Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=... https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&comp... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: conmon (2.1.9 -> 2.1.10) discover dracut (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa) fwupd jbigkit jq (1.7 -> 1.7.1) kdump krb5 (1.21.1 -> 1.21.2) libpwquality libstorage-ng (4.5.162 -> 4.5.163) metamail mozilla-nss (3.94 -> 3.95) mutter open-vm-tools perl-Bootloader (1.9 -> 1.10) podman python-hiredis (2.2.2 -> 2.3.2) python-lark (1.1.5 -> 1.1.8) python311 python311-core rsync sudo (1.9.15p2 -> 1.9.15p4) systemd vim (9.0.2146 -> 9.0.2181) vte (0.74.1 -> 0.74.2) wtmpdb (0.9.3 -> 0.10.0) zbar === Details === ==== conmon ==== Version update (2.1.9 -> 2.1.10) - New upstream release 2.1.10 Bug fixes: * Fix incorrect free in conn_sock (removes fix-incorrect-free-in-conn_sock.patch) * logging: Respect log-size-max immediately after open ==== discover ==== Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang discover-notifier - Update appstream build requirement for compatibility with 1.0.0 (boo#1217047) - Remove obsolete version checks ==== dracut ==== Version update (059+suse.530.gba7b6a35 -> 059+suse.533.g5a7cf9fa) Subpackages: dracut-ima - Update to version 059+suse.533.g5a7cf9fa: * feat(dracut.sh): protect `push_host_devs` function * fix(dracut.sh): do not add device if `find_block_device` returns an error ==== fwupd ==== Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Own %{_modulesloaddir}: used to be present via udev-mini -> kmod - > suse-module-tools dependency before. ==== jbigkit ==== - security update - added patches fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler + jbigkit-CVE-2022-1210.patch ==== jq ==== Version update (1.7 -> 1.7.1) Subpackages: libjq1 - Update to version 1.7.1 Security * Fix CVE-2023-50246 (boo#1218034) + Fix heap buffer overflow in jvp_literal_number_literal. * Fix CVE-2023-50268 (boo#1218038) fix stack-buffer-overflow if comparing nan with payload. CLI changes * Make the default background color more suitable for bright backgrounds. * Allow passing the inline jq script after --. * Fix possible uninitialised value dereference if jq_init() fails Language changes * Simplify paths/0 and paths/1. * Reject U+001F in string literals. * Remove unused nref accumulator in block_bind_library. * Remove a bunch of unused variables, and useless assignments. * main.c: Remove unused EXIT_STATUS_EXACT option. * Actually use the number correctly casted from double to int as index. * src/builtin.c: remove unnecessary jv_copy-s in type_error/type_error2. * Remove undefined behavior caught by LLVM 10 UBSAN. * Convert decnum to binary64 (double) instead of decimal64. This makes jq behave like the JSON specification suggests and more similar to other languages. * Fix memory leaks on invalid input for ltrimstr/1 and rtrimstr/1. * Fix memory leak on failed get for setpath/2. * Fix nan from json parsing also for nans with payload that start with 'n'. * Allow carriage return characters in comments. Documentation changes * Generate links in the man page. libjq * Add extern C for C++. ==== kdump ==== - Update calibrate values for riscv64 ==== krb5 ==== Version update (1.21.1 -> 1.21.2) - update to 1.21.2 (bsc#1218211, CVE-2023-39975): * Fix double-free in KDC TGS processing [CVE-2023-39975]. ==== libpwquality ==== Subpackages: libpwquality-tools libpwquality1 pam_pwquality - add: prereq "pam-config" in baselibs.conf * post scriptlet in pam_pwquality-32bit runs: pam-config ==== libstorage-ng ==== Version update (4.5.162 -> 4.5.163) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#970 - consistent (and original) naming of bcache operations - coding style - improved logging - updated integration tests - fixed typo - 4.5.163 ==== metamail ==== - Have fixed date in mgrep.1 (boo#1047218) ==== mozilla-nss ==== Version update (3.94 -> 3.95) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.95 * bmo#1842932 - Bump builtins version number. * bmo#1851044 - Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * bmo#1855318 - Remove 4 DigiCert (Symantec/Verisign) Root Certificates * bmo#1851049 - Remove 3 TrustCor Root Certificates from NSS. * bmo#1850982 - Remove Camerfirma root certificates from NSS. * bmo#1842935 - Remove old Autoridad de Certificacion Firmaprofesional Certificate. * bmo#1860670 - Add four Commscope root certificates to NSS. * bmo#1850598 - Add TrustAsia Global Root CA G3 and G4 root certificates. * bmo#1863605 - Include P-384 and P-521 Scalar Validation from HACL* * bmo#1861728 - Include P-256 Scalar Validation from HACL*. * bmo#1861265 - After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * bmo#1837987 - Add means to provide library parameters to C_Initialize * bmo#1573097 - clang format * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection. * bmo#1858241 - Typo in ssl3_AppendHandshakeNumber * bmo#1858241 - Introducing input check of ssl3_AppendHandshakeNumber * bmo#1573097 - Fix Invalid casts in instance.c ==== mutter ==== - Add mutter-fix-text-input-delete-surrounding.patch: text-input-v3 requrires byte based offset but Clutter uses char based offset for delete_surrounding_text, fix it by converting before passing arguments (glgo#GNOME/mutter#2146, glgo#GNOME/mutter!2712). ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Own %{_modulesloaddir}: used to be present via udev-mini -> kmod - > suse-module-tools dependency before. ==== perl-Bootloader ==== Version update (1.9 -> 1.10) - merge gh#openSUSE/perl-bootloader#160 - fix 'pbl --version' to show correct version number - 1.10 ==== podman ==== - Refactor network backend dependencies: * podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it. * This fixes missing cni-plugins in some scenarios * Default to netavark everywhere where it's available ==== python-hiredis ==== Version update (2.2.2 -> 2.3.2) - update to 2.3.2: * Added Python 3.12 to test matrix and classifiers (#174) * Linking to Redis learning resources (#173) * Updating client license to clear, MIT (#170) * Integrating spellcheck into CI (#169) * hiredis 1.2.0 support, versioning as 2.3.0 (#168) * Fix including tests in sdist (#166) * Use absolute imports and remove __init__.py from tests. * Implement garbage collection support in Reader (#162) (#163) ==== python-lark ==== Version update (1.1.5 -> 1.1.8) - update to 1.1.8: * Populate the `Token.end_*` fields for ignored tokens * Include .lark files in package data * Add an error message when using Lark.save() when parser!='lalr' * Add and improve docstrings * Small update to PR #1338 * Fix 1345 attempt two * Earley now uses OrderedSet for better output stability * ContextualLexer now uses self.basic_lexer for easy extensibility (iss… * Improved typing around LALR and ParserState * Typing fixes. Mypy now produces 0 type errors * Standalone: Added support for interactive parser. - update to 1.1.7: * Bugfix in propagate_positions (issue #1304) - update to 1.1.6: * Added strict-mode, enabled by `strict=True`, implemented using interegular by @MegaIng * Read more here: https://lark- parser.readthedocs.io/en/latest/how_to_use.html#strict-mode * Cache: Replace md5 hashing with sha256. * Support for Python-style comments in Lark grammar * Updates to python.lark * Bugfixes and cleanup ==== python311 ==== Subpackages: python311-curses python311-dbm - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. ==== rsync ==== - Moved rsyncd.conf and rsyncd.secrets to /usr/etc. * Add rsync-usr-etc.patch ==== sudo ==== Version update (1.9.15p2 -> 1.9.15p4) Subpackages: sudo-plugin-python - For existing products (SLE15-SP* and older) keep using /etc and don't switch to /usr/etc. So only SLES16/ALP, Tumbleweed and newer products will use both /etc and /usr/etc locations. - Update to 1.9.15p4: * Fixed a bug introduced in sudo 1.9.15 that could prevent a user’s privileges from being listed by sudo -l if the sudoers entry in /etc/nsswitch.conf contains [SUCCESS=return]. This did not affect the ability to run commands via sudo. Bug #1063. - Update to 1.9.15p3: * Always disable core dumps when sudo sends itself a fatal signal. Fixes a problem where sudo could potentially dump core dump when it re-sends the fatal signal to itself. This is only an issue if the command * received a signal that would normally result in a core dump but the command did not actually dump core. * Fixed a bug matching a command with a relative path name when the sudoers rule uses shell globbing rules for the path name. Bug #1062. * Permit visudo to be run even if the local host name is not set. GitHub issue #332. * Fixed an editing error introduced in sudo 1.9.15 that could prevent sudoreplay from replaying sessions correctly. GitHub issue #334. * Fixed a bug introduced in sudo 1.9.15 where sudo -l > /dev/null could hang on Linux systems. GitHub issue #335. * Fixed a bug introduced in sudo 1.9.15 where Solaris privileges specified in sudoers were not applied to the command being run. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-coredump systemd-doc udev - udev: only require kmod in the full flavor. udev-mini is only used inside OBS in a strictly defined setup and udev will never have to load device drivers there. - Import commit 071ac409a0564863657d8f8a5a35e6a4f914695f 071ac409a0 rules: set up tty permissions and group for /dev/hvc* nodes f693b3ed8a vconsole-setup: remember the correct error value when open_terminal() fails 963d838bad vconsole-setup: handle the case where the vc is in KD_GRAPHICS mode more gracefully (bsc#1215282) 6f53f71d2d vconsole-setup: simplify error handling ==== vim ==== Version update (9.0.2146 -> 9.0.2181) Subpackages: vim-data vim-data-common vim-small xxd - update to 9.0.2181: * Vim9: missing error messages * update helptags * POSIX function name in exarg causes issues * no filetype detection for execline scripts * reg_executing() wrong for :normal with range * Wrong cursor position when dragging out of window * Update Serbian messages translation * runtime(netrw): prevent E11 on FocusGained autocommand * Update Japanese translation * runtime(8th): updated 8th syntax * change dependabot prefix to "CI" * Update change.txt * Compile error with Motif UI + mouse support * Create Changelog until v9.0.2175 * Update Italian translations * Update tmux syntax rules * Update Turkish translations * Compiler warning for uninitialized var * update fortran syntax rules and doc notes * Vim9: segfault when assigning to type * remove deprecation warning for gdefault * Vim9: crash when compiling for statement and non-existing type * Vim9: compiling :defer may fail * Updated Irish translation * Update Logtalk runtime files for the latest language spec * update Racket runtime files * Update colorschemes * The options[] array is still not sorted alphabetically * Vim9: no support for const/final class/objects vars * Vim9: builtin funcs may accept a non-value * Moving tabpages on :drop may cause an endless loop * sync runtime files with upstream * grammar & typo fixes * add Tbreak command * Vim9: not consistently using :var for declarations * Memory leak in Configure Script when checking GTK * Vim9: can simplify arg type checking code * Vim9: can use type a func arg/return value * escape curdir in BrowseUpDir * Vim9: type can be assigned to list/dict * Vim9: type documentation out-dated * Vim9: not able to use imported interfaces and classes * instanceof() should use varargs as second arg * Update syntax file, fix missing for highlight * screenpos() may crash with neg. column * [security]: use-after-free in check_argument_type * Vim9: incorrectly parses :def func definitions * Vim9: can use typealias in assignment * ft detection maybe wrong if 'fic' set for *.[CH] * re-generate helptags * do not set b:did_ftplugin before sourcing scala ftplugin(#13657) * Fix `w:netrw_bannercnt` ref error with `netrw_fastbrowse=2` * fix examples in comments for JSON formatting * Add json formating plugin (Issue #11426) * Update syntax file * link cmdline completion to to |wildcards| and fix typos * Update eval.txt * Vim9: type not kept when assigning vars * The option[] array is not sorted * unlet b:filetype_in_cpp_family for cpp & squirrel * fix typo in change.txt * update syntax and ftplugins * Update syntax file and syntax test * Sort options.txt alphabetically * update todo items * sort option-list alphabetically * no support to build on OpenVMS * Using type unknown for List/Dict containers * 'breakindent' is not drawn after diff filler lines * remove non-existent parameter in shift-command * Using int for errbuflen in option funcs * [security]: use-after-free in exec_instructions() * Vim does not detect pacman.log file * reference 'go-!' inside os_win32.txt for !start * Type check tests fail without the channel feature ==== vte ==== Version update (0.74.1 -> 0.74.2) - Update to version 0.74.2: * lib,bidi: Work on the heap rather than the stack * stream: Fix a rare corruption when advancing the tail * widget: Fix initial cursor blink state * build: Post release version bump ==== wtmpdb ==== Version update (0.9.3 -> 0.10.0) Subpackages: libwtmpdb0 - Update to version 0.10.0 - last: support matching for username and/or tty ==== zbar ==== - security update: * CVE-2023-40889 [bsc#1214770] Fix heap based buffer overflow in qr_reader_match_centers() + zbar-CVE-2023-40889.patch * CVE-2023-40890 [bsc#1214771] Fix stack based buffer overflow in lookup_sequence() + zbar-CVE-2023-40890.patch