New Arm Tumbleweed snapshot 20240927 released!

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20240927 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: bash (5.2.32 -> 5.2.37) bluez brltty cairomm (1.16.1 -> 1.16.2) chrony (4.5 -> 4.6) curl (8.10.0 -> 8.10.1) cyrus-sasl expat folks fwupd (1.9.24 -> 1.9.25) gcc gcr gcr3 gegl gettext-runtime gstreamer (1.24.7 -> 1.24.8) gstreamer-plugins-bad (1.24.7 -> 1.24.8) gstreamer-plugins-base (1.24.7 -> 1.24.8) gstreamer-plugins-good (1.24.7 -> 1.24.8) gstreamer-plugins-libav (1.24.7 -> 1.24.8) gstreamer-plugins-ugly (1.24.7 -> 1.24.8) gtk4 (4.16.1 -> 4.16.2) gucharmap gupnp (1.6.6 -> 1.6.7) harfbuzz (9.0.0 -> 10.0.1) kernel-firmware-nvidia-gspx-G06-cuda kernel-source (6.10.11 -> 6.11.0) libeconf (0.7.3 -> 0.7.4) libmbim (1.28.4 -> 1.30.0) libostree (2024.7 -> 2024.8) libpcap libpeas libvirt-glib lightsoff microos-tools (2.21+git13 -> 2.21+git16) openSUSE-release (20240924 -> 20240927) openssh (9.8p1 -> 9.9p1) openssh-askpass-gnome (9.8p1 -> 9.9p1) openssl-3 orc (0.4.39 -> 0.4.40) pam_pkcs11 pinentry pinentry-gui postfix postgresql17 (17~rc1 -> 17.0) python-Jinja2 python-Twisted (24.3.0 -> 24.7.0) python-incremental (22.10.0 -> 24.7.2) python-lxml (5.2.2 -> 5.3.0) python-ptyprocess python-pycurl sac salt sddm sddm-qt6 selinux-policy (20240912 -> 20240925) systemd (256.5 -> 256.6) tcl (8.6.14 -> 8.6.15) tigervnc timezone (2024a -> 2024b) transactional-update (4.8.2 -> 4.8.3) tree (2.1.1 -> 2.1.3) xfce4-dict (0.8.6 -> 0.8.7) xorg-x11-server xwayland === Details === ==== bash ==== Version update (5.2.32 -> 5.2.37) Subpackages: bash-sh - Add upstream patches * bash52-037 Fix the case where text to be completed from the line buffer (quoted) is compared to the common prefix of the possible matches (unquoted) and the quoting makes the former appear to be longer than the latter. Readline assumes the match doesn't add any characters to the word and doesn't display multiple matches. * bash52-036 When readline is accumulating bytes until it reads a complete multibyte character, reading a byte that makes the multibyte character invalid can result in discarding the bytes in the partial character. * bash52-035 There are systems that supply one of select or pselect, but not both. * bash52-034 If we parse a compound assignment during an alias expansion, it's possible to have the current input string popped out from underneath the parse. In this case, we should not restore the input we were using when we began to parse the compound assignment. * bash52-033 A typo in the autoconf test for strtold causes false negatives for strtold being available and working when compiled with gcc-14. - Port patch bash-3.2-printf.patch to fit change in bash52-033 ==== bluez ==== Subpackages: bluez-auto-enable-devices bluez-cups bluez-obexd bluez-zsh-completion libbluetooth3 - add Fix-crash-after-bt_uhid_unregister_all.patch to fix crashes when devices disconnect or go to sleep ==== brltty ==== Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - For the correct generation of pkgIndex.tcl it is required that libbrlapi_tcl can runtime-link to libbrlapi at install time. Set LD_LIBRARY_PATH to allow that. - Work around a syntactic change to TCL_PACKAGE_PATH to fix build with Tcl 8.6.15. ==== cairomm ==== Version update (1.16.1 -> 1.16.2) - update to version 1.16.2: * meson.build: Avoid configuration warnings * MSVC build: Support VS2022 builds (Chun-wei Fan) Merge request !20 * Meson build: When mm-common >= 1.0.4 is used, Perl is not required * Meson build: Specify 'check' option in run_command() Will be necessary with future versions of Meson. Require Meson >= 0.55.0 * Meson build: Avoid unnecessary configuration warnings (Kjell Ahlstedt) ==== chrony ==== Version update (4.5 -> 4.6) Subpackages: chrony-pool-openSUSE - Update to version 4.6: * Add activate option to local directive to set activation threshold * Add ipv4 and ipv6 options to server/pool/peer directive * Add kod option to ratelimit directive for server KoD RATE support * Add leapseclist directive to read NIST/IERS leap-seconds.list file * Add ptpdomain directive to set PTP domain for NTP over PTP * Allow disabling pidfile * Improve copy server option to accept unsynchronised status instantly * Log one selection failure on start * Add offset command to modify source offset correction * Add timestamp sources to ntpdata report * Fix crash on sources reload during initstepslew or RTC initialisation * Fix source refreshment to not repeat failed name resolving attempts * Obsoletes chrony-124-tai.patch - The project's new home is https://chrony-project.org/ . ==== curl ==== Version update (8.10.0 -> 8.10.1) Subpackages: curl-zsh-completion libcurl4 - Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use "curl_response" if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param ==== cyrus-sasl ==== Subpackages: cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-plain libsasl2-3 - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, dDisable openssl3 depricated API warnings. * Add cyrus-sasl-make-digestmd5-work-ssl3.patch ==== expat ==== Subpackages: libexpat1 - updated keyring [https://build.suse.de/request/show/345282] - modified sources % expat.keyring ==== folks ==== Subpackages: folks-data libfolks-eds26 libfolks26 - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== fwupd ==== Version update (1.9.24 -> 1.9.25) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.9.25: + This release fixes the following bugs: - Fix checking new Synaptics MST firmware size - Make another ModemManager instance ID visible for firmware matching - Never set a zero-length device name when matching the vendor name - Recalculate the device supported flag when reparenting devices - Reduce idle power consumption of paired logitech-hidpp devices - Retry the open action to fix BC901 NVMe reload + This release adds support for the following hardware: - Algoltek devices supporting sector erase - Dell K2 dock - Intel USB4 hub 5787 - More MediaTek scaler devices - Nordic HID devices supporting DFUv1 ==== gcc ==== Subpackages: cpp libstdc++-devel - Ensure every -build package conflicts and provides the non-build counterpart (related to boo#1230628) - Make gcc-build-fortran provide and conflict gcc-fortran. ==== gcr ==== Subpackages: gcr-ssh-agent gcr-ssh-askpass gcr-viewer libgck-2-2 libgcr-4-4 typelib-1_0-Gck-2 typelib-1_0-Gcr-4 - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== gcr3 ==== Subpackages: gcr3-data gcr3-prompter gcr3-ssh-agent gcr3-ssh-askpass libgck-1-0 libgcr-3-1 - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== gegl ==== Subpackages: gegl-0_4 libgegl-0_4-0 - add revertleap.patch to get gegl build on older ffmpegs ==== gettext-runtime ==== Subpackages: libtextstyle0 - Move envsubst requires into main package, gettext.sh is not part of gettext-tools, but gettext-runtime (fixes boo#1227070) ==== gstreamer ==== Version update (1.24.7 -> 1.24.8) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.24.8: + Highlighted bugfixes: - decodebin3: collection handling fixes - encodebin: Fix pad removal (and smart rendering in gst-editing-services) - glimagesink: Fix cannot resize viewport when video size changed in caps - matroskamux, webmmux: fix firefox compatibility issue with Opus audio streams - mpegtsmux: Wait for data on all pads before deciding on a best pad unless timing out - splitmuxsink: Override LATENCY query to pretend to downstream that we're not live - video: QoS event handling improvements - voamrwbenc: fix list of bitrates - vtenc: Restart encoding session when certain errors are detected - wayland: Fix ABI break in WL context type name - webrtcbin: Prevent crash when attempting to set answer on invalid SDP - cerbero: ship vp8/vp9 software encoders again, which went missing in 1.24.7; ship transcode plugin - Various bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - clock: Fix unchecked overflows in linear regression code - meta: Add missing include of gststructure.h - pad: Check data NULL-ness when probes are stopped - aggregator: Immediately return NONE from simple_get_next_time() on non-TIME segments ==== gstreamer-plugins-bad ==== Version update (1.24.7 -> 1.24.8) Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.24.8: + GstPlay: Name the different bus + GstPlay: check whether stream is seekable before seeking when state change + GstPlayer: Check GstPlayerSignalDispatcher type + mpegtsmux: Wait for data on all pads before deciding on a best pad unless timing out + mpegtsmux: Fix refcounting issue when selecting the best pad + uvcsink: fix caps event handling + v4l2codecs: h265: Minimize memory allocation + voamrwbenc: fix list of bitrates + vtenc: Restart encoding session when certain errors are detected + wayland: Fix ABI break in WL context type name + webrtcbin: Prevent crash when attempting to set answer on invalid SDP + wpe: fix gst-launch example ==== gstreamer-plugins-base ==== Version update (1.24.7 -> 1.24.8) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.24.8: + decodebin3: Fix collection identity check + encodebin: Fix pad removal + glimagesink: Fix cannot resize viewport when video size changed in caps + video: Don't overshoot QoS earliest time by a factor of 2 + meson: gst-play: link to libm - Drop gst-plugins-base-decodebin3-collection-identity-check.patch: Fixed upstream. - Rebase add_wayland_dep_to_tests.patch with quilt. ==== gstreamer-plugins-good ==== Version update (1.24.7 -> 1.24.8) Subpackages: gstreamer-plugins-good-gtk - Update to version 1.24.8: + jackaudiosrc: actually use the queried ports from JACK + matroskamux: Include end padding in the block duration for Opus streams, fixing firefox compatibility + osxaudio: Avoid dangling pointer on shutdown + splitmuxsink: Override LATENCY query to pretend to downstream that we're not live + v4l2bufferpool: actually queue back the empty buffer flagged LAST + v4l2videoenc: unref buffer pool after usage properly + v4l2: encoder: Add dynamic framerate support ==== gstreamer-plugins-libav ==== Version update (1.24.7 -> 1.24.8) - Update to version 1.24.8: + No changes, stable version bump only. ==== gstreamer-plugins-ugly ==== Version update (1.24.7 -> 1.24.8) - Update to version 1.24.8: + No changes, stable version bump only. ==== gtk4 ==== Version update (4.16.1 -> 4.16.2) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.16.2: + GtkLabel: Fix centered text in RTL + Gsk: - Speed up some Vulkan operations - Improve startup speed by avoiding initialization of GL and Vulkan in most cases - Reduce critials at startup to warnings - Fix a crash on startup with some Vulkan drivers - Fix a big texture leak in NGL + Gdk: Speed up memory format conversions + Wayland: Be more careful with mimetypes during DND or copy-paste + Tools: builder-tool: Improve conversion of boxes + Updated translations. ==== gucharmap ==== Subpackages: libgucharmap_2_90-7 - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== gupnp ==== Version update (1.6.6 -> 1.6.7) - Update to version 1.6.7: + Fix compatiblity with libxml2 2.12.x + Improve reproducability + ControlPoint: Fix re-scan + ContextManager: Fix boot-id update + Context: Fix crash if served URI is not an IP address - Drop 00514fb6.patch: Fixed upstream. ==== harfbuzz ==== Version update (9.0.0 -> 10.0.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 10.0.1: + Relax sanitization checks for “morx” subtables to fix broken AAT shaping of macOS 15.0 version of GeezaPro. - Switch to source service for tarball. - Update to version 10.0.0: + Unicode 16.0.0 support. + Various documentation fixes. + Various build fixes. + Add API to allow HarfBuzz client to set what glyph to use when a Unicode Variation Selector is not supported by the font, which would allow the client to customize what happens in this case, by using a different font for example. + Add a callback to for “hb_face_t” for getting the list of table tags. This is now used to make calling “hb_face_get_table_tags()” work on a faces created by “hb_face_create_for_tables()” (e.g. faces returned by “hb_subset_or_fail()”). + CGJ and Mongolian Variation Selectors are now ignored during glyph positioning, previously they would block both glyph substitution and positioning across them. + Support cairo script as an output format for “hb-view” command line tool. + Drop an optimization that would cause HarfBuzz not apply pair positioning lookup subtables under certain circumstances, for compatibility with other implementations that do apply these subtables. + Subsetting will now fail if source font has no glyphs, so feeding the subsetter invalid data will not silently return an empty face. + If after partially instancing a font no variation data is left (the instance is fully static), don’t consider this a failure. + Workaround a Firefox bug in displaying SVGs generated be “hb-view” command line tool under certain circumstances. + Fix bug in macroman mapping for “cmap” table. + Fix difference shaping output when HarfBuzz is built with with “HB_NO_OT_RULESETS_FAST_PATH” enabled. + Various subsetting and instancing fixes. + Various fuzzing fixes. + Add “with_libstdcxx” meson build option. ==== kernel-firmware-nvidia-gspx-G06-cuda ==== - use SUSE-Firmware as License tag in specfile - switch to official license for NVIDIA firmware files - -> https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/... ==== kernel-source ==== Version update (6.10.11 -> 6.11.0) - Revert "PCI: Extend ACS configurability" (bsc#1229019). - commit 4b97d57 - block: Fix elv_iosched_local_module handling of "none" scheduler (bsc#1230925). - commit d8cfa46 - drm/amdgpu/display: Fix a mistake in revert commit (bsc#1228093 - commit 39574a1 - Refresh patches.suse/ALSA-hda-Enhance-pm_blacklist-option.patch. - Refresh patches.suse/ALSA-hda-Keep-PM-disablement-for-deny-listed-instanc.patch. Update upstream status. - commit 2244c0f ==== libeconf ==== Version update (0.7.3 -> 0.7.4) - Update to version 0.7.4: * Fixed memory leaks (#219) * Fixed: econf_readDirs crashes if one of the paths is NULL (#211) * Added links to man page. E.g. "man econf_readConfig" is working now. * Handle groups correctly which do not have any key entry. ==== libmbim ==== Version update (1.28.4 -> 1.30.0) Subpackages: libmbim-glib4 mbimcli-bash-completion - Update to version 1.30.0: + New Intel Mutual Authentication service + New Intel Tools service + New Google service + Extended the Microsoft-defined Basic Connect Extensions service - Drop patches included upstream: + 0001-intel-mutual-authentication-new-service-fcc-lock.patch + 0002-intel-tools-new-service-trace-config.patch ==== libostree ==== Version update (2024.7 -> 2024.8) Subpackages: libostree-1-1 - Update to version 2024.8: + Adapt to a change in libcurl 8.10.1 that caused ostree to start crashing. + switchroot: Stop making /sysroot mount private. ==== libpcap ==== - enable rdma support (bsc#1230894) ==== libpeas ==== Subpackages: libpeas-1_0-0 libpeas-gtk-1_0-0 libpeas-loader-python3 typelib-1_0-Peas-1_0 typelib-1_0-PeasGtk-1_0 - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== libvirt-glib ==== Subpackages: libvirt-glib-1_0-0 typelib-1_0-LibvirtGLib-1_0 - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== lightsoff ==== - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== microos-tools ==== Version update (2.21+git13 -> 2.21+git16) - Update to version 2.21+git16: * selinux: Avoid parameter duplication * 98selinux-microos: Use a single thread for relabelling /etc * Use all cores for SELinux restorecon (related to jsc#SMO-382) - _service: Omit +git0 suffix in versions ==== openSUSE-release ==== Version update (20240924 -> 20240927) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssh ==== Version update (9.8p1 -> 9.9p1) Subpackages: openssh-clients openssh-common openssh-server - Add a const to the openssl 1.1/RSA section of sshkey_is_private to keep it similar to what it used before the 9.9 rebase: * openssh-8.1p1-audit.patch - Add a openssl11 bcond to the spec file for the SLE12 case instead of checking suse_version in different parts. - Move conditional patches to a number >= 1000. - Update to openssh 9.9p1: = Future deprecation notice * OpenSSH plans to remove support for the DSA signature algorithm in early 2025. This release disables DSA by default at compile time. DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is only 80 bits symmetric equivalent. OpenSSH has disabled DSA keys by default since 2015 but has retained run-time optional support for them. DSA was the only mandatory-to-implement algorithm in the SSHv2 RFCs, mostly because alternative algorithms were encumbered by patents when the SSHv2 protocol was specified. This has not been the case for decades at this point and better algorithms are well supported by all actively-maintained SSH implementations. We do not consider the costs of maintaining DSA in OpenSSH to be justified and hope that removing it from OpenSSH can accelerate its wider deprecation in supporting cryptography libraries. = Potentially-incompatible changes * ssh(1): remove support for pre-authentication compression. OpenSSH has only supported post-authentication compression in the server for some years. Compression before authentication significantly increases the attack surface of SSH servers and risks creating oracles that reveal information about information sent during authentication. * ssh(1), sshd(8): processing of the arguments to the "Match" configuration directive now follows more shell-like rules for quoted strings, including allowing nested quotes and \-escaped characters. If configurations contained workarounds for the previous simplistic quote handling then they may need to be adjusted. If this is the case, it's most likely to be in the arguments to a "Match exec" confition. In this case, moving the command to be evaluated from the Match line to an external shell script is easiest way to preserve compatibility with both the old and new versions. = New features * ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1): the ssh_config "Include" directive can now expand environment as well as the same set of %-tokens "Match Exec" supports. * sshd(8): add a sshd_config "RefuseConnection" option that, if set will terminate the connection at the first authentication request. * sshd(8): add a "refuseconnection" penalty class to sshd_config PerSourcePenalties that is applied when a connection is dropped by the new RefuseConnection keyword. * sshd(8): add a "Match invalid-user" predicate to sshd_config Match options that matches when the target username is not valid on the server. * ssh(1), sshd(8): update the Streamlined NTRUPrime code to a substantially faster implementation. * ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange algorithm now has an IANA-assigned name in addition to the "@openssh.com" vendor extension name. This algorithm is now also available under this name "sntrup761x25519-sha512" * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD. * All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA. * sshd(8): add a random amount of jitter (up to 4 seconds) to the grace login time to make its expiry unpredictable. = Bugfixes * sshd(8): relax absolute path requirement back to what it was prior to OpenSSH 9.8, which incorrectly required that sshd was started with an absolute path in inetd mode. bz3717 * sshd(8): fix regression introduced in openssh-9.8 that swapped the order of source and destination addresses in some sshd log messages. * sshd(8): do not apply authorized_keys options when signature verification fails. Prevents more restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733 * ssh-keygen(1): include pathname in some of ssh-keygen's passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 * ssh(1), ssh-add(1): make parsing user@host consistently look for the last '@' in the string rather than the first. This makes it possible to more consistently use usernames that contain '@' characters. * ssh(1), sshd(8): be more strict in parsing key type names. Only allow short names (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725 * regress: many performance and correctness improvements to the re-keying regression test. ... changelog too long, skipping 41 lines ... - Use gcc11 when building in SLE12 and SLE15. ==== openssh-askpass-gnome ==== Version update (9.8p1 -> 9.9p1) - Update to openssh 9.9p1: * No changes for askpass, see main package changelog for details. ==== openssl-3 ==== Subpackages: libopenssl3 - Security fix: [bsc#1230698, CVE-2024-41996] * Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used * Added openssl-CVE-2024-41996.patch ==== orc ==== Version update (0.4.39 -> 0.4.40) - Update to version 0.4.40: + Security: Minor follow-up fixes for CVE-2024-40897 + Fix include header use from C++ + orccodemem: Assorted memory mapping fixes + powerpc: fix div255w which still used the inexact substitution + powerpc: Disable VSX and ISA 2.07 for Apple targets + powerpc: Allow detection of ppc64 in Mac OS + x86: work around old GCC versions (pre 9.0) having broken xgetbv implementationsv + x86: consider MSYS2/Cygwin as Windows for ABI purposes only + x86: handle unnatural and misaligned array pointers + x86: Fix non-C11 typedefs + x86: try fixing AVX detection again by adding check for XSAVE + Some compatibility fixes for Musl + meson: Fix detecting XSAVE on older AppleClangv + Check return values of malloc() and realloc() ==== pam_pkcs11 ==== - Fix for boo#1230870: * Add patch 0001-memory-leak-fixes.patch - Add -Wno-implicit-function-declaration to CFLAGS to fix build with gcc14 and newer ==== pinentry ==== - Make pinentry-efl optional ==== pinentry-gui ==== Subpackages: pinentry-gnome3 pinentry-gtk2 pinentry-qt6 - Make pinentry-efl optional ==== postfix ==== - Missing posttls-finger in postfix though changes mention it (bsc#1221501) ==== postgresql17 ==== Version update (17~rc1 -> 17.0) Subpackages: libpq5 postgresql17-contrib postgresql17-llvmjit postgresql17-server - Upgrade to 17.0.0: * New memory management system for VACUUM, which reduces memory consumption and can improve overall vacuuming performance. * New SQL/JSON capabilities, including constructors, identity functions, and the JSON_TABLE() function, which converts JSON data into a table representation. * Various query performance improvements, including for sequential reads using streaming I/O, write throughput under high concurrency, and searches over multiple values in a btree index. * Logical replication enhancements, including: + Failover control + pg_createsubscriber, a utility that creates logical replicas from physical standbys + pg_upgrade now preserves replication slots on both publishers and subscribers * New client-side connection option, sslnegotiation=direct, that performs a direct TLS handshake to avoid a round-trip negotiation. * pg_basebackup now supports incremental backup. * COPY adds a new option, ON_ERROR ignore, that allows a copy operation to continue in the event of an error. * https://www.postgresql.org/about/news/p-2936/ * https://www.postgresql.org/docs/17/release-17.html ==== python-Jinja2 ==== - Fix build error under Leap. ==== python-Twisted ==== Version update (24.3.0 -> 24.7.0) Subpackages: python311-Twisted python311-Twisted-tls - Add upstream patch 12313-fix-test_manhole.patch to fix test failure with latest python312 - Update to 24.7.0 * 24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279) * twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). (#9839) * The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248) * twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645) * twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972) * twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065) * twisted.web.wsgi request environment now contains the peer port number as `REMOTE_PORT`. (#12096) * twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() no longer use `assert` to check the type of the arguments. You should now use type checking to validate your code. These changes were done to reduce the CPU usage. (#12122) * Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.\ failureHandler, which allow for more concise and convenient handling of exceptions when dispatching out to application code. The former can arbitrarily customize failure handling at the call site, and the latter can be used for performance-sensitive cases where no additional information needs to be logged. (#12188) * twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223) * twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227) * twisted.internet.ssl.Certificate.__repr__ can now handle certificates without a common name (CN) in the certificate itself or the signing CA. (#5851) * Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry and its implementations, twisted.conch.client.knownhosts.PlainHost and twisted.conch.client.knownhosts.HashedHost, correcting a variety of type confusion issues throughout the conch client code. (#9713) * twisted.python.failure.Failure once again utilizes the custom pickling logic it used to in the past. (#12112) * twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs an exception when automatically adding an IP address host key, which means the interactive `conch` command-line no longer will either. (#12141) * The IRC server example found in the documentation was updated for readability. (#12097) * Remove contextvars from list of optional dependencies. (#12128) * The documentation for installing Twisted was moved into a single page. (#12145) * The project's compatibility policy now clearly indicates that the GitHub Actions test matrix defines the supported platforms. (#12167) * Updated imap4client.py example, it no longer references Python 2. (#12252) * twisted.internet.defer.returnValue has been deprecated. You can replace it with the standard `return` statement. (#9930) * The `twisted-iocpsupport` is no longer a hard dependency on Windows. * The IOCP support is now installed together with the other Windows soft * dependencies via `twisted[windows-platform]`. (#11893) * twisted.python.deprecate helper function will now always strip whitespaces from the docstrings. * This is done to have the same behaviour as with Python 3.13. (#12063) * twisted.conch.manhole.ManholeInterpreter.write, twisted.conch.manhole.ManholeInterpreter. addOutput, twisted.mail.imap4.IMAP4Server.sendUntaggedResponse `async` argument, deprecated since 18.9.0, has been removed. (#12130) * twisted.web.soap was removed. * The SOAP support was already broken, for at least the last 4 years. * The SOAP support in Twisted has no active maintainer. (#12146) * Fix #11744, #11771, #12113, #12154, #12169, #12179, #12193, #12195, [#12197], #12215, #12221, #12243, #12249, #12254, #12259, #12669 * twisted.conch.insults.window.Widget.functionKeyReceived now dispatches functional key events to corresponding `func_KEYNAME` methods, where `KEYNAME` can be `F1`, `F2`, `HOME`, `UP_ARROW` etc. This is a regression introduced with #8214 in Twisted 16.5.0, where events changed from `const` objects to bytestrings in square brackets like `[F1]`. (#12046) * twisted.web.agent.Agent now allows duplicate Content-Length headers having the same value, per RFC 9110 section 8.6. It is otherwise more strict when parsing Content-Length header values. (#9064) * twisted.web.client.HTTPConnectionPool used by HTTP clients now runs faster by using a little less CPU. (#12108) * twisted.web.http_headers now uses less CPU, making a small HTTP client request 10% faster or so. (#12116) * twisted.web's HTTP/1.1 server now runs a little faster, with about 10% lower CPU overhead. (#12133) * twisted.web's HTTP 1.1 server is an additional 5% faster. (#12155) * twisted.web.http.IM_A_TEAPOT was added and returns `I'm a teapot` * as default message for the status code 418, * as defined in RFC 2324 section 2.3.2. (#12104) * The HTTP 1.0/1.1 server provided by twisted.web is now more picky about the first line of a request, improving compliance with RFC 9112. (#12233) * The HTTP 1.0/1.1 server provided by twisted.web now constraints the character set of HTTP header names, improving compliance with RFC 9110. (#12235) * Fix ReverseProxyResource example in developer guide. (#12152) * twisted.web.util.ChildRedirector, which has never worked on Python 3, has been removed. (#9591) * ``twisted.web.http.Request.setResponseCode()`` no longer validates the types of inputs; we encourage you to use a type checker like mypy to catch these sort of errors. The long-deprecated ``twisted.web.server.string_date_time()`` and ``twisted.web.server.date_time_string()`` APIs were removed altogether. (#12133) * twisted.web.http.HTTPClient is now deprecated in favor of twisted.web.client.Agent (#12158) * Fix #12098, #12194, #12200, #12241, #12257 - Drop CVE-2024-41671.patch, merged upstream - Drop CVE-2024-41810.patch, merged upstream - Refresh 1521_delegate_parseqs_stdlib_bpo42967.patch - Refresh no-cython_test_exception_raiser.patch ==== python-incremental ==== Version update (22.10.0 -> 24.7.2) - Update to 24.7.2 * Incremental could mis-identify that a project had opted in to version management. - from version 24.7.1 * Incremental 24.7.0 would produce an error when parsing the ``pyproject.toml`` of a project that lacked the ``use_incremental=True`` or ``[tool.incremental]`` opt-in markers if that file lacked a ``[project]`` section containing the package name. This could cause a project that only uses ``pyproject.toml`` to configure tools to fail to build if Incremental is installed. Incremental now ignores such projects. (#100) * Fix issue #101 - from version 24.7.0 * Incremental can now be configured using ``pyproject.toml``. (#90) * Incremental now provides a read-only `Hatchling version source plugin (#93) * Incremental no longer inserts a dot before the rc version component (i.e., ``1.2.3rc1`` instead of ``1.2.3.rc1``), resulting in version numbers in the `canonical format. (#81) * Incremental's tests are now included in the sdist release artifact. (#80) * ``incremental[scripts]`` no longer depends on Twisted. (#88) * Support for Python 2.7 has been dropped for lack of test infrastructure. We no longer provide universal wheels. (#86) * Support for Python 3.5, 3.6, and 3.7 has been dropped for lack of test infrastructure. (#92) - Limit Python files matched in %files section - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Allow test_prereleaseAttributeDeprecated and test_prereleaseDeprecated tests again - Skip tests from skip_examples.py - Update BuildRequires from pyproject.toml ==== python-lxml ==== Version update (5.2.2 -> 5.3.0) - 5.3.0 (2024-08-10) Features added - GH#421: Nested CDATA sections are no longer rejected but split on output to represent ]]> correctly. Patch by Gertjan Klein. Bugs fixed - LP#2060160: Attribute values serialised differently in xmlfile.element() and xmlfile.write(). - LP#2058177: The ISO-Schematron implementation could fail on unknown prefixes. Patch by David Lakin. Other changes - LP#2067707: The strip_cdata option in HTMLParser() turned out to be useless and is now deprecated. - Built with Cython 3.0.11. ==== python-ptyprocess ==== - Fix build error under Leap. ==== python-pycurl ==== - Add upstream patch test-bottle-flask.patch to use Flask instead of bottle for tests. gh#pycurl/pycurl#838 ==== sac ==== - Use SOURCE_DATE_EPOCH for reproducible jar mtime ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Avoid explicit reading of /etc/salt/minion (bsc#1220357) - Allow NamedLoaderContexts to be returned from loader - Revert the change making reactor less blocking (bsc#1230322) - Use --cachedir for extension_modules in salt-call (bsc#1226141) - Prevent using SyncWrapper with no reason - Added: * avoid-explicit-reading-of-etc-salt-minion-bsc-122035.patch * allow-namedloadercontexts-to-be-returned-from-loader.patch * revert-the-change-making-reactor-less-blocking-bsc-1.patch * use-cachedir-for-extension_modules-in-salt-call-bsc-.patch * prevent-using-syncwrapper-with-no-reason.patch ==== sddm ==== Subpackages: sddm-branding-openSUSE sddm-greeter-qt5 - Move default value for [Autologin] Session 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch to 00-general.conf - Add patches to make autologin with wayland more reliable (boo#1221507): * 0001-Remove-unused-Display-m_relogin-variable.patch * 0002-Set-Display-m_started-early.patch * 0003-Load-autologin-configuration-in-Display-Display.patch * 0004-Reset-daemonApp-first-in-the-Display-constructor.patch * 0005-If-autologin-is-used-avoid-starting-a-display-server.patch - Rebase 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch ==== sddm-qt6 ==== Subpackages: sddm-greeter-qt6 - Move default value for [Autologin] Session 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch to 00-general.conf - Add patches to make autologin with wayland more reliable (boo#1221507): * 0001-Remove-unused-Display-m_relogin-variable.patch * 0002-Set-Display-m_started-early.patch * 0003-Load-autologin-configuration-in-Display-Display.patch * 0004-Reset-daemonApp-first-in-the-Display-constructor.patch * 0005-If-autologin-is-used-avoid-starting-a-display-server.patch - Rebase 0001-Read-the-DISPLAYMANAGER_AUTOLOGIN-value-from-sysconf.patch ==== selinux-policy ==== Version update (20240912 -> 20240925) Subpackages: selinux-policy-targeted - Update to version 20240925: * Allow snapperd to manage unlabeled_t files (bsc#1230966) - Update to version 20240924: * Revert "Allow virtstoraged to manage images (bsc#1228742)" * Label /etc/mdevctl.d with mdevctl_conf_t * Sync users with Fedora targeted users * Update policy for rpc-virtstorage * Allow virtstoraged get attributes of configfs dirs * Fix SELinux policy for sandbox X server to fix 'sandbox -X' command * Update bootupd policy when ESP is not mounted * Allow thumb_t map dri devices * Allow samba use the io_uring API * Allow the sysadm user use the secretmem API * Allow nut-upsmon read systemd-logind session files * Allow sysadm_t to create PF_KEY sockets * Update bootupd policy for the removing-state-file test - Fix macros.selinux-policy (bsc#1230897) - %selinux_relabel_post should not relabel files in transactional systems in %post as the policy is not loaded into the kernel directly after install, instead the relabelling will happen on the next boot ==== systemd ==== Version update (256.5 -> 256.6) Subpackages: libsystemd0 libudev1 systemd-container udev - Import commit 8a0ae4d90aff1d067a125ff9366eafc7dd5d4701 (merge of v256.6) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/bef0958f4db1b774c23505e93537ffe1... - Don't try to restart the udev socket units anymore (bsc#1228809) There's currently no way to restart a socket activable service and its socket units "atomically" and safely. - Move 80-container-host0.network back to the network sub-package (bsc#1229098) Rev 428 mistakenly moved it to the container sub-package. ==== tcl ==== Version update (8.6.14 -> 8.6.15) - TCL_PACKAGE_PATH now needs to be a unix-style path separated by colons rather than a Tcl list. - Version 8.6.15: * [d63061] remove private unicode 0xE000-0xF8FF from unicode control group * [1b8a89] TCL_PACKAGE_PATH in tclConfig.sh change from TCL list to ":" separated items * ** POTENTIAL INCOMPATIBILITY *** * [1acd17] fix compiled mapped ensembles * [f23022] fix encoding koi8-u codepoint 0xB4 * [6811a0] speedup op unicode transformation related operations * Add encodings: koi8-ru, koi8-t * [7cb740] Fix Tcl_ParseArgsObjv with TCL_ARGV_GENFUNC option * Hash speedup for pointer compare. Option TCL_HASH_KEY_DIRECT_COMPARE for hash tables * [TIP 692] Deprecate Tcl_GetAlias() * [a5f4a7] Correct tcl::tm::path autoload * [3c26de] Remove empty all items from tclConfig.sh path variables. * [87271f] Fix crash in oo+coroutine * [7842f3] fix crash in oo destructors in same namespace * [79474c] Fix crash in reflected channels * [c6897e] Fix crash due to unchecked file descriptor size * [3fc328] Fix report of non ASCII computer names on Windows * [e3f4a8] Fix error message caused by interp limit * [1d26e5] Source files with BOM also in safe interpreters * [5fca83] Fix encoding system result for system locale ISO-8859-1 * [0de6c1] Fix crash in [child invokehidden info frame] * [74b611] Fix removal of oo variable by [info exists] * [91b3a5] Make [self] work inside [$obj eval] * [154f09] Tcl_NewObjectInstance() errors on namespace re-use * ** POTENTIAL INCOMPATIBILITY -- breaks Itcl 4.2 *** * [2da1cb] Fix [$obj varname] for linked varnames * Unicode version 16 * [7179c6] Fix byte compiled [incr] with wide int increment ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - added conflicts to patterns-wsl-tmpfiles as this patterns package creates a symlink from /tmp/.X11-unix to /mnt/wslg/.X11-unix and therefore prevents Xvnc from creating this needed directory (bsc#1230755) ==== timezone ==== Version update (2024a -> 2024b) Subpackages: tzselect - Update to 2024b: * Improve historical data for Mexico, Mongolia, and Portugal. * System V names are now obsolescent. * The main data form now uses %z. * The code now conforms to RFC 8536 for early timestamps. * Support POSIX.1-2024, which removes asctime_r and ctime_r. * Assume POSIX.2-1992 or later for shell scripts. * SUPPORT_C89 now defaults to 1. ==== transactional-update ==== Version update (4.8.2 -> 4.8.3) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit - Version 4.8.3 - Check return value of register command [bsc#1230901] ==== tree ==== Version update (2.1.1 -> 2.1.3) - update to 2.1.3: * Mostly a brown-paper bag release to fix the below regression and add a feature I forgot to add. * Fix regression in search() function that broke --fromfile * Allow the -L option to accept its parameter immediately (with no space) instead of requiring it be the next option word. * Fix issue where --gitignore does not think a pattern with a singular terminal '/' (indicating it matches only directories,) is a relative path. * Don't emit the error 'recursive, not followed' if when using -L, the depth would prevent descending anyway. This also fixes up a JSON output error (missing comma) when this happens. * Don't prematurely sort files/directories with - -from*file. (gitlab @jack6th) * Various seg-faults fixed - Make doubly sure that there is actually a previous path entry when reading from a tabbed file. - Make sure there is actually a file entity when applying the link info to it when reading fromfile using --fflinks. - Increase space for the path a little in listdir(), just to be sure. * Make sure that there is no topsort (--dirsfirst / - -filesfirst) if there is no basesort (-U). * Make sure gittrim() function can handle a null string. - Source tarball URL was unresolvable, update it to the correct version based on https://gitlab.com/OldManProgrammer/unix-tree ==== xfce4-dict ==== Version update (0.8.6 -> 0.8.7) Subpackages: xfce4-dict-lang - Update to version 0.8.7 * panel-plugin: Drop submenu (#2) * panel-plugin: Add submenus to toggle search mode (#2) * panel-plugin: Reduce default text size * panel-plugin: Restore function of the button in text entry * Change log level (#17) * prefs: Add radio buttons to correct group * scan-build: Fix deadcode.DeadStores * scan-build: Add false positive file * I18n: Update po/LINGUAS list * build: Use XDT_VERSION_INIT and get rid of configure.ac.in * build: Switch from intltool to gettext * Translation Updates ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - added conflicts to patterns-wsl-tmpfiles to Xserver packages as this patterns package creates a symlink from /tmp/.X11-unix to /mnt/wslg/.X11-unix and therefore prevents Xservers from creating this needed directory (bsc#1230755) ==== xwayland ==== - added conflicts to patterns-wsl-tmpfiles as this patterns package creates a symlink from /tmp/.X11-unix to /mnt/wslg/.X11-unix and therefore prevents Xwayland from creating this needed directory (bsc#1230755)