- openSUSE ARM

New Arm Tumbleweed snapshot 20240223 released!
by Guillaume Gardet 25 Feb '24

25 Feb '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (23.3.5 -> 23.3.6) Mesa-drivers (23.3.5 -> 23.3.6) MozillaFirefox (122.0 -> 122.0.1) aaa_base (84.87+git20231023.f347d36 -> 84.87+git20240202.9526d46) aalib accountsservice acl (2.3.1 -> 2.3.2) acpid alsa-utils amarok apache-commons-logging apache2-mod_dnssd apache2-mod_php8 (8.2.15 -> 8.2.16) apparmor appstream-glib argon2 argyllcms arj attr (2.5.1 -> 2.5.2) autofs (5.1.8 -> 5.1.9) autotrace autoyast2 (5.0.1 -> 5.0.2) awesfx babl (0.1.106 -> 0.1.108) bc bind (9.18.21 -> 9.18.24) binutils (2.41 -> 2.42) bolt (0.9.6 -> 0.9.7) boost-base boost-extra branding-openSUSE btrfsprogs (6.7 -> 6.7.1) busybox-links curl dav1d (1.3.0 -> 1.4.0) dcraw djvulibre dnsmasq (2.89 -> 2.90) dracut (059+suse.549.gc9f63878 -> 059+suse.554.g6144bf71) e2fsprogs ebook-tools ed (1.20 -> 1.20.1) eekboard efont-unicode-bitmap-fonts ell (0.61 -> 0.62) emacs-flim epson-inkjet-printer-escpr espeak expat (2.5.0 -> 2.6.0) fde-tools gcc gcc14 (13.2.1+git8285 -> 14.0.1+git8957) gd gdm gegl (0.4.46 -> 0.4.48) git (2.43.0 -> 2.43.2) gnome-control-center (45.2 -> 45.3) gnome-maps gnome-music (45.0 -> 45.1) gnome-shell gpgme gpgmeqt graphviz grub2 hdparm hfsutils highway (1.0.7 -> 1.1.0) hp2xx hplip hwdata (0.378 -> 0.379) ibus intlfonts iso_ent jasper (4.2.0 -> 4.2.1) jfsutils kColorPicker-Qt5 kernel-firmware (20240201 -> 20240220) kernel-source (6.7.4 -> 6.7.5) keyutils kmozillahelper kvm_stat (6.7.4 -> 6.7.5) lastlog2 (1.2.0 -> 1.3.1) libHX (4.21 -> 4.23) libadwaita (1.4.2 -> 1.4.3) libapparmor libblockdev (3.0.4 -> 3.1.0) libdbusmenu-qt5 libdecor libdeflate libei libguestfs libgusb libjpeg-turbo libjxl-gtk (0.9.2 -> 0.10.0) liblangtag (0.6.4 -> 0.6.7) libnvme (1.7.1+0.g13ba383 -> 1.8+0.gbff7dda) libpaper (2.1.2 -> 2.1.3) libphonenumber (8.13.23 -> 8.13.30) libpng16 (1.6.40 -> 1.6.42) libqt5-qtbase (5.15.12+kde147 -> 5.15.12+kde151) libqt5-qtwebengine libshumate libstorage-ng (4.5.176 -> 4.5.191) libunwind (1.7.2 -> 1.8.0) make man mariadb (11.2.2 -> 11.2.3) mdevctl mozilla-nss (3.96.1 -> 3.97) mpg123 (1.32.4 -> 1.32.5) mtools multipath-tools (0.9.7+93+suse.e2f2272 -> 0.9.8~1+82+suse.dcd98a3) musepack ncurses (6.4.20240120 -> 6.4.20240210) neon nodejs21 (21.5.0 -> 21.6.2) nvidia-open-driver-G06-signed (545.29.06_k6.7.4_1 -> 545.29.06_k6.7.5_1) nvme-cli (2.7.1 -> 2.8) obex-data-server openssl-1_1 openvpn (2.6.8 -> 2.6.9) orc (0.4.34 -> 0.4.37) osinfo-db pam-config (2.10 -> 2.11) parted patterns-server pcr-oracle pcre2 (10.42 -> 10.43) perl-Bootloader (1.11 -> 1.12) php8 (8.2.15 -> 8.2.16) pipewire pkcs11-helper (1.29.0 -> 1.30.0) pkgconf (1.8.0 -> 2.1.1) poppler (23.12.0 -> 24.02.0) poppler-qt5 (23.12.0 -> 24.02.0) potrace prctl publicsuffix (20240123 -> 20240212) pulseaudio python-cryptography (41.0.7 -> 42.0.4) python-linux-procfs python-lxml python311 python311-core qalculate (4.8.1 -> 4.9.0) qemu (8.2.0 -> 8.2.1) rdma-core rpm rpm-config-SUSE (20240118 -> 20240214) rubygem-vagrant_cloud (3.0.5 -> 3.1.1) rzip samba (4.19.4+git.339.acf1ccaa020 -> 4.19.5+git.342.57620c4f7e) sane-backends sdbootutil (1+git20240122.c0d8f76 -> 1+git20240215.cb7e392) sg3_utils (1.48+7.63e63cb -> 1.48+8.37ca384) shadow (4.14.3 -> 4.14.5) shared-mime-info shim signon-plugin-oauth2 spacenavd spice-gtk suseconnect-ng (1.3.0~git0.ae8ba1e -> 1.7.0~git2.21ba08e) systemd (254.8 -> 254.9) tecla-keyboard-layout-viewer (45.rc -> 45.0) thin-provisioning-tools (1.0.10 -> 1.0.11) tigervnc tmux (3.3a -> 3.4) transmission u-boot-rpiarm64 unison (2.53.3 -> 2.53.4) unixODBC unzip utempter util-linux util-linux-systemd vacation vde2 vid_stab vim (9.1.0000 -> 9.1.0111) virt-manager virtiofsd vmaf vorbis-tools vpnc vsftpd webkit2gtk3 webkit2gtk3-soup2 webrtc-audio-processing wget wmctrl wpa_supplicant wsdd xdg-menu xfce4-notifyd (0.9.3 -> 0.9.4) xfce4-terminal (1.1.1 -> 1.1.2) xfsprogs (6.5.0 -> 6.6.0) xml-commons-apis xorg-x11-server xtermset xwayland yast2 (5.0.5 -> 5.0.6) yast2-packager (5.0.2 -> 5.0.4) yast2-perl-bindings (5.0.0 -> 5.0.1) yast2-storage-ng (5.0.4 -> 5.0.6) yast2-trans (84.87.20240210.1383f689ba -> 84.87.20240219.f6e4117fe0) zchunk zip zlib zvbi === Details === ==== Mesa ==== Version update (23.3.5 -> 23.3.6) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1 - Update to bugfix release 23.3.6 - -> https://docs.mesa3d.org/relnotes/23.3.6.html ==== Mesa-drivers ==== Version update (23.3.5 -> 23.3.6) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.3.6 - -> https://docs.mesa3d.org/relnotes/23.3.6.html ==== MozillaFirefox ==== Version update (122.0 -> 122.0.1) - Mozilla Firefox 122.0.1 https://www.mozilla.org/en-US/firefox/122.0.1/releasenotes/ * Fixed the Library and Sidebar context menus only displaying Multi-Account Containers icons in the "Open in New Container Tab" menu. (bmo#1876518) * Fixed an issue when clicking the Dismiss button in notification pop-ups on Windows causing a webpage in a new tab. (bmo#1848801) * Fixed the yaru-remix system theme not applying correctly on Linux. (bmo#1877002) * Fixed adding an extra new line to a rule in the Developer Tools' Inspector when copying it to the clipboard. (bmo#1876220) * Rolled back a keyboard behavior change made to the Developer Tools' Rules view when validating a property name or input with the Enter key. This moves the focus to the next input, as was the behavior in Firefox 121. (bmo#1877457) ==== aaa_base ==== Version update (84.87+git20231023.f347d36 -> 84.87+git20240202.9526d46) Subpackages: aaa_base-extras - Update to version 84.87+git20240202.9526d46: * properly shorten the variable when setting JAVA_HOME and JRE_HOME * silence output of alljava * Restrict ptrace with Yama LSM by default * patch alljava.sh and alljava.csh, use the links from update alternatives ==== aalib ==== - Use %patch -P N instead of deprecated %patchN. ==== accountsservice ==== Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0 - First part to fix build with GCC 14: + Inject patched mocklibc-1.0.tar.gz: only some header modifications to address implicit declaration of print_indent. + Add accountsservice-mocklib-gcc14.patch: patch meson' subproject definition to validate the injected tarball. ==== acl ==== Version update (2.3.1 -> 2.3.2) Subpackages: libacl1 - Update to version 2.3.2: + libobj: declare s_str directly in string_obj_tag. + Use thread-safe getpwnam_r and getgrnam_r. + setfacl: preserve the failed status when processing multiple files. + man: Document pitfall with negative permissions and user namespaces. + tools: mark long_options static & const. ==== acpid ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== alsa-utils ==== - Use %patch -P N instead of deprecated %patchN. ==== amarok ==== - Remove the taglib-extras dependency, it fails to build with taglib 2 and will be dropped. - Add patch to support taglib 2: * 0001-Use-non-deprecated-TagLib-functions-fix-build-with-T.patch ==== apache-commons-logging ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== apache2-mod_dnssd ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== apache2-mod_php8 ==== Version update (8.2.15 -> 8.2.16) - version update to 8.2.16 * This is a bug fix release. - modified patches % php-build-reproducible-phar.patch (refreshed) ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - Use %patch -P N instead of deprecated %patchN. - Add apparmor-abstractions-openssl-allow-version-specific-en.patch to allow version specific engdef & engines openssl paths (boo#1219571) ==== appstream-glib ==== Subpackages: libappstream-glib8 - Add asglib(swcatalog) provides: allow other packages to declare that they need swcatalog support. - Add patch for interoperability with newer AppStream spec (boo#1218427): * 0001-Move-from-app-info-to-swcatalog-locations.patch ==== argon2 ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== argyllcms ==== - Use %patch -P N instead of deprecated %patchN. ==== arj ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== attr ==== Version update (2.5.1 -> 2.5.2) Subpackages: libattr1 - update to 2.5.2: * attr: eliminate a dead store in attr_copy_action() * libattr: Set symbol versions for legacy syscalls via attribute or asm * exports: use LGPL for library code * documentation updates * translation updates (Polish, Dutch, Gregorian, French) * build system updates ==== autofs ==== Version update (5.1.8 -> 5.1.9) - Use %patch -P N instead of deprecated %patchN. - update to 5.1.9 (bsc#1219508) * fix kernel mount status notification. * fix fedfs build flags. * fix set open file limit. * improve descriptor open error reporting. * fix root offset error handling. * fix fix root offset error handling. * fix nonstrict fail handling of last offset mount. * dont fail on duplicate offset entry tree add. * fix loop under run in cache_get_offset_parent(). * bailout on rpc systemerror. * fix nfsv4 only mounts should not use rpcbind. * simplify cache_add() a little. * fix use after free in tree_mapent_delete_offset_tree(). * fix memory leak in xdr_exports(). * avoid calling pthread_getspecific() with NULL key_thread_attempt_id. * fix sysconf(3) return handling. * remove nonstrict parameter from tree_mapent_umount_offsets(). * fix handling of incorrect return from umount_ent(). * dont use initgroups() at spawn. * fix bashism in configure. * musl: fix missing include in hash.h. * musl: define fallback dummy NSS config path * musl: avoid internal stat.h definitions. * musl: add missing include to hash.h for _WORDSIZE. * musl: add missing include to log.h for pid_t. * musl: define _SWORD_TYPE. * add autofs_strerror_r() helper for musl. * update configure. * handle innetgr() not present in musl. * fix missing unlock in sasl_do_kinit_ext_cc(). * fix a couple of null cache locking problems. * restore gcc flags after autoconf Kerberos 5 check. * prepare for OpenLDAP SASL binding. * let OpenLDAP handle SASL binding. * configure: LDAP function checks ignore implicit declarations. * improve debug logging of LDAP binds. * improve debug logging of SASL binds. * internal SASL logging only in debug log mode. * more comprehensive verbose logging for LDAP maps. * fix invalid tsv access. * support SCRAM for SASL binding. * ldap_sasl_interactive_bind() needs credentials for auto-detection. * fix autofs regression due to positive_timeout. * fix parse module instance mutex naming. * serialise lookup module open and reinit. * coverity fix for invalid access. * fix hosts map deadlock on restart. * fix deadlock with hosts map reload. * fix memory leak in update_hosts_mounts(). * fix minus only option handling in concat_options(). * fix incorrect path for is_mounted() in try_remount(). * fix additional tsv invalid access. * fix use_ignore_mount_option description. * include addtional log info for mounts. * fail on empty replicated host name. * improve handling of ENOENT in sss setautomntent(). * don't immediately call function when waiting. * define LDAP_DEPRECATED during LDAP configure check. * fix return status of mount_autofs(). * don't close lookup at umount. * fix deadlock in lookups. * dont delay expire. * make amd mapent search function name clear. * rename statemachine() to signal_handler(). * make signal handling consistent. * eliminate last remaining state_pipe usage. * add function master_find_mapent_by_devid(). * use device id to locate autofs_point when setting log priotity. * add command pipe handling functions. * switch to application wide command pipe. * get rid of unused field submnt_count. * fix mount tree startup reconnect. * fix unterminated read in handle_cmd_pipe_fifo_message(). * fix memory leak in sasl_do_kinit() * fix fix mount tree startup reconnect. * fix amd selector function matching. * get rid entry thid field. * continue expire immediately after submount check. * eliminate realpath from mount of submount. * eliminate root param from autofs mount and umount. * remove redundant fstat from do_mount_direct(). * get rid of strlen call in handle_packet_missing_direct(). * remove redundant stat call in lookup_ghost(). * set mapent dev and ino before adding to index. * change to use printf functions in amd parser. * dont call umount_subtree_mounts() on parent at umount. * dont take parent source lock at mount shutdown. * fix possible use after free in handle_mounts_exit(). * make submount cleanup the same as top level mounts. * add soucre parameter to module functions. * add ioctlfd open helper. * make open files limit configurable. * use correct reference for IN6 macro call. * dont probe interface that cant send packet. * fix some sss error return cases. * fix incorrect matching of cached wildcard key. * fix expire retry looping. ... changelog too long, skipping 18 lines ... ("autofs-5.1.8 - add soucre parameter to module functions") ==== autotrace ==== Subpackages: libautotrace3 - Use %patch -P N instead of deprecated %patchN. ==== autoyast2 ==== Version update (5.0.1 -> 5.0.2) Subpackages: autoyast2-installation - Install standard SLES when the AY XML profile selects SLE_HPC, it has been dropped in SP6 (jsc#PED-7841) - 5.0.2 - jsc#PED-6407 - enabled lvm_vg_reuse to be used in general/storage/proposal section ==== awesfx ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== babl ==== Version update (0.1.106 -> 0.1.108) - disable gi-docgen docs for now - Update to 0.1.108: - "double" and "half" support in cli-tool, build fixes. ==== bc ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== bind ==== Version update (9.18.21 -> 9.18.24) Subpackages: bind-doc bind-utils - Update to release 9.18.24 Security Fixes: * Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50387) [bsc#1219823] * Preparing an NSEC3 closest encloser proof could cause excessiv CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50868) [bsc#1219826] * Parsing DNS messages with many different names could cause excessive CPU load. This has been fixed. (CVE-2023-4408) [bsc#1219851] * Specific queries could cause named to crash with an assertion failure when nxdomain-redirect was enabled. This has been fixed. (CVE-2023-5517) [bsc#1219852] * A bad interaction between DNS64 and serve-stale could cause named to crash with an assertion failure, when both of these features were enabled. This has been fixed. (CVE-2023-5679) [bsc#1219853] * Query patterns that continuously triggered cache database maintenance could cause an excessive amount of memory to be allocated, exceeding max-cache-size and potentially leading to all available memory on the host running named being exhausted This has been fixed. (CVE-2023-6516) [bsc#1219854] * Under certain circumstances, the DNS-over-TLS client code incorrectly attempted to process more than one DNS message at a time, which could cause named to crash with an assertion failure. This has been fixed. Bug Fixes: * The counters exported via the statistics channel were changed back to 64-bit signed values; they were being inadvertently truncated to unsigned 32-bit values since BIND 9.15.0. ==== binutils ==== Version update (2.41 -> 2.42) Subpackages: libctf-nobfd0 libctf0 - riscv-no-relax.patch: RISC-V: Don't generate branch/jump relocation if symbol is local when no-relax - Add binutils-disable-code-arch-error.diff to demote an error about swapped .arch/.code directives to a warning. It happens in the wild. - Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus - -error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in "objdump -M insndesc" to display an instruction description as comment along with the disassembly. - Add binutils-2.42-branch.diff.gz. - Rebased s390-biarch.diff. - Adjusted binutils-revert-hlasm-insns.diff, binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff for upstream changes. - Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2, binutils-2.41-branch.diff.gz. - Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff and riscv-relro.patch (all upstreamed). - Removed add-ulp-section.diff, we use a different mechanism for live patching since a long time. ==== bolt ==== Version update (0.9.6 -> 0.9.7) - update to 0.9.7: * Add a 'nopcie' security level since some devices report nopcie when Thunderbolt is disabled through BIOS setting. * Markdown lint styling is used for documents. ==== boost-base ==== Subpackages: boost-license1_84_0 libboost_filesystem1_84_0 libboost_iostreams1_84_0 libboost_locale1_84_0 libboost_thread1_84_0 - avoid obsolete rpm syntax ==== boost-extra ==== - avoid obsolete rpm syntax ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE libreoffice-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE - Remove update-alternatives usage, we don't have dynamic wallpapers anymore which were using that (bsc#1219919). ==== btrfsprogs ==== Version update (6.7 -> 6.7.1) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - update to 6.7.1 * convert: raid-stripe-tree can be now enabled for the target filesystem * mkfs: * handle lifetime of open file descriptors so it does not trigger udev that could miss to create the UUID symlinks in /dev * update warning when CPU page size does not match sector size * merge features in summary, no more distinction of incompat and runtime to match the semantics of option -O * fi show: fix recognizing raw device mapper paths * other: * documentation updates, fix links to labels in included directories ==== busybox-links ==== Subpackages: busybox-bzip2 busybox-coreutils busybox-diffutils busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-misc busybox-psmisc busybox-sed busybox-sendmail busybox-tar busybox-which busybox-xz - busybox-udhcpc conflicts with udhcp. ==== curl ==== Subpackages: libcurl4 - Add patch to fix various TLS related issues including FTP over SSL transmission timeouts: * 0001-vtls-revert-receive-max-buffer-add-test-case.patch - Switch to %autosetup ==== dav1d ==== Version update (1.3.0 -> 1.4.0) - Update to version 1.4.0 * AVX-512 optimizations for z1, z2, z3 in 8bit and high-bitdepth * New architecture supported: loongarch * Loongarch optimizations for 8bit * New architecture supported: RISC-V * RISC-V optimizations for itx * Misc improvements in threading and in reducing binary size * Fix potential integer overflow with extremely large frame sizes (bsc#1220105, CVE-2024-1580) ==== dcraw ==== Subpackages: dcraw-lang - Use %patch -P N instead of deprecated %patchN. ==== djvulibre ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== dnsmasq ==== Version update (2.89 -> 2.90) - update to 2.90: * CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826: Denial Of Service while trying to validate specially crafted DNSSEC responses * Fix reversion in --rev-server introduced in 2.88 which caused breakage if the prefix length is not exactly divisible by 8 (IPv4) or 4 (IPv6). * Fix possible SEGV when there server(s) for a particular domain are configured, but no server which is not qualified for a particular domain. * Set the default maximum DNS UDP packet sice to 1232. Obsoletes: dnsmasq-CVE-2023-28450.patch * Add --no-dhcpv4-interface and --no-dhcpv6-interface for better control over which inetrfaces are providing DHCP service. * Fix issue with stale caching * Add configurable caching for arbitrary RR-types. * Add --filter-rr option, to filter arbitrary RR-types. ==== dracut ==== Version update (059+suse.549.gc9f63878 -> 059+suse.554.g6144bf71) - Update to version 059+suse.554.g6144bf71: * fix(dracut.spec): update dracut-fips requirements (bsc#1219869) - Update to version 059+suse.552.g4610ef1b: * fix(dracut-util): do not call `strcmp` if the `value` argument is NULL (bsc#1219841) ==== e2fsprogs ==== Subpackages: e2fsprogs-scrub libcom_err2 libext2fs2 - Use %patch -P N instead of deprecated %patchN. ==== ebook-tools ==== - Use %patch -P N instead of deprecated %patchN. ==== ed ==== Version update (1.20 -> 1.20.1) - GNU ed 1.20.1: * New command-line options '+line', '+/RE', and '+?RE' have been implemented to set the current line to the line number specified or to the first or last line matching the regular expression 'RE'. * File names containing control characters 1 to 31 are now rejected unless they are allowed with the command-line option '--unsafe-names'. * File names containing control characters 1 to 31 are now printed using octal escape sequences. * Ed now rejects file names ending with a slash. * Intervening commands that don't set the modified flag no longer make a second 'e' or 'q' command fail with a 'buffer modified' warning. * Tilde expansion is now performed on file names supplied to commands; if a file name starts with '~/', the tilde (~) is expanded to the contents of the variable HOME. * Ed now warns the first time that a command modifies a buffer loaded from a read-only file. * It has been documented that 'e' creates an empty buffer if file does not exist. * It has been documented that 'f' sets the default filename, whether or not its argument names an existing file. * The description of the exit status has been improved in '--help' and in the manual. ==== eekboard ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== efont-unicode-bitmap-fonts ==== - Use %patch -P N instead of deprecated %patchN. ==== ell ==== Version update (0.61 -> 0.62) - Update to version 0.62 * Add support for cleanup functions and macros. * Add support for setting DHCP max attempts. ==== emacs-flim ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== epson-inkjet-printer-escpr ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== espeak ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== expat ==== Version update (2.5.0 -> 2.6.0) Subpackages: libexpat1 - Fix handling of xmlwf.1 to avoid workarounds in specfile: * Added libxml2-fix-xmlwf.1-handling.patch - Call buildconf.sh to avoid (future) issues with expat_config.h.in - Update keyring automatically from keyserver during OBS service run. - Explicitly use --without-docbook (before it was implicit). - Include missing files for documentation and examples. - Add manpage for xmlwf, which is now available in the released tarball. - Clean the spec file a bit. - Update to 2.6.0: * Security fixes: - CVE-2023-52425 (boo#1219559) - - Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (boo#1219561) - - Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent "invalid token" error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example "element_declarations.c" - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section "Cflags.private" in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of "NULL" and "null" - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do ==== fde-tools ==== Subpackages: fde-tools-bash-completion fde-tpm-helper - Add fde-tools-bsc1213945-set-rsa-key-size.patch to set the highest supported RSA key size (bsc#1213945) ==== gcc ==== - Add gcc-build flavor for building ALP packages, but disabled for openSUSE. - Support building suffixed packages, but only allow installing one variant at the same time. - Remove obsolete obsoletes. ==== gcc14 ==== Version update (13.2.1+git8285 -> 14.0.1+git8957) Subpackages: libasan8 libatomic1 libgcc_s1 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-locale libstdc++6-pp libtsan2 libubsan1 - Update to trunk head, 4a1cd5560b9b545eb848eb1d1e06d345fb, git8957 * bumps libgphobos and libgdrundime SONAME - Use %patch -P N instead of %patchN - Refresh gcc44-rename-info-files.patch ==== gd ==== Subpackages: libgd3 - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== gdm ==== Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Drop gdm-disable-wayland-on-mgag200-chipsets.patch: fixed upstream since version 43.0. ==== gegl ==== Version update (0.4.46 -> 0.4.48) Subpackages: gegl-0_4 libgegl-0_4-0 - Update to version 0.4.48: + Core: - GeglColor extended with GBytes API, and space aware accesors for RGB and CMYK. Better runtime handling of mismatched GEGL ops in graphs. + Build: - Use gi-docgen - Updated vendored libraries - ctx has been updated from upstream. + Operations: - dropshadow: Fix shrinking with negative-grow radius. - mantiuk: opt out of OpenMP when building with clang. - voroni: fix crash. - shuffle-search: in progress (in workshop, not built by default) brute-force dither optimizer. - prepare gi-docgen documentation. disabled for now. - Replace BuildRequires libSDL2-devel with pkgconfig(sdl2) which fixes building in SLE where both libSDL2-devel and a newer SDL2-devel packages are available. ==== git ==== Version update (2.43.0 -> 2.43.2) Subpackages: git-core git-email git-web perl-Git - Do not replace apparmor configuration, fixes bsc#1216545 - update to 2.43.2: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.4… * Update to a new feature recently added, "git show-ref --exists". * Rename detection logic ignored the final line of a file if it is an incomplete line. * "git diff --no-rename A B" did not disable rename detection but did not trigger an error from the command line parser. * "git diff --no-index file1 file2" segfaulted while invoking the external diff driver, which has been corrected. * A failed "git tag -s" did not necessarily result in an error depending on the crypto backend, which has been corrected. * "git stash" sometimes was silent even when it failed due to unwritable index file, which has been corrected. * Recent conversion to allow more than 0/1 in GIT_FLUSH broke the mechanism by flipping what yes/no means by mistake, which has been corrected. - update to 2.43.1: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.4… ==== gnome-control-center ==== Version update (45.2 -> 45.3) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces - Update to version 45.3: + Datetime: Fix build with -Wincompatible-pointer-types. + Region: Prevent preview crash from accessing invalid pointer. + Wifi: Fix build with -Wincompatible-pointer-types. - Drop gnome-control-center-fix-region-preview-crash.patch: fixed upstream. ==== gnome-maps ==== - Update license based on legaldb review ==== gnome-music ==== Version update (45.0 -> 45.1) - Update to version 45.1: + Tracker queries improvements. ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar - Add gjs Requires, because ScreenSaver DBus daemon is a gjs script. (bsc#1219359) ==== gpgme ==== Subpackages: libgpgme11 libgpgmepp6 - Update gpgme-D545-obsolete-distutils.patch with upstream's changes (but use pip instead of python-build for wheel building) - Change from in-place build to out-of-place build in order to reflect upstream's build setup (See D545) - Don't replace distutils in 15.X ==== gpgmeqt ==== - Update gpgme-D545-obsolete-distutils.patch with upstream's changes (but use pip instead of python-build for wheel building) - Change from in-place build to out-of-place build in order to reflect upstream's build setup (See D545) - Don't replace distutils in 15.X ==== graphviz ==== Subpackages: libcdt5 libcgraph6 libgvc6 libpathplan4 - Use %patch -P N instead of deprecated %patchN. - Update graphviz-rpmlintrc ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg (bsc#1219248) (bsc#1181762) * grub2-xen-pv-firmware.cfg * 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) * add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch * add 0002-ofdisk-add-early_log-support.patch - Sort tar file order for reproducible builds ==== hdparm ==== - Use %patch -P N instead of deprecated %patchN. ==== hfsutils ==== - Use %patch -P N instead of deprecated %patchN. ==== highway ==== Version update (1.0.7 -> 1.1.0) - Update to release 1.1.0 * Add BitCastScalar, DispatchedTarget, Foreach * Add Div/Mod and MaskedDiv/ModOr, SaturatedAbs, SaturatedNeg * Add InterleaveWholeLower/Upper, Dup128VecFromValues * Add IsInteger, IsIntegerLaneType, RemoveVolatile, RemoveCvRef * Add MaskedAdd/Sub/Mul/Div/Gather/Min/Max/SatAdd/SatSubOr * Add MaskFalse, IfNegativeThenNegOrUndefIfZero, PromoteEven/OddTo * Add ReduceMin/Max, 8-bit reductions, f16 <-> f64 conversions * Add Span, AlignedArray, matrix-vector mul * Add SumsOf2/4, I8 SumsOf8, SumsOfAdjQuadAbsDiff, SumsOfShuffledQuadAbsDiff * Extend Dot to f32*bf16, FMA to integer * Fix: RVV 8-bit overflow, UB in vqsort, big-endian bugs, PPC HTM * New targets: HWY_Z14, HWY_Z15 ==== hp2xx ==== - Use %patch -P N instead of deprecated %patchN. ==== hplip ==== Subpackages: hplip-hpijs hplip-sane hplip-udev-rules - Use %patch -P N instead of deprecated %patchN. ==== hwdata ==== Version update (0.378 -> 0.379) - update to 0.379: * Update pci, usb and vendor ids ==== ibus ==== Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Use %patch -P N instead of deprecated %patchN. ==== intlfonts ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== iso_ent ==== - Use %patch -P N instead of deprecated %patchN. ==== jasper ==== Version update (4.2.0 -> 4.2.1) - Update to 4.2.1: * Fix a build problem for the DJGPP/MS-DOS environment (#372). ==== jfsutils ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== kColorPicker-Qt5 ==== - Fix build on Leap. The Qt6 packaging macros set the minimum compiler version - Change %post/%postun to %ldconfig_scriptlets ==== kernel-firmware ==== Version update (20240201 -> 20240220) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240220 (git commit 73b4429fae36): * linux-firmware: update firmware for en8811h 2.5G ethernet phy * linux-firmware: add firmware for MT7996 * xe: First GuC release for LNL and Xe * i915: Add GuC v70.20.0 for ADL-P, DG1, DG2, MTL and TGL * linux-firmware: Add CS35L41 firmware for Lenovo Legion 7i gen7 laptop (16IAX7) * brcm: Add nvram for the Asus Memo Pad 7 ME176C tablet * ice: update ice DDP package to 1.3.36.0 * Intel IPU3 ImgU: Move firmware file under intel/ipu * Intel IPU6: Move firmware binaries under ipu/ * check_whence: Add a check for duplicate link entries * WHENCE: Clean up section separators * linux-firmware: Add CS35L41 firmware for additional ASUS Zenbook 2023 models * panthor: Add initial firmware for Gen10 Arm Mali GPUs * amdgpu: DMCUB Updates for DCN321: 7.0.38.0 * amdgpu: DMCUB updates for Yellow Carp: 4.0.68.0 * qcom: update venus firmware file for v5.4 * Montage: add firmware for Mont-TSSE * amdgpu: update DMCUB to v0.0.203.0 for DCN314 and DCN32 * linux-firmware: Remove 2 HP laptops using CS35L41 Audio Firmware * linux-firmware: Fix filenames for some CS35L41 firmwares for HP - Use patch macro -P option for RPM 4.20 ==== kernel-source ==== Version update (6.7.4 -> 6.7.5) - Linux 6.7.5 (bsc#1012628). - ext4: regenerate buddy after block freeing failed if under fc replay (bsc#1012628). - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (bsc#1012628). - dmaengine: ti: k3-udma: Report short packet errors (bsc#1012628). - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (bsc#1012628). - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (bsc#1012628). - phy: qcom-qmp-usb: fix register offsets for ipq8074/ipq6018 (bsc#1012628). - phy: qcom-qmp-usb: fix serdes init sequence for IPQ6018 (bsc#1012628). - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (bsc#1012628). - perf tests: Add perf script test (bsc#1012628). - perf test: Fix 'perf script' tests on s390 (bsc#1012628). - perf evlist: Fix evlist__new_default() for > 1 core PMU (bsc#1012628). - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (bsc#1012628). - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (bsc#1012628). - cifs: avoid redundant calls to disable multichannel (bsc#1012628). - cifs: failure to add channel on iface should bump up weight (bsc#1012628). - drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case (bsc#1012628). - drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case (bsc#1012628). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (bsc#1012628). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1012628). - x86/efistub: Give up if memory attribute protocol returns an error (bsc#1012628). - x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR (bsc#1012628). - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (bsc#1012628). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1012628). - wifi: mac80211: fix RCU use in TDLS fast-xmit (bsc#1012628). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1012628). - wifi: mac80211: fix waiting for beacons logic (bsc#1012628). - wifi: iwlwifi: exit eSR only after the FW does (bsc#1012628). - wifi: brcmfmac: Adjust n_channels usage for __counted_by (bsc#1012628). - netdevsim: avoid potential loop in nsim_dev_trap_report_work() (bsc#1012628). - net: atlantic: Fix DMA mapping for PTP hwts ring (bsc#1012628). - selftests: net: cut more slack for gro fwd tests (bsc#1012628). - selftests/net: convert unicast_extensions.sh to run it in unique namespace (bsc#1012628). - selftests/net: convert pmtu.sh to run it in unique namespace (bsc#1012628). - selftests/net: change shebang to bash to support "source" (bsc#1012628). - selftests: net: fix tcp listener handling in pmtu.sh (bsc#1012628). - selftests: net: avoid just another constant wait (bsc#1012628). - tsnep: Fix mapping for zero copy XDP_TX action (bsc#1012628). - tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1012628). - atm: idt77252: fix a memleak in open_card_ubr0 (bsc#1012628). - octeontx2-pf: Fix a memleak otx2_sq_init (bsc#1012628). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (bsc#1012628). - hwmon: (coretemp) Fix out-of-bounds memory access (bsc#1012628). - hwmon: (coretemp) Fix bogus core_id to attr name mapping (bsc#1012628). - inet: read sk->sk_family once in inet_recv_error() (bsc#1012628). - drm/i915/gvt: Fix uninitialized variable in handle_mmio() (bsc#1012628). - x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section (bsc#1012628). - rxrpc: Fix generation of serial numbers to skip zero (bsc#1012628). - rxrpc: Fix delayed ACKs to not set the reference serial number (bsc#1012628). - rxrpc: Fix response to PING RESPONSE ACKs to a dead call (bsc#1012628). - rxrpc: Fix counting of new acks and nacks (bsc#1012628). - selftests: net: let big_tcp test cope with slow env (bsc#1012628). - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1012628). - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC (bsc#1012628). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1012628). - ppp_async: limit MRU to 64K (bsc#1012628). - selftests: cmsg_ipv6: repeat the exact packet (bsc#1012628). - netfilter: nft_compat: narrow down revision to unsigned 8-bits (bsc#1012628). ... changelog too long, skipping 163 lines ... - commit 1dccf2a ==== keyutils ==== Subpackages: libkeyutils1 - Use %patch -P N instead of deprecated %patchN. ==== kmozillahelper ==== - Remove rpm_macro(cmake_kf5) BR, not supported on Leap and extra-cmke-modules already takes care of that. ==== kvm_stat ==== Version update (6.7.4 -> 6.7.5) - Use %patch -P N instead of deprecated %patchN. ==== lastlog2 ==== Version update (1.2.0 -> 1.3.1) Subpackages: liblastlog2-1 - Verson 1.3.1 - pam_lastlog2: improve ll2_read_entry error handling [bsc#1220000] - Version 1.3.0 - fix sqlite3_step error handling ==== libHX ==== Version update (4.21 -> 4.23) - Update to release 4.23 * io: use smaller chunks with sendfile(2) to work around unusual API behavior * io: make HX_copy_file() utilize copy_file_range when available ==== libadwaita ==== Version update (1.4.2 -> 1.4.3) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.4.3: + AdwAboutWindow: Don't pre-select the first section on the Legal page. + AdwHeaderBar: Fix visibility after changing :show-back-button. + AdwPreferencesWindow: Fix :visible-page and :visible-page-name docs. + AdwViewSwitcherBar: Fix a warning when empty. + Updated translations. ==== libapparmor ==== - Use %patch -P N instead of deprecated %patchN. - Add apparmor-abstractions-openssl-allow-version-specific-en.patch to allow version specific engdef & engines openssl paths (boo#1219571) ==== libblockdev ==== Version update (3.0.4 -> 3.1.0) Subpackages: libbd_btrfs3 libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_swap3 libbd_utils3 libblockdev3 - Update to 3.1.0: * Add BDPluginSpec constructor and use it in plugin_specs_from_names * overrides: Remove unused 'sys' import * swap: Add support for checking label and UUID format * fs: Add a function to check label format for F2FS * fs: Add a generic function to check for fs info availability * fs: Fix allowed UUID for generic mkfs with VFAT * fs: Add support for getting filesystem min size for NTFS and Ext * Mark NVDIMM plugin as deprecated since 3.1 * part: Fix potential double free when getting parttype * Fix missing progress initialization in bd_crypto_luks_add_key * lvm-dbus: Fix leaking error * lvm-dbus: Avoid using already-freed memory * utils: Add expected printf string annotation * fs: Report reason for open() and ioctl() failures ==== libdbusmenu-qt5 ==== - Switch to %autosetup - Drop obsolete patch: * full_include_dir.patch ==== libdecor ==== Subpackages: libdecor-0-0 - Remove the -devel package from baselibs.conf ==== libdeflate ==== - baselibs for tools and devel reportedly not needed - modified sources % baselibs.conf - introduce baselibs.conf for openexr https://build.opensuse.org/request/show/1144873 - added sources + baselibs.conf ==== libei ==== - Add baselibs.conf: GNOME 46's at-spi2-core newly linkes libei, and the at-spi stack is made available bi-arch. ==== libguestfs ==== Subpackages: libguestfs-appliance libguestfs-xfs libguestfs0 - bsc#1206361 - SLES 15 SP5 Beta2 - virt-customize ssh-inject fails (s390x/kvm/libvirt) (-> Server-Applications module) use-rtc-driftfix-slew-for-x86-only.patch ==== libgusb ==== - Explicitly require python311-packaging if python 3.11 is being used. On SLE, python 3.6 is still the default, but 3.11 is used by meson. Drop python3-base from BuildRequires: it is not needed, since python will be pulled in by meson. ==== libjpeg-turbo ==== - Update to version 3.0.2 * Fixed a signed integer overflow in the tj3CompressFromYUV8(), tj3DecodeYUV8(), tj3DecompressToYUV8(), and tj3EncodeYUV8() functions, detected by the Clang and GCC undefined behavior sanitizers, that could be triggered by setting the align parameter to an unreasonably large value. This issue did not pose a security threat, but removing the warning made it easier to detect actual security issues, should they arise in the future. * Introduced a new parameter (TJPARAM_MAXMEMORY in the TurboJPEG C API and TJ.PARAM_MAXMEMORY in the TurboJPEG Java API) and a corresponding TJBench option (-maxmemory) for specifying the maximum amount of memory (in megabytes) that will be allocated for intermediate buffers, which are used with progressive JPEG compression and decompression, optimized baseline entropy coding, lossless JPEG compression, and lossless transformation. The new parameter and option serve the same purpose as the max_memory_to_use field in the jpeg_memory_mgr struct in the libjpeg API, the JPEGMEM environment variable, and the cjpeg/djpeg/jpegtran -maxmemory option. * Introduced a new parameter (TJPARAM_MAXPIXELS in the TurboJPEG C API and TJ.PARAM_MAXPIXELS in the TurboJPEG Java API) and a corresponding TJBench option (-maxpixels) for specifying the maximum number of pixels that the decompression, lossless transformation, and packed-pixel image loading functions/methods will process. * Fixed an error ("Unsupported color conversion request") that occurred when attempting to decompress a 3-component lossless JPEG image without an Adobe APP14 marker. The decompressor now assumes that a 3-component lossless JPEG image without an Adobe APP14 marker uses the RGB colorspace if its component IDs are 1, 2, and 3. ==== libjxl-gtk ==== Version update (0.9.2 -> 0.10.0) Subpackages: gdk-pixbuf-loader-jxl gimp-plugin-jxl - Update to release 0.10 * decoder: added ``JxlDecoderGetBoxSizeContents`` for getting the size of the content of a box without the headers. * encoder: implemented new API functions for streaming encoding. ==== liblangtag ==== Version update (0.6.4 -> 0.6.7) - version update to 0.6.7 0.6.6 -> 0.6.7 ================= Akira TAGOH (1): Add missing header 0.6.5 -> 0.6.6 ================= Akira TAGOH (2): Do not use variable array of bash-ism. Fix more compile warnings - deleted patches - 0001-ro-MD-ro-to-get-make-check-to-succeed.patch (upstreamed) ==== libnvme ==== Version update (1.7.1+0.g13ba383 -> 1.8+0.gbff7dda) Subpackages: libnvme-mi1 libnvme1 - Update to version 1.8+0.gbff7dda: * linux: Explicitly initialize auto-cleanup variables * example: fix mi identify failed with error cntid * tree: do not issue an error when subsys lookup fails during scanning * types: Add controller properties CMBEBS, CMBSWTP and NSSD * tests: Add sample NBFT table from Dell PowerEdge R660 * tests: Add sample NBFT table from Dell PowerEdge R760 * tests: Fix diffs output for duplicate HFI entries * nbft: avoid duplicate entries in ssns->hfis * nbft: Fix (struct nbft_info_subsystem_ns).num_hfis off-by-one * test: read and dump sysfs tar file * nvme: allow to overwrite hostnqn and hostid * nvme: allow to overwrite base sysfs path * json: dump the output to the user selected filedescriptor * libnvme: export nvme_dump_tree * fabrics: add 'concat' option * mi: set correct rc and errno when crc mismatch * tree: use logical block size for lba * json-schema: add keyring and tls_key details (bsc#1219086) * build: checkout full repo for checkpatch * linux: avoid segfault in check-tls-key due to null hostnqn/subsysnqn (bsc#1219086) * meson.build: fixup 'join' syntax * util: Explicitly initialize auto-cleanup variables * tree: Explicitly initialize auto-cleanup variables * linux: Explicitly initialize auto-cleanup variables * fabrics: Explicitly initialize auto-cleanup variables * util: Added function to find specific UUID in UUID list. * build: fix release python tag match - Disable new unit test which is not running stable in OSB * add 0001-build-disable-sysfs-test.patch ==== libpaper ==== Version update (2.1.2 -> 2.1.3) Subpackages: libpaper-tools libpaper2 - Update 2.1.3: * This release fixes a small problem with the paperspecs(5) man page, and ensures that the name of the âpaperâ program is always set, even in a non-relocatable build. ==== libphonenumber ==== Version update (8.13.23 -> 8.13.30) - Update to version 8.13.30: * Update alternate formatting data, phone metadata, geocoding data, carrier data * Updated / refreshed time zone meta data. * New geocoding data - Add patch submitted to upstream at gh#google/libphonenumber#3394 to fix building with protobuf 3.25.1: * 0001-Add-support-to-protobuf-3.25.1.patch - Add patch submitted in gh#sergiomb2/libphonenumber#1 by Fabian Vogt: * 0002-Avoid-intermediate-proto-object-library.patch ==== libpng16 ==== Version update (1.6.40 -> 1.6.42) - Update to version 1.6.42: * Fixed the implementation of the macro function "png_check_sig". This was an API regression, introduced in libpng-1.6.41. (Reported by Matthieu Darbois) ==== libqt5-qtbase ==== Version update (5.15.12+kde147 -> 5.15.12+kde151) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.12+kde151: * Improve KTX file reading memory safety (CVE-2024-25580, boo#1219996) * Revert "xcb: only set base size when it's valid" * Fix potential leak of QPropertyAnimation in QLineEditIconButton * QBitArray: correct inline keyword ==== libqt5-qtwebengine ==== - Switch to '%patch -P' - Build with python 3.11 on Leap ==== libshumate ==== Subpackages: libshumate-1_0-1 typelib-1_0-Shumate-1_0 - Update licenses based on legaldb review ==== libstorage-ng ==== Version update (4.5.176 -> 4.5.191) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Finnish) (bsc#1149754) - 4.5.191 - Translated using Weblate (Indonesian) (bsc#1149754) - 4.5.190 - merge gh#openSUSE/libstorage-ng#986 - log textdomain codeset - 4.5.189 - merge gh#openSUSE/libstorage-ng#985 - log locale - 4.5.188 - merge gh#openSUSE/libstorage-ng#984 - log some languange environmant variables - log some language environment variables - 4.5.187 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.186 - Translated using Weblate (Swedish) (bsc#1149754) - 4.5.185 - Translated using Weblate (Czech) (bsc#1149754) - 4.5.184 - Translated using Weblate (Slovak) (bsc#1149754) - 4.5.183 - merge gh#openSUSE/libstorage-ng#983 - fixed typo - 4.5.182 - Translated using Weblate (Dutch) (bsc#1149754) - 4.5.181 - Translated using Weblate (Japanese) (bsc#1149754) - Translated using Weblate (Catalan) (bsc#1149754) - merge gh#openSUSE/libstorage-ng#982 - updated pot and po files - 4.5.180 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.179 - merge gh#openSUSE/libstorage-ng#981 - fix reusing volume group name (bsc#1219266) - 4.5.178 - merge gh#openSUSE/libstorage-ng#980 - added experimental support for bcachefs - 4.5.177 ==== libunwind ==== Version update (1.7.2 -> 1.8.0) - Disable LTO on aarch64 until upstream fix the issue: https://github.com/libunwind/libunwind/issues/693 - Update to 1.8.0: * Improve unwinding through a bad function pointer on x86_64 * Fix UMRs indicated by valgrind (x86_64) * fix byte_order_is_valid function logic * Use size_t to match R.H.S * Move get_proc_info_in_range under dwarf/ * Bump actions/checkout@v2 to @V3 * dwarf_find_unwind_table: Find load_base correctly when current segment does not start at segbase * Add introspection for march=armv8-a+sve * Linux: Make get_elf_image guaranteed AS-safe * Provide syscall wrappers for mmap and munmap * Allow to use a custom dl_iterate_phdr implementation * aarch64: unw_step() validates address before calling dwarf_get * Provide AS-safe allocator to LZMA * Rework register load in aarch64_local_resume() * Fix arm postdecrement * Added support for unwinding through PPC64 PLT entries * Fix array indexing bug in dwarf_search_unwind_table * Fix unaligned memory accesses in */Ginit.c * Get filename and offset from ip * Fix maps leak if caller's pathlen is too small * Adjust DYNAMIC addrs in loaded image * Fix crash in elf_w(valid_object) * Fix segfault on QNX ==== make ==== - Use %patch -P ==== man ==== - We don't need anymore systemd-tmpfiles (boo#1219370#c13) - Move creation of /var/cache/man into %pre scriplet (boo#1219370) ==== mariadb ==== Version update (11.2.2 -> 11.2.3) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Update to 11.2.3: https://mariadb.com/kb/en/mariadb-11-2-3-release-notes/ https://mariadb.com/kb/en/mariadb-11-2-3-changelog/ - Update list of skipped tests ==== mdevctl ==== - Add /usr/lib/mdevctl/scripts.d/{callouts,notifiers} directories ==== mozilla-nss ==== Version update (3.96.1 -> 3.97) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.97 * bmo#1875506 - make Xyber768d00 opt-in by policy * bmo#1871631 - add libssl support for xyber768d00 * bmo#1871630 - add PK11_ConcatSymKeys * bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken * bmo#1871152 - add a FreeBL API for Kyber * bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo * bmo#1835828 - Removing the calls to RSA Blind from loader.* * bmo#1874111 - fix worker type for level3 mac tasks * bmo#1835828 - RSA Blind implementation * bmo#1869642 - Remove DSA selftests * bmo#1873296 - read KWP testvectors from JSON * bmo#1822450 - Backed out changeset dcb174139e4f * bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * bmo#1871219 - Wrap CC shell commands in gyp expansions ==== mpg123 ==== Version update (1.32.4 -> 1.32.5) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.32.5 build: * CMake port uses CFLAGS for pulse/jack/tinyalsa properly now (bug 366). * CMake port links libsyn123 with libm now (bug 370). libmpg123: * Fix --enable-portable (no usage of LFS_WRAP_NONE, bug 368). * Fix dct36 wrapper usage for x86-64 and NEON. Stupid (bug 367) and also avoid returning void. * Make ARM builds work with nagging (missing feature macros for std=c99). ==== mtools ==== - Use %autosetup macro. ==== multipath-tools ==== Version update (0.9.7+93+suse.e2f2272 -> 0.9.8~1+82+suse.dcd98a3) Subpackages: kpartx libmpath0 - Update to version 0.9.8~1+82+suse.dcd98a3: * Adapt package version such that it shows as a 0.9.8 prerelease * Add missing udev rules file - Update to version 0.9.7+148+suse.9780ae0: * 11-dm-mpath.rules: Fix quoting mistake (bsc#1219142) - Update to version 0.9.7+148+suse.7d9953e.obscpio * This is a multipath-tools 0.9.8 pre-release * fix fast_io_fail for Infinibox (bsc#1219348) * Fix activation of LVM volume groups during coldplug (bsc#1219142) - Update to version 0.9.7+140+suse.2d78457: * This is a multipath-tools 0.9.8 pre-release * Socket activation via multipathd.socket has been disabled by default because it has undesirable side effects on systems without multipath. Users with multipath hardware should enable multipathd.service * The restorequeueing CLI command now only enables queueing if disablequeueing had been sent before * Avoid multipathd hang during map flush * multipathd now tracks the queueing mode of maps in its internal features string * Improve error messages in 'multipathd -k' * Fix segfault in autoresize code (bsc#1219289) * Fix missing map reloads (bsc#1219796) * Documentation fixes, spelling fixes, minor code fixes ==== musepack ==== - Use %patch -P N instead of deprecated %patchN. ==== ncurses ==== Version update (6.4.20240120 -> 6.4.20240210) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20240210 + compiler-warning fixes, while investigating an optimizer bug in "gcc (MacPorts gcc13 13.2.0_4+stdlib_flag) 13.2.0" which results in only the first byte of a multibyte character being printed to the screen. - Change order of use=vt100+4bsd and use=rxvt+pcfkeys in rxvt-basic to get correct arrow keys back (boo#1219626) - Add ncurses patch 20240203 + minor changes to tracing and locale-checks. - Add ncurses patch 20240127 + amend change to z39-a (report by Sven Joachim). + use xterm+nopcfkeys, vt52-basic, dec+pp, dec+sl, vt52+arrows, hp+pfk+cr, klone+acs, klone+color, klone+sgr, ncr160wy50+pp to trim -TD + NetBSD-related fixes for x68k and wsvt52 (patch by Thomas Klausner) ==== neon ==== - Use %patch -P N instead of deprecated %patchN. ==== nodejs21 ==== Version update (21.5.0 -> 21.6.2) Subpackages: npm21 - Update to 21.6.2: (security updates) * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High) * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High) * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High) * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) * undici version 5.28.3 (CVE-2024-24758, bsc#1220017) * libuv version 1.48.0 - Update to 21.6.1: * Revert "stream: fix cloned webstreams not being unref'd" - Changes in 21.6.0: * New connection attempt events * --allow-addons to enable addon usage when using the Permission Model. * Support configurable snapshot through --build-snapshot-config flag - fix_ci_tests.patch: refreshed ==== nvidia-open-driver-G06-signed ==== Version update (545.29.06_k6.7.4_1 -> 545.29.06_k6.7.5_1) - re-enable build of -azure kernel flavor; syntax check was wrong - remove conflicts to nvidia-open-driver-G06-kmp, since it's now provided instead (OMG!); add obsoletes to it as well to make sure it gets replaced (bsc#1220196) - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN - kernel-syms-azure is not available on ALP ==== nvme-cli ==== Version update (2.7.1 -> 2.8) Subpackages: nvme-cli-bash-completion - Update to version 2.8: * nvme-print-json: append array object in json_support_log * sed: Add plugin for basic SED Opal operations (jsc#PED-5061) * don't include newlines in already wrapped text * nvme: do not include meta data for PRACT=1 and MD=8 (version 2) * create-ns: align the namespaces to 1Mib boundaries when using SI suffixes * doc: Fix config-schema.json's URL * plugins/solidigm: Compressing vs-internal-log log files into zip file. * nbft: do not issue an error if ACPI tables are missing * nbft: fixup include for libnvme * doc: Fix short option name for cfg-file * completions: added Solidigm plugin to autocomplete scripts * nvme: Remove unused cfg argument from NVME_ARGS() macro * nvme: fix directive receive identify offsets * nvme-fabrics: enable option 'concat' * build: Update libnvme wrap * plugins/wdc: Add Debug Log Collection Support * nbft: fix tcp/dhcp address fallback retry (bsc#1218873) * nvme: use correct telemetry log size * nvme-print: fix typo in list verbose output (bsc#1219086) * nvme: print inserted tls key for check-tls-key (bsc#1219086) * plugins/wdc: Plugin fixes and updates * fabrics: move hostid/hostnqn warnings to verbose level (bsc#1219086) ==== obex-data-server ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. - Clean spec file ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Enable running the regression tests in FIPS mode. ==== openvpn ==== Version update (2.6.8 -> 2.6.9) - update to 2.6.9: * Remove unused function prototype crypto_adjust_frame_parameters * Log SSL alerts more prominently * Document tls-exit option mainly as test option * Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway * Fix check_session_buf_not_used using wrong index * Add missing check for nl_socket_alloc failure * Add check for nice in cmake config * Remove compat versionhelpers.h and remove cmake/configure check for it * Extend the error message when TLS 1.0 PRF fails * Fix unaligned access in macOS, FreeBSD, Solaris hwaddr * Check PRF availability on initialisation and add --force-tls-key-material-export * Make it more explicit and visible when pkg-config is not found * Clarify that the tls-crypt-v2-verify has a very limited env set * Implement the --tls-export-cert feature * Remove conditional text for Apache2 linking exception * Remove --tls-export-cert * Remove superfluous x509_write_pem() * sample-keys: renew for the next 10 years * GHA: clean up libressl builds with newer libressl * configure.ac: Remove unused AC_TYPE_SIGNAL macro * documentation: remove reference to removed option --show-proxy-settings * unit_tests: remove includes for mock_msg.h * documentation: improve documentation of --x509-track * NTLM: add length check to add_security_buffer * NTLM: increase size of phase 2 response we can handle * proxy-options.rst: Add proper documentation for --http-proxy-user-pass * buf_string_match_head_str: Fix Coverity issue 'Unsigned compared against 0' * --http-proxy-user-pass: allow to specify in either order with --http-proxy * README.cmake.md: Document minimum required CMake version for --preset * documentation: Update and fix documentation for --push-peer-info * documentation: Fixes for previous fixes to --push-peer-info * OpenBSD: repair --show-gateway * get_default_gateway() HWADDR overhaul * fix uncrustify complaints about previous patch * preparing release 2.6.9 * dco-freebsd: dynamically re-allocate buffer if it's too small * tun.c: don't attempt to delete DNS and WINS servers if they're not set * vcpkg-ports/pkcs11-helper: bump to version 1.30 * Add support for mbedtls 3.X.Y * Update README.mbedtls * Disable TLS 1.3 support with mbed TLS * Enable key export with mbed TLS 3.x.y * protocol_dump: tls-crypt support * Fix IPv6 route add/delete message log level * fix(ssl): init peer_id when init tls_multi ==== orc ==== Version update (0.4.34 -> 0.4.37) - version update to 0.4.37 0.4.37 ====== - enable neon instructions on Apple ARM64 (Aleix Conchillo FlaquÃ©) - orcc: Fix regression, was hard-coded to use "sse" as default target (Sebastian DrÃ¶ge) - MMX backend fixes (L. E. Segovia, Jorge Zapata) - testsuite: Build fixes for Clang (L. E. Segovia) - testsuite, tools: Fix warning caused by inserting unneeded source operands (L. E. Segovia) - orccompiler: call sys_icache_invalidate() to invalidate macos inst cache (Aleix Conchillo FlaquÃ©) - macOS/iOS version/target check build fixes (Aleix Conchillo FlaquÃ©) 0.4.36 ====== - Only use AVX / AVX2 instructions on CPUs that support both AVX and AVX2 (fixes crash on machines that only support AVX) (L. E. Segovia) 0.4.35 ====== - Add support for AVX / AVX2 (L. E. Segovia) - SSE backend improvements (L. E. Segovia) - New `orf` and `andf` opcodes for bitwise AND and OR for single precision floats (Jorge Zapata) - Add support for `convwf`, int16 to float conversion (Jorge Zapata) - Allow backend selection through ORC_TARGET environment variable (L. E. Segovia) - Documentation improvements (Jorge Zapata, L. E. Segovia, Tim-Philipp MÃ¼ller) - orconce: Use Win32 once implementation with MSVC (Seungha Yang, L. E. Segovia) - orcc: add --binary option to output raw machine code for functions (L. E. Segovia) - orcprofile: Implement Windows high-resolution timestamp for MSVC to allow benchmarking on MSVC builds (L. E. Segovia) ==== osinfo-db ==== - Add support for SLE Micro 6.0 (jsc#PED-6305) add-slem6.0-support.patch - Add support for openSUSE Leap 15.6 (jsc#PED-6305) add-opensuse-leap-15.6-support.patch ==== pam-config ==== Version update (2.10 -> 2.11) - Update to version 2.11 - pam_gnome_keyring: use options in AUTH [bsc#1219767] ==== parted ==== Subpackages: libparted-fs-resize0 libparted2 - avoid deprecated rpm syntax ==== patterns-server ==== Subpackages: patterns-server-dhcp_dns_server patterns-server-directory_server patterns-server-file_server patterns-server-kvm_server patterns-server-kvm_tools patterns-server-lamp_server patterns-server-mail_server patterns-server-printing - Do not recommend mailman: pulls a 2nd python stack. - kvm_server pattern: - stop Recommending tigervnc and virt-install as they're 100% client tools. In fact, it is the kvm_tools pattern that does Require them (leave them as Suggested, for now, just to leave a record of them... but only temporarily). Note that this will result in a different behavior, wrt to the current one. I.e., anyone installing _only_ the kvm_server pattern, will not get those two packages automatically. ==== pcr-oracle ==== - Add fix_loader_conf.patch to measure the systemd-boot loader.conf file ==== pcre2 ==== Version update (10.42 -> 10.43) Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 - pcre2 10.43: * The JIT code no longer supports ARMv5 architecture. * A new function pcre2_get_match_data_heapframes_size() for finer heap control. * New option flags to restrict the interaction between ASCII and non-ASCII characters for caseless matching and \d and friends. There are also new pattern constructs to control these flags from within a pattern. * Upgrade to Unicode 15.0.0. * Treat a NULL pattern with zero length as an empty string. * Added support for limited-length variable-length lookbehind assertions, with a default maximum length of 255 characters (same as Perl) but with a function to adjust the limit. * Perl changed the meaning of (for example) {,3} which did not used to be recognized as a quantifier. Now it means {0,3} and PCRE2 has also changed. Note that {,} is still not a quantifier. * Following Perl, allow spaces and tabs after { and before } in all Perl- compatible items that use braces, and also around commas in quantifiers. The one exception in PCRE2 is \u{...}, which is from ECMAScript, not Perl, and PCRE2 follows ECMAScript usage. * Changed the meaning of \w and its synonyms and derivatives (\b and \B) in UCP mode to follow Perl. It now matches characters whose general categories are L or N or whose particular categories are Mn (non-spacing mark) or Pc (combining punctuation). * Changed the default meaning of [:xdigit:] in UCP mode to follow Perl. It now matches the "fullwidth" versions of hex digits. PCRE2_EXTRA_ASCII_DIGIT can be used to keep it ASCII only. * Make PCRE2_UCP the default in UTF mode in pcre2grep and add - no_ucp, --case-restrict and --posix-digit. * Add --group-separator and --no-group-separator to pcre2grep. ==== perl-Bootloader ==== Version update (1.11 -> 1.12) - merge gh#openSUSE/perl-bootloader#163 - validate test output for each shell individually - update and extend tests - reworked default-settings command - add test case for default-settings - rework get-option command - add test case for get-option - rework del-option command - add test case for del-option - rework add-option command - add test case for add-option - rework grub2-efi install - adjust some tests - systemd-boot test adjusted - rework remove-kernel option and add tests - rework add-kernel option and add tests - adjust kexec-bootloader and add tests - remove support for dash - remove ancient perl library code from master branch - updated git2log script - adjust spec file - rewrite grub2 install to be more compatible (bsc#1214361) - 1.12 ==== php8 ==== Version update (8.2.15 -> 8.2.16) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.2.16 * This is a bug fix release. - modified patches % php-build-reproducible-phar.patch (refreshed) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Force using doxygen-1_10 in SLE where the default doxygen is too old and generates broken docs (boo#1217886) - Add a conflict in -pulseaudio with pipewire-modules-%{apiver} < 1.0.0 since the libpipewire-module-protocol-pulse.so module was included in - modules before 1.0.0 so we should avoid a file conflict. ==== pkcs11-helper ==== Version update (1.29.0 -> 1.30.0) - update to 1.30.0: * core: add dynamic loader provider attribute * openssl: support DSA in libressl-3.5.0 * openssl: fix openssl_ex_data_dup prototype - get rid of almost empty pkcs11-helper package ==== pkgconf ==== Version update (1.8.0 -> 2.1.1) Subpackages: pkgconf-m4 pkgconf-pkg-config - update to 2.1.1: * Fix --modversion with constraints * Reintroduce an optimization to the dependency graph walker which avoids revisiting already visited nodes * Add a regression test to check that the dependency flattener is working as expected - update to 2.1.0: * new solver for higher performance with complicated graphs * Add --license selector to the pkgconf CLI * Add flag --verbose and --solution to CLI * Changes and fixes to --modversion * bug fixes and developer visible changes - drop pkgconf-CVE-2023-24056.patch, now included ==== poppler ==== Version update (23.12.0 -> 24.02.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - version update to 24.02.0 Release 24.02.0: core: * Fix reading some JBIG2 streams. Issue #1319 * Fix saving some annotation interior color when it's empty * Make searching for fonts when adding annotations a bit faster * Make sure images are compressed when adding them * Small internal code cleanup utils: * pdfimages: return exit code 2 when error opening output files Release 24.01.0: core: * Don't crash on certain documents on the NSS signature backend * Fix infinite loop in some annotation code if there's not space for even one character * Fix build on Android with generic font configuration * Small internal code cleanup ==== poppler-qt5 ==== Version update (23.12.0 -> 24.02.0) - version update to 24.02.0 Release 24.02.0: core: * Fix reading some JBIG2 streams. Issue #1319 * Fix saving some annotation interior color when it's empty * Make searching for fonts when adding annotations a bit faster * Make sure images are compressed when adding them * Small internal code cleanup utils: * pdfimages: return exit code 2 when error opening output files Release 24.01.0: core: * Don't crash on certain documents on the NSS signature backend * Fix infinite loop in some annotation code if there's not space for even one character * Fix build on Android with generic font configuration * Small internal code cleanup ==== potrace ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== prctl ==== - Use %patch -P N instead of deprecated %patchN. - Move license to %license section ==== publicsuffix ==== Version update (20240123 -> 20240212) - Update to version 20240212: * Add cprapid.com suffix to private section (#1892) * util: gTLD data autopull updates for 2024-02-08T15:13:14 UTC (#1932) * Added Cyclic Software (#1737) * Update public_suffix_list.dat for scw.cloud subdomains (#1740) * Update public_suffix_list.dat (#1926) * Add ZAP-Hosting cloud domain (#1907) * Add `flutterflow.app` (#1666) * Update public_suffix_list.dat (#1614) * Brave Submissions to the Public Suffix List - Q4 2023 (#1872) * Add pley.games (#1881) * Add panel.dev (#1916) * add 12CHARS to private domains (#1915) * Azure updates for Microsoft Corporate Domains (#1891) * Remove blog.kg from private section (#1840) * AWS Submissions to the Public Suffix List - Q4 2023 (#1876) * Homebase requested the addition of id.pub kin.one kin.pub (#1768) * Replace run.app and a.run.app with *.run.app (#1928) * Add pages.gay (#1920) * Update Platform.sh domains (#1792) * fix(adobe): add aem.live and aem.page domains (#1874) * Update code builder domains with the canary (#1802) * Add atmeta.com to PSL and consolidate Meta entries (#1736) * util: gTLD data autopull updates for 2024-01-24T15:14:29 UTC (#1923) ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils system-user-pulse - Add cherry-picks to fix UCM crashes * pulseaudio-replace-port-device-UCM-context-assertion-with-an-error.patch * pulseaudio-check-UCM-verb-before-working-with-device-status.patch ==== python-cryptography ==== Version update (41.0.7 -> 42.0.4) - update to 42.0.4 (bsc#1220210, CVE-2024-26130): * Fixed a null-pointer-dereference and segfault that could occur when creating a PKCS#12 bundle. Credit to Alexander-Programming for reporting the issue. CVE-2024-26130 * Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields SMIMECapabilities and SignatureAlgorithmIdentifier should now be correctly encoded according to the definitions in :rfc:2633 :rfc:3370. - update to 42.0.3: * Fixed an initialization issue that caused key loading failures for some users. - Drop patch skip_openssl_memleak_test.patch not needed anymore. - update to 42.0.2: * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1. * Fixed an issue that prevented the use of Python buffer protocol objects in sign and verify methods on asymmetric keys. * Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive s.asymmetric.ec.EllipticCurvePrivateKey.exchange`, X25519PrivateKey :meth:`~cryptography.hazmat.primitives.asymm etric.x25519.X25519PrivateKey.exchange`, X448PrivateKey :meth :`~cryptography.hazmat.primitives.asymmetric.x448.X448Private Key.exchange`, and DHPrivateKey :meth:`~cryptography.hazmat.p rimitives.asymmetric.dh.DHPrivateKey.exchange`. - update to 42.0.1: * Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive s.asymmetric.ec.EllipticCurvePrivateKey.sign`. * Resolved compatibility issue with loading certain RSA public keys in :func:`~cryptography.hazmat.primitives.serialization. load_pem_public_key`. * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7. * BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field using :func:`~cryptography.hazmat.primitives.serialization.pk cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm at.primitives.serialization.pkcs7.load_der_pkcs7_certificates ` will now raise a ValueError rather than return an empty list. * Parsing SSH certificates no longer permits malformed critical options with values, as documented in the 41.0.2 release notes. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0. * Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0. * We now publish both py37 and py39 abi3 wheels. This should resolve some errors relating to initializing a module multiple times per process. * Support :class:`~cryptography.hazmat.primitives.asymmetric.pa dding.PSS` for X.509 certificate signing requests and certificate revocation lists with the keyword-only argument rsa_padding on the sign methods for :class:`~cryptography.x509.CertificateSigningRequestBuilder` and :class:`~cryptography.x509.CertificateRevocationListBuilder`. * Added support for obtaining X.509 certificate signing request signature algorithm parameters (including PSS) via :meth:`~cr yptography.x509.CertificateSigningRequest.signature_algorithm _parameters`. * Added support for obtaining X.509 certificate revocation list signature algorithm parameters (including PSS) via :meth:`~cr yptography.x509.CertificateRevocationList.signature_algorithm _parameters`. * Added mgf property to :class:`~cryptography.hazmat.primitives .asymmetric.padding.PSS`. * Added algorithm and mgf properties to :class:`~cryptography.h azmat.primitives.asymmetric.padding.OAEP`. * Added the following properties that return timezone-aware datetime objects: :meth:`~cryptography.x509.Certificate.not_valid_before_utc`, :meth:`~cryptography.x509.Certificate.not_valid_after_utc`, : meth:`~cryptography.x509.RevokedCertificate.revocation_date_u tc`, :meth:`~cryptography.x509.CertificateRevocationList.next _update_utc`, :meth:`~cryptography.x509.CertificateRevocation List.last_update_utc`. These are timezone-aware variants of existing properties that return naÃ¯ve datetime objects. * Deprecated the following properties that return naÃ¯ve datetime objects: :meth:`~cryptography.x509.Certificate.not_valid_before`, :meth:`~cryptography.x509.Certificate.not_valid_after`, :meth :`~cryptography.x509.RevokedCertificate.revocation_date`, :me th:`~cryptography.x509.CertificateRevocationList.next_update` , :meth:`~cryptography.x509.CertificateRevocationList.last_up date` in favor of the new timezone-aware variants mentioned above. * Added support for :class:`~cryptography.hazmat.primitives.cip hers.algorithms.ChaCha20` on LibreSSL. * Added support for RSA PSS signatures in PKCS7 with :meth:`~cr yptography.hazmat.primitives.serialization.pkcs7.PKCS7Signatu reBuilder.add_signer`. * In the next release (43.0.0) of cryptography, loading an X.509 certificate with a negative serial number will raise an exception. This has been deprecated since 36.0.0. * Added support for :class:`~cryptography.hazmat.primitives.cip hers.aead.AESGCMSIV` when using OpenSSL 3.2.0+. * Added the :mod:`X.509 path validation <cryptography.x509.verification>` APIs for ... changelog too long, skipping 9 lines ... - switch to new cargo-vendor ==== python-linux-procfs ==== - align license tag with COPYING ==== python-lxml ==== - Add skip-test-under-libexpat-2.6.0.patch to skip broken test with expat 2.6.0, gh#python/cpython#115133 ==== python311 ==== Subpackages: python311-curses python311-dbm - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115289 ==== python311-core ==== Subpackages: libpython3_11-1_0 python311-base - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115289 ==== qalculate ==== Version update (4.8.1 -> 4.9.0) Subpackages: libqalculate22 qalculate-data - update to v4.9.0: * Support for specifying a fixed denominator for display of fractions (e.g. "0.3 ft â 1/8 â (3 + 5/8) in") * Return gcd of numerators divided by lcm of denominators in gcd() with non-integer rational numbers, and vice versa for lcm() * Add units for mean Gregorian and tropical years * Ignore underscore in number * Replace defunct exchange rates source and fix bitcoin exchange rate * Fix asin(x)=a, acos(x)=a, and atan(x)=a, when a contains an angle unit and default angle unit is set * Fix output of value converted to unit expression with numerical multiplier in denominator, e.g. "â L/(100 km)" * Fix segfault when trying to solve "(xsqrt(x)-ysqrt(y))/(sqrt(x)-sqrt(y))=x+sqrt(x*y)+y" * Fix parsing of case insensitive object name ending with Unicode character when followed by another Unicode character in expression, e.g. "Ð¼Ð¸ÐºÑÐ¾Ð¼ÐµÑÑ" * Add history command, listing expression history * Display all exponents 0-9 using Unicode superscript characters if these are the only exponents in the expression ==== qemu ==== Version update (8.2.0 -> 8.2.1) Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Just "prettify" the spec files a little: * [openSUSE][RPM] Cosmetic fixes to spec files (copyright, sorting, etc) - Patchqueue shrinking and bugfixing (actually, more of a temporary workaround, until a proper solution is found upstream): * [openSUSE] roms/seabios: revert some upstream commits that break a lot of use-cases * [openSUSE] roms/seabios: Drop an old (and no longer necessary) downstream patch (bsc#1219977) Update to latest stable version (8.2.1) - Downstream changes: * [openSUSE][RPM]: Install the VGA module "more often" (bsc#1219164) * [openSUSE][RPM] Fix handling of qemu-kvm legacy package for RISCV * [openSUSE][RPM] factor common definitions between qemu and qemu-linux-user spec files - Upstream backports: * target/arm: Fix incorrect aa64_tidcp1 feature check * target/arm: Fix A64 scalar SQSHRN and SQRSHRN * target/xtensa: fix OOB TLB entry access * qtest: bump aspeed_smc-test timeout to 6 minutes * monitor: only run coroutine commands in qemu_aio_context * iotests: port 141 to Python for reliable QMP testing * iotests: add filter_qmp_generated_node_ids() * block/blklogwrites: Fix a bug when logging "write zeroes" operations. * virtio-net: correctly copy vnet header when flushing TX (bsc#1218484, CVE-2023-6693) * tcg/arm: Fix SIGILL in tcg_out_qemu_st_direct * linux-user/riscv: Adjust vdso signal frame cfa offsets * linux-user: Fixed cpu restore with pc 0 on SIGBUS * block/io: clear BDRV_BLOCK_RECURSE flag after recursing in bdrv_co_block_status * coroutine-ucontext: Save fake stack for pooled coroutine * tcg/s390x: Fix encoding of VRIc, VRSa, VRSc insns * accel/tcg: Revert mapping of PCREL translation block to multiple virtual addresses * acpi/tests/avocado/bits: wait for 200 seconds for SHUTDOWN event from bits VM * s390x/pci: drive ISM reset from subsystem reset * s390x/pci: refresh fh before disabling aif * s390x/pci: avoid double enable/disable of aif * hw/scsi/esp-pci: set DMA_STAT_BCMBLT when BLAST command issued * hw/scsi/esp-pci: synchronise setting of DMA_STAT_DONE with ESP completion interrupt * hw/scsi/esp-pci: generate PCI interrupt from separate ESP and PCI sources * hw/scsi/esp-pci: use correct address register for PCI DMA transfers * migration/rdma: define htonll/ntohll only if not predefined * hw/pflash: implement update buffer for block writes * hw/pflash: use ldn_{be,le}_p and stn_{be,le}_p * hw/pflash: refactor pflash_data_write() * backends/cryptodev: Do not ignore throttle/backends Errors * target/i386: pcrel: store low bits of physical address in data[0] * target/i386: fix incorrect EIP in PC-relative translation blocks * target/i386: Do not re-compute new pc with CF_PCREL * load_elf: fix iterator's type for elf file processing * target/hppa: Update SeaBIOS-hppa to version 15 * target/hppa: Fix IOR and ISR on error in probe * target/hppa: Fix IOR and ISR on unaligned access trap * target/hppa: Export function hppa_set_ior_and_isr() * target/hppa: Avoid accessing %gr0 when raising exception * hw/hppa: Move software power button address back into PDC * target/hppa: Fix PDC address translation on PA2.0 with PSW.W=0 * hw/pci-host/astro: Add missing astro & elroy registers for NetBSD * hw/hppa/machine: Disable default devices with --nodefaults option * hw/hppa/machine: Allow up to 3840 MB total memory * readthodocs: fully specify a build environment * .gitlab-ci.d/buildtest.yml: Work around htags bug when environment is large * target/s390x: Fix LAE setting a wrong access register * tests/qtest/virtio-ccw: Fix device presence checking * tests/acpi: disallow tests/data/acpi/virt/SSDT.memhp changes * tests/acpi: update expected data files * edk2: update binaries to git snapshot * edk2: update build config, set PcdUninstallMemAttrProtocol = TRUE. * edk2: update to git snapshot * tests/acpi: allow tests/data/acpi/virt/SSDT.memhp changes * util: fix build with musl libc on ppc64le * tcg/ppc: Use new registers for LQ destination * hw/intc/arm_gicv3_cpuif: handle LPIs in in the list registers * hw/vfio: fix iteration over global VFIODevice list * vfio/container: Replace basename with g_path_get_basename * edu: fix DMA range upper bound check * hw/net: cadence_gem: Fix MDIO_OP_xxx values * audio/audio.c: remove trailing newline in error_setg * chardev/char.c: fix "abstract device type" error message * target/riscv: Fix mcycle/minstret increment behavior * hw/net/can/sja1000: fix bug for single acceptance filter and standard frame * target/i386: the sgx_epc_get_section stub is reachable * configure: use a native non-cross compiler for linux-user * include/ui/rect.h: fix qemu_rect_init() mis-assignment * target/riscv/kvm: do not use non-portable strerrorname_np() * iotests: Basic tests for internal snapshots * vl: Improve error message for conflicting -incoming and -loadvm * block: Fix crash when loading snapshot on inactive node - Fixes: * bsc#1218484 (CVE-2023-6693) - Try to solve the qemu-kvm dependency issues on all arches (see, e.g., bsc#1218684) * [openSUSE][RPM] Create the legacy qemu-kvm symlink for all arches - Update the service file to use OBS-scm (by fvogt) - Various fixes: * [openSUSE][RPM] Fix enabling features on non-x86_64 (bsc#1220011, bsc#1219818) * [openSUSE][RPM] Disable test-crypto-secret in linux-user build * [openSUSE] Update ipxe submodule reference (bsc#1219733, bsc#1219722) * [openSUSE][RPM] spec: allow building without spice ==== rdma-core ==== Subpackages: libefa1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - Add kernel-boot-do-not-load-module-unsupported-on-s390.patch to prevent autoload of module not supported on s390. (bsc#1219805) ==== rpm ==== Subpackages: librpmbuild10 - Add patches to enable reproducible builds by default (bsc#1148824). For upstream versions see: https://github.com/rpm-software-management/rpm/pull/2880 0001-Add-option-to-set-mtime-of-files-in-rpms.patch 0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch 0003-Error-out-on-a-missing-changelog-date.patch ==== rpm-config-SUSE ==== Version update (20240118 -> 20240214) - Update to version 20240214: * set_permissions: handle chkstat failure more grateful (bsc#1219736) ==== rubygem-vagrant_cloud ==== Version update (3.0.5 -> 3.1.1) - update to 3.1.1: * Update path prefixing behavior on request [GH-85] - update to 3.1.0: * Add support for architecture in providers [GH-82] ==== rzip ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== samba ==== Version update (4.19.4+git.339.acf1ccaa020 -> 4.19.5+git.342.57620c4f7e) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - Update to 4.19.5 * Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot; (bso#13688). * Symlinks on AIX are broken in 4.19 (and a few version before that); (bso#15549). * Fake directory create times has no effect; (bso#12421). * ctime mixed up with mtime by smbd; (bso#15550). * samba-gpupdate --rsop fails if machine is not in a site; (bso#15548). * gpupdate: The root cert import when NDES is not available is broken; (bso#15557). * samba-gpupdate should print a useful message if cepces-submit can't be found; (bso#15552). * samba-gpupdate logging doesn't work; (bso#15558). * smbpasswd reset permissions only if not 0600; (bso#15555). ==== sane-backends ==== Subpackages: libsane1 sane-backends-autoconfig - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. - Add BuildArch noarch to autoconfig subpackage ==== sdbootutil ==== Version update (1+git20240122.c0d8f76 -> 1+git20240215.cb7e392) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240215.cb7e392: * Add --no-random-seed argument - Update to version 1+git20240214.ba81e0e: * Fix pcr-oracle use * Add device when generating initrd for snapshots * Use systemd-pcrlock * Pre-built initrd support * Add subvolumes_prefix support ==== sg3_utils ==== Version update (1.48+7.63e63cb -> 1.48+8.37ca384) Subpackages: libsgutils2-1_48-2 - Fix missing SCSI_MODEL and other fields for "sg_inq --export" (bsc#1219874) ==== shadow ==== Version update (4.14.3 -> 4.14.5) Subpackages: libsubid4 login_defs - Update to 4.14.5: * Build system: + Fix regression introduced in 4.14.4, due to a typo. chgpasswd had been deleted from a Makefile variable, but it should have been chpasswd. - Remove shadow-4.14.4-chgpasswd-typo.patch - Update to 4.14.4: * Build system: + Link correctly with libdl. + Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. * libshadow: + Fix build error (parameter name omitted). + Fix off-by-one bug. + Remove warning. - Add shadow-4.14.4-chgpasswd-typo.patch: to fix build. See #926 - Update patch macro `patchN` -> `patch -P N` ==== shared-mime-info ==== - Explicitly use gcc 13 on SLE. ==== shim ==== - Modified shim.spec file to add suffix string of project to filename of included certificates. e.g. rpm -pql shim-15.8-lp155.6.1.x86_64.rpm /etc/uefi /etc/uefi/certs /etc/uefi/certs/2B697CB1-shim-devel.crt /etc/uefi/certs/4659838C-shim-opensuse.crt /etc/uefi/certs/BCA4E38E-shim-sles.crt The original name of crt files are: /etc/uefi/certs/2B697CB1-shim.crt /etc/uefi/certs/4659838C-shim.crt /etc/uefi/certs/BCA4E38E-shim.crt It can indicate the souce project of certificates. - Sometimes SLE shim signature be Microsoft updated before openSUSE shim signature. When submit request on IBS for updating SLE shim, the submitreq project be generated, but it always be blocked by checking the signature of openSUSE shim. It doesn't make sense checking openSUSE shim signature when building SLE shim on SLE platform, and vice versa. So the following change adds the logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse). When and only when hash mismatch and distro_id match with suffix, stop building. [#] compare suffix (sles, opensuse) with distro_id (sle, opensuse) [#] when hash mismatch and distro_id match with suffix, stop building - Sync the changelog between openSUSE:Factory/shim with SLE-15-SP3/shim - Add CVE-2022-28737 number to "Mon Mar 27 09:26:02 UTC 2023" record - Add "Thu Apr 13 05:28:10 UTC 2023" record for updating shim-install for bsc#1210382. - Add "Thu Apr 13 09:13:22 UTC 2023" record for changing the logic of checking shim signature. - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) 92d0f4305df73 Set the SRK algorithm for the TPM2 protector ==== signon-plugin-oauth2 ==== - Switch to %autosetup ==== spacenavd ==== - Replace %patchN with %autosetup ==== spice-gtk ==== Subpackages: libspice-client-glib-2_0-8 libspice-client-glib-helper libspice-client-gtk-3_0-5 typelib-1_0-SpiceClientGlib-2_0 typelib-1_0-SpiceClientGtk-3_0 - do not require six (https://trello.com/c/MO53MocR/143-remove-python3-six) - added patches fix https://gitlab.freedesktop.org/spice/spice-common/-/commit/29dacb5f53f5183f… + spice-gtk-no-six.patch ==== suseconnect-ng ==== Version update (1.3.0~git0.ae8ba1e -> 1.7.0~git2.21ba08e) Subpackages: libsuseconnect suseconnect-ruby-bindings - Update to version 1.7.0~git2.21ba08e * Allow SUSEConnect on read write transactional systems (bsc#1219425) - Update to version 1.6.0 * Disable EULA display for addons (bsc#1218649 and bsc#1217961) - Update to version 1.5.0 * Configure docker credentials for registry authentication * Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) * Add --json output option - Update to version 1.4.0 * Added EULA display for addons (bsc#1170267) * Fix zypper argument for auto-agreeing licenses (bsc#1214781) * Enable building on SLE12 SP5 (jsc#PED-3179) ==== systemd ==== Version update (254.8 -> 254.9) Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-coredump udev - Import commit 31f1148f75a1155d3eb37fd1a450096d669ec65b 31f1148f75 seccomp: include `fchmodat2` in `@file-system` (bsc#1219766) 001f349c57 service: Demote log level of NotifyAccess= messages to debug (bsc#1210113 jsc#PED-6214) - Add a new %upstream macro to support building from upstream sources. This will allow upstream to build systemd rpms using the opensuse systemd packaging specs. These rpms will be built and used in upstream's mkosi based hacking and testing environment to test changes and in the future to run integration tests as well. By building the rpms using the opensuse packaging specs, the idea is to catch more issues ahead of time as the mkosi environment will behave more like a regular opensuse system. - Add new %version_override and %version_release macros to allow overriding the version and release of the rpm respectively. - Import commit 53e2aaaf9d69fb1c8f6ae2c9f8a99b02d70d318f 53e2aaaf9d vconsole-setup: don't fail if the only found vc is already used by plymouth (bsc#1218618) 22c4878430 vconsole-setup: port to main-func.h boilerplate - systemd-testsuite: depend on "qemu" instead of "qemu-kvm", the latter is obsolete. (bsc#1218684) - Import commit fbf9f32eb774ba6ec54e0d5d53b36baaf3e6b146 fbf9f32eb7 test/test-shutdown.py: optionally display the test I/Os in a dedicated log file cd012774df test-69: send SIGTERM to ask systemd-nspawn to properly stop the container d883b83244 man: Document ranges for distributions config files and local config files - Import commit fa94ab006d09686cef121aaa3baa10cf5ca95e19 (merge of v254.9) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/67a5ac1043417d900bf417a884372ae… - Update the version of libbpf dlopened by systemd (weak dependency) (bsc#1219440) ==== tecla-keyboard-layout-viewer ==== Version update (45.rc -> 45.0) - Update to version 45.0: + Added shortcuts to exit the dialog + Fix UI in RTL environments + Fix a11y initialization + Updated translations. ==== thin-provisioning-tools ==== Version update (1.0.10 -> 1.0.11) - Update to version 1.0.11: * Bump version nr to 1.0.11 * [thin/cache_check] Print suggestive hints for improving error resolution * [tests] Fix a typo in command name * [cache_check] Fix boundary check on the bitset for cached blocks ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - Set the URL at Source0. - patches have been renamed * u_build_libXvnc_as_separate_library.patch --> u_tigervnc-Build-libXvnc-as-separate-library.patch * n_vncserver.patch --> n_tigervnc-Vncserver.patch * n_correct_path_in_desktop_file.patch --> n_tigervnc-Correct-path-in-desktop-file.patch * n_tigervnc-date-time.patch --> n_tigervnc-Date-time.patch * u_change-button-layout-in-ServerDialog.patch --> u_tigervnc-Change-button-layout-in-ServerDialog.patch * n_dont_sign_java_client.patch --> n_tigervnc-Dont-sign-java-client.patch * u_tigervnc-add-autoaccept-parameter.patch --> u_tigervnc-Add-autoaccept-parameter.patch * u_tigervnc-ignore-epipe-on-write.patch u_tigervnc-Ignore-epipe-on-write.patch - Cleanup specfile * Use the same format for all the patches. * Use autosetup to apply all the patches with -p1. * Clean number of sources. - buildrequire xorg-x11-server-source/-sdk >= 21.1.11 and trigger rebuild with newer xorg-x11-server-source package (bsc#1219311, bsc#1219205) ==== tmux ==== Version update (3.3a -> 3.4) - tmux 3.4 * Improve handling of newer Unicode combined characters * Add basic support for SIXEL images * Add support for spawning panes in separate cgroups with systemd * Add support for OSC 8 hyperlinks. * Expanded configuration options * Improved detection and support of terminal options * Tweaks to UI and behavior - drop patches: * ncurses.patch * tmux-CVE-2022-47016.patch ==== transmission ==== Subpackages: transmission-common transmission-gtk - Fix build with recent cmake macro change (DOCDIR): do not install the documentation using cmake, as we already do so using %doc. Change if(INSTALL_DOC) to if(FALSE) in CMakeLists.txt. The more obvious option of passing -DINSTALL_DOC=OFF is ot viable, as that also disables installing the man pages. - Migrate from update-alternatives to libalternatives (bsc#1219107). ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2024.01 * Patches dropped: 0020-bcm2835-brcm-bcm2708-fb-device-is-u.patch 0023-pci-pcie-brcmstb-Add-bcm2712-PCIe-c.patch * Patches added: 0020-bcm2835-Dynamically-calculate-bytes.patch 0023-configs-rpi_arm64-build-position-in.patch ==== unison ==== Version update (2.53.3 -> 2.53.4) - Update to version 2.53.4 * Preferences "force", "prefer" and related "partial" preferences now work slightly differently with values "newer" and "older". Previously, if mtimes in both replicas were equal then always the second root propagated to the first root (possibly reverting user changes). It is now made explicit that "newer" and "older" only work when mtimes are different. * Bugfixes, minor improvements, cleanups. ==== unixODBC ==== - Use %patch -P N instead of deprecated %patchN. ==== unzip ==== Subpackages: unzip-doc - Use %patch -P N instead of deprecated %patchN. ==== utempter ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Add file conflict of util-linux-tty-tools and busybox-util-linux. ==== util-linux-systemd ==== - Add file conflict of util-linux-tty-tools and busybox-util-linux. ==== vacation ==== - Install german manual page as well - Use %patch -P N instead of deprecated %patchN. ==== vde2 ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== vid_stab ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== vim ==== Version update (9.1.0000 -> 9.1.0111) Subpackages: vim-data vim-data-common xxd - Use %patch -P N instead of deprecated %patchN. - update to 9.1.0111: * filetype: no support for bats files * filetype: add 'Config.in' filetype detection * runtime(asciidoc): include basic ftplugin * filetype: no support for its files * runtime(vim): Update base-syntax, remove unused vimString region * runtime(vim): Update base-syntax, fix :behave highlighting * runtime(vim): update Vim Syntax generator * filetype: no support for dtso files * Visual highlight hard to read with 'termguicolors' * runtime(vim): include Vim Syntax generator * Style: typos found * Linking fails with -lto because of PERL_CFLAGS * 'breakindentopt' "min" not correct with 'signcolumn' * settabvar() may change the last accessed tabpage * upper-case of German sharp s should be U+1E9E * Redrawing can be improved with undo and 'spell' * Not able to use diff() with 'diffexpr' * runtime(gpg): Mark dangerous use-embedded-filename with WarningMsg * CompletionChanged not triggered when new leader added without matches * 'breakindent' behaves inconsistently with 'list' and splits * runtime(vim): Update syntax file * diff() function uses 'diffexpr' * tests: test_restricted() fails * xxd: buffer-overflow when writing color output * Still a qsort() comparison function that returns result of subtraction * Compiler warning for missing type in scroll_event() * Syntax test fails when run with non C locale * Assigning wrong colors when parsing terminal OSC response * runtime(vim): Fix indent after line with literal dict * qsort() comparison functions should be transitive * TextChanged not triggered for :norm! commands * Restoring lastused_tabpage too early in do_arg_all() * Problem when scrolling using slow touchpads scroll event * X11 scroll size changes after accessing clipboard * Visual hl wrong when it ends before multibyte 'showbreak' * Redrawing can be improved when deleting lines with 'number' * Redrawing can be improved when deleting lines with 'cursorline' * runtime(doc): further improve docs about List/Blob += operator * X11 mouse-scrolling stutters * runtime(doc): Clarify list-concatenation a bit more * unexpected error for modifying final list using += * LineNrAbove/Below highlighting wrong on wrapped lines * runtime(dosbatch): improve '::' comment highlighting * GTK3: using wrong style for pre-edit area * Unnecessary call to redraw_for_cursorline() in nv_mousescroll() * runtime(colors): color names in the v:colornames dict should be lower cased * luau config file not detected * runtime(vim): Update syntax file * insert completion not correct when adding new leader * did_set_breakat() should be in optionstr.c * Looping over modifier_keys_table unnecessarily * Not able to build without FEAT_DIFF * translation(ca): Fixe typos in Catalan translation * Need a diff() Vim script function * translation(ru): Updated Russian translation of messages * runtime(vim): Update syntax file * runtime(fortran): update syntax * ScreenLines may not be correctly initialized, causing hang * Visual highlighting can still be improved * gcc still complains about use of uninitialized var * runtime(racket): add missing space to b:undo_indent var * runtime(Filelist): include README_vimlogo.txt * gcc complains about use of uninitialized var * runtime(vimlogo): Include and modernize vimlogo.svg * runtime(netrw): fixing remote file removal via ssh * runtime(doc): correct Vim patch for Wayland support * runtime(racket): undo some indent options only when vim9script is available * runtime(doc): Update help for Wayland support * Segfault with CompleteChanged autocommand * No Wayland support * GTK code can be improved * Internal error when :luado/perldo/pydo etc delete lines * UX of visual highlighting can be improved * runtime(netrw): Use :exec norm! <leftmouse> before :call mapping in netrw * Recorded register cannot be translated using keytrans() * runtime(vim): Highlight string interpolation * runtime(vim): Update syntax and ftplugin files * runtime(ant): Update syntax file * runtime(hurl): add hurl filetype plugin * runtime(vim): Update syntax file * runtime(doc): style fixes in vim9.txt * No event triggered before creating a window * Cannot map Super Keys in GTK UI * wrong number of trailing spaces inserted after blockwise put * formatting long lines is slow * 'linebreak' may still apply to leading whitespace * Patch 9.1.0041 causes regressions for users * runtime(mail): fix #13913 * runtime(netrw): Don't change global options * runtime(fortran): update syntax and documentation * Win32 Keyboard handling is sub-optimal * Make "[Command Line]" a special buffer name * Abort opening cmdwin if autocmds screw things up * issues with temp curwin/buf while cmdwin is open * runtime(c): Highlight user defined functions * :drop does not re-use empty buffer * --remote-* does not ignore `wilidignore` ... changelog too long, skipping 76 lines ... * Add support for `syntax foldlevel` command ==== virt-manager ==== Subpackages: virt-install virt-manager-common - bsc#1219791 - [virt-manager][aarch64] Error launching details: name 'log' is not defined virtinst-enable-video-virtio-for-arm.patch ==== virtiofsd ==== - Spec: Adjust libvirt/virtiofsd interop config file to handle differences in the definition of libexecdir macro on SLE and Tumbleweed (bsc#1219772) ==== vmaf ==== - fix dependency on xxd ==== vorbis-tools ==== - Use %patch -P N instead of deprecated %patchN. ==== vpnc ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== vsftpd ==== - Use %patch -P N instead of deprecated %patchN. ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Increase mem_per_process again to match what is in SLE. The build was sporadically failing there (bsc#1198743). - Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0, but webkitgtk uses a function added in 1.20.0, so we need to ensure that the wayland update is pulled in (bsc#1215072). - Fix package names for v6, and obsolete old packages. - Use gcc 11 on SLE, to match what is currently used on SP4, and adjust version check to include SP6. Also, use system malloc there; the build currently fails without this (webkit#243535). - Require gcc >= 10.2 to match the current cmake test. - Disable jpegxl on SLE; it isn't currently available there. ==== webkit2gtk3-soup2 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Increase mem_per_process again to match what is in SLE. The build was sporadically failing there (bsc#1198743). - Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0, but webkitgtk uses a function added in 1.20.0, so we need to ensure that the wayland update is pulled in (bsc#1215072). - Fix package names for v6, and obsolete old packages. - Use gcc 11 on SLE, to match what is currently used on SP4, and adjust version check to include SP6. Also, use system malloc there; the build currently fails without this (webkit#243535). - Require gcc >= 10.2 to match the current cmake test. - Disable jpegxl on SLE; it isn't currently available there. ==== webrtc-audio-processing ==== - Use %patch -P N instead of deprecated %patchN. ==== wget ==== - Use %patch -P N instead of deprecated %patchN. ==== wmctrl ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== wpa_supplicant ==== - Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975) ==== wsdd ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== xdg-menu ==== - Use %patch -P N instead of deprecated %patchN. ==== xfce4-notifyd ==== Version update (0.9.3 -> 0.9.4) Subpackages: xfce4-notifyd-lang - update to 0.9.4: * Clarify why the symbolic icons don't go in symbolic/status * Fix icons directory names * Fall back to monitor 0 if no primary monitor set * Add a fallback for drawing the unread notification emblem * Remove redundant icon embleming code * Fix opacity on notification hover * Translation Updates ==== xfce4-terminal ==== Version update (1.1.1 -> 1.1.2) Subpackages: xfce4-terminal-lang - Update to version 1.1.2 * Update copyright year * Update tooltip when hovering over a hyperlink * build: Align CFLAGS with LDADD * prefs-dialog: Add missing strings to translate (#222) * dropdown: Default dropdown-toggle-focus to false * Add runtime guard for XfceSMClient * build: Restrict XfceSMClient to X11 * Determine cwd on FreeBSD in a native way instead of using linprocfs * window: Remove weak ref on prefs dialog in finalize() * build: Get rid of #ifdef G_ENABLE_DEBUG * Do not reconnect accels when closing last tab * build: Lower xfce4-dev-tools requirements to stable version * search-dialog: Use xfce_titled_dialog_set_default_response() * Translation Updates - Update gxo-282.patch - Add gxo-299.patch * backport fix for "paste unsafe text" dialog not popping up (gxo#apps/xfce4-terminal#299) ==== xfsprogs ==== Version update (6.5.0 -> 6.6.0) Subpackages: libhandle1 xfsprogs-scrub - update to 6.6.0 - xfs_scrub: add missing license and copyright information - xfs_db: report the device associated with each io cursor - libxfs: Fix UAF in a requeued EFI - xfs_io: Add new option, to exercise log2_data_unit_size in kernel fscrypt_policy_v2 - xfs_db: Add upport to read from external log device - metadump: New metadump format - xfs_quota: fix missing mount point warning ==== xml-commons-apis ==== - Clean the spec file and simplify it a bit ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - fix permissions of files in xorg-x11-server-source for tigervnc build later (needed since latest autoconf) - Provide again xorg-x11-server-source * xwayland sources are not meant for a generic server. * https://github.com/TigerVNC/tigervnc/issues/1728 - Stop providing xorg-x11-server-source from xorg-x11-server * Now the sources are provided by xwayland because it is more updated. * Fixes bsc#1219892. ==== xtermset ==== - Use %patch -P N instead of deprecated %patchN. ==== xwayland ==== - Don't provide xorg-x11-server-source * xwayland sources are not meant for a generic server. * https://github.com/TigerVNC/tigervnc/issues/1728 - Provide xorg-x11-server-source from xwayland * xwayland will be more updated than xorg-x11-server, so the server sources will be more updated too if are provided by xwayland. * Fixes bsc#1219892. ==== yast2 ==== Version update (5.0.5 -> 5.0.6) Subpackages: yast2-logs - Allow host/domain names starting with an underscore (bsc#1219920) - 5.0.6 ==== yast2-packager ==== Version update (5.0.2 -> 5.0.4) - SLE HPC is not a base product anymore, it is replaced by SLES + HPC module, added migration mapping (jsc#PED-7841) - 5.0.4 - Fixed ERB template loading in self update, if the template cannot be found using a relative path then fallback to the absolute path (bsc#1219174) - 5.0.3 ==== yast2-perl-bindings ==== Version update (5.0.0 -> 5.0.1) - Fix the locale after initializing embedded Perl interpreter (bsc#1216689) - 5.0.1 ==== yast2-storage-ng ==== Version update (5.0.4 -> 5.0.6) - jsc#PED-6407 - new env variable YAST_REUSE_LVM for reusing LVM in new installation. It can be used as linuxrc boot param. - 5.0.6 - Added new libstorage enum value UF_BCACHEFS to fix build failure (bsc#1219804) - 5.0.5 ==== yast2-trans ==== Version update (84.87.20240210.1383f689ba -> 84.87.20240219.f6e4117fe0) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20240219.f6e4117fe0: * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Czech) * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'hana-ha'. * New POT for text domain 'control'. ==== zchunk ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== zip ==== - Use %patch -P N instead of deprecated %patchN. ==== zlib ==== Subpackages: libminizip1 libz1 - Use %patch -P N instead of deprecated %patchN. ==== zvbi ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN.

1 0

New Arm Tumbleweed snapshot 20240212 released!
by Guillaume Gardet 14 Feb '24

14 Feb '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: attica-qt5 (5.114.0 -> 5.115.0) baloo5 (5.114.0 -> 5.115.0) bluez-qt (5.114.0 -> 5.115.0) breeze5-icons (5.114.0 -> 5.115.0) frameworkintegration (5.114.0 -> 5.115.0) kImageAnnotator-Qt5 kactivities-stats (5.114.0 -> 5.115.0) kactivities5 (5.114.0 -> 5.115.0) karchive (5.114.0 -> 5.115.0) kauth (5.114.0 -> 5.115.0) kbookmarks (5.114.0 -> 5.115.0) kcalendarcore (5.114.0 -> 5.115.0) kcmutils (5.114.0 -> 5.115.0) kcodecs (5.114.0 -> 5.115.0) kcompletion (5.114.0 -> 5.115.0) kconfig (5.114.0 -> 5.115.0) kconfigwidgets (5.114.0 -> 5.115.0) kcontacts (5.114.0 -> 5.115.0) kcoreaddons (5.114.0 -> 5.115.0) kcrash (5.114.0 -> 5.115.0) kdav (5.114.0 -> 5.115.0) kdbusaddons (5.114.0 -> 5.115.0) kdeclarative (5.114.0 -> 5.115.0) kded (5.114.0 -> 5.115.0) kdelibs4support (5.114.0 -> 5.115.0) kdesu (5.114.0 -> 5.115.0) kdnssd-framework (5.114.0 -> 5.115.0) kdoctools (5.114.0 -> 5.115.0) kfilemetadata5 (5.114.0 -> 5.115.0) kglobalaccel (5.114.0 -> 5.115.0) kguiaddons (5.114.0 -> 5.115.0) kholidays (5.114.0 -> 5.115.0) khtml (5.114.0 -> 5.115.0) ki18n (5.114.0 -> 5.115.0) kiconthemes (5.114.0 -> 5.115.0) kidletime (5.114.0 -> 5.115.0) kimageformats (5.114.0 -> 5.115.0) kinit (5.114.0 -> 5.115.0) kio (5.114.0 -> 5.115.0) kirigami2 (5.114.0 -> 5.115.0) kitemmodels (5.114.0 -> 5.115.0) kitemviews (5.114.0 -> 5.115.0) kjobwidgets (5.114.0 -> 5.115.0) kjs (5.114.0 -> 5.115.0) knewstuff (5.114.0 -> 5.115.0) knotifications (5.114.0 -> 5.115.0) knotifyconfig (5.114.0 -> 5.115.0) kpackage (5.114.0 -> 5.115.0) kparts (5.114.0 -> 5.115.0) kpeople5 (5.114.0 -> 5.115.0) kpty (5.114.0 -> 5.115.0) kquickcharts (5.114.0 -> 5.115.0) kross (5.114.0 -> 5.115.0) krunner (5.114.0 -> 5.115.0) kservice (5.114.0 -> 5.115.0) ktexteditor (5.114.0 -> 5.115.0) ktextwidgets (5.114.0 -> 5.115.0) kunitconversion (5.114.0 -> 5.115.0) kwallet (5.114.0 -> 5.115.0) kwayland (5.114.0 -> 5.115.0) kwidgetsaddons (5.114.0 -> 5.115.0) kwindowsystem (5.114.0 -> 5.115.0) kxmlgui (5.114.0 -> 5.115.0) libKF5ModemManagerQt (5.114.0 -> 5.115.0) libKF5NetworkManagerQt (5.114.0 -> 5.115.0) libxml2 libxml2-python plasma-framework (5.114.0 -> 5.115.0) prison-qt5 (5.114.0 -> 5.115.0) purpose (5.114.0 -> 5.115.0) qqc2-desktop-style (5.114.0 -> 5.115.0) solid (5.114.0 -> 5.115.0) sonnet (5.114.0 -> 5.115.0) syndication (5.114.0 -> 5.115.0) syntax-highlighting (5.114.0 -> 5.115.0) threadweaver (5.114.0 -> 5.115.0) xorg-x11-server yast2-trans (84.87.20240205.897f2593b3 -> 84.87.20240210.1383f689ba) === Details === ==== attica-qt5 ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5Attica5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== baloo5 ==== Version update (5.114.0 -> 5.115.0) Subpackages: baloo5-file baloo5-file-lang baloo5-imports baloo5-kioslaves baloo5-kioslaves-lang baloo5-tools baloo5-tools-lang libKF5Baloo5 libKF5BalooEngine5 libKF5BalooEngine5-lang - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== bluez-qt ==== Version update (5.114.0 -> 5.115.0) Subpackages: bluez-qt-imports bluez-qt-udev libKF5BluezQt6 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== breeze5-icons ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * Update Google icon (kde#462165) ==== frameworkintegration ==== Version update (5.114.0 -> 5.115.0) Subpackages: frameworkintegration-plugin libKF5Style5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kImageAnnotator-Qt5 ==== - Fix build on Leap. The Qt6 packaging macros set the minimum compiler version - Change %post/%postun to %ldconfig_scriptlets - Rename the library to libkImageAnnotator-Qt$ver-0 to fix rpmlint errors on Leap ==== kactivities-stats ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kactivities5 ==== Version update (5.114.0 -> 5.115.0) Subpackages: kactivities5-imports libKF5Activities5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== karchive ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kauth ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5Auth5 libKF5Auth5-lang libKF5AuthCore5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kbookmarks ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kcalendarcore ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * src/incidence.cpp - fix infinite looping ==== kcmutils ==== Version update (5.114.0 -> 5.115.0) Subpackages: kcmutils-imports libKF5KCMUtils5 libKF5KCMUtilsCore5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kcodecs ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kcompletion ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kconfig ==== Version update (5.114.0 -> 5.115.0) Subpackages: kconf_update5 libKF5ConfigCore5 libKF5ConfigGui5 libKF5ConfigQml5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kconfigwidgets ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kcontacts ==== Version update (5.114.0 -> 5.115.0) Subpackages: kcontacts-lang libKF5Contacts5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kcoreaddons ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5CoreAddons5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * Add isProcExists func to check if /proc exists * Determine UNIX process if "/proc" does not exist ==== kcrash ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kdav ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5DAV5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kdbusaddons ==== Version update (5.114.0 -> 5.115.0) Subpackages: kdbusaddons-tools libKF5DBusAddons5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kdeclarative ==== Version update (5.114.0 -> 5.115.0) Subpackages: kdeclarative-components libKF5CalendarEvents5 libKF5Declarative5 libKF5QuickAddons5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * Show GridDelegate labels as plaintext (kde#480106) ==== kded ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kdelibs4support ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5KDELibs4Support5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kdesu ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kdnssd-framework ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kdoctools ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5DocTools5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kfilemetadata5 ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * Fix compilation with latest TagLib git master * Fix build with taglib 2 ==== kglobalaccel ==== Version update (5.114.0 -> 5.115.0) Subpackages: kglobalaccel5 libKF5GlobalAccel5 libKF5GlobalAccelPrivate5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kguiaddons ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5GuiAddons5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kholidays ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * holiday_ie_en-gb - Add St Brigid's Day (kde#479832) ==== khtml ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== ki18n ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 - Add upstream change: * 0001-KCountrySubdivision-unbreak-support-of-iso-codes-4.1.patch ==== kiconthemes ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * CI: Don't require Windows test to pass ==== kidletime ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kimageformats ==== Version update (5.114.0 -> 5.115.0) Subpackages: kimageformats-eps - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kinit ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kio ==== Version update (5.114.0 -> 5.115.0) Subpackages: kio-core - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * KDirModel: Consider invalid roots are local fs (kde#477039) * slavebase: abort mimetype emission when the worker was terminated (kde#474909, boo#1217175) * KDirModel: Allow expanding network directories in file picker again (kde#479531) * KCoreDirLister: updateDirectory: update parent folder if it is listed (kde#440712) * copyjob: Fix implicitly skipping files when copying (kde#479082) ==== kirigami2 ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5Kirigami2-5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== kitemmodels ==== Version update (5.114.0 -> 5.115.0) Subpackages: kitemmodels-imports libKF5ItemModels5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kitemviews ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kjobwidgets ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kjs ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== knewstuff ==== Version update (5.114.0 -> 5.115.0) Subpackages: knewstuff-imports libKF5NewStuff5 libKF5NewStuffCore5 libKF5NewStuffWidgets5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== knotifications ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== knotifyconfig ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kpackage ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kparts ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kpeople5 ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kpty ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kquickcharts ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * CI: Don't require FreeBSD test to pass ==== kross ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== krunner ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kservice ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== ktexteditor ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * Add parent widget for diff dialogs ==== ktextwidgets ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kunitconversion ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kwallet ==== Version update (5.114.0 -> 5.115.0) Subpackages: kwallet-tools kwalletd5 libKF5Wallet5 libkwalletbackend5-5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * Emit the walletCreated signal in the KWalletD::pamOpen function if a new wallet is created during its call ==== kwayland ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kwidgetsaddons ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kwindowsystem ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== kxmlgui ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== libKF5ModemManagerQt ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== libKF5NetworkManagerQt ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader * Added libxml2-CVE-2024-25062.patch ==== libxml2-python ==== - Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader * Added libxml2-CVE-2024-25062.patch ==== plasma-framework ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5Plasma5 plasma-framework-components plasma-framework-desktoptheme - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== prison-qt5 ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5Prison5 prison-qt5-imports - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - Changes since 5.114.0: * Enable exceptions for videoscannerworker.cpp ==== purpose ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5Purpose5 libKF5PurposeWidgets5 - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== qqc2-desktop-style ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== solid ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5Solid5 solid-imports solid-tools - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== sonnet ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5SonnetCore5 libKF5SonnetUi5 sonnet-imports - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== syndication ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== syntax-highlighting ==== Version update (5.114.0 -> 5.115.0) Subpackages: libKF5SyntaxHighlighting5 syntax-highlighting-imports - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== threadweaver ==== Version update (5.114.0 -> 5.115.0) - Update to 5.115.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.115.0 - No code change since 5.114.0 ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Release 21.1.11 also covers fixes for security issue CVE-2022-46340 and bug numbers bsc#1205874, bsc#1217765 - Release 21.1.11 covers fixes for the following bug numbers, which are not mentioned in this changelog before: bsc#1218845, bsc#1218846, bsc#1216261, bsc#1216133, bsc#1216135 - Release 21.1.11 supersedes the following patches still used with xorg-x11-server 21.1.4 on sle15-sp5/Leap 15.5 and not mentioned in this changelog as superseded before: * U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch * U_bsc1216133-mi-reset-the-PointerWindows-reference-on-screen-swit.patch * U_bsc1216135-Xi-randr-fix-handling-of-PropModeAppend-Prepend.patch * U_bsc1216261-0001-mi-fix-CloseScreen-initialization-order.patch * U_bsc1216261-0002-fb-properly-wrap-unwrap-CloseScreen.patch * U_bsc1216261-0003-dix-always-initialize-pScreen-CloseScreen.patch * bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch * bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch * bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch * bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch * bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch * bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch * bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch * U_bsc1218845-glx-Call-XACE-hooks-on-the-GLX-buffer.patch * U_bsc1218846-ephyr-xwayland-Use-the-proper-private-key-for-cursor.patch - xserver sources of this release fixes segfault in Xvnc (bsc#1219311) ==== yast2-trans ==== Version update (84.87.20240205.897f2593b3 -> 84.87.20240210.1383f689ba) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20240210.1383f689ba: * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Czech) * New POT for text domain 'control'. * Translated using Weblate (Slovak) * Translated using Weblate (Indonesian) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Czech) * Translated using Weblate (Catalan)

1 0

New Arm Tumbleweed snapshot 20240211 released!
by Guillaume Gardet 12 Feb '24

12 Feb '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (23.3.4 -> 23.3.5) Mesa-drivers (23.3.4 -> 23.3.5) SDL2 (2.28.5 -> 2.30.0) apparmor (3.1.6 -> 3.1.7) c-ares (1.20.1 -> 1.26.0) catfish cpio (2.14 -> 2.15) distribution-logos-openSUSE (20230921 -> 20240207) dracut (059+suse.538.ge7a5cff9 -> 059+suse.549.gc9f63878) ethtool (6.6 -> 6.7) freeipmi (1.6.11 -> 1.6.14) fwupd (1.9.12 -> 1.9.13) gc (8.2.4 -> 8.2.6) gcc12 gcc13 (13.2.1+git8250 -> 13.2.1+git8285) gcc7 glibc grub2 gstreamer-plugins-bad gtk4 (4.12.4 -> 4.12.5) gwenview5 ibus imlib2 (1.12.1 -> 1.12.2) inxi (3.3.32 -> 3.3.33) jasper (4.1.2 -> 4.2.0) kdsoap kernel-source (6.7.2 -> 6.7.4) libXext (1.3.5 -> 1.3.6) libapparmor (3.1.6 -> 3.1.7) libei (1.2.0 -> 1.2.1) libgarcon (4.18.1 -> 4.18.2) libgit2 (1.7.1 -> 1.7.2) libgsf (1.14.51 -> 1.14.52) libidn2 (2.3.4 -> 2.3.7) libjxl (0.9.0 -> 0.9.2) libjxl-gtk (0.9.0 -> 0.9.2) libpciaccess (0.17 -> 0.18) libxcb libxfce4ui (4.18.4 -> 4.18.5) libxfce4util (4.18.1 -> 4.18.2) libxkbfile (1.1.2 -> 1.1.3) libzypp (17.31.28 -> 17.31.31) lzip (1.23 -> 1.24) man menulibre microos-tools (2.21+git9 -> 2.21+git11) mousepad (0.6.1 -> 0.6.2) netpbm numactl (2.0.17.4.g63befa8 -> 2.0.18.0.g3871b1c) nvidia-open-driver-G06-signed (545.29.06_k6.7.2_1 -> 545.29.06_k6.7.4_1) openssl-1_1 openssl-3 pam pam-full-src permissions (1699_20230602 -> 1699_20240206) pipewire (1.0.2 -> 1.0.3) polkit-default-privs (1550+20231213.09963a4 -> 1550+20240207.d833f4b) postgresql postgresql16 (16.1 -> 16.2) pulseaudio (16.1 -> 17.0) python-MarkupSafe (2.1.4 -> 2.1.5) python-h11 python-msgpack (1.0.5 -> 1.0.7) python-mysqlclient (2.2.1 -> 2.2.4) python-pip python-rpm (4.19.1 -> 4.19.1.1) python-typing_extensions python311 (3.11.7 -> 3.11.8) python311-core (3.11.7 -> 3.11.8) qemu (8.1.3 -> 8.2.0) rebootmgr (2.1 -> 2.2) ristretto (0.13.1 -> 0.13.2) rp-pppoe rpm (4.19.1 -> 4.19.1.1) selinux-policy (20240116 -> 20240205) sendmail (8.17.2 -> 8.18.1) shim spectacle systemd transmission virt-manager webkit2gtk3 (2.42.4 -> 2.42.5) webkit2gtk3-soup2 (2.42.4 -> 2.42.5) wireplumber xfce4-screenshooter (1.10.4 -> 1.10.5) xkbcomp (1.4.6 -> 1.4.7) xprop (1.2.6 -> 1.2.7) yast2-installation (5.0.5 -> 5.0.6) yast2-network (5.0.1 -> 5.0.2) yast2-trans (84.87.20240126.9c7185e3f6 -> 84.87.20240205.897f2593b3) === Details === ==== Mesa ==== Version update (23.3.4 -> 23.3.5) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1 - Update to bugfix release 23.3.5 - -> https://docs.mesa3d.org/relnotes/23.3.5.html - re-enabled rusticl on sle15-sp6 after linkpac'ing rust-bindgen in X11:XOrg project ==== Mesa-drivers ==== Version update (23.3.4 -> 23.3.5) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.3.5 - -> https://docs.mesa3d.org/relnotes/23.3.5.html - re-enabled rusticl on sle15-sp6 after linkpac'ing rust-bindgen in X11:XOrg project ==== SDL2 ==== Version update (2.28.5 -> 2.30.0) - Update to release 2.30 * Added support for 2 bits-per-pixel indexed surface formats. * Added the function SDL_GameControllerGetSteamHandle() to get the Steam API handle for a controller, if available. * Added the event SDL_CONTROLLERSTEAMHANDLEUPDATED which is sent when the Steam API handle for a controller changes. This could also change the name, VID, and PID of the controller. * Added the environment variable SDL_LOGGING to control default log output. ==== apparmor ==== Version update (3.1.6 -> 3.1.7) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch ==== c-ares ==== Version update (1.20.1 -> 1.26.0) - Ensure multibuild flavors result in different src names. - c-ares 1.26.0: * Event Thread support. Integrators are no longer required to monitor the file descriptors registered by c-ares for events and call ares_process() when enabling the event thread feature via ARES_OPT_EVENT_THREAD passed to ares_init_options(). * Added flags to are_dns_parse() to force RAW packet parsing * Mark ares_fds() as deprecated * Bug fixes - move tests into a build flavor to avoid gtest/gmock build loop - Update to version 1.25 Changes: o Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory safety reasons. o The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and IPv6 addresses by default. Bug Fixes: o Tests: Live reverse lookups for Google's public DNS servers no longer return results, replace with CloudFlare pubic DNS servers. o Connection failures should increment the server failure count first or a retry might be enqueued to the same server o On systems that don't implement the ability to enumerate network interfaces the stubs used the wrong prototype. o Fix minor warnings and documentation typos o Fix support for older GoogleTest versions o getrandom() may require sys/random.h on some systems. o Fix building tests with symbol hiding enabled. - 0001-Use-RPM-compiler-options.patch: dropped, obsolete - Update to version 1.24 Features: * Add support for IPv6 link-local DNS servers. Nameserver formats can now accept the 0face suffix, and a new ares_get_servers_csv() function was added to return servers that can contain the link-local interface name. Changes: * Unbundle GoogleTest for test cases. Package maintainers will now need torequire GoogleTest (GMock) as a build dependency if building tests. New GoogleTest versions require C++14 or later. * Replace nameserver parsing code to use new memory-safe functions. * Replace the sortlist parser with new memory-safe functions. * Various warning fixes and dead code removal. Bugfixes: * Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to compile with thread safety support * A non-responsive DNS server that caused timeouts wouldn't increment thefailure count, this would lead to other servers not being tried. Regression introduced in 1.22.0 * Some projects that depend on c-ares expect invalid parameter option valuespassed into ares_init_options() to simply be ignored. This behavior has been restored * getrandom() can fail if the kernel doesn't support the syscall, fall back to another random source * ares_cancel() when performing ares_gethostbyname() or ares_getaddrinfo()with AF_UNSPEC, if called after one address class was returned but before the other address class, it would return ARES_SUCCESS rather than ARES_ECANCELLED - disable-live-tests.patch: dropped, not needed - Update to version 1.23 Features: Introduce optional (but on by default) thread-safety for the c-ares library. This has no API nor ABI implications. resolv.conf in modern systems uses attempts and timeouts options instead of the old retrans and retry options. Query caching support based on TTL of responses. Can be enabled via ares_init_options() with ARES_OPT_QUERY_CACHE. Bugfixes: ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept theport in host byte order, but it was reading it as network byte order. Regression introduced in 1.20.0. ares_init_options() for ARES_FLAG_NOSEARCH was not being honored forares_getaddrinfo() or ares_gethostbyname(). Regression introduced in 1.16.0. Autotools MacOS and iOS version check was failing Environment variables passed to c-ares are meant to be an override for system configuration. Regression introduced in 1.22.0. Spelling fixes as detected by codespell. The timeout returned by ares_timeout() was truncated to milliseconds butvalidated to microseconds which could cause a user to attempt to process timeouts prior to the timeout actually expiring. CMake was not honoring CXXFLAGS passed in via the environment which couldcause compile and link errors with distribution hardening flags during packaging. Fix Windows UWP and Cygwin compilation. ares_set_servers_*() for legacy reasons needs to accept an empty server listand zero out all servers. This results in an inoperable channel and thus is only used in simulation testing, but we don't want to break users. Regression introduced in 1.21.0. Changes in version 1.22.1 Bugfixes: Fix /etc/hosts processing performance with all entries using same IPaddress. Large hosts files using the same IP address for all entries could use exponential time. Fix typos in manpages Fix OpenWatcom building Changes in version 1.22.0 Features: ares_reinit() is now implemented to re-read any system configuration and immediately apply to an existing ares channel The adig command line program has been rewritten and its format now more closely matches that of BIND's dig utility The new DNS message parser and writer functions have now been made public RFC9460 HTTPS and SVCB records are now supported RFC6698 TLSA records are now supported The server list is now internally dynamic and can be changed without impacting existing queries Hosts file processing is now cached until the file is detected to be changed to speed up repetitive lookups of large hosts files Changes: Internally all DNS messages are now written using the new DNS writing functions EDNS is now enabled by default Internal cleanups in function prototypes Bugfixes: Randomize retry penalties to prevent thundering herd issues when dns servers throttle requests Fix Windows build error for missing if_indextoname() - update to 1.21.0: * Replace multiple DNS hand-made parsers with new memory-safe DNS message parser * developer visible changes and bug fixes ==== catfish ==== Subpackages: catfish-lang - As long as a new Python version does not ship a broken python3-distutils, like python311 did in its early days, there is no need to deal with or skip a specific python version at all. Disable all %%{python_module ...} and skip_python... stuff again. - Don't use %%{python_module ...} as we only build for the default Python interpreter. python312 still needs to be skipped due to python3-distutils! - Skip python312 for now until all required Python modules have been built. - Use %%{python_module ...} to specify required Python modules to build this package. ==== cpio ==== Version update (2.14 -> 2.15) Subpackages: cpio-mt - Update to 2.15: * Fix the operation of --no-absolute-filenames --make-directories. * Restore access and modification times of symlinks in copy-in and copy-pass modes. - Remove fix-operation-no-absolute-filenames.patch ==== distribution-logos-openSUSE ==== Version update (20230921 -> 20240207) Subpackages: distribution-logos-openSUSE-Tumbleweed distribution-logos-openSUSE-icons - switch to a service using zstd - list the source url - Update Leap 15.6 branding poo#131666 ==== dracut ==== Version update (059+suse.538.ge7a5cff9 -> 059+suse.549.gc9f63878) - Update to version 059+suse.549.gc9f63878: * fix(overlayfs): split overlayfs mount in two steps (bsc#1219778) * fix(dracut-init.sh): handle decompress with `--sysroot` * fix(i18n): handle keymap includes with `--sysroot` * fix(dracut-systemd): replace `rd.udev.log-priority` with `rd.udev.log_level` * fix(i18n): handle symlinked keymap ==== ethtool ==== Version update (6.6 -> 6.7) Subpackages: ethtool-bash-completion - update to upstream release 6.7 * Feature: support for setting TCP data split * Fix: fix new gcc14 warning * Fix: fix SFF-8472 transceiver module identification (-m) ==== freeipmi ==== Version update (1.6.11 -> 1.6.14) Subpackages: libfreeipmi17 libipmiconsole2 libipmidetect0 - freeipmi 1.6.14 * Fix build issue common to non-x86 systems. - freeipmi 1.6.13 * Fix build issues on systems where inb/outb are declared with inline assembly. * Add additional sensor/event interpretations. - freeipmi 1.6.12 * Use poll() over select() to avoid fd limit in openipmi driver. * Fix potential portability problems on systems without cbrt(). * Minor documentation updates. ==== fwupd ==== Version update (1.9.12 -> 1.9.13) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.13: + This release adds the following features: - Add a timer inhibit if the daemon took a long time to startup. - Add a concept of 'Test Mode' rather than enabling specific plugins. - Do not idle-quit the daemon if there is a connected D-Bus client. + This release fixes the following bugs: - Allow plugins to opt-out of the child-device first depsolve. - Allow setting multiple flags in LVFS::DeviceFlags. - Do not migrate config comments for removed keys. - Do not request the Advantech BMC to reboot. - Do not warn the user about ESP when using MBR. - Fix a critical warning when adding a PixArt wireless device. - Fix migration of legacy config files. - Only save config values to the mutable config file. - Parse DS-20 descriptors earlier in device setup. - Store the version format in the history database to fix offline reports. - Use the correct GUID for matching realtek-mst and parade-lspcon. + This release adds support for the following hardware: - GoodWay Acer Dock. ==== gc ==== Version update (8.2.4 -> 8.2.6) - Update to release 8.2.6 * Compiler warning fixes on various non-Linux platforms * Fix null dereference in check_finalizer_nested if redirecting malloc on Linux * Fix race in init_lib_bounds on Linux/glibc-2.34+ if redirecting malloc ==== gcc12 ==== - Use %{_target_cpu} to determine host and build. ==== gcc13 ==== Version update (13.2.1+git8250 -> 13.2.1+git8285) Subpackages: cpp13 libasan8 libatomic1 libgcc_s1 libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-locale libstdc++6-pp libtsan2 libubsan1 - Add gcc13-sanitizer-remove-crypt-interception.patch to remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Update to gcc-13 branch head, 67ac78caf31f7cb3202177e642, git8285 - Add gcc13-pr88345-min-func-alignment.diff to add support for - fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. ==== gcc7 ==== - Use %{_target_cpu} to determine host and build. - Add gcc7-pr87723.patch to avoid ICE when hitting a broken pattern in the s390 backend. - Add gcc7-bsc1216488.patch to avoid creating recursive DIE references through DW_AT_abstract_origin when using LTO. [bsc#1216488] ==== glibc ==== Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - Add libnsl1 to baselibs.conf (bsc#1219640) - arm-dl-start-user.patch: arm: Remove wrong ldr from _dl_start_user (BZ [#31339]) ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix build error on gcc-14 (bsc#1218949) * 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Require libvpl only on supported architectures (x86_64 and aarch64) - drop support for libmfx, which is no longer supported upstream at all (boo#1219494) - added support for oneVPL ==== gtk4 ==== Version update (4.12.4 -> 4.12.5) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.12.5: + GtkColumnView: Fix a crash on dispose. + GtkEmojiChooser: - Update to CLDR v44. - Add more translations. + GtkFileDialog: - Return an error if no file is selected. - Make closing the portal file chooser work. + GtkDropDown: Fix display of the initial checkmark. + GtkShortcutsWindow: Reduce the minimum width. + GDK: Make the png loader safer against overflow. + Wayland: Fix cursor handling with graphics tablets. ==== gwenview5 ==== - Add patch to support newer kImageAnnotator: * 0001-Support-building-against-kImageAnnotator-Qt5-as-well.patch ==== ibus ==== Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Fix dead keys with non-English keyboard in some applications (MAME, Wine) (boo#1218135) ibus-complete-preedit-signals-for-postprocesskeyevent.patch ibus-enginesimple-dont-commit-any-characters.patch ==== imlib2 ==== Version update (1.12.1 -> 1.12.2) Subpackages: imlib2-loaders libImlib2-1 - update to 1.12.2: * Fixes for Y4M, ANI, PNG and JPG loaders ==== inxi ==== Version update (3.3.32 -> 3.3.33) - Updated to version 3.3.33: + /usr/share/doc/packages/inxi/inxi.changelog. ==== jasper ==== Version update (4.1.2 -> 4.2.0) - Update to 4.2.0: * Add the JAS_PACKAGING option to the CMake build in an attempt to allow easier control over rpath settings by packagers of JasPer. * Remove a number of obsolete scripts. * Make some cosmetic changes to the code for the JPC codec in order to improve readability (#371). * Fix a portability bug related to threads/atomics. * Replace some lingering uses of strtok in the JPC coder with jas_strtok, since the use of strtok is problematic in multithreading contexts. ==== kdsoap ==== - Fix package docs - Fix build to handle changes in (open)SUSE specific cmake macros, no user visible changes ==== kernel-source ==== Version update (6.7.2 -> 6.7.4) - Linux 6.7.4 (bsc#1012628). - asm-generic: make sparse happy with odd-sized put_unaligned_*() (bsc#1012628). - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (bsc#1012628). - arm64: irq: set the correct node for VMAP stack (bsc#1012628). - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs (bsc#1012628). - powerpc: Fix build error due to is_valid_bugaddr() (bsc#1012628). - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (bsc#1012628). - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() (bsc#1012628). - x86/boot: Ignore NMIs during very early boot (bsc#1012628). - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (bsc#1012628). - powerpc/lib: Validate size for vector operations (bsc#1012628). - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (bsc#1012628). - sched/numa: Fix mm numa_scan_seq based unconditional scan (bsc#1012628). - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (bsc#1012628). - debugobjects: Stop accessing objects after releasing hash bucket lock (bsc#1012628). - sched/fair: Fix tg->load when offlining a CPU (bsc#1012628). - regulator: core: Only increment use_count when enable_count changes (bsc#1012628). - audit: Send netlink ACK before setting connection in auditd_set (bsc#1012628). - ACPI: tables: Correct and clean up the logic of acpi_parse_entries_array() (bsc#1012628). - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (bsc#1012628). - PNP: ACPI: fix fortify warning (bsc#1012628). - ACPI: extlog: fix NULL pointer dereference check (bsc#1012628). - selftests/nolibc: fix testcase status alignment (bsc#1012628). - ACPI: NUMA: Fix the logic of getting the fake_pxm value (bsc#1012628). - kunit: tool: fix parsing of test attributes (bsc#1012628). - kunit: Reset test->priv after each param iteration (bsc#1012628). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (bsc#1012628). - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events (bsc#1012628). - OPP: The level field is always of unsigned int type (bsc#1012628). - thermal: core: Fix thermal zone suspend-resume synchronization (bsc#1012628). - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (bsc#1012628). - UBSAN: array-index-out-of-bounds in dtSplitRoot (bsc#1012628). - jfs: fix slab-out-of-bounds Read in dtSearch (bsc#1012628). - jfs: fix array-index-out-of-bounds in dbAdjTree (bsc#1012628). - jfs: fix uaf in jfs_evict_inode (bsc#1012628). - hwrng: starfive - Fix dev_err_probe return error (bsc#1012628). - crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings (bsc#1012628). - pstore/ram: Fix crash when setting number of cpus to an odd number (bsc#1012628). - erofs: fix up compacted indexes for block size < 4096 (bsc#1012628). - crypto: starfive - Fix dev_err_probe return error (bsc#1012628). - crypto: octeontx2 - Fix cptvf driver cleanup (bsc#1012628). - erofs: fix ztailpacking for subpage compressed blocks (bsc#1012628). - crypto: stm32/crc32 - fix parsing list of devices (bsc#1012628). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (bsc#1012628). - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (bsc#1012628). - jfs: fix array-index-out-of-bounds in diNewExt (bsc#1012628). - s390/boot: always align vmalloc area on segment boundary (bsc#1012628). - arch: consolidate arch_irq_work_raise prototypes (bsc#1012628). - arch: fix asm-offsets.c building with -Wmissing-prototypes (bsc#1012628). - s390/vfio-ap: fix sysfs status attribute for AP queue devices (bsc#1012628). - s390/ptrace: handle setting of fpc register correctly (bsc#1012628). - KVM: s390: fix setting of fpc register (bsc#1012628). - sysctl: Fix out of bounds access for empty sysctl registers (bsc#1012628). - SUNRPC: Fix a suspicious RCU usage warning (bsc#1012628). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1012628). - smb: client: fix renaming of reparse points (bsc#1012628). - smb: client: fix hardlinking of reparse points (bsc#1012628). - cifs: fix in logging in cifs_chan_update_iface (bsc#1012628). - ecryptfs: Reject casefold directory inodes (bsc#1012628). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1012628). - ext4: unify the type of flexbg_size to unsigned int (bsc#1012628). - ext4: remove unnecessary check from alloc_flex_gd() (bsc#1012628). ... changelog too long, skipping 1153 lines ... - commit f71b395 ==== libXext ==== Version update (1.3.5 -> 1.3.6) - Update to version 1.3.6 * Wrap Xext*CheckExtension() in do { ... } while(0) * configure: raise minimum autoconf requirement to 2.70 * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * _xgeGetExtensionVersion should not free info on failure * Check for malloc failure in _xgeGetExtensionVersion * _xgeDpyClose: handle NULL return from _xgeFindDisplay * XEVI: fix -Walloc-size ==== libapparmor ==== Version update (3.1.6 -> 3.1.7) - Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch ==== libei ==== Version update (1.2.0 -> 1.2.1) - Update to release 1.2.1 * Previously, using OEFFIS_DEVICE_ALL_DEVICES in oeffis_create_session() would erroneously result in the portal selecting no devices instead of all. ==== libgarcon ==== Version update (4.18.1 -> 4.18.2) Subpackages: libgarcon-1-0 libgarcon-data libgarcon-lang - Update to version 4.18.2 * Update copyright year * garcon-gtk: Remove weak ref on GarconMenu on finalize() * Use target desktop files instead of symlinks (Fixes #1) * garcon-gtk: Avoid populating a wrong menu * garcon-gtk: Prevent use-after-free when loading garcon menu * Add icon at 64px, clean up SVG metadata * Translation Updates ==== libgit2 ==== Version update (1.7.1 -> 1.7.2) - update to 1.7.2: * CVE-2024-24574: infinite loop condition given specially crafted inputs (boo#1219664) * CVE-2024-24577: arbitrary code execution due to heap corruption in git_index_add (boo#1219660) * Fix a bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities. ==== libgsf ==== Version update (1.14.51 -> 1.14.52) Subpackages: gsf-office-thumbnailer libgsf-1-114 - Update to version 1.14.52: + xml: Fix build with libxml2 2.12. ==== libidn2 ==== Version update (2.3.4 -> 2.3.7) - update to 2.3.7: * Un-deprecate idn2_to_ascii_4i and make it NUL terminate output * Export punycode APIs * Developer visible code maintenance ==== libjxl ==== Version update (0.9.0 -> 0.9.2) - Update to release 0.9.2 * Fixed some unspecified bugs in the gdk-pixbuf plugin ==== libjxl-gtk ==== Version update (0.9.0 -> 0.9.2) Subpackages: gdk-pixbuf-loader-jxl gimp-plugin-jxl - Update to release 0.9.2 * Fixed some unspecified bugs in the gdk-pixbuf plugin ==== libpciaccess ==== Version update (0.17 -> 0.18) - Update to version 0.18 * Remove "All rights reserved" from Oracle copyright notices * Try fopen(".../pci.ids", "re") on Solarish systems as well * Remove autotools build * gitlab-ci: use `meson setup` * gitlab-ci: don't bother to configure meson for the version check * gitlab-ci: remove unnecessary call to `meson configure` * FreeBSD: Fallback to /usr/share/misc/pci_vendors * FreeBSD: Remove sparc64 code * Fix compilation warnings when building against hurd-amd64. ==== libxcb ==== Subpackages: libxcb-composite0 libxcb-damage0 libxcb-dpms0 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-randr0 libxcb-record0 libxcb-render0 libxcb-res0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xv0 libxcb1 - devel package: added missing Requires to libxcb-dbe0 (boo#1219572) ==== libxfce4ui ==== Version update (4.18.4 -> 4.18.5) Subpackages: libxfce4kbd-private-3-0 libxfce4ui-2-0 libxfce4ui-lang libxfce4ui-tools typelib-1_0-Libxfce4ui-2_0 - Update to version 4.18.5 * Update copyright year * build: Search for bind_textdomain_codeset in libintl too * sm-client: Reset SmcConnection when IceConnection is closed on error * docs: Improve xfce_sm_client_get() * shortcuts-grabber: Fix filtering by level * shortcuts-grabber: Simplify filtering by group * shortcuts-grabber: Variable renaming * shortcuts-grabber: Filter grabbing by key level * Detect keyboard shortcuts with only single modifier keys on key release * Translation Updates ==== libxfce4util ==== Version update (4.18.1 -> 4.18.2) Subpackages: libxfce4util-lang libxfce4util7 typelib-1_0-Libxfce4util-1_0 - Update to version 4.18.2 * Update copyright year * Search for bind_textdomain_codeset in libintl too * xfce-rc: Add support for the LANGUAGE environment variable * Add missing config.h includes * Improve checksum calculation (#17) * xfce-rc: Document the fact that delimiter escaping is not supported * xfce-rc: Properly write translated entries when available * Update bug report address ==== libxkbfile ==== Version update (1.1.2 -> 1.1.3) - update to 1.1.3 * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * Set close-on-exec when opening files * _XkbMakeAtom: remove check for impossible case * _XkbInitAtoms: check for malloc() failure * XkbChangeAtomDisplay: stop leaking atom name * XkbCFReportError: avoid -Wformat-nonliteral warning * XkbWriteCFile: stop leaking header file ifdef name * DefaultParser: avoid -Wimplicit-fallthrough warnings * xkbtext.c: Add tbGetBufferString helper function * XkbIndentText: Fix -Wsign-compare warning * Fix -Wsign-compare warnings in xkbtext.c & xkmread.c * Add a meson build system - switched to meson build system ==== libzypp ==== Version update (17.31.28 -> 17.31.31) - tui: allow to access the underlying ostream of out::Info. - Add MLSep: Helper to produce not-NL-terminated multi line output. - version 17.31.31 (22) - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514) - Fix problems with EINTR in ExternalDataSource::getline (fixes bsc#1215698) - version 17.31.30 (22) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) - Make Wakeup class EINTR safe. - Add a way to cancel media operations on shutdown (openSUSE/zypper#522) This patch adds a mechanism to signal libzypp that a shutdown was requested, usually when CTRL+C was pressed by the user. Currently only the media backend will utilize this, but can be extended to all code paths that use g_poll() to wait for events. - Manually poll fds for curl in MediaCurl. Using curl_easy_perform does not give us the required control on when we want to cancel a download. Switching to the MultiCurl implementation with a external poll() event loop will give us much more freedom and helps us to improve our Ctrl+C handling. - Move reusable curl poll code to curlhelper.h. - version 17.31.29 (22) ==== lzip ==== Version update (1.23 -> 1.24) - Update to release 1.24 * Added the command-line switches --empty-error and - -marking-error * The option -o/--output now preserves dates, permissions, and ownership of the file when (de)compressing exactly one file. * The option -o/--output now creates missing intermediate directories when writing to a file. ==== man ==== - Make lua scriplets more failsafe (boo#1219370) ==== menulibre ==== - As long as a new Python version does not ship a broken python3-distutils, like python311 did in its early days, there is no need to deal with or skip a specific python version at all. Disable all %%{python_module ...} and skip_python... stuff again. - Don't use %%{python_module ...} as we only build for the default Python interpreter. python312 still needs to be skipped due to python3-distutils! - Skip python312 for now until all required Python modules have been built. - Use %%{python_module ...} to specify required Python modules to build this package. ==== microos-tools ==== Version update (2.21+git9 -> 2.21+git11) - Update to version 2.21+git11: * Install man-online alias only for bash ==== mousepad ==== Version update (0.6.1 -> 0.6.2) Subpackages: libmousepad0 - Update to version 0.6.2 * Update copyright year * history: Default to yes when user is asked to restore previous session * build: Search for bind_textdomain_codeset in libintl too * tests: Increase timeout a bit * tests: Check for pwait/pidwait * dialogs: Do not reuse text buffer to test encoding in save-as dialog * history: Remove dead code * history: Rework paste menu * Move paste history to mousepad-history.c * window: Fix GVariant management * Do not scroll text view when zooming in or out * file-monitoring: Delay emission of "externaly-modified" signal * Fix a typo in a comment, additionnal â additional. * Add icons at missing sizes, clean up SVG metadata * search: Properly reset current match * Translation Updates ==== netpbm ==== Subpackages: libnetpbm11 - added patches fix CVE-2017-5849 [bsc#1022790], CVE-2017-5849 [bsc#1022791] + netpbm-use-byrow-when-needed.patch ==== numactl ==== Version update (2.0.17.4.g63befa8 -> 2.0.18.0.g3871b1c) Subpackages: libnuma1 - Update to version 2.0.18.0.g3871b1c: * Increase version number to 2.0.18 * man pages: fix table include preprocessor - Update to version 2.0.17.8.g67984e5: * numastat: Print package version number instead of own. * numastat: Remove commented out perl code * Check for MPOL_PREFERRED_MANY lazily * libnuma: add numa_set_mempolicy_home_node API ==== nvidia-open-driver-G06-signed ==== Version update (545.29.06_k6.7.2_1 -> 545.29.06_k6.7.4_1) - provide nvidia-open-driver-G06-kmp = %version (jsc#PED-7117) * this makes it easy to replace the package from nVidia's CUDA repository with this presigned package ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Rename engines directories to the same name like in SLE: /etc/ssl/engines1_1.d -> /etc/ssl/engines1.1.d /etc/ssl/engdef1_1.d -> /etc/ssl/engdef1.1.d * Add migration script to move files (bsc#1219562) /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch ==== openssl-3 ==== Subpackages: libopenssl3 - Add migration script to move old files (bsc#1219562) /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d.rpmsave /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d.rpmsave They will be later restored by openssl-1_1 package to engines1.1.d and engdef1.1.d - Security fix: [bsc#1219243, CVE-2024-0727] * Add NULL checks where ContentInfo data can be NULL * Add openssl-CVE-2024-0727.patch ==== pam ==== - pam.tmpfiles: Make sure the content of the /run directories get removed in case of a soft-reboot ==== pam-full-src ==== - pam.tmpfiles: Make sure the content of the /run directories get removed in case of a soft-reboot ==== permissions ==== Version update (1699_20230602 -> 1699_20240206) Subpackages: chkstat permissions-config - Drop superfluous mkdir /usr/share/permissions/permissions.d This is now created by the Makefile. See also commit 5900bc1ffe6275298ded3c96dee03a5c98e4db1c - Update to version 20240206: * Whitelisting libgtop_server2 (bsc#1218921) * Removing bogus whitespaces * chkstat: harmonize and transform to a more compact coding and doc style * gitignore: also ignore hidden ctags * build: Create /usr/share/permissions/permissions.d for packagers * profiles: drop /usr/sbin/lockdev which is no longer packaged in Factory * profiles: drop /etc/ftpusers which is no longer shipped in netcfg ==== pipewire ==== Version update (1.0.2 -> 1.0.3) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.0.3: * Highlights - Fix ALSA version check. This should allow the alsa plugin to work again. - Some small fixes and improvements. * PipeWire - Escape @DEFAULT_SINK@ in the conf files. * Modules - Improve logging in module-pipe-tunnel. * SPA - Always recheck rate matching in ALSA when moving drivers. This fixes a potential issue where the adaptive resampler would not be activated in some cases. * ALSA - Fix ALSA version check. This should allow the alsa plugin to work again. ==== polkit-default-privs ==== Version update (1550+20231213.09963a4 -> 1550+20240207.d833f4b) - Update to version 1550+20240207.d833f4b: * profiles: remove no longer used device-rebind action ==== postgresql ==== Subpackages: postgresql-contrib postgresql-server - bsc#1219340: Require fillup. ==== postgresql16 ==== Version update (16.1 -> 16.2) Subpackages: libpq5 postgresql16-contrib postgresql16-server - Upgrade to 16.2: * bsc#1219679, CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY. One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. Fix things so that all user-determined code is run as the view's owner, as expected * If you use GIN indexes, you may need to reindex after updating to this release. * LLVM 18 is now supported. * https://www.postgresql.org/docs/release/16.2/ ==== pulseaudio ==== Version update (16.1 -> 17.0) Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils system-user-pulse - Update to version 17.0: * Updates to ALSA UCM-based setups * Battery level indication to Bluetooth devices * Support for the Bluetooth FastStream codec * webrtc-audio-processing dependency updated * Trigger role groups added to module-role-cork * XDG base directory spec for profile-set loading * PA_RATE_MAX increased * webrtc-audio-processing dependency updated For details, see: https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/17.0/ - Drop obsoleted patches: echo-cancel-add-webrtc-AEC3-support.patch build-sys-Bump-cpp_std-to-c-17.patch build-sys-Bump-webrtc-audio-processing-dependency.patch ==== python-MarkupSafe ==== Version update (2.1.4 -> 2.1.5) - update to 2.1.5: * Fix striptags not collapsing spaces. :issue:`417` ==== python-h11 ==== - spec cleanup ==== python-msgpack ==== Version update (1.0.5 -> 1.0.7) - update to 1.0.7: * remove inline macro for msvc * do not fallback on build error * fix: build status badge * Drop python2 support * Drop Python 3.6 support * try Cython 3.0 * sphinx-related work ==== python-mysqlclient ==== Version update (2.2.1 -> 2.2.4) - update to 2.2.4: * Support ssl=True in connect(). ==== python-pip ==== - Fix shebang path for "pip3.XX" binaries ==== python-rpm ==== Version update (4.19.1 -> 4.19.1.1) - update to rpm-4.19.1.1 ==== python-typing_extensions ==== - Add backport-recent-implementation-of-protocol.patch upstream patch gh#python/typing_extensions@004b893ddce2 ==== python311 ==== Version update (3.11.7 -> 3.11.8) Subpackages: python311-curses python311-dbm - Update to 3.11.8: - Security - gh-113659: Skip .pth files with names starting with a dot or hidden file attribute. - Core and Builtins - gh-114887: Changed socket type validation in create_datagram_endpoint() to accept all non-stream sockets. This fixes a regression in compatibility with raw sockets. - gh-114388: Fix a RuntimeWarning emitted when assign an integer-like value that is not an instance of int to an attribute that corresponds to a C struct member of type T_UINT and T_ULONG. Fix a double RuntimeWarning emitted when assign a negative integer value to an attribute that corresponds to a C struct member of type T_UINT. - gh-89811: Check for a valid tp_version_tag before performing bytecode specializations that rely on this value being usable. - gh-113602: Fix an error that was causing the parser to try to overwrite existing errors and crashing in the process. Patch by Pablo Galindo - gh-113566: Fix a 3.11-specific crash when the repr of a Future is requested after the module has already been garbage-collected. - gh-106905: Use per AST-parser state rather than global state to track recursion depth within the AST parser to prevent potential race condition due to simultaneous parsing. - The issue primarily showed up in 3.11 by multithreaded users of ast.parse(). In 3.12 a change to when garbage collection can be triggered prevented the race condition from occurring. - gh-112716: Fix SystemError in the import statement and in __reduce__() methods of builtin types when __builtins__ is not a dict. - gh-105967: Workaround a bug in Appleâs macOS platform zlib library where zlib.crc32() and binascii.crc32() could produce incorrect results on multi-gigabyte inputs. Including when using zipfile on zips containing large data. - gh-94606: Fix UnicodeEncodeError when email.message.get_payload() reads a message with a Unicode surrogate character and the message content is not well-formed for surrogateescape encoding. Patch by Sidney Markowitz. - Library - gh-114965: Update bundled pip to 24.0 - gh-114959: tarfile no longer ignores errors when trying to extract a directory on top of a file. - gh-109475: Fix support of explicit option value âââ in argparse (e.g. --option=--). - gh-110190: Fix ctypes structs with array on Windows ARM64 platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo - gh-113280: Fix a leak of open socket in rare cases when error occurred in ssl.SSLSocket creation. - gh-77749: email.policy.EmailPolicy.fold() now always encodes non-ASCII characters in headers if utf8 is false. - gh-114492: Make the result of termios.tcgetattr() reproducible on Alpine Linux. Previously it could leave a random garbage in some fields. - gh-75128: Ignore an OSError in asyncio.BaseEventLoop.create_server() when IPv6 is available but the interface cannot actually support it. - gh-114257: Dismiss the FileNotFound error in ctypes.util.find_library() and just return None on Linux. - gh-101438: Avoid reference cycle in ElementTree.iterparse. The iterator returned by ElementTree.iterparse may hold on to a file descriptor. The reference cycle prevented prompt clean-up of the file descriptor if the returned iterator was not exhausted. - gh-104522: OSError raised when run a subprocess now only has filename attribute set to cwd if the error was caused by a failed attempt to change the current directory. - gh-109534: Fix a reference leak in asyncio.selector_events.BaseSelectorEventLoop when SSL handshakes fail. Patch contributed by Jamie Phan. - gh-114077: Fix possible OverflowError in socket.socket.sendfile() when pass count larger than 2 GiB on 32-bit platform. - gh-114014: Fixed a bug in fractions.Fraction where an invalid string using d in the decimals part creates a different error compared to other invalid letters/characters. Patch by Jeremiah Gabriel Pascual. - gh-113951: Fix the behavior of tag_unbind() methods of tkinter.Text and tkinter.Canvas classes with three arguments. Previously, widget.tag_unbind(tag, sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-113877: Fix tkinter method winfo_pathname() on 64-bit Windows. - gh-113781: Silence unraisable AttributeError when warnings are emitted during Python finalization. - gh-113594: Fix UnicodeEncodeError in email when re-fold lines that contain unknown-8bit encoded part followed by non-unknown-8bit encoded part. - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), there is callback that logs an error if the task wrapping the âconnected callbackâ fails. This callback would itself fail if the task was cancelled. Prevent this by checking whether the task was cancelled first. If so, close the transport but donât log an error. - gh-85567: Fix resource warnings for unclosed files in pickle and ... changelog too long, skipping 159 lines ... - support-expat-CVE-2022-25236-patched.patch ==== python311-core ==== Version update (3.11.7 -> 3.11.8) Subpackages: libpython3_11-1_0 python311-base - Update to 3.11.8: - Security - gh-113659: Skip .pth files with names starting with a dot or hidden file attribute. - Core and Builtins - gh-114887: Changed socket type validation in create_datagram_endpoint() to accept all non-stream sockets. This fixes a regression in compatibility with raw sockets. - gh-114388: Fix a RuntimeWarning emitted when assign an integer-like value that is not an instance of int to an attribute that corresponds to a C struct member of type T_UINT and T_ULONG. Fix a double RuntimeWarning emitted when assign a negative integer value to an attribute that corresponds to a C struct member of type T_UINT. - gh-89811: Check for a valid tp_version_tag before performing bytecode specializations that rely on this value being usable. - gh-113602: Fix an error that was causing the parser to try to overwrite existing errors and crashing in the process. Patch by Pablo Galindo - gh-113566: Fix a 3.11-specific crash when the repr of a Future is requested after the module has already been garbage-collected. - gh-106905: Use per AST-parser state rather than global state to track recursion depth within the AST parser to prevent potential race condition due to simultaneous parsing. - The issue primarily showed up in 3.11 by multithreaded users of ast.parse(). In 3.12 a change to when garbage collection can be triggered prevented the race condition from occurring. - gh-112716: Fix SystemError in the import statement and in __reduce__() methods of builtin types when __builtins__ is not a dict. - gh-105967: Workaround a bug in Appleâs macOS platform zlib library where zlib.crc32() and binascii.crc32() could produce incorrect results on multi-gigabyte inputs. Including when using zipfile on zips containing large data. - gh-94606: Fix UnicodeEncodeError when email.message.get_payload() reads a message with a Unicode surrogate character and the message content is not well-formed for surrogateescape encoding. Patch by Sidney Markowitz. - Library - gh-114965: Update bundled pip to 24.0 - gh-114959: tarfile no longer ignores errors when trying to extract a directory on top of a file. - gh-109475: Fix support of explicit option value âââ in argparse (e.g. --option=--). - gh-110190: Fix ctypes structs with array on Windows ARM64 platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo - gh-113280: Fix a leak of open socket in rare cases when error occurred in ssl.SSLSocket creation. - gh-77749: email.policy.EmailPolicy.fold() now always encodes non-ASCII characters in headers if utf8 is false. - gh-114492: Make the result of termios.tcgetattr() reproducible on Alpine Linux. Previously it could leave a random garbage in some fields. - gh-75128: Ignore an OSError in asyncio.BaseEventLoop.create_server() when IPv6 is available but the interface cannot actually support it. - gh-114257: Dismiss the FileNotFound error in ctypes.util.find_library() and just return None on Linux. - gh-101438: Avoid reference cycle in ElementTree.iterparse. The iterator returned by ElementTree.iterparse may hold on to a file descriptor. The reference cycle prevented prompt clean-up of the file descriptor if the returned iterator was not exhausted. - gh-104522: OSError raised when run a subprocess now only has filename attribute set to cwd if the error was caused by a failed attempt to change the current directory. - gh-109534: Fix a reference leak in asyncio.selector_events.BaseSelectorEventLoop when SSL handshakes fail. Patch contributed by Jamie Phan. - gh-114077: Fix possible OverflowError in socket.socket.sendfile() when pass count larger than 2 GiB on 32-bit platform. - gh-114014: Fixed a bug in fractions.Fraction where an invalid string using d in the decimals part creates a different error compared to other invalid letters/characters. Patch by Jeremiah Gabriel Pascual. - gh-113951: Fix the behavior of tag_unbind() methods of tkinter.Text and tkinter.Canvas classes with three arguments. Previously, widget.tag_unbind(tag, sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-113877: Fix tkinter method winfo_pathname() on 64-bit Windows. - gh-113781: Silence unraisable AttributeError when warnings are emitted during Python finalization. - gh-113594: Fix UnicodeEncodeError in email when re-fold lines that contain unknown-8bit encoded part followed by non-unknown-8bit encoded part. - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), there is callback that logs an error if the task wrapping the âconnected callbackâ fails. This callback would itself fail if the task was cancelled. Prevent this by checking whether the task was cancelled first. If so, close the transport but donât log an error. - gh-85567: Fix resource warnings for unclosed files in pickle and ... changelog too long, skipping 159 lines ... - support-expat-CVE-2022-25236-patched.patch ==== qemu ==== Version update (8.1.3 -> 8.2.0) Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Fix a build issue of OVMF caused by https://gitlab.com/qemu-project/qemu/-/issues/2064: * target/i386: fix incorrect EIP in PC-relative translation blocks * target/i386: Do not re-compute new pc with CF_PCREL - Update to latest upstream release, 8.2.0: The full list of changes are available at: https://wiki.qemu.org/ChangeLog/8.2 Highlights include: * New virtio-sound device emulation * New virtio-gpu rutabaga device emulation used by Android emulator * New hv-balloon for dynamic memory protocol device for Hyper-V guests * New Universal Flash Storage device emulation * Network Block Device (NBD) 64-bit offsets for improved performance * dump-guest-memory now supports the standard kdump format * ARM: Xilinx Versal board now models the CFU/CFI, and the TRNG device * ARM: CPU emulation support for cortex-a710 and neoverse-n2 * ARM: architectural feature support for PACQARMA3, EPAC, Pauth2, FPAC, FPACCOMBINE, TIDCP1, MOPS, HBC, and HPMN0 * HPPA: CPU emulation support for 64-bit PA-RISC 2.0 * HPPA: machine emulation support for C3700, including Astro memory controller and four Elroy PCI bridges * LoongArch: ISA support for LASX extension and PRELDX instruction * LoongArch: CPU emulation support for la132 * RISC-V: ISA/extension support for AIA virtualization support via KVM, and vector cryptographic instructions * RISC-V: Numerous extension/instruction cleanups, fixes, and reworks * s390x: support for vfio-ap passthrough of crypto adapter for protected virtualization guests * Tricore: support for TC37x CPU which implements ISA v1.6.2 * Tricore: support for CRCN, FTOU, FTOHP, and HPTOF instructions * x86: Zen support for PV console and network devices - Patch added (from upstream stable tree): * include/ui/rect.h: fix qemu_rect_init() mis-assignment - Some packaging and dependencies fixes: * [openSUSE] rpm: restrict canokey to openSUSE only * [openSUSE] rpm: fix virtiofsd dependency on 32 bit systems * [openSUSE] rpm: add support for canokeys (boo#1217520) - Rearrange dependencies and subpackages and filter features for ALP * [openSUSE] rpm: disable Xen support in ALP-based distros * [openSUSE] rpm: some more refinements of inter-subpackage dependencies - Fix boo#1084909 and create a new qemu-spice metapackage: * [openSUSE] rpm: normalize hostname, for reproducible builds (#44) * [openSUSE] rpm: new subpackage, for SPICE ==== rebootmgr ==== Version update (2.1 -> 2.2) - Update to version 2.2 - Make sure /run/reboot-needed get's deleted after a soft-reboot ==== ristretto ==== Version update (0.13.1 -> 0.13.2) Subpackages: ristretto-lang - Update to version 0.13.2 * Update copyright year * Fix duplicate mnemonic in File menu * image_viewer: Add missing sanity check * Fix criticals about unset GIO attributes * viewer: Fix possible crash when closing while an image is loading * Ensure that file manager proxy creation is non-blocking * Add icons at missing sizes, clean up SVG metadata * Translation Updates ==== rp-pppoe ==== - Removed rcpppoe and rcpppoe-server rudiments. ==== rpm ==== Version update (4.19.1 -> 4.19.1.1) Subpackages: librpmbuild10 - update to rpm-4.19.1.1 * don't warn about missing user/group on skipped files * make user/group lookup caching thread-safe * fix regression in Lua scriptlet runaway child detection * restore readline support as an explicit option - refreshed patches: * rpmqpack.diff - fix %_host not containing the abi suffix on arm [bnc#1219627] updated patch: canongnu.diff - Need to mention the changed patches for the python-setuptools to cmake migration: * Drop python_setup.diff * Add cmake_python_version.diff ==== selinux-policy ==== Version update (20240116 -> 20240205) Subpackages: selinux-policy-targeted - Update to version 20240205: * Allow gpg manage rpm cache * Allow login_userdomain name_bind to howl and xmsg udp ports * Allow rules for confined users logged in plasma * Label /dev/iommu with iommu_device_t * Remove duplicate file context entries in /run * Dontaudit getty and plymouth the checkpoint_restore capability * Allow su domains write login records * Revert "Allow su domains write login records" * Allow login_userdomain delete session dbusd tmp socket files * Allow unix dgram sendto between exim processes * Allow su domains write login records * Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on * Allow chronyd-restricted read chronyd key files * Allow conntrackd_t to use bpf capability2 * Allow systemd-networkd manage its runtime socket files * Allow init_t nnp domain transition to colord_t * Allow polkit status systemd services * nova: Fix duplicate declarations * Allow httpd work with PrivateTmp * Add interfaces for watching and reading ifconfig_var_run_t * Allow collectd read raw fixed disk device * Allow collectd read udev pid files * Set correct label on /etc/pki/pki-tomcat/kra * Allow systemd domains watch system dbus pid socket files * Allow certmonger read network sysctls * Allow mdadm list stratisd data directories * Allow syslog to run unconfined scripts conditionally * Allow syslogd_t nnp_transition to syslogd_unconfined_script_t * Allow qatlib set attributes of vfio device files * Allow systemd-sleep set attributes of efivarfs files * Allow samba-dcerpcd read public files * Allow spamd_update_t the sys_ptrace capability in user namespace * Allow bluetooth devices work with alsa * Allow alsa get attributes filesystems with extended attributes * Allow hypervkvp_t write access to NetworkManager_etc_rw_t * Add interface for write-only access to NetworkManager rw conf * Allow systemd-sleep send a message to syslog over a unix dgram socket * Allow init create and use netlink netfilter socket * Allow qatlib load kernel modules * Allow qatlib run lspci * Allow qatlib manage its private runtime socket files * Allow qatlib read/write vfio devices * Label /etc/redis.conf with redis_conf_t * Remove the lockdown-class rules from the policy * Allow init read all non-security socket files * Replace redundant dnsmasq pattern macros * Remove unneeded symlink perms in dnsmasq.if * Add additions to dnsmasq interface * Allow nvme_stas_t create and use netlink kobject uevent socket * Allow collectd connect to statsd port * Allow keepalived_t to use sys_ptrace of cap_userns * Allow dovecot_auth_t connect to postgresql using UNIX socket * Make named_zone_t and named_var_run_t a part of the mountpoint attribute * Allow sysadm execute traceroute in sysadm_t domain using sudo * Allow sysadm execute tcpdump in sysadm_t domain using sudo * Allow opafm search nfs directories * Add support for syslogd unconfined scripts * Allow gpsd use /dev/gnss devices * Allow gpg read rpm cache * Allow virtqemud additional permissions * Allow virtqemud manage its private lock files * Allow virtqemud use the io_uring api * Allow ddclient send e-mail notifications * Allow postfix_master_t map postfix data files * Allow init create and use vsock sockets * Allow thumb_t append to init unix domain stream sockets * Label /dev/vas with vas_device_t * Create interface selinux_watch_config and add it to SELinux users * Update cifs interfaces to include fs_search_auto_mountpoints() * Allow sudodomain read var auth files * Allow spamd_update_t read hardware state information * Allow virtnetworkd domain transition on tc command execution * Allow sendmail MTA connect to sendmail LDA * Allow auditd read all domains process state * Allow rsync read network sysctls * Add dhcpcd bpf capability to run bpf programs * Dontaudit systemd-hwdb dac_override capability * Allow systemd-sleep create efivarfs files * Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on * Allow graphical applications work in Wayland * Allow kdump work with PrivateTmp * Allow dovecot-auth work with PrivateTmp * Allow nfsd get attributes of all filesystems * Allow unconfined_domain_type use io_uring cmd on domain * ci: Only run Rawhide revdeps tests on the rawhide branch * Label /var/run/auditd.state as auditd_var_run_t * Allow fido-device-onboard (FDO) read the crack database * Allow ip an explicit domain transition to other domains * Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t * Allow winbind_rpcd_t processes access when samba_export_all_* is on * Enable NetworkManager and dhclient to use initramfs-configured DHCP connection * Allow ntp to bind and connect to ntske port. ==== sendmail ==== Version update (8.17.2 -> 8.18.1) Subpackages: libmilter1_0 - Update to version sendmail 8.18.1 2024/01/31 * sendmail is now stricter in following the RFCs and rejects some invalid input with respect to line endings and pipelining: - Prevent transaction stuffing by ensuring SMTP clients wait for the HELO/EHLO and DATA response before sending further SMTP commands. This can be disabled using the new srv_features option 'F'. Issue reported by Yepeng Pan and Christian Rossow from CISPA Helmholtz Center for Information Security. - Accept only CRLF . CRLF as end of an SMTP message as required by the RFCs, which can disabled by the new srv_features option 'O'. - Do not accept a CR or LF except in the combination CRLF (as required by the RFCs). These checks can be disabled by the new srv_features options 'U' and 'G', respectively. In this case it is suggested to use 'u2' and 'g2' instead so the server replaces offending bare CR or bare LF with a space. It is recommended to only turn these protections off for trusted networks due to the potential for abuse. * Full DANE support is available if OpenSSL versions 1.1.1 or 3.x are used, i.e., TLSA RR 2-x-y and 3-x-y are supported as required by RFC 7672. * OpenSSL version 3.0.x is supported. Note: OpenSSL 3 loads by default an openssl.cnf file from a location specified in the library which may cause unwanted behaviour in sendmail. Hence sendmail sets the environment variable OPENSSL_CONF to /etc/mail/sendmail.ossl to override the default. The file name can be changed by defining confOPENSSL_CNF in the mc file; using an empty value prevents setting OPENSSL_CONF. Note: referring to a file which does not exist does not cause an an error. * Two new values have been added for {verify}: "DANE_TEMP": DANE verification failed temporarily. "DANE_NOTLS": DANE was required but STARTTLS was not offered by the server. The default rules return a temporary error for these cases, so delivery is not attempted. * If the TLS setup code in the client fails and DANE requirements exist then {verify} will be set to "DANE_TEMP" thus preventing delivery by default. * DANE related logging has been slightly changed for clarification: "DANE configured in DNS but no STARTTLS available" changed to "DANE configured in DNS but STARTTLS not offered" * When the compile time option USE_EAI is enabled, vacation could fail to respond when it should (the code change in 8.17.2 was incomplete). Problem reported by Alex Hautequest. * If SMTPUTF8 BODY=7BIT are used as parameters for the MAIL command the parsing of UTF8 addresses could fail (USE_EAI). * If a reply to a previous RCPT was received while sending another RCPT in pipelining mode then parts of the reply could have been assigned to the wrong RCPT. * New DontBlameSendmail option CertOwner to relax requirement for certificate public and private key ownership. Based on suggestion from Marius Strobl of the FreeBSD project. * clt_features was not checked for connections via Unix domain sockets. * CONFIG: FEATURE(`enhdnsbl') did not handle multiple replies from DNS lookups thus potentially causing random "false negatives". Note: the fix creates an incompatibility: the arguments must not have a trailing dot anymore because the -a. option has been removed (as it only applies to the entire result, not individual values). * CONFIG: New FEATURE(`fips3') for basic FIPS support in OpenSSL 3. * VACATION: Add support for Return-Path header to set sender to match OpenBSD and NetBSD functionality. * VACATION: Honor RFC3834 and avoid an auto-reply if 'Auto-Submitted: no' is found in the headers to match OpenBSD and NetBSD functionality. * VACATION: Avoid an auto-reply if a 'List-Id:' is found in the headers to match OpenBSD functionality. * VACATION: Add support for $SUBJECT in .vacation.msg which is replaced with the first line of the subject of the original message to match OpenBSD and NetBSD functionality. * New Files: cf/feature/fips3.m4 devtools/OS/Darwin.23.x - This release fixes CVE-2023-51765 (bsc#1218351) - Port and rename patch sendmail-8.17.2.dif which is now sendmail-8.18.1.dif ==== shim ==== - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) ==== spectacle ==== - Drop meanwhile unneeeded BuildReqs on kColorPicker and kImageAnnotator ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-coredump udev - Drop python3-pefile dependency from the experimental package. MicroOs is fond of the experimental stuff but OTOH it doesn't ship python3. Let's drop the dependency for now, users of ukify are invited to install python3-pe manually. - Move systemd-reboot.service from udev to the main package as this service is useful in containers. ==== transmission ==== Subpackages: transmission-common transmission-gtk - Add correct creation of the transmission user/group (needed by the latest RPM 4.19). - Remove now useless Provides in the daemon subpackage. ==== virt-manager ==== Subpackages: virt-install virt-manager-common - Handle case where vm-install no longer exists on the host. This is related to bsc#1219133. virt-install.rb ==== webkit2gtk3 ==== Version update (2.42.4 -> 2.42.5) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.42.5 (boo#1219604): + Fix webkit_web_context_allow_tls_certificate_for_host to handle IPv6 URIs produced by SoupURI. + Ignore stops with offset zero before last one when rendering gradients with cairo. + Write bwrapinfo.json to disk for xdg-desktop-portal. + Fix gamepads detection by correctly handling focused window in GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213. - Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream. - Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86 architectures. ==== webkit2gtk3-soup2 ==== Version update (2.42.4 -> 2.42.5) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.42.5 (boo#1219604): + Fix webkit_web_context_allow_tls_certificate_for_host to handle IPv6 URIs produced by SoupURI. + Ignore stops with offset zero before last one when rendering gradients with cairo. + Write bwrapinfo.json to disk for xdg-desktop-portal. + Fix gamepads detection by correctly handling focused window in GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213. - Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream. - Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86 architectures. ==== wireplumber ==== Subpackages: libwireplumber-0_4-0 wireplumber-audio - Add patch to only enable bluetooth when audio support is enabled by installing wireplumber-audio (bsc#1219411): * fix-bsc1219411.patch ==== xfce4-screenshooter ==== Version update (1.10.4 -> 1.10.5) Subpackages: xfce4-screenshooter-lang xfce4-screenshooter-plugin - Update to 1.10.5 * Add imgur support as custom action (!51) * Translation Updates - Recommend curl, jq and zenity for the new script imgur.sh ==== xkbcomp ==== Version update (1.4.6 -> 1.4.7) - update to 1.4.7 * This release mainly focuses on code cleanup and improving maintainability and making static analysis work better on this code base. It also fixes a bug that could cause build failures with gcc when the -ftracer option was used. ==== xprop ==== Version update (1.2.6 -> 1.2.7) - Update to version 1.2.7 * This release fixes a failure to build with C23 compilers. ==== yast2-installation ==== Version update (5.0.5 -> 5.0.6) - Restore the selected products after reloading the package manager, properly install all products for new modules and extensions when upgrading from SLE12 (bsc#1218391) - 5.0.6 ==== yast2-network ==== Version update (5.0.1 -> 5.0.2) - Consider firmware configured interfaces as non bridgeable (bsc#1218595). - 5.0.2 ==== yast2-trans ==== Version update (84.87.20240126.9c7185e3f6 -> 84.87.20240205.897f2593b3) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20240205.897f2593b3: * New POT for text domain 'control'. * Translated using Weblate (Russian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * New POT for text domain 'installation'.

1 0

New Arm Tumbleweed snapshot 20240205 released!
by Guillaume Gardet 08 Feb '24

08 Feb '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: 389-ds (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57) AppStream (1.0.0 -> 1.0.1) MozillaFirefox alsa (1.2.10 -> 1.2.11) alsa-ucm-conf (1.2.10 -> 1.2.11) alsa-utils (1.2.10 -> 1.2.11) crypto-policies cups cups-filters (1.28.15 -> 1.28.17) drkonqi5 emacs (29.1 -> 29.2) ffmpeg-4 glibc (2.38 -> 2.39) gnome-remote-desktop gstreamer (1.22.8 -> 1.22.9) gstreamer-plugins-bad (1.22.8 -> 1.22.9) gstreamer-plugins-base (1.22.8 -> 1.22.9) gstreamer-plugins-good (1.22.8 -> 1.22.9) gstreamer-plugins-libav (1.22.8 -> 1.22.9) gstreamer-plugins-ugly (1.22.8 -> 1.22.9) inxi (3.3.31 -> 3.3.32) iproute2 (6.6 -> 6.7) kernel-firmware (20240126 -> 20240201) kio kio-extras5 ksystemstats5 kwin5 libguestfs libksysguard5 libusb-1_0 (1.0.26 -> 1.0.27) libzio (1.08 -> 1.09) mutter netpbm (11.2.0 -> 11.5.2) pam pam-full-src parted (3.5 -> 3.6) perl-gettext pipewire (1.0.1 -> 1.0.2) plasma5-addons plasma5-workspace pragha python-Twisted python-jmespath python-pip python-pytz (2023.3.post1 -> 2023.4) python-rpm python-setuptools (69.0.2 -> 69.0.3) salt sddm sendmail shim (15.7 -> 15.8) strace systemd-presets-common-SUSE timezone (2023d -> 2024a) timezone-java (2023d -> 2024a) transmission virt-v2v vlc wicked xdg-utils xen (4.18.0_04 -> 4.18.0_06) === Details === ==== 389-ds ==== Version update (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57) Subpackages: lib389 libsvrcore0 - Update to version 3.0.1~git1.1f95b57: * Issue 6061 - Certificate lifetime displayed as NaN * Bump version to 3.0.1 * Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045) * Issue 3555 - Remove audit-ci from dependencies (#6056) * Issue 6052 - Paged results test sets hostname to `localhost` on test collection * Issue 6051 - Drop unused pytest markers * Issue 6049 - lmdb - changelog is wrongly recreated by reindex task (#6050) * Issue 6047 - Add a check for tagged commits * Issue 6041 - dscreate ds-root - accepts relative path (#6042) * Switch default backend to lmdb and bump version to 3.0 (#6013) * Issue 6032 - Replication broken after backup restore (#6035) * Issue 6037 - Server crash at startup in vlvIndex_delete (#6038) * Issue 6034 - Change replica_id from str to int ==== AppStream ==== Version update (1.0.0 -> 1.0.1) Subpackages: libAppStreamQt5-3 libappstream5 - Update to 1.0.1 Bugfixes: * Fix lib name for Qt5 link target * meson: Pass -D_DARWIN_C_SOURCE on darwin * Fix macOS build * stemmer: Resolve potential issue where stemmer may never be initialized * cli: Don't fail what-provides if components were found * Fix query element order for what-provides queries * validator: Demote developer-name-tag-deprecated to info severity for now * content-rating: Fix missing or wrong value descriptions for rating IDs * curl: Add transfer speed timeouts for HTTP downloads * curl: Retry operations on potentially transient errors Miscellaneous: * validator: Improve hint for content-attribute-value-invalid * Allow building without zstd temporarily - Drop patches, merged upstream: * 0001-validator-Demote-developer-name-tag-deprecated-to-in.patch * 0001-content-rating-Fix-missing-or-wrong-value-descriptio.patch * 0001-Fix-lib-name-for-Qt5-link-target.patch - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== MozillaFirefox ==== - Recommend libfido2-udev on codestreams that exist, in order to try to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272) ==== alsa ==== Version update (1.2.10 -> 1.2.11) Subpackages: libasound2 libatopology2 - Updated to alsa-lib 1.2.11: * auto-tools fixes, versioned symbol fixes * support dB TLVs for single controls * various PCM updates, including subformat extensions * UMP and sequencer API fixes For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-lib - Dropped obsoleted patches: 0001-control.h-Fix-ump-header-file-detection.patch 0002-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch 0003-pcm-Fix-segfault-with-32bit-libs.patch 0004-reshuffle-included-files-to-include-config.h-as-firs.patch 0005-seq-Fix-typos-in-symbol-version-definitions.patch 0006-seq-Fix-invalid-sanity-check-in-snd_seq_set_input_bu.patch 0007-mixer-simple-Support-dB-TLVs-for-CTL_SINGLE-controls.patch 0008-seq-Clear-UMP-event-flag-for-legacy-apps.patch 0009-seq-Simplify-snd_seq_extract_output.patch 0010-seq-Check-protocol-compatibility-with-the-current-ve.patch ==== alsa-ucm-conf ==== Version update (1.2.10 -> 1.2.11) - Update to version 1.2.11: * Qualcomm, Mediatek, SOF soundwire, and various USB-audio profiles For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-ucm-conf - Drop obsoleted patch: 0001-SplitPCM-Device-argument-may-not-be-set.patch ==== alsa-utils ==== Version update (1.2.10 -> 1.2.11) - Update to alsa-utils 1.2.11: * alsactl buffer overflow fix * alsatplg updates, NHLT ACPI parser updates * use smaller periods for speaker-test * add bandwidth-limited pink noise for speaker-test * aplay updates, including subformat extensions * compile warning fixes For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.10_v1.2.11#alsa-utils - Drop obsoleted patches: 0001-axfer-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch 0002-amidi-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch 0003-alsaloop-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch 0004-bat-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch 0005-seq-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch 0006-alsaucm-use-ATTRIBUTE_UNUSED-instead-remove-argument.patch 0007-topology-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch 0008-topology-include-locale.h.patch 0009-nhlt-dmic-info.c-include-sys-types.h.patch 0010-topology-pre-processor-Add-support-for-enum-controls.patch 0011-configure.ac-fix-UMP-support-detection.patch 0012-bat-really-skip-analysis-of-the-first-period-and-upd.patch 0013-topology-add-include-for-ENABLE_NLS-on-musl.patch 0014-nhlt-use-stdint.h-types.patch 0015-Revert-nhlt-dmic-info.c-include-sys-types.h.patch 0016-aplay-use-stdint.h-types-instead-u_int-u_short-u_cha.patch 0017-alsa-restore.rules-use-devnode-instead-number-atribu.patch 0018-nhlt-Revert-SSP_ANALOG-device_type-field.patch 0019-alsactl-fix-potential-buffer-overwrite.patch 0020-aplay-fix-buffer-overflow-and-tainted-format-string.patch 0021-misc-fix-incorrect-usages-of-strerror.patch 0022-aplay-Add-option-for-specifying-subformat.patch 0023-aplay-allow-to-compile-with-older-alsa-lib-subformat.patch 0024-aplay-log-pcm-status-before-reporting-a-fatal-error.patch 0025-aplay-enable-timestamps-by-default.patch 0026-aplay-status-dumps-are-called-only-in-verbose-mode.patch 0027-aplaymidi-Set-event-completely-for-tempo-event.patch ==== crypto-policies ==== Subpackages: crypto-policies-scripts - avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros: we only need python3-base here, we don't need the python macros as no module is being built ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - Removed outdated ntadmin stuff from cups.spec (boo#1219503) ==== cups-filters ==== Version update (1.28.15 -> 1.28.17) - Removed outdated and obsoleted "Requires: cups > 1.5.4" which was used to require a sufficient CUPS version at times when also CUPS <= 1.5.4 was available but it was not meant to require CUPS (boo#1216560) - Version upgrade to 1.28.17 See https://github.com/OpenPrinting/cups-filters/releases Bug fix release, to more reliably discover all printer capablities from driverless printers, especially borderless printing, and to preferably use Apple Raster instead of PWG Raster or PCLM. * libcupsfilters: In PPD generator create only one *cupsFilter2: line for raster. Only use the most desirable/reliable format, usually Apple Raster (Issue #498). * libcupsfilters: In get_printer_attributes() poll media-col-database separately if needed. On some printers one gets media-col-database only this way. Often it reveals important functionality, like for example borderless printing (Issue #492). * libcupsfilters: Let PPD generator also parse media-col-ready IPP attribute. media-col-ready lists the loaded media, in contrary to media-ready, as list of complete descriptions of the media (media-col data structure). This often lists also variants like borderless (it is the same physical paper). Especially useful when media-col-database is not available (Issue #492). * libcupsfilters: In generate_sizes() consider all margin alternatives. When generating the PPD file for a driverless printer, and in the media-{left,right,top,bottom}-margin-supported printer IPP attributes there was more than 1 value, the first value (which often was the 0 for borderless printing) was not considered, leaving the borderless functionality of many printers undiscovered (Issue #492). Issues are those at https://github.com/OpenPrinting/cups-filters/issues - Version upgrade to 1.28.16 See https://github.com/OpenPrinting/cups-filters/releases Bug fix release, to make images be printed in their original size with "print-scaling=none" and to not use deprecated data types for reading TIFF images. * imagetoraster, imagetopdf, libcupsfilters: Added support for reading the resolution of an image from its EXIF data when loading it. This way we get the image reproduced in its original size with "print-scaling=none" (Issue #362). * libcupsfilters: Replaced deprecated data types uint16 and uint32. The function to read TIFF image files via libtiff in cupsfilters/image-tiff.c uses the deprecated types uint16 and uint32. The replacements for these types are uint16_t and uint32_t. Issues are those at https://github.com/OpenPrinting/cups-filters/issues ==== drkonqi5 ==== Subpackages: drkonqi5-lang - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== emacs ==== Version update (29.1 -> 29.2) Subpackages: emacs-el emacs-eln emacs-info emacs-nox emacs-x11 etags - Update to GNU Emacs version 29.2 * Startup Changes in Emacs 29.2 On GNU/Linux, Emacs is now the default application for 'org-protocol'. Org mode provides a way to quickly capture bookmarks, notes, and links using 'emacsclient': emacsclient "org-protocol://store-link?url=URL&title=TITLE" * This is a bug-fix release with no new features. * Changes in Specialized Modes and Packages in Emacs 29.2 - Tramp New user option 'tramp-show-ad-hoc-proxies'. When non-nil, ad-hoc definitions are kept in remote file names instead of showing the shortcuts. * Incompatible Lisp Changes in Emacs 29.2 'with-sqlite-transaction' rolls back changes if its BODY fails. If the BODY of the macro signals an error, or committing the results of the transaction fails, the changes will now be rolled back. - Port patches mainly by correcting hunk offsets * emacs-24.1-ps-mule.patch * emacs-24.4-ps-bdf.patch * emacs-25.2-ImageMagick7.patch * emacs-27.1-Xauthority4server.patch * emacs-27.1-pdftex.patch * emacs-29.1.dif * pdump.patch ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - drop support for libmfx, which is no longer supported upstream at all (boo#1219494) ==== glibc ==== Version update (2.38 -> 2.39) Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - Update to glibc 2.39 * A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT rewrite on x86-64 * Sync with Linux kernel 6.6 shadow stack interface * struct statvfs now has an f_type member, equal to the f_type statfs member * On Linux, the functions posix_spawnattr_getcgroup_np and posix_spawnattr_setcgroup_np have been added, along with the POSIX_SPAWN_SETCGROUP flag * On Linux, the pidfd_spawn and pidfd_spawp functions have been added * On Linux, the pidfd_getpid function has been added * scanf-family functions now support the wN format length modifiers for arguments pointing to types intN_t, int_leastN_t, uintN_t or uint_leastN_t * A new tunable, glibc.mem.decorate_maps, can be used to add additional information on underlying memory allocated by the glibc * The <stdbit.h> header has been added from ISO C2X * On AArch64 new symbols were added to libmvec * The ldconfig program now skips file names containing ';' or ending in ".dpkg.tmp" or ".dpkg.new" * The dynamic linker calls the malloc and free functions in more cases during TLS access if a shared object with dynamic TLS is loaded and unloaded - aarch64-rawmemchr-unwind.patch, cache-amd-legacy.patch, cache-intel-shared.patch, call-init-proxy-objects.patch, fstat-implementation.patch, gb18030-2022.patch, getaddrinfo-eai-memory.patch, getaddrinfo-memory-leak.patch, getcanonname-use-after-free.patch, iconv-error-verbosity.patch, intl-c-utf-8-like-c-locale.patch, ldconfig-process-elf-file.patch, libio-io-vtables.patch, libio-wdo-write.patch, no-aaaa-read-overflow.patch, posix-memalign-fragmentation.patch, ppc64-flock-fob64.patch, qsort-invalid-cmp.patch, sem-open-o-creat.patch, setxid-propagate-glibc-tunables.patch, syslog-buffer-overflow.patch, tls-modid-reuse.patch, tunables-string-parsing.patch: Removed - syslog-buffer-overflow.patch: syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, bsc#1218863, bsc#1218867, bsc#1218868) - qsort-invalid-cmp.patch: qsort: handle degenerated compare function (bsc#1218866) - Change minimum GCC to 13 - Split off libnsl.so.1 into a separate package ==== gnome-remote-desktop ==== - Explict require higher version of gcc on SLE/Leap. ==== gstreamer ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.22.9: + Highlighted bugfixes in 1.22.9 - More Security fixes for the AV1 video codec parser - va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2 - v4l2src: Consider framerate during caps selection - v4l2codec: decoder fixes - rtspsrc: multicast fixes - camerabin viewfinder fixes - various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer - aggregator: fix use-after-free in queries processing - multiqueue: Ignore queue fullness for most events - Rebase reduce-required-meson.patch ==== gstreamer-plugins-bad ==== Version update (1.22.8 -> 1.22.9) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.22.9: + av1parser: Fix potential stack overflow during tile list parsing (CVE-2024-0444, bsc#1219453, ZDI-CAN-22300) + camerabin: Correctly relink viewfinderbin_queue + GstPlay: Fix error details parsing + h264decoder: Handle malformed avc/avc3 packets + h264decoder: h265decoder: Align with wraparound fix + vp8decoder: vp9decoder: av1decoder: mpeg2decoder: Fix multiplication wraparound + vah264enc/vah264dec issues after recent upgrade to 1.22.8 from 1.22.7 + va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2 + vp9parse: Fix critical warning during caps negotiation - Rebase reduce-required-meson.patch ==== gstreamer-plugins-base ==== Version update (1.22.8 -> 1.22.9) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.22.9: + audiobasesink: Don't wait on gap events + audioconvert: change gst_audio_convert_get_unit_size() log levels + glcolorconvert: Correct transform_caps direction + gloverlay: Apply updated overlay coordinates correctly + videorate: keep pool if max_buffers is unlimited - Rebase reduce-required-meson.patch ==== gstreamer-plugins-good ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-qtqml - Update to version 1.22.9: + rtpsession: Only warn once if configured latency needs to be known but isn't yet + rtphdrext-clientaudiolevel: Fix level value being written by the extension + rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL + v4l2object: clear old fds when initializing poll during opening v4l2 device + v4l2src: Consider framerate during caps selection + vpxdec: Use appropriate domain and code for decoding errors - Rebase reduce-required-meson.patch ==== gstreamer-plugins-libav ==== Version update (1.22.8 -> 1.22.9) - Update to version 1.22.9: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-ugly ==== Version update (1.22.8 -> 1.22.9) - Update to version 1.22.9: + No changes, stable bump only. - Rebase reduce-required-meson.patch. ==== inxi ==== Version update (3.3.31 -> 3.3.32) - - Updated to version 3.3.32: + /usr/share/doc/packages/inxi/inxi.changelog. ==== iproute2 ==== Version update (6.6 -> 6.7) Subpackages: iproute2-bash-completion - Update to release 6.7 * devlink: Support setting port function ipsec_crypto cap and ipsec_packet cap * iplink: bridge: Add support for bridge FDB learning limits * bridge: fdb: support match on source VNI, nexthop ID, destination VNI, destination port, destination IP address and [no]router flag in the flush command * bridge: mdb: Add get support ==== kernel-firmware ==== Version update (20240126 -> 20240201) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - More update on version 20240201 (git commit 3677750467cb): * linux-firmware: wilc1000: update WILC1000 firmware to v16.1.2 * rtl_nic: add firmware for RTL8126A (bsc#1217417) * qcom: Add Audio firmware for SM8550 HDK - Update to version 20240201 (git commit 1b24d7d3379b): * linux-firmware: intel: Add IPU6 firmware binaries * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.37 * Revert "amdgpu: DMCUB updates for various AMDGPU ASICs" * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * brcm: Add brcmfmac43430-sdio.xxx.txt nvram for the Chuwi Hi8 (CWI509) tablet * amdgpu: DMCUB updates for various AMDGPU ASICs ==== kio ==== Subpackages: kio-core - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== kio-extras5 ==== Subpackages: libkioarchive5 - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== ksystemstats5 ==== - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== kwin5 ==== - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== libguestfs ==== Subpackages: libguestfs-appliance libguestfs-xfs libguestfs0 - BuildRequire pkgconfig(libzstd) additionaly to zstd: we need the devel package. In the past, it was pulled in by indirect deps. ==== libksysguard5 ==== Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-plugins - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== libusb-1_0 ==== Version update (1.0.26 -> 1.0.27) - Update to version 1.0.27 * New libusb_init_context API to replace libusb_init * New libusb_get_max_alt_packet_size API * New libusb_get_platform_descriptor API (BOS) * Allow setting log callback with libusb_set_option/libusb_init_context * New WebAssembly + WebUSB backend using Emscripten * Fix regression in libusb_set_interface_alt_setting * Fix sync transfer completion race and use-after-free * Fix hotplug exit ordering * Linux: NO_DEVICE_DISCOVERY option set per context - added signature and keyring. (key received via keyserver) ==== libzio ==== Version update (1.08 -> 1.09) - Version 1.09: Allow to create files without suffix as well ==== mutter ==== - Drop mutter-SLE-bsc984738-grab-display.patch: It blocks non-CSD apps with GNOME 45, and the latest LTS Oracle Installer works fine without it, the original bug is not a problem (bsc#1218935). ==== netpbm ==== Version update (11.2.0 -> 11.5.2) Subpackages: libnetpbm11 - version update to 11.5.2 Release 11.05.02 + ppmtowinicon: fix array overrun with 4 and 8 bits per pixel. Release 11.05.01 Fix typo in ppmforge test case. Release 11.05.00 + pnmpad: Add -color, -promote, -extend-edge, -detect-background . + pnmconvol: Restore ability of convolution matrix to be a pseudo-plain-PNM with samples that exceed the maxval. Lost in 10.30 (October 2005) because maxval-checking code was added to libnetpbm. (Was fixed in 10.47.08 in November 2010, but only in the 10.47 series). + pnmindex: Improve failure mode when -size or -across is zero. + pnmindex: Make -plain work. + pnmpad: fix behavior with -left, -right, and -width together or - top, -bottom, -height together: ignores -width where it should fail. Broken in Netpbm 10.72 (September 2015). + pamtosvg: fix "zero determinant" failure. Introduced in Netpbm 11.04 (September 2023). + pjtoppm: fix crash based on uninitialized variable. Introduced in Netpbm 11.04 (September 2023). + ppmtopcxl: fix incorrect output with > 256 colors. Always broken. (Program was added in primordial Netpbm in 1990). + pbmtext: fix buffer overrun with insanely large input. + picttoppm: fix buffer overrun with insanely wide input. + ppmtoxpm: fix incorrect output with insanely large number of colors. + pnmscalefixed: fix incorrect output with really big image and - pixels option. + ppmdither: fix buffer overrun with insanely large dithering matrix. + pnmpad: no longer accept old-style options (e.g. -t50). + libnetpbm: Add pm_feed_from_file, pm_accept_to_files, pm_accept_to_filestream Standard Input feeder, Output accepter for pm_system. + libnetpbm, programs that use color maps: fix buffer overrun with insanely deep images. + merge build: Fix 'pnmcat'. Introduced in Netpbm 11.00 (September 2023). Release 11.04.00 + pamaddnoise: add -salt. + pamaddnoise: reject options that aren't meaningful for the type of noise specified rather than just ignore them. + ppmtosixel: Add -7bit, so it works on more terminals, including xterms. Thanks Scott Pakin. + g3topbm: Add -correctlong + pnmtojpeg: minor improvement to error messages about bad files. + pammixmulti: Remove disclaimer of patent license. + pamstack: Fix bug: acts like -firstmaxval specified when it wasn't. Introduced in Netpbm 11.03 (June 2023). + pamstack: Fix -lcmmaxval: chooses wrong maxval. Always broken (-lcmmaxval was new in Netpbm 11.03 (June 2023)). + pamstack: Fail gracefully when total number of planes is too large for unsigned integer. Always broken (Pamstack was new in Netpbm 10.0 (June 2002). + pamtosvg: fix hang. + ppmfade: fix "file not found" crash for most fade modes. Introduced in Netpbm 10.98 (March 2022). + ppmfade: fix incorrect block mode fade. Always broken (ppmfade was new in Netpbm 8.4 (April 2000)). + pamaddnoise: fix very incorrect noise added for all types. Introduced in Netpbm 10.94 (March 2021). + ppmrough: fix buffer overrun. Always broken (Ppmrough was new in Netpbm 10.9 (September 2002). ppmrough: fix excessive roughness. Introduced in Netpbm 10.94 (March 2021). + pgmtexture: Fix buffer overflow with maxval > 255. Always broken. Maxvals > 255 were possible starting in Netpbm 9.0 (April 2000). + pgmtexture: Fix bug: ignores -d. Introduced in Netpbm 10.56 (September 2011). + xwdtopnm Fix spurious output with really wide/deep rows. + imgtoppm: Fix spurious output with really wide/deep rows. + pbmtopgm: Fix error message for excessive -width. + pbmtoxbm: Fix spurious output with really wide rows. + tifftopnm: Fix incorrect output with insanely wide/deep rows. + thinkjettopbm: Fix incorrect output with insanely wide rows. + ybmtopbm: Fix incorrect output with insanely wide rows. + pjtoppm: Fix incorrect output with insanely large number of rows. + library: add check of maxval for computable size. + Build: Include LDFLAGS in link of shared library. * Release 11.03.00 + pamstack: Add -firstmaxval, -lcmmaxval + pnmcolormap: make result independent of how system's qsort orders records with equal keys. Affects pnmquant. + pamtopng: fix typo in error message about -chroma option. + pamtopng, pnmtopng, pngtopam: fix error message when something fails in libpng. Always broken (the programs were new in Netpbm 8.1 (March 2000)). - modified patches % netpbm-gcc-warnings.patch (refreshed) % netpbm-security-code.patch (refreshed) ==== pam ==== - Enable pam_canonicalize_user.so ==== pam-full-src ==== - Enable pam_canonicalize_user.so ==== parted ==== Version update (3.5 -> 3.6) Subpackages: libparted-fs-resize0 libparted2 - update to version 3.6: - Support GPT partition attribute bit 63 as no_automount flag - Add type commands to set type-id on MS-DOS and type-uuid on GPT - Add swap flag support to the dasd disklabel - Add display of GPT disk and partition UUIDs in JSON output refreshed patches: - parted-mac.patch - libparted-dasd-implicit-partition-disk-flag.patch - tests-disable.patch removed patches: - direct-handling-of-partition-type-id-and-uuid.patch - type-command.patch - libparted-dasd-improve-lvm-raid-flag-handling.patch - libparted-dasd-add-swap-flag-handling-for-DASD-CDL.patch ==== perl-gettext ==== - Run testsuite with locale LANG=en_US.UTF. It fails otherwise with glibc 2.39 ==== pipewire ==== Version update (1.0.1 -> 1.0.2) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.0.2: * Highlights - Fix v4l2 enumeration with filter. This should fix negotiation in some GStreamer pipelines with capsfilter. Also probe for EXPBUF support before using it. - Fix max-latency property and Buffer param when dealing with small ALSA device buffers. This should fix stuttering with some AMD based soundcards. - More small cleanups an improvements. * Modules - Improve netjack2 channel positions. - Improve RAOP module state after suspend/resume. (#3778) - Avoid crash in some LV2 plugins by configuring the Atom ports. (#3815) * SPA - Bump libcamera requirements to 0.2.0. - Try to avoid unaligned load exceptions. (#3790) - Fix v4l2 enumeration with filter. (#1793) - Fix max-latency property and Buffer param when dealing with small ALSA device buffers. This should fix stuttering with some AMD based soundcards. (#3744,#3622) - Add a resync.ms option to node.driver to make it possible to resync fast to clock jumps. - Probe for EXPBUF support in v4l2 before using it. (#3821) * pulse-server - Also emit change events when the port list change. * Bluetooth - Log a more verbose explanation when other soundservers seem to be interfering with bluetooth. - Add quirks for Rockbox Brick. (#3786) - Add quirks for SoundCore mini2. (#2927) * JACK - Improve check for the running state of clients. (#3794) - Drop patches already included by upstream: * 0001-spa-libcamera-use-CameraConfigurationorientation.patch * 0002-spa-libcamera-bump-minimum-supported-version-to-0.2.0.patch ==== plasma5-addons ==== Subpackages: plasma5-addons-lang - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== plasma5-workspace ==== Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== pragha ==== Subpackages: pragha-lang pragha-plugins - Fix build for Leap 15.6 * Build with pkgconfig(gupnp-1.6) on 15.6 ==== python-Twisted ==== Subpackages: python311-Twisted python311-Twisted-tls - Add stop-using-3-arg-throw.patch: * Avoid 3-arg throw to fix a DeprecationWarning in Python 3.12. ==== python-jmespath ==== - switch to PEP517 / wheel build ==== python-pip ==== - Drop deprecated setup.py installmethod, bootstrap PEP517 with built-in pip instead - python3XX-pip-wheel can now be a regular subpackage - Drop obsolete python2 directives in specfile ==== python-pytz ==== Version update (2023.3.post1 -> 2023.4) - update to 2023.4: * Update olson to 2023d ==== python-rpm ==== - buildrequire setuptools ==== python-setuptools ==== Version update (69.0.2 -> 69.0.3) - update to 69.0.3: * Bugfixes - Retain valid names with underscores in egg_info. ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Prevent directory traversal when creating syndic cache directory on the master (CVE-2024-22231, bsc#1219430) - Prevent directory traversal attacks in the master's serve_file method (CVE-2024-22232, bsc#1219431) - Added: * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch ==== sddm ==== Subpackages: sddm-branding-openSUSE sddm-greeter-qt5 - Switch to the latest GCC version available in Leap for packages that can't build with the default compiler ==== sendmail ==== Subpackages: libmilter1_0 - Correct permisson files path to /usr/share/permissions/permissions.d/ (boo#1219339) - Fix file provides of openssl and timeout - Avoid error messages of chkstat as this tools does not accept slashes at the end of directory paths! - Move sendmails permissions files to /usr/share/permissions/ - Work on certificates usage of smart and relay host - Work on certificates for running sendmail ==== shim ==== Version update (15.7 -> 15.8) -- Update to version 15.8 - Various CVE fixes are already merged into this version mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) - remove shim-Enable-the-NX-compatibility-flag-by-default.patch The codes in this patch are already existing in shim-15.8 The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Patches (git log --oneline --reverse 15.7..15.8) 657b248 Make sbat_var.S parse right with buggy gcc/binutils 7c76425 Enable the NX compatibility flag by default. 89972ae CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper c7b3051 pe: Align section size up to page size for mem attrs e4f40ae pe: Add IS_PAGE_ALIGNED macro f23883c Don't loop forever in load_certs() with buggy firmware 1f38cb3 Optionally allow to keep shim protocol installed 102a658 Drop invalid calls to `CRYPTO_set_mem_functions` aae3df0 test-sbat: Fix exit code cca3933 Block Debian grub binaries with SBAT < 4 cf59f34 Further improve load_certs() for non-compliant drivers/firmwares 0601f44 SBAT-related documents formatting and spelling 0640e13 Add a security contact email address in README.md 0bfc397 Work around malformed path delimiters in file paths from DHCP a8b0b60 pe: only process RelocDir->Size of reloc section f7a4338 Skip testing msleep() 549d346 Rename 'msecs' to 'usecs' to avoid potential confusion 908c388 Change type of fallback_verbose_wait from int to unsigned long 05eae92 Add SbatLevel_Variable.txt to document the various revocations 243f125 Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL 89d25a1 Add a make rule for compile_commands.json 118ff87 Add gnu-stack notes f132655 test: Make our fake dprintf be a statement. be00279 Remove CentOS 7 test builds. 9964960 Split pe.c up even more. 569270d Test (and fix) ImageAddress() 61e9894 Verify signature before verifying sbat levels 1578b55 Add libFuzzer support for csv.c a0673e3 Fix a 1-byte memory leak in .sbat parsing. e246812 Add libFuzzer support to the .sbat parser. fd43eda Work around ImageAddress() usage mistake 1e985a3 Correctly free memory allocated in handle_image() dbbe3c8 mok: Avoid underflow in maximum variable size calculation 04111d4 Make some of the static analysis tools a little easier to run 7ba7440 compile_commands.json: remove stuff clang doesn't like 66e6579 CVE-2023-40546 mok: fix LogError() invocation f271826 Add primitives for overflow-checked arithmetic operations. 8372147 pe-relocate: Add a fuzzer for read_header() 5a5147d CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries e912071 pe-relocate: make read_header() use checked arithmetic operations. 93ce255 CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat() e7f5fdf pe-relocate: Ensure nothing else implements CVE-2023-40550 afdc503 CVE-2023-40549 Authenticode: verify that the signature header is in bounds. 96dccc2 CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system dae82f6 Further mitigations against CVE-2023-40546 as a class ea0f9df Allow SbatLevel data from external binary b078ef2 Always clear SbatLevel when Secure Boot is disabled 7dfb687 BS Variables for bootmgr revocations a967c0e shim should not self revoke 577cedd Print message when refusing to apply SbatLevel e801b0d sbat revocations: check the full section name 0226b56 CVE-2023-40547 - avoid incorrectly trusting HTTP headers 6f0c8d2 Print errors when setting/clearing memory attrs 57c0eed Updated Revocations for January 2024 CVEs 49c6d95 Fix some minor ia32 build issues. be8ff7c post-process-pe: Don't set the NX_COMPAT flag by default after all. 13abd9f pe-relocate: Avoid __builtin_add_overflow() on GCC < 5 c46c975 Suppress "Failed to open <..>\revocations.efi" when file does not exist 30a4f37 Rename "previous" revocations to "automatic" 6f395c2 Build time selectable automatic SBATLevel revocations a23e2f0 netboot read_image() should not hardcode DEFAULT_LOADER 993a345 Try to load revocations.efi even if directory read fails 1770a03 gitmodules: use shim-15.8 for gnu-efi branch 5914984 (HEAD -> main, tag: latest-release, tag: 15.8, origin/main, origin/HEAD) Bump version to 15.8 ==== strace ==== - Enable SELinux Context Printing (--secontext). ==== systemd-presets-common-SUSE ==== - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. ==== timezone ==== Version update (2023d -> 2024a) - Update to 2024a: * Kazakhstan unifies on UTC+5 beginning 2024-03-01 * Palestine springs forward a week later after Ramadan * zic no longer pretends to support indefinite-past DST * localtime no longer mishandles Ciudad JuÃ¡rez in 2422 ==== timezone-java ==== Version update (2023d -> 2024a) - Update to 2024a: * Kazakhstan unifies on UTC+5 beginning 2024-03-01 * Palestine springs forward a week later after Ramadan * zic no longer pretends to support indefinite-past DST * localtime no longer mishandles Ciudad JuÃ¡rez in 2422 - update to 2023d: * Ittoqqortoormiit, Greenland changes time zones on 2024-03-31. * Vostok, Antarctica changed time zones on 2023-12-18. * Casey, Antarctica changed time zones five times since 2020. * Code and data fixes for Palestine timestamps starting in 2072. * A new data file zonenow.tab for timestamps starting now. * Fix predictions for DST transitions in Palestine in 2072-2075, correcting a typo introduced in 2023a. * Vostok, Antarctica changed to +05 on 2023-12-18. It had been at +07 (not +06) for years. * Change data for Casey, Antarctica to agree with timeanddate.com, by adding five time zone changes since 2020. Casey is now at +08 instead of +11. * Much of Greenland, represented by America/Nuuk, changed its standard time from -03 to -02 on 2023-03-25, not on 2023-10-28. * localtime.c no longer mishandles TZif files that contain a single transition into a DST regime. Previously, it incorrectly assumed DST was in effect before the transition too. * tzselect no longer creates temporary files. * tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/. * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments. * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension. * zic no longer mishandles data for Palestine after the year 2075. ==== transmission ==== Subpackages: transmission-common transmission-gtk - Have transmission-daemon provide user(transmission) and group(transmission): the user/group are generated in the pre scriptlet using useradd/groupadd. ==== virt-v2v ==== Subpackages: virt-v2v-bash-completion - Relax the openssh requirement. Options passed to scp are known by openssh 8.4 - Move autoreconf from prep to build, to simplify quilt setup. ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - drop support for libmfx, which is no longer supported upstream at all (boo#1219494) ==== wicked ==== Subpackages: wicked-service - ifreload: VLAN changes require device deletion (bsc#1218927) [+ 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch] - ifcheck: fix config changed check (bsc#1218926) [+ 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch] - client: fix exit code for no-carrier status (bsc#1219265) [+ 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch] - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) [+ 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch] - duid: fix comment for v6time (https://github.com/openSUSE/wicked/pull/989) [+ 0005-duid-fix-comment-for-v6time.patch] - rtnl: fix peer address parsing for non ptp-interfaces (https://github.com/openSUSE/wicked/pull/987, https://github.com/openSUSE/wicked/pull/988) [+ 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch] [+ 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch] - system-updater: Parse updater format from XML configuration to ensure install calls can run. (https://github.com/openSUSE/wicked/pull/985) [+ 0002-system-updater-Parse-updater-format-from-XML-configu.patch] ==== xdg-utils ==== - Update to version 1.2.0+20240130: * xdg-icon-resource: unbreak syntax by removing stray grave accent (boo#1219420) ==== xen ==== Version update (4.18.0_04 -> 4.18.0_06) Subpackages: xen-libs xen-tools-domU - Upstream bug fixes (bsc#1027519) 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) 65b8f9ab-VT-d-else-vs-endif-misplacement.patch - Patches dropped / replaced by newer upstream versions xsa449.patch xsa450.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) xsa450.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) xsa449.patch

1 0

New Arm Tumbleweed snapshot 20240131 released!
by Guillaume Gardet 02 Feb '24

02 Feb '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: cups (2.4.2 -> 2.4.7) curl (8.5.0 -> 8.6.0) fillup kexec-tools libbs2b libssh (0.10.5 -> 0.10.6) patterns-base permissions python-pygit2 (1.13.3 -> 1.14.0) python-rpm (4.18.0 -> 4.19.1) qt6-base rpm (4.18.0 -> 4.19.1) suse-module-tools (16.0.42 -> 16.0.43) vala-panel-appmenu virtiofsd (1.7.2 -> 1.10.1) vsftpd xz (5.4.5 -> 5.4.6) === Details === ==== cups ==== Version update (2.4.2 -> 2.4.7) Subpackages: cups-client cups-config libcups2 libcupsimage2 - Version upgrade to 2.4.7: See https://github.com/openprinting/cups/releases CUPS 2.4.7 is released to ship the fix for CVE-2023-4504 and several other changes, among them it is adding OpenSSL support for cupsHashData function and bug fixes. Detailed list: * CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript in PPD files * Added OpenSSL support for cupsHashData (Issue #762) * Fixed delays in lpd backend (Issue #741) * Fixed extensive logging in scheduler (Issue #604) * Fixed hanging of lpstat on IBM AIX (Issue #773) * Fixed hanging of lpstat on Solaris (Issue #156) * Fixed printing to stderr if we can't open cups-files.conf (Issue #777) * Fixed purging job files via cancel -x (Issue #742) * Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) * Fixed a bug in the PPD command interpretation code (Issue #768) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.6: See https://github.com/openprinting/cups/releases CUPS 2.4.6 is released to ship the fix for CVE-2023-34241 and two other bug fixes. Detailed list: * Fix linking error on old MacOS (Issue #715) * Fix printing multiple files on specific printers (Issue #643) * Fix use-after-free when logging warnings in case of failures in cupsdAcceptClient() (fixes CVE-2023-34241) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.5: See https://github.com/openprinting/cups/releases CUPS 2.4.5 is a hotfix release for a bug which corrupted locally saved certificates, which broke secured printing via TLS after the first print job. - Version upgrade to 2.4.4: See https://github.com/openprinting/cups/releases CUPS 2.4.4 release is created as a hotfix for segfault in cupsGetNamedDest(), when caller tries to find the default destination and the default destination is not set on the machine. - Version upgrade to 2.4.3: See https://github.com/openprinting/cups/releases CUPS 2.4.3 brings fix for CVE-2023-32324, several improvements and many bug fixes. CUPS now implements fallback for printers with broken firmware, which is not capable of answering to IPP request get-printer-attributes with all, media-col-database - this enables driverless support for bunch of printers which don't follow IPP Everywhere standard. Aside from the CVE fix the most important fixes are around color settings, printer application support fixes and OpenSSL support. Detailed list of changes: * Added a title with device uri for found network printers (Issues #402, #393) * Added new media sizes defined by IANA (Issues #501) * Added quirk for GoDEX label printers (Issue #440) * Fixed --enable-libtool-unsupported (Issue #394) * Fixed configuration on RISC-V machines (Issue #404) * Fixed the device_uri invalid pointer for driverless printers with .local hostname (Issue #419) * Fixed an OpenSSL crash bug (Issue #409) * Fixed a potential SNMP OID value overflow issue (Issue #431) * Fixed an OpenSSL certificate loading issue (Issue #465) * Fixed Brazilian Portuguese translations (Issue #288) * Fixed cupsd default keychain location when building with OpenSSL (Issue #529) * Fixed default color settings for CMYK printers as well (Issue #500) * Fixed duplicate PPD2IPP media-type names (Issue #688) * Fixed possible heap buffer overflow in _cups_strlcpy() (fixes CVE-2023-32324) * Fixed InputSlot heuristic for photo sizes smaller than 5x7" if there is no media-source in the request (Issue #569) * Fixed invalid memory access during generating IPP Everywhere queue (Issue #466) * Fixed lprm if no destination is provided (Issue #457) * Fixed memory leaks in create_local_bg_thread() (Issue #466) * Fixed media size tolerance in ippeveprinter (Issue #487) * Fixed passing command name without path into ippeveprinter (Issue #629) * Fixed saving strings file path in printers.conf (Issue #710) * Fixed TLS certificate generation bugs (Issue #652) * ippDeleteValues would not delete the last value (Issue #556) * Ignore some of IPP defaults if the application sends its PPD alternative (Issue #484) * Make Letter the default size in ippevepcl (Issue #543) * Now accessing Admin page in Web UI requires authentication (Issue #518) * Now look for default printer on network if needed (Issue #452) * Now we poll media-col-database separately if we fail at first (Issue #599) * Now report fax attributes and values as needed (Issue #459) * Now localize HTTP responses using the Content-Language value (Issue #426) * Raised file size limit for importing PPD via Web UI (Issue #433) * Raised maximum listen backlog size to INT MAX (Issue #626) * Update print-color-mode if the printer is modified ... changelog too long, skipping 14 lines ... see the above CUPS 2.4.3 changes ==== curl ==== Version update (8.5.0 -> 8.6.0) Subpackages: libcurl4 - Update to 8.6.0: [bsc#1219149, CVE-2024-0853] * Security fixes: - CVE-2024-0853: OCSP verification bypass with TLS session reuse * Changes: - add CURLE_TOO_LARGE, CURLINFO_QUEUE_TIME_T * Bugfixes: - altsvc: free 'as' when returning error - asyn-ares: with modern c-ares, use its default timeout - cf-socket: show errno in tcpkeepalive error messages - cmdline-opts: update availability for the *-ca-native options - configure: when enabling QUIC, check that TLS supports QUIC - content_encoding: change return code to typedef'ed enum - curl: show ipfs and ipns as supported "protocols" - CURLINFO_REFERER.3: clarify that it is the *request* header - dist: add tests/errorcodes.pl to the tarball - gen.pl: support ## for doing .IP in table-like lists - GHA: bump ngtcp2, gnutls, mod_h2, quiche - hostip: return error immediately when Curl_ip2addr() fails - http3/quiche: fix result code on a stream reset - http3: initial support for OpenSSL 3.2 QUIC stack - http: check for "Host:" case insensitively - http: fix off-by-one error in request method length check - http: only act on 101 responses when they are HTTP/1.1 - lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT - lib: error out on multissl + http3 - lib: fix variable undeclared error caused by `infof` changes - lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding - lib: strndup/memdup instead of malloc, memcpy and null-terminate - libssh2: use `libssh2_session_callback_set2()` with v1.11.1 - ngtcp2: put h3 at the front of alpn - openldap: fix an LDAP crash - openldap: fix STARTTLS - openssl: re-match LibreSSL deinit with init - rtsp: deal with borked server responses - sasl: make login option string override http auth - tool: prepend output_dir in header callback - tool_getparam: stop supporting `@filename` style for --cookie - transfer: fix upload rate limiting, add test cases - url: don't set default CA paths for Secure Transport backend - url: for disabled protocols, mention if found in redirect - vquic: extract TLS setup into own source - websockets: check for negative payload lengths * Remove patches fixed upstream: - curl-adjust-pollset-fix.patch - curl-tests-errorcodes.patch * Rebase dont-mess-with-rpmoptflags.patch ==== fillup ==== - remove bin symlink for non-suse distributions ==== kexec-tools ==== - add kexec-dont-use-kexec_file_load-on-xen.patch: kexec: don't use kexec_file_load on xen (bsc#1218590) ==== libbs2b ==== - Add libbs2b-clipping.patch to remove clipping of overloaded samples. Patch is taken from: https://github.com/alexmarsev/libbs2b For more details see: https://github.com/strawberrymusicplayer/strawberry/issues/1320 ==== libssh ==== Version update (0.10.5 -> 0.10.6) Subpackages: libssh-config libssh4 - Fix regression parsing IPv6 addresses provided as hostname * Added libssh-fix-ipv6-hostname-regression.patch - Update to version 0.10.6 https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-r… - Fix CVE-2023-6004: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (bsc#1218209) - Fix CVE-2023-48795: prefix truncation breaking ssh channel integrity (bsc#1218126) - Fix CVE-2023-6918: Added Missing checks for return values for digests (bsc#1218186) ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - patterns-base-fips: Require openssl-fips-provider when libopenssl is installed (meta package and libopenssl3) (boo#1219384). ==== permissions ==== Subpackages: chkstat permissions-config - Create directory /usr/share/permissions/permissions.d for packages to place their drop-ins. ==== python-pygit2 ==== Version update (1.13.3 -> 1.14.0) - update to 1.14.0: * Drop support for Python 3.8 * New `Repository.submodules` namespace * New `Repository.listall_mergeheads()`, `Repository.message`, `Repository.raw_message` and `Repository.remove_message()` * New `pygit2.enums` supersedes the `GIT_` constants * Now `Repository.status()`, `Repository.status_file()`, `Repository.merge_analysis()`, `DiffFile.flags`, `DiffFile.mode`, `DiffDelta.flags` and `DiffDelta.status` return enums * Now repository\'s `merge()`, `merge_commits()` and `merge_trees()` take enums/flags for their `favor`, `flags` and `file_flags` arguments. * Fix crash in filter cleanup * Documentation fixes * Remove deprecated `Repository.create_remote(...)` function, use instead `Repository.remotes.create(...)` * Deprecate `Repository.add_submodule(...)`, use `Repository.submodules.add(...)` * Deprecate `Repository.lookup_submodule(...)`, use `Repository.submodules[...]` * Deprecate `Repository.init_submodules(...)`, use `Repository.submodules.init(...)` * Deprecate `Repository.update_submodule(...)`, use `Repository.submodules.update(...)` * Deprecate `GIT_*` constants, use `pygit2.enums` * Passign dicts to repository\'s `merge(...)`, `merge_commits(...)` and `merge_trees(...)` is deprecated. Instead pass `MergeFavor` for the `favor` argument, `MergeFlag` for `flags`, and `MergeFileFlag` for `file_flags`. ==== python-rpm ==== Version update (4.18.0 -> 4.19.1) - Modernize python-rpm.spec to stop using deprecated macros (%python_build and %python_install). - update to rpm-4.19.1 ==== qt6-base ==== Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 - Switch to the latest GCC version available in Leap - Replace 0001-Require-GCC-12.patch with 0001-Use-newer-GCC-on-Leap.patch ==== rpm ==== Version update (4.18.0 -> 4.19.1) - fix Source url to match what is listed on https://rpm.org/download.html - disable sysusers handling for now - update to rpm-4.19.1 * new spec snippet support for dynamic spec generation * new sysusers.d integration for automated user and group handling * new CMake build system * removal of various deprecated and/or unused APIs * various internal code cleanups - refreshed patches: * brp-compress-no-img.patch * brp.diff * brpcompress.diff * build.diff * enable-postin-scripts-error.diff * fileattrs.diff * findlang.diff * findsupplements.diff * langnoc.diff * macrosin.diff * platformin.diff * posttrans.diff * refreshtestarch.diff * rpm-findlang-inject-metainfo.patch * rpmqpack.diff * rpmrc.diff * selinux_transactional_update.patch * localetag.diff * weakdepscompat.diff * zstdpool.diff - deleted patches: * cpuid_lzcnt.patch * libmagic-exceptions.patch * remove-awk-dependency.patch * whatrequires-doc.diff * x86_64-microarchitectures.patch - new patches: * python_setup.diff * rpmsort_reverse.diff * canongnu.diff - new file: * build-aux.tar.bz2 (taken from rpm-4.18) - fix --runposttrans not working correctly with the --root option [bnc#1216091] ==== suse-module-tools ==== Version update (16.0.42 -> 16.0.43) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.43: * macros.initrd: %regenerate_initrd_post: don't fail if mkdir is unavailable (boo#1217979) * Don't rebuild existing initramfs imagees if the environment variable SKIP_REGENERATE_ALL=1 is set (boo#1192014) * README: Update blacklist description (gh#openSUSE/suse-module-tools#71) ==== vala-panel-appmenu ==== Subpackages: appmenu-gtk-module-common appmenu-gtk2-module appmenu-gtk3-module libappmenu-gtk2-parser0 libappmenu-gtk3-parser0 - Fix CFLAGS and CXXFLAGS to use distro flags ==== virtiofsd ==== Version update (1.7.2 -> 1.10.1) - Fix CVE-2023-50711: vmm-sys-util: out of bounds memory accesses (bsc#1218502, bsc#1218500) - Update to version 1.10.1: * Bump version to v1.10.1 * Fix mandatory user namespaces * Don't drop supplemental groups in unprivileged user namespace * Bump version to v1.10.0 * Update rust-vmm dependencies (bsc#1218500) * Bump version to v1.9.0 - Spec: switch to using the upstream virtio-fs config file for qemu - Spec: switch back to greedy cargo updates of vendored dependencies ==== vsftpd ==== - Fix location of ftpusers in /usr/lib/pam.d/vsftpd (boo#1219362) ==== xz ==== Version update (5.4.5 -> 5.4.6) Subpackages: liblzma5 - Build static library on SLE - update to 5.4.6: * Fixed a bug involving internal function pointers in liblzma not being initialized to NULL. The bug can only be triggered if lzma_filters_update() is called on a LZMA1 encoder, so it does not affect xz or any application known to us that uses liblzma. * Fixed a regression introduced in 5.4.2 that caused encoding in the raw format to unnecessarily fail if --suffix was not used. For instance, the following command no longer reports that --suffix must be used: echo foo | xz --format=raw --lzma2 | wc -c * Fixed an issue on MinGW-w64 builds that prevented reading from or writing to non-terminal character devices like NUL. * Added a new test.

1 0

New Arm Tumbleweed snapshot 20240130 released!
by Guillaume Gardet 31 Jan '24

31 Jan '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: GraphicsMagick MozillaFirefox apache2 apache2-manual apache2-prefork apache2-utils apparmor cryptsetup (2.6.1 -> 2.7.0) dos2unix (7.5.1 -> 7.5.2) duktape firewalld (2.1.0 -> 2.1.1) fwupd (1.9.11 -> 1.9.12) ghostscript (9.56.1 -> 10.02.1) grub2 gstreamer-plugins-rs iso-codes (4.15.0 -> 4.16.0) kernel-firmware (20240115 -> 20240126) libapparmor libexttextcat (3.4.6 -> 3.4.7) libgcrypt libjcat (0.2.0 -> 0.2.1) mdevctl (1.2.0 -> 1.3.0) mutter nghttp2 (1.58.0 -> 1.59.0) numactl (2.0.16.21.g693fee1 -> 2.0.17.4.g63befa8) openssl-3 openssl patterns-kde python-Jinja2 python-M2Crypto python-MarkupSafe (2.1.3 -> 2.1.4) python-argcomplete (3.2.1 -> 3.2.2) python-authheaders (0.16.1 -> 0.16.2) python-pyOpenSSL (23.3.0 -> 24.0.0) python-pycryptodome (3.19.1 -> 3.20.0) rubygem-parser (3.2.2.4 -> 3.3.0.5) rubygem-rubocop (1.59.0 -> 1.60.2) salt strace (6.6 -> 6.7) xdg-utils (1.2.0~beta1+20230929 -> 1.2.0+20240130) xf86-video-qxl xorg-x11-server xterm (388 -> 389) yast2 (5.0.4 -> 5.0.5) yast2-installation (5.0.4 -> 5.0.5) yast2-trans (84.87.20240120.54f4b9f06a -> 84.87.20240126.9c7185e3f6) zenity (4.0.0 -> 4.0.1) === Details === ==== GraphicsMagick ==== Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config - ghostscript-fonts-std: relax to recommends [bsc#1216604] ==== MozillaFirefox ==== - Fix file list ==== apache2 ==== - use grep -E for egrep ==== apache2-manual ==== - use grep -E for egrep ==== apache2-prefork ==== - use grep -E for egrep ==== apache2-utils ==== - use grep -E for egrep ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139) - Refresh apparmor.keyring - the key was renewed ==== cryptsetup ==== Version update (2.6.1 -> 2.7.0) Subpackages: cryptsetup-doc libcryptsetup12 - Update to 2.7.0: * Full changelog in: mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes * Introduce support for hardware OPAL disk encryption. * plain mode: Set default cipher to aes-xts-plain64 and password hashing to sha256. * Allow activation (open), luksResume, and luksAddKey to use the volume key stored in a keyring. * Allow to store volume key to a user-specified keyring in open and luksResume commands. * Do not flush IO operations if resize grows the device. This can help performance in specific cases where the encrypted device is extended automatically while running many IO operations. * Use only half of detected free memory for Argon2 PBKDF on systems without swap (for LUKS2 new keyslot or format operations). * Add the possibility to specify a directory for external LUKS2 token handlers (plugins). * Do not allow reencryption/decryption on LUKS2 devices with authenticated encryption or hardware (OPAL) encryption. * Do not fail LUKS format if the operation was interrupted on subsequent device wipe. * Fix the LUKS2 keyslot option to be used while activating the device by a token. * Properly report if the dm-verity device cannot be activated due to the inability to verify the signed root hash (ENOKEY). * Fix to check passphrase for selected keyslot only when adding new keyslot. * Fix to not wipe the keyslot area before in-place overwrite. * bitlk: Fix segfaults when attempting to verify the volume key. * Add --disable-blkid command line option to avoid blkid device check. * Add support for the meson build system. * Fix wipe operation that overwrites the whole device if used for LUKS2 header with no keyslot area. * Fix luksErase to work with detached LUKS header. * Disallow the use of internal kernel crypto driver names in "capi" specification. * Fix reencryption to fail early for unknown cipher. * tcrypt: Support new Blake2 hash for VeraCrypt. * tcrypt: use hash values as substring for limiting KDF check. * Add Aria cipher support and block size info. * Do not decrease PBKDF parameters if the user forces them. * Support OpenSSL 3.2 Argon2 implementation. * Add support for Argon2 from libgcrypt (requires yet unreleased gcrypt 1.11). * Used Argon2 PBKDF implementation is now reported in debug mode in the cryptographic backend version. For native support in OpenSSL 3.2 or libgcrypt 1.11, "argon2" is displayed. If libargon2 is used, "cryptsetup libargon2" (for embedded library) or "external libargon2" is displayed. * Link only libcrypto from OpenSSL. * Disable reencryption for Direct-Access (DAX) devices. * Print a warning message if the device is not aligned to sector size. * Fix sector size and integrity fields display for non-LUKS2 crypt devices for the status command. * Fix suspend for LUKS2 with authenticated encryption (also suspend dm-integrity device underneath). * Update keyring and locking documentation and LUKS2 specification for OPAL2 support. * Remove patches fixed upstream: - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch ==== dos2unix ==== Version update (7.5.1 -> 7.5.2) - update to 7.5.2: * Dos2unix can print info about the line break type of the last line, or indicate there is none * Updated documentation about ASCII mode conversion ==== duktape ==== - Build with distro flags ==== firewalld ==== Version update (2.1.0 -> 2.1.1) Subpackages: firewalld-bash-completion python3-firewall - update to 2.1.1: * fix(offline-cmd): use family when creating ipset (64f78a9) * fix(firewall-config): allow rich rule forwarded ports to be logged (d46ea62) * fix(ipXtables): log forwarded ports only (07dc202) * fix(nftables): log forwarded ports (5c26b73) * fix(io.ipset): raise exception if entries exceed limit (a2da5fb) * fix(policy): ipXtables: multiple policies using same zone (b6f2f09) * fix(policy): dispatch update for active policies (7f6f0e2) ==== fwupd ==== Version update (1.9.11 -> 1.9.12) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.12: + This release adds the following features: - Add remote modification support to fwupdtool - Add support for more modify-config options - Generate HTML pages for all man pages + This release fixes the following bugs: - Assume the legacy LVFS::UpdateRequestId tag is non-generic - Avoid crashing the daemon if not using udisks - Correctly mark the CPU as supported - Correctly match invalid EFI partitions - Do not change the device status until the action has completed - Do not require systemd for fwupdtool modify-config - Enable access to the home interface for snap - Fix an assertion when enabling lvfs-testing for the first time - Fix a possible crash in fwupdtool build-cabinet - Handle systems with more than one ccp device - Only check AMD CPUs for SHSTK, not IBT - Only write the mutable fwupd.conf with the current values - Re-evaluate supported every time pci-psp attributes are refreshed - Show "CET OS support" on AMD systems too + This release adds support for the following hardware: - AVer CAM340plus - AVer VB342 Pro - More Algoltek devices ==== ghostscript ==== Version update (9.56.1 -> 10.02.1) Subpackages: ghostscript-x11 - update to 10.02.1: * Patch release to address some security bugs * This release (10.02.0) marks the final demise of the PostScript based PDF interpreter. * This 10.01.1 release removes the "-dNEWPDF=false" command line option to fall back to the deprecated, old PDF interpreter. * This 10.01.0 release removes the "-dNEWPDF=false" command line option to fall back to the deprecated, old PDF interpreter. * This release officially deprecates the old Postscript implementation of PDF, we will not be updating or maintaining that code moving forward. The option to use the old PDF implementation _**will**_ be removed in the next full release (10.01.0) * Important: This release includes the new PDF interpreter (implemented in C rather than PostScript). It is both integrated into Ghostscript (now ENABLED by default), and available as a standalone, PDF only, binary. See https://ghostscript.com/pdfi.html for more details. * This also bundles the latest zlib (1.2.12) which addresses a security issue (CVE-2018-25032) * **Important**: This release includes the new PDF interpreter (implemented in C rather than PostScript). It is both integrated into Ghostscript (now **ENABLED** by default), and available as a standalone, PDF only, binary. See https://ghostscript.com/pdfi.html for more details. - drop CVE-2023-28879.patch, CVE-2023-36664.patch, CVE-2023-38559.patch, CVE-2023-43115.patch, CVE-2023-46751.patch: upstream - drop remove-zlib-h-dependency.patch: unused ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Remove magic number header field check on arm64 (bsc#1218783) * 0001-loader-arm64-efi-linux-Remove-magic-number-header-fi.patch ==== gstreamer-plugins-rs ==== - Increase memory to 12G for s390x builds in _constraints (bsc#1218563). ==== iso-codes ==== Version update (4.15.0 -> 4.16.0) Subpackages: iso-codes-lang - update to 4.16.0: + Updated translations + ISO 4217: New translation for Khmer (Central) + ISO 639-2: New translation for Armenian + ISO 639-5: New translation for Lithuanian ==== kernel-firmware ==== Version update (20240115 -> 20240126) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240126 (git commit 8fa621d2f9c1): * qcom: Add Audio firmware for SM8650 MTP * linux-firmware: Add firmware for Cirrus CS35L41 on HP Consumer Laptops * Intel Bluetooth: Make spacing consistent with rest of WHENCE * amdgpu: update raven2 firmware * amdgpu: update raven firmware * amdgpu: update SDMA 5.2.7 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update SDMA 5.2.6 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: add GC 11.0.1 rlc_1 firmware * amdgpu: update vega20 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update beige goby firmware * amdgpu: update picasso firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update vangogh firmware * amdgpu: update navy flounder firmware * amdgpu: update green sardine firmware * amdgpu: update sienna cichlid firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update arcturus firmware * amdgpu: update navi14 firmware * amdgpu: add VCN 4.0.3 firmware * amdgpu: add SDMA 4.4.2 firmware * amdgpu: add SMU 13.0.6 firmware * amdgpu: add PSP 13.0.6 firmware * amdgpu: Add GC 9.4.3 firmware * amdgpu: update renoir firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SMU 13.0.7 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi12 firmware * amdgpu: update yellow carp firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware * linux-firmware: Update AMD cpu microcode * RTL8192E: Remove old realtek WiFi firmware - Update aliases ==== libapparmor ==== - Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139) - Refresh apparmor.keyring - the key was renewed ==== libexttextcat ==== Version update (3.4.6 -> 3.4.7) Subpackages: libexttextcat-2_0-0 - Update to version 3.4.7: * Add Ilocano, Saraiki ==== libgcrypt ==== - add libgcrypt-no-deprecated-grep-alias.patch ==== libjcat ==== Version update (0.2.0 -> 0.2.1) - Update to version 0.2.1: + Do not dedupe sig and sig-of-checksum when loading. + Fix the installed tests. + Show the sig-of-checksum results clearer on the CLI. ==== mdevctl ==== Version update (1.2.0 -> 1.3.0) - Update to version 1.3.0 (jsc#PED-4981): * tests: add tests for live and defined support * doc: document live support and its options * cli: add live and defined parameters to modify command * callouts: add callout live event support * main: refactor jsonfile loading * main: refactor getting active devices * tests: add callout versioning tests * callouts: add warning for unknown supported actions and events * callouts: prevent repeating unsuccessful script searches * callouts: add versioning on callout scripts * callouts: make callout method reusable * callouts: add a check_result_fn to invoke_first_matching_script * Fix new clippy warnings * Cargo.toml: move tempfile to dev-dependencies * main: assemble active devices without overwriting * mdevctl.spec.in: Add systemd as build requirement * callout: ignore broken pipe on stdin * cli: improve lsmdev help * callouts: set script in callout on success only * main: fix file open error being suppressed * Fix clippy warning for useless vec * callouts: replace negated check and improve msgs * callouts: improve debug messages in get_attributes * callouts: match code format in Display for Event and Action * tests/callouts: make scripts cross distro compliant * actions: update release action to newer versions * Bump clap to 4.0 * Bump env_logger dependency to 0.9.0 * Fix deprecated github actions * cli: change modify parameter relationships * tests: use printf over echo * tests: add callout constructor panic tests * callouts: add MDev to callout struct * callouts: Move stdin generation from Callout::invoke_script() * callouts: Add a Callout argument to the invoke callback function * callouts: Reuse Callout::callout() for get_attributes() * callouts: Return Output from Callout::callout() * callouts: Remove Callout::callout_dir() * callouts: Move self.script invocation to callout() * callouts: make Callout::invoke() a method * mdev: provide better error message for invalid attr index * mdev: change attribute index arguments to usize * cli: adjust help text for modify option addattr * modify: ensure required parameter is given * trim trailing null from callout script get-attributes output * Add --force option for commands that have callouts * Bump 'nix' dependency * tests: test 'stop' with callouts * tests: remove stray debug prints during fork * tests: make test failure reports more obvious * Bump version to 1.3.0 * undefine: report error if device is not undefined * modify: add jsonfile optional parameter * cli: add cli tests * cli: fix clap deprecations warnings * tests: fix test_modify() when auto and manual are both set * Fix panic on modify delattr with invalid index * Active attributes (#71) * clippy: remove needless borrows * mdevctl.rst: align use of term state * Add tests for callout dir priority * Add system callout script dir outside /etc. * Add ability to set env root with env variable * Rename Environment::persist_base() to config_base() * Update github checkout action * Relax 'nix' dependency version requirement * callouts: remove return value from Callout::notify() * callouts: remove separate is_dir() check in notify() * callouts: filter and map iterator in notifier loop * Update uuid version * tests: verify that callout scripts are executed in order * callouts: make sure scripts are sorted * callouts: simplify loop through callout dir * callouts: Remove call to count() on callout dir entries * Fix new clippy warnings * Fix intermittent callout failure during test * rpm: set debug env vars when running tests in rpm build * Add python3-docutils to rpm BuildRequires ==== mutter ==== - mutter-SLE-bsc984738-grab-display.patch: * Temporary disable this SLE-only patch as it makes mutter 45 lock-up on non-CSD apps (bsc#1218935) ==== nghttp2 ==== Version update (1.58.0 -> 1.59.0) - update to 1.59.0: * Update bash_completion * h2load: Fix bug that ttfb is not recorded if h3 stream has no data * h2load: Consider all h2 HEADERS when counting bytes and recording ttfb * h2load: Ignore 1xx status code * nghttpd: Free SSL_CTX on exit * nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data * nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data * cmake: Require OpenSSL >= 1.1.1 * Add nghttp2_select_alpn and deprecate nghttp2_select_next_protocol * nghttpx: Add --alpn-list and deprecate --npn-list * h2load: Add --alpn-list and deprecate --npn-list * Remove NPN * src: Support building with aws-lc * Avoid detecting OpenSSL 3.2 as quictls * Use nghttp3_pri_parse_priority added since nghttp3 v1.1.0 * h2load: Fix IPv6 address in :authority * h2load: Fix IPv6 address in :authority * nghttpx: Propagate stream priority from backend to frontend * nghttpx: Propagate stream priority from backend to frontend * Merge pull request #1991 from nghttp2/get-and-parse- extpri * Add API to get and parse RFC 9218 priority * nghttpx: Prefer __FILE_NAME__ if defined ==== numactl ==== Version update (2.0.16.21.g693fee1 -> 2.0.17.4.g63befa8) Subpackages: libnuma1 - Update to version 2.0.17.4.g63befa8: * Fix CodeQl Warn: Wrong type of arguments to formatting function * libnuma: Fix incorrect print and exit of numa_preferred/_many APIs * libnuma: Fix unexpected output * Fix README.md * Increase version number * Fix build badge * Fix README.md * Update README.md * Add configure file for release * Fix unused function return warning in numastat * fix complain() fuction print newline * Document that numa_police_memory may cause data races * Add numastat_diff from jirka-h * Enable v1 compatibility for unused getnodemask test * libnuma: Handle initialization without sysfs * Support empty memory nodes * numactl: Add --version option to print version * Remove obsolete numamon file * numactl: Use standard tab indent for print_node_cpus * Avoid using /proc/cpuinfo in test suite * numact: Add --cpu-compress option * Pin release workflow script to minimize risk of supply chain attacks * move_pages: Fix warning (missing hunk from earlier revert) * numastat: Remove unused functions * distance: Remove unused variable (NFC) * numademo: Adjust memcpy test bandwidth calculation * numactl.c: Refactor print_node_cpus to display CPU ranges * numactl.c: Refactor print_node_cpus to display CPU ranges * numactl.c: Refactor print_node_cpus to display CPU ranges * Refactor print_node_cpus to display CPU ranges instead of individual CPUs * numactl: Fix manual for --preferred and --preferred-many * Revert "Fix build error on riscv64 by linking libatomic" * Include <fcntl.h> instead of <sys/fcntl.h> * Fix the example usage in the numactl manual * Fix issue #190 about numa_exit_on_warn does not work * Create SECURITY.md * fix: fix memory leaks when run with -H * use mems allowed nodes to test prefer_many policy. * fix typo in memhog.8 * Update move_pages.c * migspeed don't have to be linked against librt * Add MPOL_F_RELATIVE/STATIC_NODES ==== openssl-3 ==== Subpackages: libopenssl3 - Encapsulate the fips provider into a new package called libopenssl-3-fips-provider. - Added openssl-3-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines3.d/ and /etc/ssl/engdef3.d/. Also create symbolic links /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ to above versioned directories. - Updated spec file to create the two new necessary directores for the above patch and two symbolic links to above directories. [bsc#1194187, bsc#1207472, bsc#1218933] - Security fix: [bsc#1218810, CVE-2023-6237] * Limit the execution time of RSA public key check * Add openssl-CVE-2023-6237.patch - Rename openssl-Override-default-paths-for-the-CA-directory-tree.patch to openssl-crypto-policies-support.patch - Embed the FIPS hmac. Add openssl-FIPS-embed-hmac.patch - Load the FIPS provider and set FIPS properties implicitly. * Add openssl-Force-FIPS.patch [bsc#1217934] - Disable the fipsinstall command-line utility. * Add openssl-disable-fipsinstall.patch - Add instructions to load legacy provider in openssl.cnf. * openssl-load-legacy-provider.patch - Disable the default provider for the test suite. * openssl-Disable-default-provider-for-test-suite.patch - Security fix: [bsc#1218690, CVE-2023-6129] * POLY1305: Fix vector register clobbering on PowerPC * Add openssl-CVE-2023-6129.patch - Add patch to fix BTI enablement on aarch64: * openssl-Enable-BTI-feature-for-md5-on-aarch64.patch ==== openssl ==== - New libopenssl-fips-provider package. ==== patterns-kde ==== Subpackages: patterns-kde-kde patterns-kde-kde_edutainment patterns-kde-kde_games patterns-kde-kde_ide patterns-kde-kde_imaging patterns-kde-kde_internet patterns-kde-kde_multimedia patterns-kde-kde_office patterns-kde-kde_pim patterns-kde-kde_plasma patterns-kde-kde_utilities patterns-kde-kde_utilities_opt patterns-kde-kde_yast - Make phonon4qt5-backend a hard dep of the plasma pattern (boo#1219277) - Avoid gstreamer if not necessary - Change from phonon4qt5-backend-gstreamer to phonon4qt5-backend-vlc due to deprecation of the gstreamer backend ==== python-Jinja2 ==== - Disable broken test with latest version of MarkupSafe (2.1.4) (gh#pallets/jinja#1930, gh#pallets/markupsafe#417) ==== python-M2Crypto ==== - Disable broken tests with openssl 3.2, bsc#1217782 ==== python-MarkupSafe ==== Version update (2.1.3 -> 2.1.4) - update to 2.1.4: * Don't use regular expressions for striptags, avoiding a performance issue. :pr:`413` ==== python-argcomplete ==== Version update (3.2.1 -> 3.2.2) - update to 3.2.2: * Expand tilde in zsh ==== python-authheaders ==== Version update (0.16.1 -> 0.16.2) - update to 0.16.2: * Add checks for None results to avoid tracebacks (#31) * Account for FWS in From (which is legal, apparently) * Delete more setup.py cruft for non-supported Pythons ==== python-pyOpenSSL ==== Version update (23.3.0 -> 24.0.0) - update to 24.0.0: * Added OpenSSL.SSL.Connection.get_selected_srtp_profile to determine which SRTP profile was negotiated. #1279. ==== python-pycryptodome ==== Version update (3.19.1 -> 3.20.0) - update to 3.20.0: * Added support for TurboSHAKE128 and TurboSHAKE256. * Added method Crypto.Hash.new() to generate a hash object given a hash name. * Added support for AES-GCM encryption of PBES2 and PKCS#8 containers. * Added support for SHA-2 and SHA-3 algorithms in PBKDF2 when creating PBES2 and PKCS#8 containers. * Export of RSA keys accepts the prot_params dictionary as parameter to control the number of iterations for PBKDF2 and scrypt. * C unit tests also run on non-x86 architectures. * GH#787: Fixed autodetect logic for GCC 14 in combination with LTO. ==== rubygem-parser ==== Version update (3.2.2.4 -> 3.3.0.5) Subpackages: ruby3.2-rubygem-parser ruby3.3-rubygem-parser - updated to version 3.3.0.5 v3.3.0.5 (2024-01-21) - -------------------- API modifications: * Bump 3.2 branch to 3.2.3 (#993) (Koichi ITO) v3.3.0.4 (2024-01-15) - -------------------- Features implemented: * Register a Ruby 3.4 parser (#991) (Jean byroot Boussier) v3.3.0.3 (2024-01-12) - -------------------- Bugs fixed: * lexer.rl: accept tabs before closing heredoc delimiter (#990) (Ilya Bylich) v3.3.0.2 (2024-01-07) - -------------------- Bugs fixed: * Fix an error when using heredoc with non-word delimiters (#987) (Koichi ITO) v3.3.0.1 (2024-01-06) - -------------------- Bugs fixed: * Supports Ruby 2.0+ runtime (#986) (Koichi ITO) v3.3.0.0 (2024-01-05) - -------------------- API modifications: * current.rb: mark 3.3 branch as stable (#984) (Ilya Bylich) * ruby33.y: extract string_dend (#969) (Ilya Bylich) * lexer.rl: treat numparams as locals (#968) (Ilya Bylich) * ruby33.y: extract words_sep (#967) (Ilya Bylich) * literal.rb: match heredoc identifier from end of line (#965) (Ilya Bylich) * ruby33.y: extract {endless_command,endless_arg} rules (#964) (Ilya Bylich) * Bump Racc to 1.7.3 (#954) (Koichi ITO) Features implemented: * ruby33.y: reject ambiguous anonymous arguments (#983) (Ilya Bylich) * ruby33.y: extract arg_splat rule. (#981) (Ilya Bylich) * builder.rb: warn `it` in a block with no ordinary params. (#980) (Ilya Bylich) * builder.rb: extract named captures only from static regexes. (#979) (Ilya Bylich) * ruby33.y: accept expr_value in sclass definition. (#978) (Ilya Bylich) * ruby33.y: extract p_in_kwarg (#977) (Ilya Bylich) * ruby33.y: extract p_assoc and p_in rules (#976) (Ilya Bylich) * ruby33.y: reject invalid gvar as symbol (#974) (Ilya Bylich) * ruby33.y: properly restore in_defined flag, extract begin_defined rule (#973) (Ilya Bylich) * builder.rb: reject multi-char gvar names starting with 0 (#972) (Ilya Bylich) * ruby33.y: allow semicolon in parenthesis at the first argument of command call (#971) (Ilya Bylich) * ruby33.y: parse qualified const with brace block as a method call (#970) (Ilya Bylich) ==== rubygem-rubocop ==== Version update (1.59.0 -> 1.60.2) Subpackages: ruby3.2-rubygem-rubocop ruby3.3-rubygem-rubocop - updated to version 1.60.2 [#]# 1.60.2 (2024-01-24) [#]## Bug fixes * [#12627](https://github.com/rubocop/rubocop/issues/12627): Fix a false positive for `Layout/RedundantLineBreak` when using index access call chained on multiple lines with backslash. ([@koic][]) * [#12626](https://github.com/rubocop/rubocop/pull/12626): Fix a false positive for `Style/ArgumentsForwarding` when naming a block argument `&`. ([@koic][]) * [#12635](https://github.com/rubocop/rubocop/pull/12635): Fix a false positive for `Style/HashEachMethods` when both arguments are unused. ([@earlopain][]) * [#12636](https://github.com/rubocop/rubocop/pull/12636): Fix an error for `Style/HashEachMethods` when a block with both parameters has no body. ([@earlopain][]) * [#12638](https://github.com/rubocop/rubocop/issues/12638): Fix an `Errno::ENOENT` error when using server mode. ([@koic][]) * [#12628](https://github.com/rubocop/rubocop/pull/12628): Fix a false positive for `Style/ArgumentsForwarding` when using block arg forwarding with positional arguments forwarding to within block. ([@koic][]) * [#12642](https://github.com/rubocop/rubocop/pull/12642): Fix false positives for `Style/HashEachMethods` when using array converter method. ([@koic][]) * [#12632](https://github.com/rubocop/rubocop/issues/12632): Fix an infinite loop error when `EnforcedStyle: explicit` of `Naming/BlockForwarding` with `Style/ArgumentsForwarding`. ([@koic][]) [#]# 1.60.1 (2024-01-17) [#]## Bug fixes * [#12625](https://github.com/rubocop/rubocop/pull/12625): Fix an error when server cache dir has read-only file system. ([@Strzesia][]) * [#12618](https://github.com/rubocop/rubocop/issues/12618): Fix false positives for `Style/ArgumentsForwarding` when using block argument forwarding with other arguments. ([@koic][]) * [#12614](https://github.com/rubocop/rubocop/issues/12614): Fix false positiveis for `Style/RedundantParentheses` when parentheses in control flow keyword with multiline style argument. ([@koic][]) [#]## Changes * [#12617](https://github.com/rubocop/rubocop/issues/12617): Make `Style/CollectionCompact` aware of `grep_v` with nil. ([@koic][]) [#]# 1.60.0 (2024-01-15) [#]## Bug fixes * [#12603](https://github.com/rubocop/rubocop/issues/12603): Fix an infinite loop error for `Style/MultilineTernaryOperator` when using a method call as a ternary operator condition with a line break between receiver and method. ([@koic][]) * [#12549](https://github.com/rubocop/rubocop/issues/12549): Fix a false positive for `Style/RedundantLineContinuation` when line continuations for multiline leading dot method chain with a blank line. ([@koic][]) * [#12610](https://github.com/rubocop/rubocop/pull/12610): Accept parentheses in argument calls with blocks for `Style/MethodCallWithArgsParentheses` `omit_parentheses` style. ([@gsamokovarov][]) * [#12580](https://github.com/rubocop/rubocop/pull/12580): Fix an infinite loop error for `Layout/EndAlignment` when misaligned in singleton class assignments with `EnforcedStyleAlignWith: variable`. ([@koic][]) * [#12548](https://github.com/rubocop/rubocop/issues/12548): Fix an infinite loop error for `Layout/FirstArgumentIndentation` when specifying `EnforcedStyle: with_fixed_indentation` of `Layout/ArrayAlignment`. ([@koic][]) * [#12236](https://github.com/rubocop/rubocop/issues/12236): Fix an error for `Lint/ShadowedArgument` when self assigning to a block argument in `for`. ([@koic][]) * [#12569](https://github.com/rubocop/rubocop/issues/12569): Fix an error for `Style/IdenticalConditionalBranches` when using `if`...`else` with identical leading lines that assign to `self.foo`. ([@koic][]) * [#12437](https://github.com/rubocop/rubocop/issues/12437): Fix an infinite loop error for `EnforcedStyle: omit_parentheses` of `Style/MethodCallWithArgsParentheses` with `Style/SuperWithArgsParentheses`. ([@koic][]) * [#12558](https://github.com/rubocop/rubocop/issues/12558): Fix an incorrect autocorrect for `Style/MapToHash` when using `map.to_h` without receiver. ([@koic][]) * [#12179](https://github.com/rubocop/rubocop/issues/12179): Let `--auto-gen-config` generate `Exclude` when `Max` is overridden. ([@jonas054][]) * [#12574](https://github.com/rubocop/rubocop/issues/12574): Fix bug for unrecognized style in --auto-gen-config. ([@jonas054][]) * [#12542](https://github.com/rubocop/rubocop/issues/12542): Fix false positive for `Lint/MixedRegexpCaptureTypes` when using look-ahead matcher. ([@marocchino][]) * [#12607](https://github.com/rubocop/rubocop/pull/12607): Fix a false positive for `Style/RedundantParentheses` when regexp literal attempts to match against a parenthesized condition. ([@koic][]) * [#12539](https://github.com/rubocop/rubocop/pull/12539): Fix false positives for `Lint/LiteralAssignmentInCondition` when a collection literal contains non-literal elements. ([@koic][]) * [#12571](https://github.com/rubocop/rubocop/issues/12571): Fix false positives for `Naming/BlockForwarding` when using explicit block forwarding in block method. ([@koic][]) * [#12537](https://github.com/rubocop/rubocop/issues/12537): Fix false positives for `Style/RedundantParentheses` when `AllowInMultilineConditions: true` of `Style/ParenthesesAroundCondition`. ([@koic][]) * [#12578](https://github.com/rubocop/rubocop/pull/12578): Fix false positives for `Style/ArgumentsForwarding` when rest arguments forwarding to a method in block. ([@koic][]) * [#12540](https://github.com/rubocop/rubocop/issues/12540): Fix false positives for `Style/HashEachMethods` when rest block argument of `Enumerable#each` method is used. ([@koic][]) * [#12529](https://github.com/rubocop/rubocop/issues/12529): Fix false positives for `Style/ParenthesesAroundCondition`. ([@koic][]) * [#12556](https://github.com/rubocop/rubocop/issues/12556): Fix false positives for `Style/RedundantParentheses` when parentheses are used around a semantic operator in expressions within assignments. ([@koic][]) * [#12541](https://github.com/rubocop/rubocop/pull/12541): Fix false negative in `Style/ArgumentsForwarding` when a block is forwarded but other args aren't. ([@dvandersluis][]) * [#12581](https://github.com/rubocop/rubocop/pull/12581): Handle trailing line continuation in `Layout/LineContinuationLeadingSpace`. ([@eugeneius][]) * [#12601](https://github.com/rubocop/rubocop/issues/12601): Make `Style/EachForSimpleLoop` accept block with no parameters. ([@koic][]) [#]## Changes * [#12535](https://github.com/rubocop/rubocop/pull/12535): Allow --autocorrect with --display-only-fail-level-offenses. ([@naveg][]) * [#12572](https://github.com/rubocop/rubocop/pull/12572): Follow a Ruby 3.3 warning for `Security/Open` when `open` with a literal string starting with a pipe. ([@koic][]) * [#12453](https://github.com/rubocop/rubocop/issues/12453): Make `Style/RedundantEach` aware of safe navigation operator. ([@koic][]) * [#12233](https://github.com/rubocop/rubocop/issues/12233): Make `Style/SlicingWithRange` aware of redundant and beginless range. ([@koic][]) * [#12388](https://github.com/rubocop/rubocop/pull/12388): Reject additional 'expanded' `EnforcedStyle` options when `--no-auto-gen-enforced-style` is given. ([@kpost][]) * [#12593](https://github.com/rubocop/rubocop/pull/12593): Require Parser 3.3.0.2 or higher. ([@koic][]) ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Provide user(salt)/group(salt) capabilities for RPM 4.19 - Prevent exceptions with fileserver.update when called via state (bsc#1218482) - Added: * allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch - Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850) - Fixed KeyError in logs when running a state that fails - Added: * improve-pip-target-override-condition-with-venv_pip_.patch * fixed-keyerror-in-logs-when-running-a-state-that-fai.patch - Ensure that pillar refresh loads beacons from pillar without restart - Fix the aptpkg.py unit test failure - Prefer unittest.mock to python-mock in test suite - Added: * update-__pillar__-during-pillar_refresh.patch * fix-the-aptpkg.py-unit-test-failure.patch * prefer-unittest.mock-for-python-versions-that-are-su.patch - Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649) - Added: * enable-keepalive-probes-for-salt-ssh-executions-bsc-.patch - Revert changes to set Salt configured user early in the stack (bsc#1216284) - Added: * revert-make-sure-configured-user-is-properly-set-by-.patch - Align behavior of some modules when using salt-call via symlink (bsc#1215963) - Fix gitfs "__env__" and improve cache cleaning (bsc#1193948) - Added: * fix-gitfs-__env__-and-improve-cache-cleaning-bsc-119.patch * dereference-symlinks-to-set-proper-__cli-opt-bsc-121.patch - Randomize pre_flight_script path (CVE-2023-34049 bsc#1215157) - Added: * fix-cve-2023-34049-bsc-1215157.patch - Allow all primitive grain types for autosign_grains (bsc#1214477) - Added: * allow-all-primitive-grain-types-for-autosign_grains-.patch - Fix optimization_order opt to prevent testsuite fails - Improve salt.utils.json.find_json to avoid fails with transactional salt salt-ssh managed clients (bsc#1213293) - Use salt-call from salt bundle with transactional_update - Only call native_str on curl_debug message in tornado when needed - Implement the calling for batch async from the salt CLI - Added: * implement-the-calling-for-batch-async-from-the-salt-.patch * improve-salt.utils.json.find_json-bsc-1213293.patch * only-call-native_str-on-curl_debug-message-in-tornad.patch * use-salt-call-from-salt-bundle-with-transactional_up.patch * fix-optimization_order-opt-to-prevent-test-fails.patch - Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518) - Added: * fix-calculation-of-sls-context-vars-when-trailing-do.patch ==== strace ==== Version update (6.6 -> 6.7) - Update to strace 6.7 * Implemented -kk/--stack-traces=source option for libdw-based stack tracing. * Implemented decoding of futex_wake, futex_wait, and sys_futex_requeue syscalls. * Updated lists of BPF_*, BTRFS_*, IORING_*, KVM_*, LANDLOCK_*, PR_*, and TCP_* constants. * Updated lists of ioctl commands from Linux 6.7. * Fix strace -r during the first second after booting to show correct relative timestamps. * Fix strace -f entering deadlock on exit if there are tracee processes spawned using vfork semantics. ==== xdg-utils ==== Version update (1.2.0~beta1+20230929 -> 1.2.0+20240130) - Update to Version 1.2.0 (Lining up with the upstream release) * all: Add xdg-realpath to better handle Canonicalizing filenames (#66) * xdg-open: Use url.dll as url opener on wsl (#242) * tests: Fix quoting issues in t-xdg-open.sh * xdg-open: Added a reporting issues section to xdg-open in the hopes that more issues will be attributed correctly * xdg-mime: Added a secutity note on xdg-mime default to warn against confusing openers and runners * xdg-open: Added paragraph explaining the wiered return behaviour of xdg-open * xdg-email: shellcheck * xdg-mime: shellcheck * xdg-settings: Add support for deeping-desktop browser setting in xdg-settings. * all: Fix config.status warning about ignored --datarootdir setting * all: Shellchecked xdg-utils-common.in * xdg-open: shellcheck * xdg-mime: Create a generic implementation for KDE * all: Move to markdown for README's * xdg-mime: Improve Documentation around query file/default * xdg-open: Document not handling '-' at the start of filenames * xdg-open: Deduplicate URL recognition * xdg-open: remove unused open_generic_xdg_file_mime * xdg-open: use LC_ALL=C with URLs * xdg-open: Fix URI/URL handling * xdg-email: Remove default BROWSER logic, no longer needed * xdg-mime: Improve synopsis * xdg-settings: read KDE browser settings the right way around * xdg-open: Improve WSL support * xdg-mime: actually handle lists in mimeapps.list correctly ==== xf86-video-qxl ==== - Xspice-python3.patch * for python3 interpreter needs to be /usr/bin/python3 ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - no longer (build-)require obsolete Xprint/XprintUtil ==== xterm ==== Version update (388 -> 389) Subpackages: xterm-bin xterm-resize - update to 389: * interchange variables in subparameter parsing, fixing a bug where subparameters after the first parameter could be misidentified * correct popping of icon/window titles in a case where only one was pushed from patch #385 changes. * add XTQMODKEYS response in DECRQSS, as alternative for vim. * correct DECCIR encoded information on character set size, handle a VT525 quirk, and add DECST8C (Windows Terminal [#14984]). * improve DECRQCRA (prompted by discussion with James Holderness, Windows Terminal #14974). * add part of VT525 color controls: + DECAC, to update default foreground/background, respond to DECRQSS + DECATC, to respond with DECRQSS * prevent Unicode non-characters from being printed * modify send_SGR() to avoid modifying colors 16 to 255 in printed output (patch by Grady Martin). * minor cleanup of miscellaneous error-codes with ERROR_MISC. * remove legacy CSI 53 for locator status, corrected in patch * modify DECRQUPSS and DECAUPSS feature to support VT5xx character sets (report by Thomas Wolff). * improve EWMH handling (report/analysis by Edward Rosten) + reset _NET_WM_STATE_HIDDEN flag from _NET_WM_STATE before mapping the window to deiconify. + cache X properties to reduce latency (adapted from patch by Edward Rosten). ==== yast2 ==== Version update (5.0.4 -> 5.0.5) Subpackages: yast2-logs - Added s390 z/VM check to YaST::Arch (bsc#1210525). - 5.0.5 ==== yast2-installation ==== Version update (5.0.4 -> 5.0.5) - In zVM or KVM installations the cio_ignore kernel argument will be written only if given (bsc#1210525). - 5.0.5 ==== yast2-trans ==== Version update (84.87.20240120.54f4b9f06a -> 84.87.20240126.9c7185e3f6) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20240126.9c7185e3f6: * New POT for text domain 'installation'. * New POT for text domain 'base'. * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * New POT for text domain 'sap-installation-wizard'. ==== zenity ==== Version update (4.0.0 -> 4.0.1) - Update to version 4.0.1 + Changes and fixes since 4.0.0: - Bump webkit2gtk requirement in README - about: The licence is LGPL2.1+, not GPL - entry: Calculate number of --entry-text's properly (#75) - test: Add entry test in response to issue #75 - question: fix option --default-cancel - calendar: Fix off-by-one in day - test: Add test for --calendar - Updated translations.

1 0

New Arm Tumbleweed snapshot 20240128 released!
by Guillaume Gardet 30 Jan '24

30 Jan '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: 389-ds (2.4.0~git113.84a845c -> 2.4.0~git126.5936946) 7zip Mesa (23.3.3 -> 23.3.4) Mesa-drivers (23.3.3 -> 23.3.4) MozillaFirefox (121.0.1 -> 122.0) btrfsprogs (6.6.2 -> 6.7) ceph corosync gcc13 (13.2.1+git8205 -> 13.2.1+git8250) gpg2 (2.4.3 -> 2.4.4) grub2 gstreamer-plugins-bad inih (57 -> 58) kernel-source lftp libmaxminddb (1.8.0 -> 1.9.1) libqmi libsolv (0.7.27 -> 0.7.28) libstorage-ng (4.5.175 -> 4.5.176) libvirt man mozilla-nss (3.95 -> 3.96.1) mutter nvidia-open-driver-G06-signed openssl-1_1 perl-Bootloader (1.10 -> 1.11) postfix (3.8.4 -> 3.8.5) publicsuffix (20240107 -> 20240123) python-lxml raspberrypi-firmware-dt ruby (3.2 -> 3.3) ruby3.2 rubygem-gem2rpm spice-gtk thin-provisioning-tools (1.0.9 -> 1.0.10) tiff transactional-update virt-manager webkit2gtk3 webkit2gtk3-soup2 yast2 (5.0.3 -> 5.0.4) yast2-bootloader (5.0.2 -> 5.0.4) yast2-installation (5.0.3 -> 5.0.4) zbar === Details === ==== 389-ds ==== Version update (2.4.0~git113.84a845c -> 2.4.0~git126.5936946) Subpackages: lib389 libsvrcore0 - Update to version 2.4.0~git126.5936946: * Issue 6028 - vlv index keys inconsistencies (#6031) * Issue 5989 - RFE support of inChain Matching Rule (#5990) * Issue 6022 - lmdb inconsistency between vlv index and vlv cache names (#6026) * Issue 6015 - Fix typo remeber (#6014) * Issue 6016 - Pin upload/download artifacts action to v3 * Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) * Issue 4673 - Update Rust crates * Issue 6004 - idletimeout may be ignored (#6005) * Issue 5954 - Disable Transparent Huge Pages * Issue 5997 - test_inactivty_and_expiration CI testcase is wrong (#5999) * Issue 5993 - Fix several race condition around CI tests (#5996) * Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) * Bump openssl from 0.10.55 to 0.10.60 in /src (#5995) ==== 7zip ==== - Fix build on SLE-15-SP6 * fix-avx-sle.patch ==== Mesa ==== Version update (23.3.3 -> 23.3.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1 - Update to bugfix release 23.3.4 - -> https://docs.mesa3d.org/relnotes/23.3.4.html ==== Mesa-drivers ==== Version update (23.3.3 -> 23.3.4) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.3.4 - -> https://docs.mesa3d.org/relnotes/23.3.4.html ==== MozillaFirefox ==== Version update (121.0.1 -> 122.0) - Mozilla Firefox 122.0 https://www.mozilla.org/en-US/firefox/122.0/releasenotes/ MFSA 2024-01 (bsc#1218955) * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-0744 (bmo#1871089) Wild pointer dereference in JavaScript * CVE-2024-0745 (bmo#1871838) Stack buffer overflow in WebAudio * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe-inline was set * CVE-2024-0748 (bmo#1783504) Compromised content process could modify document URI * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0752 (bmo#1866840) Use-after-free could occur when applying update on macOS * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0754 (bmo#1871605) Crash when using some WASM files in devtools * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 - requires NSS 3.96.1 - rebased patches ==== btrfsprogs ==== Version update (6.6.2 -> 6.7) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - update to 6.7 * mkfs: make 4k sectorsize default, recommended minimum kernel for that is 6.1 and requires subpage support on architectures with page size > 4k * subvolume create: return correct error code when a target already exists * tree-checker: dump tree block on error (btrfs-convert, ...) * scrub limit: fix reporting of a limit set while there's none * fi usage: fix reporting of unallocated data or raid56 profile without root privs due to lack of that information * convert: * align data block group lengths to 64K * fix conversion of a large filesystem when there are partial inode items present due to caching * other: * build fixes * updated documentation * new and updated tests - update to 6.6.3 * subvol create: accept multiple arguments * subvol delete: print the subvolume id in the output * subvol sync: check if the filesystems is still writeable so it does not wait indefinitely * device delete: add a timeout and warning when deleting multiple devices * scrub status: report limit if set in sysfs/../scrub_speed_max * scrub limit: new command to show or set the per-device scrub limits * scrub start: report the limit if set * build: * fix CPU feature detection on aarch64 * support Botan and OpenSSL (3.2+) as crypto backends * other: * documentation updates, RTD config update * new and updated tests * CI updates ==== ceph ==== Subpackages: librados2 librbd1 - Advertised user/groups that are generated by the pre scripts: * package cephadm generates user/group cephadm * package ceph-common generates user/group ceph ==== corosync ==== Subpackages: libcfg6 libcmap4 libcorosync_common4 libcpg4 libquorum5 - Provide user(coroqnetd) and group(coroqnetd) in the -qnetd package: user and group are generated by the pre script. ==== gcc13 ==== Version update (13.2.1+git8205 -> 13.2.1+git8250) Subpackages: cpp13 libasan8 libatomic1 libgcc_s1 libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-locale libstdc++6-pp libtsan2 libubsan1 - Update to gcc-13 branch head, fc7d87e0ffadca49bec29b2107, git8250 * Includes fix for building TVM. [boo#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [boo#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [boo#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. ==== gpg2 ==== Version update (2.4.3 -> 2.4.4) Subpackages: dirmngr - Update to 2.4.4: [bsc#1219191] * gpg: Do not keep an unprotected smartcard backup key on disk. See https://gnupg.org/blog/20240125-smartcard-backup-key.html for a security advisory. [T6944] * gpg: Allow to specify seconds since Epoch beyond 2038 on 32-bit platforms. [T6736] * gpg: Fix expiration time when Creation-Date is specified. [T5252] * gpg: Add support for Subkey-Expire-Date. [rG96b69c1866] * gpg: Add option --with-v5-fingerprint. [T6705] * gpg: Add sub-option ignore-attributes to --import-options. * gpg: Add --list-filter properties sig_expires/sig_expires_d. * gpg: Fix validity of re-imported keys. [T6399] * gpg: Report BEGIN_ status before examining the input. [T6481] * gpg: Don't try to compress a read-only keybox. [T6811] * gpg: Choose key from inserted card over a non-inserted card. [T6831] * gpg: Allow to create revocations even with non-compliant algos. [T6929] * gpg: Fix regression in the Revoker keyword of the parameter file. [T6923] * gpg: Improve error message for expired default keys. [T4704] * gpgsm: Add --always-trust feature. [T6559] * gpgsm: Support ECC certificates in de-vs mode. [T6802] * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] * gpgsm: No not show the pkcs#12 passphrase in debug output. [T6654] * keyboxd: Timeout on failure to get the database lock. [T6838] * agent: Update the key stubs only if really modified. [T6829] * scd: Add support for certain Starcos 3.2 cards. [rG5304c9b080] * scd: Add support for CardOS 5.4 cards. [rG812f988059] * scd: Add support for D-Trust 4.1/4.4 cards. [rG0b85a9ac09] * scd: Add support for Smartcafe Expert 7.0 cards. [T6919] * scd: Add a length check for a new PIN. [T6843] * tpm: Fix keytotpm handling in the agent. [rG9909f622f6] * tpm: Fixes for the TPM test suite. [T6052] * dirmngr: New option --ignore-crl-extensions. [T6545] * dirmngr: Support config value "none" to disable the default keyserver. [T6708] * dirmngr: Fix handling of the HTTP Content-Length. [rGa5e33618f4] * gpgconf: Add commands --lock and --unlock. [rG93b5ba38dc] * gpgconf: Add keyword socketdir to gpgconf.ctl. [rG239c1fdc28] * gpgconf: Adjust the -X command for the new VERSION file format. [T6918] * wkd: Use export-clean for gpg-wks-client's --mirror and --create commands. [rG2c7f7a5a278c] * wkd: Make --add-revocs the default in gpg-wks-client. New option - -no-add-revocs. [rG10c937ee68] * Remove duplicated backslashes when setting the homedir. [T6833] * Ignore attempts to remove the /dev/null device. [T6556] * Improve advisory file lock retry strategy. [T3380] * Release-info: https://dev.gnupg.org/T6578 * Remove patch upstream: - gnupg-Report-BEGIN_-status-before-examining-the-input.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Reinstate the verification for a non-zero total entry count to skip unmapped data blocks (bsc#1218864) * 0001-fs-xfs-always-verify-the-total-number-of-entries-is-.patch - Removed temporary fix as reverting it will cause a different XFS parser bug * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Disable zxing in Leap15 * Leap 15 can not provide zxing >= 1.4.0, zxing is inherited from SLE15 but SLE15 do provide zxing version 1.2.0 only, Factory do have zxing-cpp 2.0.0 however it's not an API compatible version. ==== inih ==== Version update (57 -> 58) - Update to version 58 * Add ini_ prefix even to static names so inih can be used as an [#]include. ==== kernel-source ==== - rpm/constraints.in: add static multibuild packages Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for constraints on multibuild) added "kernel-source:" prefix to the dynamically generated kernels. But there are also static ones like kernel-docs. Those fail to build as the constraints are still not applied. So add the prefix also to the static ones. Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it will ever be multibuilt... - commit c2e0681 - Revert "Limit kernel-source build to architectures for which the kernel binary" This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132. The fix for bsc#1108281 directly causes bsc#1218768, revert. - commit 2943b8a - mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases. - commit 308ea09 - rpm/mkspec: use kernel-source: prefix for constraints on multibuild Otherwise the constraints are not applied with multibuild enabled. - commit 841012b - rpm/kernel-source.rpmlintrc: add action-ebpf Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf plugin) added this precompiled binary blob. Adapt rpmlintrc for kernel-source. - commit b5ccb33 - scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old The previous change added the manual entry from kernel-sources.change.old to old_changelog.txt unnecessarily. Let's fix it. - commit fb033e8 - rpm/kernel-docs.spec.in: fix build with 6.8 Since upstream commit f061c9f7d058 (Documentation: Document each netlink family), the build needs python yaml. - commit 6a7ece3 - futex: Prevent the reuse of stale pi_state (bsc#1218841). Update upstream status (Queued in subsystem maintainer repository). - commit a3ee207 - Refresh patches.rpmify/media-solo6x10-replace-max-a-min-b-c-by-clamp-b-a-c.patch. Update usptream status. - commit 589bdfa - Update config files, enable CONFIG_IMA_DISABLE_HTABLE in all archs for Tumbleweed as SLE15-SP6 kernel does (bsc#1218400). - commit 020caa6 ==== lftp ==== - Apply "0001-lftp_ssl-deinitialize-the-lftp_ssl_openssl_instance.patch" to fix a crash that ocurred when lftp is run on s390x with an IBM crypto card installed. The issue has been reported to upstream at https://github.com/lavv17/lftp/issues/716. [bsc#1213984] ==== libmaxminddb ==== Version update (1.8.0 -> 1.9.1) - libmaxminddb 1.9.1: * On very large databases, the calculation to determine the search tree size could overflow. This was fixed and several additional guards against overflows were added * build system tweaks ==== libqmi ==== Subpackages: libqmi-glib5 libqmi-tools - Add patch: * 0001-message-fix-16bit-service-on-big-endian.patch - Fixes 16-bit service indications on big endian architectures. Cherry-picked from upstream qmi-1-34 branch ==== libsolv ==== Version update (0.7.27 -> 0.7.28) Subpackages: libsolv-tools ruby-solv - build for multiple python versions [jsc#PED-6218] - bump version to 0.7.28 ==== libstorage-ng ==== Version update (4.5.175 -> 4.5.176) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Swedish) (bsc#1149754) - 4.5.176 ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Replace temporary build fix with upstream equivalent bsc#1218823 ==== man ==== - Skip posttrans dependency on systemd to support container without systemd (boo#1215538) - Use %(trans)filetriggerin and %(trans)filetriggerpostun to get an uptodate man database for installed manual pages ==== mozilla-nss ==== Version update (3.95 -> 3.96.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.96.1 * bmo#1869408 - Use pypi dependencies for MacOS worker in ./build_gyp.sh * bmo#1830978 - p7sign: add -a hash and -u certusage (also p7verify cleanups) * bmo#1867408 - add a defensive check for large ssl_DefSend return values * bmo#1869378 - Add dependency to the taskcluster script for Darwin * bmo#1869378 - Upgrade version of the MacOS worker for the CI ==== mutter ==== - Rebase mutter-disable-cvt-s390x.patch for mutter 45.x. ==== nvidia-open-driver-G06-signed ==== - splitted up 61-nvidia-$flavor.conf to 59-nvidia-$flavor.conf and 61-nvidia-$flavor.conf, because 'install' line cannot be overwritten with higher config number ... - mistakenly moved dracut config file from 60-nvidia-%1.conf to 61-nvidia-%1.conf --> reverted! - switched from 60-nvidia-$flavor.conf to 61-nvidia-$flavor.conf in modprobe.d to resolve conflict with older package, which can be installed in parallel ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Because OpenSSL 1.1.1 is no longer default, let's rename engine directories to contain version of OpenSSL and let unversioned for the default OpenSSL. [bsc#1194187, bsc#1207472, bsc#1218933] * /etc/ssl/engines.d -> /etc/ssl/engines1_1.d * /etc/ssl/engdef.d -> /etc/ssl/engdef1_1.d * Update patches: - openssl-1_1-ossl-sli-002-ran-make-update.patch - openssl-1_1-use-include-directive.patch ==== perl-Bootloader ==== Version update (1.10 -> 1.11) - merge gh#openSUSE/perl-bootloader#162 - handle script exit codes properly (bsc#1218847) - 1.11 ==== postfix ==== Version update (3.8.4 -> 3.8.5) - update to 3.8.5 * Security: this release improves support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. For background, see https://www.postfix.org/smtp-smuggling.html. ==== publicsuffix ==== Version update (20240107 -> 20240123) - Update to version 20240123: * util: gTLD data autopull updates for 2024-01-23T15:14:10 UTC (#1921) ==== python-lxml ==== - Fix build error for Leap. Use build and test as descriped on upstream. ==== raspberrypi-firmware-dt ==== - Extend "ARM: dts: bcm27xx: Use better name for spidev" patch coverage. Change compatible "spidev" to "rohm,dh2228fv" in overlay files too. Fixes bsc#1219094. ==== ruby ==== Version update (3.2 -> 3.3) - switch the default ruby to 3.3 ==== ruby3.2 ==== Subpackages: libruby3_2-3_2 - Omit test_session_reuse_but_expire if OpenSSL 3.2.0 Add Omit-test_session_reuse_but_expire-if-OpenSSL-3.2.0.patch ==== rubygem-gem2rpm ==== - Update the ruby ABI version in the 3.3.0 paths to the final string. - enable building for ruby 3.3 ==== spice-gtk ==== Subpackages: libspice-client-glib-2_0-8 libspice-client-glib-helper libspice-client-gtk-3_0-5 typelib-1_0-SpiceClientGlib-2_0 typelib-1_0-SpiceClientGtk-3_0 - Use libphotodav-3.0 on SLE/Leap 15.6+ (boo#1219083). ==== thin-provisioning-tools ==== Version update (1.0.9 -> 1.0.10) - Update to version 1.0.10: * Bump version to 1.0.10 * [build] Update dependencies * [all] Fix clippy lints and typos * [space_map] Allow non-zero values in unused index block entries * [thin_repair] Fix child keys checking on the node with a zero key * [thin_check] Tweak the logs to avoid confusion with node errors * [thin_check] Support overriding the details tree root * [tests] Update expected help text for _pack and _unpack * [all] Fix clippy lints on optional targets * [build] Simplify the pre-commit hooks by checking all the targets at once * [thin_metadata_unpack] Allow long format for input and output * [space map] Fix incorrect index_entry.nr_free while expansion * thin_metadata_pack: Allow long format for input and output ==== tiff ==== - security update: * CVE-2023-52356 [bsc#1219213] Fix segfault in TIFFReadRGBATileExt() + tiff-CVE-2023-52356.patch ==== transactional-update ==== Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd - Use "up" instead of "dup" by default on ALP [bsc#1218861] ==== virt-manager ==== Subpackages: virt-install virt-manager-common - Upstream bug fixes (bsc#1027942) (jsc#PED-6305) 058-uri-Mock-domcaps-returning-NO_SUPPORT.patch 059-tests-cli-Adjust-hotplug-test-for-latest-libvirt.patch 060-Fix-some-pylint.patch 061-tests-ui-make-newvm-test-start-less-flakey.patch 062-tests-ui-make-creatnet-test-start-less-flakey.patch - Cleanup now working or non-existant %check tests ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Add webkit2gtk3-CVE-2024-23222.patch: fix a type confusion issue (bsc#1219113 CVE-2024-23222). ==== webkit2gtk3-soup2 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Add webkit2gtk3-CVE-2024-23222.patch: fix a type confusion issue (bsc#1219113 CVE-2024-23222). ==== yast2 ==== Version update (5.0.3 -> 5.0.4) Subpackages: yast2-logs - Reading Kernel Params: Use kernel cmdline when install.inf is not available (bsc#1216408) - 5.0.4 ==== yast2-bootloader ==== Version update (5.0.2 -> 5.0.4) - Persist s390 cio_ignore kernel argument always when given (bsc#1210525). - 5.0.4 - Do not try finding undefined bootloader name to avoid error in logs (bsc#1218700) - 5.0.3 ==== yast2-installation ==== Version update (5.0.3 -> 5.0.4) - Keep cio_ignore kernel argument when present in the parmfile or use the cio_ignore -k output if not and write it always even in zVM and KVM (bsc#1210525). - 5.0.4 ==== zbar ==== - Fix building for Leap

1 0

New Arm Tumbleweed snapshot 20240124 released!
by Guillaume Gardet 25 Jan '24

25 Jan '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (23.2.1 -> 23.3.3) Mesa-drivers (23.2.1 -> 23.3.3) NetworkManager-applet (1.34.0 -> 1.36.0) abseil-cpp apache2-mod_php8 (8.2.14 -> 8.2.15) cepces (0.3.7 -> 0.3.8) coreutils coreutils-systemd cronie dracut (059+suse.533.g5a7cf9fa -> 059+suse.538.ge7a5cff9) ed (1.19 -> 1.20) emacs-flim gdm gnome-shell grub2 ibus java-11-openjdk (11.0.21.0 -> 11.0.22.0) kdump (2.0.0 -> 2.0.1) kernel-firmware (20240102 -> 20240115) kernel-source (6.6.11 -> 6.7.1) libeconf (0.6.0 -> 0.6.1) libguestfs libidn (1.41 -> 1.42) libmspack libnvme (1.6+5.g68c6ffb -> 1.7.1+0.g13ba383) libp11 libplacebo (6.338.1 -> 6.338.2) libstorage-ng (4.5.174 -> 4.5.175) libvirt (9.10.0 -> 10.0.0) ncurses (6.4.20240113 -> 6.4.20240120) nvidia-open-driver-G06-signed (545.29.06_k6.6.11_1 -> 545.29.06_k6.7.1_1) nvme-cli (2.6 -> 2.7.1) pam (1.5.3 -> 1.6.0) pam-full-src (1.5.3 -> 1.6.0) php8 (8.2.14 -> 8.2.15) pipewire ppp python-Pillow (10.1.0 -> 10.2.0) python-SQLAlchemy (2.0.24 -> 2.0.25) python-Twisted python-anyio (3.7.1 -> 4.2.0) python-authheaders (0.16.0 -> 0.16.1) python-falcon python-gevent python-libvirt-python (9.10.0 -> 10.0.0) python-service_identity (23.1.0 -> 24.1.0) python-trio (0.22.0 -> 0.23.2) qca-qt5 (2.3.7+git12 -> 2.3.8+git1) qpdf (11.7.0 -> 11.8.0) rdma-core (49.0 -> 49.1) rpm-config-SUSE (20230712 -> 20240118) rsyslog sdbootutil (1+git20231221.42797ab -> 1+git20240122.c0d8f76) shaderc (2023.7 -> 2023.8) sssd (2.9.3 -> 2.9.4) systemd tevent (0.15.0 -> 0.16.0) tpm2-0-tss util-linux util-linux-systemd virt-manager vulkan-loader (1.3.268.0 -> 1.3.275.0) vulkan-tools (1.3.268.0 -> 1.3.275.0) yast2-pkg-bindings (5.0.2 -> 5.0.4) yast2-trans (84.87.20240112.f631673f01 -> 84.87.20240120.54f4b9f06a) zbar (0.23.90 -> 0.23.93) zchunk (1.3.2 -> 1.4.0) === Details === ==== Mesa ==== Version update (23.2.1 -> 23.3.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1 - split python36-buildfix.patch into two patches python36-buildfix1.patch and python36-buildfix2.patch; apply the latter only on sle15-sp6/Leap 15.6 since on newer python releases than 3.6 it changes behaviour to remove required=True option - python36-buildfix.patch * src/freedreno/registers/gen_header.py: hopefully fixes aarch64 build - u_0001-intel-genxml-Drop-from-__future__-import-annotations.patch u_0002-intel-genxml-Add-a-untyped-OrderedDict-fallback-for-.patch python36-buildfix.patch * fixes build against python 3.6 - let Mesa-dri require libvulkan1 to get zink/swrast driver fallbacks working (hopefully); probably related: https://gitlab.freedesktop.org/mesa/mesa/-/commit/2a71f06f2938678d89d5ed137… - Update to bugfix release 23.3.3 - -> https://docs.mesa3d.org/relnotes/23.3.3.html - Update to bugfix release 23.3.2 - -> https://docs.mesa3d.org/relnotes/23.3.2.html - Update to version 23.3.0: * It includes NVK, a new reverse-engineered Vulkan driver for Nvidia hardware. This driver is still in experimental phase, not quite ready for prime time yet, but adventurous users can give it a go! * New extensions & features (in no particular order): - VK_EXT_pipeline_robustness on ANV - VK_KHR_maintenance5 on RADV - OpenGL ES 3.1 on Asahi - GL_ARB_compute_shader on Asahi - GL_ARB_shader_atomic_counters on Asahi - GL_ARB_shader_image_load_store on Asahi - GL_ARB_shader_image_size on Asahi - GL_ARB_shader_storage_buffer_object on Asahi - GL_ARB_sample_shading on Asahi - GL_OES_sample_variables on Asahi - GL_OES_shader_multisample_interpolation on Asahi - GL_OES_gpu_shader5 on Asahi - EGL_ANDROID_blob_cache works when disk caching is disabled - VK_KHR_cooperative_matrix on RADV/GFX11+ - Drop patches fixed upstream: * U_clover-llvm-move-to-modern-pass-manager.patch * U_radeonsi-prefix-function-with-si_-to-prevent-name-co.patch - Refresh patches with quilt. - Use %patch -p N instead of deprecated %patchN. ==== Mesa-drivers ==== Version update (23.2.1 -> 23.3.3) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - split python36-buildfix.patch into two patches python36-buildfix1.patch and python36-buildfix2.patch; apply the latter only on sle15-sp6/Leap 15.6 since on newer python releases than 3.6 it changes behaviour to remove required=True option - python36-buildfix.patch * src/freedreno/registers/gen_header.py: hopefully fixes aarch64 build - u_0001-intel-genxml-Drop-from-__future__-import-annotations.patch u_0002-intel-genxml-Add-a-untyped-OrderedDict-fallback-for-.patch python36-buildfix.patch * fixes build against python 3.6 - let Mesa-dri require libvulkan1 to get zink/swrast driver fallbacks working (hopefully); probably related: https://gitlab.freedesktop.org/mesa/mesa/-/commit/2a71f06f2938678d89d5ed137… - Update to bugfix release 23.3.3 - -> https://docs.mesa3d.org/relnotes/23.3.3.html - Update to bugfix release 23.3.2 - -> https://docs.mesa3d.org/relnotes/23.3.2.html - Update to version 23.3.0: * It includes NVK, a new reverse-engineered Vulkan driver for Nvidia hardware. This driver is still in experimental phase, not quite ready for prime time yet, but adventurous users can give it a go! * New extensions & features (in no particular order): - VK_EXT_pipeline_robustness on ANV - VK_KHR_maintenance5 on RADV - OpenGL ES 3.1 on Asahi - GL_ARB_compute_shader on Asahi - GL_ARB_shader_atomic_counters on Asahi - GL_ARB_shader_image_load_store on Asahi - GL_ARB_shader_image_size on Asahi - GL_ARB_shader_storage_buffer_object on Asahi - GL_ARB_sample_shading on Asahi - GL_OES_sample_variables on Asahi - GL_OES_shader_multisample_interpolation on Asahi - GL_OES_gpu_shader5 on Asahi - EGL_ANDROID_blob_cache works when disk caching is disabled - VK_KHR_cooperative_matrix on RADV/GFX11+ - Drop patches fixed upstream: * U_clover-llvm-move-to-modern-pass-manager.patch * U_radeonsi-prefix-function-with-si_-to-prevent-name-co.patch - Refresh patches with quilt. - Use %patch -p N instead of deprecated %patchN. ==== NetworkManager-applet ==== Version update (1.34.0 -> 1.36.0) Subpackages: NetworkManager-connection-editor - Update to version 1.36.0: + Support WiFi's cloned-mac "stable-ssid". + Update translations. ==== abseil-cpp ==== - fix build for non-SUSE distributions ==== apache2-mod_php8 ==== Version update (8.2.14 -> 8.2.15) - version update to 8.2.15 * This is a bug fix release. - modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) ==== cepces ==== Version update (0.3.7 -> 0.3.8) Subpackages: cepces-certmonger cepces-selinux python3-cepces - Update to version 0.3.8: * Fix WSTEP BinarySecurityToken attribute namespaces * Migrate to SPNEGO auth mech ==== coreutils ==== - coreutils-9.4.split-CVE-2024-0684.patch: Add upstream patch: split: do not shrink hold buffer. (CVE-2024-0684) - coreutils-i18n.patch: Update from Fedora to fix build on i686 on GCC14. ==== coreutils-systemd ==== - coreutils-9.4.split-CVE-2024-0684.patch: Add upstream patch: split: do not shrink hold buffer. (CVE-2024-0684) - coreutils-i18n.patch: Update from Fedora to fix build on i686 on GCC14. ==== cronie ==== Subpackages: cron - Update to 1.7.1: * crond: Wait on finishing the job with -n option to check the exit status * crond: Do not set the return path to <> if non-default MAILFROM is set * /etc/sysconfig/crond and /etc/default/anacron files are optional - Remove test-for-etc-default-anacron.patch - Set safe permissions for crontab backups. Add * safe-backup-permissions.patch - Fix anacron not working when /etc/default/anacron does not exist, fixes bsc#1218377 * test-for-etc-default-anacron.patch ==== dracut ==== Version update (059+suse.533.g5a7cf9fa -> 059+suse.538.ge7a5cff9) - Update to version 059+suse.538.ge7a5cff9: * fix(livenet): split `imgsize` calculation to avoid misleading error message * fix(livenet): check also `content-length` from live image header * fix(livenet): propagate error code * fix(dracut): correct regression with multiple `rd.break=` options ==== ed ==== Version update (1.19 -> 1.20) - update to 1.20: * New command-line options for jumping to a line number or match * Improved handling of file names containing control characters * Tweak workflow for fewer 'buffer modified' warnings * Tilde expansion is now performed on file names * Warn on modifying a buffer from a read-only file * Create missing intermediate directories when writing to a file * Documentation updates - drop obsolete makeinfo marcos ==== emacs-flim ==== - Use %patch0 to fix compilation with rpm-4.19 ==== gdm ==== Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Make Patch0 only applies on s390 and s390x. ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar - Adapt to version 45.3(bsc#1216072): + Rebase gnome-shell-domain.patch + Rebase gnome-shell-fate324570-Make-GDM-background-image-configurable.patch ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - allow to boot memtest86 if stored in /usr/lib/memtest86+ * SR#1071109 can then work ==== ibus ==== Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0 - Use %_libexecdir as the basis of %_ibus_libexecdir (bsc#1174075) ==== java-11-openjdk ==== Version update (11.0.21.0 -> 11.0.22.0) Subpackages: java-11-openjdk-headless - Upgrade to upstream tag jdk-11.0.22+7 (January 2024 CPU) * Security fixes + JDK-8308204: Enhanced certificate processing + JDK-8314295, CVE-2024-20919, bsc#1218903: Enhance verification of verifier + JDK-8314284, CVE-2024-20926, bsc#1218906: Enhance Nashorn performance + JDK-8314307, CVE-2024-20921, bsc#1218905: Improve loop handling + JDK-8314468, CVE-2024-20918, bsc#1218907: Improve Compiler loops + JDK-8316976, CVE-2024-20945, bsc#1218909: Improve signature handling + JDK-8317547, CVE-2024-20952, bsc#1218911: Enhance TLS connection support * Other fixes + JDK-6381945: (cal) Japanese calendar unit test system should avoid multiple static imports + JDK-6445283: ProgressMonitorInputStream not large file aware (>2GB) + JDK-8026393: jarsigner never shows a warning in badKeyUsage case + JDK-8041447: Test javax/swing/dnd/7171812/bug7171812.java fails with java.lang.RuntimeException: Test failed, scroll on drag doesn't work + JDK-8053479: (dc) DatagramChannel.read() throws exception instead of discarding data when buffer too small + JDK-8067250: [mlvm] vm/mlvm/mixed/stress/regression/b6969574 fails and perf regression + JDK-8153090: TAB key cannot change input focus after the radio button in the Color Selection dialog + JDK-8168408: Test java/awt/Focus/ActualFocusedWindowTest/ /ActualFocusedWindowBlockingTest.java fails intermittentently on windows + JDK-8183374: Refactor java/lang/Runtime shell tests to java + JDK-8185531: [TESTBUG] Improve test configuration for shared strings + JDK-8195589: T6587786.java failed after JDK-8189997 + JDK-8197825: [Test] Intermittent timeout with javax/swing JColorChooser Test + JDK-8205467: javax/management/remote/mandatory/connection/ /MultiThreadDeadLockTest.java possible deadlock + JDK-8207166: jdk/jshell/ /JdiHangingLaunchExecutionControlTest.java - launch timeout + JDK-8210168: JCK test .vm.classfmt.ins.code__002.code__00201m1 .code__00201m1 hangs with -noverify + JDK-8210265: Crash in HSpaceCounters::update_used() + JDK-8211045: [Testbug] Fix for 8144279 didn't define a test case! + JDK-8212997: [TESTBUG] Remove defmeth tests for class file versions 50 and 51 + JDK-8213898: CDS dumping of springboot asserts in G1ArchiveAllocator::alloc_new_region + JDK-8214694: cleanup rawtypes warnings in open jndi tests + JDK-8217329: JTREG: Clean up, remove unused imports in gc folder + JDK-8218178: vmTestbase/vm/mlvm/mixed/stress/regression/ /b6969574/INDIFY_Test.java fails with -Xcomp + JDK-8220083: Remove hard-coded 127.0.0.1 loopback address in JDK networking tests + JDK-8221396: Clean up serviceability/sa/TestUniverse.java + JDK-8223145: Replace wildcard address with loopback or local host in tests - part 1 + JDK-8223788: [macos] JSpinner buttons in JColorChooser dialog may capture focus using TAB Key. + JDK-8224035: Replace wildcard address with loopback or local host in tests - part 9 + JDK-8224204: Replace wildcard address with loopback or local host in tests - part 10 + JDK-8226825: Replace wildcard address with loopback or local host in tests - part 19 + JDK-8230435: Replace wildcard address with loopback or local host in tests - part 22 + JDK-8230858: Replace wildcard address with loopback or local host in tests - part 23 + JDK-8231556: Wrong font ligatures used when 2 versions of same font used + JDK-8231931: [TESTBUG] serviceability/sa/TestUniverse.java looks for wrong string with Shenandoah + JDK-8232135: Add diagnostic output to test java/util/ProcessBuilder/Basic.java + JDK-8232513: java/net/DatagramSocket/PortUnreachable.java still fails intermittently with BindException + JDK-8232933: Javac inferred type does not conform to equality constraint + JDK-8233000: Mark vmTestbase/vm/mlvm/meth/stress/compiler/ /deoptimize test as stress test + JDK-8233847: (sctp) Flx link-local IPv6 scope handling and test cleanup. + JDK-8237858: PlainSocketImpl.socketAccept() handles EINTR incorrectly + JDK-8238740: java/net/httpclient/whitebox/FlowTestDriver.java should not specify a TLS protocol + JDK-8240235: jdk.test.lib.util.JarUtils updates jar files incorrectly + JDK-8240604: Rewrite sun/management/jmxremote/bootstrap/ /CustomLauncherTest.java test to make binaries from source file + JDK-8240754: Instrument FlowTest.java to provide more debug ... changelog too long, skipping 247 lines ... DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.22 ==== kdump ==== Version update (2.0.0 -> 2.0.1) - upgrade to version 2.0.1 * load.sh: fix fadump (bsc#1218589) ==== kernel-firmware ==== Version update (20240102 -> 20240115) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240115 (git commit efeb548d2a2b): * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX211 * amdgpu: DMCUB updates for DCN314 * cirrus: Add firmware file for cs42l43 * amdgpu: DMCUB updates for DCN312 - Update to version 20240111 (git commit b3132c18d0be): * qcom: Update the firmware for Adreno a630 family of GPUs * cirrus: Add CS35L41 firmware for Legion Slim 7 Gen 8 laptops * linux-firmware: Add firmware for Cirrus CS35L41 for various Dell laptops - Update to version 20240110 (git commit 31db82d69905): * linux-firmware: update firmware for qat_4xxx devices * linux-firmware: update firmware for w1u_uart * amdgpu: DMCUB updates for DCN314 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX210 - Update to version 20240105 (git commit 5a6ae745d8a4): * amlogic/bluetooth: add firmware bin of W1 serial soc(w1u_uart) - Drop superfluous Provides from uncompressed kernel-firmware package that may confuse dependencies (bsc#1218307) - Minor adjustment and updates of scripts / templates ==== kernel-source ==== Version update (6.6.11 -> 6.7.1) - Linux 6.7.1 (bsc#1012628). - mm/memory_hotplug: fix memmap_on_memory sysfs value retrieval (bsc#1012628). - docs: kernel_feat.py: fix potential command injection (bsc#1012628). - scripts/decode_stacktrace.sh: optionally use LLVM utilities (bsc#1012628). - coresight: etm4x: Fix width of CCITMIN field (bsc#1012628). - PCI: Add ACS quirk for more Zhaoxin Root Ports (bsc#1012628). - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (bsc#1012628). - parport: parport_serial: Add Brainboxes device IDs and geometry (bsc#1012628). - parport: parport_serial: Add Brainboxes BAR details (bsc#1012628). - uio: Fix use-after-free in uio_open (bsc#1012628). - binder: fix comment on binder_alloc_new_buf() return value (bsc#1012628). - binder: fix trivial typo of binder_free_buf_locked() (bsc#1012628). - binder: fix use-after-free in shinker's callback (bsc#1012628). - binder: use EPOLLERR from eventpoll.h (bsc#1012628). - Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" (bsc#1012628). - ksmbd: free ppace array on error in parse_dacl (bsc#1012628). - ksmbd: don't allow O_TRUNC open on read-only share (bsc#1012628). - drm/amd/display: Pass pwrseq inst for backlight and ABM (bsc#1012628). - bus: moxtet: Add spi device table (bsc#1012628). - bus: moxtet: Mark the irq as shared (bsc#1012628). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (bsc#1012628). - ALSA: hda: cs35l41: Support more HP models without _DSD (bsc#1012628). - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (bsc#1012628). - ALSA: hda/realtek: enable SND_PCI_QUIRK for Lenovo Legion Slim 7 Gen 8 (2023) serie (bsc#1012628). - ALSA: hda: Add driver properties for cs35l41 for Lenovo Legion Slim 7 Gen 8 serie (bsc#1012628). - ALSA: hda: cs35l41: Prevent firmware load if SPI speed too low (bsc#1012628). - ALSA: hda: cs35l41: Support additional Dell models without _DSD (bsc#1012628). - ALSA: hda/realtek: Add quirks for Dell models (bsc#1012628). - f2fs: explicitly null-terminate the xattr list (bsc#1012628). - commit b2e8ed6 - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (fix build and make it faster). - Delete patches.rpmify/Revert-minmax-allow-comparisons-of-int-against-unsig.patch. - Delete patches.rpmify/Revert-minmax-allow-min-max-clamp-if-the-arguments-h.patch. - Delete patches.rpmify/Revert-minmax-fix-indentation-of-__cmp_once-and-__cl.patch. - Delete patches.rpmify/Revert-minmax-relax-check-to-allow-comparison-betwee.patch. Replace the reverts by an upstream workaround. - commit 9bff21f - mm: huge_memory: don't force huge page alignment on 32 bit (bsc#1218841). - Delete patches.suse/Revert-mm-align-larger-anonymous-mappings-on-THP-bou.patch. Replace the revert by an upstream fix. - commit d54abef - Update patches.suse/futex-Avoid-reusing-outdated-pi_state.patch (bsc#1218801). Update to v2. - commit eeba83a - Revert "mm: align larger anonymous mappings on THP boundaries" (bsc#1218841). - commit 69537e9 - futex: Avoid reusing outdated pi_state (bsc#1218841). - commit 9859079 ==== libeconf ==== Version update (0.6.0 -> 0.6.1) - Update to version 0.6.1: * reading lines which have a length greater than BUFSIZE (#195) * Improved data quote check in read_file (#193) ==== libguestfs ==== Subpackages: libguestfs-appliance libguestfs-xfs libguestfs0 - Copy sorted packagelist to packages during supermin appliance setup. (bsc#1215586) libguestfs.spec ==== libidn ==== Version update (1.41 -> 1.42) - update to 1.42: * build system tweaks * Updated translations and gnulib * fixes for other platforms ==== libmspack ==== - The following bugs and CVEs are not affecting TW: * CVE-2018-18584 * CVE-2018-18585 * CVE-2018-18586 * CVE-2019-1010305 * bsc#1113038 * bsc#1113039 * bsc#1113040 * bsc#1130489 * bsc#1141680 ==== libnvme ==== Version update (1.6+5.g68c6ffb -> 1.7.1+0.g13ba383) Subpackages: libnvme-mi1 libnvme1 - Update to version 1.7.1+0.g13ba383: * tree: do no free ns on error in nvme_ns_init - Update to version 1.7+0.gf38b1d7: * tree: do not open blk device on default * tree: read all attributes from sysfs when available * ioctl: set data length when retrieving LBA status * types: fix regression for vendor-specific field in nvme_id_ns * util: use cleanup functions * linux: use cleanup functions * json: use cleanup functions * fabrics: use cleanup functions * tree: use cleanup functions * cleanup: add cleanup functions * tree: fix incorrect return value * tree: Fix clearing application strings * libnvme: reshuffle nvme_generate_tls_key_identity() * libnvme: fixup error codes * libnvme: Implement 'nvme_generate_tls_key_identity()' * libnvme: support NVMe TLS identities version 1 * libnvme: Add base64 functions * libnvme: separate out 'gen_tls_identity' and reshuffle 'derive_nvme_keys' * libnvme: separate out a function 'select_hmac' * libnvme: fix a memory leak when calling read_ssns() * libnvme: fix a memory leak in read_discovery() * fabrics: avoid redundant args in nvme_discovery_log() * fabrics: have nvmf_get_discovery_log() call nvmf_get_discovery_wargs() * fabrics: fetch smaller Discovery Log Page header * fabrics: avoid redundant Get Log Page on retry * fabrics: clear RAE for discovery log page commands * json-schema: add keyring and tls_key details * types: add Host Behavior Support field definitions * mi: Cast values to u32 if shift overflows int * types: Cast values to u32 if shift overflows int * test: Avoid unaligned pointer dereferences * nbft: Avoid unaligned pointer dereferences * types: add cross-namespace copy formats, status codes, ONCS bits * nvme: Add length field to Hkdf-Expand-Label computation * ioctl: use lsp arg in nvme_get_log_boot_partition * fabrics: use SECTYPE to determine whether to use TLS * fabrics: Allocate aligned payloads for id_ctrl and discovery log calls * linux: Allocate aligned payloads for id_ctrl and id_ns calls * ioctl: MSB variable-size storage/reference tags ==== libp11 ==== - Add support for OpenSSL 3.x: Add libp11-configure-treat-all-openssl-3.x-releases-the-same.patch ==== libplacebo ==== Version update (6.338.1 -> 6.338.2) - Update libplacebo to version 6.338.2. See details in: https://code.videolan.org/videolan/libplacebo/-/tags/v6.338.2 ==== libstorage-ng ==== Version update (4.5.174 -> 4.5.175) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Indonesian) (bsc#1149754) - 4.5.175 ==== libvirt ==== Version update (9.10.0 -> 10.0.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Add temporary build fix for ppc64le bsc#1218823 - Update to libvirt 10.0.0 - jsc#PED-3226, jsc#PED-3279, jsc#PED-4931, jsc#PED-5432, jsc#PED-6851 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v10-0-0-2024-01-15 ==== ncurses ==== Version update (6.4.20240113 -> 6.4.20240120) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20240120 + improve formatting/style of manpages (patches by Branden Robinson). + amend discussion of aliases in tput.1 + use ansi+sgrbold, ansi+sgrdim, ansi+sgrso, ansi+sgrul, ansi+tabs ecma+color, ecma+sgr, vt100+4bsd, vt100+pfkeys, vt220+pcedit xterm+256color, xterm+acs, xterm+nopcfkeys, xterm+pcf2 to trim -TD + modify configure scripts/makefiles to omit KEY_RESIZE if the corresponding SIGWINCH feature is disabled. ==== nvidia-open-driver-G06-signed ==== Version update (545.29.06_k6.6.11_1 -> 545.29.06_k6.7.1_1) - kernel-6.7.patch * fixes build against kernel 6.7 (boo#1219117) ==== nvme-cli ==== Version update (2.6 -> 2.7.1) Subpackages: nvme-cli-bash-completion - Update to version 2.7.1: * nvme-print-json: Revert field name changes (bsc#1218306) - Update to version 2.7: * nvme-print-json: include vs for identify namespace * nvme-print-stdout: enhance connect message * fabrics: fix connect error if hostid file does not exist * fabrics: fix invalid output format error during nvme connect * wdc: Fix vs-smart-add-log Command for SN650 and SN655 * nvme: restric hmac options for gen-tls-key * wdc: Fix UUID index fallback mechanism * plugins/ocp: Add OCP Telemetry String log page, Telemetry log page * completions: Add bash completions for telemetry string log page * plugins/solidigm: Added OCP 2.0 compatibility version command * plugins/solidigm: Added OCP 2.0 vs-drive-info command. * plugins/ocp: Fix printing order of various Latency Monitor Log buckets * nvme: validate output format split status from flag return value * nvme: simplify cleanup_nvme_dev() * cleanup: remove unused cleanup_charp() * wdc: Add support for SN861 2nd pci device id * nvme: replace libhugetlbfs with mmap and madvise * util/mem: move alloc helper to util section * nvme: auto cleanup filedescriptors * nvme: auto cleanup buffers * nvme: return error code in get_persistent_event_log * nvme: sanitize nvme-gen-tls-key * nvme: print out the resulting TLS identity for 'nvme check-tls-key' * nvme: Add version '1' identifier for nvme-gen-tls-key * subprojects/libnvme: update wrapper for TP8018 * plugins/solidigm: Added re_sku_count smart atrribute * doc: Fix nvme-connect manpage --application option string * plugins/ocp: changed command clear-pcie-correctable-error-counters to match OCP 2.0 spec. * plugins/solidigm: Added command to clear PCIe Correctable Error Counters according to OCP 2.0 * plugins/ocp: Reorganized clear feature code for better reuse * nvme: fixup length calculation for 'nvme gen-tls-key --secret' * doc: remove invalid hostkey info for --dhchap-secret * nvme-print-json: use human helper everywhere * nvme-print-json: remove obj_print helper * plugins/ocp: update nvme_show_select_result call * mailmap: only show contributer's name * nvme-print-json: Change to report status and message in array * nvme-print-json: Change to report feature select in array * nvme-print-json: Change to report error and data in array * nvme-print-json: Add show_init/finish calls to report features in array * nvme-print: Add nvme_show_error_status() to merge error message and status * nvme-print-json: Use r instead of root and use obj_add_***(r, ..., ...) * nvme-print-json: Delete static const char string global variables * nvme-print-json: Add remaining controller registers readable format * nvme-print-json: Add readable format cap, vs, cc, csts, nssr and crto registers * nvme-print-json: Combine duplicated json key and val string variables * nvme-print-json: Replase json_array_add_value_string() to array_add_str() * nvme-print-json: Replase json_object_add_value_uint128() to obj/root_add_uint128() * nvme-print-json: Replase json_object_add_value_object() to obj/root_add_obj() * nvme-print-json: Replase json_array_add_value_object() to array_add_obj() * nvme-print-json: Replase json_object_add_value_array() to obj/root_add_array() * nvme-print-json: Replase json_object_add_value_uint() to obj/root_add_uint() * nvme-print-json: Replase json_object_add_value_int() to obj/root_add_int() * nvme-print-json: Replase json_object_add_value_uint64() to obj/root_add_uint64() * nvme-print-json: Replase json_object_add_value_string() to obj/root_add_str() * nvme-print-json: Update feature_show_fields_*** to use root/obj_add_***() * nvme-print-json: Update lba_status_log to use root_add_***() and obj_add_***() * nvme-print-json: Replace lba_status_log printf() to root_add_result() * nvme-print-json: Add list_item print function * nvme-print-json: Add lba_status_info print function * nvme-print-json: Add lba_range print function * nvme-print-json: Add id_ctrl_rpmbs print function * nvme-print-json: Unify json_list and jroot object names to root * nvme-print-json: Add json_zns_changed print function * nvme-print-json: Add root_add_result() to output result message * nvme-print-json: Split persistent_event_log print function * nvme-print-json: Remove unnecessary string newline code * nvme-print-json: Replace effects_log_list print to use json_print() * nvme-print-json: Print persistent_event_log no log data result correctly * nvme-print-json: Add static "result" and "erorr" strings variables * nvme-print-json: Add single_property printf function * nvme: Replace get feature command stderr output to nvme_show_error() * nvme-print-json: Change d() output to use d_json() * nvme: Fix get-feature command mixed stdout and json outputs * nvme-print-json: Add remaining feature fields print functions * nvme-print-json: Update formatting and codying style * build: Add -std=c99 to CFLAGS for muon on CentOS 7 * fabrics: add udev rule to avoid renaming nbft interfaces * fabrics: autoconnect: add service unit for connecting NBFT subsystems * fabrics: autoconnect: explicitly express module dependency * Updates to codeql config * libnvme-wrap: exit on VOID_FN lookup failure * plugins/ocp:Added the ocp C6h feature api * plugin/ocp_fid_c6h:Added the ocp C6h feature api * nvme-copy: support cross-namespace copy * nvme/plugins: fix mismatch operator * nvme: fix overflow possiblity * nvme: reduce identify cmd issue * nvme: allow set-features to take input from stdin * Fix common misspellings from codespell project * nvme-print: Correct to print correct ascii character string length * print-stdout: print Host Behavior Support correctly * build: Bump libnvme wrap * plugins/solidigm: Added support for temperature statistics log page * Add support for codeql sweeps * doc: Add virt-mgmt command ... changelog too long, skipping 44 lines ... * update NetApp udev rule file name ==== pam ==== Version update (1.5.3 -> 1.6.0) - Add post 1.6.0 release fixes for pam_env and pam_unix: - pam_env-fix-enable-vendordir-fallback.patch - pam_env-fix_vendordir.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch - Update to version 1.6.0 - Added support of configuration files with arbitrarily long lines. - build: fixed build outside of the source tree. - libpam: added use of getrandom(2) as a source of randomness if available. - libpam: fixed calculation of fail delay with very long delays. - libpam: fixed potential infinite recursion with includes. - libpam: implemented string to number conversions validation when parsing controls in configuration. - pam_access: added quiet_log option. - pam_access: fixed truncation of very long group names. - pam_canonicalize_user: new module to canonicalize user name. - pam_echo: fixed file handling to prevent overflows and short reads. - pam_env: added support of '\' character in environment variable values. - pam_exec: allowed expose_authtok for password PAM_TYPE. - pam_exec: fixed stack overflow with binary output of programs. - pam_faildelay: implemented parameter ranges validation. - pam_listfile: changed to treat \r and \n exactly the same in configuration. - pam_mkhomedir: hardened directory creation against timing attacks. - Please note that using *at functions leads to more open file handles during creation. - pam_namespace: fixed potential local DoS (CVE-2024-22365). - pam_nologin: fixed file handling to prevent short reads. - pam_pwhistory: helper binary is now built only if SELinux support is enabled. - pam_pwhistory: implemented reliable usernames handling when remembering passwords. - pam_shells: changed to allow shell entries with absolute paths only. - pam_succeed_if: fixed treating empty strings as numerical value 0. - pam_unix: added support of disabled password aging. - pam_unix: synchronized password aging with shadow. - pam_unix: implemented string to number conversions validation. - pam_unix: fixed truncation of very long user names. - pam_unix: corrected rounds retrieval for configured encryption method. - pam_unix: implemented reliable usernames handling when remembering passwords. - pam_unix: changed to always run the helper to obtain shadow password entries. - pam_unix: unix_update helper binary is now built only if SELinux support is enabled. - pam_unix: added audit support to unix_update helper. - pam_userdb: added gdbm support. - Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. - The following patches are obsolete with the update: - pam_access-doc-IPv6-link-local.patch - pam_access-hostname-debug.patch - pam_shells-fix-econf-memory-leak.patch - pam_shells-fix-econf-memory-leak.patch - disable-examples.patch - pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS is no longer used. ==== pam-full-src ==== Version update (1.5.3 -> 1.6.0) - Add post 1.6.0 release fixes for pam_env and pam_unix: - pam_env-fix-enable-vendordir-fallback.patch - pam_env-fix_vendordir.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch - Update to version 1.6.0 - Added support of configuration files with arbitrarily long lines. - build: fixed build outside of the source tree. - libpam: added use of getrandom(2) as a source of randomness if available. - libpam: fixed calculation of fail delay with very long delays. - libpam: fixed potential infinite recursion with includes. - libpam: implemented string to number conversions validation when parsing controls in configuration. - pam_access: added quiet_log option. - pam_access: fixed truncation of very long group names. - pam_canonicalize_user: new module to canonicalize user name. - pam_echo: fixed file handling to prevent overflows and short reads. - pam_env: added support of '\' character in environment variable values. - pam_exec: allowed expose_authtok for password PAM_TYPE. - pam_exec: fixed stack overflow with binary output of programs. - pam_faildelay: implemented parameter ranges validation. - pam_listfile: changed to treat \r and \n exactly the same in configuration. - pam_mkhomedir: hardened directory creation against timing attacks. - Please note that using *at functions leads to more open file handles during creation. - pam_namespace: fixed potential local DoS (CVE-2024-22365). - pam_nologin: fixed file handling to prevent short reads. - pam_pwhistory: helper binary is now built only if SELinux support is enabled. - pam_pwhistory: implemented reliable usernames handling when remembering passwords. - pam_shells: changed to allow shell entries with absolute paths only. - pam_succeed_if: fixed treating empty strings as numerical value 0. - pam_unix: added support of disabled password aging. - pam_unix: synchronized password aging with shadow. - pam_unix: implemented string to number conversions validation. - pam_unix: fixed truncation of very long user names. - pam_unix: corrected rounds retrieval for configured encryption method. - pam_unix: implemented reliable usernames handling when remembering passwords. - pam_unix: changed to always run the helper to obtain shadow password entries. - pam_unix: unix_update helper binary is now built only if SELinux support is enabled. - pam_unix: added audit support to unix_update helper. - pam_userdb: added gdbm support. - Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. - The following patches are obsolete with the update: - pam_access-doc-IPv6-link-local.patch - pam_access-hostname-debug.patch - pam_shells-fix-econf-memory-leak.patch - pam_shells-fix-econf-memory-leak.patch - disable-examples.patch - pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS is no longer used. ==== php8 ==== Version update (8.2.14 -> 8.2.15) Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.2.15 * This is a bug fix release. - modified patches % php-ar-flags.patch (refreshed) % php-build-reproducible-phar.patch (refreshed) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patches from upstream to fix building the package in Factory with libcamera 0.2.0: * 0001-spa-libcamera-use-CameraConfigurationorientation.patch * 0002-spa-libcamera-bump-minimum-supported-version-to-0.2.0.patch ==== ppp ==== - Backport ppp-pidfiles.patch and ppp-mkdir-run.patch from the upcoming 2.5.1 release and make sure that pppd's pid, resolv and database files are created under /run/ppp (bsc#1218370). - Reflect the rp-pppoe -> pppoe name change also in pppoe-peers. ==== python-Pillow ==== Version update (10.1.0 -> 10.2.0) - Update to 10.2.0: * Add ``keep_rgb`` option when saving JPEG to prevent conversion of RGB colorspace * Trim glyph size in ImageFont.getmask() * Deprecate IptcImagePlugin helpers * Allow uncompressed TIFF images to be saved in chunks * Concatenate multiple JPEG EXIF markers * Changed IPTC tile tuple to match other plugins * Do not assign new fp attribute when exiting context manager * Support arbitrary masks for uncompressed RGB DDS images * Support setting ROWSPERSTRIP tag * Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() * Optimise ``ImageColor`` using ``functools.lru_cache`` * Restricted environment keys for ImageMath.eval() (CVE-2023-50447, bsc#1219048) * Optimise ``ImageMode.getmode`` using ``functools.lru_cache`` * Fix incorrect color blending for overlapping glyphs * Attempt memory mapping when tile args is a string * Fill identical pixels with transparency in subsequent frames when saving GIF * Corrected duration when combining multiple GIF frames into single frame * Handle disposing GIF background from outside palette * Seek past the data when skipping a PSD layer * Import plugins relative to the module * Translate encoder error codes to strings; deprecate ``ImageFile.raise_oserror()`` * Support reading BC4U and DX10 BC1 images * Optimize ImageStat.Stat.extrema * Handle pathlib.Path in FreeTypeFont * Added support for reading DX10 BC4 DDS images * Optimized ImageStat.Stat.count * Correct PDF palette size when saving * Fixed closing file pointer with olefile 0.47 * Raise ValueError when TrueType font size is not greater than zero * If absent, do not try to close fp when closing image * Allow configuring JPEG restart marker interval on save * Decrement reference count for PyObject * Implement ``streamtype=1`` option for tables-only JPEG encoding * If save_all PNG only has one frame, do not create animated image * Fixed frombytes() for images with a zero dimension - Switch to autosetup and pyproject macros. ==== python-SQLAlchemy ==== Version update (2.0.24 -> 2.0.25) - update to 2.0.25: * preliminary support for Python 3.12 pep-695 type alias structures * see https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.25 ==== python-Twisted ==== Subpackages: python311-Twisted python311-Twisted-tls - Add twisted-pr12054-testinvokationpy3.12.1.patch * Pull request gh#twisted/twisted#12054 fixes failing tests on python312 gh#twisted/twisted#12052 - Fix rpmlint errors ==== python-anyio ==== Version update (3.7.1 -> 4.2.0) - update to 4.2.0: * Add support for byte-based paths in connect_unix, create_unix_listeners, create_unix_datagram_socket, and create_connected_unix_datagram_socket. (PR by Lura Skye) * Enabled the Event and CapacityLimiter classes to be instantiated outside an event loop thread * Broadly improved/fixed the type annotations. Among other things, many functions and methods that take variadic positional arguments now make use of PEP 646 TypeVarTuple to allow the positional arguments to be validated by static type checkers. These changes affected numerous methods and functions, including: * anyio.run() * TaskGroup.start_soon() * anyio.from_thread.run() * anyio.from_thread.run_sync() * anyio.to_thread.run_sync() * anyio.to_process.run_sync() * BlockingPortal.call() * BlockingPortal.start_task_soon() * BlockingPortal.start_task() (also resolves #560) * Fixed various type annotations of anyio.Path to match Typeshed: * anyio.Path.__lt__() * anyio.Path.__le__() * anyio.Path.__gt__() * anyio.Path.__ge__() * anyio.Path.__truediv__() * anyio.Path.__rtruediv__() * anyio.Path.hardlink_to() * anyio.Path.samefile() * anyio.Path.symlink_to() * anyio.Path.with_segments() (PR by Ganden Schaffner) * Fixed adjusting the total number of tokens in a CapacityLimiter on asyncio failing to wake up tasks waiting to acquire the limiter in certain edge cases (fixed with help from Egor Blagov) * Fixed loop_factory and use_uvloop options not being used on the asyncio backend * Fixed cancellation propagating on asyncio from a task group to child tasks if the task hosting the task group is in a shielded cancel scope - update to 4.1.0: * Adapted to API changes made in Trio v0.23 * Removed a checkpoint when exiting a task group * Renamed the ``cancellable`` argument in ``anyio.to_thread.run_sync()`` to * ``abandon_on_cancel`` (and deprecated the old parameter name) * Added support for voluntary thread cancellation via * ``anyio.from_thread.check_cancelled()`` * Bumped minimum version of trio to v0.23 * Exposed the ``ResourceGuard`` class in the public API * Fixed ``RuntimeError: Runner is closed`` when running higher- scoped async generator fixtures in some cases * Fixed discrepancy between ``asyncio`` and ``trio`` where reraising a cancellation exception in an ``except*`` block would incorrectly bubble out of its cancel scope * Any exceptions raising out of a task groups are now nested inside an ``ExceptionGroup`` (or ``BaseExceptionGroup`` if one or more ``BaseException`` were included) * Fixed task group not raising a cancellation exception on asyncio at exit if no child tasks were spawned and an outer cancellation scope had been cancelled before * Ensured that exiting a ``TaskGroup`` always hits a yield point, regardless of whether there are running child tasks to be waited on * On asyncio, cancel scopes will defer cancelling tasks that are scheduled to resume with a finished future * On asyncio and Python 3.9/3.10, cancel scopes now only suppress cancellation exceptions if the cancel message matches the scope * Task groups on all backends now raise a single cancellation exception when an outer cancel scope is cancelled, and no exceptions other than cancellation exceptions are raised in the group * **BACKWARDS INCOMPATIBLE** Changes the pytest plugin to run all tests and fixtures in the same task, allowing fixtures to set context variables for tests and other fixtures ``anyio.Path.relative_to()`` and * ``anyio.Path.is_relative_to()`` to only accept one argument, as passing multiple arguments is deprecated as of Python 3.12 * **BACKWARDS INCOMPATIBLE** Dropped support for spawning tasks from old-style coroutine functions (``(a)asyncio.coroutine``) * **BACKWARDS INCOMPATIBLE** The ``policy`` option on the ``asyncio`` backend was changed to ``loop_factory`` to accommodate ``asyncio.Runner`` * Dropped support for Python 3.7 * Added support for Python 3.12 * Fixed ``from_thread.run`` failing when used to call sniffio- dependent functions on asyncio from a thread running trio or curio * Fixed deadlock when using ``from_thread.start_blocking_portal(backend="asyncio")`` * in a thread running trio or curio (PR by Ganden Schaffner) * Improved type annotations: * The ``item_type`` argument of ``create_memory_object_stream`` was deprecated. * To indicate the item type handled by the stream, use * ``create_memory_object_stream[T_Item]()`` instead. Type checking should no longer fail when annotating memory object - drop tests-test_fileio.py-don-t-follow-symlinks-in-dev.patch (upstream) ==== python-authheaders ==== Version update (0.16.0 -> 0.16.1) - update to 0.16.1: * Clean up unnecessary escaping of semi-colons in test data and adjust related code to resolve SyntaxWarning with Python 3.12 (#29) * Set python_requires >3.7 and clean up cruft in setup.py * Use importlib.resources instead of importlib_resources - switch to PEP517 build ==== python-falcon ==== Subpackages: python-falcon-doc python311-falcon - remove unneeded build dependency python-ujson ==== python-gevent ==== - Clean obsolete old python and old distribution directives * Only 15.5+ with the sle15 python module and Tumbleweed have the required Python 3.8+ * Drop fix-no-return-in-nonvoid-function.patch - Update test suite execution * Use -u-network flag to disable network tests * Add gevent-opensuse-nocolor-tests.patch -- Avoid colorization of test output in obs runners * Add gevent-fix-unittest-returncode-py312-c1.patch and gevent-fix-unittest-returncode-py312-c2.patch gh#gevent/gevent#2012 ==== python-libvirt-python ==== Version update (9.10.0 -> 10.0.0) - Update to 10.0.0 - Add all new APIs and constants in libvirt 10.0.0 - jsc#PED-3226, jsc#PED-3279, jsc#PED-4931, jsc#PED-5432, jsc#PED-6851 ==== python-service_identity ==== Version update (23.1.0 -> 24.1.0) - update to 24.1.0: * If a certificate doesn't contain any `subjectAltName`s, we now raise `service_identity.CertificateError` instead of `service_identity.VerificationError` to make the problem easier to debug. ==== python-trio ==== Version update (0.22.0 -> 0.23.2) - We don't need isort for the tests: Avoid it for Ring1 - Clean dependencies - update to 0.23.2: * TypeVarTuple is now used to fully type :meth:`nursery.start_soon() <trio.Nursery.start_soon>`, :func:`trio.run()`, :func:`trio.to_thread.run_sync()`, and other similar functions accepting (func, *args). This means type checkers will be able to verify types are used correctly. :meth:`nursery.start() <trio.Nursery.start>` is not fully typed yet however. (#2881) * Make pyright recognize :func:`open_memory_channel` as generic. (#2873) backlink Unknown interpreted text role "func". * Make pyright recognize :func:`open_memory_channel` as generic. * Unknown interpreted text role "func". * Moved the metadata into PEP 621-compliant :file:`pyproject.toml`. (#2860) - update to 0.23.1: * Don't crash on import in Anaconda interpreters. * Add type hints. * When exiting a nursery block, the parent task always waits for child tasks to exit. This wait cannot be cancelled. However, previously, if you tried to cancel it, it *would* inject a `Cancelled` exception, even though it wasn't cancelled. Most users probably never noticed either way, but injecting a `Cancelled` here is not really useful, and in some rare cases caused confusion or problems, so Trio no longer does that. * If called from a thread spawned by `trio.to_thread.run_sync`, `trio.from_thread.run` and `trio.from_thread.run_sync` now reuse the task and cancellation status of the host task; * this means that context variables and cancel scopes naturally propagate 'through' threads spawned by Trio. You can also use `trio.from_thread.check_cancelled` to efficiently check for cancellation without reentering the Trio thread. * :func:`trio.lowlevel.start_guest_run` now does a bit more setup of the guest run before it returns to its caller, so that the caller can immediately make calls to :func:`trio.current_time`, :func:`trio.lowlevel.spawn_system_task`, :func:`trio.lowlevel.current_trio_token`, etc. * When a starting function raises before calling :func:`trio.TaskStatus.started`, :func:`trio.Nursery.start` will no longer wrap the exception in an undocumented :exc:`ExceptionGroup`. * To better reflect the underlying thread handling semantics, the keyword argument for `trio.to_thread.run_sync` that was previously called ``cancellable`` is now named ``abandon_on_cancel``. * The old ``cancellable`` name is now deprecated. - Update to 0.22.2: * Fix PermissionError when importing trio due to trying to access pthread. * Breaking change: Timeout functions now raise ValueError if passed math.nan. This includes trio.sleep, trio.sleep_until, trio.move_on_at, trio.move_on_after, trio.fail_at and trio.fail_after. * Added support for naming threads created with trio.to_thread.run_sync, requires pthreads so is only available on POSIX platforms with glibc installed. * trio.socket.socket now prints the address it tried to connect to upon failure. * Fixed a crash that can occur when running Trio within an embedded Python interpreter, by handling the TypeError that is raised when trying to (re-)install a C signal handler. * Fix sniffio.current_async_library() when Trio tasks are spawned from a non-Trio context (such as when using trio-asyncio). Previously, a regular Trio task would inherit the non-Trio library name, and spawning a system task would cause the non-Trio caller to start thinking it was Trio. * Documented that Nursery.start_soon does not guarantee task ordering. ==== qca-qt5 ==== Version update (2.3.7+git12 -> 2.3.8+git1) Subpackages: libqca-qt5-2 qca-qt5-plugins - Update to version 2.3.8+git1: * CI: Enable Android builds - There's a v2.3.8 tag now so the version matches properly again ==== qpdf ==== Version update (11.7.0 -> 11.8.0) - Temporary workaround for test fuzz-16214 (bsc#1218902) * Add openssl3_2-fuzz-16214.patch - Update to 11.8.0: * Bug fixes: - When flattening annotations, preserve hyperlinks and other annotations that inherently have no appearance information. * CLI Enhancements - Introduce x in the numeric range syntax to allow exclusion of pages within a page range. See Page Ranges for details. - Support comma-separated numeric values with --collate to select different numbers of pages from different groups. - Add --set-page-labels option to completely override page labels in the output. * Library Enhancements - Add API to support --set-page-labels: - QPDFJob::Config::setPageLabels - pdf_page_label_e enumerated type - QPDFPageLabelDocumentHelper::pageLabelDict - Improve file recovery logic to better handle files with cross-reference streams. This should enable qpdf to recover some files that it would previously have reported âunable to find trailer dictionary.â ==== rdma-core ==== Version update (49.0 -> 49.1) Subpackages: libefa1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - Update to v49.1 (jsc#PED-6891, jsc#PED-6864, jsc#PED-6839, jsc#PED-6836, jsc#PED-6828, jsc#PED-6824, jsc#PED-6958, jsc#PED-6943, jsc#PED-6933, jsc#PED-6916) - No release notes available. ==== rpm-config-SUSE ==== Version update (20230712 -> 20240118) - Update to version 20240118: * find-provides.ksyms: Fix ksym provides on Tumbleweed/ALP - Update to version 20240115: * macros.initrd: %regenerate_initrd_post: don't fail if mkdir is unavailable * scripts: Do full ksyms dependencies on Tumbleweed (bsc#1215015) ==== rsyslog ==== - suppress installation errors when systemd is not running (bsc#1218799) ==== sdbootutil ==== Version update (1+git20231221.42797ab -> 1+git20240122.c0d8f76) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240122.c0d8f76: * Integrate with kernel-install * Rework kernel listing a bit * Add checks to list-entries * List entries for current system only by default * Fall back to loader.conf if setting efivar failed * Runtime determine kernel image name * Add list-snapshots * Add list-entries command - Update to version 1+git20240118.7e744b4: * Bind mount /etc inside the snapshot ==== shaderc ==== Version update (2023.7 -> 2023.8) - Update to release 2023.8 * API: Expose rlaxed Vulkan rules from glslang ==== sssd ==== Version update (2.9.3 -> 2.9.4) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.9.4 * Fixes a crash when PAM passkey processing incorrectly handles non-passkey data. * Fixed group membership handling when members are coming from different forest domains and using ldap token groups is prohibited. * Files provider was erroneously taking into consideration ``local_auth_policy`` config option, thus breaking smartcard authentication of local user in setups that did not explicitly specify this option. This is now fixed. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-coredump udev - Add patches that implement [jsc#PED-5659] 5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch 5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch 5005-bus-print-properties-prettify-more-unset-properties.patch 5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch 5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch 5008-test-Add-effective-cgroup-limits-testing.patch 5009-cgroup-Restrict-effective-limits-with-global-resourc.patch 5010-cgroup-Rename-effective-limits-internal-table.patch They are temporarily put in quarantine to get broader testing but should be eventually moved to the git repo. - remove pam-config call from post scriptlet of systemd-32bit * the full package already does that ==== tevent ==== Version update (0.15.0 -> 0.16.0) Subpackages: libtevent0 python3-tevent - Update to version 0.16.0 * the epoll backend is no longer limited to 2 event handlers per low level fd. * finally add support for TEVENT_FD_ERROR ==== tpm2-0-tss ==== Subpackages: libtss2-esys0 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tcti-device0 libtss2-tctildr0 - Fix tmpfiles %ghost file names - Move tmpfiles config to different package: * tmpfiles_create was being called with bad input (version ?) * it avoids breaking SLPP for libtss2-fapi1 (hence the prior warning in spec) - tss sysusers requires should be pre not post ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Minor multibuild fixes (PED-307): * Restore /bin symlinks in util-linux-systemd if building with ul_extra_bin_sbin. * Restore compatibility supplements and split-provides. * Update safety check instructions. ==== util-linux-systemd ==== - Minor multibuild fixes (PED-307): * Restore /bin symlinks in util-linux-systemd if building with ul_extra_bin_sbin. * Restore compatibility supplements and split-provides. * Update safety check instructions. ==== virt-manager ==== Subpackages: virt-install virt-manager-common - bsc#1218983 - [SLE15SP6] virt-manager:test testCLI0264virt_xml fails with libvirt 10.0.0. Disable this test for now. virt-manager.spec ==== vulkan-loader ==== Version update (1.3.268.0 -> 1.3.275.0) - Update to release SDK-1.3.275.0 * Instance extensions unsupported by physical devices now return ERROR_EXTENSION_NOT_PRESENT * Unload drivers which report 0 physical devices ==== vulkan-tools ==== Version update (1.3.268.0 -> 1.3.275.0) - Update to release SDK-1.3.275.0 * icd: Add vkGetMemoryFdKHR support * icd: Add vkGetMemoryHostPointerPropertiesEXT support * vulkaninfo: Autogenerate Format list * icd: Add basic VkDisplayKHR support * icd: Add vkRegisterDisplayEventEXT * icd: Add video support ==== yast2-pkg-bindings ==== Version update (5.0.2 -> 5.0.4) - Fixed repository and service probing with libzypp 7.31.26 and newer, convert the type to string by pkg-bindings, not by libzypp which might change it (bsc#1218399) - 5.0.4 - Added new pkg calls for managing and resolving the solver conflicts. Added PkgSolveProblems(), PkgSetSolveSolutions() and PkgResetSolveSolutions() calls. (gh#openSUSE/agama#944) - Libzypp 17.31.26+ uses "N/A" for unknown repository types instead of "NONE", support both cases (bsc#1218859) - 5.0.3 ==== yast2-trans ==== Version update (84.87.20240112.f631673f01 -> 84.87.20240120.54f4b9f06a) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20240120.54f4b9f06a: * New POT for text domain 'sap-installation-wizard'. * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) ==== zbar ==== Version update (0.23.90 -> 0.23.93) - Update to 0.23.93: * Set a better dpi resolution when parsing PDF files * Fix memory recycle bug of empty symbols * Fix compilation with python 3.11 and 3.12 * CVE-2023-40889: Fix array out-of-bounds access * Stop ignoring non-binary entries that follow binary ones * Increase allocated buffer memory for symbols * barcodetest.py: fix error code print logic * convert: Crash fixing while using camera * Add some pod information for additional functions * perl skip more tests if DISPLAY not set and set prereqs in Makefile.PL * Fixes rt.cpan.org 122061 - test fails when DISPLAY not set * Update Barcode::ZBar * isaac: ensure proper order of parsing expression * Enforce x11 backend even on wayland * zbarimg: add the --polygon option * xml output: Add polygon containing code bar. * configure.ac: drop support for Qt4 and prepare for Qt6 support * win: fix compiling error in Visual studio * Enforce a coding style * configure.ac: fix some issues with gtk parameter * zbargtk: fix version check macros * zbar: Address some header issues * zbar, test: fix compilation issues with FreeBSD * zbar: Function stdcall declaration issue. * symbol: make it compatible with MSC * zbar: change the code to make it c90 standard compatible * test: fix decode test - Drop upstreamed patches: * zbar-CVE-2023-40889.patch * zbar-CVE-2023-40890.patch * py311.patch - Add patch to fix build see gh#mchehab/zbar#277: * zbar-configure.patch * zbar-pkgconfig.patch ==== zchunk ==== Version update (1.3.2 -> 1.4.0) - update to 1.4.0: * Rework hash code to support openSSL 3.x EVP API * memory leak fix * tests for invalid zchunk files * More statistics in zchunk_delta_info * avoid infinite loop under certain conditions * Add zck_get_chunk_ctx function to get context from chunk

1 0

Desktop in Raspberry Pi 3 B+
by Roger Oberholtzer 23 Jan '24

23 Jan '24

I have been trying the current Leap 15.5. aarch64 appliance on a Raspberry Pi 3 B+. Most things are working. But I have a problem with the GUI login / desktop. I started with the KDE variant. ssdm would not start. I saw that it complained that there was not enough memory for some texture, and it exited. So I switches to xddm. That would start. But when KDE should start, I get a functioning mouse cursor, but nothing else, Just a black background. With a mouse. I then tried xfce. Then the login part went fine with no changes. But the desktop was still a problem like with KDE. Except the screen background was white. I see that some processes related to the desktop are running. I don't know xfce well enough to know if some critical thing is not running. When installing Raspbian on the device, the desktop works. But perhaps its lxde that uses far less resources? Should I expect that all these desktops start on a Pi 3 B+? I now that there might be performance issues. But should they at least start. And int he case of KDE/sddm, should the login at least function? I'm confused where to look next. -- Roger Oberholtzer

3 8

New Arm Tumbleweed snapshot 20240118 released!
by Guillaume Gardet 19 Jan '24

19 Jan '24

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (121.0 -> 121.0.1) PackageKit baobab bash (5.2.21 -> 5.2.26) dconf-editor desktop-file-utils elfutils (0.189 -> 0.190) elfutils-debuginfod (0.189 -> 0.190) eog evince ffmpeg-6 (6.0.1 -> 6.1.1) fwupd gnome-logs gnome-music gnutls (3.8.2 -> 3.8.3) grub2 gtksourceview iputils (20231222 -> 20240117) libcroco libgsf libjpeg-turbo libjxl-gtk (0.8.2 -> 0.9.0) libosinfo libstorage-ng (4.5.173 -> 4.5.174) libxkbcommon live555 (2023.05.10 -> 2023.11.30) llvm17 mosh ncurses (6.4.20240106 -> 6.4.20240113) nvidia-open-driver-G06-signed orca (45.1 -> 45.2) plocate (1.1.19 -> 1.1.22) polari python-flufl.i18n python-lxml (4.9.4 -> 5.1.0) python-numpy python-redis python-zope.component rdesktop readline (8.2 -> 8.2.10) selinux-policy (20240104 -> 20240116) shadow (4.14.2 -> 4.14.3) sushi telepathy-logger upower xfce4-whiskermenu-plugin (2.8.2 -> 2.8.3) xorg-x11-server (21.1.9 -> 21.1.11) xwayland (23.2.2 -> 23.2.4) === Details === ==== MozillaFirefox ==== Version update (121.0 -> 121.0.1) - Mozilla Firefox 121.0.1 * Fixed unexpected line wrapping in some CJK contexts caused by changes in ideographic space handling. bmo#1870973) * Fixed a hang when loading sites containing column-based layouts under some circumstances. bmo#1867784) * Fixed missing rounded corners for videos playing over another video. bmo#1869994) * Fixed Firefox not closing properly and other applications being unable to use a USB security key after being previously used during a Firefox session. bmo#1863135) ==== PackageKit ==== Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Add PackageKit-find-python-3-6.patch: Specify the Python version we need to build this package. ==== baobab ==== - Convert to source service for easier updating. ==== bash ==== Version update (5.2.21 -> 5.2.26) Subpackages: bash-doc bash-sh - Add upstream patches * bash52-022 It's possible for readline to try to zero out a line that's not null-terminated, leading to a memory fault. * bash52-023 Running `local -' multiple times in a shell function would overwrite the original saved set of options. * bash52-024 Fix bug where associative array compound assignment would not expand tildes in values. * bash52-025 Make sure a subshell checks for and handles any terminating signals before exiting (which might have arrived after the command completed) so the parent and any EXIT trap will see the correct value for $?. ==== dconf-editor ==== - Convert to source service for easier updating. ==== desktop-file-utils ==== - support non-SUSE distributions ==== elfutils ==== Version update (0.189 -> 0.190) Subpackages: libasm1 libdw1 libelf1 - Update to version 0.190: * libelf: Add RELR support. * libdw: Recognize .debug_[ct]u_index sections * readelf: - Support readelf -Ds, --use-dynamic --symbol. - Support .gdb_index version 9 * scrlines: New tool that compiles a list of source files associated with a specified dwarf/elf file. * backends: Various LoongArch updates. ==== elfutils-debuginfod ==== Version update (0.189 -> 0.190) Subpackages: debuginfod-client debuginfod-profile libdebuginfod1 - Update to version 0.190 * Schema change (reindexing required, sorry!) for a 60% compression in filename representation, which was a large part of the sqlite index; also, more deliberate sqlite - wal management during scanning using the - -scan-checkpoint option. ==== eog ==== - Convert to source service for easier updating. - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== evince ==== Subpackages: evince-plugin-comicsdocument evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-tiffdocument evince-plugin-xpsdocument libevdocument3-4 libevview3-3 typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0 - Convert to source service for easier updating. ==== ffmpeg-6 ==== Version update (6.0.1 -> 6.1.1) Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7 - Update to version 6.1.1: * libaribcaption decoder * Playdate video decoder and demuxer * Extend VAAPI support for libva-win32 on Windows * afireqsrc audio source filter * arls filter * ffmpeg CLI new option: -readrate_initial_burst * zoneplate video source filter * command support in the setpts and asetpts filters * Vulkan decode hwaccel, supporting H264, HEVC and AV1 * color_vulkan filter * bwdif_vulkan filter * nlmeans_vulkan filter * RivaTuner video decoder * xfade_vulkan filter * vMix video decoder * Essential Video Coding parser, muxer and demuxer * Essential Video Coding frame merge bsf * bwdif_cuda filter * Microsoft RLE video encoder * Raw AC-4 muxer and demuxer * Raw VVC bitstream parser, muxer and demuxer * Bitstream filter for editing metadata in VVC streams * Bitstream filter for converting VVC from MP4 to Annex B * scale_vt filter for videotoolbox * transpose_vt filter for videotoolbox * support for the P_SKIP hinting to speed up libx264 encoding * Support HEVC,VP9,AV1 codec in enhanced flv format * apsnr and asisdr audio filters * OSQ demuxer and decoder * Support HEVC,VP9,AV1 codec fourcclist in enhanced rtmp protocol * CRI USM demuxer * ffmpeg CLI '-top' option deprecated in favor of the setfield filter * VAAPI AV1 encoder * ffprobe XML output schema changed to account for multiple variable-fields elements within the same parent element * ffprobe -output_format option added as an alias of -of - Remove patch6 0001-avfilter-vf_libplacebo-remove-deprecated-field.diff - Prefer libvpl to libmfx: the latter is deprecated - Delete ffmpeg-6-private-devel package as it is only needed to build libav-tools ==== fwupd ==== Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Fix build failure on s390x and ppc64le + This release modifies spec file - add s390x and ppc64le into default 'with efi_fw_update' so that old dbxtool version can be obsoleted. ==== gnome-logs ==== - Convert to source service for easier updating. ==== gnome-music ==== - Convert to source service for easier updating. ==== gnutls ==== Version update (3.8.2 -> 3.8.3) Subpackages: libgnutls-dane0 libgnutls30 - Update to 3.8.3: * libgnutls: Fix more timing side-channel inside RSA-PSK key exchange. [GNUTLS-SA-2024-01-14, CVSS: medium] [bsc#1218865, CVE-2024-0553] * libgnutls: Fix assertion failure when verifying a certificate chain with a cycle of cross signatures. [GNUTLS-SA-2024-01-09, CVSS: medium] [bsc#1218862, CVE-2024-0567] * libgnutls: Fix regression in handling Ed25519 keys stored in PKCS#11 token certtool was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2. * Rebase gnutls-FIPS-140-3-references.patch * Updated upstream gnutls.keyring ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Resolved XFS regression leading to the "not a correct XFS inode" error by temporarily reverting the problematic commit (bsc#1218864) * 0001-Revert-fs-xfs-Fix-XFS-directory-extent-parsing.patch ==== gtksourceview ==== Subpackages: libgtksourceview-3_0-1 typelib-1_0-GtkSource-3_0 - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== iputils ==== Version update (20231222 -> 20240117) - Update to version 20240117 (ping bugfix release) https://github.com/iputils/iputils/releases/tag/20240117 ==== libcroco ==== - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== libgsf ==== Subpackages: gsf-office-thumbnailer libgsf-1-114 - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== libjpeg-turbo ==== - Do not require SIMD support when it does not exist ==== libjxl-gtk ==== Version update (0.8.2 -> 0.9.0) Subpackages: gdk-pixbuf-loader-jxl gimp-plugin-jxl - Remove cjxl/djxl manpages from gtk flavor installation, these are part of the tools subpackage from the main flavor. - Update to release 0.9 * Encoder API: * Add JxlEncoderSetExtraChannelDistance to adjust the quality of extra channels (like alpha) separately. * New API functions for streaming encoding. * New options for more fine-grained control over metadata preservation when using JxlEncoderAddJPEGFrame. * New function JxlEncoderSetUpsamplingMode to change the upsampling method, e.g. to use nearest-neighbor upsampling for pixel art. * New function JxlEncoderDistanceFromQuality for convenience to calculate a distance given a quality. * Decoder API: Implemented JxlDecoderSetOutputColorProfile and JxlDecoderSetCms to enable decoding to desired colorspace. * Deprecated functions removed from encoder and decoder APIs. * Command-line tools: * cjxl can now be used to explicitly add/update/strip Exif/XMP/JUMBF metadata using the decoder-hints syntax, e.g. cjxl input.ppm -x exif=input.exif output.jxl * djxl can now be used to extract Exif/XMP/JUMBF metadata. ==== libosinfo ==== Subpackages: libosinfo-1_0-0 typelib-1_0-Libosinfo-1_0 - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== libstorage-ng ==== Version update (4.5.173 -> 4.5.174) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#979 - allow to get Arch object from SystemInfo - make testcase more robust - coding style - 4.5.174 ==== libxkbcommon ==== Subpackages: libxkbcommon-x11-0 libxkbcommon0 libxkbregistry0 - Add libxkbcommon-tools-bash-completions. ==== live555 ==== Version update (2023.05.10 -> 2023.11.30) Subpackages: libBasicUsageEnvironment2 libUsageEnvironment3 libgroupsock30 - update up to 2023.11.30: * In the implementation of the "MPEGVideoStreamFramer" class, gave "TimeCode::operator==()" the "const" qualifier, to make some compilers happy. * Performed the annual update of the copyright years near the start of each file - update to 2023.11.08: * Changed the signature to the virtual function "getRTPSinkandRTCP()" (in "ServerMediaSubession", and its subclasses "OnDemandServerMediaSession" and "PassiveServerMediaSubsession") to make its 'result' arguments "rtpSink" and "rtcp" no longer "const *". There was no real reason to make those "const *". - update to 2023.11.07: * In the class "GenericMediaServer", made the variables "fServerMediaSessions", "fClientConnections", and "fClientSessions" 'protected' rather than 'private', to allow subclasses to access them if desired. - update to 2023.10.30: * Fixed a bug in "deleteEventTrigger()" that had accidentally been introduced during the change to 'event trigger' implementation back in June. - update to 2023.07.24: * Updated the event trigger implementation once again, to allow for the possibility of developers redefining MAX_NUM_EVENT_TRIGGERS (it must always be <= the number of bits in an "EventTriggerId", though. - update to 2023.06.20: * Updated the event trigger implementation again - in the case where "NO_STD_LIB" is defined. In this case, "fTriggersAwaitingHandling" is implemented as an array of "Boolean volatile"s, rather than as a 32-bit bitmap. This should make 'race conditions' less likely even if "NO_STD_LIB" is defined (though you should use the preferred, default implementation - that uses an array of "std::atomic_flag"s - if possible). - update to 2023.06.16: * Changed the (default) implementation of 'event triggers' in "BasicTaskScheduler" to implement "fTriggersAwaitingHandling" using "std:atomic_flag"s, rather than as a bitmap. This should overcome 'race conditions' that some users experienced when calling "triggerEvent()" from a non-LIVE555 thread. * Note that this is the first time the LIVE555 code has required the C++ standard library. (If you cannot use the C++ standard library, then you can compile the code - but getting the old behavior - by defining "NO_STD_LIB".) * Minor change to "RTSPCommon.cpp" to overcome a compilation error in XCode on Mac OS X. - update to 2023.06.14: * Fixed a bug in the Matroska file parsing code that could sometimes cause a 'use after free' error. (bsc#1218758, CVE-2023-20573) - update to 2023.06.10: * Minor change to "GroupsockHelper.cpp" to overcome a compilation error in XCode on Mac OS X. - update to 2023.06.08: * Updated the "dateHeader()" function in "RTSPCommon.cpp" to use "gmtime_r()" instead of the older, non-thread-safe "gmtime()". - Applied workarounds for the build error with atomic_flag test ==== llvm17 ==== - Use %_target_* for determining the compiler host triple (boo#1218701) ==== mosh ==== - Remove the deprecated perl-IO-Socket-INET6 dependency. * Remove the dependency on perl(IO::Socket::INET6) as it has been deprecated by upstream, is no longer suitable for use and its not being maintained. A compatible replacement for this package is perl(IO::Socket::IP) which is shipped by the perl-base package. * In the sources, the perl(IO::Socket::IP) is preferred over INET6. ==== ncurses ==== Version update (6.4.20240106 -> 6.4.20240113) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20240113 + improve formatting/style of manpages (patches by Branden Robinson). + modify dist.mk to avoid passing developer's comments in manpages into the generated html documentation. + use ansi+local, ansi+local1, ansi+pp, ansi+rca, ansi+rca2, ansi+sgr to trim -TD + restore padding for wy520* and vt320-k311 (report by Sven Joachim). ==== nvidia-open-driver-G06-signed ==== - create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks also during modprobing the nvidia module; this changes the issue of not having access to /dev/nvidia${devid}, when gfxcard has been replaced by a different gfx card after installing the driver ==== orca ==== Version update (45.1 -> 45.2) - Update to version 45.2: + Web: Fix bug causing us to get stuck in menu bar during caret navigation. + General: Dump our cached information in response to children-changed events so that we do not present stale information. + Updated translations. ==== plocate ==== Version update (1.1.19 -> 1.1.22) - remove fallback for _fillupdir in spec file, should be supported everywhere now - update to version 1.1.22: * Revert the updatedb change in 1.1.21 that did not open pruned paths; it broke pruning of paths that were not at the root (e.g. /foo/bar, as opposed to /foo). Reported by David Caldwell - use systemd timer file provided by the project - update to version 1.1.21: * Improve interactions between pruning and bind mount detection logic * Pruned paths are now not opened, which can be useful in certain cases. Note that this does not (yet) apply to filesystems that are pruned due to type and not due to paths; they are still opened and then immediately closed again - update to version 1.1.20: * Fix updatedb writing incomplete .db files under Termux * Make the systemd timer run more consistently during the night * Add an (undocumented) flag --ignore-visibility to plocate, giving the equivalent of building the database with - -require-visibility no ==== polari ==== - Convert to source service for easier updating. ==== python-flufl.i18n ==== - Drop unneeded pdm dependency ==== python-lxml ==== Version update (4.9.4 -> 5.1.0) - update to version 5.1.0: Details on https://lxml.de/5.1/changes-5.1.0.html removed merged patches: - ISO-Schematron-schema-optional.patch - remove-ISO-Schematron-schema.patch - close_file_before_test.patch ==== python-numpy ==== - Update list of expected test failures on riscv64 - Fix gnu-hpc build error for Leap ==== python-redis ==== - add https://github.com/redis/redis-py/pull/3005 as Close-various-objects-created-during-asyncio-tests.patch to fix tests for python 3.12 ==== python-zope.component ==== - Rearrange requirements, run only basic testsuite in SLE-based projects ==== rdesktop ==== - add patch fix_C99_issue_in_configure.patch to fix detection of statvfs64 - add patch fix_dashes_in_manpage.patch to prevent dashes from being utf8 mangled - add patch fix_segfault_in_utils_cert_handle_exception.patch - add patch fix_wrong_string_null_terminated.patch to null-terminate the correct variable - adjust patch rdesktop-fix_pkgconfig_check.patch so it can be applied with "-p1" - minor spec cleanup ==== readline ==== Version update (8.2 -> 8.2.10) Subpackages: libreadline8 readline-doc - Add upstream patch readline82-008 * Add missing prototypes for several function declarations - Add upstream patch readline82-009 * Fix issue where the directory name portion of the word to be completed (the part that is passed to opendir()) requires both tilde expansion and dequoting. Readline only performed tilde expansion in this case, so filename completion would fail. - Add upstream patch readline82-010 * Fix the case where text to be completed from the line buffer (quoted) is compared to the common prefix of the possible matches (unquoted) and the quoting makes the former appear to be longer than the latter. Readline assumes the match doesn't add any characters to the word and doesn't display multiple matches. - Port patches * readline-5.2-conf.patch * readline-6.2-metamode.patch * readline-7.0-screen.patch * readline-8.2.dif ==== selinux-policy ==== Version update (20240104 -> 20240116) Subpackages: selinux-policy-targeted - Update to version 20240116: * Fix gitolite homedir paths (bsc#1218826) ==== shadow ==== Version update (4.14.2 -> 4.14.3) Subpackages: libsubid4 login_defs - Update to 4.14.3: * libshadow: + Avoid null pointer dereference (#904) ==== sushi ==== - Convert to source service for easier updating. ==== telepathy-logger ==== Subpackages: libtelepathy-logger3 telepathy-logger-schema typelib-1_0-TelepathyLogger-0_2 - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== upower ==== Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0 - Own /usr/share/gtk-doc: glib no longer uses gtk-doc and as a consequence cannot be held responsible to deliver that basic directory structure. ==== xfce4-whiskermenu-plugin ==== Version update (2.8.2 -> 2.8.3) Subpackages: xfce4-whiskermenu-plugin-lang - Update to version 2.8.3 * Fix adding launchers to desktop. (Issue #122) * Fix segfault in profile destructor. (Issue #123) * Translation updates ==== xorg-x11-server ==== Version update (21.1.9 -> 21.1.11) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Update to version 21.1.11 * This release contains fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg/2024-January/061525.html * CVE-2023-6816 (bsc#1218582) * CVE-2024-0229 (bsc#1218583) * CVE-2024-21885 (bsc#1218584) * CVE-2024-21886 (bsc#1218585) * CVE-2024-0408 * CVE-2024-0409 - supersedes the following patches * U_xephyr-Don-t-check-for-SeatId-anymore.patch * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch ==== xwayland ==== Version update (23.2.2 -> 23.2.4) - This release contains also the following patches mentioned in previous sle15 releases * bsc1218582-0001-dix-allocate-enough-space-for-logical-button-maps.patch * bsc1218583-0001-dix-Allocate-sufficient-xEvents-for-our-DeviceStateN.patch * bsc1218583-0002-dix-fix-DeviceStateNotify-event-calculation.patch * bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch * bsc1218584-0001-Xi-flush-hierarchy-events-after-adding-removing-mast.patch * bsc1218585-0001-Xi-do-not-keep-linked-list-pointer-during-recursion.patch * bsc1218585-0002-dix-when-disabling-a-master-float-disabled-slaved-de.patch - This release contains also the missing fixes of initial U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch (bsc#1217765) - Update to version 23.2.4 * This release contains fixes for the issues reported in today's security advisory: https://lists.x.org/archives/xorg/2024-January/061525.html * CVE-2023-6816 (bsc#1218582) * CVE-2024-0229 (bsc#1218583) * CVE-2024-21885 (bsc#1218584) * CVE-2024-21886 (bsc#1218585) * CVE-2024-0408 * CVE-2024-0409 - supersedes the patches mentioned below: * U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch * U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch

1 0