Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20231122 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick (7.1.1.20 -> 7.1.1.21) aria2 (1.36.0 -> 1.37.0) dhcp ell (0.59 -> 0.60) fwupd (1.9.8 -> 1.9.9) git (2.42.1 -> 2.43.0) grub2 kernel-source (6.6.1 -> 6.6.2) libX11 libblockdev libfido2 (1.13.0 -> 1.14.0) libheif (1.17.3 -> 1.17.5) librdkafka (2.1.1 -> 2.3.0) llvm17 (17.0.4 -> 17.0.5) mariadb-connector-c (3.3.5 -> 3.3.7) mdadm nghttp2 nvidia-open-driver-G06-signed (545.29.02_k6.6.1_1 -> 545.29.02_k6.6.2_1) openvpn (2.6.7 -> 2.6.8) ovmf p11-kit (0.25.2 -> 0.25.3) python-numpy (1.25.2 -> 1.26.2) python-pip (23.2.1 -> 23.3.1) readline sssd transactional-update (4.4.0 -> 4.5.0) xen (4.18.0_02 -> 4.18.0_04) xkeyboard-config yast2-trans (84.87.20231104.b73ad6fbc9 -> 84.87.20231117.f12231d4de) === Details === ==== ImageMagick ==== Version update (7.1.1.20 -> 7.1.1.21) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.21 https://github.com/ImageMagick/Website/blob/main/ChangeLog.md - modified patches [bsc#1217014][bsc#1216811] % ImageMagick-s390x-disable-tests.patch (refreshed) - deleted patches - ImageMagick-correct-time-to-live.patch (upstreamed) - added patches https://github.com/ImageMagick/ImageMagick/commit/8f3c56fabc619c1672865257e5... https://github.com/ImageMagick/ImageMagick/commit/3a7b915d9a810ce742987b37c9... + ImageMagick-infinite-resource-time-limit.patch ==== aria2 ==== Version update (1.36.0 -> 1.37.0) Subpackages: libaria2-0 - Update to version 1.37.0 * Fix header in --http-accept-gzip documentation * Allow empty dist name in bencode which is needed for hybrid torrent * Fix undefined behavior/crash in GZipEncoder * Fix Metalink4 parsing with foreign namespaces * fix wrong dht.dat binary file structure in docs * Increase ByteArrayDiskWriter maximum size * Logger: Fix format string overflow in writeHeader() * Cap infoHashLength in .aria2 file * Various documentation fixes and rewords ==== dhcp ==== Subpackages: dhcp-relay dhcp-server - Remove dhclient-script (boo#1216822). ==== ell ==== Version update (0.59 -> 0.60) - update to 0.60: * Fix issue with missing NETLINK_EXT_ACK definition. * Fix issue with incorrect derivation of ECC compressed points. * Add support for ECC usage from SPAKE2+ key exchange protocol. ==== fwupd ==== Version update (1.9.8 -> 1.9.9) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.9 (boo#1217295): + This release adds the following features: - Add a new generic request for the device power cable. + This release adds support for the following hardware: - Lenovo X1 Yoga Gen7 530E. - Advantech BMC devices. ==== git ==== Version update (2.42.1 -> 2.43.0) Subpackages: git-core git-email git-web perl-Git - update to 2.43.0: * The "--rfc" option of "git format-patch" used to be a valid way to override an earlier "--subject-prefix=<something>" on the command line and replace it with "[RFC PATCH]", but from this release, it merely prefixes the string "RFC " in front of the given subject prefix. If you are negatively affected by this change, please use "--subject-prefix=PATCH --rfc" as a replacement. * In Git 2.42, "git rev-list --stdin" learned to take non-revisions (like "--not") from the standard input, but the way such a "--not" was handled was quite confusing, which has been rethought. The updated rule is that "--not" given from the command line only affects revs given from the command line that comes but not revs read from the standard input, and "--not" read from the standard input affects revs given from the standard input and not revs given from the command line. * A message written in olden time prevented a branch from getting checked out, saying it is already checked out elsewhere. But these days, we treat a branch that is being bisected or rebased just like a branch that is checked out and protect it from getting modified with the same codepath. The message has been rephrased to say that the branch is "in use" to avoid confusion. * Hourly and other schedules of "git maintenance" jobs are randomly distributed now. * "git cmd -h" learned to signal which options can be negated by listing such options like "--[no-]opt". * The way authentication related data other than passwords (e.g., oauth token and password expiration data) are stored in libsecret keyrings has been rethought. * Update the libsecret and wincred credential helpers to correctly match which credential to erase; they erased the wrong entry in some cases. * Git GUI updates. * "git format-patch" learned a new "--description-file" option that lets cover letter description to be fed; this can be used on detached HEAD where there is no branch description available, and also can override the branch description if there is one. * Use of the "--max-pack-size" option to allow multiple packfiles to be created is now supported even when we are sending unreachable objects to cruft packs. * "git format-patch --rfc --subject-prefix=<foo>" used to ignore the "--subject-prefix" option and used "[RFC PATCH]"; now we will add "RFC" prefix to whatever subject prefix is specified. * "git log --format" has been taught the %(decorate) placeholder for further customization over what the "--decorate" option offers. * The default log message created by "git revert", when reverting a commit that records a revert, has been tweaked, to encourage people to describe complex "revert of revert of revert" situations better in their own words. * The command-line completion support (in contrib/) learned to complete "git commit --trailer=" for possible trailer keys. * "git update-index" learned the "--show-index-version" option to inspect the index format version used by the on-disk index file. * "git diff" learned the "diff.statNameWidth" configuration variable, to give the default width for the name part in the "--stat" output. * "git range-diff --notes=foo" compared "log --notes=foo --notes" of the two ranges, instead of using just the specified notes tree, which has been corrected to use only the specified notes tree. * The command line completion script (in contrib/) can be told to complete aliases by including ": git <cmd> ;" in the alias to tell it that the alias should be completed in a similar way to how "git <cmd>" is completed. The parsing code for the alias has been loosened to allow ';' without an extra space before it. * "git for-each-ref" and friends learned to apply mailmap to authorname and other fields in a more flexible way than using separate placeholder letters like %a[eElL] every time we want to come up with small variants. * "git repack" machinery learned to pay attention to the "--filter=" option. * "git repack" learned the "--max-cruft-size" option to prevent cruft packs from growing without bounds. * "git merge-tree" learned to take strategy backend specific options via the "-X" option, like "git merge" does. * "git log" and friends learned the "--dd" option that is a short-hand for "--diff-merges=first-parent -p". * The attribute subsystem learned to honor the "attr.tree" configuration variable that specifies which tree to read the .gitattributes files from. * "git merge-file" learns a mode to read three variants of the contents to be merged from blob objects. * see https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43... ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Update the TPM2 patches to skip the persistent SRK handle if not specified and improve the error messages + 0003-protectors-Add-TPM2-Key-Protector.patch + 0005-util-grub-protect-Add-new-tool.patch + 0004-tpm2-Support-authorized-policy.patch ==== kernel-source ==== Version update (6.6.1 -> 6.6.2) - Linux 6.6.2 (bsc#1012628). - hwmon: (nct6775) Fix incorrect variable reuse in fan_div calculation (bsc#1012628). - numa: Generalize numa_map_to_online_node() (bsc#1012628). - sched/topology: Fix sched_numa_find_nth_cpu() in CPU-less case (bsc#1012628). - sched/topology: Fix sched_numa_find_nth_cpu() in non-NUMA case (bsc#1012628). - sched/fair: Fix cfs_rq_is_decayed() on !SMP (bsc#1012628). - iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (bsc#1012628). - sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0 (bsc#1012628). - sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0 (bsc#1012628). - objtool: Propagate early errors (bsc#1012628). - sched: Fix stop_one_cpu_nowait() vs hotplug (bsc#1012628). - nfsd: Handle EOPENSTALE correctly in the filecache (bsc#1012628). - vfs: fix readahead(2) on block devices (bsc#1012628). - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1012628). - x86/srso: Fix SBPB enablement for (possible) future fixed HW (bsc#1012628). - x86/srso: Print mitigation for retbleed IBPB case (bsc#1012628). - x86/srso: Fix vulnerability reporting for missing microcode (bsc#1012628). - x86/srso: Fix unret validation dependencies (bsc#1012628). - futex: Don't include process MM in futex key on no-MMU (bsc#1012628). - x86/numa: Introduce numa_fill_memblks() (bsc#1012628). - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (bsc#1012628). - cgroup/cpuset: Fix load balance state in update_partition_sd_lb() (bsc#1012628). - x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot (bsc#1012628). - x86/boot: Fix incorrect startup_gdt_descr.size (bsc#1012628). - cpu/SMT: Make SMT control more robust against enumeration failures (bsc#1012628). - x86/apic: Fake primary thread mask for XEN/PV (bsc#1012628). - srcu: Fix callbacks acceleration mishandling (bsc#1012628). - drivers/clocksource/timer-ti-dm: Don't call clk_get_rate() in stop function (bsc#1012628). - x86/nmi: Fix out-of-order NMI nesting checks & false positive warning (bsc#1012628). - pstore/platform: Add check for kstrdup (bsc#1012628). - perf: Optimize perf_cgroup_switch() (bsc#1012628). - selftests/x86/lam: Zero out buffer for readlink() (bsc#1012628). - PCI/MSI: Provide stubs for IMS functions (bsc#1012628). - string: Adjust strtomem() logic to allow for smaller sources (bsc#1012628). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (bsc#1012628). - irqchip/sifive-plic: Fix syscore registration for multi-socket systems (bsc#1012628). - wifi: ath12k: fix undefined behavior with __fls in dp (bsc#1012628). - wifi: cfg80211: add flush functions for wiphy work (bsc#1012628). - wifi: mac80211: move radar detect work to wiphy work (bsc#1012628). - wifi: mac80211: move scan work to wiphy work (bsc#1012628). - wifi: mac80211: move offchannel works to wiphy work (bsc#1012628). - wifi: mac80211: move sched-scan stop work to wiphy work (bsc#1012628). - wifi: mac80211: fix RCU usage warning in mesh fast-xmit (bsc#1012628). - wifi: cfg80211: fix off-by-one in element defrag (bsc#1012628). - wifi: mac80211: fix # of MSDU in A-MSDU calculation (bsc#1012628). - wifi: iwlwifi: honor the enable_ini value (bsc#1012628). - wifi: iwlwifi: don't use an uninitialized variable (bsc#1012628). - i40e: fix potential memory leaks in i40e_remove() (bsc#1012628). - iavf: Fix promiscuous mode configuration flow messages (bsc#1012628). - selftests/bpf: Correct map_fd to data_fd in tailcalls (bsc#1012628). - bpf, x64: Fix tailcall infinite loop (bsc#1012628). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1012628). - udp: introduce udp->udp_flags (bsc#1012628). - udp: move udp->no_check6_tx to udp->udp_flags (bsc#1012628). - udp: move udp->no_check6_rx to udp->udp_flags (bsc#1012628). - udp: move udp->gro_enabled to udp->udp_flags (bsc#1012628). - udp: add missing WRITE_ONCE() around up->encap_rcv (bsc#1012628). - udp: move udp->accept_udp_{l4|fraglist} to udp->udp_flags (bsc#1012628). - udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO (bsc#1012628). - udp: annotate data-races around udp->encap_type (bsc#1012628). - udplite: remove UDPLITE_BIT (bsc#1012628). - udplite: fix various data-races (bsc#1012628). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (bsc#1012628). - tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed (bsc#1012628). ... changelog too long, skipping 987 lines ... - commit 9ecdaa5 ==== libX11 ==== Subpackages: libX11-6 libX11-data libX11-xcb1 - this update is needed due to jsc#PED-7282; it includes the security fix for CVE-2022-3555 (bsc#1204425, bsc#1208881) and a fix for a race condition in libX11 that causes various applications to crash randomly (boo#1181963) ==== libblockdev ==== Subpackages: libbd_btrfs3 libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_swap3 libbd_utils3 libblockdev3 - Add %{_libdir}/libbd_s390.so for s390x because missing file identitied ==== libfido2 ==== Version update (1.13.0 -> 1.14.0) - update to 1.14.0: * fido2-cred -M, fido2-token -G: support raw client data via -w flag. * New API calls: * * fido_assert_authdata_raw_len; * * fido_assert_authdata_raw_ptr; * * fido_assert_set_winhello_appid. - add keyring for gpg validation ==== libheif ==== Version update (1.17.3 -> 1.17.5) Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif1 - update to 1.17.5: * Fixes installation of the Gnome "heif.thumbnailer" config file. - update to 1.17.4: * ispe boxes in AVIF images with clap boxes were written with the wrong size (would only happen with svt-av1 encoder), always output MIAF brand for AVIF images * fix kvazaar encoding with odd image sizes and encodings with non-4:2:0 chroma ==== librdkafka ==== Version update (2.1.1 -> 2.3.0) - update to 2.3.0: * Partial support of topic identifiers. Topic identifiers in metadata response available through the new `rd_kafka_DescribeTopics` function * KIP-117 Add support for AdminAPI `DescribeCluster()` and `DescribeTopics()` * Return authorized operations in Describe Responses. * KIP-580: Added Exponential Backoff mechanism for retriable requests with `retry.backoff.ms` as minimum backoff and `retry.backoff.max.ms` as the maximum backoff, with 20% jitter (#4422). * Fixed ListConsumerGroupOffsets not fetching offsets for all the topics in a group with Apache Kafka version below 2.4.0. * Add missing destroy that leads to leaking partition structure memory when there are partition leader changes and a stale leader epoch is received (#4429). * Fix a segmentation fault when closing a consumer using the cooperative-sticky assignor before the first assignment * Fix for insufficient buffer allocation when allocating rack information (@wolfchimneyrock, #4449). * Fix for infinite loop of OffsetForLeaderEpoch requests on quick leader changes. (#4433). * Fix for stored offsets not being committed if they lacked the leader epoch (#4442). * Upgrade OpenSSL to v3.0.11 (while building from source) with various security fixes, check the release notes * Fix to ensure permanent errors during offset validation continue being retried and don't cause an offset reset (#4447). * Fix to ensure max.poll.interval.ms is reset when rd_kafka_poll is called with consume_cb (#4431). * Fix for idempotent producer fatal errors, triggered after a possibly persisted message state (#4438). * Fix `rd_kafka_query_watermark_offsets` continuing beyond timeout expiry (#4460). * Fix `rd_kafka_query_watermark_offsets` not refreshing the partition leader after a leader change and subsequent `NOT_LEADER_OR_FOLLOWER` error (#4225). ==== llvm17 ==== Version update (17.0.4 -> 17.0.5) - Update to version 17.0.5. * This release contains bug-fixes for the LLVM 17.0.0 release. This release is API and ABI compatible with 17.0.0. - Rebase llvm-do-not-install-static-libraries.patch. - Also test clang-tools-extra (at least most parts) and lld. - Adapt test in lld-default-sha1.patch. - Don't disable testing if qemu_user_space_build has been set to 0. ==== mariadb-connector-c ==== Version update (3.3.5 -> 3.3.7) - update to 3.3.7: * https://mariadb.com/kb/en/mariadb-connector-c-3-3-7-release-notes/ * https://mariadb.com/kb/en/mariadb-connector-c-3-3-6-release-notes/ ==== mdadm ==== - No longer recommend smtp-daemon: this was a remainder from the cron configuration, which was removed back in 2018. ==== nghttp2 ==== - fix unversioned provides to be in sync with nghttp3 ==== nvidia-open-driver-G06-signed ==== Version update (545.29.02_k6.6.1_1 -> 545.29.02_k6.6.2_1) - no longer try to overwrite NVreg_OpenRMEnableSupporteGpus driver option setting; apparently it's ignored by the driver (boo#1215981, comment#26) - use different modprobe.d config file to resolve conflict with older driver package (boo#1217370); overwrite NVreg_OpenRMEnableSupporteGpus driver option setting (disable it), since letting it enabled is supposed to break booting (boo#1215981, comment#23) ==== openvpn ==== Version update (2.6.7 -> 2.6.8) - update to 2.6.8: * SIGSEGV crash: Do not check key_state buffers that are in S_UNDEF state - the new sanity check function introduced in 2.6.7 sometimes tried to use a NULL pointer after an unsuccessful TLS handshake * CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. * CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration in some circumstances, leading to a division by zero when --fragment is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash. * DCO: warn if DATA_V1 packets are sent by the other side - this a hard incompatibility between a 2.6.x client connecting to a 2.4.0-2.4.4 server, and the only fix is to use --disable-dco. * Remove OpenSSL Engine method for loading a key. This had to be removed because the original author did not agree to relicensing the code with the new linking exception added. This was a somewhat obsolete feature anyway as it only worked with OpenSSL 1.x, which is end-of-support. * add warning if p2p NCP client connects to a p2mp server - this is a combination that used to work without cipher negotiation (pre 2.6 on both ends), but would fail in non-obvious ways with 2.6 to 2.6. * add warning to --show-groups that not all supported groups are listed (this is due the internal enumeration in OpenSSL being a bit weird, omitting X448 and X25519 curves). * --dns: remove support for exclude-domains argument (this was a new 2.6 option, with no backend support implemented yet on any platform, and it turns out that no platform supported it at all - so remove option again) * warn user if INFO control message too long, do not forward to management client (safeguard against protocol-violating server implementations) * DCO-WIN: get and log driver version (for easier debugging). * print "peer temporary key details" in TLS handshake * log OpenSSL errors on failure to set certificate, for example if the algorithms used are in acceptable to OpenSSL (misleading message would be printed in cryptoapi / pkcs11 scenarios) * add CMake build system for MinGW and MSVC builds * remove old MSVC build system * improve cmocka unit test building for Windows ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Sync change log to prepare for sending edk2-stable202308 ovmf to SLE15-SP6 (jsc#PED-6233, jsc#PED-5523) - Removed the following backported patches because they are merged to edk2 mainline: - ovmf-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch 494127613b SecurityPkg/DxeImageVerificationLib: Check result of GetEfiGlobalVariable2 (CVE-2019-14560, bsc#1174246) ==== p11-kit ==== Version update (0.25.2 -> 0.25.3) Subpackages: libp11-kit0 p11-kit-tools - Update to 0.25.3: * rpc: fix serialization of NULL mechanism pointer [#601] * fix meson build failure in macOS (appleframeworks not found) [#603] ==== python-numpy ==== Version update (1.25.2 -> 1.26.2) - Update to 1.26.2: * TYP: Trim down the ``_NestedSequence.__getitem__`` signature * BUG: fix choose refcount leak * TST: fix running the test suite in builds without BLAS/LAPACK * BUG: random: Fix generation of nan by dirichlet. * TST: fix distutils tests for deprecations in recent setuptools... * MAINT: Remove versioneer * MAINT: Pin upper version of sphinx. * ENH: Add prefix to _ALIGN Macro * BUG: cleanup warnings [skip azp][skip circle][skip travis][skip... * BUG: ``asv dev`` has been removed, use ``asv run``. * BUG: Fix meson build failure due to unchanged inplace auto-generated... * BUG: fix issue with git-version script, needs a shebang to run * BUG: Use a default assignment for git_hash [skip ci] * BUG: fix NPY_cast_info error handling in choose * BUG: Fix common block handling in f2py * BUG: Fix assumed length f2py regression * MAINT: Harmonize fortranobject * TYP: add kind argument to numpy.isin type specification * BUG: fix comparisons between masked and unmasked structured arrays * ENH: Adopt new macOS Accelerate BLAS/LAPACK Interfaces, including... * TYP: Add the missing ``casting`` keyword to ``np.clip`` * TST: convert cython test from setup.py to meson * MAINT: Fixup ``fromnumeric.pyi`` * BUG, ENH: Fix ``iso_c_binding`` type maps * TYP: Allow ``binary_repr`` to accept any object * TYP: Explicitly declare ``dtype`` and ``generic`` hashable * ENH: Refactor the typing "reveal" tests using `typing.assert_type` * ENH: ``meson`` backend for ``f2py`` * MAINT: Refactor partial load Workaround for Clang * BUG: Fix data stmt handling for complex values in f2py * TYP: Add annotations for the py3.12 buffer protocol * DOC: Updated the f2py docs to remove a note on -fimplicit-none * BUG: Fix SIMD f32 trunc test on s390x when baseline is none * BUG: Fix DATA statements for f2py * API: Add ``NumpyUnpickler`` for backporting * MAINT: Xfail test failing on PyPy. * ENH: meson: implement BLAS/LAPACK auto-detection * DOC: add a 1.26.1 release notes section for BLAS/LAPACK build * MAINT: Backport ``numpy._core`` stubs. Remove ``NumpyUnpickler`` * BUG: loongarch doesn't use REAL(10) * MAINT: align test_dispatcher s390x targets with _umath_tests_mtargets * ENH: Add Cython enumeration for NPY_FR_GENERIC * MAINT: Remove unhelpful error replacements from ``import_array()`` * BUG: Avoid intp conversion regression in Cython 3 * MAINT: Add missing ``noexcept`` to shuffle helpers * DOC: Fix license identifier for OpenBLAS * BLD: improve detection of Netlib libblas/libcblas/liblapack * MAINT: Make bitfield integers unsigned * BUG: Make n a long int for np.random.multinomial * BUG: ensure passing ``np.dtype`` to itself doesn't crash - Update BuildRequires as appropiate, build system changed from setuptools to meson. - Drop patch ignore-pkg_resources-deprecation.patch, no longer required - f2py3 no longer shipped ==== python-pip ==== Version update (23.2.1 -> 23.3.1) - Update to 23.3.1: - Bug Fixes - Handle a timezone indicator of Z when parsing dates in the self check. (#12338) - Fix bug where installing the same package at the same time with multiple pip processes could fail. (#12361) - Update to 23.3: - Process - Added reference to vulnerability reporting guidelines to pip's security policy. - Features - Improve extras resolution for multiple constraints on same base package. (#11924) - Improve use of datastructures to make candidate selection 1.6x faster. (#12204) - Allow pip install --dry-run to use platform and ABI overriding options. (#12215) - Add is_yanked boolean entry to the installation report (--report) to indicate whether the requirement was yanked from the index, but was still selected by pip conform to PEP 592. (#12224) - Bug Fixes - Ignore errors in temporary directory cleanup (show a warning instead). (#11394) - Normalize extras according to PEP 685 from package metadata in the resolver for comparison. This ensures extras are correctly compared and merged as long as the package providing the extra(s) is built with values normalized according to the standard. Note, however, that this does not solve cases where the package itself contains unnormalized extra values in the metadata. (#11649) - Prevent downloading sdists twice when PEP 658 metadata is present. (#11847) - Include all requested extras in the install report (--report). (#11924) - Removed uses of datetime.datetime.utcnow from non-vendored code. (#12005) - Consistently report whether a dependency comes from an extra. (#12095) - Fix completion script for zsh (#12166) - Fix improper handling of the new onexc argument of shutil.rmtree() in Python 3.12. (#12187) - Filter out yanked links from the available versions error message: "(from versions: 1.0, 2.0, 3.0)" will not contain yanked versions conform PEP 592. The yanked versions (if any) will be mentioned in a separate error message. (#12225) - Fix crash when the git version number contains something else than digits and dots. (#12280) - Use -r=... instead of -r ... to specify references with Mercurial. (#12306, CVE-2023-5752, bsc#1217353) - Redact password from URLs in some additional places. (#12350) - pip uses less memory when caching large packages. As a result, there is a new on-disk cache format stored in a new directory ($PIP_CACHE_DIR/http-v2). (#2984) - Vendored Libraries - Upgrade certifi to 2023.7.22 - Add truststore 0.8.0 - Upgrade urllib3 to 1.26.17 - Improved Documentation - Document that pip search support has been removed from PyPI (#12059) - Clarify --prefer-binary in CLI and docs (#12122) - Document that using OS-provided Python can cause pip's test suite to report false failures. (#12334) - Adjust pip-shipped-requests-cabundle.patch. ==== readline ==== Subpackages: libreadline8 readline-doc - Add upstream patch readline82-002 * It's possible for readline to try to zero out a line that's not null- terminated, leading to a memory fault. - Add upstream patch readline82-003 - Add upstream patch readline82-004 - Add upstream patch readline82-005 * If an application is using readline in callback mode, and a signal arrives after readline checks for it in rl_callback_read_char() but before it restores the application's signal handlers, it won't get processed until the next time the application calls rl_callback_read_char(). Readline needs to check for and resend any pending signals after restoring the application's signal handlers. - Add upstream patch readline82-006 * This is a variant of the same issue as the one fixed by patch 5. In this case, the signal arrives and is pending before readline calls rl_getc(). When this happens, the pending signal will be handled by the loop, but may alter or destroy some state that the callback uses. Readline needs to treat this case the same way it would if a signal interrupts pselect/select, so compound operations like searches and reading numeric arguments get cleaned up properly. - Add upstream patch readline82-007 * If readline is called with no prompt, it should display a newline if return is typed on an empty line. It should still suppress the final newline if return is typed on the last (empty) line of a multi-line command. ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Adapt spec file for SLE 15 SP6/Leap 15.6; (jsc#PED-6714); * Remove package sssd-common, merged into sssd * Continue building deprecated files provider and infopipe responder * Disable selinux and semanage * Provide rcsssd shortcut ==== transactional-update ==== Version update (4.4.0 -> 4.5.0) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd - Version 4.5.0 - libtukit: Use permissions of real /etc when creating overlay [bsc#1215878] - libtukit, tukit: Support "rollback" via library now - tukitd: Implement Snapshot delete and rollback methods - tukit: Check for missing arguments with "close" and "abort" commands - t-u: Warn user when using "kdump" if it isn't configured to avoid confusion with "setup-kdump" [boo#1215725] - t-u: Abort if mkdumprd run is not successful - t-u: Use defaut from config file if t-u is called without arguments [gh#openSUSE/transactional-update#101] - Improved README.md [gh#openSUSE/transactional-update#59] and API docs - Code cleanup ==== xen ==== Version update (4.18.0_02 -> 4.18.0_04) Subpackages: xen-libs xen-tools-domU - Enable the Kconfig options REQUIRE_NX and DIT_DEFAULT to provide better hypervisor security xen.spec - Upstream bug fixes (bsc#1027519) 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch 655b2ba9-fix-sched_move_domain.patch - Pass XEN_BUILD_DATE + _TIME to override build date (boo#1047218) ==== xkeyboard-config ==== - the current source supersedes old sle15-sp5 patches (see changelog below) * U_Map-evdev-keycodes-KEY_RFKILL-and-KEY_WWAN-to-XF86RF.patch * U_Updating-Old-Hungarian.patch * U_Fix-media-keys-lag-on-ABNT2-keyboard.patch * U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch - includes fixes for * missing mappings for evdev keys KEY_RFKILL and KEY_WWAN (boo#1123784) * capslock in Old Hungarian layout (boo#1153774) * wrong keyboard mapping causing input delays with ABNT2 keyboards (bsc#1191242) - includes backport of French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) - supersedes a patch called 'U_fixed-keycode-comment.patch' from sle15-sp5, which wasn't applied there any longer either. <I247> = 247; // #define KEY_UWB 239 is defined in keycodes/evdev since a long time ... ==== yast2-trans ==== Version update (84.87.20231104.b73ad6fbc9 -> 84.87.20231117.f12231d4de) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20231117.f12231d4de: * New POT for text domain 'cc'.