Packages changed: bind (9.18.10 -> 9.18.11) dracut (059+suse.358.g8ecd6e83 -> 059+suse.360.g2e0ed5f7) ell (0.55 -> 0.56) hylafax+ (7.0.6 -> 7.0.7) libheif libstorage-ng (4.5.64 -> 4.5.65) logrotate (3.20.1 -> 3.21.0) lsof (4.96.5 -> 4.97.0) multipath-tools (0.9.2+59+suse.ac8942d -> 0.9.4+68+suse.98559ea) patterns-media scout (0.2.6+20211130.022a45c -> 0.2.7+20230124.b4e3468) wicked (0.6.71 -> 0.6.72) xorg-x11-server yast2-installation (4.5.13 -> 4.5.15) yast2-network (4.5.14 -> 4.5.15) yast2-ntp-client (4.5.2 -> 4.5.3) === Details === ==== bind ==== Version update (9.18.10 -> 9.18.11) Subpackages: bind-doc bind-utils - Update to release 9.18.11 Security Fixes: * An UPDATE message flood could cause named to exhaust all available memory. This flaw was addressed by adding a new update-quota option that controls the maximum number of outstanding DNS UPDATE messages that named can hold in a queue at any given time (default: 100). (CVE-2022-3094) * named could crash with an assertion failure when an RRSIG query was received and stale-answer-client-timeout was set to a non-zero value. This has been fixed. (CVE-2022-3736) * named running as a resolver with the stale-answer-client-timeout option set to any value greater than 0 could crash with an assertion failure, when the recursive-clients soft quota was reached. This has been fixed. (CVE-2022-3924) New Features: * The new update-quota option can be used to control the number of simultaneous DNS UPDATE messages that can be processed to update an authoritative zone on a primary server, or forwarded to the primary server by a secondary server. The default is 100. A new statistics counter has also been added to record events when this quota is exceeded, and the version numbers for the XML and JSON statistics schemas have been updated. Removed Features: * The Differentiated Services Code Point (DSCP) feature in BIND has been non-operational since the new Network Manager was introduced in BIND 9.16. It is now marked as obsolete, and vestigial code implementing it has been removed. Configuring DSCP values in named.conf now causes a warning to be logged. Feature Changes: * The catalog zone implementation has been optimized to work with hundreds of thousands of member zones. Bug Fixes: * A rare assertion failure was fixed in outgoing TCP DNS connection handling. * Large zone transfers over TLS (XoT) could fail. This has been fixed. * In addition to a previously fixed bug, another similar issue was discovered where quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. This has been fixed. * In certain query resolution scenarios (e.g. when following CNAME records), named configured to answer from stale cache could return a SERVFAIL response despite a usable, non-stale answer being present in the cache. This has been fixed. * When an outgoing request timed out, named would retry up to three times with the same server instead of trying the next available name server. This has been fixed. * Recently used ADB names and ADB entries (IP addresses) could get cleaned when ADB was under memory pressure. To mitigate this, only actual ADB names and ADB entries are now counted (excluding internal memory structures used for “housekeeping”) and recently used (<= 10 seconds) ADB names and entries are excluded from the overmem memory cleaner. * The “Prohibited” Extended DNS Error was inadvertently set in some NOERROR responses. This has been fixed. * Previously, TLS session resumption could have led to handshake failures when client certificates were used for authentication (Mutual TLS). This has been fixed. [bsc#1207471, bsc#1207473, bsc#1207475] ==== dracut ==== Version update (059+suse.358.g8ecd6e83 -> 059+suse.360.g2e0ed5f7) Subpackages: dracut-mkinitrd-deprecated - Update to version 059+suse.360.g2e0ed5f7: * revert(multipath): install multipathd.socket (bsc#1207524) ==== ell ==== Version update (0.55 -> 0.56) - update to 0.56: * Add support for TLS session resume interfaces. ==== hylafax+ ==== Version update (7.0.6 -> 7.0.7) Subpackages: hylafax+-client - version 7.0.7 * tiff_450.diff removed * constrain job priority to 0-255 (20 Jan 2023) * add support for libtiff v4.5.0 (4-5 Jan 2023) * add some Si2435 configuration considerations (27 Dec 2022, 20 Jan 2023) * if Class1RecvAbortOK is 0 then don't bother with the CAN byte at all (31 Oct 2022) * check that the modem isn't trying to deliver a message when we're trying to send binary data to it (16-17 Oct 2022) * prevent inherited values from creeping into subsequent xferfaxlog data (26 Aug 2022) * add external reference feature in dialrules (18 Aug 2022) ==== libheif ==== Subpackages: gdk-pixbuf-loader-libheif libheif1 - Add missing BuildRequires for SVT-AV1 support for Tumbleweed (only for x86_64) - Disable dynamic plugin interface and build plugins statically instead (boo#1206945) ==== libstorage-ng ==== Version update (4.5.64 -> 4.5.65) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Macedonian) (bsc#1149754) - 4.5.65 ==== logrotate ==== Version update (3.20.1 -> 3.21.0) - Update to 3.21.0: * add ignoreduplicates directive to allow duplicate file matches * add --wait-for-state-lock option to wait for lock on the state file * avoid failure when an anonymous non-privileged user runs logrotate * support home dir expansion in olddir * reduce unnecessary rename operations with start N where N > 1 * unify handling of log levels * do not print error: when exit code is unaffected - Replace the vendor config logic: * Remove logrotate-vendor-dir.patch and the code from logrotate.service (also addresses boo#1202406) * Add a wrapper script which collects all config files in the right order - Create logrotate.keyring with kdudka's public key - Drop logrotate-rpmlintrc: rpmlint doesn't look at /usr/etc/logrotate.d/, so the false positive doesn't trigger. ==== lsof ==== Version update (4.96.5 -> 4.97.0) - update to 4.97.0: * Remove support because the os is no longer updated for more than 10 years * Remove support because the os is no longer updated for more than 20 years * Add experimental build system based on Autotools * Fixed LTsock testing on darwin * Remove NEW and OLD folders * Fix FreeBSD testcases * Rewrite documentation and publish at https://lsof.readthedocs.io/ ==== multipath-tools ==== Version update (0.9.2+59+suse.ac8942d -> 0.9.4+68+suse.98559ea) Subpackages: kpartx libmpath0 - Update to version 0.9.4+68+suse.98559ea: * libmultipath: bump ABI version to 18.0.0 * libmultipath: pathinfo: don't fail for devices lacking INQUIRY properties (gh#opensvc/multipath-tools#56) * libmpathpersist: use conf->timeout for updating persistent reservations (gh#opensvc/multipath-tools#45) * libmultipath: is_path_valid(): check if device is in use (bsc#1203141) (added libmount dependency) * libmultipath: orphan paths if coalesce_paths frees newmp (bsc#1207546) * multipathd: handle no active paths in update_map_pr (bsc#1207546) * multipathd: make pr registration consistent (bsc#1207546) * libmultipath: don't leak memory on invalid strings (bsc#1207546) * multipath.conf(5): improve documentation of dev_loss_tmo (bsc#1207546) * libmpathpersist: fix command keyword ordering (bsc#1207546) * libmultipath: fix 'show paths format' failure * minor bugfixes * hwtable fixes * Build system rework * spec file: adapt make command line to changes in build system * spec file: use make -Orecurse (better readable output) * spec file: use verbose build ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Remove NIS utilities, they are deprecated and will be removed ==== scout ==== Version update (0.2.6+20211130.022a45c -> 0.2.7+20230124.b4e3468) Subpackages: scout-command-not-found - Update to version 0.2.7+20230124.b4e3468: * Bump version to v0.2.7 * allow multiple baseurls in repo file * remove deprecated class * Translated using Weblate (Macedonian, German, Ukrainian) ==== wicked ==== Version update (0.6.71 -> 0.6.72) Subpackages: wicked-service - version 0.6.72 - nbft: introduced new wicked-nbft sub-package to setup network interfaces using NBFT firmware configuration according to the NVM Express Boot Specification 1.0 (jsc#PED-3132) - client: add `wicked firmware extensions|interfaces|enable|disable` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling (jsc#PED-3132) - client: improve error handling in netif firmware discovery extension execution - appconfig: improved to handle extension definition overrides in the wicked-config - nanny: fix use-after-free in debug mode (bsc#1206447) - spec: replace transitional `%usrmerged` macro with regular version check (boo#1206798) - client: improve to show `no-carrier` in ifstatus output - linux: cleanup inclusions and update uapi header to 6.0 - ethtool: link mode nwords cleanup and new advertise link mode map names ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk - rename u_xorg-server-oob-read-enqueue-event.patch to U_xorg-server-oob-read-enqueue-event.patch since it's already upstream - Add u_xorg-server-oob-read-enqueue-event.patch: fix an out-of-bounds read in EnqueueEvent. ==== yast2-installation ==== Version update (4.5.13 -> 4.5.15) - Connect only NBFT when linuxrc sets UseNBFT (jsc#PED-967) - 4.5.15 - Discover and connect to all NVMe-over-Fabrics subsystems in case that linuxrc sets UseNBFT (jsc#PED-967). - 4.5.14 ==== yast2-network ==== Version update (4.5.14 -> 4.5.15) - During installation, do not configure DHCP if there is some active interface configured by firmware (jsc#PED-967). - 4.5.15 ==== yast2-ntp-client ==== Version update (4.5.2 -> 4.5.3) - bsc#1188980 - ntp dialog allows to manually set ntp source - ntp source can be selected as pool or server - ntp sources are written into /etc/chrony.d/pools.conf - 4.5.3