Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (25.0.1 -> 25.0.2) Mesa-drivers (25.0.1 -> 25.0.2) autoyast2 (5.0.4 -> 5.0.5) crypto-policies (20230920.570ea89 -> 20250124.4d262e7) ebook-tools gdm gnome-maps (47.4 -> 48.0) gnome-text-editor (47.3 -> 48.1) gtksourceview5 (5.14.2 -> 5.16.0) libadwaita (1.6.4 -> 1.7.0) openSUSE-release (20250321 -> 20250324) python-bcrypt (4.2.1 -> 4.3.0) shadow (4.17.3 -> 4.17.4) sushi threadweaver time === Details === ==== Mesa ==== Version update (25.0.1 -> 25.0.2) Subpackages: Mesa-libEGL1 Mesa-libGL1 libgbm1 - Update to release 25.0.2 - -> https://docs.mesa3d.org/relnotes/25.0.2 ==== Mesa-drivers ==== Version update (25.0.1 -> 25.0.2) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to release 25.0.2 - -> https://docs.mesa3d.org/relnotes/25.0.2 ==== autoyast2 ==== Version update (5.0.4 -> 5.0.5) Subpackages: autoyast2-installation - Allow skipping profile fetch errors by setting YAST_SKIP_PROFILE_FETCH_ERROR=1 (see gh#agama-project/agama#2180). - 5.0.5 ==== crypto-policies ==== Version update (20230920.570ea89 -> 20250124.4d262e7) Subpackages: crypto-policies-scripts - Allow sshd in FIPS mode when using the DEFAULT policy [bsc#1227370] * Add crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch - Enable SHA1 sigver in the DEFAULT policy. * Add crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch - Fix fips-mode-setup in EFI or Secure Boot mode. [bsc#1227637] * Rebase crypto-policies-FIPS.patch - Remove dangling symlink for the libreswan config [bsc#1236858] - Remove also sequoia config and generator files - Remove not needed fips bind mount service - Update to version 20250124.4d262e7: [bsc#1239009, bsc#1236165] * openssl: stricter enabling of Ciphersuites * openssl: make use of -CBC and -AESGCM keywords * openssl: add TLS 1.3 Brainpool identifiers * fix warning on using experimental key_exchanges * update-crypto-policies: don't output FIPS warning in fips mode * openssh: map mlkem768x25519-sha256 to KEM-ECDH & MLKEM768-X25519 & SHA2-256 * openssh, libssh: refactor kx maps to use tuples * alg_lists: mark MLKEM768/SNTRUP kex experimental * nss: revert enabling mlkem768secp256r1 * nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber * gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768 * openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768 * openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768 * openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256 * openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384... * python/update-crypto-policies: pacify pylint * fips-mode-setup: tolerate fips dracut module presence w/o FIPS * fips-mode-setup: small Argon2 detection fix * SHA1: add __openssl_block_sha1_signatures = 0 * fips-mode-setup: block if LUKS devices using Argon2 are detected * update-crypto-policies: skip warning on --set=FIPS if bootc * fips-setup-helper: skip warning, BTW * fips-mode-setup: force --no-bootcfg when UKI is detected * fips-setup-helper: add a libexec helper for anaconda * fips-crypto-policy-overlay: automount FIPS policy * openssh: make dss no longer enableble, support is dropped * gnutls: wire GROUP-X25519-KYBER768 to X25519-KYBER768 * DEFAULT: switch to rh-allow-sha1-signatures = no... * java: drop unused javasystem backend * java: stop specifying jdk.tls.namedGroups in javasystem * ec_min_size: introduce and use in java, default to 256 * java: use and include jdk.disabled.namedCurves * BSI: Update BSI policy for new 2024 minimum recommendations * fips-mode-setup: flashy ticking warning upon use * fips-mode-setup: add another scary "unsupported" * CONTRIBUTING.md: add a small section on updating policies * CONTRIBUTING.md: remove trailing punctuation from headers * BSI: switch to 3072 minimum RSA key size * java: make hash, mac and sign more orthogonal * java: specify jdk.tls.namedGroups system property * java: respect more key size restrictions * java: disable anon ciphersuites, tying them to NULL... * java: start controlling / disable DTLSv1.0 * nss: wire KYBER768 to XYBER768D00 * nss: unconditionally load p11-kit-proxy.so * gnutls: make DTLS0.9 controllable again * gnutls: retire GNUTLS_NO_TLS_SESSION_HASH * openssh: remove OPENSSH_MIN_RSA_SIZE / OPENSSH_MIN_RSA_SIZE_FORCE * gnutls: remove extraneous newline * sequoia: move away from subprocess.getstatusoutput * python/cryptopolicies/cryptopolicies.py: add trailing commas * python, tests: rename MalformedLine to MalformedLineError * Makefile: introduce SKIP_LINTING flag for packagers to use * Makefile: run ruff * tests: use pathlib * tests: run(check=True) + CalledProcessError where convenient * tests: use subprocess.run * tests/krb5.py: check all generated policies * tests: print to stderr on error paths * tests/nss.py: also use encoding='utf-8' * tests/nss.py: also use removesuffix * tests/nss.py: skip creating tempfiles * tests/java.pl -> tests/java.py * tests/gnutls.pl -> tests/gnutls.py * tests/openssl.pl -> tests/openssl.py * tests/verify-output.pl: remove * libreswan: do not use up pfs= / ikev2= keywords for default behaviour * Rebase patches: - crypto-policies-no-build-manpages.patch - crypto-policies-policygenerators.patch - crypto-policies-supported.patch - crypto-policies-nss.patch - Update to version 20241010.5930b9a: * LEGACY: enable 192-bit ciphers for nss pkcs12/smime * nss: be stricter with new purposes * nss: rewrite backend for 3.101 * cryptopolicies: parent scopes for dumping purposes * policygenerators: move scoping inside generators * TEST-PQ: disable pure Kyber768 * nss: wire XYBER768D00 to X25519-KYBER768 * TEST-PQ: update * TEST-PQ: also enable sntrup761x25519-sha512@openssh.com * TEST-PQ, alg_lists, openssl: enable more experimental `sign` values * TEST-PQ, python: add more groups, mark experimental * openssl: mark liboqsprovider groups optional with ? * Remove patches: - crypto-policies-revert-rh-allow-sha1-signatures.patch - Update to version 20240201.9f501f3: * .gitlab-ci.yml: install sequoia-policy-config ... changelog too long, skipping 21 lines ... * pylintrc: use-implicit-booleaness-not-comparison-to-* ==== ebook-tools ==== - Add patch: * ebook-tools-cmake4.patch - Rebase patches - Drop unneeded baselibs.conf ==== gdm ==== Subpackages: gdm-schema gdm-xdm-integration gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Rebase/fix gdm-switch-to-tty1.patch to fix build against gcc 15. - Add gdm-settings-utils_rename-variable.patch: Rename variable to fix build with gcc 15 (https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/273). ==== gnome-maps ==== Version update (47.4 -> 48.0) - Update to version 48.0: + Updated translations. - Update to version 48.rc: + Update OSM edit POI defintions + Update highway shields from OpenStreetMap-Americana + Use Transitous for public transit in Finland, as the old OTP1-based Digitransit API is being deprecated + Show stairs instructions for walking directions with Transitous + Updated translations. ==== gnome-text-editor ==== Version update (47.3 -> 48.1) - Update to version 48.1: + Fix accessibility properties on search entry. + Updated translations. - Update to version 48.0: + Defaults for markdown no longer imply 80 char right margin and it is instead inherted from gsetting defaults. + Fallback indentation selection is in preferences now. + Updated translations. - Update to version 48.rc: + Slight UI tweaks to the open button to allow for better shrinking of the window to narrow sizes + Search bar cancellation bug fixes + Fix right-margin-position in preferences not working on some distributions + Updated translations. - Drop erroneous (and unused) appstream-glib BuildRequires: It should be AppStream BuildRequires, but it is currently disabled upstream, and that one is already pulled in automatically. - Update to version 48.beta: + More refinement on design updates + Search bar moved to bottom of text area + Track changes in xdg-portal + Updated translations. - Update to version 48.alpha: + The view menu has been removed in favor of a new properties panel based on feedback from users over the past couple of years. + The indention selection menu has also been removed for the same reason. + More options in preferences have been exposed. + The 'grid' option has been removed from preferences as it has had a number of issues. Though if you've enabled it, it will continue to be visible to allow turning it off. + Opening files with encoding errors will present the option to select an encoding from the infobar. + Text Editor now uses the new "text" GtkFileDialog APIs from GTK. This should allow using portals and thus, Nautilus as a file chooser. + Document statistics can be updated as you type in the new panel. + The language selection dialog shows recent languages above other languages to make common changes quicker. + The position label is now displayed above the editor view when the cursor moves for reasons other than typing such as jumping by arrow movement or mouse/touch press to move the cursor. + Fix alignment/sizing of zoom buttons. + A new fullscreen mode similar to Ptyxis/Epiphany. - Change spec file to use modern BuildSystem: meson with automatic build dependency detection. - Drop all BuildRequires now autogenerated by meson_buildrequires macro. ==== gtksourceview5 ==== Version update (5.14.2 -> 5.16.0) - Update to version 5.16.0: + Updated translations. - Update to version 5.15.1 (Unstable): + Remove use of various GTK deprecations + Testsuite improvements + Updated translations. - Update to version 5.15.0 (Unstable): + Various introspection fixes + Improvements to GtkSourceAssistants + Various GtkTextIter performance improvements + Deduplication fixes when sorting + Alter paths for resource:// usage so that resources take priority over system installations other than the current one + Adwaita.xml, Adwaita-dark.xml style updates + Quantize Y position for gutter line numbers + New and updated languages: meson.lang, zig.lang + Updated translations. - Update to version 5.14.1+61: + Switch to master branch to have pre-5.15.0 release. ==== libadwaita ==== Version update (1.6.4 -> 1.7.0) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.7.0: + Build: Specify --doc-format for GIR data + AdwDialog: Fix :current-breakpoint notifications + AdwPreferencesDialog/Window: - Exclude hidden pages from search too - Fix the search filter expression + Updated translations. - Update to version 1.7.rc: + Fix build failures on win32 + Bump minimum GTK and GLib versions + Adaptive preview: - Fix screenshotting GtkGraphicsOffload - Add a missing translators comment + AdwAboutDialog/Window: Use system monospace font for `<code>` in release notes + AdwDialog: Fix parent window shortcuts propagating into dialogs + AdwPreferencesDialog: Hide pages with visible=false + AdwStyleManager: Document how to handle font names + Stylesheet: - Fix popovers in non-composited environments - Fix GtkPaned drag area + Updated translations. - Remove static file now built. ==== openSUSE-release ==== Version update (20250321 -> 20250324) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-bcrypt ==== Version update (4.2.1 -> 4.3.0) Subpackages: python311-bcrypt python313-bcrypt - Update 4.3.0 * Bump proc-macro2 from 1.0.89 to 1.0.90 in /src/_bcrypt (#916) * Bump unicode-ident from 1.0.13 to 1.0.14 in /src/_bcrypt (#915) * fixes #917 -- correctly handle a salt that's too short (#918) * Bump cpufeatures from 0.2.15 to 0.2.16 in /src/_bcrypt (#919) * Bump proc-macro2 from 1.0.90 to 1.0.92 in /src/_bcrypt (#920) * Bump syn from 2.0.87 to 2.0.89 in /src/_bcrypt (#921) * Fix new ruff warning (#923) * Build manylinux 2.34 images (#922) * Bump portable-atomic from 1.9.0 to 1.10.0 in /src/_bcrypt (#924) * drop py37 (#926) * Bump pyo3 from 0.23.1 to 0.23.2 in /src/_bcrypt (#927) * Bump libc from 0.2.164 to 0.2.165 in /src/_bcrypt (#928) * Bump libc from 0.2.165 to 0.2.166 in /src/_bcrypt (#929) * Bump dawidd6/action-download-artifact from 6 to 7 (#932) * Bump syn from 2.0.89 to 2.0.90 in /src/_bcrypt (#931) * Bump libc from 0.2.166 to 0.2.167 in /src/_bcrypt (#930) * Bump pyo3 from 0.23.2 to 0.23.3 in /src/_bcrypt (#933) * Bump actions/cache from 4.1.2 to 4.2.0 (#934) * Bump libc from 0.2.167 to 0.2.168 in /src/_bcrypt (#935) * Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (#936) * Bump dtolnay/rust-toolchain (#937) * Bump actions/upload-artifact from 4.4.3 to 4.5.0 (#938) * Bump libc from 0.2.168 to 0.2.169 in /src/_bcrypt (#939) * Bump syn from 2.0.90 to 2.0.91 in /src/_bcrypt (#940) * Bump quote from 1.0.37 to 1.0.38 in /src/_bcrypt (#942) * Bump syn from 2.0.91 to 2.0.92 in /src/_bcrypt (#941) * Bump syn from 2.0.92 to 2.0.93 in /src/_bcrypt (#943) * Bump syn from 2.0.93 to 2.0.94 in /src/_bcrypt (#944) * Bump syn from 2.0.94 to 2.0.95 in /src/_bcrypt (#945) * Bump syn from 2.0.95 to 2.0.96 in /src/_bcrypt (#948) * Bump actions/upload-artifact from 4.5.0 to 4.6.0 (#947) * Bump proc-macro2 from 1.0.92 to 1.0.93 in /src/_bcrypt (#949) * Bump pyo3 from 0.23.3 to 0.23.4 in /src/_bcrypt (#950) * Support free-threaded Python 3.13 (#925) * Switch to nox (#954) * use github hosted arm runners in wheel builder (#952) * use github hosted arm runners in ci (#951) * Bump dawidd6/action-download-artifact from 7 to 8 (#956) * Bump pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4 (#957) * Bump unicode-ident from 1.0.14 to 1.0.15 in /src/_bcrypt (#958) * include matrix.PYTHON.VERSION in CI cache keys (#964) * Bump cpufeatures from 0.2.16 to 0.2.17 in /src/_bcrypt (#960) * Bump unicode-ident from 1.0.15 to 1.0.16 in /src/_bcrypt (#962) * Bump actions/setup-python from 5.3.0 to 5.4.0 (#963) * Update getrandom and bcrypt (#966) * Bump syn from 2.0.96 to 2.0.98 in /src/_bcrypt (#967) * Bump quansight-labs/setup-python from 5.3.1 to 5.4.0 (#968) * add support for free-threaded wheels (#955) * Bump once_cell from 1.20.2 to 1.20.3 in /src/_bcrypt (#970) * Bump unicode-ident from 1.0.16 to 1.0.17 in /src/_bcrypt (#972) * Bump typenum from 1.17.0 to 1.18.0 in /src/_bcrypt (#973) * Bump actions/cache from 4.2.0 to 4.2.1 (#974) * Bump actions/upload-artifact from 4.6.0 to 4.6.1 (#975) * Bump libc from 0.2.169 to 0.2.170 in /src/_bcrypt (#976) * Bump inout from 0.1.3 to 0.1.4 in /src/_bcrypt (#977) * Bump portable-atomic from 1.10.0 to 1.11.0 in /src/_bcrypt (#978) * Update PyO3 to 0.23.5 (#980) * Bump actions/download-artifact from 4.1.8 to 4.1.9 (#982) * Add PyPy 3.11 and armv7l to matrix runner (#983) * PyPy 3.11 and armv7l wheels (#984) ==== shadow ==== Version update (4.17.3 -> 4.17.4) Subpackages: libsubid5 login_defs - Update to 4.17.4: * Revert "lib/, src/: Use local time for human-readable dates" * lib/getdate.y: Ignore time-zone information and use UTC * src/chfn.c: Partially revert "lib/, src/: Use strsep(3) instead of its pattern" * src/chfn.c: Use stpsep() instead of its pattern * src/chfn.c: Add local variable to refer to the separated field * src/chfn.c: copy_field(): Rename local variable * lib/commonio.c: Rely on the POSIX.1-2008 behavior of realpath(3) * lib/fs/readlink/: readlinknul(): Use ssize_t to simplify * autogen.sh: Promote -Wsign-compare to an error * lib/sizeof.h: ssizeof(): Add signed variant of sizeof * src/lastlog.c: Use ssizeof() to avoid a -Wsign-compare diagnostic * tests/unit/test_xasprintf.c: Fix sign-mismatch diagnostic * configure.ac: stop checking for utmp location * configure.ac: be deterministic about passwd location * lib/, src/: update audit messages * lib/: audit function for groups * src/: update group audit messages * doc/: Remove list of distributions ==== sushi ==== - Require evince-plugin-pdfdocument to not crash ==== threadweaver ==== - Backport upstream change: * threadweaver-cmake4.patch ==== time ==== - Use -std=gnu99 to avoid traps from C23 made default with GCC 15.