Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=Tumbleweed&build=20240516 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: bolt (0.9.7 -> 0.9.8) gdk-pixbuf (2.42.11 -> 2.42.12) glib2 (2.80.0 -> 2.80.2) grub2 hwdata (0.380 -> 0.382) iproute2 (6.8 -> 6.9) libbpf (1.4.1 -> 1.4.2) libmodulemd libxml2 (2.12.6 -> 2.12.7) makedumpfile (1.7.4 -> 1.7.5) mozilla-nss (3.99 -> 3.100) passt (20240426.d03c4e2 -> 20240510.7288448) patterns-base perl-URI (5.270.0 -> 5.280.0) pipewire powerdevil6 sdbootutil (1+git20240506.573a6a4 -> 1+git20240514.56dc89c) soundtouch (2.3.2 -> 2.3.3) xwayland (23.2.6 -> 24.1.0) === Details === ==== bolt ==== Version update (0.9.7 -> 0.9.8) - update to 0.9.8: * A new NHI for REMBRANDT. * CI fixes. * Don't install an empty DB directory. * Fixed: Determine the string length before writing file. * Fixed: Free on error to prevent resource leak. ==== gdk-pixbuf ==== Version update (2.42.11 -> 2.42.12) Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Update to version 2.42.12: + Fix a build failure, + Fix occasional build failures, + ani: Reject files with multiple INA or IART chunks, + ani: Reject files with multiple anih chunks (CVE-2022-48622), + ani: validate chunk size, + Updated translations. - Drop 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: fixed upstream. ==== glib2 ==== Version update (2.80.0 -> 2.80.2) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.80.2: + Fix a regression with IBus caused by the fix for CVE-2024-34397. + Fix installation directory of the GVariant specification. + Bugs fixed: - GVariant specification installed in wrong directory. - Backport "gdbusconnection: Fix test signal subscription ordering" to glib-2-80. - Backport “Correct installation directory of GVariant specification” to glib-2-80. - Backport “gdbusconnection: Allow name owners to have the syntax of a well-known name” to glib-2-80. - Changes from version 2.80.1 + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. + Updated translations. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Update to the latest upstreaming TPM2 patches * 0001-key_protector-Add-key-protectors-framework.patch - Replace 0001-protectors-Add-key-protectors-framework.patch * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch - Merge other TSS patches * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch * 0003-tpm2-Implement-more-TPM2-commands.patch * 0003-key_protector-Add-TPM2-Key-Protector.patch - Replace 0003-protectors-Add-TPM2-Key-Protector.patch * 0004-cryptodisk-Support-key-protectors.patch * 0005-util-grub-protect-Add-new-tool.patch * 0001-tpm2-Support-authorized-policy.patch - Replace 0004-tpm2-Support-authorized-policy.patch * 0001-tpm2-Add-extra-RSA-SRK-types.patch * 0001-tpm2-Implement-NV-index.patch - Replace 0001-protectors-Implement-NV-index.patch * 0002-cryptodisk-Fallback-to-passphrase.patch * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch * 0004-diskfilter-look-up-cryptodisk-devices-first.patch - Refresh affected patches * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * grub2-bsc1220338-key_protector-implement-the-blocklist.patch - New manpage for grub2-protect - Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226) * grub2-fix-menu-in-xen-host-server.patch ==== hwdata ==== Version update (0.380 -> 0.382) - update to 0.382: * Update pci, usb and vendor ids ==== iproute2 ==== Version update (6.8 -> 6.9) - Update to release 6.9 * ss: add option to suppress queue columns * m_mirred: allow mirred to block * tc: add NLM_F_ECHO support for actions and filters * ip/bond: add coupled_control support * ss: add support for BPF socket-local storage * ip: ioam6: add monitor command ==== libbpf ==== Version update (1.4.1 -> 1.4.2) - update to 1.4.2: * Another struct_ops-focused bug fix release. It addresses a few more corner cases when dealing with SEC("struct_ops") programs. * It also improves error messaging around common use case of declaring struct_ops BPF program and not referencing it from SEC(".struct_ops") variable (backed by struct_ops BPF map). * This release should improve overall experience of using BPF struct_ops functionality. ==== libmodulemd ==== - Add glib-2.80.2-glibdoc-path.patch: Fix GLib documentation path for GLib 2.80.2 (https://github.com/fedora-modularity/libmodulemd/pull/618). ==== libxml2 ==== Version update (2.12.6 -> 2.12.7) Subpackages: libxml2-2 libxml2-tools - Update to version 2.12.7: + Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459). + xmllint: Fix --pedantic option. + save: Handle invalid parent pointers in xhtmlNodeDumpOutput. ==== makedumpfile ==== Version update (1.7.4 -> 1.7.5) - Update to 1.7.5: * Support for kernels up to v6.8 (x86_64) * Support for printk caller_id by --dump-dmesg option * [PATCH] ppc64: get vmalloc start address from vmcoreinfo * [PATCH] ppc64: read cur_mmu_type from vmcoreinfo * [PATCH] add PRINTK_CALLER id support to --dump-dmesg option * [PATCH v2 2/2] s390x: uncouple virtual and physical address spaces * [PATCH 1/2] s390x: fix virtual vs physical address confusion Regenerated the content of the makedumpfile-ppc64-VA-range-SUSE.patch file based on version 1.7.5 of the code ==== mozilla-nss ==== Version update (3.99 -> 3.100) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.100 - bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. - bmo#1893752 - remove ckcapi. - bmo#1893162 - avoid a potential PK11GenericObject memory leak. - bmo#671060 - Remove incomplete ESDH code. - bmo#215997 - Decrypt RSA OAEP encrypted messages. - bmo#1887996 - Fix certutil CRLDP URI code. - bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. - bmo#676118 - Add ability to encrypt and decrypt CMS messages using ECDH. - bmo#676100 - Correct Templates for key agreement in smime/cmsasn.c. - bmo#1548723 - Moving the decodedCert allocation to NSS. - bmo#1885404 - Allow developers to speed up repeated local execution of NSS tests that depend on certificates. ==== passt ==== Version update (20240426.d03c4e2 -> 20240510.7288448) Subpackages: passt-selinux - Update to version 20240510.7288448: * apparmor: allow read access on /tmp for pasta * tcp_splice: Set OUT_WAIT_ flag whenever pipe isn't emptied * udp: Single buffer for IPv4, IPv6 headers and metadata * udp: Use the same buffer for the L2 header for all frames * udp: Share payload buffers between IPv4 and IPv6 * udp: Explicitly set checksum in guest-bound UDP headers * udp: Combine initialisation of IPv4 and IPv6 iovs * udp: Split tap-bound UDP packets into multiple buffers using io vector * test: Allow sftp via vsock-ssh in tests * tcp: Update tap specific header too in tcp_fill_headers[46]() * iov: Helper macro to construct iovs covering existing variables or fields * tap, tcp: (Re-)abstract TAP specific header handling * tcp: Simplify packet length calculation when preparing headers * treewide: Standardise variable names for various packet lengths * checksum: Make csum_ip4_header() take a host endian length * treewide: Remove misleading and redundant endianness notes * tap: Remove unused structs tap_msg, tap_l4_msg * tap: Split tap specific and L2 (ethernet) headers * checksum: Use proto_ipv6_header_psum() for ICMPv6 as well * netlink: Fix iterations over nexthop objects ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - add procps into the base pattern as recommended together with zypper (which dropped the dependency) ==== perl-URI ==== Version update (5.270.0 -> 5.280.0) - updated to 5.28 see /usr/share/doc/packages/perl-URI/Changes 5.28 2024-03-27 01:49:44Z - Using Scalar::Util::reftype instead of just ref(), but mindful this time about definedness to avoid warnings (GH#140) (Jacques Deguest) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Move modules jack-tunnel and jackdbus-detect to the pipewire-spa-plugins-0_2-jack since those modules should only be used when the real jack server is running. This fixes pipewire starting jackdbus on start. ==== powerdevil6 ==== - Recommend ddcutil-i2c-udev-rules (boo#1224197) ==== sdbootutil ==== Version update (1+git20240506.573a6a4 -> 1+git20240514.56dc89c) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240514.56dc89c: * Add show-entry command * Add SYSTEMD_COLORS flag * Add byte order mark to boot.csv ==== soundtouch ==== Version update (2.3.2 -> 2.3.3) - Update to 2.3.3: * Fixing compiler warnings, maintenance fixes to make/build files for various systems - Refresh disable-ffast-math.patch ==== xwayland ==== Version update (23.2.6 -> 24.1.0) - Update to feature release 24.1.0 * This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI. + xwayland: Send ei_device_frame on device_scroll_discrete + xwayland: Restore the ResizeWindow handler + xwayland: Handle rootful resize in ResizeWindow + xwayland: Move XRandR emulation to the ResizeWindow hook + xwayland: Use correct xwl_window lookup function in xwl_set_shape - eglstreams has been dropped - Update to bug fix relesae 23.2.7 * m4: drop autoconf leftovers * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Call drmFreeDevice for dma-buf default feedback * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done * dri3: Free formats in cache_formats_and_modifiers * xwayland/glamor: Handle depth 15 in gbm_format_for_depth * Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows" * xwayland: Check for outputs before lease devices * xwayland: Do not remove output on withdraw if leased