Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=... https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&comp... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: AppStream Mesa Mesa-drivers PackageKit branding-openSUSE (84.87.20210910 -> 84.87.20230227) ffmpeg-5 flac git (2.39.2 -> 2.40.0) grub2 iso-codes (4.12.0 -> 4.13.0) kbd (2.4.0 -> 2.5.1) kernel-firmware (20230210 -> 20230313) keylime (6.6.0 -> 6.7.0) lame libcamera libjpeg-turbo libstorage-ng (4.5.83 -> 4.5.85) libvorbis microos-tools (2.18 -> 2.19) mozilla-nss (3.87 -> 3.88.1) mozjs102 (102.8.0 -> 102.9.0) mutter ncurses (6.4.20230225 -> 6.4.20230311) nftables (1.0.6 -> 1.0.7) openexr (3.1.5 -> 3.1.6) osinfo-db (20221130 -> 20230308) pam-config (1.8 -> 1.9) pam_kwallet python-cryptography (39.0.1 -> 39.0.2) python310 python310-core sqlite3 vim xz yast2-add-on (4.6.0 -> 4.6.1) yast2-installation (4.6.0 -> 4.6.1) yast2-storage-ng (4.6.0 -> 4.6.1) zvbi (0.2.39 -> 0.2.41) === Details === ==== AppStream ==== Subpackages: libAppStreamQt2 libappstream4 - Add upstream fix for new glib-2.76: * bfa8fa6ac4ef645368a93384a6c16ac551a40922.patch ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch * reverse apply this patch to fix a regression caused by this commit, which resulted in gnome-shell constantly crashing, which is making a GNOME/X11 session impossible (boo#1209005) ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - U_glx-Remove-pointless-GLX_INTEL_swap_event-paranoia.patch * reverse apply this patch to fix a regression caused by this commit, which resulted in gnome-shell constantly crashing, which is making a GNOME/X11 session impossible (boo#1209005) ==== PackageKit ==== Subpackages: PackageKit-backend-dnf PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Add PackageKit-fix-pkcon-permission.patch: trivial: Drop unnecessary x permission (gh#PackageKit/PackageKit/commit/47b7f97bc, bsc#1209138) ==== branding-openSUSE ==== Version update (84.87.20210910 -> 84.87.20230227) Subpackages: grub2-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE - Make title QToolButton backgrounds transparent - Drop optipng requirement ==== ffmpeg-5 ==== Subpackages: libavcodec59 libavfilter8 libavformat59 libavutil57 libpostproc56 libswscale6 - Add soname.diff to get libswresample4 nonconflicting with ffmpeg-6. - Actually enable libjxl backend ==== flac ==== - Build AVX2 enabled hwcaps library for x86_64-v3 ==== git ==== Version update (2.39.2 -> 2.40.0) - git 2.40.0: * backward incompatible change: The format.attach configuration variable lacked a way to override a value defined in a lower-priority configuration file (e.g. the system one) by redefining it in a higher-priority configuration file. Now, setting format.attach to an empty string means show the patch inline in the e-mail message, without using MIME attachment. * multiple commands and workflows gained additional options, compatible functionality, or more helpful output * "grep -P" learned to use Unicode Character Property to grok character classes when processing \b and \w etc. * under-the-hood improvements and bug fixes - The scripted "git add -p/-i" implementation was removed upstream. The openSUSE package already preferred the C implementation. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Discard cached key from grub shell and editor mode * 0001-clean-up-crypttab-and-linux-modules-dependency.patch * 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch ==== iso-codes ==== Version update (4.12.0 -> 4.13.0) Subpackages: iso-codes-lang - update to version 4.13.0: + ISO 3166-1: Add missing common names for Laos, Iran, and Syria. + ISO 3166-3: Fix withdrawal dates of AN, CS and YU. + Updated translations. ==== kbd ==== Version update (2.4.0 -> 2.5.1) Subpackages: kbd-legacy - Update to version 2.5.1 - Add Irish keyboard map - Add PinePhone keyboard keymap - Added braces to IT keyboard map - Add Euro at Portuguese keyboards - Fix incorrect acentuation pt-latin9 - fa.map: drop high codepoint character that chokes loadkeys - data/keymaps/i386/neo: use Delete instead of Backspace - Fix documentation for a few program options - Fix some memory leaks - Update translations - autogen.sh missing from release tarball, copy from git - Remove upstreamed patches - 0001-libkfont-Initialize-kfont_context-options.patch - kbd-1.15.2-dumpkeys-C-opt.patch - kbd-2.0.2-comment-typo-qwerty.patch ==== kernel-firmware ==== Version update (20230210 -> 20230313) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20230313 (git commit 5bc279fb161d): * iwlwifi: update core69 and core72 firmwares for So device * qat: update licence text * rtl_bt: Update RTL8822C BT USB firmware to 0x0CC6_D2E3 * rtl_bt: Update RTL8822C BT UART firmware to 0x05C6_D2E3 * WHENCE: remove duplicate File entries * WHENCE: remove trailing white space * linux-firmware: add fw for qat_4xxx (jsc#PED-3699) * Fix symlinks for Intel firmware * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * linux-firmware: update firmware for MT7921 WiFi device * iwlwifi: update core69 and core72 firmwares for Ty device * rtlwifi: Add firmware v16.0 for RTL8710BU aka RTL8188GU * brcm: Add nvram for the Lenovo Yoga Book X90F / X90L convertible * brcm: Fix Xiaomi Inc Mipad2 nvram/.txt file macaddr * brcm: Add nvram for the Advantech MICA-071 tablet * rtl_bt: Update RTL8852C BT USB firmware to 0xD7B8_FABF * rtl_bt: Add firmware and config files for RTL8821CS * rtw89: 8852b: update fw to v0.29.29.0 * rtw89: 8852b: update fw to v0.29.26.0 * liquidio: remove lio_23xx_vsw.bin * intel: avs: Add AudioDSP base firmware for CNL-based platforms * intel: avs: Add AudioDSP base firmware for APL-based platforms * intel: avs: Add AudioDSP base firmware for SKL-based platforms * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: WCN6750 hw1.0: update board-2.bin * ath11k: IPQ5018 hw1.0: add to WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ5018 hw1.0: add board-2.bin * ath10k: QCA6174 hw3.0: update firmware-sdio-6.bin to version WLAN.RMH.4.4.1-00174 * ath10k: WCN3990 hw1.0: update board-2.bin * cnm: update chips&media wave521c firmware. * amdgpu: Update GC 11.0.1 firmware * intel: catpt: Add AudioDSP base firmware for BDW platforms - Update topics for catpt/avs - Update aliases - Update spec template ==== keylime ==== Version update (6.6.0 -> 6.7.0) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tenant keylime-tpm_cert_store keylime-verifier python310-keylime - Update to version v6.7.0: * codestyle: Define RuntimePolicyType and use it * ima: Move type defitions from ima_dm.py to types.py * docs: fix docs * End of term for @mpeters + propose @maugustosilva * verifier: Activate every m-th agent starting at the n-th agent on a worker * verifier: Read list of agents early on * create_policy: read the hashes from filelists-ext * tests: remove restful test and simplify test scripts * tests: config move agent config example to verifier * Update source code mapping in codecov.yml * ima: do not validate against the allowlist if signature was already validated * Disable e2e on Rawhide due to RHBZ#2171376 * roadmap: update for 2023 * readme: remove installation instructions, update outdated information * db: switch to pessimistic disconnect handling * Add timestamp of last successful attestation to verifier API * tpm: improve logging for tpm and measured boot policy * da: fixes for breakages on durable Attestation * codestyle: Fully annotate cloud_verifier_tornado and add to mypy * create_policy: clarify IMA on links * create_policy: be explicit on opening binary files * create_policy: use public variants for RPM flags * create_policy: remote repository IMA extraction * create_policy: local RPM repository IMA extraction * create_policy: remove the experimental status * create_policy: print into stderr * signing: small refactor on the code * Add missing e2e tests and reordering tests based on alphabetical order * verifier,tenant : fix IMA runtime policy bug (issue #1306) * e2e tests: Fix test name (#1307) * verifier: fixing type issues (#1272) * config: improve support for (log-based) debugging * Fix stray references to "IMA policies" in conversion script * tests: only keep test specific packages in test-requirements.txt * codestyle: Have pyright ignore assignments of values to DB columns * codestyle: Call type conversion functions on agent's DB columns * codestyle: Fully annotate cloud_verifier_common.py and add to mypy * codestyle: Have pyright ignore the parameter passed to the update() function * codestyle: Have pyright ignore fields used to select columns to load * codestyle: Add an assert to the returned update_agent to avoid pyright errors * codesyle: Fix annotations of notify functions in revocation_notifier.py ==== lame ==== - Build AVX2 enabled hwcaps library for x86_64-v3 ==== libcamera ==== Subpackages: libcamera-base0_0_4 libcamera0_0_4 - Disable warning in silent-Werror_dangling-reference.patch based compiler version. - Add silent-Werror_dangling-reference.patch that addressed a false-positive warning in GCC: https://bugs.libcamera.org/show_bug.cgi?id=185. ==== libjpeg-turbo ==== - Build AVX2 enabled hwcaps library for x86_64-v3 ==== libstorage-ng ==== Version update (4.5.83 -> 4.5.85) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#918 - allow trailing space when parsing btrfs version (bsc#1209252) - 4.5.85 - merge gh#openSUSE/libstorage-ng#917 - extended error logging - 4.5.84 ==== libvorbis ==== Subpackages: libvorbis0 libvorbisenc2 libvorbisfile3 - Build AVX2 enabled hwcaps library for x86_64-v3 - Small spec file cleanup ==== microos-tools ==== Version update (2.18 -> 2.19) - Update URL - Update to version 2.19: - configure.ac: Run autoupdate to fix some deprecation warnings - Clean up selinux-autorelabel-generator and make it compatible with systemd 253 ==== mozilla-nss ==== Version update (3.87 -> 3.88.1) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs - update to NSS 3.88.1 * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types - update to NSS 3.88 * bmo#1815870 - use a different treeherder symbol for each docker image build task * bmo#1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images * bmo#1810702 - remove nested table in rst doc * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. * bmo#1812671 - build failure while implicitly casting SECStatus to PRUInt32 * bmo#1212915 - Add check for ClientHello SID max length * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim * bmo#1790357 - ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup * bmo#1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm * bmo#1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test * bmo#1771100 - Added Bogo ECH rejection test support * bmo#1771100 - Added ECH 0Rtt support to BoGo shim * bmo#1747957 - RSA OAEP Wycheproof JSON * bmo#1747957 - RSA decrypt Wycheproof JSON * bmo#1747957 - ECDSA Wycheproof JSON * bmo#1747957 - ECDH Wycheproof JSON * bmo#1747957 - PKCS#1v1.5 wycheproof json * bmo#1747957 - Use X25519 wycheproof json * bmo#1766767 - Move scripts to python3 * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz. * bmo#1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) * bmo#1804091 - NSS needs to move off of DSA for integrity checks * bmo#1805815 - Add initial testing with ACVP vector sets using acvp-rust * bmo#1806369 - Don't clone libFuzzer, rely on clang instead ==== mozjs102 ==== Version update (102.8.0 -> 102.9.0) - Update to version 102.9.0: + Various security fixes. + CVE-2023-25751: Incorrect code generation during JIT compilation. + CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. + CVE-2023-28162: Invalid downcast in Worklets. + CVE-2023-25752: Potential out-of-bounds when accessing throttled streams. + CVE-2023-28163: Windows Save As dialog resolved environment variables. + CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9. ==== mutter ==== - Add mutter-prevent-newly-focused-windows-to-steal-focus-from-shell.patch: Revert wrong commit and try a third approach to fix focus (bsc#1208494). ==== ncurses ==== Version update (6.4.20230225 -> 6.4.20230311) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230311 + improve manpage description for addch versus unctrl format used for non-printable characters. + modify version-check for gcc/g++, now works for msys2. + modify check in _nc_write_entry() for multiply defined aliases to report problems within the current runtime of tic rather than for conflicts with pre-existing terminal descriptions. + allow for MinGW32-/64-bit configurations to use _DEFAULT_SOURCE + clarify interaction of -R option versus -C, -I and -r in infocmp manpage. + build-fix in lib_win32con.c (cf: 20230211). ==== nftables ==== Version update (1.0.6 -> 1.0.7) Subpackages: libnftables1 python3-nftables - Update to release 1.0.7 * Support for vxlan/geneve/gre/gretap matching * auto-merge support for partial set element deletion * Allow for NAT mapping with concatenation and ranges * Support for quota in sets ==== openexr ==== Version update (3.1.5 -> 3.1.6) Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - update to 3.1.6: * NEON optimizations for ZIP reading * Enable fast Huffman & Huffman zig-zag transform for Arm Neon * Support relative and absolute libdir/includedir in pkg-config generation * Fix for reading memory mapped files with DWA compression * Enable SSE4 support on Windows * Fast huf decoder - Drop gcc13-fix.patch ==== osinfo-db ==== Version update (20221130 -> 20230308) - Update to database version 20230308 osinfo-db-20230308.tar.xz ==== pam-config ==== Version update (1.8 -> 1.9) - Update to version 1.9 - Add support for pam_lastlog2 ==== pam_kwallet ==== Subpackages: pam_kwallet-common - Add patches for handling edge cases and hardening: * 0001-Verify-that-XDG_RUNTIME_DIR-is-usable.patch * 0002-Don-t-do-anything-if-the-password-is-empty.patch * 0003-Exit-early-if-the-target-user-is-root.patch * 0004-Don-t-call-pam_sm_open_session-within-pam_sm_authent.patch ==== python-cryptography ==== Version update (39.0.1 -> 39.0.2) - update to 39.0.2: * Fixed a bug where the content type header was not properly encoded for PKCS7 signatures when using the ``Text`` option and ``SMIME`` encoding. ==== python310 ==== Subpackages: python310-curses python310-dbm - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). ==== python310-core ==== Subpackages: libpython3_10-1_0 python310-base - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). ==== sqlite3 ==== Subpackages: libsqlite3-0 sqlite3-tcl - Build AVX2 enabled hwcaps library for x86_64-v3 ==== vim ==== Subpackages: vim-data vim-data-common vim-small - Update spec.skeleton to use autosetup in place of setup macro. ==== xz ==== Subpackages: liblzma5 - Build AVX2 enabled hwcaps library for x86_64-v3 ==== yast2-add-on ==== Version update (4.6.0 -> 4.6.1) - Removed unnecessary executable flag from file add-on-workflow.rb (bsc#1209094) - 4.6.1 ==== yast2-installation ==== Version update (4.6.0 -> 4.6.1) - Removed unnecessary executable flag from file security_proposal.rb (bsc#1209094) - 4.6.1 ==== yast2-storage-ng ==== Version update (4.6.0 -> 4.6.1) - Removed unnecessary executable flags from files (bsc#1209094) - 4.6.1 ==== zvbi ==== Version update (0.2.39 -> 0.2.41) - update to 0.2.41: * src/libzvbi.h: In libzvbi.h, remove #include version.h and replace with version number macros * po/*.po: Update Project-Id-Version.