[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse-factory
Subject: New Tumbleweed snapshot 20231121 released!
From: Dominique Leuenberger <dimstar () suse ! de>
Date: 2023-11-22 16:00:50
Message-ID: 170066885088.8243.13228944279588499196 () localhost
[Download RAW message or body]
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20231121
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
ImageMagick (7.1.1.20 -> 7.1.1.21)
adobe-sourcehanserif-fonts (2.001 -> 2.002)
aria2 (1.36.0 -> 1.37.0)
dhcp
kernel-source (6.6.1 -> 6.6.2)
libX11
libfido2 (1.13.0 -> 1.14.0)
librdkafka (2.1.1 -> 2.3.0)
llvm17 (17.0.4 -> 17.0.5)
mcelog (195 -> 196)
mdadm
openvpn (2.6.7 -> 2.6.8)
ovmf
xen
yast2-trans (84.87.20231104.b73ad6fbc9 -> 84.87.20231117.f12231d4de)
=== Details ===
==== ImageMagick ====
Version update (7.1.1.20 -> 7.1.1.21)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 \
libMagickWand-7_Q16HDRI10
- version update to 7.1.1.21
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
- modified patches
[bsc#1217014][bsc#1216811]
% ImageMagick-s390x-disable-tests.patch (refreshed)
- deleted patches
- ImageMagick-correct-time-to-live.patch (upstreamed)
- added patches
https://github.com/ImageMagick/ImageMagick/commit/8f3c56fabc619c1672865257e5aafe33cbfaaf3e
https://github.com/ImageMagick/ImageMagick/commit/3a7b915d9a810ce742987b37c935f6ae8b36df10
+ ImageMagick-infinite-resource-time-limit.patch
==== adobe-sourcehanserif-fonts ====
Version update (2.001 -> 2.002)
Subpackages: adobe-sourcehanserif-cn-fonts adobe-sourcehanserif-tw-fonts
- Remove old specfile constructs, update descriptions
- Update to 2.002R
* The copyright year was changed to â 2017â 2023.â
* Addition of ã Square Era Name Reiwa uni32FF-JP was omitted in
previous release notes Issue #163.
* The following glyphs were added to support GB 18030 2022
Implementation Level 2: uni4DB6-CN, uni4DB7-CN, uni4DB8-CN,
uni4DBA-CN, uni4DBB-CN, uni4DBC-CN, uni4DBD-CN, uni4DBE-CN,
uni4DBF-CN, uni5CB8-JP, uni9FEB-CN, uni9FEB-TW, uni9FEC-CN,
uni9FED-CN, uni9FEE-JP, uni9FEF-JP, uni9FF0-CN, uni9FF1-CN,
uni9FF2-CN, uni9FF3-CN, uni9FF4-CN, uni9FF5-CN, uni9FF6-CN,
uni9FF7-CN, uni9FF8-CN, uni9FF9-CN, uni9FFA-CN, uni9FFB-CN,
uni9FFC-CN, uni9FFD-CN, uni9FFE-CN, and uni9FFF-CN.
* Fixed aj16-kanji.txt per Issue #125.
* Fixed position of uni309B-V and uni309C-V per Issue #157.
* Fixed HK mapping for U+752D ç per Issue #159.
* Fixed CN mapping for U+5141 å and U+535A å per Issue #162.
* Remapped TW glyph for U+7239 ç per Issue #167.
* Restored JP glyph for U+5CB8 å per Issue #169.
* Fixed mapping for U+F9DC é per Issue #165.
* Fixed interpolation bug in uni2299 â per Issue #181.
* Fixed interpolation bugs in uni4B4C-CN ä and uni4B55-CN ä per
Issue #193.
==== aria2 ====
Version update (1.36.0 -> 1.37.0)
Subpackages: aria2-lang libaria2-0
- Update to version 1.37.0
* Fix header in --http-accept-gzip documentation
* Allow empty dist name in bencode which is needed for hybrid torrent
* Fix undefined behavior/crash in GZipEncoder
* Fix Metalink4 parsing with foreign namespaces
* fix wrong dht.dat binary file structure in docs
* Increase ByteArrayDiskWriter maximum size
* Logger: Fix format string overflow in writeHeader()
* Cap infoHashLength in .aria2 file
* Various documentation fixes and rewords
==== dhcp ====
Subpackages: dhcp-relay dhcp-server
- Remove dhclient-script (boo#1216822).
==== kernel-source ====
Version update (6.6.1 -> 6.6.2)
- Linux 6.6.2 (bsc#1012628).
- hwmon: (nct6775) Fix incorrect variable reuse in fan_div
calculation (bsc#1012628).
- numa: Generalize numa_map_to_online_node() (bsc#1012628).
- sched/topology: Fix sched_numa_find_nth_cpu() in CPU-less case
(bsc#1012628).
- sched/topology: Fix sched_numa_find_nth_cpu() in non-NUMA case
(bsc#1012628).
- sched/fair: Fix cfs_rq_is_decayed() on !SMP (bsc#1012628).
- iov_iter, x86: Be consistent about the __user tag on
copy_mc_to_user() (bsc#1012628).
- sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0
(bsc#1012628).
- sched/uclamp: Ignore (util == 0) optimization in feec() when
p_util_max = 0 (bsc#1012628).
- objtool: Propagate early errors (bsc#1012628).
- sched: Fix stop_one_cpu_nowait() vs hotplug (bsc#1012628).
- nfsd: Handle EOPENSTALE correctly in the filecache
(bsc#1012628).
- vfs: fix readahead(2) on block devices (bsc#1012628).
- writeback, cgroup: switch inodes with dirty timestamps to
release dying cgwbs (bsc#1012628).
- x86/srso: Fix SBPB enablement for (possible) future fixed HW
(bsc#1012628).
- x86/srso: Print mitigation for retbleed IBPB case (bsc#1012628).
- x86/srso: Fix vulnerability reporting for missing microcode
(bsc#1012628).
- x86/srso: Fix unret validation dependencies (bsc#1012628).
- futex: Don't include process MM in futex key on no-MMU
(bsc#1012628).
- x86/numa: Introduce numa_fill_memblks() (bsc#1012628).
- ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window
(bsc#1012628).
- cgroup/cpuset: Fix load balance state in
update_partition_sd_lb() (bsc#1012628).
- x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot
(bsc#1012628).
- x86/boot: Fix incorrect startup_gdt_descr.size (bsc#1012628).
- cpu/SMT: Make SMT control more robust against enumeration
failures (bsc#1012628).
- x86/apic: Fake primary thread mask for XEN/PV (bsc#1012628).
- srcu: Fix callbacks acceleration mishandling (bsc#1012628).
- drivers/clocksource/timer-ti-dm: Don't call clk_get_rate()
in stop function (bsc#1012628).
- x86/nmi: Fix out-of-order NMI nesting checks & false positive
warning (bsc#1012628).
- pstore/platform: Add check for kstrdup (bsc#1012628).
- perf: Optimize perf_cgroup_switch() (bsc#1012628).
- selftests/x86/lam: Zero out buffer for readlink() (bsc#1012628).
- PCI/MSI: Provide stubs for IMS functions (bsc#1012628).
- string: Adjust strtomem() logic to allow for smaller sources
(bsc#1012628).
- genirq/matrix: Exclude managed interrupts in
irq_matrix_allocated() (bsc#1012628).
- irqchip/sifive-plic: Fix syscore registration for multi-socket
systems (bsc#1012628).
- wifi: ath12k: fix undefined behavior with __fls in dp
(bsc#1012628).
- wifi: cfg80211: add flush functions for wiphy work
(bsc#1012628).
- wifi: mac80211: move radar detect work to wiphy work
(bsc#1012628).
- wifi: mac80211: move scan work to wiphy work (bsc#1012628).
- wifi: mac80211: move offchannel works to wiphy work
(bsc#1012628).
- wifi: mac80211: move sched-scan stop work to wiphy work
(bsc#1012628).
- wifi: mac80211: fix RCU usage warning in mesh fast-xmit
(bsc#1012628).
- wifi: cfg80211: fix off-by-one in element defrag (bsc#1012628).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation
(bsc#1012628).
- wifi: iwlwifi: honor the enable_ini value (bsc#1012628).
- wifi: iwlwifi: don't use an uninitialized variable
(bsc#1012628).
- i40e: fix potential memory leaks in i40e_remove() (bsc#1012628).
- iavf: Fix promiscuous mode configuration flow messages
(bsc#1012628).
- selftests/bpf: Correct map_fd to data_fd in tailcalls
(bsc#1012628).
- bpf, x64: Fix tailcall infinite loop (bsc#1012628).
- wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush()
(bsc#1012628).
- udp: introduce udp->udp_flags (bsc#1012628).
- udp: move udp->no_check6_tx to udp->udp_flags (bsc#1012628).
- udp: move udp->no_check6_rx to udp->udp_flags (bsc#1012628).
- udp: move udp->gro_enabled to udp->udp_flags (bsc#1012628).
- udp: add missing WRITE_ONCE() around up->encap_rcv
(bsc#1012628).
- udp: move udp->accept_udp_{l4|fraglist} to udp->udp_flags
(bsc#1012628).
- udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO (bsc#1012628).
- udp: annotate data-races around udp->encap_type (bsc#1012628).
- udplite: remove UDPLITE_BIT (bsc#1012628).
- udplite: fix various data-races (bsc#1012628).
- selftests/bpf: Skip module_fentry_shadow test when bpf_testmod
is not available (bsc#1012628).
- tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
(bsc#1012628).
... changelog too long, skipping 987 lines ...
- commit 9ecdaa5
==== libX11 ====
Subpackages: libX11-6 libX11-data libX11-xcb1
- this update is needed due to jsc#PED-7282; it includes the
security fix for CVE-2022-3555 (bsc#1204425, bsc#1208881) and
a fix for a race condition in libX11 that causes various
applications to crash randomly (boo#1181963)
==== libfido2 ====
Version update (1.13.0 -> 1.14.0)
- update to 1.14.0:
* fido2-cred -M, fido2-token -G: support raw client data
via -w flag.
* New API calls:
* * fido_assert_authdata_raw_len;
* * fido_assert_authdata_raw_ptr;
* * fido_assert_set_winhello_appid.
- add keyring for gpg validation
==== librdkafka ====
Version update (2.1.1 -> 2.3.0)
- update to 2.3.0:
* Partial support of topic identifiers. Topic identifiers in
metadata response available through the new
`rd_kafka_DescribeTopics` function
* KIP-117 Add support for AdminAPI `DescribeCluster()` and
`DescribeTopics()`
* Return authorized operations in Describe Responses.
* KIP-580: Added Exponential Backoff mechanism for
retriable requests with `retry.backoff.ms` as minimum backoff
and `retry.backoff.max.ms` as the
maximum backoff, with 20% jitter (#4422).
* Fixed ListConsumerGroupOffsets not fetching offsets for all
the topics in a group with Apache Kafka version below 2.4.0.
* Add missing destroy that leads to leaking partition structure
memory when there are partition leader changes and a stale
leader epoch is received (#4429).
* Fix a segmentation fault when closing a consumer using the
cooperative-sticky assignor before the first assignment
* Fix for insufficient buffer allocation when allocating rack
information (@wolfchimneyrock, #4449).
* Fix for infinite loop of OffsetForLeaderEpoch requests on
quick leader changes. (#4433).
* Fix for stored offsets not being committed if they lacked the
leader epoch (#4442).
* Upgrade OpenSSL to v3.0.11 (while building from source) with
various security fixes, check the release notes
* Fix to ensure permanent errors during offset validation
continue being retried and don't cause an offset reset (#4447).
* Fix to ensure max.poll.interval.ms is reset when
rd_kafka_poll is called with consume_cb (#4431).
* Fix for idempotent producer fatal errors, triggered after a
possibly persisted message state (#4438).
* Fix `rd_kafka_query_watermark_offsets` continuing beyond
timeout expiry (#4460).
* Fix `rd_kafka_query_watermark_offsets` not refreshing the
partition leader after a leader change and subsequent
`NOT_LEADER_OR_FOLLOWER` error (#4225).
==== llvm17 ====
Version update (17.0.4 -> 17.0.5)
- Update to version 17.0.5.
* This release contains bug-fixes for the LLVM 17.0.0 release.
This release is API and ABI compatible with 17.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
- Also test clang-tools-extra (at least most parts) and lld.
- Adapt test in lld-default-sha1.patch.
- Don't disable testing if qemu_user_space_build has been set to 0.
==== mcelog ====
Version update (195 -> 196)
- Update to version 196:
* mcelog: Add second model number for Arrowlake
==== mdadm ====
- No longer recommend smtp-daemon: this was a remainder from the
cron configuration, which was removed back in 2018.
==== openvpn ====
Version update (2.6.7 -> 2.6.8)
- update to 2.6.8:
* SIGSEGV crash: Do not check key_state buffers that are in S_UNDEF
state - the new sanity check function introduced in 2.6.7 sometimes
tried to use a NULL pointer after an unsuccessful TLS handshake
* CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
use a send buffer after it has been free()d in some circumstances,
causing some free()d memory to be sent to the peer. All configurations
using TLS (e.g. not using --secret) are affected by this issue.
* CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly
restore --fragment configuration in some circumstances, leading to a
division by zero when --fragment is used. On platforms where division
by zero is fatal, this will cause an OpenVPN crash.
* DCO: warn if DATA_V1 packets are sent by the other side - this a hard
incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4
server, and the only fix is to use --disable-dco.
* Remove OpenSSL Engine method for loading a key. This had to be removed
because the original author did not agree to relicensing the code with
the new linking exception added. This was a somewhat obsolete feature
anyway as it only worked with OpenSSL 1.x, which is end-of-support.
* add warning if p2p NCP client connects to a p2mp server - this is a
combination that used to work without cipher negotiation (pre 2.6 on
both ends), but would fail in non-obvious ways with 2.6 to 2.6.
* add warning to --show-groups that not all supported groups are listed
(this is due the internal enumeration in OpenSSL being a bit weird,
omitting X448 and X25519 curves).
* --dns: remove support for exclude-domains argument (this was a new 2.6
option, with no backend support implemented yet on any platform, and it
turns out that no platform supported it at all - so remove option again)
* warn user if INFO control message too long, do not forward to management
client (safeguard against protocol-violating server implementations)
* DCO-WIN: get and log driver version (for easier debugging).
* print "peer temporary key details" in TLS handshake
* log OpenSSL errors on failure to set certificate, for example if the
algorithms used are in acceptable to OpenSSL (misleading message would be
printed in cryptoapi / pkcs11 scenarios)
* add CMake build system for MinGW and MSVC builds
* remove old MSVC build system
* improve cmocka unit test building for Windows
==== ovmf ====
Subpackages: qemu-ovmf-x86_64
- Sync change log to prepare for sending edk2-stable202308 ovmf to SLE15-SP6
(jsc#PED-6233, jsc#PED-5523)
- Removed the following backported patches because they are merged
to edk2 mainline:
- ovmf-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch
494127613b SecurityPkg/DxeImageVerificationLib: Check result of \
GetEfiGlobalVariable2 (CVE-2019-14560, bsc#1174246)
==== xen ====
Subpackages: xen-libs xen-tools xen-tools-domU
- Pass XEN_BUILD_DATE + _TIME to override build date (boo#1047218)
==== yast2-trans ====
Version update (84.87.20231104.b73ad6fbc9 -> 84.87.20231117.f12231d4de)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn \
yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da \
yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et \
yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu \
yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it \
yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko \
yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb \
yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR \
yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl \
yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr \
yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN \
yast2-trans-zh_TW yast2-trans-zu
- Update to version 84.87.20231117.f12231d4de:
* New POT for text domain 'cc'.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic