Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20230913
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=---
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (117.0 -> 117.0.1)
cni-plugins (1.1.1 -> 1.3.0)
curl (8.2.1 -> 8.3.0)
gptfdisk
javapackages-tools
libwebp
man
mcelog (194 -> 195)
multipath-tools
openldap2
openldap2-contrib-src
patterns-microos
polkit-default-privs (1550+20230829.1a9a761 -> 1550+20230912.0978001)
qemu (8.0.4 -> 8.1.0)
sudo (1.9.14p1 -> 1.9.14p3)
=== Details ===
==== MozillaFirefox ====
Version update (117.0 -> 117.0.1)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 117.0.1
* Fix a bug causing extensions using an event page for long-
running tasks to be terminated while running, causing
unexpected behavior changes (bmo#1851373)
* Temporarily revert an intentional behavior change preventing
Javascript from changing URL.protocol (bmo#1850954).
* Fix audio worklets not working for sites using WebAssembly
exception handling (bmo#1851468)
* Fix the Reopen all tabs option in the Recently closed tabs
menu sometimes failing to open all tabs (bmo#1850856)
* Fix the bookmarks menu sometimes remaining partially visible
when minimizing Firefox (bmo#1843700)
* Fix an issue causing incorrect time zones to be detected on
some sites (bmo#1848615)
* MFSA 2023-40 CVE-2023-4863 (boo#1215231)
Heap buffer overflow in WebP
==== cni-plugins ====
Version update (1.1.1 -> 1.3.0)
- Update to version v1.3.0:
* [sbr]: Ignore LinkNotFoundError during cmdDel
* build(deps): bump github.com/Microsoft/hcsshim from 0.9.8 to 0.9.9
* Bump to golang 1.20 to pick up go1.19.6 / go1.20.1 CVE fixes
* Fix ValidateExpectedRoute with non default routes and nil GW
* tuning: fix cmdCheck when using IFNAME
* bridge, del: timeout after 55 secs of trying to list rules
* bridge, spoofcheck: only read the prerouting chain on CNI delete
* build: consume specific tables/chains via go-nft
* bridge: add vlan trunk support
* enable govet and unparam linters
* build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
* Add parameter to disable default vlan
* bridge, spoof check: remove drop rule index
* go.mod: bump all deps
* linter: fix ginkgolinter errors
* Fix wastedassign linter errors
* build(deps): bump actions/stale from 7 to 8
* Fix revive linter errors
* build(deps): bump actions/setup-go from 3 to 4
* enable durationcheck, predeclared, unconvert, unused and wastedassign linters
* remove govet and gofmt from test_linux.sh
* enable ginkgolinter linter
* enable revive linter
* enable gocritic linter
* enable gosimple linter
* enable nonamedreturns linter
* enable ineffassign linter
* enable contextcheck linter
* enable staticcheck linter
* ci(lint): setup golangci-lint
* ci(lint): setup yamllint linter Signed-off-by: Matthieu MOREL
* Fix overwritten error var in getMTUByName
* Update tests to utilize ginkgo/v2
* Update ginkgo to v2 in go.mod, go.sum, vendor
* Tap plugin
* build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.26.0
* build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0
* Only check ipv6 when an IPv6 is configured
* Add support for in-container master for macvlans
* Add support for in-container master for ipvlan
* Add support for in-container master for vlans
* bridge: re-fetch mac address
* Update Allocate method to reuse lease if present
* build(deps): bump github.com/safchain/ethtool to v0.2.0
* build(deps): bump golang.org/x/sys from 0.3.0 to 0.4.0
* Add IPv6 support for AddDefaultRoute
* build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.2
* build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0
* build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
* build(deps): bump alpine in /.github/actions/retest-action
* build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.1.0
* build(deps): bump github.com/vishvananda/netlink
* build(deps): bump github.com/alexflint/go-filemutex from 1.1.0 to 1.2.0
* build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.9.6
* build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.24.2
* Update dependabot.yml
* build(deps): bump actions/checkout from 2 to 3
* build(deps): bump actions/stale from 4 to 7
* build(deps): bump actions/setup-go from 2 to 3
* Update dependabot.yml
* Update dependabot.yml
* ci(deps): setup dependabot
* Fix tuning path validation
* Update email to gmail
* Update portmap test's iptables error check
* Remove references to io/ioutil package
* fix bug on getting NextIP of addresses with first byte 0
* Fix path substitution to enable setting sysctls on vlan interfaces
* support masquerade all config
* host-local: remove unused Release(ip) from type Store interface
* Cleanup Socket and Pidfile on exit
* dummy: Create a Dummy CNI plugin that creates a virtual interface.
* Use the same options for acquiring, renewing lease
* bridge: update vlanFiltering variable to make code more readable
* ci: only rerun failed jobs on `/retest`
* build: support riscv64
* Check for duplicated sysctl keys
* Update github.com/vishvananda/netlink to v1.2.0-beta
* bridge: support IPAM DNS settings
* Bump to go 1.18
* V2 API support for win-overlay CNI
* bug: return errors when iptables and ip6tables are unusable
* github: ignore issues with "keep" label from stale closing
* Make description for `static` plugin more exact
* workflow: add something to auto-close stale PRs
* ipam/dhcp: Fix client id in renew/release
* call ipam.ExceDel after clean up device in netns fix #666
* Add sysctl allowlist
==== curl ====
Version update (8.2.1 -> 8.3.0)
Subpackages: libcurl4
- Update to 8.3.0: [bsc#1215026, CVE-2023-38039]
* Changes:
- curl: make %output{} in -w specify a file to write to
- gskit: remove
- lib: --disable-bindlocal builds curl without local binding support
- nss: remove support for this TLS library
- tool: add "variable" support
- trace: make tracing available in non-debug builds
- url: change default value for CURLOPT_MAXREDIRS to 30
- urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
* Bugfixes:
- altsvc: accept and parse IPv6 addresses in response headers
- asyn-ares: reduce timeout to 2000ms
- aws-sigv4: canonicalize the query
- aws-sigv4: fix having date header twice in some cases
- aws-sigv4: handle no-value user header entries
- c-hyper: adjust the hyper to curlcode conversion
- c-hyper: fix memory leaks in `Curl_http`
- cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
- cf-socket: log successful interface bind
- cmake: add GnuTLS option
- cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
- cmake: detect `SSL_set0_wbio` in OpenSSL
- configure: trust pkg-config when it's used for zlib
- configure: use the pkg-config --libs-only-l flag for libssh2
- connect: stop halving the remaining timeout when less than 600 ms left
- crypto: ensure crypto initialization works
- digest: Use hostname to generate spn instead of realm
- ftp: fix temp write of ipv6 address
- headers: accept leading whitespaces on first response header
- http2: fix in h2 proxy tunnel: progress in ingress on sending
- http3/ngtcp2: shorten handshake, trace cleanup
- http3: quiche, handshake optimization, trace cleanup
- http: close the connection after a late 417 is received
- http: fix sending of large requests
- http: return error when receiving too large header set
- lib: fix null ptr derefs and uninitialized vars (h2/h3)
- lib: move mimepost data from ->req.p.http to ->state
- list-only.d: mention SFTP as supported protocol
- ngtcp2: fix handling of large requests
- openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
- openssl: clear error queue after SSL_shutdown
- openssl: make aws-lc version support OCSP
- openssl: Support async cert verify callback
- openssl: switch to modern init for LibreSSL 2.7.0+
- openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
- quic: don't set SNI if hostname is an IP address
- quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
- quiche: enable quiche to handle timeout events
- resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
- schannel: verify hostname independent of verify cert
- tool_filetime: make -z work with file dates before 1970
- tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
- tool_operate: make aws-sigv4 not require TLS to be used
- transfer: also stop the sending on closed connection
- urlapi: fix heap buffer overflow
- urlapi: setting a blank URL ("") is not an ok URL
==== gptfdisk ====
- Add patch to fix UUID generation with util-linux >= 2.38:
* gptfdisk-1.0.9-libuuid.patch
==== javapackages-tools ====
Subpackages: javapackages-filesystem
- Added patch:
* 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch
+ make the aliases and dependencies lists so that the order is
kept
- Added patch:
* 0003-Reproducible-exclusions-order-in-maven-metadata.patch
+ sort exclusions in maven metadata
==== libwebp ====
Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3
- Add 0001-Fix-OOB-write-in-BuildHuffmanTable.patch
[boo#1215231] [CVE-2023-4863]
==== man ====
- Add man-db-groff-1.23.0-warnings.patch
* Fix build errors with groff 1.23.0
==== mcelog ====
Version update (194 -> 195)
- This contains following features:
PED-6122
[GNR] RAS: mcelog Add support for Granite Rapids (ALP)
PED-6102
[GNR] RAS: mcelog Add support for Granite Rapids (SLE 15 SP6)
PED-6021
[SRF] RAS: mcelog support for Sierra Forest (SLE 15 SP6)
PED-6050
[SRF] RAS: mcelog support for Sierra Forest (ALP)
- Change git repo in _service file from git to https url
- Update to version 195:
* mcelog: Wire up model-specific decoding for Sierra Forest
* mcelog: Add model-specific decoding for Granite Rapids
* client.c: fix build w/ musl libc
* mcelog: New model number for Arrowlake
* mcelog: Don't overwrite model number when lookup fails
* mcelog: Add Graniterapids, Grandridge and Sierraforest
* mcelog: New model number for Lunarlake
* mcelog: Add Emerald Rapids
* Update PFA_test_howto
- Adopt to mainline:
M email.patch
==== multipath-tools ====
Subpackages: kpartx libmpath0
- Configuration directory should be /etc/multipath/conf.d
(broken since 0.9.4+68+suse.98559ea)
==== openldap2 ====
Subpackages: libldap-data libldap2 openldap2-client
- Disable SLP by default for Factory and ALP (bsc#1214884)
==== openldap2-contrib-src ====
- Disable SLP by default for Factory and ALP (bsc#1214884)
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- Install grub2-branding-openSUSE if grub2 will be used.
(Added in base pattern).
==== polkit-default-privs ====
Version update (1550+20230829.1a9a761 -> 1550+20230912.0978001)
- Update to version 1550+20230912.0978001:
* udisks2: add additional mount and NVME actions (bsc#1214897)
==== qemu ====
Version update (8.0.4 -> 8.1.0)
- Fix bsc#1211000:
* [openSUSE] block: Add a thread-pool version of fstat (bsc#1211000)
* [openSUSE] block: Convert qmp_query_block() to coroutine_fn (bsc#1211000)
* [openSUSE] block: Don't query all block devices at hmp_nbd_server_start (bsc#1211000)
* [openSUSE] block: Convert qmp_query_named_block_nodes to coroutine (bsc#1211000)
* [openSUSE] block: Convert bdrv_block_device_info into co_wrapper (bsc#1211000)
* [openSUSE] block: Convert bdrv_query_block_graph_info to coroutine (bsc#1211000)
* [openSUSE] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed (bsc#1211000)
* [openSUSE] block: Allow the wrapper script to see functions declared in qapi.h (bsc#1211000)
* [openSUSE] block: Remove unnecessary variable in bdrv_block_device_info (bsc#1211000)
* [openSUSE] block: Remove bdrv_query_block_node_info (bsc#1211000)
- Fix bsc#1213210:
* target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210)
- Update to version 8.1.0. Full list of changes are available at:
https://wiki.qemu.org/ChangeLog/8.1
Highlights:
* VFIO: improved live migration support, no longer an experimental feature
* GTK GUI now supports multi-touch events
* ARM, PowerPC, and RISC-V can now use AES acceleration on host processor
* PCIe: new QMP commands to inject CXL General Media events, DRAM
events and Memory Module events
* ARM: KVM VMs on a host which supports MTE (the Memory Tagging Extension)
can now use MTE in the guest
* ARM: emulation support for bpim2u (Banana Pi BPI-M2 Ultra) board and
neoverse-v1 (Cortex Neoverse-V1) CPU
* ARM: new architectural feature support for: FEAT_PAN3 (SCTLR_ELx.EPAN),
FEAT_LSE2 (Large System Extensions v2), and experimental support for
FEAT_RME (Realm Management Extensions)
* Hexagon: new instruction support for v68/v73 scalar, and v68/v69 HVX
* Hexagon: gdbstub support for HVX
* MIPS: emulation support for Ingenic XBurstR1/XBurstR2 CPUs, and MXU
instructions
* PowerPC: TCG SMT support, allowing pseries and powernv to run with up
to 8 threads per core
* PowerPC: emulation support for Power9 DD2.2 CPU model, and perf
sampling support for POWER CPUs
* RISC-V: ISA extension support for BF16/Zfa, and disassembly support
for Zcm*/Z*inx/XVentanaCondOps/Xthead
* RISC-V: CPU emulation support for Veyron V1
* RISC-V: numerous KVM/emulation fixes and enhancements
* s390: instruction emulation fixes for LDER, LCBB, LOCFHR, MXDB, MXDBR,
EPSW, MDEB, MDEBR, MVCRL, LRA, CKSM, CLM, ICM, MC, STIDP, EXECUTE, and
CLGEBR(A)
* SPARC: updated target/sparc to use tcg_gen_lookup_and_goto_ptr() for
improved performance
* Tricore: emulation support for TC37x CPU that supports ISA v1.6.2
instructions
* Tricore: instruction emulation of POPCNT.W, LHA, CRC32L.W, CRC32.B,
SHUFFLE, SYSCALL, and DISABLE
* x86: CPU model support for GraniteRapids
* and lots more...
- This also (automatically) fixes:
* bsc#1212850 (CVE-2023-3354)
* bsc#1213001 (CVE-2023-3255)
* bsc#1213925 (CVE-2023-3180)
* bsc#1213414 (CVE-2023-3301)
* bsc#1207205 (CVE-2023-0330)
* bsc#1212968 (CVE-2023-2861)
* bsc#1179993, bsc#1181740
==== sudo ====
Version update (1.9.14p1 -> 1.9.14p3)
Subpackages: sudo-plugin-python
- Update to 1.9.14p3:
* Fixed a crash with Python 3.12 when the sudo Python python is unloaded.
This only affects make check for the Python plugin.
* Adapted the sudo Python plugin test output to match Python 3.12.
- Update to 1.9.14p2:
* Fixed a crash on Linux systems introduced in version 1.9.14 when running a
command with a NULL argv[0] if log_subcmds or intercept is enabled in
sudoers.
* Fixed a problem with "stair-stepped" output when piping or redirecting the
output of a sudo command that takes user input when running a command in
a pseudo-terminal.
* Fixed a bug introduced in sudo 1.9.14 that affects matching sudoers rules
containing a Runas_Spec with an empty Runas user. These rules should only
match when sudoâs -g option is used but were matching even without the -g
option. #290.