Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20240918 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: emacs ffmpeg-4 gnome-online-accounts (3.50.4 -> 3.50.5) gnome-remote-desktop (46.4 -> 46.5) gnome-shell (46.4 -> 46.5) gnome-software (46.4 -> 46.5) groff groff-full gtk4 (4.16.0 -> 4.16.1) gvfs (1.54.2 -> 1.54.3) kernel-firmware (20240912 -> 20240913) kexec-tools kwallet libadwaita (1.5.3 -> 1.5.4) libcbor librsvg (2.58.3 -> 2.58.4) mc (4.8.31 -> 4.8.32) mutter (46.4 -> 46.5) openSUSE-release (20240916 -> 20240918) ovmf pam pam-config (2.11+git.20240906 -> 2.11+git.20240911) pam-full-src polari (46.0 -> 46.0+18) poppler poppler-qt6 python-cryptography python-ldap python-numpy (2.0.0 -> 2.1.1) python311 (3.11.9 -> 3.11.10) python311-core (3.11.9 -> 3.11.10) rpm-config-SUSE shim transactional-update (4.8.1 -> 4.8.2) wayland (1.23.0 -> 1.23.1) === Details === ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Add patch emacs-gcc14.patch to make flymake-tests work even with gcc14 (backport from upstream master) ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - Add ffmpeg-4-CVE-2024-7055.patch: Backporting 3faadbe2 from upstream, Use 64bit for input size check, Fixes: out of array read, Fixes: poc3. (CVE-2024-7055, bsc#1229026) ==== gnome-online-accounts ==== Version update (3.50.4 -> 3.50.5) Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2 - Update to version 3.50.5: + goaimapsmtpprovider: quick fix for yahoo auto-detect + Updated translations. ==== gnome-remote-desktop ==== Version update (46.4 -> 46.5) - Update to version 46.5: + Updated translations. ==== gnome-shell ==== Version update (46.4 -> 46.5) Subpackages: gnome-extensions gnome-shell-calendar - Update to version 46.5: + Fix smartcard logins + Fix glitch when quick settings menu animation is interrupted + Fix new wifi connections for restricted users + Do not disable required animations + Fix showing pending PAM messages on login screen + Plugged leak + Misc. bug fixes and cleanups + Updated translations. - Drop gnome-shell-private-connection.patch: Should not be needed anymore after changes upstream. ==== gnome-software ==== Version update (46.4 -> 46.5) Subpackages: gnome-software-plugin-packagekit - Update to version 46.5: + Reduce power usage when the main window is closed. + Updated translations. ==== groff ==== - Add groff-restore-hyphen-minus.patch (bsc#1226153) ==== groff-full ==== Subpackages: gxditview - Add groff-restore-hyphen-minus.patch (bsc#1226153) ==== gtk4 ==== Version update (4.16.0 -> 4.16.1) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.16.1: + GtkFileChooser: Plug a memory leak + GtkCalendar: Avoid ending up with invalid dates + Printing: Fix initial printer selection in the print dialog + Gsk: - Fix shadows for opaque textures - Fix a crash in a corner case + Css: Make relative paths work again in theme files + Accessibility: Fix detection of the Flatpak portal + Updated translations. ==== gvfs ==== Version update (1.54.2 -> 1.54.3) Subpackages: gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-fuse - Update to version 1.54.3: + onedrive: - Set name of drive root - Handle multiple drives with same IDs - Guess mime type locally if not set by the server + Updated translations. ==== kernel-firmware ==== Version update (20240912 -> 20240913) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20240913 (git commit bcbdd1670bc3): * amdgpu: update DMCUB to v0.0.233.0 DCN351 * copy-firmware: Handle links to uncompressed files * WHENCE: Fix battmgr.jsn entry type - Drop obsoleted workaround patch: copy-firmware-fix-symlink-without-compress.patch - Temporary revert for ath12k firmware (bsc#1230596) ==== kexec-tools ==== - To create rckexec-reload, the service binary is required at build time. This binary is provided by aaa_base. Make sure this package is available during build. ==== kwallet ==== - Use the %lang_package macro for kwallet-tools-lang (boo#1230570) ==== libadwaita ==== Version update (1.5.3 -> 1.5.4) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.5.4: + AdwAboutDialog/Window: Support non-deprecated GPL-2/3.0-only SPDX IDs + AdwHeaderBar: Fix back button menu picking up phantom pages in some situations + AdwTabBar/Overview: Fix 2 crashes with drag-n-drop + Stylesheet: Fix scroll undershoot in dropdowns and emoji picker + Updated translations. ==== libcbor ==== - The doc fails to build with an assert in sphinx in 15sp6 also. ==== librsvg ==== Version update (2.58.3 -> 2.58.4) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.58.4: + Fix regression when using an SVG inside a feImage element. ==== mc ==== Version update (4.8.31 -> 4.8.32) Subpackages: mc-lang - Update to 4.8.32: - Core - Tell the current directory to the terminal using OSC 7 sequence (so it can open new tabs there) (#3088) - Preserve ext2fs attributes on copy/move operations (#4532) - Change name of temporary directory: make it unique for each run (#4535) - Hide password in file operation progress dialog (#4541) - Support reget in file move operation (#4563) - Implement nanosecond precision timestamps on non-Linux (macOS, BSD, AIX, Solaris) (#4563) - Remove remaining mmap code to simplify maintenance (#3960) - VFS - extfs: support unrar-7 (#4518) - Editor - Improve syntax highlighting: - C and C++ (MidnightCommander?/mc#195, #4556) - Viewer - Diff viewer - Add man page mcdiff.1 (#4224) - Misc - Code cleanup (#4524) - New skins - xoria256-thin, xoria256root-thin (#4530) - modarcon16-defbg-thin, modarcon16-thin, modarcon16root-defbg-thin, modarcon16root-thin (#4530) - modarin256-defbg-thin, modarin256-thin, modarin256root-defbg-thin, modarin256root-thin (#4530) - julia256root (#4536) - mc.ext.ini: clarify escaping of spaces and parenthesis (#4502) - Fixes - External editor does not work with arguments in $EDITOR (#4533) - fish shell: strings " cd (printf '%b' ... " in history (#4521) - Redundant back slashes for autocomplete (#4292) - subshell: call execl with argv[0] that is not an actual path to Bash (#4549) - mcedit: php.syntax: comment highlight from start of light only (#4519) - mcedit: wrong replacement using regular expressions with begin or end of line (#4525, #4526) - mcedit: losing column position when navigating up/down (MidnightCommander?/mc#194) - mcedit: macro deletes text (#4540) - mcedit: macros are applied to the pasted text (#4562) - extfs: iso9660: xorriso is slow to open an ISO image (#3570, #4567) - extfs: u7z: wrong add of nested directories to archive (#4559) - extfs: segfault on enter to deleted archive (#4560) - tar: segfault on copy files from archive (#4561) - man: typo (#4550) - Remove mc-extfs-iso9660-xorriso.patch patch which doesn't apply anymore. - Other patches reapplied. ==== mutter ==== Version update (46.4 -> 46.5) - Update to version 45.5: + Fix drag and drop between X11 and wayland clients + Fix drag and drop from grabbing popups + Fix EGLDevice support + Fix frozen cursor on some hybrid machines + Fix touch window dragging with pointer lock enabled + Fix propagating tablet device removals to clients + Fix tablet input in maximized windows + Reduce damage on window movement + Fix frozen cursor after suspend + Fix using modifiers on multi-GPU setups + Fixed crashes + Misc. bug fixes and cleanups + Updated translations. ==== openSUSE-release ==== Version update (20240916 -> 20240918) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== ovmf ==== Subpackages: qemu-uefi-aarch64 - Add ovmf-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in (bsc#1230587) ==== pam ==== - baselibs.conf: add pam-userdb - pam_limits-systemd.patch: update to final PR - Add systemd-logind support to pam_limits (pam_limits-systemd.patch) - Remove /usr/etc/pam.d, everything should be migrated - Remove pam_limits from default common-sessions* files. pam_limits is now part of pam-extra and not in our default generated config. - pam_issue-systemd.patch: only count class user sessions ==== pam-config ==== Version update (2.11+git.20240906 -> 2.11+git.20240911) - Add PreRequires for pam-extra, several other packages depend on that pam_limits is installed and enabled by default - Update to version 2.11+git.20240911: * Only add pam_limits if available ==== pam-full-src ==== - baselibs.conf: add pam-userdb - pam_limits-systemd.patch: update to final PR - Add systemd-logind support to pam_limits (pam_limits-systemd.patch) - Remove /usr/etc/pam.d, everything should be migrated - Remove pam_limits from default common-sessions* files. pam_limits is now part of pam-extra and not in our default generated config. - pam_issue-systemd.patch: only count class user sessions ==== polari ==== Version update (46.0 -> 46.0+18) - Update to version 46.0+18: + joinDialog: Fix closing the dialog. + Updated translations. ==== poppler ==== Subpackages: libpoppler-cpp1 libpoppler-glib8 libpoppler139 poppler-tools - Poppler can load ghostscript fonts (n022003l.pfb and the like) so the package now recommends the ghostscript-fonts-std package (boo#1230636). ==== poppler-qt6 ==== - Poppler can load ghostscript fonts (n022003l.pfb and the like) so the package now recommends the ghostscript-fonts-std package (boo#1230636). ==== python-cryptography ==== - Fix building on SLE based distributions ==== python-ldap ==== - Enable sle15_python_module_pythons (boo#1229549) ==== python-numpy ==== Version update (2.0.0 -> 2.1.1) - Update to 2.1.1 * #27259: BUG: revert unintended change in the return value of set_printoptions * #27266: BUG: fix reference counting bug in __array_interface__ implementation... * #27267: TST: Add regression test for missing descr in array-interface * #27276: BUG: Fix #27256 and #27257 * #27278: BUG: Fix array_equal for numeric and non-numeric scalar types * #27304: BUG: f2py: better handle filtering of public/private subroutines - Update to 2.1.0 * Support for Python 3.13. * Preliminary support for free threaded Python 3.13. * Support for the array-api 2023.12 standard. [#]# New functions * A new function np.unstack(array, axis=...) was added, which splits an array into a tuple of arrays along an axis. It serves as the inverse of numpy.stack. (gh-26579) [#]# Deprecations * The fix_imports keyword argument in numpy.save is deprecated. Since NumPy 1.17, numpy.save uses a pickle protocol that no longer supports Python 2, and ignored fix_imports keyword. This keyword is kept only for backward compatibility. It is now deprecated. (gh-26452) * Passing non-integer inputs as the first argument of bincount is now deprecated, because such inputs are silently cast to integers with no warning about loss of precision. (gh-27076) [#]# Expired deprecations * Scalars and 0D arrays are disallowed for numpy.nonzero and numpy.ndarray.nonzero. (gh-26268) * set_string_function internal function was removed and PyArray_SetStringFunction was stubbed out. (gh-26611) [#]# C API changes * API symbols now hidden but customizable * Many shims removed from npy_3kcompat.h * New PyUFuncObject field process_core_dims_func [#]# New Features * Preliminary Support for Free-Threaded CPython 3.13 * f2py can generate freethreading-compatible C extensions [#]# Improvements * histogram auto-binning now returns bin sizes >=1 for integer input data * ndarray shape-type parameter is now covariant and bound to tuple[int, ...] * np.quantile with method closest_observation chooses nearest even order statistic * lapack_lite is now thread safe * The numpy.printoptions context manager is now thread and async-safe * Type hinting numpy.polynomial * Improved numpy.dtypes type hints [#]# Performance improvements and changes * ma.cov and ma.corrcoef are now significantly faster [#]# Changes * ma.corrcoef may return a slightly different result * Cast-safety fixes in copyto and full - Release 2.0.1 [#]# Improvements * np.quantile with method closest_observation chooses nearest even order statistic ==== python311 ==== Version update (3.11.9 -> 3.11.10) Subpackages: python311-curses python311-dbm - Update to 3.11.10: - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for ``python -i``, as well as for ``python -m asyncio``. The event in question is ``cpython.run_stdin``. - gh-122133: Authenticate the socket connection for the ``socket.socketpair()`` fallback on platforms where ``AF_UNIX`` is not available like Windows. Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie <el@horse64.org> - gh-121285: Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - gh-118486: :func:`os.mkdir` on Windows now accepts * mode* of ``0o700`` to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary directory is more permissive than the default. - gh-116741: Update bundled libexpat to 2.6.2 - Library - gh-123270: Applied a more surgical fix for malformed payloads in :class:`zipfile.Path` causing infinite loops (gh-122905) without breaking contents using legitimate characters (bsc#1229704, CVE-2024-8088). - gh-123067: Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies` (bsc#1229596, CVE-2024-7592). - gh-122905: :class:`zipfile.Path` objects now sanitize names from the zipfile. - gh-121650: :mod:`email` headers with embedded newlines are now quoted on output. The :mod:`~email.generator` will now refuse to serialize (write) headers that are unsafely folded or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`; CVE-2024-6923, bsc#1228780). - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method breaks internal buffer when the method is called again during flushing internal buffer. - gh-118643: Fix an AttributeError in the :mod:`email` module when re-fold a long address list. Also fix more cases of incorrect encoding of the address separator in the address list. - gh-113171: Fixed various false positives and false negatives in * :attr:`ipaddress.IPv4Address.is_private` (see these docs for details) * :attr:`ipaddress.IPv4Address.is_global` * :attr:`ipaddress.IPv6Address.is_private` * :attr:`ipaddress.IPv6Address.is_global` Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network` attributes. Fixes bsc#1226448 (CVE-2024-4032). - gh-102988: :func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now return ``('', '')`` 2-tuples in more situations where invalid email addresses are encountered instead of potentially inaccurate values. Add optional *strict* parameter to these two functions: use ``strict=False`` to get the old behavior, accept malformed inputs. ``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check if the *strict* paramater is available. Patch by Thomas Dwyer and Victor Stinner to improve the CVE-2023-27043 fix (bsc#1210638). - gh-67693: Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple slashes and no authority. Based on patch by Ashwin Ramaswami. - Core and Builtins - gh-112275: A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by Victor Stinner. - gh-109120: Added handle of incorrect star expressions, e.g ``f(3, *)``. Patch by Grigoryev Semyon - Removed upstreamed patches: - CVE-2023-27043-email-parsing-errors.patch - CVE-2024-4032-private-IP-addrs.patch - CVE-2024-6923-email-hdr-inject.patch - CVE-2024-8088-inf-loop-zipfile_Path.patch - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving tests on Linux >= 6.10 (GH-120227). ==== python311-core ==== Version update (3.11.9 -> 3.11.10) Subpackages: libpython3_11-1_0 python311-base - Update to 3.11.10: - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for ``python -i``, as well as for ``python -m asyncio``. The event in question is ``cpython.run_stdin``. - gh-122133: Authenticate the socket connection for the ``socket.socketpair()`` fallback on platforms where ``AF_UNIX`` is not available like Windows. Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie <el@horse64.org> - gh-121285: Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - gh-118486: :func:`os.mkdir` on Windows now accepts * mode* of ``0o700`` to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary directory is more permissive than the default. - gh-116741: Update bundled libexpat to 2.6.2 - Library - gh-123270: Applied a more surgical fix for malformed payloads in :class:`zipfile.Path` causing infinite loops (gh-122905) without breaking contents using legitimate characters (bsc#1229704, CVE-2024-8088). - gh-123067: Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies` (bsc#1229596, CVE-2024-7592). - gh-122905: :class:`zipfile.Path` objects now sanitize names from the zipfile. - gh-121650: :mod:`email` headers with embedded newlines are now quoted on output. The :mod:`~email.generator` will now refuse to serialize (write) headers that are unsafely folded or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`; CVE-2024-6923, bsc#1228780). - gh-119506: Fix :meth:`!io.TextIOWrapper.write` method breaks internal buffer when the method is called again during flushing internal buffer. - gh-118643: Fix an AttributeError in the :mod:`email` module when re-fold a long address list. Also fix more cases of incorrect encoding of the address separator in the address list. - gh-113171: Fixed various false positives and false negatives in * :attr:`ipaddress.IPv4Address.is_private` (see these docs for details) * :attr:`ipaddress.IPv4Address.is_global` * :attr:`ipaddress.IPv6Address.is_private` * :attr:`ipaddress.IPv6Address.is_global` Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network` attributes. Fixes bsc#1226448 (CVE-2024-4032). - gh-102988: :func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now return ``('', '')`` 2-tuples in more situations where invalid email addresses are encountered instead of potentially inaccurate values. Add optional *strict* parameter to these two functions: use ``strict=False`` to get the old behavior, accept malformed inputs. ``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check if the *strict* paramater is available. Patch by Thomas Dwyer and Victor Stinner to improve the CVE-2023-27043 fix (bsc#1210638). - gh-67693: Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple slashes and no authority. Based on patch by Ashwin Ramaswami. - Core and Builtins - gh-112275: A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by Victor Stinner. - gh-109120: Added handle of incorrect star expressions, e.g ``f(3, *)``. Patch by Grigoryev Semyon - Removed upstreamed patches: - CVE-2023-27043-email-parsing-errors.patch - CVE-2024-4032-private-IP-addrs.patch - CVE-2024-6923-email-hdr-inject.patch - CVE-2024-8088-inf-loop-zipfile_Path.patch - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving tests on Linux >= 6.10 (GH-120227). ==== rpm-config-SUSE ==== - Use a deterministic binarychangelogtrim based on build times of BuildRequires (boo#1047218) ==== shim ==== - Update shim-install to apply the missing fix for openSUSE Leap (bsc#1210382) * 86b73d1 Fix that bootx64.efi is not updated on Leap - Update shim-install to use the 'removable' way for SL-Micro (bsc#1230316) * 433cc4e Always use the removable way for SL-Micro ==== transactional-update ==== Version update (4.8.1 -> 4.8.2) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit - Version 4.8.2 - Allow specifying only low value with setup-kdump [bsc#1230537] ==== wayland ==== Version update (1.23.0 -> 1.23.1) Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - Update to release 1.23.1: * meson: Fix use of install_data() without specifying install_dir * Put WL_DEPRECATED in front of the function declarations * client: Handle proxies with no queue * scanner: extract validator function emission to helper function * scanner: fix validator for bitfields * tests: add enum bitfield test