Packages changed: MozillaFirefox (117.0 -> 117.0.1) cni-plugins (1.1.1 -> 1.3.0) curl (8.2.1 -> 8.3.0) gptfdisk javapackages-tools libwebp man mcelog (194 -> 195) multipath-tools openldap2 openldap2-contrib-src patterns-microos polkit-default-privs (1550+20230829.1a9a761 -> 1550+20230912.0978001) qemu (8.0.4 -> 8.1.0) sudo (1.9.14p1 -> 1.9.14p3) === Details === ==== MozillaFirefox ==== Version update (117.0 -> 117.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 117.0.1 * Fix a bug causing extensions using an event page for long- running tasks to be terminated while running, causing unexpected behavior changes (bmo#1851373) * Temporarily revert an intentional behavior change preventing Javascript from changing URL.protocol (bmo#1850954). * Fix audio worklets not working for sites using WebAssembly exception handling (bmo#1851468) * Fix the Reopen all tabs option in the Recently closed tabs menu sometimes failing to open all tabs (bmo#1850856) * Fix the bookmarks menu sometimes remaining partially visible when minimizing Firefox (bmo#1843700) * Fix an issue causing incorrect time zones to be detected on some sites (bmo#1848615) * MFSA 2023-40 CVE-2023-4863 (boo#1215231) Heap buffer overflow in WebP ==== cni-plugins ==== Version update (1.1.1 -> 1.3.0) - Update to version v1.3.0: * [sbr]: Ignore LinkNotFoundError during cmdDel * build(deps): bump github.com/Microsoft/hcsshim from 0.9.8 to 0.9.9 * Bump to golang 1.20 to pick up go1.19.6 / go1.20.1 CVE fixes * Fix ValidateExpectedRoute with non default routes and nil GW * tuning: fix cmdCheck when using IFNAME * bridge, del: timeout after 55 secs of trying to list rules * bridge, spoofcheck: only read the prerouting chain on CNI delete * build: consume specific tables/chains via go-nft * bridge: add vlan trunk support * enable govet and unparam linters * build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0 * Add parameter to disable default vlan * bridge, spoof check: remove drop rule index * go.mod: bump all deps * linter: fix ginkgolinter errors * Fix wastedassign linter errors * build(deps): bump actions/stale from 7 to 8 * Fix revive linter errors * build(deps): bump actions/setup-go from 3 to 4 * enable durationcheck, predeclared, unconvert, unused and wastedassign linters * remove govet and gofmt from test_linux.sh * enable ginkgolinter linter * enable revive linter * enable gocritic linter * enable gosimple linter * enable nonamedreturns linter * enable ineffassign linter * enable contextcheck linter * enable staticcheck linter * ci(lint): setup golangci-lint * ci(lint): setup yamllint linter Signed-off-by: Matthieu MOREL * Fix overwritten error var in getMTUByName * Update tests to utilize ginkgo/v2 * Update ginkgo to v2 in go.mod, go.sum, vendor * Tap plugin * build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.26.0 * build(deps): bump golang.org/x/sys from 0.4.0 to 0.5.0 * Only check ipv6 when an IPv6 is configured * Add support for in-container master for macvlans * Add support for in-container master for ipvlan * Add support for in-container master for vlans * bridge: re-fetch mac address * Update Allocate method to reuse lease if present * build(deps): bump github.com/safchain/ethtool to v0.2.0 * build(deps): bump golang.org/x/sys from 0.3.0 to 0.4.0 * Add IPv6 support for AddDefaultRoute * build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.2 * build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0 * build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 * build(deps): bump alpine in /.github/actions/retest-action * build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.1.0 * build(deps): bump github.com/vishvananda/netlink * build(deps): bump github.com/alexflint/go-filemutex from 1.1.0 to 1.2.0 * build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.9.6 * build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.24.2 * Update dependabot.yml * build(deps): bump actions/checkout from 2 to 3 * build(deps): bump actions/stale from 4 to 7 * build(deps): bump actions/setup-go from 2 to 3 * Update dependabot.yml * Update dependabot.yml * ci(deps): setup dependabot * Fix tuning path validation * Update email to gmail * Update portmap test's iptables error check * Remove references to io/ioutil package * fix bug on getting NextIP of addresses with first byte 0 * Fix path substitution to enable setting sysctls on vlan interfaces * support masquerade all config * host-local: remove unused Release(ip) from type Store interface * Cleanup Socket and Pidfile on exit * dummy: Create a Dummy CNI plugin that creates a virtual interface. * Use the same options for acquiring, renewing lease * bridge: update vlanFiltering variable to make code more readable * ci: only rerun failed jobs on `/retest` * build: support riscv64 * Check for duplicated sysctl keys * Update github.com/vishvananda/netlink to v1.2.0-beta * bridge: support IPAM DNS settings * Bump to go 1.18 * V2 API support for win-overlay CNI * bug: return errors when iptables and ip6tables are unusable * github: ignore issues with "keep" label from stale closing * Make description for `static` plugin more exact * workflow: add something to auto-close stale PRs * ipam/dhcp: Fix client id in renew/release * call ipam.ExceDel after clean up device in netns fix #666 * Add sysctl allowlist ==== curl ==== Version update (8.2.1 -> 8.3.0) Subpackages: libcurl4 - Update to 8.3.0: [bsc#1215026, CVE-2023-38039] * Changes: - curl: make %output{} in -w specify a file to write to - gskit: remove - lib: --disable-bindlocal builds curl without local binding support - nss: remove support for this TLS library - tool: add "variable" support - trace: make tracing available in non-debug builds - url: change default value for CURLOPT_MAXREDIRS to 30 - urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name * Bugfixes: - altsvc: accept and parse IPv6 addresses in response headers - asyn-ares: reduce timeout to 2000ms - aws-sigv4: canonicalize the query - aws-sigv4: fix having date header twice in some cases - aws-sigv4: handle no-value user header entries - c-hyper: adjust the hyper to curlcode conversion - c-hyper: fix memory leaks in `Curl_http` - cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP - cf-socket: log successful interface bind - cmake: add GnuTLS option - cmake: add support for `CURL_DEFAULT_SSL_BACKEND` - cmake: detect `SSL_set0_wbio` in OpenSSL - configure: trust pkg-config when it's used for zlib - configure: use the pkg-config --libs-only-l flag for libssh2 - connect: stop halving the remaining timeout when less than 600 ms left - crypto: ensure crypto initialization works - digest: Use hostname to generate spn instead of realm - ftp: fix temp write of ipv6 address - headers: accept leading whitespaces on first response header - http2: fix in h2 proxy tunnel: progress in ingress on sending - http3/ngtcp2: shorten handshake, trace cleanup - http3: quiche, handshake optimization, trace cleanup - http: close the connection after a late 417 is received - http: fix sending of large requests - http: return error when receiving too large header set - lib: fix null ptr derefs and uninitialized vars (h2/h3) - lib: move mimepost data from ->req.p.http to ->state - list-only.d: mention SFTP as supported protocol - ngtcp2: fix handling of large requests - openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` - openssl: clear error queue after SSL_shutdown - openssl: make aws-lc version support OCSP - openssl: Support async cert verify callback - openssl: switch to modern init for LibreSSL 2.7.0+ - openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before - quic: don't set SNI if hostname is an IP address - quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s - quiche: enable quiche to handle timeout events - resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set - schannel: verify hostname independent of verify cert - tool_filetime: make -z work with file dates before 1970 - tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR - tool_operate: make aws-sigv4 not require TLS to be used - transfer: also stop the sending on closed connection - urlapi: fix heap buffer overflow - urlapi: setting a blank URL ("") is not an ok URL ==== gptfdisk ==== - Add patch to fix UUID generation with util-linux >= 2.38: * gptfdisk-1.0.9-libuuid.patch ==== javapackages-tools ==== Subpackages: javapackages-filesystem - Added patch: * 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch + make the aliases and dependencies lists so that the order is kept - Added patch: * 0003-Reproducible-exclusions-order-in-maven-metadata.patch + sort exclusions in maven metadata ==== libwebp ==== Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - Add 0001-Fix-OOB-write-in-BuildHuffmanTable.patch [boo#1215231] [CVE-2023-4863] ==== man ==== - Add man-db-groff-1.23.0-warnings.patch * Fix build errors with groff 1.23.0 ==== mcelog ==== Version update (194 -> 195) - This contains following features: PED-6122 [GNR] RAS: mcelog Add support for Granite Rapids (ALP) PED-6102 [GNR] RAS: mcelog Add support for Granite Rapids (SLE 15 SP6) PED-6021 [SRF] RAS: mcelog support for Sierra Forest (SLE 15 SP6) PED-6050 [SRF] RAS: mcelog support for Sierra Forest (ALP) - Change git repo in _service file from git to https url - Update to version 195: * mcelog: Wire up model-specific decoding for Sierra Forest * mcelog: Add model-specific decoding for Granite Rapids * client.c: fix build w/ musl libc * mcelog: New model number for Arrowlake * mcelog: Don't overwrite model number when lookup fails * mcelog: Add Graniterapids, Grandridge and Sierraforest * mcelog: New model number for Lunarlake * mcelog: Add Emerald Rapids * Update PFA_test_howto - Adopt to mainline: M email.patch ==== multipath-tools ==== Subpackages: kpartx libmpath0 - Configuration directory should be /etc/multipath/conf.d (broken since 0.9.4+68+suse.98559ea) ==== openldap2 ==== Subpackages: libldap-data libldap2 openldap2-client - Disable SLP by default for Factory and ALP (bsc#1214884) ==== openldap2-contrib-src ==== - Disable SLP by default for Factory and ALP (bsc#1214884) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Install grub2-branding-openSUSE if grub2 will be used. (Added in base pattern). ==== polkit-default-privs ==== Version update (1550+20230829.1a9a761 -> 1550+20230912.0978001) - Update to version 1550+20230912.0978001: * udisks2: add additional mount and NVME actions (bsc#1214897) ==== qemu ==== Version update (8.0.4 -> 8.1.0) - Fix bsc#1211000: * [openSUSE] block: Add a thread-pool version of fstat (bsc#1211000) * [openSUSE] block: Convert qmp_query_block() to coroutine_fn (bsc#1211000) * [openSUSE] block: Don't query all block devices at hmp_nbd_server_start (bsc#1211000) * [openSUSE] block: Convert qmp_query_named_block_nodes to coroutine (bsc#1211000) * [openSUSE] block: Convert bdrv_block_device_info into co_wrapper (bsc#1211000) * [openSUSE] block: Convert bdrv_query_block_graph_info to coroutine (bsc#1211000) * [openSUSE] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed (bsc#1211000) * [openSUSE] block: Allow the wrapper script to see functions declared in qapi.h (bsc#1211000) * [openSUSE] block: Remove unnecessary variable in bdrv_block_device_info (bsc#1211000) * [openSUSE] block: Remove bdrv_query_block_node_info (bsc#1211000) - Fix bsc#1213210: * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210) - Update to version 8.1.0. Full list of changes are available at: https://wiki.qemu.org/ChangeLog/8.1 Highlights: * VFIO: improved live migration support, no longer an experimental feature * GTK GUI now supports multi-touch events * ARM, PowerPC, and RISC-V can now use AES acceleration on host processor * PCIe: new QMP commands to inject CXL General Media events, DRAM events and Memory Module events * ARM: KVM VMs on a host which supports MTE (the Memory Tagging Extension) can now use MTE in the guest * ARM: emulation support for bpim2u (Banana Pi BPI-M2 Ultra) board and neoverse-v1 (Cortex Neoverse-V1) CPU * ARM: new architectural feature support for: FEAT_PAN3 (SCTLR_ELx.EPAN), FEAT_LSE2 (Large System Extensions v2), and experimental support for FEAT_RME (Realm Management Extensions) * Hexagon: new instruction support for v68/v73 scalar, and v68/v69 HVX * Hexagon: gdbstub support for HVX * MIPS: emulation support for Ingenic XBurstR1/XBurstR2 CPUs, and MXU instructions * PowerPC: TCG SMT support, allowing pseries and powernv to run with up to 8 threads per core * PowerPC: emulation support for Power9 DD2.2 CPU model, and perf sampling support for POWER CPUs * RISC-V: ISA extension support for BF16/Zfa, and disassembly support for Zcm*/Z*inx/XVentanaCondOps/Xthead * RISC-V: CPU emulation support for Veyron V1 * RISC-V: numerous KVM/emulation fixes and enhancements * s390: instruction emulation fixes for LDER, LCBB, LOCFHR, MXDB, MXDBR, EPSW, MDEB, MDEBR, MVCRL, LRA, CKSM, CLM, ICM, MC, STIDP, EXECUTE, and CLGEBR(A) * SPARC: updated target/sparc to use tcg_gen_lookup_and_goto_ptr() for improved performance * Tricore: emulation support for TC37x CPU that supports ISA v1.6.2 instructions * Tricore: instruction emulation of POPCNT.W, LHA, CRC32L.W, CRC32.B, SHUFFLE, SYSCALL, and DISABLE * x86: CPU model support for GraniteRapids * and lots more... - This also (automatically) fixes: * bsc#1212850 (CVE-2023-3354) * bsc#1213001 (CVE-2023-3255) * bsc#1213925 (CVE-2023-3180) * bsc#1213414 (CVE-2023-3301) * bsc#1207205 (CVE-2023-0330) * bsc#1212968 (CVE-2023-2861) * bsc#1179993, bsc#1181740 ==== sudo ==== Version update (1.9.14p1 -> 1.9.14p3) Subpackages: sudo-plugin-python - Update to 1.9.14p3: * Fixed a crash with Python 3.12 when the sudo Python python is unloaded. This only affects make check for the Python plugin. * Adapted the sudo Python plugin test output to match Python 3.12. - Update to 1.9.14p2: * Fixed a crash on Linux systems introduced in version 1.9.14 when running a command with a NULL argv[0] if log_subcmds or intercept is enabled in sudoers. * Fixed a problem with "stair-stepped" output when piping or redirecting the output of a sudo command that takes user input when running a command in a pseudo-terminal. * Fixed a bug introduced in sudo 1.9.14 that affects matching sudoers rules containing a Runas_Spec with an empty Runas user. These rules should only match when sudo’s -g option is used but were matching even without the -g option. #290.