Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20221221 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (107.0.1 -> 108.0.1) NetworkManager (1.40.6 -> 1.40.8) avahi avahi-glib2 cairomm1_0 enchant-1 ethtool (6.0 -> 6.1) glib2-branding-openSUSE gnome-menus imlib2 (1.9.1 -> 1.10.0) libcloudproviders libgtop mpc (1.3.0 -> 1.3.1) pangomm1_4 rpm xz (5.2.8 -> 5.2.10) === Details === ==== MozillaFirefox ==== Version update (107.0.1 -> 108.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 108.0.1 (boo#1206507) * Fixes the default search engine being reset on upgrade for profiles which were previously copied from a different location - Mozilla Firefox 108.0 https://www.mozilla.org/en-US/firefox/108.0/releasenotes/ MFSA 2022-51 (bsc#1206242) * CVE-2022-46871 (bmo#1795697) libusrsctp library out of date * CVE-2022-46872 (bmo#1799156) Arbitrary file read from a compromised content process * CVE-2022-46873 (bmo#1644790) Firefox did not implement the CSP directive unsafe-hashes * CVE-2022-46874 (bmo#1746139) Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46875 (bmo#1786188) Download Protections were bypassed by .atloc and .ftploc files on Mac OS * CVE-2022-46877 (bmo#1795139) Fullscreen notification bypass * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685, bmo#1801102, bmo#1801315, bmo#1802395) Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845, bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479) Memory safety bugs fixed in Firefox 108 - requires NSS >= 3.85 rustc/cargo 1.65 - added translations to .desktop file. ==== NetworkManager ==== Version update (1.40.6 -> 1.40.8) Subpackages: NetworkManager-bluetooth NetworkManager-lang NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Update to version 1.40.8: + Fixed a bug that caused devices (MACsec in particular) to be stuck in UNAVAILABLE state and not transition to DISCONNECTED if the carrier was ready too early. + Improved interoperability of MACsec with some Aruba switches by allowing CKN shorter than 64 characters. + Fixed an assertion failure when restarting NetworkManager with MACsec links configured. + Fixed a possible DHCP helper crash when handling failure to connect to D-Bus. + Corrected calculation of expiration time for items configured from IPv6 neighbor discovery messages. + Various fixes for platforms that don't allow unaligned memory access. - Drop iptables BuildRequires and -Diptables meson parameter: iptables is legacy (obsoleted in favor of nft). Additionally. meson has proper fallback detection to assume the correct path, should it need to use iptables. - Recommend nftables instead of iptables. ==== avahi ==== Subpackages: avahi-lang libavahi-client3 libavahi-common3 libavahi-core7 - Drop %{_sysconfdir}/sysconfig/network/if-{up,down}.d scripts: they are not used, or supported, in a while already. ==== avahi-glib2 ==== - Drop %{_sysconfdir}/sysconfig/network/if-{up,down}.d scripts: they are not used, or supported, in a while already. ==== cairomm1_0 ==== - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== enchant-1 ==== Subpackages: enchant-1-backends libenchant1 - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== ethtool ==== Version update (6.0 -> 6.1) - update to upstream release 6.1 * Feature: update link mode tables * Feature: register dump for NXP ENETC driver (-d) * Feature: report TCP header-data split (-g) * Feature: support new message types in pretty print * Fix: man page syntax fixes ==== glib2-branding-openSUSE ==== - Prefer file-roller over nautilus for archives. ==== gnome-menus ==== Subpackages: gnome-menus-lang libgnome-menu-3-0 typelib-1_0-GMenu-3_0 - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== imlib2 ==== Version update (1.9.1 -> 1.10.0) Subpackages: imlib2-loaders libImlib2-1 - update to 1.10.0: * Introduce imlib_load_image_fde imlib2_load: Tweak load mode handling Introduce Imlib2_Loader.h - all that is needed by loaders image: Change has alpha flag to separate byte loading: Don't look for cached image when not caching loading: New loader infrastructure * loading: Introduce __imlib_ImageFileContextPush/Pop loading: Centralize mmap handling * Introduce imlib_load_image_mem * imlib2_load: Add option to use imlib_load_image_mem api: Remove cast previously dropped everywhere else Hide imlib_get/set_color_usage() if no X11 api: Move X11 related functions to separate file api: Move filter functions to separate file Enable disabling filter functions api: Move text functions to separate file Enable disabling text functions J2K loader: Drop showing deprecated item in debug message image: Fix memory leak when cloning images Unify basic X11 functionality in test programs Includes tweaks test: Re-generate test images with recent tool/library versions image: Hide internal ImlibImageFileInfo struct image: Don't munmap external memory * Introduce imlib_get_error api: error_return adjustments imlib2_load: Add option to enable image caching image: Fix potential use of uninitialized time stamps PNG loader: Correct frame delay in zero denominator case PNG loader: Cosmetics PNG loader: Improved handling of animated PNGs multiframe: Support loop count PNG loader: Fix animated PNG loading some more autofoo: Fix trouble with test subdirectory in distributed source autofoo: Rework git tag/release stuff test: test_load: Quit when loading primary image fails SVG loader: Don't reference multiframe stuff * ICO loader: Eliminate ico_load autofoo: Use AC_USE_SYSTEM_EXTENSIONS imlib2_view: Fix single frame update rendering test: test_load_2: Check frame 0/1 loading too PNG loader: Cosmetics PS loader: Cosmetics multiframe: Tweaks around frame number handling multiframe: Centralize handling of frame update offsets multiframe: Move frame info to allocated record multiframe: Allocate frame info only when needed PNG loader: Quit scan when target fdAT is seen PNG loader: Quit after loading first frame PNG loader: Simplify update callback handling imlib2_view: Fix multiframe rendering detail multiframe: Remove frame offset from updates imlib2_view: Fix multiframe after update coordinate change imlib2_view: Deal with all pending X events at once imlib2_view: Properly handle caching vs progress callbacks imlib2_view: Don't load bad images twice if first or last in argument list image: Cosmetics * image: Introduce __imlib_LoadEmbeddedMem Add new ani loader * image: Cosmetics ANI loader: Disable progress in embed loader ANI loader: Multiframe suport v1.10.0 Introduce imlib_load_image_frame_mem imlib_load_image_frame_mem(): set nocache TGA loader: fix indexing in tgaflip ==== libcloudproviders ==== - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== libgtop ==== Subpackages: libgtop-2_0-11 libgtop-lang - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== mpc ==== Version update (1.3.0 -> 1.3.1) - Update to version 1.3.1: * Bug fix: It is again possible to include mpc.h without including stdio.h. - drop mpc-1.3.0-gmpdep.patch ==== pangomm1_4 ==== - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== rpm ==== Subpackages: librpmbuild9 - switch to pkgconfig(zlib) so that alternative providers can be used ==== xz ==== Version update (5.2.8 -> 5.2.10) Subpackages: liblzma5 xz-lang - update to 5.2.10: * xz: Don't modify argv[] when parsing the --memlimit* and - -block-list command line options. This fixes confusing arguments in process listing (like "ps auxf"). * GNU/Linux only: Use __has_attribute(__symver__) to detect if that attribute is supported. This fixes build on Mandriva where Clang is patched to define __GNUC__ to 11 by default (instead of 4 as used by Clang upstream). * liblzma: - Fixed an infinite loop in LZMA encoder initialization if dict_size >= 2 GiB. - Fixed two cases of invalid free() that can happen if a tiny allocation fails in encoder re-initialization or in lzma_filters_update(). These bugs had some similarities with the bug fixed in 5.2.7. - Fixed lzma_block_encoder() not allowing the use of LZMA_SYNC_FLUSH with lzma_code() even though it was documented to be supported. The sync-flush code in the Block encoder was already used internally via lzma_stream_encoder(), so this was just a missing flag in the lzma_block_encoder() API function. - GNU/Linux only: Don't put symbol versions into static liblzma as it breaks things in some cases (and even if it didn't break anything, symbol versions in static libraries are useless anyway). The downside of the fix is that if the configure options --with-pic or --without-pic are used then it's not possible to build both shared and static liblzma at the same time on GNU/Linux anymore; with those options --disable-static or --disable-shared must be used too. - drop unused xz-devel-static which is no longer supported when using - -with-pic (which is needed for shared libs)