New Arm Tumbleweed snapshot 20230801 released!
Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20230801 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (23.1.3 -> 23.1.4) Mesa-drivers (23.1.3 -> 23.1.4) MozillaFirefox (115.0.2 -> 115.0.3) apache2-mod_php8 (8.2.7 -> 8.2.8) apparmor bind (9.18.16 -> 9.18.17) cfitsio (4.2.0 -> 4.3.0) crypto-policies (20230420.3d08ae7 -> 20230614.5f3458e) curl (8.1.2 -> 8.2.1) dLeyna elfutils-debuginfod fwupd (1.8.16 -> 1.8.17) gcc13 (13.1.1+git7552 -> 13.1.1+git7597) ghostscript glu (9.0.2 -> 9.0.3) grub2 gstreamer (1.22.4 -> 1.22.5) gstreamer-plugins-bad (1.22.4 -> 1.22.5) gstreamer-plugins-base (1.22.4 -> 1.22.5) gstreamer-plugins-good (1.22.4 -> 1.22.5) gstreamer-plugins-libav (1.22.4 -> 1.22.5) gstreamer-plugins-rs (0.10.9 -> 0.10.11) gstreamer-plugins-ugly (1.22.4 -> 1.22.5) gupnp hidapi (0.13.1 -> 0.14.0) hwinfo (23.1 -> 23.2) iio-sensor-proxy (3.4 -> 3.5) ipmitool (1.8.19.0.g19d7878 -> 1.8.19.13.gbe11d94) java-11-openjdk (11.0.19.0 -> 11.0.20.0) kdeconnect-kde kdump (1.9.3 -> 1.9.5) kernel-firmware (20230707 -> 20230724) kernel-source (6.4.3 -> 6.4.6) kmod lensfun (0.3.3 -> 0.3.4) lftp libapparmor libarchive (3.6.2 -> 3.7.0) libgexiv2 (0.14.1 -> 0.14.2) libnvme libqb (2.0.7+20230607.06c8641 -> 2.0.8+20230721.002171b) libqt5-qtwebengine librsvg (2.56.1 -> 2.56.3) libshumate (1.0.4 -> 1.0.5) libva (2.18.0 -> 2.19.0) libva-gl (2.18.0 -> 2.19.0) libvirt libxcrypt (4.4.35 -> 4.4.36) libzypp (17.31.15 -> 17.31.17) lilv man mdadm miniupnpc (2.2.4 -> 2.2.5) mozilla-nss ncurses (6.4.20230701 -> 6.4.20230715) netcontrol nftables (1.0.7 -> 1.0.8) nghttp2 (1.54.0 -> 1.55.1) openssh (9.3p1 -> 9.3p2) openssh-askpass-gnome (9.3p1 -> 9.3p2) openssl-1_1 openssl-3 ovmf (202302 -> 202305) perl-File-Listing (6.15 -> 6.160.0) perl-XML-LibXML (2.0208 -> 2.0209) perl-libwww-perl (6.71 -> 6.720.0) php8 (8.2.7 -> 8.2.8) pipewire (0.3.74 -> 0.3.76) publicsuffix (20230709 -> 20230717) python-SQLAlchemy (2.0.16 -> 2.0.19) python-mysqlclient python-py python-pycairo (1.23.0 -> 1.24.0) python-pygit2 (1.11.1 -> 1.12.2) python-reportlab python-rich python-urllib3 (2.0.3 -> 2.0.4) python-zope.event python-zope.hookable python-zope.i18nmessageid qalculate (4.6.1 -> 4.7.0) qca-qt5 (2.3.6 -> 2.3.7) qemu qt6-base (6.5.1 -> 6.5.2) qt6-declarative (6.5.1 -> 6.5.2) qt6-imageformats (6.5.1 -> 6.5.2) qt6-translations (6.5.1 -> 6.5.2) qt6-wayland (6.5.1 -> 6.5.2) raspberrypi-firmware-dt rdma-core (45.0 -> 47.0) re2-10 rsync rubygem-rack-2.2 (2.2.7 -> 2.2.8) samba (4.18.3+git.303.c08b73d523c -> 4.18.5+git.313.c8e274c7852) sdbootutil (1+git20230717.dac075e -> 1+git20230727.a0e666f) selinux-policy (20230622 -> 20230728) shotwell (0.32.1 -> 0.32.2) sudo (1.9.13p3 -> 1.9.14p1) systemd sysuser-tools (3.1 -> 3.2) tar texlive-specs-n (2023.201.2.005svn65956 -> 2023.209.2.005svn65956) tpm2-0-tss update-alternatives (1.21.8 -> 1.21.22) util-linux (2.39 -> 2.39.1) util-linux-systemd (2.39 -> 2.39.1) vala-panel-appmenu vlc webkit2gtk3 (2.40.3 -> 2.40.4) webkit2gtk3-soup2 (2.40.3 -> 2.40.4) wireless-regdb (20230601 -> 20230721) xfsprogs (6.3.0 -> 6.4.0) yast2-firstboot (4.6.0 -> 4.6.1) yast2-trans (84.87.20230714.966688ddd0 -> 84.87.20230729.64eca7e0a1) yast2-users (4.6.2 -> 4.6.4) zlib-ng-compat zypper (1.14.61 -> 1.14.62) === Details === ==== Mesa ==== Version update (23.1.3 -> 23.1.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1 - Update to bugfix release 23.1.4 - -> https://docs.mesa3d.org/relnotes/23.1.4.html - supersedes u_fix-glx-context-opengl-4.5.patch ==== Mesa-drivers ==== Version update (23.1.3 -> 23.1.4) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 23.1.4 - -> https://docs.mesa3d.org/relnotes/23.1.4.html - supersedes u_fix-glx-context-opengl-4.5.patch ==== MozillaFirefox ==== Version update (115.0.2 -> 115.0.3) - Mozilla Firefox 115.0.3 * fixes for other platforms - remove bashisms from firefox startup script (boo#1213657) ==== apache2-mod_php8 ==== Version update (8.2.7 -> 8.2.8) - version update to 8.2.8 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.8 - modified patches % php-sort-filelist-phar.patch (refreshed) ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - Add pam_apparmor README, referenced from online cha-apparmor-pam.html documentation (bsc#1213472) ==== bind ==== Version update (9.18.16 -> 9.18.17) Subpackages: bind-doc bind-utils - Update to release 9.18.17 Feature Changes: * If a response from an authoritative server has its RCODE set to FORMERR and contains an echoed EDNS COOKIE option that was present in the query, named now retries sending the query to the same server without an EDNS COOKIE option. * The relaxed QNAME minimization mode now uses NS records. This reduces the number of queries named makes when resolving, as it allows the non-existence of NS RRsets at non-referral nodes to be cached in addition to the normally cached referrals. Bug Fixes: * The ability to read HMAC-MD5 key files, which was accidentally lost in BIND 9.18.8, has been restored. * Several minor stability issues with the catalog zone implementation have been fixed. ==== cfitsio ==== Version update (4.2.0 -> 4.3.0) - Update to version 4.3.0: * Bug fix to fits_make_hist[d] that was introduced in 4.2.0. * Added overflow checking for case of reading images with 8-byte float values into 4-byte float arrays. * fits_write_key_longstr now handles case of writing a long keyword in combination with a long keyword value string. * Add conversion of French locale comma-to-period in corner cases appearing in ffr2e and ffd2e functions. * Increased the precision when writing version number to User-Agent strings for http connections. This is needed to fully conform to 3-field version string format. * Bug fix to GTIOVERLAP() calculator function, which was being treated as a boolean value in expressions, and is now correctly treated as a floating point result. * Bug fix to ARRAY() calculator function, which caused a memory overflow error * Enhancement to the ARRAY function, such that ARRAY(V,d) can apply new dimensions to V, as long as the total number of array/vector elements does not change. * Enhancement of long string keyword read/write functions to fully conform with FITS standard specifications for multi-line value and comment strings. Two new functions have been added to implement this: fits_get_key_com_strlen and fits_read_string_key_com. - Make doc package noarch. ==== crypto-policies ==== Version update (20230420.3d08ae7 -> 20230614.5f3458e) Subpackages: crypto-policies-scripts - BSI.pol: Added a new BSI policy for BSI TR 02102* (jsc#PED-4933) derived from NEXT.pol - Update to version 20230614.5f3458e: * policies: impose old OpenSSL groups order for all back-ends * Rebase patches: - crypto-policies-revert-rh-allow-sha1-signatures.patch - crypto-policies-supported.patch ==== curl ==== Version update (8.1.2 -> 8.2.1) Subpackages: libcurl4 - Update to 8.2.1: * Bugfixes: - cfilters: rename close/connect functions to avoid clashes - ciphers.d: put URL in first column - cmake: add 'libcurlu'/'libcurltool' for unit tests - cmake: update ngtcp2 detection - configure: check for nghttp2_session_get_stream_local_window_size - docs: mark two TLS options for TLS, not SSL - docs: provide more see also for cipher options - hostip: return IPv6 first for localhost resolves - http2: fix regression on upload EOF handling - http: VLH, very large header test and fixes - libcurl-errors.3: add CURLUE_OK - os400: correct EXPECTED_STRING_LASTZEROTERMINATED - quiche: fix lookup of transfer at multi - quiche: fix segfault and other things - rustls: update rustls-ffi 0.10.0 - socks: print ipv6 address within brackets - src/mkhelp: strip off escape sequences - tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T - transfer: do not clear the credentials on redirect to absolute URL - unittest: remove unneeded *_LDADD - websocket: rename arguments/variables to match docs - Update to 8.2.0 [bsc#1213237, CVE-2023-32001] * Security fix: - CVE-2023-32001: fopen race condition * Changes: - curl: add --ca-native and --proxy-ca-native - curl: add --trace-ids - CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS - haproxy: add --haproxy-clientip flag to set client IPs - lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID * Bugfixes: - cf-socket: don't bypass fclosesocket callback if cancelled before connect - cf-socket: skip getpeername()/getsockname for TFTP - curl: count uploaded data to stop at the originally given size - curl: return error when asked to use an unsupported HTTP version - http2: fix crash in handling stream weights - http2: send HEADER & DATA together if possible - http3/ngtcp2: upload EAGAIN handling - http: rectify the outgoing Cookie: header field size check - hyper: fix EOF handling on input - imap: Provide method to disable SASL if it is advertised - libssh2: provide error message when setting host key type fails - libssh2: use custom memory functions - ngtcp2: assigning timeout, but value is overwritten before used - quiche: avoid NULL deref in debug logging - sectransp: fix EOF handling - system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles - timeval: use CLOCK_MONOTONIC_RAW if available - tls13-ciphers.d: include Schannel - tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION` - tool_operate: allow cookie lines up to 8200 bytes - tool_parsecfg: accept line lengths up to 10M - tool_writeout_json: fix encoding of control characters - transfer: clear credentials when redirecting to absolute URL - urlapi: have *set(PATH) prepend a slash if one is missing - urlapi: scheme must start with alpha - vtls: avoid memory leak if sha256 call fails - websocket-cb: example doing WebSocket download using callback - ws: make the curl_ws_meta() return pointer a const ==== dLeyna ==== - Add 61d24fdc.patch: Fix typos for meson 1.2 compatibility. ==== elfutils-debuginfod ==== Subpackages: debuginfod-profile libdebuginfod1 - Replace libdebuginfo1 sub-package's debuginfod-profile Recommends with config(debuginfod-profile) Requires, but on the debuginfod-\ client sub-package, instead. And add binutils, bpftrace-tools, elfutils, gdb, perf, systemd-coredump, and valgrind Supplements to debuginfod-client sub-package. This should make installation of debuginfod-client more consistent, along with debuginfod-\ profile, with software/packages that have debuginfod support. ==== fwupd ==== Version update (1.8.16 -> 1.8.17) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.8.17: + Correctly obtain the Thunderbolt is_native controller attribute. + Fix a Wacom emulation failure on s390x. + Only allow --force on security attributes for unsupported builds. + Reduce the amount of RSS by ~12% at startup. ==== gcc13 ==== Version update (13.1.1+git7552 -> 13.1.1+git7597) Subpackages: cpp13 libasan8 libatomic1 libgcc_s1 libgccjit0 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-devel-gcc13 libstdc++6-locale libstdc++6-pp libtsan2 libubsan1 - Bump to 9aac37ab8a7b919a89c6d64bc7107a8436996e93, git7597 * GCC 13.2 RC1 - Add rpmlint filter for SLE12 complaining about invalid licenses. - Also handle -static-pie in the default-PIE specs ==== ghostscript ==== Subpackages: ghostscript-x11 - CVE-2023-38559.patch fixes CVE-2023-38559 "out of bounds read devn_pcx_write_rle() could result in DoS" see bsc#1213637 and https://bugs.ghostscript.com/show_bug.cgi?id=706897 which is in base/gdevdevn.c the same issue "ordering in if expression to avoid out-of-bounds access" as the already fixed CVE-2020-16305 in devices/gdevpcx.c see https://bugs.ghostscript.com/show_bug.cgi?id=701819 ==== glu ==== Version update (9.0.2 -> 9.0.3) - Update to version 9.0.3 * drop autotools * apple: Fix compatibility version and current version of meson build to be compatible with autotools build * pkgconfig: Depend on opengl when built with libglvnd * pkgconfig: Drop unneeded lines from autotools build * pkgconfig: meson build should match autotools requires * Remove deprecated register in C++17 - switch to meson build ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix error message "unknown command tpm_record_pcrs" with encrypted boot and no tpm device present (bsc#1213547) * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch ==== gstreamer ==== Version update (1.22.4 -> 1.22.5) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.22.5: + Highlighted bugfixes: - Security fixes for the RealMedia demuxer - vaapi decoders, postproc: Disable DMAbuf from caps negotiation to fix garbled video in some cases - decodebin3, playbin3, parsebin fixes, especially for stream reconfiguration - hlsdemux2: fix early seeking; don't pass referer when updating playlists; webvtt fixes - gtk: Fix critical caused by pointer movement when stream is getting ready - qt6: Set sampler filtering method, fixes bad quality with qml6glsink and gstqt6d3d11 - v4l2src: handle resolution change when buffers are copied - videoflip: update orientation tag in auto mode - video timecode: Add support for framerates lower than 1fps and accept 119.88 (120/1.001) fps - webrtcsink: fixes for x264enc and NVIDIA encoders - cerbero: Pull ninja from system if possible, avoid spurious bootstrap of cmake - packages: Recipe updates for ffmpeg, libsoup, orc - various bug fixes, memory leak fixes, and other stability and reliability improvements + gstreamer: - taglist, plugins: fix compiler warnings with GLib >= 2.76 - tracerutils: allow casting parameter types - inputselector: fix playing variable is never set - Rebase patch. ==== gstreamer-plugins-bad ==== Version update (1.22.4 -> 1.22.5) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.22.5: + d3d11bufferpool: Fix heavy CPU usage in case of fixed-size pool + jpegparser: jpegdecoder: Don't pollute bus and comply with spec + plugins: fix compiler warnings with GLib >= 2.76 + webrtcbin: Prevent critical warning when creating an additional data channel + webrtcstats: Properly report IceCandidate type - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-base ==== Version update (1.22.4 -> 1.22.5) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.22.5: + appsink: add missing make_writable call + audioaggregator: Do not post message before being constructed + decodebin3: - Prevent a critical warning when reassigning output slots - Fix slot input linking when the associated stream has changed - Remove spurious input locking during parsebin reconfiguration + urisourcebin: Set source element to READY before querying it + gl/viv-fb: meson build updates + plugins: fix compiler warnings with GLib >= 2.76 + subtitleoverlay: fix mutex error if sink caps is not video + video: - timecode: Add support for framerates lower than 1fps - accept timecode of 119.88 (120/1.001) FPS - cannot attach time code meta when frame rate is 119.88 (120000/1001) + videodecoder: fix copying buffer metas - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-good ==== Version update (1.22.4 -> 1.22.5) Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-qtqml - Update to version 1.22.5: + adaptivedemux2: Fix early seeking + hlsdemux2: - Ensure processed webvtt ends with empty new line - Don't set a referer when updating playlists + matroska: demux: Strip signal byte when encrypted + rtspsrc: Fix crash when is-live=false + gtk: Fix critical caused by pointer movement when stream is getting ready + qt6: Set sampler filtering method, fixes bad quality with qml6glsink and gstqt6d3d11 + qtdemux: opus: set entry as sampled + v4l2src: handle resolution change when buffers are copied + v4l2videodec: - Fix handling of initial gaps - correctly register v4l2mpeg2dec - replace custom QUERY_CAPS handling with getcaps callback + videoflip: - update orientation tag in auto mode - fix critical when tag list is not writable - Rebase reduce-required-meson.patch. - Pass qt-egl=disabled to meson, we are not ready for this feature yet. ==== gstreamer-plugins-libav ==== Version update (1.22.4 -> 1.22.5) - Update to version 1.22.5: + No changes - Rebase reduce-required-meson.patch. ==== gstreamer-plugins-rs ==== Version update (0.10.9 -> 0.10.11) - Update to version 0.10.11: + fallbackswitch: - Change the threshold for trailing buffers - Fix pad health calculation and notifies + fmp4mux: Fix draining in chunk mode if keyframes are too late + webrtcsink: - fix pipeline when input caps contain max-framerate - Configure only 4 threads for x264enc - Translate force-keyunit events to force-IDR action signal for NVIDIA encoders - Set config-interval=-1 and aggregate-mode=zero-latency on rtph264pay and rtph265pay - Set VP8/VP9 payloader based on payloader element factory name - Update to version 0.10.10: + webrtcsink: - Avoid panic on unprepare from an async tokio context - Use correct property types for nvvideoconvert + webrtc/signalling: fix race condition in message ordering + livesync: - Wait for the end timestamp of the previous buffer before looking at queue - Improve EOS handling + videofx: Minimize dependencies of the image crate + togglerecord: - Clip segment before calculating timestamp/duration - Error out if main stream buffer has no valid running time ==== gstreamer-plugins-ugly ==== Version update (1.22.4 -> 1.22.5) - Update to version 1.22.5: + rmdemux: add some integer overflow checks - Rebase reduce-required-meson.patch. ==== gupnp ==== - Add upstream patches to fix build with meson 1.2.0: + a10c57bd.patch: Add missing "s" to wrap file syntax. + 884639bd.patch: properly spell [provide] in *.wrap files. ==== hidapi ==== Version update (0.13.1 -> 0.14.0) - update to 0.14.0: * general: add `hid_get_report_descriptor` API function (#451) * libusb: fix crash in hid_enumerate() caused by a stale device handle (#526) * fixes (mostly error handling) of issues found by Coverity Scan (#552/#554/#555/#559/#560/#561) * various fixes and improvements ==== hwinfo ==== Version update (23.1 -> 23.2) Subpackages: libhd23 - merge gh#openSUSE/hwinfo#128 - Add support for loongarch cpu - 23.2 ==== iio-sensor-proxy ==== Version update (3.4 -> 3.5) - Update to version 3.5: * Fix sensor hotplugging * Fix some sensors not working when they were assigned a sampling frequency they did not support. * Add more tests. * Correct the location of the D-Bus policy file. ==== ipmitool ==== Version update (1.8.19.0.g19d7878 -> 1.8.19.13.gbe11d94) - Fix: ipmitool duplicates the timestamp (bsc#1213390) A Fix-time-format-for-sel-list-v.patch - Remove: Make-IANA-PEN-download-configurable (is mainline) D 0006-Make-IANA-PEN-download-configurable-fix-uninitalized.patch - Update to version 1.8.19.13.gbe11d94: * configure.ac: allow disabling registry downloads * lan: channel: Fix set alert on/off * make: use correct docdir variable provided by autotools * Do not require the IANA PEN registry file * configure.ac: fix readline static build * Update github actions for modern OSes * Update macos target name in github actions * delloem: Fix the unalign bug in arm64 * lanplus: Realloc the msg if the payload_length gets updated * fru print: Add area checksum verification * fru: Add decoder for multirec system mgmt records * Fix enterprise-numbers URL * Update issue templates ==== java-11-openjdk ==== Version update (11.0.19.0 -> 11.0.20.0) Subpackages: java-11-openjdk-headless - Upgrade to upstream tag jdk-11.0.20+8 (July 2023 CPU) * CVEs + CVE-2023-22006, bsc#1213473 + CVE-2023-22036, bsc#1213474 + CVE-2023-22041, bsc#1213475 + CVE-2023-22044, bsc#1213479 + CVE-2023-22045, bsc#1213481 + CVE-2023-22049, bsc#1213482 + CVE-2023-25193, bsc#1207922 * Security fixes + JDK-8298676: Enhanced Look and Feel + JDK-8300285: Enhance TLS data handling + JDK-8300596: Enhance Jar Signature validation + JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1 + JDK-8302475: Enhance HTTP client file downloading + JDK-8302483: Enhance ZIP performance + JDK-8303376: Better launching of JDI + JDK-8304468: Better array usages + JDK-8305312: Enhanced path handling + JDK-8308682: Enhance AES performance * Other changes + JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with Stream closed + JDK-8178806: Better exception logging in crypto code + JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed out + JDK-8209167: Use CLDR's time zone mappings for Windows + JDK-8209546: Make sun/security/tools/keytool/autotest.sh to support macosx + JDK-8209880: tzdb.dat is not reproducibly built + JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails + JDK-8214459: NSS source should be removed + JDK-8214807: Improve handling of very old class files + JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from tests + JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded()) failed: must be at least loaded + JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle + JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError + JDK-8232853: AuthenticationFilter.Cache::remove may throw ConcurrentModificationException + JDK-8243936: NonWriteable system properties are actually writeable + JDK-8246383: NullPointerException in JceSecurity.getVerificationResult when using Entrust provider + JDK-8248701: On Windows generated modules-deps.gmk can contain backslash-r (CR) characters + JDK-8257856: Make ClassFileVersionsTest.java robust to JDK version updates + JDK-8259530: Generated docs contain MIT/GPL-licenced works without reproducing the licence + JDK-8263420: Incorrect function name in NSAccessibilityStaticText native peer implementation + JDK-8264290: Create implementation for NSAccessibilityComponentGroup protocol peer + JDK-8264304: Create implementation for NSAccessibilityToolbar protocol peer + JDK-8265486: ProblemList javax/sound/midi/Sequencer/ /Recording.java on macosx-aarch64 + JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped + JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with no controlling input? + JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile + JDK-8275233: Incorrect line number reported in exception stack trace thrown from a lambda expression + JDK-8275721: Name of UTC timezone in a locale changes depending on previous code + JDK-8275735: [linux] Remove deprecated Metrics api (kernel memory limit) + JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary + JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java - add 4357905 + JDK-8278434: timeouts in test java/time/test/java/time/format/ /TestZoneTextPrinterParser.java + JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption + JDK-8282077: PKCS11 provider C_sign() impl should handle CKR_BUFFER_TOO_SMALL error + JDK-8282201: Consider removal of expiry check in VerifyCACerts.java test + JDK-8282467: add extra diagnostics for JDK-8268184 + JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary + JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 + JDK-8285497: Add system property for Java SE specification maintenance version + JDK-8286398: Address possibly lossy conversions in jdk.internal.le + JDK-8287007: [cgroups] Consistently use stringStream throughout parsing code + JDK-8287246: DSAKeyValue should check for missing params instead of relying on KeyFactory provider + JDK-8287876: The recently de-problemlisted TestTitledBorderLeak test is unstable ... changelog too long, skipping 104 lines ... + regenerate to changed context ==== kdeconnect-kde ==== Subpackages: kdeconnect-kde-zsh-completion - Require kirigami-addons: used in app/qml/Settings.qml ==== kdump ==== Version update (1.9.3 -> 1.9.5) upgrade to version 1.9.5 * SELinux: temporary hack for bsc#1213721 - upgrade to version 1.9.4 * fix FADUMP initramfs when not created by mkdumprd * FADUMP: let dracut de-duplicate initrd by preserving modification times * mkdumprd: only regenerate FADUMP initrds when needed * mkdumprd: exit when destination not writable (transactional updates) * mkdumprd: don't call update-bootloader ==== kernel-firmware ==== Version update (20230707 -> 20230724) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20230724 (git commit 59fbffa9ec8e): * amdgpu: update VCN 4.0.0 firmware * amdgpu: add initial SMU 13.0.10 firmware * amdgpu: add initial SDMA 6.0.3 firmware * amdgpu: add initial PSP 13.0.10 firmware * amdgpu: add initial GC 11.0.3 firmware * linux-firmware: Update AMD fam17h cpu microcode * linux-firmware: Update AMD cpu microcode * amdgpu: update green sardine VCN firmware * amdgpu: update renoir VCN firmware * amdgpu: update raven VCN firmware * amdgpu: update raven2 VCN firmware * amdgpu: update Picasso VCN firmware * amdgpu: update DMCUB to v0.0.175.0 for various AMDGPU ASICs * Updated NXP SR150 UWB firmware * wfx: update to firmware 3.16.1 * mediatek: Update mt8195 SCP firmware to support 10bit mode * i915: update DG2 GuC to v70.8.0 * i915: update to GuC 70.8.0 and HuC 8.5.1 for MTL * cirrus: Add CS35L41 firmware for ASUS ROG 2023 Models ==== kernel-source ==== Version update (6.4.3 -> 6.4.6) Subpackages: kernel-64kb kernel-default - Update patches.kernel.org/6.4.6-002-x86-cpu-amd-Add-a-Zenbleed-fix.patch (bsc#1012628 bsc#1213286 CVE-2023-20593). Add references. - commit 55520bc - Linux 6.4.6 (bsc#1012628). - x86/cpu/amd: Add a Zenbleed fix (bsc#1012628). - x86/cpu/amd: Move the errata checking functionality up (bsc#1012628). - commit cd14b53 - Update config files. (bsc#1213592) Disable old unmaintained serial drivers - commit ac1bf5a - io_uring: Fix io_uring mmap() by using architecture-provided get_unmapped_area() (bsc#1212773). - Delete patches.suse/Revert-io_uring-Adjust-mapping-wrt-architecture-alia.patch. Replace the temporary fix by an upstream fix. - commit 2f220f8 - Refresh patches.suse/of-Preserve-of-display-device-name-for-compatibility.patch. Update upstream status. - commit 8817ac3 - Linux 6.4.5 (bsc#1012628). - security/integrity: fix pointer to ESL data and its size on pseries (bsc#1012628). - HID: input: fix mapping for camera access keys (bsc#1012628). - HID: amd_sfh: Rename the float32 variable (bsc#1012628). - HID: amd_sfh: Fix for shift-out-of-bounds (bsc#1012628). - net: lan743x: Don't sleep in atomic context (bsc#1012628). - net: lan743x: select FIXED_PHY (bsc#1012628). - ksmbd: add missing compound request handing in some commands (bsc#1012628). - ksmbd: fix out of bounds read in smb2_sess_setup (bsc#1012628). - drm/panel: simple: Add connector_type for innolux_at043tn24 (bsc#1012628). - drm: bridge: dw_hdmi: fix connector access for scdc (bsc#1012628). - drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (bsc#1012628). - swiotlb: always set the number of areas before allocating the pool (bsc#1012628). - swiotlb: reduce the number of areas to match actual memory pool size (bsc#1012628). - drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (bsc#1012628). - xen/virtio: Fix NULL deref when a bridge of PCI root bus has no parent (bsc#1012628). - netfilter: nf_tables: report use refcount overflow (bsc#1012628). - netfilter: conntrack: don't fold port numbers into addresses before hashing (bsc#1012628). - ice: Fix max_rate check while configuring TX rate limits (bsc#1012628). - ice: Fix tx queue rate limit when TCs are configured (bsc#1012628). - igc: Add condition for qbv_config_change_errors counter (bsc#1012628). - igc: Remove delay during TX ring configuration (bsc#1012628). - igc: Add igc_xdp_buff wrapper for xdp_buff in driver (bsc#1012628). - igc: Add XDP hints kfuncs for RX hash (bsc#1012628). - igc: Fix TX Hang issue when QBV Gate is closed (bsc#1012628). - net/mlx5e: fix double free in mlx5e_destroy_flow_table (bsc#1012628). - net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (bsc#1012628). - net/mlx5e: fix memory leak in mlx5e_ptp_open (bsc#1012628). - net/mlx5e: RX, Fix flush and close release flow of regular rq for legacy rq (bsc#1012628). - net/mlx5: Register a unique thermal zone per device (bsc#1012628). - net/mlx5e: Check for NOT_READY flag state after locking (bsc#1012628). - net/mlx5e: TC, CT: Offload ct clear only once (bsc#1012628). - net/mlx5: Query hca_cap_2 only when supported (bsc#1012628). - net/mlx5e: RX, Fix page_pool page fragment tracking for XDP (bsc#1012628). - igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (bsc#1012628). - igc: Include the length/type field and VLAN tag in queueMaxSDU (bsc#1012628). - igc: Handle PPS start time programming for past time values (bsc#1012628). - blk-crypto: use dynamic lock class for blk_crypto_profile::lock (bsc#1012628). - scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1012628). - scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER (bsc#1012628). - bpf: Fix max stack depth check for async callbacks (bsc#1012628). - net: mvneta: fix txq_map in case of txq_number==1 (bsc#1012628). - net: dsa: felix: make vsc9959_tas_guard_bands_update() visible to ocelot->ops (bsc#1012628). - net: mscc: ocelot: fix oversize frame dropping for preemptible TCs (bsc#1012628). - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (bsc#1012628). ... changelog too long, skipping 1825 lines ... - commit f6ca0bc ==== kmod ==== Subpackages: kmod-bash-completion libkmod2 - Use pkgconfig for kmod configuration. * Delete kmod-Add-config-command-to-show-compile-time-configu.patch * Add kmod-Add-pkgconfig-file-with-kmod-compile-time-confi.patch, Provide-fallback-for-successfully-running-make-modules_install.patch compat-module_directory-module_prefix.patch. - Refresh usr-lib-modprobe.patch, usr-lib-modules.patch. - Add configure-Detect-openssl-sm3-support.patch to fix build with older openssl without SM3 support. ==== lensfun ==== Version update (0.3.3 -> 0.3.4) Subpackages: lensfun-data liblensfun1 - Update to 0.3.4 Check https://github.com/lensfun/lensfun/releases/tag/v0.3.4 for the list of new cameras and lenses supported. * Port apps/setup.py from Python distutils * CMake: Numerous backports from master ==== lftp ==== - The lftp_wrapper script has been deprecated over 1.5 years ago. It's time to remove it from the package. [jsc#SLE-17861] - Dropped patches: * 0004-Include-config.h-to-detect-gnulib-macros.patch * add-deprecation-warning-to-lftp-wrapper.patch - Refreshed patches: * 0002-Add-content-of-lftp-compat-addfiles.patch.patch * 0005-Add-the-wrapper-code-to-the-Makefile-in-order-to-bui.patch * lftp-default-ssl-cipher.patch ==== libapparmor ==== - Add pam_apparmor README, referenced from online cha-apparmor-pam.html documentation (bsc#1213472) ==== libarchive ==== Version update (3.6.2 -> 3.7.0) - update to 3.7.0 * bsdunzip port from FreeBSD * fix 2 year 2038 issues ==== libgexiv2 ==== Version update (0.14.1 -> 0.14.2) - Update to version 0.14.2: + Make compatible with exiv2 0.28 or later. + Fix double free if creation of meta-data fails. + Fix floating point compare in tests. - Drop patches fixed upstream: + 06adc8fb70cb8c77c0cd364195d8251811106ef8.patch + fix-32bit-compat.patch ==== libnvme ==== Subpackages: libnvme-mi1 libnvme1 - Fix build with meson 1.2.0 ==== libqb ==== Version update (2.0.7+20230607.06c8641 -> 2.0.8+20230721.002171b) - Update to version 2.0.8+20230721.002171b (v2.0.8): - log: fix potential overflow with long log messages (gh#ClusterLabs/libqb#490) ==== libqt5-qtwebengine ==== - build with older re2 on Tumbleweed, the upcoming re2 2023-07-01 breaks qtwebengine ==== librsvg ==== Version update (2.56.1 -> 2.56.3) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.56.3: + This is a security release for bug glgo#GNOME/librsvg#996. - glgo#GNOME/librsvg#996: Fix arbitrary file read when href has special characters. - glgo#GNOME/librsvg#998: Fix cascade for symbol elements being referenced from use elements. ==== libshumate ==== Version update (1.0.4 -> 1.0.5) Subpackages: libshumate-1_0-1 typelib-1_0-Shumate-1_0 - Update to version 1.0.5: + Don't defer frame clock when widget is unrealized. ==== libva ==== Version update (2.18.0 -> 2.19.0) Subpackages: libva-drm2 libva-wayland2 libva-x11-2 libva2 - Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. ==== libva-gl ==== Version update (2.18.0 -> 2.19.0) - Update to 2.19.0: * add: Add mono_chrome to VAEncSequenceParameterBufferAV1 * add: Enable support for license acquisition of multiple protected playbacks * fix: use secure_getenv instead of getenv * trace: Improve and add VA trace log for AV1 encode * trace: Unify va log message, replace va_TracePrint with va_TraceMsg. ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-proxy libvirt-daemon-qemu libvirt-libs - CVE-2023-3750: storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' bsc#1213447 ==== libxcrypt ==== Version update (4.4.35 -> 4.4.36) Subpackages: libcrypt1 libxcrypt-devel - Update to 4.4.36 * Fix left over bits failing with Perl v5.38.0 ==== libzypp ==== Version update (17.31.15 -> 17.31.17) - Fix wrong filesize exceeded dl abort in zyppng::Downloader (bsc#1213673) In some cases when downloading very small files we can run into issues when the URL is protected by credentials. - version 17.31.17 (22) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - NetworkRequestManager: assert cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - version 17.31.16 (22) ==== lilv ==== - Actually package the __pycache__ that appears when building using meson 1.2.0. - Avoid __pycache__ directory with meson 1.2.0 ==== man ==== - Remove harden_man-db.service.patch as already done upstream at the end of the service file man-db.service - Add man-propose-online.patch: if patch was not found locally, propose to read it online, offering a URL where it could possibly be found. ==== mdadm ==== - mdadm.spec: replace transitional %usrmerged macro with regular version check (boo#1206798) ==== miniupnpc ==== Version update (2.2.4 -> 2.2.5) - update to 2.2.5: * GetListOfPortMappings NewStartPort 0 => 1 * CheckPinholeWorking is optional * add 60x errors from UPnP Device Architecture * cmake: install binaries, man pages and external-ip.sh - drop python2 support ==== mozilla-nss ==== Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - Fix file conflict for pp manual page [bsc#1213281] ==== ncurses ==== Version update (6.4.20230701 -> 6.4.20230715) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20230715 + correct wadd_wch_literal() when adding a non-spacing character to a double-width character. + improve manual page for curs_util. + improve manual page for wadd_wch(). - Add ncurses patch 20230708 + add linux+kbs for terminals which imitate xterm's behavior with Linux -TD + modify MinGW driver to return KEY_BACKSPACE when an unmodified VK_BACK virtual key is entered (prompted by patch by Pavel Fedin, Savannah #64292). + disallow using $TERMINFO or $HOME/.terminfo when tic "-o" option is used (report by Sven Joachim, Debian #1040048). - Port the patch ncurses-6.4.dif ==== netcontrol ==== - Fix EOF handling in xml-reader to avoid `virsh iface-*` commands hang on aarch64 (bsc#1213349) [+ 0001-xml-reader-fix-xml_getc-and-xml_ungetc.patch, + 0002-xml-reader-allow-uppercase-for-lt-gt-and-amp-expansi.patch] ==== nftables ==== Version update (1.0.7 -> 1.0.8) Subpackages: libnftables1 python3-nftables - Update to release 1.0.8 * Support for setting meta and ct mark from other fields in rules, e.g. set meta mark to ip dscp header field. * Enhacements for -o/--optimize to deal with NAT statements, to compact masquerade statements. * Support for stateful statements in anonymous maps, such as counters. * Support for resetting stateful expressions in sets, maps and elements, e.g. counters. * broute support to short-circuit bridge logic from the bridge prerouting hook and pass up packets to the local IP stack. * JSON support for table and chain comments. - Added 0001-Revert-py-replace-distutils-with-setuptools.patch ==== nghttp2 ==== Version update (1.54.0 -> 1.55.1) - update to 1.55.1: * Fix memory leak This commit fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback fails with a fatal error. For example, if GOAWAY frame has been received, a HEADERS frame that opens new stream cannot be sent. This issue has already been made public via CVE-2023-35945 by envoyproxy/envoy project. During embargo period, the patch to fix this bug was accidentally submitted to nghttp2/nghttp2 repository [2]. And they decided to disclose CVE early. I was notified just 1.5 hours before disclosure. I had no time to respond. PoC described in [1] is quite simple, but I think it is not enough to trigger this bug. While it is true that receiving GOAWAY prevents a client from opening new stream, and nghttp2 enters error handling branch, in order to cause the memory leak, nghttp2_session_close_stream function must return a fatal error. NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of memory. It is unlikely that a process gets short of memory with this simple PoC scenario unless application does something memory heavy processing. * NGHTTP2_ERR_CALLBACK_FAILURE is returned from application defined callback function (nghttp2_on_stream_close_callback, in this case), which indicates something fatal happened inside a callback, and a connection must be closed immediately without any further action. As nghttp2_on_stream_close_error_callback documentation says, any error code other than 0 or NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal error code. More specifically, it is treated as if NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that envoy returns NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is translated into NGHTTP2_ERR_CALLBACK_FAILURE. https://github.com/envoyproxy/envoy/security/advisories/GHSA- jfxv-29pc-x22r ==== openssh ==== Version update (9.3p1 -> 9.3p2) Subpackages: openssh-clients openssh-common openssh-server - Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408): Security ======== Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team. In addition to removing the main precondition for exploitation, this release removes the ability for remote ssh-agent(1) clients to load PKCS#11 modules by default (see below). Potentially-incompatible changes - ------------------------------- * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behaviour "-Oallow-remote-pkcs11". Note that ssh-agent(8) depends on the SSH client to identify requests that are remote. The OpenSSH >=8.9 ssh(1) client does this, but forwarding access to an agent socket using other tools may circumvent this restriction. ==== openssh-askpass-gnome ==== Version update (9.3p1 -> 9.3p2) - Update to openssh 9.3p2 * No changes for askpass, see main package changelog for details ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Security fix: [bsc#1213487, CVE-2023-3446] * Fix DH_check() excessive time with over sized modulus. * The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch ==== openssl-3 ==== Subpackages: libopenssl3 - Security fix: [bsc#1213487, CVE-2023-3446] * Fix DH_check() excessive time with over sized modulus. * The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch - Security fix: [bsc#1213383, CVE-2023-2975] * AES-SIV implementation ignores empty associated data entries * Add openssl-CVE-2023-2975.patch ==== ovmf ==== Version update (202302 -> 202305) Subpackages: qemu-uefi-aarch64 - Removed the following patches because they are not necessary and they blocked for submit to openSUSE:Factory. (bsc#1205978) ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformAddHobCB.patch ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformGetLowMem.patch ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformReservati.patch ovmf-Revert-OvmfPkg-PlatformInitLib-Add-PlatformScanE820-.patch ovmf-Revert-OvmfPkg-PlatformInitLib-reorder-PlatformQemuU.patch - Add openssl.keyring.README to shim.spec as Source113 to avoid erroe when submit to openSUSE:Factory - Enable support for riscv64 - Update to edk2-stable202305 (bsc#1205588) - Features (https://github.com/tianocore/edk2/releases): Expose IBT/BTI compatible runtime DXE drivers via memory attributes table Update toolchain support MdePkg: Support FDT library Add google mocks support to UnitTestFrameworkPkg GoogleTestLib Platform Redfish Host Interface library for USBNIC [OpenSSL] Update OpenSSL version to version 1.1.1t to include CVE fix Replace pre-standard FUNCTION with C99 func throughout edk2 Implement EFI memory attributes protocol for ARM platforms Add TraceHubLib Support - Patches (git log --oneline --date-order edk2-stable202302..edk2-stable202305): ba91d0292e MdeModulePkg/Core/Pei: set AprioriCount=0 before walking through next FV 5ce29ae84d ArmPkg/ArmMmuLib AARCH64: Add missing ISB after page table update c5cf7f69c9 pip-requirements.txt: Update edk2 pip modules 0abfb0be6c OvmfPkg: RiscVVirt: Add missing SerialPortInitialize to Sec 45da4e3135 MdePkg: add SBI-based SerialPortLib for RISC-V 2900e75511 MdePkg: BaseRiscVSbiLib: make more useful to consumers cafb4f3f36 UefiPayloadPkg: Fix boot shell issue for universal UEFI payload 80bc13db83 Maintainers.txt: Update reviewers and maintainers for FdtLib. d322557712 BaseTools/tools_def: Disable overzealous unused variable warning on Clang e2607d3a78 BaseTools/tools_def: Drop ref to undefined CLANGDWARF_ARM_PREFIX 0b37723186 ShellPkg/UefiShellDebug1CommandsLib: Replace hardcoded SMBIOS strings. 2d4c76f783 MdePkg/IndustryStandard: Add SMBIOS anchor string & length defines. c08a3a96fd MdePkg/IndustryStandard: Add IPMI Interface Capabilities definitions 083b029538 MdePkg: Add new PCDs for IPMI SSIF dea6c7dc2a MdePkg/IndustryStandard: Add definitions for IPMI SSIF 0a0e60caf2 Maintainers.txt: Update reviewers and maintainers for TraceHubDebugLib. 0f0422cedc MdeModulePkg: Add TraceHubDebugSysTLib library 3d50fdc5c6 MdePkg: Add NULL library of TraceHubDebugSysTLib c6bb7d54be MdePkg: Add MipiSysTLib library 782948c1a7 MdePkg: Add mipisyst submodule 6dd64168ed BaseTools/Plugin: Too many execute files cause "cmd too long" failure c6382ba0f2 SecurityPkg: Add missing break in Tpm2TestParms 77f75c7fb8 BaseTools: Update Tests/TestTools.py to allow it to work on Windows b9bbb4ae93 BaseTools: only print the environment once in toolsetup.bat dd246227d6 BaseTools: Update toolsetup.bat to not use BASETOOLS_PYTHON_SOURCE f47415e031 BaseTools: Revert Set the CLANGDWARF OBJCOPY path in tools_def.template 6fb2760dc8 OvmfPkg: drop PlatformBootManagerLibGrub 81dc0d8b4c OvmfPkg/AmdSev: stop using PlatformBootManagerLibGrub 63887e272d OvmfPkg/NvVarsFileLib: disable in case PcdBootRestrictToFirmware is set 41d7832db0 OvmfPkg/PlatformBootManagerLib: add PcdBootRestrictToFirmware e6447d2a08 Remove bashisms from edksetup.sh and BaseTools/BuildEnv 373a95532a BaseTools: Remove the CLANGCC build rule for Hii-Binary-Package.UEFI_HII ecbc394365 BaseTools: Set CLANGDWARF RC path to llvm-objcopy in tools_def.template 11f62f4cc0 BaseTools: Set the CLANGDWARF OBJCOPY path in tools_def.template c6f47e678f BaseTools: Remove BUILDRULEFAMILY from CLANGDWARF in tools_def.template 9165a7e95e CryptoPkg: Delete CLANG35 and CLANG38 build flags; add CLANGDWARF flags e97b9b4e5a MdePkg: Add more HobLib/PeiServicesLib gmock support 25c9d44315 MdeModulePkg: Add more PciHostBridgeLib gmock support bee67e0c14 OvmfPkg: Relax assertion that interrupts do not occur at TPL_HIGH_LEVEL ae0be176a8 OvmfPkg: Clarify invariants for NestedInterruptTplLib 5215cd5baf BaseTools: Update toolsetup.bat and Tests/PythonTest.py to check ver e6de6052a0 edksetup.bat: if toolsetup.bat fails, just exit 11ec5161fa BaseTools: use threading.current_thread in NmakeSubdirs.py db7e6291c0 BaseTools: Remove Python2/Python3 detection from toolset.bat 6eeb58ece3 RedfishPkg: Fix compile issue on Linux 665fca9ee7 RedfishPkg: Add missing newline character a1f6485a9b RedfishPkg: Create RestEx child on selected interface 05762bd2e0 RedfishPkg: Fix condition checking of error status c580e27efc RedfishPkg: Correct variable type to prevent memory corruption d89492456f Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy 8dbf868e02 Add volatile keyword to NvmExpressPei's Passthru CQ 293b97d0c4 Add the volatile keyword to NvmExpressDxe's Passthru CQ 4dea9e4a0e BaseTools/Conf: Add quotes to ADDDEBUGFLAG in tools_def.txt 8e985ac3fd BaseTools/Conf: Align CLANGDWARF and CLANGPDB warning overrides 66494e5324 MdeModulePkg/CapsuleApp: Add EFIAPI to CompareFileNameInAlphabet() eabaeb0613 OvmfPkg: move OvmfTpmDxe.fdf.inc to Include/Fdf 8bca1bb977 OvmfPkg: move OvmfTpmPei.fdf.inc to Include/Fdf b65c0eed6b BaseSynchronizationLib: Fix LoongArch64 synchronization functions 757f502a3b BaseTools/Conf/tools_def.template: Bump VERSION to 3.00 050d6e9434 BaseTools: Delete CLANG38 from tools_def.template 128547b081 BaseTools: Remove CLANG35 toolchain from tools_def.template 4ef4b81c9b BaseTools: As with CLANGDWARF IA32 and X64, use lld for ARM and AARCH64 98edce75fa BaseTools: Add ARM and AARCH64 CLANGDWARF support in tools_def.template 0fc07b1c6a BaseTools/Conf/tools_def.template: Add section for deprecated toolchains 01225075db Add GCC and GCCNOLTO toolchains to tools_def.txt and update packages 66803cafcf BaseTools: Update VS toolchain descriptions in tools_def.txt.template d7c6030a47 BaseTools: Remove EBC (EFI Byte Code) compiler definitions 8b441847e3 BaseTools: Remove unused IPHONE_TOOLS and SOURCERY_CYGWIN_TOOLS defs ba634ce82b edksetup.bat: Remove VS2008-VS2013 remnants c844d86bee MdePkg: Remove VS2008-VS2013 remnants c3ac3301e9 BaseTools: Remove VS2008-VS2013 remnants 0363584ac9 BaseTools: Remove VS2008, 2010, 2012 and 2013 toolchain definitions 94c802e108 MdePkg/BasePeCoffLib: Deal with broken debug directories ff7cb2d7c9 .pytool: Support FDT library. 5d586606c7 MdePkg: Support FDT library. 10416bf46e Tianocore: Support FDT library. d992a05ade Maintainers.txt: Update for IntelFsp2Pkg and IntelFsp2WrapperPkg. ... changelog too long, skipping 312 lines ... issue be fixed. ==== perl-File-Listing ==== Version update (6.15 -> 6.160.0) - updated to 6.16 see /usr/share/doc/packages/perl-File-Listing/Changes 6.16 2023-07-12 15:22:25 -0600 - Support dosftp listings with four-digit years (gh#3, gh#26) ==== perl-XML-LibXML ==== Version update (2.0208 -> 2.0209) - Added versions to 'Provides' lines after fixing a bug in cpanspec - updated to 2.0209 see /usr/share/doc/packages/perl-XML-LibXML/Changes 2.0209 2023-07-15 - t/35huge_mode.t: fix test with libxml2 2.11 - thanks to Dominique Martinet - Add clearer reference to using cloneNode to extract node with namespaces - thanks to Timothy Legge - initialize xmlValidCtxt - thanks to Alexander Bluhm ==== perl-libwww-perl ==== Version update (6.71 -> 6.720.0) - updated to 6.72 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.72 2023-07-17 22:01:19Z - Don't mangle protocol scheme and don't require it to be valid if implementor is already known (GH#436) (mwgamera) ==== php8 ==== Version update (8.2.7 -> 8.2.8) Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.2.8 * This is a bug fix release. * https://www.php.net/ChangeLog-8.php#8.2.8 - modified patches % php-sort-filelist-phar.patch (refreshed) ==== pipewire ==== Version update (0.3.74 -> 0.3.76) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.76: * Highlights - Fix a regression that would cause the MPV pipewire backend to fail because of a spurious thread-loop signal. - Fix a crash when DBus is not found. - ALSA hires timestamps are now disabled by default. - Some more fixes and improvements. * PipeWire - A new option was added to pw-thread-loop to signal when the thread starts. - This is only used in module-rt to avoid regressions in mpv. (#3374) - Fix a compilation problem. - Stream flags now only set the properties when not already set. This fixes a regression with node autoconnect. (#3382) * Tools - pw-cat will now stop when the stream is disconnected. (#2731) - Improve the pw-cat man page, mention that stdin/stdout handling is only on raw data. * modules - module-rt will now not crash when dbus is not available but error out as before. - A new VBAN (vb-audio.com) sender and receiver was added. (#3380) * SPA - Add an option in audioconvert to disable volume updates. (#3361) - ALSA hires timestamps are disabled by default because many drivers seem to give wrong timestamps and cause extra delay. * bluetooth - LE Audio support is now enabled by default when liblc3 is available now that bluez has support for detecting the hardware features. - Add code in the spec file to modify the patch file reduce-meson-dependency.patch (used to build in SLE/Leap) so that we don't need to rebase it manually for every version update. - Use gcc 11 in SLE/Leap since gcc 9 fails to build 0.3.75 with ../spa/include/spa/utils/cleanup.h:52:13: error: dereferencing pointer to incomplete type âDIRâ {aka âstruct __dirstreamâ} 52 | __typeof__(*(ptr)) *_old_value = spa_steal_ptr(ptr); \ - Update to version 0.3.75: * Highlights - Link permissions between nodes are now enforced. This avoids potential portal managed screencast nodes to link to the camera even though it was not assigned permissions to do so by the session manager (boo#1213682). - Libcamera and v4l2 devices now have properties so that duplicates can be filtered out by the session manager. - A bug with draining was fixed where a buffer would be marked EMPTY and would not play when it contained drained samples. - Many fixes and improvements. * PipeWire - Permissions for links between nodes are now enforced. The link will now check that the owner clients of the nodes can see each other before allowing the link. This avoids screensharing clients to accidentally being linked to the camera nodes by the session manager. A side effect is that patchbay tools will no longer be able to link portal managed screencast nodes to the camera, for this we need a new permission for those patchbay clients. - The stream.rules/filter.rules are now evaluated when connecting the stream/filter so that more properties can be matched. - Move some internal events from the context to the nodes to better handle per-node threads in the future. - The thread-loop will now signal when the thread is started. * modules - A timestamp workaround in module-raop was reverted because it does not work in all cases. Instead latency was increased to 1.5 seconds, which also makes the problematic device in question work. - The profiler module was reworked a bit to use the new node realtime events. It should now also handle dynamically added and removed drivers. - The module-rt now does the rtkit calls from a separate thread so that it does not block the main thread. This could cause deadlocks during startup in some cases. * SPA - Atomic operation macros were move from internal pipewire API to public API. - The video-info structure now has a new SPA_VIDEO_FLAG_MODIFIER_FIXATION_REQUIRED flag to instruct the application to fixate the modifiers. This simplifies some logic in applications a lot. - The libcamera and v4l2 nodes now have properties to enumerate the device id they are using. This can be used to match v4l2 devices and libcamera devices and filter out duplicates. - A bug with draining was fixed where a buffer would be marked EMPTY and would not ==== publicsuffix ==== Version update (20230709 -> 20230717) - Update to version 20230717: * Domains are removed `hidora.com`, `users.scale.virtualcloud.com.br`, `clicketcloud.com` (#1598) * Add storipress.app (#1583) ==== python-SQLAlchemy ==== Version update (2.0.16 -> 2.0.19) - update to 2.0.19: * Various bugfixes, see https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.19 ==== python-mysqlclient ==== - Drop sphinx doctrees for reproducible builds ==== python-py ==== - Skip tests failing with pytest 7.4, they don't matter * failure comes from py.core, which has low usage * https://github.com/pytest-dev/py/issues/288 * according to that this code is not used in Tumbleweed anyway ==== python-pycairo ==== Version update (1.23.0 -> 1.24.0) - update to 1.24.0: * Dropped Python 3.7 support * Bumped meson version requirement from 0.53.0 to 0.56.0 * Various cairo dependency updates for the Windows wheel build * Various code cleanups :pr:`306` * Added Python 3.12 Windows wheels ==== python-pygit2 ==== Version update (1.11.1 -> 1.12.2) - Update to version 1.12.2: + Update wheels to bundle libssh2 1.11.0 and OpenSSL 3.0.9. Remove obsolete Remote.save(). - Changes from version 1.12.1: + Fix segfault in signature when encoding is incorrect. + Typing improvements. + Update wheels to libgit2 v1.6.4. - Changes from version 1.12.0: + Upgrade to libgit2 v1.6.3. + Update Linux wheels to bundle OpenSSL 3.0.8. + Downgrade Linux wheels to manylinux2014. + New ConflictCollection.__contains__.1 + New Repository.references.iterator(...). + New favor, flags and file_flags optional arguments for Repository.merge(...). + New keep_all and paths optional arguments for Repository.stash(...). + New Respository.state(). + Improve Repository.write_archive(...) performance. + Sync type annotations. - Drop support-libgit2-1.6.patch: fixed upstream. - Add support-libgit2-1.7.patch: support libgit2 1.7.0. ==== python-reportlab ==== - Add %{?sle15_python_module_pythons} ==== python-rich ==== - %{?sle15_python_module_pythons} mut be at beginning to work. ==== python-urllib3 ==== Version update (2.0.3 -> 2.0.4) - update to 2.0.4: * Added support for union operators to ``HTTPHeaderDict`` * Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`#3078 * Fixed ``urllib3.connection.HTTPConnection`` to raise the ``http.client.connect`` audit event to have the same behavior as the standard library HTTP client * Relied on the standard library for checking hostnames in supported PyPy releases ==== python-zope.event ==== - Drop sphinx doctrees for reproducible builds ==== python-zope.hookable ==== - Drop sphinx doctrees for reproducible builds ==== python-zope.i18nmessageid ==== - Drop sphinx doctrees for reproducible builds ==== qalculate ==== Version update (4.6.1 -> 4.7.0) Subpackages: libqalculate22 qalculate-data - version update to 4.7.0 * Support for custom default angle unit, e.g. turn, arcsec, arcmin * Append default angle unit (instead of always radians) when converting value without unit to angle unit * More consistent addition and removal of angle unit from function arguments * Always interpret ./, .*, and .^ as entrywise operators if user intention is unclear * Change order of operations to place entrywise and ordinary operators on the same precedence level * Add function, kron(), for Kronecker product, and constants for Pauli matrices * Add radius to planets dataset and update other properties * Support replacement of unknown variables within variable values * Fix besselj(0, 0) * Fix incomplete calculation in tan() with try exact approximation * Fix 0/0=0 equality (do not return true) and output of 2/0 (and similar) * Fixes and improvements for newtonsolve() and secantsolve() * Fix segfault when MathStructure is deleted after Calculator, and in destructor of calculated DynamicVariable (called from Calculator destructor) * Do not save mode on exit if "-defaults" command line switch where used (CLI) * Allow multiple actions for keyboard shortcuts (GTK, Qt) * Add toggle precision, and min, max, or min and max decimals to available shortcut and button actions (GTK, Qt) * Add option to exclude units for unformatted ASCII copy (GTK, Qt) * Add optional value to copy result action, allowing expression copy and formatting selection (GTK, Qt) * Fix copy unformatted ASCII when local digit group separator is same as selected decimal separator (GTK, Qt) * Add option to automatically copy result (Qt) * Always set (primary) selection clipboard contents when whole expression is selected or selection is cleared, e.g. after calculation (Qt) * Improve support dark mode and high contrast modes, and change default style to Fusion, on Windows (Qt) * Minor bug fixes and feature enhancements ==== qca-qt5 ==== Version update (2.3.6 -> 2.3.7) Subpackages: libqca-qt5-2 qca-qt5-plugins - Update to 2.3.7 * OpenSSL3: don't quit if legacy provider is unavailable ==== qemu ==== Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-pr-helper qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Fix bsc#1179993, bsc#1181740, bsc#1213001 - Patches added: * hw/ide/piix: properly initialize the BMIBA register * ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) ==== qt6-base ==== Version update (6.5.1 -> 6.5.2) Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-platformtheme-gtk3 - Use a mirror to download sources for all Qt packages. Upstream servers are very slow since a couple weeks. - Update to 6.5.2 * https://www.qt.io/blog/qt-6.5.2-released-1 - Drop patches, merged upstream: * 0001-Schannel-Reject-certificate-not-signed-by-a-configur.patch * 0001-Ssl-Copy-the-on-demand-cert-loading-bool-from-defaul.patch * 0001-tabbar-fix.patch - Add patch: * CVE-2023-38197-qtbase-6.5.diff (boo#1213326, CVE-2023-38197) ==== qt6-declarative ==== Version update (6.5.1 -> 6.5.2) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlModels6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 qt6-declarative-imports - Update to 6.5.2 * https://www.qt.io/blog/qt-6.5.2-released-1 ==== qt6-imageformats ==== Version update (6.5.1 -> 6.5.2) - Update to 6.5.2 * https://www.qt.io/blog/qt-6.5.2-released-1 ==== qt6-translations ==== Version update (6.5.1 -> 6.5.2) - Update to 6.5.2 * https://www.qt.io/blog/qt-6.5.2-released-1 ==== qt6-wayland ==== Version update (6.5.1 -> 6.5.2) Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Update to 6.5.2 * https://www.qt.io/blog/qt-6.5.2-released-1 ==== raspberrypi-firmware-dt ==== - Update 0001-ARM-dts-bcm27xx-Use-better-name-for-spidev.patch description - Use compatible string which is supported by spidev module (bsc#1212791): * 0001-ARM-dts-bcm27xx-Use-better-name-for-spidev.patch ==== rdma-core ==== Version update (45.0 -> 47.0) Subpackages: libefa1 libibverbs libibverbs1 libmana1 libmlx4-1 libmlx5-1 librdmacm1 rdma-ndd - Update to v47.0 - Fixes for all providers ==== re2-10 ==== - legacy lib package forked from re2, for libqt5-qtwebengine ==== rsync ==== - Add support directory to %docdir. Includes some upstream provided scripts such as rrsync. (bsc#1212198) ==== rubygem-rack-2.2 ==== Version update (2.2.7 -> 2.2.8) - update to version 2.2.8 * Limit file extension length of multipart tempfiles (https://github.com/rack/rack/pull/2069) * Fix inefficient assert pattern in Rack::Lint (https://github.com/rack/rack/pull/2101) ==== samba ==== Version update (4.18.3+git.303.c08b73d523c -> 4.18.5+git.313.c8e274c7852) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - Update to 4.18.5 * CVE-2022-2127: lm_resp_len not checked properly in winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174). * CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173). * CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172). * CVE-2023-34968: Spotlight server-side Share Path Disclosure; (bso#15388); (bsc#1213171). * CVE-2023-3347: Samba doesn't require SMB2+ signing if `server signing = mandatory` is set; (bso#15397); (bsc#1213170). * secure channel faulty since Windows 10/11 update 07/2023; (bso#15418); (bsc#1213384). - Update to 4.18.4 * Backport --pidl-developer fixes; (bso#15404). * Named crashes on DLZ zone update; (bso#14030). * smbcacls and smbcquotas do not check // before the server; (bso#2312). * cli_list loops 100% CPU against pre-lanman2 servers; (bso#15382). * smbclient leaks fds with showacls; (bso#15391). * smbd returns NOT_FOUND when creating files on a r/o filesystem; (bso#15402). * NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts; (bso#15355). * net ads lookup (with unspecified realm) fails; (bso#15384). * Register Samba processes with GPFS; (bso#15381). * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390). * The winbind child segfaults when listing users with `winbind scan trusted domains = yes`; (bso#15398). * Remove comments about deprecated 'write cache size'; (bso#15383). * smbget memory leak if failed to download files recursively; (bso#15403). ==== sdbootutil ==== Version update (1+git20230717.dac075e -> 1+git20230727.a0e666f) Subpackages: sdbootutil-snapper - Update to version 1+git20230727.a0e666f: * Set and honor $SYSTEMD_ESP_PATH * rpm-script: don't remove kernel on reinstalls - Update to version 1+git20230726.a994d2e: * Fix installing extra kernels in MicroOS * Replace file triggers with scriptlet * Fix cleanup of rollback files * Don't install unchanged files * Add is-bootable and list-kernels commands * Add ARCHITECTURE.md which explains how the setup works * Add default loader config when installed ==== selinux-policy ==== Version update (20230622 -> 20230728) Subpackages: selinux-policy-targeted - Update to version 20230728: * Allow kdump_t to manage symlinks under kdump_var_lib_t (bsc#1213721) * allow haveged to manage tmpfs directories (bsc#1213594) ==== shotwell ==== Version update (0.32.1 -> 0.32.2) - Update to version 0.32.2: + Fix using wrong data folder when starting profile through browser + Fix sendto in flatpak environment + Support HEIF files with HIF extension + Fix meta-data being written in a loop + Fix detecting false mtime changes + Fix broken aspect ratio of thumbnail when using external editors + Fix critical when exporting file with no exposure date + Fix minor leak in Flickr and Google authenticators + Enable C&P of paths in profile editor + Updated translations. ==== sudo ==== Version update (1.9.13p3 -> 1.9.14p1) Subpackages: sudo-plugin-python - Update to 1.9.14p1: * Fixed an invalid free bug in sudo_logsrvd that was introduced in version 1.9.14 which could cause sudo_logsrvd to crash. * The sudoers plugin no longer tries to send the terminal name to the log server when no terminal is present. This bug was introduced in version 1.9.14. * Fixed a bug where if the "intercept" or "log_subcmds" sudoers option was enabled and a sub-command was run where the first entry of the argument vector didn't match the command being run. This resulted in commands like "sudo su -" being killed due to the mismatch. Bug #1050. * The sudoers plugin now canonicalizes command path names before matching (where possible). This fixes a bug where sudo could execute the wrong path if there are multiple symbolic links with the same target and the same base name in sudoers that a user is allowed to run. GitHub issue #228. * Improved command matching when a chroot is specified in sudoers. The sudoers plugin will now change the root directory id needed before performing command matching. Previously, the root directory was simply prepended to the path that was being processed. * When NETGROUP_BASE is set in the ldap.conf file, sudo will now perform its own netgroup lookups of the host name instead of using the system innetgr(3) function. This guarantees that user and host netgroup lookups are performed using the same LDAP server (or servers). * Fixed a bug introduced in sudo 1.9.13 that resulted in a missing " ; " separator between environment variables and the command in log entries. * The visudo utility now displays a warning when it ignores a file in an include dir such as /etc/sudoers.d. * When running a command in a pseudo-terminal, sudo will initialize the terminal settings even if it is the background process. Previously, sudo only initialized the pseudo-terminal when running in the foreground. This fixes an issue where a program that checks the window size would read the wrong value when sudo was running in the background. * Fixed a bug where only the first two digits of the TSID field being was logged. Bug #1046. * The "log_pty" sudoers option is now enabled by default. To restore the historic behavior where a command is run in the user's terminal, add "Defaults !use_pty" to the sudoers file. GitHub issue #258. * Sudo's "-b" option now works when the command is run in a pseudo-terminal. * When disabling core dumps, sudo now only modifies the soft limit and leaves the hard limit as-is. This avoids problems on Linux when sudo does not have CAP_SYS_RESOURCE, which may be the case when run inside a container. GitHub issue #42. * Sudo configuration file paths have been converted to colon-separated lists of paths. This makes it possible to have configuration files on a read-only file system while still allowing for local modifications in a different (writable) directory. The new - -enable-adminconf configure option can be used to specify a directory that is searched for configuration files in preference to the sysconfdir (which is usually /etc). * The "intercept_verify" sudoers option is now only applied when the "intercept" option is set in sudoers. Previously, it was also applied when "log_subcmds" was enabled. * The NETGROUP_QUERY ldap.conf parameter can now be disabled for LDAP servers that do not support querying the nisNetgroup object by its nisNetgroupTriple attribute, while still allowing sudo to query the LDAP server directly to determine netgroup membership. * Fixed a long-standing bug where a sudoers rule without an explicit runas list allowed the user to run a command as root and any group instead of just one of the groups that root is a member of. For example, a rule such as "myuser ALL = ALL" would permit "sudo -u root -g othergroup" even if root did not belong to "othergroup". * Fixed a bug where a sudoers rule with an explicit runas list allowed a user to run sudo commands as themselves. For example, a rule such as "myuser ALL = (root) ALL", "myuser" should only allow commands to be run as root (optionally using one of root's groups). However, the rule also allowed the user to run "sudo -u myuser -g myuser command". * Fixed a bug that prevented the user from specifying a group on the command line via "sudo -g" if the rule's Runas_Spec contained a Runas_Alias. * Sudo now requires a C compiler that conforms to ISO C99 or higher to build. ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-boot systemd-container systemd-coredump udev - Drop 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch /etc/hostname is supposed to contain the static host name of the system. This patch was used to work around cases where users incorrectly save the FQDN instead. However this is incorrect and not consistent with what systemd-hostnamed does and what other distributions do. Also assuming that /etc/hostname will contain the system host name only removes any ambiguities since the host name can contain a period. /etc/hosts is usually where one sets the domain name by aliasing the host name to the FQDN. Note that the installer used to save the FQDN in /etc/hostname but this has been fixed since several years now (bsc#972463). - systemd-homed is no more considered as experimental It's been moved to its own dedicated sub-package "systemd-homed". - systemd-userdb is no more considered as experimental (jsc#PED-2668) As such it's been moved to the main package. ==== sysuser-tools ==== Version update (3.1 -> 3.2) - Version 3.2 - update sysusers_requires to request sysuser-shadow 3.2 - Use TAB consistently for indention in sysusers2shadow.sh - This pkg needs to follow behavior which is described in sysusers.d(5). Always create a system group of the same name as the system user, even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240) - Add "quilt setup" friendly hint to %sysusers_requires usage It is not required to have sysuser-tools installed when working with a pkg source which uses sysuser-tools at build time. ==== tar ==== Subpackages: tar-rmt - Update tests-skip-time01-on-32bit-time_t.patch to not run test on armv6 either ==== texlive-specs-n ==== Version update (2023.201.2.005svn65956 -> 2023.209.2.005svn65956) - Rework lua(meta)tex/context resource findings - Add requirement in invoice2 for siunitx as shown upstream - Add patch context_shell-escape.dif * Add upstream fix for enabling --socket and --shell-escape - Drop gracht.mp, detcow.mp, and mycow.mp from context.doc as only given with CC-BY-NC-SA-3.0, a non-commercial license ==== tpm2-0-tss ==== Subpackages: libtss2-esys0 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tctildr0 - Require openssl-3 over openssl-1 to assist migration of applications to newer openssl-3. ==== update-alternatives ==== Version update (1.21.8 -> 1.21.22) - openssl.patch: use openssl library for MD5 calculation instead of relying on libmd. libmd is not in Ring0 - require Perl 5.28.1 or later ==== util-linux ==== Version update (2.39 -> 2.39.1) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Re-add 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch because the patch is not in 2.39.1 - Upgrade to version 2.39.1 (bsc#1213328) Various bug fixes including problem with parsing mount options. - Dropped upstreamed patches: 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch 0001-libmount-fix-sync-options-between-context-and-fs-str.patch util-linux-fix-tests-with-64k-pagesize.patch ==== util-linux-systemd ==== Version update (2.39 -> 2.39.1) - Re-add 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch because the patch is not in 2.39.1 - Upgrade to version 2.39.1 (bsc#1213328) Various bug fixes including problem with parsing mount options. - Dropped upstreamed patches: 0001-Revert-libblkid-try-LUKS2-first-when-probing.patch 0001-libmount-fix-sync-options-between-context-and-fs-str.patch util-linux-fix-tests-with-64k-pagesize.patch ==== vala-panel-appmenu ==== Subpackages: appmenu-gtk-module-common appmenu-gtk2-module appmenu-gtk3-module libappmenu-gtk2-parser0 libappmenu-gtk3-parser0 - Fix systemd_user_post macro use. - Spec clean-up. ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - Update specfile to prevent building with libplacebo v6.292.0 or newer ==== webkit2gtk3 ==== Version update (2.40.3 -> 2.40.4) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.40.4: + Fix a bug in JavaScript reading variable arguments in a call. ==== webkit2gtk3-soup2 ==== Version update (2.40.3 -> 2.40.4) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.40.4: + Fix a bug in JavaScript reading variable arguments in a call. ==== wireless-regdb ==== Version update (20230601 -> 20230721) - Update to version 20230721: * wireless-regdb: Update regulatory info for Türkiye (TR) * wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines ==== xfsprogs ==== Version update (6.3.0 -> 6.4.0) Subpackages: libhandle1 - update to 6.4.0: - xfs_db: expose the flag in rmapbt keys - xfs_repair: warn about unwritten bits set in rmap btree keys - xfs_repair: check low keys of rmap btrees - xfs_repair: always perform extended xattr checks on uncertain inodes - xfs_repair: fix messaging when fixing imap due to sparse cluster - xfs_repair: fix messaging in longform_dir2_entry_check_data - xfs_repair: fix messaging when shortform_dir2_junk is called - xfs_repair: don't log inode problems without printing resolution - xfs_repair: don't spray correcting imap all by itself - libxcmd: Fix crash due to missing return value check on add_command() - xfs_db: make the hash command print the dirent hash - xfs_db: Add new cmd to create dirents and xattrs that induce dahash collisions - mkfs: deprecate the ascii-ci feature - xfs_db: fix metadump name obfuscation for ascii-ci filesystems - libxfs: kernel sync ==== yast2-firstboot ==== Version update (4.6.0 -> 4.6.1) - Adapt users client to the changes in yast2-users (related to bsc#1206627). - 4.6.1 - Removed unnecessary executable flag from several files (bsc#1209094) ==== yast2-trans ==== Version update (84.87.20230714.966688ddd0 -> 84.87.20230729.64eca7e0a1) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20230729.64eca7e0a1: * Translated using Weblate (Kurdish) * Translated using Weblate (Czech) - Update to version 84.87.20230720.09601d9b28: * Translated using Weblate (English (United Kingdom)) * Translated using Weblate (English (United Kingdom)) * Translated using Weblate (Russian) ==== yast2-users ==== Version update (4.6.2 -> 4.6.4) - bsc#1211583 - do not pre-fill non-sense user password when going back after importing user - 4.6.4 - Allow to edit the NIS master server databases instead of the local ones, relying on the --prefix argument added to several commands in the "shadow" package (bsc#1206627). - 4.6.3 ==== zlib-ng-compat ==== - Fix build on riscv64 - Build with %{optflags} ==== zypper ==== Version update (1.14.61 -> 1.14.62) Subpackages: zypper-log zypper-needs-restarting - man: revised explanation of --force-resolution (bsc#1213557) Point out that the option not only allows to remove packages but may also violate any other active policy if there is no other way to resolve the job. - Print summary hint if policies were violated due to - -force-resolution (bsc#1213557) - BuildRequires: libzypp-devel >= 17.31.16 (for zypp-tui) - version 1.14.62
participants (1)
-
Guillaume Gardet