Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (115.0.2 -> 115.0.3)
curl (8.2.0 -> 8.2.1)
libqt5-qtwebengine
libzypp (17.31.15 -> 17.31.17)
mozilla-nss
ncurses (6.4.20230701 -> 6.4.20230715)
perl-File-Listing (6.15 -> 6.160.0)
pipewire (0.3.75 -> 0.3.76)
publicsuffix (20230709 -> 20230717)
re2-10
selinux-policy (20230622 -> 20230728)
systemd
wireless-regdb (20230601 -> 20230721)
yast2-users (4.6.2 -> 4.6.4)
zypper (1.14.61 -> 1.14.62)
=== Details ===
==== MozillaFirefox ====
Version update (115.0.2 -> 115.0.3)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 115.0.3
* fixes for other platforms
- remove bashisms from firefox startup script (boo#1213657)
==== curl ====
Version update (8.2.0 -> 8.2.1)
Subpackages: libcurl4
- Update to 8.2.1:
* Bugfixes:
- cfilters: rename close/connect functions to avoid clashes
- ciphers.d: put URL in first column
- cmake: add 'libcurlu'/'libcurltool' for unit tests
- cmake: update ngtcp2 detection
- configure: check for nghttp2_session_get_stream_local_window_size
- docs: mark two TLS options for TLS, not SSL
- docs: provide more see also for cipher options
- hostip: return IPv6 first for localhost resolves
- http2: fix regression on upload EOF handling
- http: VLH, very large header test and fixes
- libcurl-errors.3: add CURLUE_OK
- os400: correct EXPECTED_STRING_LASTZEROTERMINATED
- quiche: fix lookup of transfer at multi
- quiche: fix segfault and other things
- rustls: update rustls-ffi 0.10.0
- socks: print ipv6 address within brackets
- src/mkhelp: strip off escape sequences
- tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T
- transfer: do not clear the credentials on redirect to absolute URL
- unittest: remove unneeded *_LDADD
- websocket: rename arguments/variables to match docs
==== libqt5-qtwebengine ====
- build with older re2 on Tumbleweed, the upcoming re2 2023-07-01
breaks qtwebengine
==== libzypp ====
Version update (17.31.15 -> 17.31.17)
- Fix wrong filesize exceeded dl abort in zyppng::Downloader
(bsc#1213673)
In some cases when downloading very small files we can run into
issues when the URL is protected by credentials.
- version 17.31.17 (22)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- NetworkRequestManager: assert cookie file has mode 0600
(bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised
(bsc#1210740)
- version 17.31.16 (22)
==== mozilla-nss ====
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- Fix file conflict for pp manual page [bsc#1213281]
==== ncurses ====
Version update (6.4.20230701 -> 6.4.20230715)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20230715
+ correct wadd_wch_literal() when adding a non-spacing character to a
double-width character.
+ improve manual page for curs_util.
+ improve manual page for wadd_wch().
- Add ncurses patch 20230708
+ add linux+kbs for terminals which imitate xterm's behavior with
Linux -TD
+ modify MinGW driver to return KEY_BACKSPACE when an unmodified
VK_BACK virtual key is entered (prompted by patch by Pavel Fedin,
Savannah #64292).
+ disallow using $TERMINFO or $HOME/.terminfo when tic "-o" option is
used (report by Sven Joachim, Debian #1040048).
- Port the patch ncurses-6.4.dif
==== perl-File-Listing ====
Version update (6.15 -> 6.160.0)
- updated to 6.16
see /usr/share/doc/packages/perl-File-Listing/Changes
6.16 2023-07-12 15:22:25 -0600
- Support dosftp listings with four-digit years (gh#3, gh#26)
==== pipewire ====
Version update (0.3.75 -> 0.3.76)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.76:
* Highlights
- Fix a regression that would cause the MPV pipewire backend
to fail because of a spurious thread-loop signal.
- Fix a crash when DBus is not found.
- ALSA hires timestamps are now disabled by default.
- Some more fixes and improvements.
* PipeWire
- A new option was added to pw-thread-loop to signal when the
thread starts.
- This is only used in module-rt to avoid regressions in mpv.
(#3374)
- Fix a compilation problem.
- Stream flags now only set the properties when not already
set. This fixes a regression with node autoconnect. (#3382)
* Tools
- pw-cat will now stop when the stream is disconnected. (#2731)
- Improve the pw-cat man page, mention that stdin/stdout
handling is only on raw data.
* modules
- module-rt will now not crash when dbus is not available but
error out as before.
- A new VBAN (vb-audio.com) sender and receiver was added.
(#3380)
* SPA
- Add an option in audioconvert to disable volume updates.
(#3361)
- ALSA hires timestamps are disabled by default because many
drivers seem to give wrong timestamps and cause extra delay.
* bluetooth
- LE Audio support is now enabled by default when liblc3 is
available now that bluez has support for detecting the
hardware features.
==== publicsuffix ====
Version update (20230709 -> 20230717)
- Update to version 20230717:
* Domains are removed `hidora.com`, `users.scale.virtualcloud.com.br`, `clicketcloud.com` (#1598)
* Add storipress.app (#1583)
==== re2-10 ====
- legacy lib package forked from re2, for libqt5-qtwebengine
==== selinux-policy ====
Version update (20230622 -> 20230728)
Subpackages: selinux-policy-targeted
- Update to version 20230728:
* Allow kdump_t to manage symlinks under kdump_var_lib_t (bsc#1213721)
* allow haveged to manage tmpfs directories (bsc#1213594)
==== systemd ====
Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc systemd-lang udev
- Drop 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch
/etc/hostname is supposed to contain the static host name of the system. This
patch was used to work around cases where users incorrectly save the FQDN
instead. However this is incorrect and not consistent with what
systemd-hostnamed does and what other distributions do. Also assuming that
/etc/hostname will contain the system host name only removes any ambiguities
since the host name can contain a period.
/etc/hosts is usually where one sets the domain name by aliasing the host name
to the FQDN.
Note that the installer used to save the FQDN in /etc/hostname but this has
been fixed since several years now (bsc#972463).
- systemd-homed is no more considered as experimental
It's been moved to its own dedicated sub-package "systemd-homed".
- systemd-userdb is no more considered as experimental (jsc#PED-2668)
As such it's been moved to the main package.
==== wireless-regdb ====
Version update (20230601 -> 20230721)
- Update to version 20230721:
* wireless-regdb: Update regulatory info for Türkiye (TR)
* wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
==== yast2-users ====
Version update (4.6.2 -> 4.6.4)
- bsc#1211583
- do not pre-fill non-sense user password when going back after
importing user
- 4.6.4
- Allow to edit the NIS master server databases instead of the
local ones, relying on the --prefix argument added to several
commands in the "shadow" package (bsc#1206627).
- 4.6.3
==== zypper ====
Version update (1.14.61 -> 1.14.62)
Subpackages: zypper-log zypper-needs-restarting
- man: revised explanation of --force-resolution (bsc#1213557)
Point out that the option not only allows to remove packages but
may also violate any other active policy if there is no other way
to resolve the job.
- Print summary hint if policies were violated due to
- -force-resolution (bsc#1213557)
- BuildRequires: libzypp-devel >= 17.31.16 (for zypp-tui)
- version 1.14.62
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
7zip
autofs
cloud-init
colord
docker-buildx (0.11.1 -> 0.11.2)
dracut (059+suse.447.g9d1fc722 -> 059+suse.476.g5e324584)
exiv2
freetype2 (2.13.0 -> 2.13.1)
fuse3 (3.15.0 -> 3.15.1)
harfbuzz (7.3.0 -> 8.0.1)
kmod
krb5 (1.20.1 -> 1.21.1)
libX11 (1.8.5 -> 1.8.6)
libgudev (237 -> 238)
libstorage-ng (4.5.123 -> 4.5.127)
libwebp (1.3.0 -> 1.3.1)
openexr (3.1.7 -> 3.1.9)
pipewire (0.3.72 -> 0.3.74)
poppler (23.06.0 -> 23.07.0)
poppler-qt5 (23.06.0 -> 23.07.0)
python-charset-normalizer (3.1.0 -> 3.2.0)
python-jsonschema (4.18.3 -> 4.18.4)
python-referencing (0.29.1 -> 0.30.0)
qemu (8.0.2 -> 8.0.3)
setools
smartmontools
systemd (253.5 -> 253.7)
systemd-presets-branding-openSUSE
taglib (1.13 -> 1.13.1)
xkeyboard-config (2.38 -> 2.39)
xterm (382 -> 384)
zimg (3.0.4 -> 3.0.5)
zlib-ng-compat (2.1.2 -> 2.1.3)
=== Details ===
==== 7zip ====
- Enable ARM64 ASM introduced in 23.01
==== autofs ====
- Add autofs-suse-manpage-remove-initdir.patch
Removes references of initdir from man pages (bsc#1207881)
==== cloud-init ====
- Update cloud-init-write-routes.patch (bsc#1212879)
+ Add necessary import statement
- Enable flake8 linting, fix up patches
+ cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
+ cloud-init-power-rhel-only.patch
+ cloud-init-write-routes.patch
+ datasourceLocalDisk.patch
- Add cloud-init-power-rhel-only.patch (bsc#1210273)
+ Config module cc_refresh_rmc_and_interface is implemented such that
it will only work on RH distros. Set the module availability accordingly.
- Sensitive data exposure (bsc#1210277, CVE-2023-1786)
+ Add hidesensitivedata
+ Add cloud-init-cve-2023-1786-redact-inst-data.patch
+ Do not expose sensitive data gathered from the CSP
==== colord ====
Subpackages: colord-color-profiles libcolord2 libcolorhug2
- Tune _constraints for various architectures.
==== docker-buildx ====
Version update (0.11.1 -> 0.11.2)
- Update to version 0.11.2:
* vendor: github.com/moby/buildkit
v0.12.1-0.20230717122532-faa0cc7da353
* vendor: github.com/tonistiigi/fsutil
v0.0.0-20230629203738-36ef4d8c0dbb
* vendor: github.com/xeipuuv/gojsonpointer
v0.0.0-20190905194746-02993c407bfb
* tests: set a dedicated buildx config dir for each worker
* ci: run docker-container tests in parallel
* tests: share single docker between docker-container backends
* vendor: update buildkit to master@2d91ddcceedc
* k8s: fix missing kubeconfig check from endpoint
* build: mark result handle build as internal
* util/imagetools: remove unused Resolver.ImageConfig
* hack(generated-files): bump golang image to bookworm
* update go to 1.20.6
* hack: force go version to 1.20.5
* vendor: github.com/docker/docker@24.0 36e9e79
==== dracut ====
Version update (059+suse.447.g9d1fc722 -> 059+suse.476.g5e324584)
Subpackages: dracut-ima
- Update to version 059+suse.476.g5e324584:
This is the 2nd backport of the most important fixes and features from the upstream master branch,
while the release date of version 060 is still undefined.
Features:
* feat(network-wicked): remove module
* feat(systemd-rfkill): remove module
* feat(livenet): add memory size check depending on live image size
* feat(nvmf): add code for parsing the NBFT
Fixes:
* fix(systemd-sysext): handle confexts and correct extensions search path
* fix(modsign): load keys to correct keyring
* fix(dmsquash-live-autooverlay): specify filesystemtype when it is already known
* fix(fs-lib): remove quoting form the first argument of the e2fsck call
* fix(Makefile): remove leftover rpm build rules
* fix(Makefile): no longer upload to kernel.org
* fix(nvmf): support /etc/nvme/config.json
* fix(nvmf): install 8021q module unconditionally
* fix(install.d): respect even more kernel-install vars, plus style fixes
* fix(install.d): respect more kernel-install env variables
* fix(dracut.sh): also prevent fsfreeze for tmpfs
* fix(dmsquash-live): allow other fstypes
* fix(bluetooth): make bluetooth rules more strict
* fix(bluetooth): add missing files
* fix(bluetooth): include it if Appearance matches the value assigned for keyboard
* fix(btrfs): do not require module via cmdline when --no-kernel
* fix(btrfs): add missing cmdline function
Other:
* refactor(dracut-init.sh): remove redundant "dracut" from "dracut module" prints
* refactor(virtiofs): remove exit after die
* build: remove rpm spec file and build rules
* docs: remove rd.lvm.snapsize and rd.lvm.snapshot
* chore(gentoo.conf): remove examples to avoid confusion
* chore: remove git2spec.pl, it is no longer used
==== exiv2 ====
- add exiv2-metadata-null-checks.patch fixes gwenview crashes and
other apps https://github.com/Exiv2/exiv2/issues/2638
==== freetype2 ====
Version update (2.13.0 -> 2.13.1)
- update to 2.13.1:
* New function `FT_Get_Default_Named_Instance` to get the
index of the default named instance of an OpenType Variation
Font. A new load flag `FT_LOAD_NO_SVG` to make FreeType ignore
glyphs in an 'SVG ' table.
* New function `FT_GlyphSlot_AdjustWeight` to adjust
the glyph weight either horizontally or vertically.
This is part of the `ftsynth.h` header file
* TrueType interpreter version 38 (also known as
'Infinality') has been deactivated; the value of
`TT_INTERPRETER_VERSION_38` is now the same as
`TT_INTERPRETER_VERSION_40`.
* Switching named instances on and off in Variation Fonts
was buggy if the design coordinates didn't change.
- drop enable-infinality-subpixel-hinting.patch (obsolete, infinality
is deactivated)
==== fuse3 ====
Version update (3.15.0 -> 3.15.1)
Subpackages: libfuse3-3
- Update to release 3.15.1
* Reduce default write size by half
==== harfbuzz ====
Version update (7.3.0 -> 8.0.1)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0
- Update to version 8.0.1:
+ Build fix on 32-bit arm.
+ More speed optimizations:
- 60% speedup in retaingids subsetting SourceHanSans-VF.
- 38% speed up in subsetting (beyond-64k) mega-merged Noto.
- 16% speed up in retain-gid (used for IFT) subsetting of
NotoSansCJKkr.
- Changes from version 8.0.0:
+ New, experimental, WebAssembly (WASM) shaper, that provides
greater flexibility over OpenType/AAT/Graphite shaping, using
WebAssembly embedded inside the font file. Currently WASM
shaper is disabled by default and needs to be enabled at build
time.
+ Improvements to Experimental features introduced in earlier
releases:
- Support for subsetting beyond-64k and VarComposites fonts.
- Support for instancing variable fonts with cubic âglyfâ
table.
- Many big speed optimizations.
==== kmod ====
Subpackages: kmod-bash-completion libkmod2
- Edit usr-lib-modules.patch to /lib/modules provide fallback
behavior for successfully running `make modules_install` in
pristine tarballs.
==== krb5 ====
Version update (1.20.1 -> 1.21.1)
- update to 1.121.1 (CVE-2023-36054):
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
==== libX11 ====
Version update (1.8.5 -> 1.8.6)
Subpackages: libX11-6 libX11-data libX11-xcb1
- update to 1.8.6:
* InitExt.c: Add bounds checks for extension request,
event, & error codes
* Fixes CVE-2023-3138: X servers could return values from
XQueryExtension that would cause Xlib to write entries
out-of-bounds of the arrays to store them, though this
would only overwrite other parts of the Display
struct, not outside the bounds allocated for that
structure.
- drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream)
==== libgudev ====
Version update (237 -> 238)
- Update to version 238:
* Fix newline stripping
* Add g_udev_device_get_current_tags()
* Add a number of tests, and devel docs
* Fix devhelp not being able to find the docs
* Skip locale test with locale isn't available
- Drop patches fixed upstream:
* 71b2fda04dd71c637361e8ead103980ad6f27ed5.patch
* 4216ecd4513bd4c8af73543817a51d6f72f166cc.patch
==== libstorage-ng ====
Version update (4.5.123 -> 4.5.127)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#941
- added get_version_string function
- 4.5.127
- merge gh#openSUSE/libstorage-ng#940
- wait for block device before using blkdiscard
- 4.5.126
- merge gh#openSUSE/libstorage-ng#939
- wait for block device before using wipefs (bsc#1213420)
- coding style
- 4.5.125
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.124
==== libwebp ====
Version update (1.3.0 -> 1.3.1)
Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3
- Update to version 1.3.1:
* security fixes for lossless encoder (CVE-2023-1999)
* improve error reporting through WebPPicture error codes
* fix upsampling for RGB565 and RGBA4444 in NEON builds
* img2webp: add -sharp_yuv & -near_lossless
* fix webp_js with emcc >= 3.1.27 (stack size change)
* CMake fixes
* further updates to the container and lossless bitstream docs
- Drop libwebp-double-free.patch: fixed upstream.
==== openexr ====
Version update (3.1.7 -> 3.1.9)
Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30
- Add patch to fix regression on non-SSE architectures
https://github.com/AcademySoftwareFoundation/openexr/issues/1460:
* 1488.patch
- Also disable 'DWA[AB]Compression' test on aarch64 as the patch
above fixes the issue for all targets, except aarch64
- version update to 3.1.9
* Patch release that addresses miscelleneous build and doc issues, as well as:
. OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress
- update to 3.1.8:
* Support for DWA compression in OpenEXRCore
* Fix OSS-fuzz 59070 Stack-buffer-overflow in
DwaCompressor_readChannelRules
==== pipewire ====
Version update (0.3.72 -> 0.3.74)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.74:
* Highlights
- Fix a critical bug where audio to bluetooth devices would cut
out randomly.
- Improve RAOP compatibility.
- Avoid crashes after an update.
- Small fixes and improvements.
* PipeWire
- Mix info on port is now created explicitly.
- Remove the node as a driver peer when stopping. This caused
some problem with playback on and other remote bluetooth
devices.
- Work on avoiding crashes when loading new modules that use
internal API with old libpipewire. This is typical after an
update where the old library is still loaded by an
application but when a new stream is created, updated modules
are loaded.
* Modules
- The RTP source module now has an option to ignore the SSRC,
which is useful to continue to receive the stream when the
sender is restarted.
- The native protocol will refuse to load twice now instead of
silently ignoring the error.
- module-raop is compatible with more devices.
* SPA
- plugins will now warn when running out of buffers. This is
always a bad thing.
- Merge scope based cleanup macros.
- Add ratelimit function.
- Update to version 0.3.73:
* Highlights
- Fixes an ALSA resume after suspend error.
- Handle and disable seemingly wrong hires timestamps from
ALSA.
- Filter-chain now has loadable plugin modules. The LV2 and
sofa plugins are moved to a separate .so file to make things
more modular.
- Rate changes in the graph should now be handled more
gracefully by loopback and filter-chain.
- A regression in the rtp-sap module was fixed where it would
in some cases fail to start.
- A potential crash in the peaks resampler was fixed.
- Many cleanups and other small bug fixes.
* PipeWire
- Fix a potential segfault when no fallback driver was set in
the config.
- Improve OPUS detection.
- Add ASYNC flag to pw-filter and pw-stream when queue/dequeue
is not called from the process function. This ensure we
allocate an extra buffer.
- Discard pending process callbacks when disconnecting.
- Cleanups and improvements to the debug environment variable
parsing.
- The graph rate was tweaked to better handle very low rates
 such as those requested by pavucontrol when it does the
signal monitoring.
* Modules
- An example filter module was added.
- Filter-chain and loopback now disable the resamplers if no
rate is specified and will always follow the graph rate.
- Improve setup of filter-chain. The graph is now created when
starting because this ensure the target graph rate is known.
- Filter-chain can now link notify ports to control ports in
the graph.
- Filter-chain now has loadable plugin modules. The LV2 and
sofa plugins are moved to a separate .so file.
- A regression in the rtp-sap module was fixed where it would
in some cases fail to start.
- Module-rt now has options to disable rlimits, portal and
rtkit.
- module-raop-discover now has an options to set the latency.
* Tools
- pw-cat now supports overriding all stream properties.
* SPA
- Disable rate negotiation when the resampler is disabled. We
will always follow the graph rate.
- Set device.icon property for UCM ports as well.
- Improve ALSA recover when using hires timestamps. This fixes
some problems after resume from suspend.
- ALSA will now warn and disable hires timestamp when they seem
wrong.
They can also be disabled manually with a property.
- V4l2 will now gracefully handle ENOTTY when enumerating frame
sizes and frame rates.
- A potential crash in the peaks resampler was fixed.
* pulse-server
- A client crash in pavucontrol is avoided by always setting a
card name.
- The graph rate is now taken correctly when using the FIX
flags.
- An option was added to ignore the FIX flags of a stream. Also
the documentation for those options was updated.
- module-raop-discover now support latency_msec.
* Bluetooth
- Remove an assert and issue a warning/recover instead when a
buffer is too small.
* GStreamer
- The device provider does locking when destroying the
registry.
==== poppler ====
Version update (23.06.0 -> 23.07.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools
- update to 23.07.0:
core:
* Fix reading of utf8-with-bom files
* Fix crash if CERT_ExtractPublicKey doesn't return a public
key
* Fix rendering of some malformed documents. Issue #1395
* Allow for stream compression and compress font streams in
forms Remove method Hints::getPageRanges
qt5:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not
configured
qt6:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not
configured
utils:
* pdfsig: Allow showung and selecting signature backend
* pdfsig: Describe signature dump format in manual page
==== poppler-qt5 ====
Version update (23.06.0 -> 23.07.0)
- update to 23.07.0:
core:
* Fix reading of utf8-with-bom files
* Fix crash if CERT_ExtractPublicKey doesn't return a public
key
* Fix rendering of some malformed documents. Issue #1395
* Allow for stream compression and compress font streams in
forms Remove method Hints::getPageRanges
qt5:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not
configured
qt6:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not
configured
utils:
* pdfsig: Allow showung and selecting signature backend
* pdfsig: Describe signature dump format in manual page
==== python-charset-normalizer ====
Version update (3.1.0 -> 3.2.0)
- update to 3.2.0:
* Typehint for function `from_path` no longer enforce
`PathLike` as its first argument
* Minor improvement over the global detection reliability
* Introduce function `is_binary` that relies on main
capabilities, and optimized to detect binaries
* Propagate `enable_fallback` argument throughout `from_bytes`,
`from_path`, and `from_fp` that allow a deeper control over
the detection (default True)
* Edge case detection failure where a file would contain 'very-
long' camel cased word (Issue #289)
==== python-jsonschema ====
Version update (4.18.3 -> 4.18.4)
- update to 4.18.4:
no changelog available, only a diff:
https://github.com/python-jsonschema/jsonschema/compare/v4.18.3...v4.18.4
==== python-referencing ====
Version update (0.29.1 -> 0.30.0)
- Update to version 0.30.0:
* Declare support for 3.12.
* Update the referencing suite.
- Update to version 0.29.3:
* Spelling.
- Update to version 0.29.2:
* Improve the hashability of exceptions when they contain
hashable data.
* [pre-commit.ci] pre-commit autoupdate
* Bump suite from `9335e4a` to `fe891e8`
==== qemu ====
Version update (8.0.2 -> 8.0.3)
- Update to version 8.0.3:
* See full log: https://lists.nongnu.org/archive/html/qemu-stable/2023-07/msg00086.html
* Security issues fixed:
- 9pfs: prevent opening special files (CVE-2023-2861)
- vhost-vdpa (CVE-2023-3301)
* Use the official xkb name for Arabic layout, not the
legacy synonym (bsc#1212966)
* [openSUSE][RPM] Update to version 8.0.3
==== setools ====
Subpackages: python311-setools setools-console
- Add python3-setuptools as a runtime requirement of python3-setools
(boo#1213305)
==== smartmontools ====
- smartmontools.generate_smartd_opts.in: Fix generated options when
SMARTD_SAVESTATES or SMARTD_ATTRLOG are set to "no" (bsc#1207461).
==== systemd ====
Version update (253.5 -> 253.7)
Subpackages: libsystemd0 libudev1 systemd-coredump systemd-doc udev
- Import commit 2dac0aff9ced1eca0cd11c24e264b33095ee5a5e (merge of v253.7)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/6458c066547eaadf0e9709e441ea36a…
- Import commit 6458c066547eaadf0e9709e441ea36ad03faa860 (merge of v253.6)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/07bb12a282b0ea378850934c4a76008…
- Drop 5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch, it's
been backported to v253.6.
- Move a bunch of files from systemd to udev. These are pretty useless without
block devices.
==== systemd-presets-branding-openSUSE ====
- enable the various libvirt modular daemons (boo#1212195)
==== taglib ====
Version update (1.13 -> 1.13.1)
- Update to version 1.13.1:
* Fixed parsing of TXXX frames without description.
* Detect MP4 atoms with invalid length or type.
* Do not miss ID3v2 frames when an extended header is present.
* Use property "DISCSUBTITLE" for ID3v2 "TSST" frame.
* Build system improvements: Use absolute path for macOS dylib install name,
support --define-prefix when using pkg-config, fixed minimum required
CppUnit version.
* Code clean up using clang-tidy.
==== xkeyboard-config ====
Version update (2.38 -> 2.39)
- Update to version 2.39
* another bugfix release; also needed for changes for the Amharic
(am_ET.UTF-8) compose key sequences in libX11 1.8.5 (see
corresponding changelog entry in libX11 package); removes old
remappings like ar --> ara (git db45bd75, 470ad2cd) [breaks
current qemu build]
==== xterm ====
Version update (382 -> 384)
Subpackages: xterm-bin xterm-resize
- update to 384:
* exclude ASCII space from showMissingGlyphs, since a few
bitmap fonts lack this
* correct a step in rendering double-width characters
with bitmap-fonts
* fixes for ReGIS-related problems:
* mimic an undocumented hardware VT340 feature
which handles color initialization with incomplete parameters.
* handle whitespace between operator/operands for
color values.
* reset ReGIS-context when resetting graphics in RIS.
==== zimg ====
Version update (3.0.4 -> 3.0.5)
- Update to 3.0.5
* colorspace: add ST.428-1 (gamma 2.6) transfer function
* depth: fix AVX-512 integer to float border handling (introduced in 2.6)
* depth: fix NEON dither border handling (introduced in 3.0)
* graph: fix clipping in alpha premultiplication (introduced in 3.0)
* x86: optimizations for AMD Zen4 processors
- Drop e29571.patch
==== zlib-ng-compat ====
Version update (2.1.2 -> 2.1.3)
- update to 2.1.3:
* Fix endless loop bug in chunkcopy_safe. #1526
* Support using distro-supplied Gtest #1519
* Minor code cleanup of deflate.c #1500
* Improve buildsystem detection of ARM Cortex #1521
* Cross-compiling and little-endian fixes #1518 #1520
* Optimize compare256 using RVV #1498
* Optimize slide_hash using RVV #1522
- drop 1526.patch (upstream)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
bind (9.18.16 -> 9.18.17)
elfutils-debuginfod
hwinfo (23.1 -> 23.2)
kernel-source (6.4.3 -> 6.4.4)
libva (2.18.0 -> 2.19.0)
libva-gl (2.18.0 -> 2.19.0)
nghttp2 (1.54.0 -> 1.55.1)
openssh (9.3p1 -> 9.3p2)
openssh-askpass-gnome (9.3p1 -> 9.3p2)
openssl-3
python-jsonschema-specifications (2023.6.1 -> 2023.7.1)
python-rich
qalculate (4.6.1 -> 4.7.0)
sof-firmware (2.2.5 -> 2.2.6)
systemd (253.5 -> 253.7)
sysuser-tools
tar
update-alternatives (1.21.8 -> 1.21.22)
webkit2gtk3 (2.40.3 -> 2.40.4)
webkit2gtk4 (2.40.3 -> 2.40.4)
=== Details ===
==== bind ====
Version update (9.18.16 -> 9.18.17)
- Update to release 9.18.17
Feature Changes:
* If a response from an authoritative server has its RCODE set to
FORMERR and contains an echoed EDNS COOKIE option that was
present in the query, named now retries sending the query to
the same server without an EDNS COOKIE option.
* The relaxed QNAME minimization mode now uses NS records. This
reduces the number of queries named makes when resolving, as it
allows the non-existence of NS RRsets at non-referral nodes to
be cached in addition to the normally cached referrals.
Bug Fixes:
* The ability to read HMAC-MD5 key files, which was accidentally
lost in BIND 9.18.8, has been restored.
* Several minor stability issues with the catalog zone
implementation have been fixed.
==== elfutils-debuginfod ====
Subpackages: debuginfod-profile libdebuginfod1
- Replace libdebuginfo1 sub-package's debuginfod-profile Recommends
with config(debuginfod-profile) Requires, but on the debuginfod-\
client sub-package, instead. And add binutils, bpftrace-tools,
elfutils, gdb, perf, systemd-coredump, and valgrind Supplements
to debuginfod-client sub-package. This should make installation
of debuginfod-client more consistent, along with debuginfod-\
profile, with software/packages that have debuginfod support.
==== hwinfo ====
Version update (23.1 -> 23.2)
Subpackages: libhd23
- merge gh#openSUSE/hwinfo#128
- Add support for loongarch cpu
- 23.2
==== kernel-source ====
Version update (6.4.3 -> 6.4.4)
- Linux 6.4.4 (bsc#1012628).
- start_kernel: Add __no_stack_protector function attribute
(bsc#1012628).
- USB: serial: option: add LARA-R6 01B PIDs (bsc#1012628).
- usb: dwc3: gadget: Propagate core init errors to UDC during
pullup (bsc#1012628).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev
(bsc#1012628).
- extcon: usbc-tusb320: Unregister typec port on driver removal
(bsc#1012628).
- dt-bindings: iio: ad7192: Add mandatory reference voltage source
(bsc#1012628).
- iio: addac: ad74413: don't set DIN_SINK for functions other
than digital input (bsc#1012628).
- iio: adc: ad7192: Fix null ad7192_state pointer access
(bsc#1012628).
- iio: adc: ad7192: Fix internal/external clock selection
(bsc#1012628).
- iio: accel: fxls8962af: errata bug only applicable for
FXLS8962AF (bsc#1012628).
- iio: accel: fxls8962af: fixup buffer scan element type
(bsc#1012628).
- Revert "drm/amd/display: edp do not add non-edid timings"
(bsc#1012628).
- fs: pipe: reveal missing function protoypes (bsc#1012628).
- s390/kasan: fix insecure W+X mapping warning (bsc#1012628).
- blk-mq: don't queue plugged passthrough requests into scheduler
(bsc#1012628).
- block: Fix the type of the second bdev_op_is_zoned_write()
argument (bsc#1012628).
- block/rq_qos: protect rq_qos apis with a new lock (bsc#1012628).
- splice: Fix filemap_splice_read() to use the correct inode
(bsc#1012628).
- erofs: kill hooked chains to avoid loops on deduplicated
compressed images (bsc#1012628).
- x86/resctrl: Only show tasks' pid in current pid namespace
(bsc#1012628).
- fsverity: use shash API instead of ahash API (bsc#1012628).
- fsverity: don't use bio_first_page_all() in
fsverity_verify_bio() (bsc#1012628).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
(bsc#1012628).
- x86/sev: Fix calculation of end address based on number of pages
(bsc#1012628).
- blk-cgroup: Reinit blkg_iostat_set after clearing in
blkcg_reset_stats() (bsc#1012628).
- virt: sevguest: Add CONFIG_CRYPTO dependency (bsc#1012628).
- blk-mq: fix potential io hang by wrong 'wake_batch'
(bsc#1012628).
- lockd: drop inappropriate svc_get() from locked_get()
(bsc#1012628).
- nvme-core: fix memory leak in dhchap_secret_store (bsc#1012628).
- nvme-core: fix memory leak in dhchap_ctrl_secret (bsc#1012628).
- nvme-core: add missing fault-injection cleanup (bsc#1012628).
- nvme-core: fix dev_pm_qos memleak (bsc#1012628).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
(bsc#1012628).
- md/raid10: fix overflow of md/safe_mode_delay (bsc#1012628).
- md/raid10: fix wrong setting of max_corr_read_errors
(bsc#1012628).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
(bsc#1012628).
- md/raid10: fix io loss while replacement replace rdev
(bsc#1012628).
- md/raid1-10: factor out a helper to add bio to plug
(bsc#1012628).
- md/raid1-10: factor out a helper to submit normal write
(bsc#1012628).
- md/raid1-10: submit write io directly if bitmap is not enabled
(bsc#1012628).
- block: fix blktrace debugfs entries leakage (bsc#1012628).
- irqchip/loongson-eiointc: Fix irq affinity setting during resume
(bsc#1012628).
- splice: don't call file_accessed in copy_splice_read
(bsc#1012628).
- irqchip/stm32-exti: Fix warning on initialized field overwritten
(bsc#1012628).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
(bsc#1012628).
- svcrdma: Prevent page release when nothing was received
(bsc#1012628).
- erofs: fix compact 4B support for 16k block size (bsc#1012628).
- posix-timers: Prevent RT livelock in itimer_delete()
(bsc#1012628).
- tick/rcu: Fix bogus ratelimit condition (bsc#1012628).
- tracing/timer: Add missing hrtimer modes to
decode_hrtimer_mode() (bsc#1012628).
- btrfs: always read the entire extent_buffer (bsc#1012628).
- btrfs: don't use btrfs_bio_ctrl for extent buffer reading
(bsc#1012628).
- btrfs: return bool from lock_extent_buffer_for_io (bsc#1012628).
- btrfs: submit a writeback bio per extent_buffer (bsc#1012628).
- btrfs: fix range_end calculation in extent_write_locked_range
(bsc#1012628).
- btrfs: don't fail writeback when allocating the compression
context fails (bsc#1012628).
- btrfs: only call __extent_writepage_io from
extent_write_locked_range (bsc#1012628).
- btrfs: don't treat zoned writeback as being from an async
... changelog too long, skipping 1321 lines ...
- commit f6ca0bc
==== libva ====
Version update (2.18.0 -> 2.19.0)
Subpackages: libva-drm2 libva-x11-2 libva2
- Update to 2.19.0:
* add: Add mono_chrome to VAEncSequenceParameterBufferAV1
* add: Enable support for license acquisition of multiple protected
playbacks
* fix: use secure_getenv instead of getenv
* trace: Improve and add VA trace log for AV1 encode
* trace: Unify va log message, replace va_TracePrint with va_TraceMsg.
==== libva-gl ====
Version update (2.18.0 -> 2.19.0)
- Update to 2.19.0:
* add: Add mono_chrome to VAEncSequenceParameterBufferAV1
* add: Enable support for license acquisition of multiple protected
playbacks
* fix: use secure_getenv instead of getenv
* trace: Improve and add VA trace log for AV1 encode
* trace: Unify va log message, replace va_TracePrint with va_TraceMsg.
==== nghttp2 ====
Version update (1.54.0 -> 1.55.1)
- update to 1.55.1:
* Fix memory leak
This commit fixes memory leak that happens when
PUSH_PROMISE or HEADERS frame cannot be sent, and
nghttp2_on_stream_close_callback fails with a fatal error.
For example, if GOAWAY frame has been received, a
HEADERS frame that opens new stream cannot be sent.
This issue has already been made public via CVE-2023-35945
by envoyproxy/envoy project. During embargo period, the
patch to fix this bug was accidentally submitted to
nghttp2/nghttp2 repository [2]. And they decided to
disclose CVE early. I was notified just 1.5 hours
before disclosure. I had no time to respond.
PoC described in [1] is quite simple, but I think it is
not enough to trigger this bug. While it is true that
receiving GOAWAY prevents a client from opening new stream,
and nghttp2 enters error handling branch, in order to cause
the memory leak, nghttp2_session_close_stream function
must return a fatal error.
NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of
memory. It is unlikely that a process gets short of
memory with this simple PoC scenario unless application
does something memory heavy processing.
* NGHTTP2_ERR_CALLBACK_FAILURE is returned from application
defined callback function (nghttp2_on_stream_close_callback, in
this case), which indicates something fatal happened inside a
callback, and a connection must be closed immediately without
any further action. As nghttp2_on_stream_close_error_callback
documentation says, any error code other than 0 or
NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
error code. More specifically, it is treated as if
NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that
envoy returns
NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is
translated into NGHTTP2_ERR_CALLBACK_FAILURE.
https://github.com/envoyproxy/envoy/security/advisories/GHSA-
jfxv-29pc-x22r
==== openssh ====
Version update (9.3p1 -> 9.3p2)
Subpackages: openssh-clients openssh-common openssh-server
- Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408):
Security
========
Fix CVE-2023-38408 - a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
code execution via a forwarded agent socket if the following
conditions are met:
* Exploitation requires the presence of specific libraries on
the victim system.
* Remote exploitation requires that the agent was forwarded
to an attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an
empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
an allowlist that contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable
by the Qualys Security Advisory team.
In addition to removing the main precondition for exploitation,
this release removes the ability for remote ssh-agent(1) clients
to load PKCS#11 modules by default (see below).
Potentially-incompatible changes
- -------------------------------
* ssh-agent(8): the agent will now refuse requests to load PKCS#11
modules issued by remote clients by default. A flag has been added
to restore the previous behaviour "-Oallow-remote-pkcs11".
Note that ssh-agent(8) depends on the SSH client to identify
requests that are remote. The OpenSSH >=8.9 ssh(1) client does
this, but forwarding access to an agent socket using other tools
may circumvent this restriction.
==== openssh-askpass-gnome ====
Version update (9.3p1 -> 9.3p2)
- Update to openssh 9.3p2
* No changes for askpass, see main package changelog for
details
==== openssl-3 ====
Subpackages: libopenssl3
- Security fix: [bsc#1213487, CVE-2023-3446]
* Fix DH_check() excessive time with over sized modulus.
* The function DH_check() performs various checks on DH parameters.
One of those checks confirms that the modulus ("p" parameter) is
not too large. Trying to use a very large modulus is slow and
OpenSSL will not normally use a modulus which is over 10,000 bits
in length.
However the DH_check() function checks numerous aspects of the
key or parameters that have been supplied. Some of those checks
use the supplied modulus value even if it has already been found
to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying
a key/parameters with a modulus over this size will simply cause
DH_check() to fail.
* Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
- Security fix: [bsc#1213383, CVE-2023-2975]
* AES-SIV implementation ignores empty associated data entries
* Add openssl-CVE-2023-2975.patch
==== python-jsonschema-specifications ====
Version update (2023.6.1 -> 2023.7.1)
- update to 2023.7.1:
no changelog, only diff available at
https://github.com/python-jsonschema/jsonschema-specifications/compare/v202…
==== python-rich ====
- %{?sle15_python_module_pythons} mut be at beginning to work.
==== qalculate ====
Version update (4.6.1 -> 4.7.0)
Subpackages: libqalculate22 qalculate-data
- version update to 4.7.0
* Support for custom default angle unit, e.g. turn, arcsec, arcmin
* Append default angle unit (instead of always radians) when converting
value without unit to angle unit
* More consistent addition and removal of angle unit from function arguments
* Always interpret ./, .*, and .^ as entrywise operators if user intention is unclear
* Change order of operations to place entrywise and ordinary operators on
the same precedence level
* Add function, kron(), for Kronecker product, and constants for Pauli matrices
* Add radius to planets dataset and update other properties
* Support replacement of unknown variables within variable values
* Fix besselj(0, 0)
* Fix incomplete calculation in tan() with try exact approximation
* Fix 0/0=0 equality (do not return true) and output of 2/0 (and similar)
* Fixes and improvements for newtonsolve() and secantsolve()
* Fix segfault when MathStructure is deleted after Calculator, and in destructor
of calculated DynamicVariable (called from Calculator destructor)
* Do not save mode on exit if "-defaults" command line switch where used (CLI)
* Allow multiple actions for keyboard shortcuts (GTK, Qt)
* Add toggle precision, and min, max, or min and max decimals to available
shortcut and button actions (GTK, Qt)
* Add option to exclude units for unformatted ASCII copy (GTK, Qt)
* Add optional value to copy result action, allowing expression copy and
formatting selection (GTK, Qt)
* Fix copy unformatted ASCII when local digit group separator is same as selected
decimal separator (GTK, Qt)
* Add option to automatically copy result (Qt)
* Always set (primary) selection clipboard contents when whole expression is
selected or selection is cleared, e.g. after calculation (Qt)
* Improve support dark mode and high contrast modes, and change default style
to Fusion, on Windows (Qt)
* Minor bug fixes and feature enhancements
==== sof-firmware ====
Version update (2.2.5 -> 2.2.6)
- Update to version 2.2.6:
There's no FW binary change. This release adds a few new topology binaries
for Intel Tiger Lake (TGL), Alder Lake (ADL) and Raptor Lake (RPL) platforms
- Add Notice.NXP
==== systemd ====
Version update (253.5 -> 253.7)
Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc systemd-lang udev
- Import commit 2dac0aff9ced1eca0cd11c24e264b33095ee5a5e (merge of v253.7)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/6458c066547eaadf0e9709e441ea36a…
- Import commit 6458c066547eaadf0e9709e441ea36ad03faa860 (merge of v253.6)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/07bb12a282b0ea378850934c4a76008…
- Drop 5002-Revert-core-service-when-resetting-PID-also-reset-kn.patch, it's
been backported to v253.6.
- Move a bunch of files from systemd to udev. These are pretty useless without
block devices.
==== sysuser-tools ====
- Add "quilt setup" friendly hint to %sysusers_requires usage
It is not required to have sysuser-tools installed when working
with a pkg source which uses sysuser-tools at build time.
==== tar ====
Subpackages: tar-lang tar-rmt
- Update tests-skip-time01-on-32bit-time_t.patch to not run test
on armv6 either
==== update-alternatives ====
Version update (1.21.8 -> 1.21.22)
- openssl.patch: use openssl library for MD5 calculation instead
of relying on libmd. libmd is not in Ring0
- require Perl 5.28.1 or later
==== webkit2gtk3 ====
Version update (2.40.3 -> 2.40.4)
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Update to version 2.40.4:
+ Fix a bug in JavaScript reading variable arguments in a call.
==== webkit2gtk4 ====
Version update (2.40.3 -> 2.40.4)
Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles
- Update to version 2.40.4:
+ Fix a bug in JavaScript reading variable arguments in a call.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
7zip
dracut (059+suse.447.g9d1fc722 -> 059+suse.476.g5e324584)
exiv2
kmod
libX11 (1.8.5 -> 1.8.6)
libstorage-ng (4.5.123 -> 4.5.127)
libwebp (1.3.0 -> 1.3.1)
libyajl
openexr
pipewire (0.3.72 -> 0.3.74)
python-jsonschema (4.18.3 -> 4.18.4)
python-referencing (0.29.1 -> 0.30.0)
qemu (8.0.2 -> 8.0.3)
setools
systemd-presets-branding-openSUSE
taglib (1.13 -> 1.13.1)
xkeyboard-config (2.38 -> 2.39)
yast2-trans (84.87.20230708.d1de37aed1 -> 84.87.20230714.966688ddd0)
=== Details ===
==== 7zip ====
- Enable ARM64 ASM introduced in 23.01
==== dracut ====
Version update (059+suse.447.g9d1fc722 -> 059+suse.476.g5e324584)
Subpackages: dracut-ima
- Update to version 059+suse.476.g5e324584:
This is the 2nd backport of the most important fixes and features from the upstream master branch,
while the release date of version 060 is still undefined.
Features:
* feat(network-wicked): remove module
* feat(systemd-rfkill): remove module
* feat(livenet): add memory size check depending on live image size
* feat(nvmf): add code for parsing the NBFT
Fixes:
* fix(systemd-sysext): handle confexts and correct extensions search path
* fix(modsign): load keys to correct keyring
* fix(dmsquash-live-autooverlay): specify filesystemtype when it is already known
* fix(fs-lib): remove quoting form the first argument of the e2fsck call
* fix(Makefile): remove leftover rpm build rules
* fix(Makefile): no longer upload to kernel.org
* fix(nvmf): support /etc/nvme/config.json
* fix(nvmf): install 8021q module unconditionally
* fix(install.d): respect even more kernel-install vars, plus style fixes
* fix(install.d): respect more kernel-install env variables
* fix(dracut.sh): also prevent fsfreeze for tmpfs
* fix(dmsquash-live): allow other fstypes
* fix(bluetooth): make bluetooth rules more strict
* fix(bluetooth): add missing files
* fix(bluetooth): include it if Appearance matches the value assigned for keyboard
* fix(btrfs): do not require module via cmdline when --no-kernel
* fix(btrfs): add missing cmdline function
Other:
* refactor(dracut-init.sh): remove redundant "dracut" from "dracut module" prints
* refactor(virtiofs): remove exit after die
* build: remove rpm spec file and build rules
* docs: remove rd.lvm.snapsize and rd.lvm.snapshot
* chore(gentoo.conf): remove examples to avoid confusion
* chore: remove git2spec.pl, it is no longer used
==== exiv2 ====
- add exiv2-metadata-null-checks.patch fixes gwenview crashes and
other apps https://github.com/Exiv2/exiv2/issues/2638
==== kmod ====
Subpackages: kmod-bash-completion libkmod2
- Edit usr-lib-modules.patch to /lib/modules provide fallback
behavior for successfully running `make modules_install` in
pristine tarballs.
==== libX11 ====
Version update (1.8.5 -> 1.8.6)
Subpackages: libX11-6 libX11-data libX11-xcb1
- update to 1.8.6:
* InitExt.c: Add bounds checks for extension request,
event, & error codes
* Fixes CVE-2023-3138: X servers could return values from
XQueryExtension that would cause Xlib to write entries
out-of-bounds of the arrays to store them, though this
would only overwrite other parts of the Display
struct, not outside the bounds allocated for that
structure.
- drop U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch (upstream)
==== libstorage-ng ====
Version update (4.5.123 -> 4.5.127)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#941
- added get_version_string function
- 4.5.127
- merge gh#openSUSE/libstorage-ng#940
- wait for block device before using blkdiscard
- 4.5.126
- merge gh#openSUSE/libstorage-ng#939
- wait for block device before using wipefs (bsc#1213420)
- coding style
- 4.5.125
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.124
==== libwebp ====
Version update (1.3.0 -> 1.3.1)
Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3
- Update to version 1.3.1:
* security fixes for lossless encoder (CVE-2023-1999)
* improve error reporting through WebPPicture error codes
* fix upsampling for RGB565 and RGBA4444 in NEON builds
* img2webp: add -sharp_yuv & -near_lossless
* fix webp_js with emcc >= 3.1.27 (stack size change)
* CMake fixes
* further updates to the container and lossless bitstream docs
- Drop libwebp-double-free.patch: fixed upstream.
==== libyajl ====
- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
==== openexr ====
Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30
- Add patch to fix regression on non-SSE architectures
https://github.com/AcademySoftwareFoundation/openexr/issues/1460:
* 1488.patch
- Also disable 'DWA[AB]Compression' test on aarch64 as the patch
above fixes the issue for all targets, except aarch64
==== pipewire ====
Version update (0.3.72 -> 0.3.74)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.74:
* Highlights
- Fix a critical bug where audio to bluetooth devices would cut
out randomly.
- Improve RAOP compatibility.
- Avoid crashes after an update.
- Small fixes and improvements.
* PipeWire
- Mix info on port is now created explicitly.
- Remove the node as a driver peer when stopping. This caused
some problem with playback on and other remote bluetooth
devices.
- Work on avoiding crashes when loading new modules that use
internal API with old libpipewire. This is typical after an
update where the old library is still loaded by an
application but when a new stream is created, updated modules
are loaded.
* Modules
- The RTP source module now has an option to ignore the SSRC,
which is useful to continue to receive the stream when the
sender is restarted.
- The native protocol will refuse to load twice now instead of
silently ignoring the error.
- module-raop is compatible with more devices.
* SPA
- plugins will now warn when running out of buffers. This is
always a bad thing.
- Merge scope based cleanup macros.
- Add ratelimit function.
- Update to version 0.3.73:
* Highlights
- Fixes an ALSA resume after suspend error.
- Handle and disable seemingly wrong hires timestamps from
ALSA.
- Filter-chain now has loadable plugin modules. The LV2 and
sofa plugins are moved to a separate .so file to make things
more modular.
- Rate changes in the graph should now be handled more
gracefully by loopback and filter-chain.
- A regression in the rtp-sap module was fixed where it would
in some cases fail to start.
- A potential crash in the peaks resampler was fixed.
- Many cleanups and other small bug fixes.
* PipeWire
- Fix a potential segfault when no fallback driver was set in
the config.
- Improve OPUS detection.
- Add ASYNC flag to pw-filter and pw-stream when queue/dequeue
is not called from the process function. This ensure we
allocate an extra buffer.
- Discard pending process callbacks when disconnecting.
- Cleanups and improvements to the debug environment variable
parsing.
- The graph rate was tweaked to better handle very low rates
 such as those requested by pavucontrol when it does the
signal monitoring.
* Modules
- An example filter module was added.
- Filter-chain and loopback now disable the resamplers if no
rate is specified and will always follow the graph rate.
- Improve setup of filter-chain. The graph is now created when
starting because this ensure the target graph rate is known.
- Filter-chain can now link notify ports to control ports in
the graph.
- Filter-chain now has loadable plugin modules. The LV2 and
sofa plugins are moved to a separate .so file.
- A regression in the rtp-sap module was fixed where it would
in some cases fail to start.
- Module-rt now has options to disable rlimits, portal and
rtkit.
- module-raop-discover now has an options to set the latency.
* Tools
- pw-cat now supports overriding all stream properties.
* SPA
- Disable rate negotiation when the resampler is disabled. We
will always follow the graph rate.
- Set device.icon property for UCM ports as well.
- Improve ALSA recover when using hires timestamps. This fixes
some problems after resume from suspend.
- ALSA will now warn and disable hires timestamp when they seem
wrong.
They can also be disabled manually with a property.
- V4l2 will now gracefully handle ENOTTY when enumerating frame
sizes and frame rates.
- A potential crash in the peaks resampler was fixed.
* pulse-server
- A client crash in pavucontrol is avoided by always setting a
card name.
- The graph rate is now taken correctly when using the FIX
flags.
- An option was added to ignore the FIX flags of a stream. Also
the documentation for those options was updated.
- module-raop-discover now support latency_msec.
* Bluetooth
- Remove an assert and issue a warning/recover instead when a
buffer is too small.
* GStreamer
- The device provider does locking when destroying the
registry.
==== python-jsonschema ====
Version update (4.18.3 -> 4.18.4)
- update to 4.18.4:
no changelog available, only a diff:
https://github.com/python-jsonschema/jsonschema/compare/v4.18.3...v4.18.4
==== python-referencing ====
Version update (0.29.1 -> 0.30.0)
- Update to version 0.30.0:
* Declare support for 3.12.
* Update the referencing suite.
- Update to version 0.29.3:
* Spelling.
- Update to version 0.29.2:
* Improve the hashability of exceptions when they contain
hashable data.
* [pre-commit.ci] pre-commit autoupdate
* Bump suite from `9335e4a` to `fe891e8`
==== qemu ====
Version update (8.0.2 -> 8.0.3)
- Update to version 8.0.3:
* See full log: https://lists.nongnu.org/archive/html/qemu-stable/2023-07/msg00086.html
* Security issues fixed:
- 9pfs: prevent opening special files (CVE-2023-2861)
- vhost-vdpa (CVE-2023-3301)
* Use the official xkb name for Arabic layout, not the
legacy synonym (bsc#1212966)
* [openSUSE][RPM] Update to version 8.0.3
==== setools ====
Subpackages: python311-setools setools-console
- Add python3-setuptools as a runtime requirement of python3-setools
(boo#1213305)
==== systemd-presets-branding-openSUSE ====
- enable the various libvirt modular daemons (boo#1212195)
==== taglib ====
Version update (1.13 -> 1.13.1)
- Update to version 1.13.1:
* Fixed parsing of TXXX frames without description.
* Detect MP4 atoms with invalid length or type.
* Do not miss ID3v2 frames when an extended header is present.
* Use property "DISCSUBTITLE" for ID3v2 "TSST" frame.
* Build system improvements: Use absolute path for macOS dylib install name,
support --define-prefix when using pkg-config, fixed minimum required
CppUnit version.
* Code clean up using clang-tidy.
==== xkeyboard-config ====
Version update (2.38 -> 2.39)
Subpackages: xkeyboard-config-lang
- Update to version 2.39
* another bugfix release; also needed for changes for the Amharic
(am_ET.UTF-8) compose key sequences in libX11 1.8.5 (see
corresponding changelog entry in libX11 package); removes old
remappings like ar --> ara (git db45bd75, 470ad2cd) [breaks
current qemu build]
==== yast2-trans ====
Version update (84.87.20230708.d1de37aed1 -> 84.87.20230714.966688ddd0)
Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW
- Update to version 84.87.20230714.966688ddd0:
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
* Translated using Weblate (Indonesian)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
cloud-init
docker-buildx (0.11.1 -> 0.11.2)
mlterm
zlib-ng-compat (2.1.2 -> 2.1.3)
=== Details ===
==== cloud-init ====
- Update cloud-init-write-routes.patch (bsc#1212879)
+ Add necessary import statement
- Enable flake8 linting, fix up patches
+ cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
+ cloud-init-power-rhel-only.patch
+ cloud-init-write-routes.patch
+ datasourceLocalDisk.patch
- Add cloud-init-power-rhel-only.patch (bsc#1210273)
+ Config module cc_refresh_rmc_and_interface is implemented such that
it will only work on RH distros. Set the module availability accordingly.
- Sensitive data exposure (bsc#1210277, CVE-2023-1786)
+ Add hidesensitivedata
+ Add cloud-init-cve-2023-1786-redact-inst-data.patch
+ Do not expose sensitive data gathered from the CSP
==== docker-buildx ====
Version update (0.11.1 -> 0.11.2)
- Update to version 0.11.2:
* vendor: github.com/moby/buildkit
v0.12.1-0.20230717122532-faa0cc7da353
* vendor: github.com/tonistiigi/fsutil
v0.0.0-20230629203738-36ef4d8c0dbb
* vendor: github.com/xeipuuv/gojsonpointer
v0.0.0-20190905194746-02993c407bfb
* tests: set a dedicated buildx config dir for each worker
* ci: run docker-container tests in parallel
* tests: share single docker between docker-container backends
* vendor: update buildkit to master@2d91ddcceedc
* k8s: fix missing kubeconfig check from endpoint
* build: mark result handle build as internal
* util/imagetools: remove unused Resolver.ImageConfig
* hack(generated-files): bump golang image to bookworm
* update go to 1.20.6
* hack: force go version to 1.20.5
* vendor: github.com/docker/docker@24.0 36e9e79
==== mlterm ====
Subpackages: mlterm-common mlterm-fcitx mlterm-sdl2
- Disable wayland backend on 15.4 - fails to build.
==== zlib-ng-compat ====
Version update (2.1.2 -> 2.1.3)
- update to 2.1.3:
* Fix endless loop bug in chunkcopy_safe. #1526
* Support using distro-supplied Gtest #1519
* Minor code cleanup of deflate.c #1500
* Improve buildsystem detection of ARM Cortex #1521
* Cross-compiling and little-endian fixes #1518 #1520
* Optimize compare256 using RVV #1498
* Optimize slide_hash using RVV #1522
- drop 1526.patch (upstream)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
autofs
colord
freetype2 (2.13.0 -> 2.13.1)
fuse3 (3.15.0 -> 3.15.1)
harfbuzz (7.3.0 -> 8.0.1)
krb5 (1.20.1 -> 1.21.1)
libgudev (237 -> 238)
poppler (23.06.0 -> 23.07.0)
poppler-qt5 (23.06.0 -> 23.07.0)
python-charset-normalizer (3.1.0 -> 3.2.0)
smartmontools
util-linux
xterm (382 -> 384)
zimg (3.0.4 -> 3.0.5)
=== Details ===
==== autofs ====
- Add autofs-suse-manpage-remove-initdir.patch
Removes references of initdir from man pages (bsc#1207881)
==== colord ====
Subpackages: colord-color-profiles colord-lang libcolord2 libcolorhug2
- Tune _constraints for various architectures.
==== freetype2 ====
Version update (2.13.0 -> 2.13.1)
- update to 2.13.1:
* New function `FT_Get_Default_Named_Instance` to get the
index of the default named instance of an OpenType Variation
Font. A new load flag `FT_LOAD_NO_SVG` to make FreeType ignore
glyphs in an 'SVG ' table.
* New function `FT_GlyphSlot_AdjustWeight` to adjust
the glyph weight either horizontally or vertically.
This is part of the `ftsynth.h` header file
* TrueType interpreter version 38 (also known as
'Infinality') has been deactivated; the value of
`TT_INTERPRETER_VERSION_38` is now the same as
`TT_INTERPRETER_VERSION_40`.
* Switching named instances on and off in Variation Fonts
was buggy if the design coordinates didn't change.
- drop enable-infinality-subpixel-hinting.patch (obsolete, infinality
is deactivated)
==== fuse3 ====
Version update (3.15.0 -> 3.15.1)
Subpackages: libfuse3-3
- Update to release 3.15.1
* Reduce default write size by half
==== harfbuzz ====
Version update (7.3.0 -> 8.0.1)
Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0
- Update to version 8.0.1:
+ Build fix on 32-bit arm.
+ More speed optimizations:
- 60% speedup in retaingids subsetting SourceHanSans-VF.
- 38% speed up in subsetting (beyond-64k) mega-merged Noto.
- 16% speed up in retain-gid (used for IFT) subsetting of
NotoSansCJKkr.
- Changes from version 8.0.0:
+ New, experimental, WebAssembly (WASM) shaper, that provides
greater flexibility over OpenType/AAT/Graphite shaping, using
WebAssembly embedded inside the font file. Currently WASM
shaper is disabled by default and needs to be enabled at build
time.
+ Improvements to Experimental features introduced in earlier
releases:
- Support for subsetting beyond-64k and VarComposites fonts.
- Support for instancing variable fonts with cubic âglyfâ
table.
- Many big speed optimizations.
==== krb5 ====
Version update (1.20.1 -> 1.21.1)
- update to 1.121.1 (CVE-2023-36054):
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
* Added a credential cache type providing compatibility with
the macOS 11 native credential cache.
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key
from a GSS context.
* The KDC will no longer issue tickets with RC4 or triple-DES
session keys unless explicitly configured with the new
allow_rc4 or allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1
session keys unless the service principal has a
session_enctypes string attribute.
* Support for PAC full KDC checksums has been added to
mitigate an S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set
of supported CMS algorithms.
* Removed unused code in libkrb5, libkrb5support,
and the PKINIT module.
* Modernized the KDC code for processing TGS requests,
the code for encrypting and decrypting key data,
the PAC handling code, and the GSS library packet
parsing and composition code.
* Improved the test framework's detection of memory
errors in daemon processes when used with asan.
==== libgudev ====
Version update (237 -> 238)
- Update to version 238:
* Fix newline stripping
* Add g_udev_device_get_current_tags()
* Add a number of tests, and devel docs
* Fix devhelp not being able to find the docs
* Skip locale test with locale isn't available
- Drop patches fixed upstream:
* 71b2fda04dd71c637361e8ead103980ad6f27ed5.patch
* 4216ecd4513bd4c8af73543817a51d6f72f166cc.patch
==== poppler ====
Version update (23.06.0 -> 23.07.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools
- update to 23.07.0:
core:
* Fix reading of utf8-with-bom files
* Fix crash if CERT_ExtractPublicKey doesn't return a public
key
* Fix rendering of some malformed documents. Issue #1395
* Allow for stream compression and compress font streams in
forms Remove method Hints::getPageRanges
qt5:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not
configured
qt6:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not
configured
utils:
* pdfsig: Allow showung and selecting signature backend
* pdfsig: Describe signature dump format in manual page
==== poppler-qt5 ====
Version update (23.06.0 -> 23.07.0)
- update to 23.07.0:
core:
* Fix reading of utf8-with-bom files
* Fix crash if CERT_ExtractPublicKey doesn't return a public
key
* Fix rendering of some malformed documents. Issue #1395
* Allow for stream compression and compress font streams in
forms Remove method Hints::getPageRanges
qt5:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not
configured
qt6:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not
configured
utils:
* pdfsig: Allow showung and selecting signature backend
* pdfsig: Describe signature dump format in manual page
==== python-charset-normalizer ====
Version update (3.1.0 -> 3.2.0)
- update to 3.2.0:
* Typehint for function `from_path` no longer enforce
`PathLike` as its first argument
* Minor improvement over the global detection reliability
* Introduce function `is_binary` that relies on main
capabilities, and optimized to detect binaries
* Propagate `enable_fallback` argument throughout `from_bytes`,
`from_path`, and `from_fp` that allow a deeper control over
the detection (default True)
* Edge case detection failure where a file would contain 'very-
long' camel cased word (Issue #289)
==== smartmontools ====
- smartmontools.generate_smartd_opts.in: Fix generated options when
SMARTD_SAVESTATES or SMARTD_ATTRLOG are set to "no" (bsc#1207461).
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang
- Add patch to detect MD array as container of LUKS properly
(boo#1213227, gh#util-linux/util-linux#2373):
* 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch
==== xterm ====
Version update (382 -> 384)
Subpackages: xterm-bin xterm-resize
- update to 384:
* exclude ASCII space from showMissingGlyphs, since a few
bitmap fonts lack this
* correct a step in rendering double-width characters
with bitmap-fonts
* fixes for ReGIS-related problems:
* mimic an undocumented hardware VT340 feature
which handles color initialization with incomplete parameters.
* handle whitespace between operator/operands for
color values.
* reset ReGIS-context when resetting graphics in RIS.
==== zimg ====
Version update (3.0.4 -> 3.0.5)
- Update to 3.0.5
* colorspace: add ST.428-1 (gamma 2.6) transfer function
* depth: fix AVX-512 integer to float border handling (introduced in 2.6)
* depth: fix NEON dither border handling (introduced in 3.0)
* graph: fix clipping in alpha premultiplication (introduced in 3.0)
* x86: optimizations for AMD Zen4 processors
- Drop e29571.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (115.0.1 -> 115.0.2)
audit (3.0.9 -> 3.1.1)
audit-secondary (3.0.9 -> 3.1.1)
bind
cryptsetup
glibc
iproute2 (6.3 -> 6.4)
kernel-source (6.4.2 -> 6.4.3)
keylime (7.2.5 -> 7.3.0)
libbpf (1.2.0 -> 1.2.2)
libnftnl (1.2.5 -> 1.2.6)
python-jsonschema (4.18.0 -> 4.18.3)
qpdf (11.4.0 -> 11.5.0)
redis (7.0.11 -> 7.0.12)
rpm-config-SUSE (20220926 -> 20230712)
rust-keylime (0.2.1+git.1685699835.3c9d17c -> 0.2.2+git.1689256829.3d2b627)
snapper
texlive
util-linux
util-linux-systemd
=== Details ===
==== MozillaFirefox ====
Version update (115.0.1 -> 115.0.2)
- Mozilla Firefox 115.0.2
* Fixed a bug with displaying a caret in the text editor on some websites
(bmo#1840804)
* Fixed a bug with broken audio rendering on some websites (bmo#1841982)
* Fixed a bug with patternTransform translate using the wrong units
(bmo#1840746)
MFSA 2023-26 (bsc#1213230)
* CVE-2023-3600 (bmo#1839703)
Use-after-free in workers
==== audit ====
Version update (3.0.9 -> 3.1.1)
Subpackages: libaudit1 libauparse0
- Update to 3.1.1:
* Add user friendly keywords for signals to auditctl
* In ausearch, parse up URINGOP and DM_CTRL records
* Harden auparse to better handle corrupt logs
* Fix a CFLAGS propogation problem in the common directory
* Move the audispd af_unix plugin to a standalone program
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
- Enable livepatching on main library on x86_64.
- Update to 3.1:
* Disable ProtectControlGroups in auditd.service by default
* Fix rule checking for exclude filter
* Make audit_rule_syscallbyname_data work correctly outside of auditctl
* Add new record types
* Add io_uring support
* Add support for new FANOTIFY record fields
* Add keyword, this-hour, to ausearch/report start/end options
* Add Requires.private to audit.pc file
* Try to interpret OPENAT2 fields correctly
==== audit-secondary ====
Version update (3.0.9 -> 3.1.1)
Subpackages: audit python3-audit system-group-audit
- Update to 3.1.1:
* Add user friendly keywords for signals to auditctl
* In ausearch, parse up URINGOP and DM_CTRL records
* Harden auparse to better handle corrupt logs
* Fix a CFLAGS propogation problem in the common directory
* Move the audispd af_unix plugin to a standalone program
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
- Update to 3.1:
* Disable ProtectControlGroups in auditd.service by default
* Fix rule checking for exclude filter
* Make audit_rule_syscallbyname_data work correctly outside of auditctl
* Add new record types
* Add io_uring support
* Add support for new FANOTIFY record fields
* Add keyword, this-hour, to ausearch/report start/end options
* Add Requires.private to audit.pc file
* Try to interpret OPENAT2 fields correctly
==== bind ====
- Enable dnstap support
==== cryptsetup ====
Subpackages: cryptsetup-doc libcryptsetup12
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
* Check for physical memory available also in PBKDF benchmark.
* Try to avoid OOM killer on low-memory systems without swap.
* Use only half of detected free memory on systems without swap.
* Add patches:
- cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
- cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
- cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
==== glibc ====
Subpackages: glibc-extra glibc-locale glibc-locale-base nscd
- gshadow-erange-rhandling.patch: gshadow: Matching sgetsgent, sgetsgent_r
ERANGE handling (BZ #30151)
- system-sigchld-block.patch: posix: Fix system blocks SIGCHLD erroneously
(BZ #30163)
- gmon-buffer-alloc.patch: gmon: Fix allocated buffer overflow (BZ #29444)
- check-pf-cancel-handler.patch: __check_pf: Add a cancellation cleanup
handler (BZ #20975)
- powerpc64-fcntl-lock.patch: io: Fix F_GETLK, F_SETLK, and F_SETLKW for
powerpc64
- realloc-limit-chunk-reuse.patch: realloc: Limit chunk reuse to only
growing requests (BZ #30579)
- dl-find-object-return.patch: elf: _dl_find_object may return 1 during
early startup (BZ #30515)
- Need to build with GCC 12 as minimum
- fix-locking-in-_IO_cleanup.patch: Update to final version
==== iproute2 ====
Version update (6.3 -> 6.4)
Subpackages: iproute2-bash-completion
- Update to release 6.4
* bridge: mdb: added underlay destination IP support, UDP
destination port support, destination VNI support, source VNI
support, outgoing interface support
* macvlan: added the "bclim" parameter
==== kernel-source ====
Version update (6.4.2 -> 6.4.3)
- Linux 6.4.3 (bsc#1012628).
- mm: call arch_swap_restore() from do_swap_page() (bsc#1012628).
- bootmem: remove the vmemmap pages from kmemleak in
free_bootmem_page (bsc#1012628).
- commit 5fb5b21
==== keylime ====
Version update (7.2.5 -> 7.3.0)
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime
- Drop migrations_use_sa_text_for_raw_SQL.patch, merged upstream
- Update to version v7.3.0:
* Monthly release (7.3.0)
* tenant: log cleanup and output improvements
* mba: moving the boot event log parsing to the MBA subdirectory
* Add secure mount sanity test to packit testing
* templates: Set empty string as default value for tpm_ownerpassword
* migrations: use sa.text for raw SQL
* ima: only log the accept list on validation failure
* ima: remove code used for reading the IMA log from disk
* tpm: Move functions from tpm_astract.py to tpm_util.py
* tpm: Move splitting of quote string into reusable function
* tpm: Change default value of Hash parameter to Hash.SHA256 from None
* [tests] Enable basic allowlist/excludelist test
* installer.sh: update TPM2TOOLS_VER to 5.5 and cherry-pick patches to fix the bug of parsing for most newer logs with the tpm2_eventlog command.
* web_util: Remove check for code being 'None' since it is always an int
* verifier: Remove possibility for agent to be None and remove error case
* verifier: Remove conversion of agent to dict
* verifier: Remove possibility for agent to be None and remove error case
* verifier: Remove check for agent is None since it cannot be None
- Add migrations_use_sa_text_for_raw_SQL.patch to fix migrations in
new SQLAlchemy versions
==== libbpf ====
Version update (1.2.0 -> 1.2.2)
- update to v1.2.2:
* fix a regression in perf tool caused by libbpf resetting its custom
catch-all SEC() handler on explicit bpf_program__set_type() call
* fix possible double-free in USDT-related libbpf code, which happens when
libbpf runs out of space in __bpf_usdt_specs map due to having too many
unique USDT specs
==== libnftnl ====
Version update (1.2.5 -> 1.2.6)
- Update to release 1.2.6
* expr: meta: introduce broute meta expression
==== python-jsonschema ====
Version update (4.18.0 -> 4.18.3)
- upgrade to 4.18.3:
no changelog available, only a diff:
https://github.com/python-jsonschema/jsonschema/compare/v4.18.2...v4.18.3
- upgrade to 4.18.2:
* Fix an additional regression with the deprecated
jsonschema.RefResolver and pointer resolution.
- upgrade to 4.18.1:
* Fix a regression with jsonschema.RefResolver based resolution
when used in combination with a custom validation dialect (via
jsonschema.validators.create).
==== qpdf ====
Version update (11.4.0 -> 11.5.0)
- Update to 11.5.0:
* When copying the same page more than once, ensure that annotations
are copied and not shared among multiple pages.
* Add new method Buffer::copy and deprecate Buffer copy constructor
and assignment operator. Buffer copies are expensive and should be
done explicitly.
* The source code was reformatted to 100 columns instead of 80.
Numerous cosmetic changes and changes suggested by clang-tidy were made.
==== redis ====
Version update (7.0.11 -> 7.0.12)
- redis 7.0.12:
* (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
a heap overflow in the cjson and cmsgpack libraries, and result in heap
corruption and potentially remote code execution. The problem exists in all
versions of Redis with Lua scripting support, starting from 2.6, and affects
only authenticated and authorized users. (bsc#1213193)
* (CVE-2023-36824) Extracting key names from a command and a list of arguments
may, in some cases, trigger a heap overflow and result in reading random heap
memory, heap corruption and potentially remote code execution. Specifically:
using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249)
* Re-enable downscale rehashing while there is a fork child
* Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count>
* Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER,
SPOP, and eviction
* Fix WAIT to be effective after a blocked module command being unblocked
* Avoid unnecessary full sync after master restart in a rare case
==== rpm-config-SUSE ====
Version update (20220926 -> 20230712)
- Update to version 20230712:
* Add more prjconf macros
* update comment about _lto_cflags
* drop %usrmerged macro (boo#1206798)
* Fix SLE sbat macros used on Leap (bsc#1198458)
==== rust-keylime ====
Version update (0.2.1+git.1685699835.3c9d17c -> 0.2.2+git.1689256829.3d2b627)
Subpackages: keylime-ima-policy
- Update to version 0.2.2+git.1689256829.3d2b627:
* Bump version to 0.2.2
* build(deps): bump tempfile from 3.5.0 to 3.6.0
* removing SIGINT stop signals from Dockerfiles and systemd service, as well as adding SIGTERM to IMA emulator as shutdown signal
- Update to version 0.2.1+git.1689167094.67ce0cf:
* cargo: Bump serde to version 1.0.166
* build(deps): bump libc from 0.2.142 to 0.2.147
* adding release Dockerfiles in 3 flavours: fedora, distroless and wolfi
* hash: add more configurable hash algorithm for public key digest
* cargo: Update clap to version 4.3.11
* cargo: Bump tokio crate version to 1.28.2
* Add an example of IMA policy
* main: Gracefully shutdown on SIGTERM or SIGINT
* cargo: Bump proc-macro2 crate version
* revocation: Parse revocation actions flexibly
* crypto: Add unit tests for x509 functions
* crypto: Make internal functions private
* config: Add unit test for the list to files mapping
* config: Make trusted_client_ca to accept lists
* lib: Implement parser for lists from config file
* build(deps): bump openssl from 0.10.48 to 0.10.55
* Add secure mount sanity test to packit testing.
* [packit] Do not let COPR project expire
==== snapper ====
Subpackages: libsnapper7 snapper-zypp-plugin
- document disadvantage of using network users and order services
after nss-user-lookup (gh#openSUSE/snapper#823)
==== texlive ====
- The rungs lua script belongs to texlive-scripts(-bin) only
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- Add patch to detect MD array as container of LUKS properly
(boo#1213227, gh#util-linux/util-linux#2373):
* 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch
==== util-linux-systemd ====
- Add patch to detect MD array as container of LUKS properly
(boo#1213227, gh#util-linux/util-linux#2373):
* 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (115.0.1 -> 115.0.2)
audit (3.0.9 -> 3.1.1)
audit-secondary (3.0.9 -> 3.1.1)
bind
cryptsetup
iproute2 (6.3 -> 6.4)
kernel-source (6.4.2 -> 6.4.3)
libbpf (1.2.0 -> 1.2.2)
qpdf (11.4.0 -> 11.5.0)
rpm-config-SUSE (20220926 -> 20230712)
texlive
util-linux
util-linux-systemd
=== Details ===
==== MozillaFirefox ====
Version update (115.0.1 -> 115.0.2)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 115.0.2
* Fixed a bug with displaying a caret in the text editor on some websites
(bmo#1840804)
* Fixed a bug with broken audio rendering on some websites (bmo#1841982)
* Fixed a bug with patternTransform translate using the wrong units
(bmo#1840746)
MFSA 2023-26 (bsc#1213230)
* CVE-2023-3600 (bmo#1839703)
Use-after-free in workers
==== audit ====
Version update (3.0.9 -> 3.1.1)
Subpackages: libaudit1 libauparse0
- Update to 3.1.1:
* Add user friendly keywords for signals to auditctl
* In ausearch, parse up URINGOP and DM_CTRL records
* Harden auparse to better handle corrupt logs
* Fix a CFLAGS propogation problem in the common directory
* Move the audispd af_unix plugin to a standalone program
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
- Enable livepatching on main library on x86_64.
- Update to 3.1:
* Disable ProtectControlGroups in auditd.service by default
* Fix rule checking for exclude filter
* Make audit_rule_syscallbyname_data work correctly outside of auditctl
* Add new record types
* Add io_uring support
* Add support for new FANOTIFY record fields
* Add keyword, this-hour, to ausearch/report start/end options
* Add Requires.private to audit.pc file
* Try to interpret OPENAT2 fields correctly
==== audit-secondary ====
Version update (3.0.9 -> 3.1.1)
Subpackages: audit python3-audit system-group-audit
- Update to 3.1.1:
* Add user friendly keywords for signals to auditctl
* In ausearch, parse up URINGOP and DM_CTRL records
* Harden auparse to better handle corrupt logs
* Fix a CFLAGS propogation problem in the common directory
* Move the audispd af_unix plugin to a standalone program
- Add _multibuild to define additional spec files as additional
flavors.
Eliminates the need for source package links in OBS.
- Update to 3.1:
* Disable ProtectControlGroups in auditd.service by default
* Fix rule checking for exclude filter
* Make audit_rule_syscallbyname_data work correctly outside of auditctl
* Add new record types
* Add io_uring support
* Add support for new FANOTIFY record fields
* Add keyword, this-hour, to ausearch/report start/end options
* Add Requires.private to audit.pc file
* Try to interpret OPENAT2 fields correctly
==== bind ====
- Enable dnstap support
==== cryptsetup ====
Subpackages: cryptsetup-doc cryptsetup-lang libcryptsetup12
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
* Check for physical memory available also in PBKDF benchmark.
* Try to avoid OOM killer on low-memory systems without swap.
* Use only half of detected free memory on systems without swap.
* Add patches:
- cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
- cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
- cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
==== iproute2 ====
Version update (6.3 -> 6.4)
Subpackages: iproute2-bash-completion
- Update to release 6.4
* bridge: mdb: added underlay destination IP support, UDP
destination port support, destination VNI support, source VNI
support, outgoing interface support
* macvlan: added the "bclim" parameter
==== kernel-source ====
Version update (6.4.2 -> 6.4.3)
- Linux 6.4.3 (bsc#1012628).
- mm: call arch_swap_restore() from do_swap_page() (bsc#1012628).
- bootmem: remove the vmemmap pages from kmemleak in
free_bootmem_page (bsc#1012628).
- commit 5fb5b21
==== libbpf ====
Version update (1.2.0 -> 1.2.2)
- update to v1.2.2:
* fix a regression in perf tool caused by libbpf resetting its custom
catch-all SEC() handler on explicit bpf_program__set_type() call
* fix possible double-free in USDT-related libbpf code, which happens when
libbpf runs out of space in __bpf_usdt_specs map due to having too many
unique USDT specs
==== qpdf ====
Version update (11.4.0 -> 11.5.0)
- Update to 11.5.0:
* When copying the same page more than once, ensure that annotations
are copied and not shared among multiple pages.
* Add new method Buffer::copy and deprecate Buffer copy constructor
and assignment operator. Buffer copies are expensive and should be
done explicitly.
* The source code was reformatted to 100 columns instead of 80.
Numerous cosmetic changes and changes suggested by clang-tidy were made.
==== rpm-config-SUSE ====
Version update (20220926 -> 20230712)
- Update to version 20230712:
* Add more prjconf macros
* update comment about _lto_cflags
* drop %usrmerged macro (boo#1206798)
* Fix SLE sbat macros used on Leap (bsc#1198458)
==== texlive ====
- The rungs lua script belongs to texlive-scripts(-bin) only
==== util-linux ====
- Add patch to detect MD array as container of LUKS properly
(boo#1213227, gh#util-linux/util-linux#2373):
* 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch
==== util-linux-systemd ====
- Add patch to detect MD array as container of LUKS properly
(boo#1213227, gh#util-linux/util-linux#2373):
* 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
ibus-table (1.17.0 -> 1.17.1)
keylime (7.2.5 -> 7.3.0)
libnftnl (1.2.5 -> 1.2.6)
python-jsonschema (4.18.0 -> 4.18.3)
redis (7.0.11 -> 7.0.12)
rust-keylime (0.2.1+git.1685699835.3c9d17c -> 0.2.2+git.1689256829.3d2b627)
snapper
=== Details ===
==== ibus-table ====
Version update (1.17.0 -> 1.17.1)
- Update version to 1.17.1
* Fix mypy warnings
* Return empty program_name and window_title in get_active_window_xprop() when
xprop results are unexpected (Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=2215466)
* Translation update from Weblate
==== keylime ====
Version update (7.2.5 -> 7.3.0)
Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python311-keylime
- Drop migrations_use_sa_text_for_raw_SQL.patch, merged upstream
- Update to version v7.3.0:
* Monthly release (7.3.0)
* tenant: log cleanup and output improvements
* mba: moving the boot event log parsing to the MBA subdirectory
* Add secure mount sanity test to packit testing
* templates: Set empty string as default value for tpm_ownerpassword
* migrations: use sa.text for raw SQL
* ima: only log the accept list on validation failure
* ima: remove code used for reading the IMA log from disk
* tpm: Move functions from tpm_astract.py to tpm_util.py
* tpm: Move splitting of quote string into reusable function
* tpm: Change default value of Hash parameter to Hash.SHA256 from None
* [tests] Enable basic allowlist/excludelist test
* installer.sh: update TPM2TOOLS_VER to 5.5 and cherry-pick patches to fix the bug of parsing for most newer logs with the tpm2_eventlog command.
* web_util: Remove check for code being 'None' since it is always an int
* verifier: Remove possibility for agent to be None and remove error case
* verifier: Remove conversion of agent to dict
* verifier: Remove possibility for agent to be None and remove error case
* verifier: Remove check for agent is None since it cannot be None
- Add migrations_use_sa_text_for_raw_SQL.patch to fix migrations in
new SQLAlchemy versions
==== libnftnl ====
Version update (1.2.5 -> 1.2.6)
- Update to release 1.2.6
* expr: meta: introduce broute meta expression
==== python-jsonschema ====
Version update (4.18.0 -> 4.18.3)
- upgrade to 4.18.3:
no changelog available, only a diff:
https://github.com/python-jsonschema/jsonschema/compare/v4.18.2...v4.18.3
- upgrade to 4.18.2:
* Fix an additional regression with the deprecated
jsonschema.RefResolver and pointer resolution.
- upgrade to 4.18.1:
* Fix a regression with jsonschema.RefResolver based resolution
when used in combination with a custom validation dialect (via
jsonschema.validators.create).
==== redis ====
Version update (7.0.11 -> 7.0.12)
- redis 7.0.12:
* (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
a heap overflow in the cjson and cmsgpack libraries, and result in heap
corruption and potentially remote code execution. The problem exists in all
versions of Redis with Lua scripting support, starting from 2.6, and affects
only authenticated and authorized users. (bsc#1213193)
* (CVE-2023-36824) Extracting key names from a command and a list of arguments
may, in some cases, trigger a heap overflow and result in reading random heap
memory, heap corruption and potentially remote code execution. Specifically:
using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249)
* Re-enable downscale rehashing while there is a fork child
* Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count>
* Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER,
SPOP, and eviction
* Fix WAIT to be effective after a blocked module command being unblocked
* Avoid unnecessary full sync after master restart in a rare case
==== rust-keylime ====
Version update (0.2.1+git.1685699835.3c9d17c -> 0.2.2+git.1689256829.3d2b627)
Subpackages: keylime-ima-policy
- Update to version 0.2.2+git.1689256829.3d2b627:
* Bump version to 0.2.2
* build(deps): bump tempfile from 3.5.0 to 3.6.0
* removing SIGINT stop signals from Dockerfiles and systemd service, as well as adding SIGTERM to IMA emulator as shutdown signal
- Update to version 0.2.1+git.1689167094.67ce0cf:
* cargo: Bump serde to version 1.0.166
* build(deps): bump libc from 0.2.142 to 0.2.147
* adding release Dockerfiles in 3 flavours: fedora, distroless and wolfi
* hash: add more configurable hash algorithm for public key digest
* cargo: Update clap to version 4.3.11
* cargo: Bump tokio crate version to 1.28.2
* Add an example of IMA policy
* main: Gracefully shutdown on SIGTERM or SIGINT
* cargo: Bump proc-macro2 crate version
* revocation: Parse revocation actions flexibly
* crypto: Add unit tests for x509 functions
* crypto: Make internal functions private
* config: Add unit test for the list to files mapping
* config: Make trusted_client_ca to accept lists
* lib: Implement parser for lists from config file
* build(deps): bump openssl from 0.10.48 to 0.10.55
* Add secure mount sanity test to packit testing.
* [packit] Do not let COPR project expire
==== snapper ====
Subpackages: libsnapper7 snapper-zypp-plugin
- document disadvantage of using network users and order services
after nss-user-lookup (gh#openSUSE/snapper#823)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
glibc
=== Details ===
==== glibc ====
Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base nscd
- gshadow-erange-rhandling.patch: gshadow: Matching sgetsgent, sgetsgent_r
ERANGE handling (BZ #30151)
- system-sigchld-block.patch: posix: Fix system blocks SIGCHLD erroneously
(BZ #30163)
- gmon-buffer-alloc.patch: gmon: Fix allocated buffer overflow (BZ #29444)
- check-pf-cancel-handler.patch: __check_pf: Add a cancellation cleanup
handler (BZ #20975)
- powerpc64-fcntl-lock.patch: io: Fix F_GETLK, F_SETLK, and F_SETLKW for
powerpc64
- realloc-limit-chunk-reuse.patch: realloc: Limit chunk reuse to only
growing requests (BZ #30579)
- dl-find-object-return.patch: elf: _dl_find_object may return 1 during
early startup (BZ #30515)
- Need to build with GCC 12 as minimum
- fix-locking-in-_IO_cleanup.patch: Update to final version
1
0