2-core ==== Version update (2.42.0 -> 2.44.0) Subpackages: libatspi0 - Update to version 2.44.0: + Unlink the socket before binding when using dbus-broker. Fixes regression introduced in 2.43.92 where restarting the bus launcher would fail. - Update to version 2.43.92: + The AT-SPI bus now uses the user's XDG_RUNTIME_DIR for its socket. Fixes accessibility for Snap-confined applications. + Caps lock is now unlocked for key synthesis. Fixes cutting and pasting from brltty when caps lock is on. + Several fixes to the dbus specification. + Fix the build when x11 is disabled. + Fix several compiler warnings. - Use ldconfig_scriptlets macro for post(un) handling. - Move autostart .desktop and xwayland-session config to distconfdir. ==== ceph ==== Version update (16.2.7.596+g7d574789716 -> 16.2.7.640+gceb23c7491b) Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update to 16.2.7-640-gceb23c7491b + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade ==== cyrus-sasl ==== Version update (2.1.27 -> 2.1.28) Subpackages: cyrus-sasl-gssapi libsasl2-3 - update to 2.1.28 (bsc#1196036, CVE-2022-24407): * https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-... - drop cyrus-sasl-bug587.patch (upstream) ==== gdk-pixbuf ==== Version update (2.42.6 -> 2.42.8) Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0 - Update to version 2.42.8: + Clear the pixbuf's memory buffer to avoid returning uninitialized memory. + Turn GdkPixbufModule functions into typed callbacks. + tiff: Use non-deprecated C99 integer types. + gif: Check for overflow when compositing or clearing frames. + Change png/jpeg/tiff build options from boolean to feature. + jpeg: Do not rely on UB around setjmp/longjmp. + Build fixes. + Documentation fixes. + Updated translations. - Stop passing options to meson that just follow upstream default, just rely on upstream providing sane defaults, apart from where we want to deviate. ==== glib-networking ==== Version update (2.70.1 -> 2.72.0) - Update to version 2.72.0: + Fix proxy tests. + GnuTLS: use IANA-style ciphersuite names with GnuTLS 3.7.4. + meson devenv. + Updated translations. - Update to version 2.72.beta: + Add environment variable proxy resolver. + OpenSSL: fix uninitialized memory use. - Update to version 2.72.alpha: + OpenSSL: - Fix unsafe error handling. - Fail when appropriate if Must-Staple extension is set. + GnuTLS: fix TLS 1.3 ciphersuite names, should use underscores. + Improve failure of tls-unique channel binding requests. + Do not fill SNI extension with IP address. ==== glib2 ==== Version update (2.70.4 -> 2.70.5) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.70.5: + g_time_zone_new_offset() assertion failure if offset >= 25 hours. + glib: fix buffer overflow in g_canonicalize_filename(). + gtimezone: Fix assertion failure when called with a huge offset. + Updated translations. - Split gtk-docs from -devel package, these are not needed during building projects using glib2 - Use _multibuild as the meson buildprocess is very awkward regarding the documentation - builds single-jobs only and twice (again during %install). This way the rest of distribution waiting for glib2-devel to be available is not blocked by this ==== gobject-introspection ==== Version update (1.70.0 -> 1.72.0) Subpackages: girepository-1_0 libgirepository-1_0-1 - Update to version 1.72.0: + Add new utility API to libgirepository for bindings implementing an argument cache. + Update the GIR data for GLib, GObject, GModule, and GIO. - Update to version 1.71.0: + Create new API for libffi closures + Treat @-prefixed shlib paths as absolute on macOS + Add new `forever` scope + Build fixes with newer Meson + Improve regression test suite + Avoid a segfault when using an invalid GType + Build fixes on Windows when using g-i as a subproject + Warn about property name collisions + Add "strict" warnings to g-ir-scanner + Add the "emitter" annotation for signal emitters + Add a command line option to g-ir-scanner to specify the compiler + Add new convenience API to libgirepository + Build fixes on Windows when using MSVC + Documentation fixes + Update the GIR data for GLib, GObject, and GIO - Drop patches fixed upstream: + 7c1178069f1c58a05ec56a94ca6ba124215a947b.patch + effb1e09dee263cdac4ec593e8caf316e6f01fe2.patch + 827494d6415b696a98fa195cbd883b50cc893bfc.patch ==== gsettings-desktop-schemas ==== Version update (41.0 -> 42.0) - Update to version 42.0: + Updated translations. - Update to version 42.rc: + Updated translations. - Update to version 42.beta: + Add setting to control privacy screen feature. + Updated translations. - Update to version 42.alpha: + Add color scheme setting and high-contrast preference + Updated translations. ==== libmodulemd ==== - BuildRequire glib2-doc when building against glib2 more recent than 2.70.4: the documentation was split out (after it was earlier merged; so for older distros we don't have to worry, as glib2-devel provides glib2-doc there). ==== libpeas ==== Version update (1.30.0 -> 1.32.0) - Update to version 1.32.0: + Icon licenses have been corrected. + Parallel build system operation fixes. + Various build warnings squashed. + Various GIR data that should not have been exported was removed. + Use gi-docgen for documentation. + Updated translations. - Drop patches fixed upstream: + a9d2ba590641d832dcf6b97184687b6eb424c00f.patch + dfc763c16c0ce66a180ccb13205f1ca9666278a8.patch + 2a976339f444d70f10949901a6ee2b1f8ccb24b6.patch - Replace gtk-doc with pkgconfig(gi-docgen) BuildRequires following upstream changes. ==== libxml2 ==== Version update (2.9.12 -> 2.9.13) Subpackages: libxml2-2 libxml2-tools - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap. - Update to version 2.9.13: * Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues. * Many regressions fixes. * Numerous bug fixes, including, among many others: + xmllint's --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing. * Numerous tests and code and fuzzing fixes and improvements. * Updated documentation. - The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/\ libxml2-2.9.13.news. - Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future. - Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with 'cp' command. - Update http://xmlsoft.org URL tag to Libxml2's new web home: https://gitlab.gnome.org/GNOME/libxml2. - Update ftp://xmlsoft.org Source tag to Libxml2's new download host: https://download.gnome.org. - Drop deprecated Python-2-related macro definitions/conditional statement from spec file. - Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch. - Drop libxml2.keyring source file as the new download host doesn't offer GPG signatures. - Use ldconfig_scriptlets macro for post(un) handling. ==== makedumpfile ==== - makedumpfile-sadump-kaslr-fix-kaslr_offset-calculation.patch: sadump, kaslr: fix failure of calculating kaslr_offset (bsc#1196736). ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - drop reenable-nfsv2.patch (poo#106679) ==== nghttp2 ==== Version update (1.46.0 -> 1.47.0) - update to 1.47.0: * see https://nghttp2.org/blog/2022/02/23/nghttp2-v1-47-0/ ==== rdma-core ==== Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - util-Add-barriers-support-for-RISC-V.patch: Backport from upstream: Add barriers support for RISC-V