New Arm Tumbleweed snapshot 20240223 released!
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20240223
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa (23.3.5 -> 23.3.6)
Mesa-drivers (23.3.5 -> 23.3.6)
MozillaFirefox (122.0 -> 122.0.1)
aaa_base (84.87+git20231023.f347d36 -> 84.87+git20240202.9526d46)
aalib
accountsservice
acl (2.3.1 -> 2.3.2)
acpid
alsa-utils
amarok
apache-commons-logging
apache2-mod_dnssd
apache2-mod_php8 (8.2.15 -> 8.2.16)
apparmor
appstream-glib
argon2
argyllcms
arj
attr (2.5.1 -> 2.5.2)
autofs (5.1.8 -> 5.1.9)
autotrace
autoyast2 (5.0.1 -> 5.0.2)
awesfx
babl (0.1.106 -> 0.1.108)
bc
bind (9.18.21 -> 9.18.24)
binutils (2.41 -> 2.42)
bolt (0.9.6 -> 0.9.7)
boost-base
boost-extra
branding-openSUSE
btrfsprogs (6.7 -> 6.7.1)
busybox-links
curl
dav1d (1.3.0 -> 1.4.0)
dcraw
djvulibre
dnsmasq (2.89 -> 2.90)
dracut (059+suse.549.gc9f63878 -> 059+suse.554.g6144bf71)
e2fsprogs
ebook-tools
ed (1.20 -> 1.20.1)
eekboard
efont-unicode-bitmap-fonts
ell (0.61 -> 0.62)
emacs-flim
epson-inkjet-printer-escpr
espeak
expat (2.5.0 -> 2.6.0)
fde-tools
gcc
gcc14 (13.2.1+git8285 -> 14.0.1+git8957)
gd
gdm
gegl (0.4.46 -> 0.4.48)
git (2.43.0 -> 2.43.2)
gnome-control-center (45.2 -> 45.3)
gnome-maps
gnome-music (45.0 -> 45.1)
gnome-shell
gpgme
gpgmeqt
graphviz
grub2
hdparm
hfsutils
highway (1.0.7 -> 1.1.0)
hp2xx
hplip
hwdata (0.378 -> 0.379)
ibus
intlfonts
iso_ent
jasper (4.2.0 -> 4.2.1)
jfsutils
kColorPicker-Qt5
kernel-firmware (20240201 -> 20240220)
kernel-source (6.7.4 -> 6.7.5)
keyutils
kmozillahelper
kvm_stat (6.7.4 -> 6.7.5)
lastlog2 (1.2.0 -> 1.3.1)
libHX (4.21 -> 4.23)
libadwaita (1.4.2 -> 1.4.3)
libapparmor
libblockdev (3.0.4 -> 3.1.0)
libdbusmenu-qt5
libdecor
libdeflate
libei
libguestfs
libgusb
libjpeg-turbo
libjxl-gtk (0.9.2 -> 0.10.0)
liblangtag (0.6.4 -> 0.6.7)
libnvme (1.7.1+0.g13ba383 -> 1.8+0.gbff7dda)
libpaper (2.1.2 -> 2.1.3)
libphonenumber (8.13.23 -> 8.13.30)
libpng16 (1.6.40 -> 1.6.42)
libqt5-qtbase (5.15.12+kde147 -> 5.15.12+kde151)
libqt5-qtwebengine
libshumate
libstorage-ng (4.5.176 -> 4.5.191)
libunwind (1.7.2 -> 1.8.0)
make
man
mariadb (11.2.2 -> 11.2.3)
mdevctl
mozilla-nss (3.96.1 -> 3.97)
mpg123 (1.32.4 -> 1.32.5)
mtools
multipath-tools (0.9.7+93+suse.e2f2272 -> 0.9.8~1+82+suse.dcd98a3)
musepack
ncurses (6.4.20240120 -> 6.4.20240210)
neon
nodejs21 (21.5.0 -> 21.6.2)
nvidia-open-driver-G06-signed (545.29.06_k6.7.4_1 -> 545.29.06_k6.7.5_1)
nvme-cli (2.7.1 -> 2.8)
obex-data-server
openssl-1_1
openvpn (2.6.8 -> 2.6.9)
orc (0.4.34 -> 0.4.37)
osinfo-db
pam-config (2.10 -> 2.11)
parted
patterns-server
pcr-oracle
pcre2 (10.42 -> 10.43)
perl-Bootloader (1.11 -> 1.12)
php8 (8.2.15 -> 8.2.16)
pipewire
pkcs11-helper (1.29.0 -> 1.30.0)
pkgconf (1.8.0 -> 2.1.1)
poppler (23.12.0 -> 24.02.0)
poppler-qt5 (23.12.0 -> 24.02.0)
potrace
prctl
publicsuffix (20240123 -> 20240212)
pulseaudio
python-cryptography (41.0.7 -> 42.0.4)
python-linux-procfs
python-lxml
python311
python311-core
qalculate (4.8.1 -> 4.9.0)
qemu (8.2.0 -> 8.2.1)
rdma-core
rpm
rpm-config-SUSE (20240118 -> 20240214)
rubygem-vagrant_cloud (3.0.5 -> 3.1.1)
rzip
samba (4.19.4+git.339.acf1ccaa020 -> 4.19.5+git.342.57620c4f7e)
sane-backends
sdbootutil (1+git20240122.c0d8f76 -> 1+git20240215.cb7e392)
sg3_utils (1.48+7.63e63cb -> 1.48+8.37ca384)
shadow (4.14.3 -> 4.14.5)
shared-mime-info
shim
signon-plugin-oauth2
spacenavd
spice-gtk
suseconnect-ng (1.3.0~git0.ae8ba1e -> 1.7.0~git2.21ba08e)
systemd (254.8 -> 254.9)
tecla-keyboard-layout-viewer (45.rc -> 45.0)
thin-provisioning-tools (1.0.10 -> 1.0.11)
tigervnc
tmux (3.3a -> 3.4)
transmission
u-boot-rpiarm64
unison (2.53.3 -> 2.53.4)
unixODBC
unzip
utempter
util-linux
util-linux-systemd
vacation
vde2
vid_stab
vim (9.1.0000 -> 9.1.0111)
virt-manager
virtiofsd
vmaf
vorbis-tools
vpnc
vsftpd
webkit2gtk3
webkit2gtk3-soup2
webrtc-audio-processing
wget
wmctrl
wpa_supplicant
wsdd
xdg-menu
xfce4-notifyd (0.9.3 -> 0.9.4)
xfce4-terminal (1.1.1 -> 1.1.2)
xfsprogs (6.5.0 -> 6.6.0)
xml-commons-apis
xorg-x11-server
xtermset
xwayland
yast2 (5.0.5 -> 5.0.6)
yast2-packager (5.0.2 -> 5.0.4)
yast2-perl-bindings (5.0.0 -> 5.0.1)
yast2-storage-ng (5.0.4 -> 5.0.6)
yast2-trans (84.87.20240210.1383f689ba -> 84.87.20240219.f6e4117fe0)
zchunk
zip
zlib
zvbi
=== Details ===
==== Mesa ====
Version update (23.3.5 -> 23.3.6)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1
- Update to bugfix release 23.3.6
- -> https://docs.mesa3d.org/relnotes/23.3.6.html
==== Mesa-drivers ====
Version update (23.3.5 -> 23.3.6)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva
- Update to bugfix release 23.3.6
- -> https://docs.mesa3d.org/relnotes/23.3.6.html
==== MozillaFirefox ====
Version update (122.0 -> 122.0.1)
- Mozilla Firefox 122.0.1
https://www.mozilla.org/en-US/firefox/122.0.1/releasenotes/
* Fixed the Library and Sidebar context menus only displaying
Multi-Account Containers icons in the "Open in New Container
Tab" menu. (bmo#1876518)
* Fixed an issue when clicking the Dismiss button in
notification pop-ups on Windows causing a webpage in a new tab.
(bmo#1848801)
* Fixed the yaru-remix system theme not applying correctly on
Linux. (bmo#1877002)
* Fixed adding an extra new line to a rule in the Developer
Tools' Inspector when copying it to the clipboard.
(bmo#1876220)
* Rolled back a keyboard behavior change made to the Developer
Tools' Rules view when validating a property name or input with
the Enter key.
This moves the focus to the next input, as was the behavior
in Firefox 121. (bmo#1877457)
==== aaa_base ====
Version update (84.87+git20231023.f347d36 -> 84.87+git20240202.9526d46)
Subpackages: aaa_base-extras
- Update to version 84.87+git20240202.9526d46:
* properly shorten the variable when setting JAVA_HOME and JRE_HOME
* silence output of alljava
* Restrict ptrace with Yama LSM by default
* patch alljava.sh and alljava.csh, use the links from update alternatives
==== aalib ====
- Use %patch -P N instead of deprecated %patchN.
==== accountsservice ====
Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0
- First part to fix build with GCC 14:
+ Inject patched mocklibc-1.0.tar.gz: only some header
modifications to address implicit declaration of print_indent.
+ Add accountsservice-mocklib-gcc14.patch: patch meson'
subproject definition to validate the injected tarball.
==== acl ====
Version update (2.3.1 -> 2.3.2)
Subpackages: libacl1
- Update to version 2.3.2:
+ libobj: declare s_str directly in string_obj_tag.
+ Use thread-safe getpwnam_r and getgrnam_r.
+ setfacl: preserve the failed status when processing multiple
files.
+ man: Document pitfall with negative permissions and user
namespaces.
+ tools: mark long_options static & const.
==== acpid ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== alsa-utils ====
- Use %patch -P N instead of deprecated %patchN.
==== amarok ====
- Remove the taglib-extras dependency, it fails to build with
taglib 2 and will be dropped.
- Add patch to support taglib 2:
* 0001-Use-non-deprecated-TagLib-functions-fix-build-with-T.patch
==== apache-commons-logging ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== apache2-mod_dnssd ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== apache2-mod_php8 ====
Version update (8.2.15 -> 8.2.16)
- version update to 8.2.16
* This is a bug fix release.
- modified patches
% php-build-reproducible-phar.patch (refreshed)
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- Use %patch -P N instead of deprecated %patchN.
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
allow version specific engdef & engines openssl paths (boo#1219571)
==== appstream-glib ====
Subpackages: libappstream-glib8
- Add asglib(swcatalog) provides: allow other packages to declare
that they need swcatalog support.
- Add patch for interoperability with newer AppStream spec (boo#1218427):
* 0001-Move-from-app-info-to-swcatalog-locations.patch
==== argon2 ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== argyllcms ====
- Use %patch -P N instead of deprecated %patchN.
==== arj ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== attr ====
Version update (2.5.1 -> 2.5.2)
Subpackages: libattr1
- update to 2.5.2:
* attr: eliminate a dead store in attr_copy_action()
* libattr: Set symbol versions for legacy syscalls via attribute
or asm
* exports: use LGPL for library code
* documentation updates
* translation updates (Polish, Dutch, Gregorian, French)
* build system updates
==== autofs ====
Version update (5.1.8 -> 5.1.9)
- Use %patch -P N instead of deprecated %patchN.
- update to 5.1.9 (bsc#1219508)
* fix kernel mount status notification.
* fix fedfs build flags.
* fix set open file limit.
* improve descriptor open error reporting.
* fix root offset error handling.
* fix fix root offset error handling.
* fix nonstrict fail handling of last offset mount.
* dont fail on duplicate offset entry tree add.
* fix loop under run in cache_get_offset_parent().
* bailout on rpc systemerror.
* fix nfsv4 only mounts should not use rpcbind.
* simplify cache_add() a little.
* fix use after free in tree_mapent_delete_offset_tree().
* fix memory leak in xdr_exports().
* avoid calling pthread_getspecific() with NULL key_thread_attempt_id.
* fix sysconf(3) return handling.
* remove nonstrict parameter from tree_mapent_umount_offsets().
* fix handling of incorrect return from umount_ent().
* dont use initgroups() at spawn.
* fix bashism in configure.
* musl: fix missing include in hash.h.
* musl: define fallback dummy NSS config path
* musl: avoid internal stat.h definitions.
* musl: add missing include to hash.h for _WORDSIZE.
* musl: add missing include to log.h for pid_t.
* musl: define _SWORD_TYPE.
* add autofs_strerror_r() helper for musl.
* update configure.
* handle innetgr() not present in musl.
* fix missing unlock in sasl_do_kinit_ext_cc().
* fix a couple of null cache locking problems.
* restore gcc flags after autoconf Kerberos 5 check.
* prepare for OpenLDAP SASL binding.
* let OpenLDAP handle SASL binding.
* configure: LDAP function checks ignore implicit declarations.
* improve debug logging of LDAP binds.
* improve debug logging of SASL binds.
* internal SASL logging only in debug log mode.
* more comprehensive verbose logging for LDAP maps.
* fix invalid tsv access.
* support SCRAM for SASL binding.
* ldap_sasl_interactive_bind() needs credentials for auto-detection.
* fix autofs regression due to positive_timeout.
* fix parse module instance mutex naming.
* serialise lookup module open and reinit.
* coverity fix for invalid access.
* fix hosts map deadlock on restart.
* fix deadlock with hosts map reload.
* fix memory leak in update_hosts_mounts().
* fix minus only option handling in concat_options().
* fix incorrect path for is_mounted() in try_remount().
* fix additional tsv invalid access.
* fix use_ignore_mount_option description.
* include addtional log info for mounts.
* fail on empty replicated host name.
* improve handling of ENOENT in sss setautomntent().
* don't immediately call function when waiting.
* define LDAP_DEPRECATED during LDAP configure check.
* fix return status of mount_autofs().
* don't close lookup at umount.
* fix deadlock in lookups.
* dont delay expire.
* make amd mapent search function name clear.
* rename statemachine() to signal_handler().
* make signal handling consistent.
* eliminate last remaining state_pipe usage.
* add function master_find_mapent_by_devid().
* use device id to locate autofs_point when setting log priotity.
* add command pipe handling functions.
* switch to application wide command pipe.
* get rid of unused field submnt_count.
* fix mount tree startup reconnect.
* fix unterminated read in handle_cmd_pipe_fifo_message().
* fix memory leak in sasl_do_kinit()
* fix fix mount tree startup reconnect.
* fix amd selector function matching.
* get rid entry thid field.
* continue expire immediately after submount check.
* eliminate realpath from mount of submount.
* eliminate root param from autofs mount and umount.
* remove redundant fstat from do_mount_direct().
* get rid of strlen call in handle_packet_missing_direct().
* remove redundant stat call in lookup_ghost().
* set mapent dev and ino before adding to index.
* change to use printf functions in amd parser.
* dont call umount_subtree_mounts() on parent at umount.
* dont take parent source lock at mount shutdown.
* fix possible use after free in handle_mounts_exit().
* make submount cleanup the same as top level mounts.
* add soucre parameter to module functions.
* add ioctlfd open helper.
* make open files limit configurable.
* use correct reference for IN6 macro call.
* dont probe interface that cant send packet.
* fix some sss error return cases.
* fix incorrect matching of cached wildcard key.
* fix expire retry looping.
... changelog too long, skipping 18 lines ...
("autofs-5.1.8 - add soucre parameter to module functions")
==== autotrace ====
Subpackages: libautotrace3
- Use %patch -P N instead of deprecated %patchN.
==== autoyast2 ====
Version update (5.0.1 -> 5.0.2)
Subpackages: autoyast2-installation
- Install standard SLES when the AY XML profile selects SLE_HPC,
it has been dropped in SP6 (jsc#PED-7841)
- 5.0.2
- jsc#PED-6407
- enabled lvm_vg_reuse to be used in general/storage/proposal
section
==== awesfx ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== babl ====
Version update (0.1.106 -> 0.1.108)
- disable gi-docgen docs for now
- Update to 0.1.108:
- "double" and "half" support in cli-tool, build fixes.
==== bc ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== bind ====
Version update (9.18.21 -> 9.18.24)
Subpackages: bind-doc bind-utils
- Update to release 9.18.24
Security Fixes:
* Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service
condition. This has been fixed. (CVE-2023-50387)
[bsc#1219823]
* Preparing an NSEC3 closest encloser proof could cause excessiv
CPU load, leading to a denial-of-service condition. This has
been fixed. (CVE-2023-50868)
[bsc#1219826]
* Parsing DNS messages with many different names could cause
excessive CPU load. This has been fixed. (CVE-2023-4408)
[bsc#1219851]
* Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled. This has been
fixed. (CVE-2023-5517)
[bsc#1219852]
* A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these
features were enabled. This has been fixed. (CVE-2023-5679)
[bsc#1219853]
* Query patterns that continuously triggered cache database
maintenance could cause an excessive amount of memory to be
allocated, exceeding max-cache-size and potentially leading to
all available memory on the host running named being exhausted
This has been fixed. (CVE-2023-6516)
[bsc#1219854]
* Under certain circumstances, the DNS-over-TLS client code
incorrectly attempted to process more than one DNS message at a
time, which could cause named to crash with an assertion
failure. This has been fixed.
Bug Fixes:
* The counters exported via the statistics channel were changed
back to 64-bit signed values; they were being inadvertently
truncated to unsigned 32-bit values since BIND 9.15.0.
==== binutils ====
Version update (2.41 -> 2.42)
Subpackages: libctf-nobfd0 libctf0
- riscv-no-relax.patch: RISC-V: Don't generate branch/jump relocation if
symbol is local when no-relax
- Add binutils-disable-code-arch-error.diff to demote an
error about swapped .arch/.code directives to a warning.
It happens in the wild.
- Update to version 2.42:
* Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
'+rcpc2' and '+wfxt'
* Add experimantal support for GAS to synthesize call-frame-info for
some hand-written asm (--scfi=experimental) on x86-64.
* Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
* Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
SiFive VCIX v1.0.
* BPF assembler: ';' separates statements now, and does not introduce
line comments anymore (use '#' or '//' for this).
* x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
dynamic tags.
* risc-v ld: Add '--[no-]check-uleb128'.
* New linker script directive: REVERSE, to be combined with SORT_BY_NAME
or SORT_BY_INIT_PRIORITY, reverses the generated order.
* New linker options --warn-execstack-objects (warn only about execstack
when input object files request it), and --error-execstack plus
- -error-rxw-segments to convert the existing warnings into errors.
* objdump: Add -Z/--decompress to be used with -s/--full-contents to
decompress section contents before displaying.
* readelf: Add --extra-sym-info to be used with --symbols (currently
prints section name of references section index).
* objcopy: Add --set-section-flags for x86_64 to include
SHF_X86_64_LARGE.
* s390 disassembly: add target-specific disasm option 'insndesc',
as in "objdump -M insndesc" to display an instruction description
as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
for live patching since a long time.
==== bolt ====
Version update (0.9.6 -> 0.9.7)
- update to 0.9.7:
* Add a 'nopcie' security level since some devices report nopcie when Thunderbolt
is disabled through BIOS setting.
* Markdown lint styling is used for documents.
==== boost-base ====
Subpackages: boost-license1_84_0 libboost_filesystem1_84_0 libboost_iostreams1_84_0 libboost_locale1_84_0 libboost_thread1_84_0
- avoid obsolete rpm syntax
==== boost-extra ====
- avoid obsolete rpm syntax
==== branding-openSUSE ====
Subpackages: grub2-branding-openSUSE libreoffice-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE
- Remove update-alternatives usage, we don't have dynamic
wallpapers anymore which were using that (bsc#1219919).
==== btrfsprogs ====
Version update (6.7 -> 6.7.1)
Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1
- update to 6.7.1
* convert: raid-stripe-tree can be now enabled for the target filesystem
* mkfs:
* handle lifetime of open file descriptors so it does not trigger udev
that could miss to create the UUID symlinks in /dev
* update warning when CPU page size does not match sector size
* merge features in summary, no more distinction of incompat and runtime
to match the semantics of option -O
* fi show: fix recognizing raw device mapper paths
* other:
* documentation updates, fix links to labels in included directories
==== busybox-links ====
Subpackages: busybox-bzip2 busybox-coreutils busybox-diffutils busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-misc busybox-psmisc busybox-sed busybox-sendmail busybox-tar busybox-which busybox-xz
- busybox-udhcpc conflicts with udhcp.
==== curl ====
Subpackages: libcurl4
- Add patch to fix various TLS related issues including FTP over SSL
transmission timeouts:
* 0001-vtls-revert-receive-max-buffer-add-test-case.patch
- Switch to %autosetup
==== dav1d ====
Version update (1.3.0 -> 1.4.0)
- Update to version 1.4.0
* AVX-512 optimizations for z1, z2, z3 in 8bit and
high-bitdepth
* New architecture supported: loongarch
* Loongarch optimizations for 8bit
* New architecture supported: RISC-V
* RISC-V optimizations for itx
* Misc improvements in threading and in reducing binary size
* Fix potential integer overflow with extremely large frame
sizes (bsc#1220105, CVE-2024-1580)
==== dcraw ====
Subpackages: dcraw-lang
- Use %patch -P N instead of deprecated %patchN.
==== djvulibre ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== dnsmasq ====
Version update (2.89 -> 2.90)
- update to 2.90:
* CVE-2023-50387, CVE-2023-50868, bsc#1219823, bsc#1219826:
Denial Of Service while trying to validate specially crafted
DNSSEC responses
* Fix reversion in --rev-server introduced in 2.88 which caused
breakage if the prefix length is not exactly divisible by 8
(IPv4) or 4 (IPv6).
* Fix possible SEGV when there server(s) for a particular domain
are configured, but no server which is not qualified for a
particular domain.
* Set the default maximum DNS UDP packet sice to 1232.
Obsoletes: dnsmasq-CVE-2023-28450.patch
* Add --no-dhcpv4-interface and --no-dhcpv6-interface for better
control over which inetrfaces are providing DHCP service.
* Fix issue with stale caching
* Add configurable caching for arbitrary RR-types.
* Add --filter-rr option, to filter arbitrary RR-types.
==== dracut ====
Version update (059+suse.549.gc9f63878 -> 059+suse.554.g6144bf71)
- Update to version 059+suse.554.g6144bf71:
* fix(dracut.spec): update dracut-fips requirements (bsc#1219869)
- Update to version 059+suse.552.g4610ef1b:
* fix(dracut-util): do not call `strcmp` if the `value` argument is NULL (bsc#1219841)
==== e2fsprogs ====
Subpackages: e2fsprogs-scrub libcom_err2 libext2fs2
- Use %patch -P N instead of deprecated %patchN.
==== ebook-tools ====
- Use %patch -P N instead of deprecated %patchN.
==== ed ====
Version update (1.20 -> 1.20.1)
- GNU ed 1.20.1:
* New command-line options '+line', '+/RE', and '+?RE' have been
implemented to set the current line to the line number
specified or to the first or last line matching the regular
expression 'RE'.
* File names containing control characters 1 to 31 are now
rejected unless they are allowed with the command-line option
'--unsafe-names'.
* File names containing control characters 1 to 31 are now
printed using octal escape sequences.
* Ed now rejects file names ending with a slash.
* Intervening commands that don't set the modified flag no longer
make a second 'e' or 'q' command fail with a 'buffer modified'
warning.
* Tilde expansion is now performed on file names supplied to
commands; if a file name starts with '~/', the tilde (~) is
expanded to the contents of the variable HOME.
* Ed now warns the first time that a command modifies a buffer
loaded from a read-only file.
* It has been documented that 'e' creates an empty buffer if
file does not exist.
* It has been documented that 'f' sets the default filename,
whether or not its argument names an existing file.
* The description of the exit status has been improved in
'--help' and in the manual.
==== eekboard ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== efont-unicode-bitmap-fonts ====
- Use %patch -P N instead of deprecated %patchN.
==== ell ====
Version update (0.61 -> 0.62)
- Update to version 0.62
* Add support for cleanup functions and macros.
* Add support for setting DHCP max attempts.
==== emacs-flim ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== epson-inkjet-printer-escpr ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== espeak ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== expat ====
Version update (2.5.0 -> 2.6.0)
Subpackages: libexpat1
- Fix handling of xmlwf.1 to avoid workarounds in specfile:
* Added libxml2-fix-xmlwf.1-handling.patch
- Call buildconf.sh to avoid (future) issues with expat_config.h.in
- Update keyring automatically from keyserver during OBS service run.
- Explicitly use --without-docbook (before it was implicit).
- Include missing files for documentation and examples.
- Add manpage for xmlwf, which is now available in the released tarball.
- Clean the spec file a bit.
- Update to 2.6.0:
* Security fixes:
- CVE-2023-52425 (boo#1219559)
- - Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
- CVE-2023-52426 (boo#1219561)
- - Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
* Bug fixes:
- Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
- Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
- Protect against closing entities out of order
* Other changes:
- Improve support for arc4random/arc4random_buf
- Improve buffer growth in XML_GetBuffer and XML_Parse
- xmlwf: Support --help and --version
- xmlwf: Support custom buffer size for XML_GetBuffer and read
- xmlwf: Improve language and URL clickability in help output
- examples: Add new example "element_declarations.c"
- Be stricter about macro XML_CONTEXT_BYTES at build time
- Make inclusion to expat_config.h consistent
- Autotools: configure.ac: Support --disable-maintainer-mode
- Autotools: Sync CMake templates with CMake 3.26
- Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
- Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
- Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
- Autotools|CMake: Fix PACKAGE_BUGREPORT variable
- Autotools|CMake: Make test suite require a C++11 compiler
- CMake: Require CMake >=3.5.0
- CMake: Lowercase off_t and size_t to help a bug in Meson
- CMake: Sort xmlwf sources alphabetically
- CMake|Windows: Fix generation of DLL file version info
- CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
- docs: Document the importance of isFinal + adjust tests
accordingly
- docs: Improve use of "NULL" and "null"
- docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
- docs: reference.html: Promote function XML_ParseBuffer more
- docs: reference.html: Add HTML anchors to XML_* macros
- docs: reference.html: Upgrade to OK.css 1.2.0
- docs: Fix typos
- docs|CI: Use HTTPS URLs instead of HTTP at various places
- Address compiler warnings
- Address clang-tidy warnings
- Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
==== fde-tools ====
Subpackages: fde-tools-bash-completion fde-tpm-helper
- Add fde-tools-bsc1213945-set-rsa-key-size.patch to set
the highest supported RSA key size (bsc#1213945)
==== gcc ====
- Add gcc-build flavor for building ALP packages, but disabled for
openSUSE.
- Support building suffixed packages, but only allow installing one
variant at the same time.
- Remove obsolete obsoletes.
==== gcc14 ====
Version update (13.2.1+git8285 -> 14.0.1+git8957)
Subpackages: libasan8 libatomic1 libgcc_s1 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-locale libstdc++6-pp libtsan2 libubsan1
- Update to trunk head, 4a1cd5560b9b545eb848eb1d1e06d345fb, git8957
* bumps libgphobos and libgdrundime SONAME
- Use %patch -P N instead of %patchN
- Refresh gcc44-rename-info-files.patch
==== gd ====
Subpackages: libgd3
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== gdm ====
Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0
- Drop gdm-disable-wayland-on-mgag200-chipsets.patch: fixed
upstream since version 43.0.
==== gegl ====
Version update (0.4.46 -> 0.4.48)
Subpackages: gegl-0_4 libgegl-0_4-0
- Update to version 0.4.48:
+ Core:
- GeglColor extended with GBytes API, and space aware accesors
for RGB and CMYK. Better runtime handling of mismatched GEGL
ops in graphs.
+ Build:
- Use gi-docgen
- Updated vendored libraries
- ctx has been updated from upstream.
+ Operations:
- dropshadow: Fix shrinking with negative-grow radius.
- mantiuk: opt out of OpenMP when building with clang.
- voroni: fix crash.
- shuffle-search: in progress (in workshop, not built by
default) brute-force dither optimizer.
- prepare gi-docgen documentation. disabled for now.
- Replace BuildRequires libSDL2-devel with pkgconfig(sdl2) which
fixes building in SLE where both libSDL2-devel and a newer
SDL2-devel packages are available.
==== git ====
Version update (2.43.0 -> 2.43.2)
Subpackages: git-core git-email git-web perl-Git
- Do not replace apparmor configuration, fixes bsc#1216545
- update to 2.43.2:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43...
* Update to a new feature recently added, "git show-ref --exists".
* Rename detection logic ignored the final line of a file if it
is an incomplete line.
* "git diff --no-rename A B" did not disable rename detection but
did not trigger an error from the command line parser.
* "git diff --no-index file1 file2" segfaulted while invoking the
external diff driver, which has been corrected.
* A failed "git tag -s" did not necessarily result in an error
depending on the crypto backend, which has been corrected.
* "git stash" sometimes was silent even when it failed due to
unwritable index file, which has been corrected.
* Recent conversion to allow more than 0/1 in GIT_FLUSH broke the
mechanism by flipping what yes/no means by mistake, which has
been corrected.
- update to 2.43.1:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43...
==== gnome-control-center ====
Version update (45.2 -> 45.3)
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces
- Update to version 45.3:
+ Datetime: Fix build with -Wincompatible-pointer-types.
+ Region: Prevent preview crash from accessing invalid pointer.
+ Wifi: Fix build with -Wincompatible-pointer-types.
- Drop gnome-control-center-fix-region-preview-crash.patch: fixed
upstream.
==== gnome-maps ====
- Update license based on legaldb review
==== gnome-music ====
Version update (45.0 -> 45.1)
- Update to version 45.1:
+ Tracker queries improvements.
==== gnome-shell ====
Subpackages: gnome-extensions gnome-shell-calendar
- Add gjs Requires, because ScreenSaver DBus daemon is a gjs
script. (bsc#1219359)
==== gpgme ====
Subpackages: libgpgme11 libgpgmepp6
- Update gpgme-D545-obsolete-distutils.patch with upstream's
changes (but use pip instead of python-build for wheel building)
- Change from in-place build to out-of-place build in order to
reflect upstream's build setup (See D545)
- Don't replace distutils in 15.X
==== gpgmeqt ====
- Update gpgme-D545-obsolete-distutils.patch with upstream's
changes (but use pip instead of python-build for wheel building)
- Change from in-place build to out-of-place build in order to
reflect upstream's build setup (See D545)
- Don't replace distutils in 15.X
==== graphviz ====
Subpackages: libcdt5 libcgraph6 libgvc6 libpathplan4
- Use %patch -P N instead of deprecated %patchN.
- Update graphviz-rpmlintrc
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin
- Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg
(bsc#1219248) (bsc#1181762)
* grub2-xen-pv-firmware.cfg
* 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch
- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
SLE-15-SP2 (bsc#1217102)
* add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
- Sort tar file order for reproducible builds
==== hdparm ====
- Use %patch -P N instead of deprecated %patchN.
==== hfsutils ====
- Use %patch -P N instead of deprecated %patchN.
==== highway ====
Version update (1.0.7 -> 1.1.0)
- Update to release 1.1.0
* Add BitCastScalar, DispatchedTarget, Foreach
* Add Div/Mod and MaskedDiv/ModOr, SaturatedAbs, SaturatedNeg
* Add InterleaveWholeLower/Upper, Dup128VecFromValues
* Add IsInteger, IsIntegerLaneType, RemoveVolatile, RemoveCvRef
* Add MaskedAdd/Sub/Mul/Div/Gather/Min/Max/SatAdd/SatSubOr
* Add MaskFalse, IfNegativeThenNegOrUndefIfZero, PromoteEven/OddTo
* Add ReduceMin/Max, 8-bit reductions, f16 <-> f64 conversions
* Add Span, AlignedArray, matrix-vector mul
* Add SumsOf2/4, I8 SumsOf8, SumsOfAdjQuadAbsDiff,
SumsOfShuffledQuadAbsDiff
* Extend Dot to f32*bf16, FMA to integer
* Fix: RVV 8-bit overflow, UB in vqsort, big-endian bugs, PPC HTM
* New targets: HWY_Z14, HWY_Z15
==== hp2xx ====
- Use %patch -P N instead of deprecated %patchN.
==== hplip ====
Subpackages: hplip-hpijs hplip-sane hplip-udev-rules
- Use %patch -P N instead of deprecated %patchN.
==== hwdata ====
Version update (0.378 -> 0.379)
- update to 0.379:
* Update pci, usb and vendor ids
==== ibus ====
Subpackages: libibus-1_0-5 typelib-1_0-IBus-1_0
- Use %patch -P N instead of deprecated %patchN.
==== intlfonts ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== iso_ent ====
- Use %patch -P N instead of deprecated %patchN.
==== jasper ====
Version update (4.2.0 -> 4.2.1)
- Update to 4.2.1:
* Fix a build problem for the DJGPP/MS-DOS environment (#372).
==== jfsutils ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
==== kColorPicker-Qt5 ====
- Fix build on Leap. The Qt6 packaging macros set the minimum
compiler version
- Change %post/%postun to %ldconfig_scriptlets
==== kernel-firmware ====
Version update (20240201 -> 20240220)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20240220 (git commit 73b4429fae36):
* linux-firmware: update firmware for en8811h 2.5G ethernet phy
* linux-firmware: add firmware for MT7996
* xe: First GuC release for LNL and Xe
* i915: Add GuC v70.20.0 for ADL-P, DG1, DG2, MTL and TGL
* linux-firmware: Add CS35L41 firmware for Lenovo Legion 7i gen7 laptop (16IAX7)
* brcm: Add nvram for the Asus Memo Pad 7 ME176C tablet
* ice: update ice DDP package to 1.3.36.0
* Intel IPU3 ImgU: Move firmware file under intel/ipu
* Intel IPU6: Move firmware binaries under ipu/
* check_whence: Add a check for duplicate link entries
* WHENCE: Clean up section separators
* linux-firmware: Add CS35L41 firmware for additional ASUS Zenbook 2023 models
* panthor: Add initial firmware for Gen10 Arm Mali GPUs
* amdgpu: DMCUB Updates for DCN321: 7.0.38.0
* amdgpu: DMCUB updates for Yellow Carp: 4.0.68.0
* qcom: update venus firmware file for v5.4
* Montage: add firmware for Mont-TSSE
* amdgpu: update DMCUB to v0.0.203.0 for DCN314 and DCN32
* linux-firmware: Remove 2 HP laptops using CS35L41 Audio Firmware
* linux-firmware: Fix filenames for some CS35L41 firmwares for HP
- Use patch macro -P option for RPM 4.20
==== kernel-source ====
Version update (6.7.4 -> 6.7.5)
- Linux 6.7.5 (bsc#1012628).
- ext4: regenerate buddy after block freeing failed if under fc
replay (bsc#1012628).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
(bsc#1012628).
- dmaengine: ti: k3-udma: Report short packet errors
(bsc#1012628).
- dmaengine: fsl-qdma: Fix a memory leak related to the status
queue DMA (bsc#1012628).
- dmaengine: fsl-qdma: Fix a memory leak related to the queue
command DMA (bsc#1012628).
- phy: qcom-qmp-usb: fix register offsets for ipq8074/ipq6018
(bsc#1012628).
- phy: qcom-qmp-usb: fix serdes init sequence for IPQ6018
(bsc#1012628).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
(bsc#1012628).
- perf tests: Add perf script test (bsc#1012628).
- perf test: Fix 'perf script' tests on s390 (bsc#1012628).
- perf evlist: Fix evlist__new_default() for > 1 core PMU
(bsc#1012628).
- dmaengine: fix is_slave_direction() return false when
DMA_DEV_TO_DEV (bsc#1012628).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
(bsc#1012628).
- cifs: avoid redundant calls to disable multichannel
(bsc#1012628).
- cifs: failure to add channel on iface should bump up weight
(bsc#1012628).
- drm/msms/dp: fixed link clock divider bits be over written in
BPC unknown case (bsc#1012628).
- drm/msm/dp: return correct Colorimetry for
DP_TEST_DYNAMIC_RANGE_CEA case (bsc#1012628).
- drm/msm/dpu: check for valid hw_pp in
dpu_encoder_helper_phys_cleanup (bsc#1012628).
- wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig
(bsc#1012628).
- x86/efistub: Give up if memory attribute protocol returns an
error (bsc#1012628).
- x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
(bsc#1012628).
- net: stmmac: xgmac: fix handling of DPP safety error for DMA
channels (bsc#1012628).
- wifi: cfg80211: consume both probe response and beacon IEs
(bsc#1012628).
- wifi: mac80211: fix RCU use in TDLS fast-xmit (bsc#1012628).
- wifi: mac80211: fix unsolicited broadcast probe config
(bsc#1012628).
- wifi: mac80211: fix waiting for beacons logic (bsc#1012628).
- wifi: iwlwifi: exit eSR only after the FW does (bsc#1012628).
- wifi: brcmfmac: Adjust n_channels usage for __counted_by
(bsc#1012628).
- netdevsim: avoid potential loop in nsim_dev_trap_report_work()
(bsc#1012628).
- net: atlantic: Fix DMA mapping for PTP hwts ring (bsc#1012628).
- selftests: net: cut more slack for gro fwd tests (bsc#1012628).
- selftests/net: convert unicast_extensions.sh to run it in
unique namespace (bsc#1012628).
- selftests/net: convert pmtu.sh to run it in unique namespace
(bsc#1012628).
- selftests/net: change shebang to bash to support "source"
(bsc#1012628).
- selftests: net: fix tcp listener handling in pmtu.sh
(bsc#1012628).
- selftests: net: avoid just another constant wait (bsc#1012628).
- tsnep: Fix mapping for zero copy XDP_TX action (bsc#1012628).
- tunnels: fix out of bounds access when building IPv6 PMTU error
(bsc#1012628).
- atm: idt77252: fix a memleak in open_card_ubr0 (bsc#1012628).
- octeontx2-pf: Fix a memleak otx2_sq_init (bsc#1012628).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (bsc#1012628).
- hwmon: (coretemp) Fix out-of-bounds memory access (bsc#1012628).
- hwmon: (coretemp) Fix bogus core_id to attr name mapping
(bsc#1012628).
- inet: read sk->sk_family once in inet_recv_error()
(bsc#1012628).
- drm/i915/gvt: Fix uninitialized variable in handle_mmio()
(bsc#1012628).
- x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat
section (bsc#1012628).
- rxrpc: Fix generation of serial numbers to skip zero
(bsc#1012628).
- rxrpc: Fix delayed ACKs to not set the reference serial number
(bsc#1012628).
- rxrpc: Fix response to PING RESPONSE ACKs to a dead call
(bsc#1012628).
- rxrpc: Fix counting of new acks and nacks (bsc#1012628).
- selftests: net: let big_tcp test cope with slow env
(bsc#1012628).
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (bsc#1012628).
- af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC
(bsc#1012628).
- devlink: avoid potential loop in
devlink_rel_nested_in_notify_work() (bsc#1012628).
- ppp_async: limit MRU to 64K (bsc#1012628).
- selftests: cmsg_ipv6: repeat the exact packet (bsc#1012628).
- netfilter: nft_compat: narrow down revision to unsigned 8-bits
(bsc#1012628).
... changelog too long, skipping 163 lines ...
- commit 1dccf2a
==== keyutils ====
Subpackages: libkeyutils1
- Use %patch -P N instead of deprecated %patchN.
==== kmozillahelper ====
- Remove rpm_macro(cmake_kf5) BR, not supported on Leap and
extra-cmke-modules already takes care of that.
==== kvm_stat ====
Version update (6.7.4 -> 6.7.5)
- Use %patch -P N instead of deprecated %patchN.
==== lastlog2 ====
Version update (1.2.0 -> 1.3.1)
Subpackages: liblastlog2-1
- Verson 1.3.1
- pam_lastlog2: improve ll2_read_entry error handling [bsc#1220000]
- Version 1.3.0
- fix sqlite3_step error handling
==== libHX ====
Version update (4.21 -> 4.23)
- Update to release 4.23
* io: use smaller chunks with sendfile(2) to work around
unusual API behavior
* io: make HX_copy_file() utilize copy_file_range when available
==== libadwaita ====
Version update (1.4.2 -> 1.4.3)
Subpackages: libadwaita-1-0 typelib-1_0-Adw-1
- Update to version 1.4.3:
+ AdwAboutWindow: Don't pre-select the first section on the Legal
page.
+ AdwHeaderBar: Fix visibility after changing :show-back-button.
+ AdwPreferencesWindow: Fix :visible-page and :visible-page-name
docs.
+ AdwViewSwitcherBar: Fix a warning when empty.
+ Updated translations.
==== libapparmor ====
- Use %patch -P N instead of deprecated %patchN.
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
allow version specific engdef & engines openssl paths (boo#1219571)
==== libblockdev ====
Version update (3.0.4 -> 3.1.0)
Subpackages: libbd_btrfs3 libbd_crypto3 libbd_fs3 libbd_loop3 libbd_lvm3 libbd_mdraid3 libbd_nvme3 libbd_part3 libbd_swap3 libbd_utils3 libblockdev3
- Update to 3.1.0:
* Add BDPluginSpec constructor and use it in plugin_specs_from_names
* overrides: Remove unused 'sys' import
* swap: Add support for checking label and UUID format
* fs: Add a function to check label format for F2FS
* fs: Add a generic function to check for fs info availability
* fs: Fix allowed UUID for generic mkfs with VFAT
* fs: Add support for getting filesystem min size for NTFS and Ext
* Mark NVDIMM plugin as deprecated since 3.1
* part: Fix potential double free when getting parttype
* Fix missing progress initialization in bd_crypto_luks_add_key
* lvm-dbus: Fix leaking error
* lvm-dbus: Avoid using already-freed memory
* utils: Add expected printf string annotation
* fs: Report reason for open() and ioctl() failures
==== libdbusmenu-qt5 ====
- Switch to %autosetup
- Drop obsolete patch:
* full_include_dir.patch
==== libdecor ====
Subpackages: libdecor-0-0
- Remove the -devel package from baselibs.conf
==== libdeflate ====
- baselibs for tools and devel reportedly not needed
- modified sources
% baselibs.conf
- introduce baselibs.conf for openexr
https://build.opensuse.org/request/show/1144873
- added sources
+ baselibs.conf
==== libei ====
- Add baselibs.conf: GNOME 46's at-spi2-core newly linkes libei,
and the at-spi stack is made available bi-arch.
==== libguestfs ====
Subpackages: libguestfs-appliance libguestfs-xfs libguestfs0
- bsc#1206361 - SLES 15 SP5 Beta2 - virt-customize ssh-inject fails
(s390x/kvm/libvirt) (-> Server-Applications module)
use-rtc-driftfix-slew-for-x86-only.patch
==== libgusb ====
- Explicitly require python311-packaging if python 3.11 is being
used. On SLE, python 3.6 is still the default, but 3.11 is used
by meson. Drop python3-base from BuildRequires: it is not
needed, since python will be pulled in by meson.
==== libjpeg-turbo ====
- Update to version 3.0.2
* Fixed a signed integer overflow in the tj3CompressFromYUV8(),
tj3DecodeYUV8(), tj3DecompressToYUV8(), and tj3EncodeYUV8()
functions, detected by the Clang and GCC undefined behavior
sanitizers, that could be triggered by setting the align
parameter to an unreasonably large value. This issue did not
pose a security threat, but removing the warning made it
easier to detect actual security issues, should they arise in
the future.
* Introduced a new parameter (TJPARAM_MAXMEMORY in the
TurboJPEG C API and TJ.PARAM_MAXMEMORY in the TurboJPEG Java
API) and a corresponding TJBench option (-maxmemory) for
specifying the maximum amount of memory (in megabytes) that
will be allocated for intermediate buffers, which are used
with progressive JPEG compression and decompression, optimized
baseline entropy coding, lossless JPEG compression, and
lossless transformation. The new parameter and option serve
the same purpose as the max_memory_to_use field in the
jpeg_memory_mgr struct in the libjpeg API, the JPEGMEM
environment variable, and the cjpeg/djpeg/jpegtran -maxmemory
option.
* Introduced a new parameter (TJPARAM_MAXPIXELS in the TurboJPEG
C API and TJ.PARAM_MAXPIXELS in the TurboJPEG Java API) and a
corresponding TJBench option (-maxpixels) for specifying the
maximum number of pixels that the decompression, lossless
transformation, and packed-pixel image loading
functions/methods will process.
* Fixed an error ("Unsupported color conversion request") that
occurred when attempting to decompress a 3-component lossless
JPEG image without an Adobe APP14 marker. The decompressor
now assumes that a 3-component lossless JPEG image without an
Adobe APP14 marker uses the RGB colorspace if its component
IDs are 1, 2, and 3.
==== libjxl-gtk ====
Version update (0.9.2 -> 0.10.0)
Subpackages: gdk-pixbuf-loader-jxl gimp-plugin-jxl
- Update to release 0.10
* decoder: added ``JxlDecoderGetBoxSizeContents`` for getting the
size of the content of a box without the headers.
* encoder: implemented new API functions for streaming encoding.
==== liblangtag ====
Version update (0.6.4 -> 0.6.7)
- version update to 0.6.7
0.6.6 -> 0.6.7
=================
Akira TAGOH (1):
Add missing header
0.6.5 -> 0.6.6
=================
Akira TAGOH (2):
Do not use variable array of bash-ism.
Fix more compile warnings
- deleted patches
- 0001-ro-MD-ro-to-get-make-check-to-succeed.patch (upstreamed)
==== libnvme ====
Version update (1.7.1+0.g13ba383 -> 1.8+0.gbff7dda)
Subpackages: libnvme-mi1 libnvme1
- Update to version 1.8+0.gbff7dda:
* linux: Explicitly initialize auto-cleanup variables
* example: fix mi identify failed with error cntid
* tree: do not issue an error when subsys lookup fails during scanning
* types: Add controller properties CMBEBS, CMBSWTP and NSSD
* tests: Add sample NBFT table from Dell PowerEdge R660
* tests: Add sample NBFT table from Dell PowerEdge R760
* tests: Fix diffs output for duplicate HFI entries
* nbft: avoid duplicate entries in ssns->hfis
* nbft: Fix (struct nbft_info_subsystem_ns).num_hfis off-by-one
* test: read and dump sysfs tar file
* nvme: allow to overwrite hostnqn and hostid
* nvme: allow to overwrite base sysfs path
* json: dump the output to the user selected filedescriptor
* libnvme: export nvme_dump_tree
* fabrics: add 'concat' option
* mi: set correct rc and errno when crc mismatch
* tree: use logical block size for lba
* json-schema: add keyring and tls_key details (bsc#1219086)
* build: checkout full repo for checkpatch
* linux: avoid segfault in check-tls-key due to null hostnqn/subsysnqn (bsc#1219086)
* meson.build: fixup 'join' syntax
* util: Explicitly initialize auto-cleanup variables
* tree: Explicitly initialize auto-cleanup variables
* linux: Explicitly initialize auto-cleanup variables
* fabrics: Explicitly initialize auto-cleanup variables
* util: Added function to find specific UUID in UUID list.
* build: fix release python tag match
- Disable new unit test which is not running stable in OSB
* add 0001-build-disable-sysfs-test.patch
==== libpaper ====
Version update (2.1.2 -> 2.1.3)
Subpackages: libpaper-tools libpaper2
- Update 2.1.3:
* This release fixes a small problem with the paperspecs(5) man page,
and ensures that the name of the âpaperâ program is always set,
even in a non-relocatable build.
==== libphonenumber ====
Version update (8.13.23 -> 8.13.30)
- Update to version 8.13.30:
* Update alternate formatting data, phone metadata, geocoding
data, carrier data
* Updated / refreshed time zone meta data.
* New geocoding data
- Add patch submitted to upstream at gh#google/libphonenumber#3394
to fix building with protobuf 3.25.1:
* 0001-Add-support-to-protobuf-3.25.1.patch
- Add patch submitted in gh#sergiomb2/libphonenumber#1 by
Fabian Vogt:
* 0002-Avoid-intermediate-proto-object-library.patch
==== libpng16 ====
Version update (1.6.40 -> 1.6.42)
- Update to version 1.6.42:
* Fixed the implementation of the macro function "png_check_sig".
This was an API regression, introduced in libpng-1.6.41.
(Reported by Matthieu Darbois)
==== libqt5-qtbase ====
Version update (5.15.12+kde147 -> 5.15.12+kde151)
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3
- Update to version 5.15.12+kde151:
* Improve KTX file reading memory safety (CVE-2024-25580, boo#1219996)
* Revert "xcb: only set base size when it's valid"
* Fix potential leak of QPropertyAnimation in QLineEditIconButton
* QBitArray: correct inline keyword
==== libqt5-qtwebengine ====
- Switch to '%patch -P'
- Build with python 3.11 on Leap
==== libshumate ====
Subpackages: libshumate-1_0-1 typelib-1_0-Shumate-1_0
- Update licenses based on legaldb review
==== libstorage-ng ====
Version update (4.5.176 -> 4.5.191)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- Translated using Weblate (Finnish) (bsc#1149754)
- 4.5.191
- Translated using Weblate (Indonesian) (bsc#1149754)
- 4.5.190
- merge gh#openSUSE/libstorage-ng#986
- log textdomain codeset
- 4.5.189
- merge gh#openSUSE/libstorage-ng#985
- log locale
- 4.5.188
- merge gh#openSUSE/libstorage-ng#984
- log some languange environmant variables
- log some language environment variables
- 4.5.187
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.186
- Translated using Weblate (Swedish) (bsc#1149754)
- 4.5.185
- Translated using Weblate (Czech) (bsc#1149754)
- 4.5.184
- Translated using Weblate (Slovak) (bsc#1149754)
- 4.5.183
- merge gh#openSUSE/libstorage-ng#983
- fixed typo
- 4.5.182
- Translated using Weblate (Dutch) (bsc#1149754)
- 4.5.181
- Translated using Weblate (Japanese) (bsc#1149754)
- Translated using Weblate (Catalan) (bsc#1149754)
- merge gh#openSUSE/libstorage-ng#982
- updated pot and po files
- 4.5.180
- Translated using Weblate (Georgian) (bsc#1149754)
- 4.5.179
- merge gh#openSUSE/libstorage-ng#981
- fix reusing volume group name (bsc#1219266)
- 4.5.178
- merge gh#openSUSE/libstorage-ng#980
- added experimental support for bcachefs
- 4.5.177
==== libunwind ====
Version update (1.7.2 -> 1.8.0)
- Disable LTO on aarch64 until upstream fix the issue:
https://github.com/libunwind/libunwind/issues/693
- Update to 1.8.0:
* Improve unwinding through a bad function pointer on x86_64
* Fix UMRs indicated by valgrind (x86_64)
* fix byte_order_is_valid function logic
* Use size_t to match R.H.S
* Move get_proc_info_in_range under dwarf/
* Bump actions/checkout@v2 to @V3
* dwarf_find_unwind_table: Find load_base correctly when current
segment does not start at segbase
* Add introspection for march=armv8-a+sve
* Linux: Make get_elf_image guaranteed AS-safe
* Provide syscall wrappers for mmap and munmap
* Allow to use a custom dl_iterate_phdr implementation
* aarch64: unw_step() validates address before calling dwarf_get
* Provide AS-safe allocator to LZMA
* Rework register load in aarch64_local_resume()
* Fix arm postdecrement
* Added support for unwinding through PPC64 PLT entries
* Fix array indexing bug in dwarf_search_unwind_table
* Fix unaligned memory accesses in */Ginit.c
* Get filename and offset from ip
* Fix maps leak if caller's pathlen is too small
* Adjust DYNAMIC addrs in loaded image
* Fix crash in elf_w(valid_object)
* Fix segfault on QNX
==== make ====
- Use %patch -P
==== man ====
- We don't need anymore systemd-tmpfiles (boo#1219370#c13)
- Move creation of /var/cache/man into %pre scriplet (boo#1219370)
==== mariadb ====
Version update (11.2.2 -> 11.2.3)
Subpackages: libmariadbd19 mariadb-client mariadb-errormessages
- Update to 11.2.3:
https://mariadb.com/kb/en/mariadb-11-2-3-release-notes/
https://mariadb.com/kb/en/mariadb-11-2-3-changelog/
- Update list of skipped tests
==== mdevctl ====
- Add /usr/lib/mdevctl/scripts.d/{callouts,notifiers} directories
==== mozilla-nss ====
Version update (3.96.1 -> 3.97)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.97
* bmo#1875506 - make Xyber768d00 opt-in by policy
* bmo#1871631 - add libssl support for xyber768d00
* bmo#1871630 - add PK11_ConcatSymKeys
* bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
* bmo#1871152 - add a FreeBL API for Kyber
* bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
* bmo#1835828 - Removing the calls to RSA Blind from loader.*
* bmo#1874111 - fix worker type for level3 mac tasks
* bmo#1835828 - RSA Blind implementation
* bmo#1869642 - Remove DSA selftests
* bmo#1873296 - read KWP testvectors from JSON
* bmo#1822450 - Backed out changeset dcb174139e4f
* bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* bmo#1871219 - Wrap CC shell commands in gyp expansions
==== mpg123 ====
Version update (1.32.4 -> 1.32.5)
Subpackages: libmpg123-0 mpg123-openal
- Update to version 1.32.5
build:
* CMake port uses CFLAGS for pulse/jack/tinyalsa properly now (bug 366).
* CMake port links libsyn123 with libm now (bug 370).
libmpg123:
* Fix --enable-portable (no usage of LFS_WRAP_NONE, bug 368).
* Fix dct36 wrapper usage for x86-64 and NEON. Stupid (bug 367) and
also avoid returning void.
* Make ARM builds work with nagging (missing feature macros for std=c99).
==== mtools ====
- Use %autosetup macro.
==== multipath-tools ====
Version update (0.9.7+93+suse.e2f2272 -> 0.9.8~1+82+suse.dcd98a3)
Subpackages: kpartx libmpath0
- Update to version 0.9.8~1+82+suse.dcd98a3:
* Adapt package version such that it shows as a 0.9.8 prerelease
* Add missing udev rules file
- Update to version 0.9.7+148+suse.9780ae0:
* 11-dm-mpath.rules: Fix quoting mistake (bsc#1219142)
- Update to version 0.9.7+148+suse.7d9953e.obscpio
* This is a multipath-tools 0.9.8 pre-release
* fix fast_io_fail for Infinibox (bsc#1219348)
* Fix activation of LVM volume groups during coldplug (bsc#1219142)
- Update to version 0.9.7+140+suse.2d78457:
* This is a multipath-tools 0.9.8 pre-release
* Socket activation via multipathd.socket has been disabled by default
because it has undesirable side effects on systems without multipath.
Users with multipath hardware should enable multipathd.service
* The restorequeueing CLI command now only enables queueing if
disablequeueing had been sent before
* Avoid multipathd hang during map flush
* multipathd now tracks the queueing mode of maps in its internal features string
* Improve error messages in 'multipathd -k'
* Fix segfault in autoresize code (bsc#1219289)
* Fix missing map reloads (bsc#1219796)
* Documentation fixes, spelling fixes, minor code fixes
==== musepack ====
- Use %patch -P N instead of deprecated %patchN.
==== ncurses ====
Version update (6.4.20240120 -> 6.4.20240210)
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20240210
+ compiler-warning fixes, while investigating an optimizer bug in
"gcc (MacPorts gcc13 13.2.0_4+stdlib_flag) 13.2.0"
which results in only the first byte of a multibyte character being
printed to the screen.
- Change order of use=vt100+4bsd and use=rxvt+pcfkeys in rxvt-basic
to get correct arrow keys back (boo#1219626)
- Add ncurses patch 20240203
+ minor changes to tracing and locale-checks.
- Add ncurses patch 20240127
+ amend change to z39-a (report by Sven Joachim).
+ use xterm+nopcfkeys, vt52-basic, dec+pp, dec+sl, vt52+arrows,
hp+pfk+cr, klone+acs, klone+color, klone+sgr, ncr160wy50+pp
to trim -TD
+ NetBSD-related fixes for x68k and wsvt52 (patch by Thomas Klausner)
==== neon ====
- Use %patch -P N instead of deprecated %patchN.
==== nodejs21 ====
Version update (21.5.0 -> 21.6.2)
Subpackages: npm21
- Update to 21.6.2: (security updates)
* (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
* (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High)
* (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High)
* (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
* libuv version 1.48.0
- Update to 21.6.1:
* Revert "stream: fix cloned webstreams not being unref'd"
- Changes in 21.6.0:
* New connection attempt events
* --allow-addons to enable addon usage when using the Permission Model.
* Support configurable snapshot through --build-snapshot-config flag
- fix_ci_tests.patch: refreshed
==== nvidia-open-driver-G06-signed ====
Version update (545.29.06_k6.7.4_1 -> 545.29.06_k6.7.5_1)
- re-enable build of -azure kernel flavor; syntax check was wrong
- remove conflicts to nvidia-open-driver-G06-kmp, since it's now
provided instead (OMG!); add obsoletes to it as well to make
sure it gets replaced (bsc#1220196)
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
- kernel-syms-azure is not available on ALP
==== nvme-cli ====
Version update (2.7.1 -> 2.8)
Subpackages: nvme-cli-bash-completion
- Update to version 2.8:
* nvme-print-json: append array object in json_support_log
* sed: Add plugin for basic SED Opal operations (jsc#PED-5061)
* don't include newlines in already wrapped text
* nvme: do not include meta data for PRACT=1 and MD=8 (version 2)
* create-ns: align the namespaces to 1Mib boundaries when using SI suffixes
* doc: Fix config-schema.json's URL
* plugins/solidigm: Compressing vs-internal-log log files into zip file.
* nbft: do not issue an error if ACPI tables are missing
* nbft: fixup include for libnvme
* doc: Fix short option name for cfg-file
* completions: added Solidigm plugin to autocomplete scripts
* nvme: Remove unused cfg argument from NVME_ARGS() macro
* nvme: fix directive receive identify offsets
* nvme-fabrics: enable option 'concat'
* build: Update libnvme wrap
* plugins/wdc: Add Debug Log Collection Support
* nbft: fix tcp/dhcp address fallback retry (bsc#1218873)
* nvme: use correct telemetry log size
* nvme-print: fix typo in list verbose output (bsc#1219086)
* nvme: print inserted tls key for check-tls-key (bsc#1219086)
* plugins/wdc: Plugin fixes and updates
* fabrics: move hostid/hostnqn warnings to verbose level (bsc#1219086)
==== obex-data-server ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
- Clean spec file
==== openssl-1_1 ====
Subpackages: libopenssl1_1
- Enable running the regression tests in FIPS mode.
==== openvpn ====
Version update (2.6.8 -> 2.6.9)
- update to 2.6.9:
* Remove unused function prototype crypto_adjust_frame_parameters
* Log SSL alerts more prominently
* Document tls-exit option mainly as test option
* Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway
* Fix check_session_buf_not_used using wrong index
* Add missing check for nl_socket_alloc failure
* Add check for nice in cmake config
* Remove compat versionhelpers.h and remove cmake/configure check for it
* Extend the error message when TLS 1.0 PRF fails
* Fix unaligned access in macOS, FreeBSD, Solaris hwaddr
* Check PRF availability on initialisation and add --force-tls-key-material-export
* Make it more explicit and visible when pkg-config is not found
* Clarify that the tls-crypt-v2-verify has a very limited env set
* Implement the --tls-export-cert feature
* Remove conditional text for Apache2 linking exception
* Remove --tls-export-cert
* Remove superfluous x509_write_pem()
* sample-keys: renew for the next 10 years
* GHA: clean up libressl builds with newer libressl
* configure.ac: Remove unused AC_TYPE_SIGNAL macro
* documentation: remove reference to removed option --show-proxy-settings
* unit_tests: remove includes for mock_msg.h
* documentation: improve documentation of --x509-track
* NTLM: add length check to add_security_buffer
* NTLM: increase size of phase 2 response we can handle
* proxy-options.rst: Add proper documentation for --http-proxy-user-pass
* buf_string_match_head_str: Fix Coverity issue 'Unsigned compared against 0'
* --http-proxy-user-pass: allow to specify in either order with --http-proxy
* README.cmake.md: Document minimum required CMake version for --preset
* documentation: Update and fix documentation for --push-peer-info
* documentation: Fixes for previous fixes to --push-peer-info
* OpenBSD: repair --show-gateway
* get_default_gateway() HWADDR overhaul
* fix uncrustify complaints about previous patch
* preparing release 2.6.9
* dco-freebsd: dynamically re-allocate buffer if it's too small
* tun.c: don't attempt to delete DNS and WINS servers if they're not set
* vcpkg-ports/pkcs11-helper: bump to version 1.30
* Add support for mbedtls 3.X.Y
* Update README.mbedtls
* Disable TLS 1.3 support with mbed TLS
* Enable key export with mbed TLS 3.x.y
* protocol_dump: tls-crypt support
* Fix IPv6 route add/delete message log level
* fix(ssl): init peer_id when init tls_multi
==== orc ====
Version update (0.4.34 -> 0.4.37)
- version update to 0.4.37
0.4.37
======
- enable neon instructions on Apple ARM64 (Aleix Conchillo Flaqué)
- orcc: Fix regression, was hard-coded to use "sse" as default target (Sebastian Dröge)
- MMX backend fixes (L. E. Segovia, Jorge Zapata)
- testsuite: Build fixes for Clang (L. E. Segovia)
- testsuite, tools: Fix warning caused by inserting unneeded source operands (L. E. Segovia)
- orccompiler: call sys_icache_invalidate() to invalidate macos inst cache (Aleix Conchillo Flaqué)
- macOS/iOS version/target check build fixes (Aleix Conchillo Flaqué)
0.4.36
======
- Only use AVX / AVX2 instructions on CPUs that support both AVX and AVX2
(fixes crash on machines that only support AVX) (L. E. Segovia)
0.4.35
======
- Add support for AVX / AVX2 (L. E. Segovia)
- SSE backend improvements (L. E. Segovia)
- New `orf` and `andf` opcodes for bitwise AND and OR for single precision floats (Jorge Zapata)
- Add support for `convwf`, int16 to float conversion (Jorge Zapata)
- Allow backend selection through ORC_TARGET environment variable (L. E. Segovia)
- Documentation improvements (Jorge Zapata, L. E. Segovia, Tim-Philipp Müller)
- orconce: Use Win32 once implementation with MSVC (Seungha Yang, L. E. Segovia)
- orcc: add --binary option to output raw machine code for functions (L. E. Segovia)
- orcprofile: Implement Windows high-resolution timestamp for MSVC
to allow benchmarking on MSVC builds (L. E. Segovia)
==== osinfo-db ====
- Add support for SLE Micro 6.0 (jsc#PED-6305)
add-slem6.0-support.patch
- Add support for openSUSE Leap 15.6 (jsc#PED-6305)
add-opensuse-leap-15.6-support.patch
==== pam-config ====
Version update (2.10 -> 2.11)
- Update to version 2.11
- pam_gnome_keyring: use options in AUTH [bsc#1219767]
==== parted ====
Subpackages: libparted-fs-resize0 libparted2
- avoid deprecated rpm syntax
==== patterns-server ====
Subpackages: patterns-server-dhcp_dns_server patterns-server-directory_server patterns-server-file_server patterns-server-kvm_server patterns-server-kvm_tools patterns-server-lamp_server patterns-server-mail_server patterns-server-printing
- Do not recommend mailman: pulls a 2nd python stack.
- kvm_server pattern:
- stop Recommending tigervnc and virt-install as they're 100%
client tools. In fact, it is the kvm_tools pattern that does
Require them (leave them as Suggested, for now, just to leave
a record of them... but only temporarily).
Note that this will result in a different behavior, wrt to the current
one. I.e., anyone installing _only_ the kvm_server pattern, will
not get those two packages automatically.
==== pcr-oracle ====
- Add fix_loader_conf.patch to measure the systemd-boot loader.conf file
==== pcre2 ====
Version update (10.42 -> 10.43)
Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0
- pcre2 10.43:
* The JIT code no longer supports ARMv5 architecture.
* A new function pcre2_get_match_data_heapframes_size() for finer
heap control.
* New option flags to restrict the interaction between ASCII and
non-ASCII characters for caseless matching and \d and friends.
There are also new pattern constructs to control these flags
from within a pattern.
* Upgrade to Unicode 15.0.0.
* Treat a NULL pattern with zero length as an empty string.
* Added support for limited-length variable-length lookbehind
assertions, with a default maximum length of 255 characters
(same as Perl) but with a function to adjust the limit.
* Perl changed the meaning of (for example) {,3} which did not
used to be recognized as a quantifier. Now it means {0,3} and
PCRE2 has also changed. Note that {,} is still not a
quantifier.
* Following Perl, allow spaces and tabs after { and before } in
all Perl- compatible items that use braces, and also around
commas in quantifiers. The one exception in PCRE2 is \u{...},
which is from ECMAScript, not Perl, and PCRE2 follows
ECMAScript usage.
* Changed the meaning of \w and its synonyms and derivatives (\b
and \B) in UCP mode to follow Perl. It now matches characters
whose general categories are L or N or whose particular
categories are Mn (non-spacing mark) or Pc (combining
punctuation).
* Changed the default meaning of [:xdigit:] in UCP mode to
follow Perl. It now matches the "fullwidth" versions of hex
digits. PCRE2_EXTRA_ASCII_DIGIT can be used to keep it ASCII
only.
* Make PCRE2_UCP the default in UTF mode in pcre2grep and add
- no_ucp, --case-restrict and --posix-digit.
* Add --group-separator and --no-group-separator to pcre2grep.
==== perl-Bootloader ====
Version update (1.11 -> 1.12)
- merge gh#openSUSE/perl-bootloader#163
- validate test output for each shell individually
- update and extend tests
- reworked default-settings command
- add test case for default-settings
- rework get-option command
- add test case for get-option
- rework del-option command
- add test case for del-option
- rework add-option command
- add test case for add-option
- rework grub2-efi install
- adjust some tests
- systemd-boot test adjusted
- rework remove-kernel option and add tests
- rework add-kernel option and add tests
- adjust kexec-bootloader and add tests
- remove support for dash
- remove ancient perl library code from master branch
- updated git2log script
- adjust spec file
- rewrite grub2 install to be more compatible (bsc#1214361)
- 1.12
==== php8 ====
Version update (8.2.15 -> 8.2.16)
Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter
- version update to 8.2.16
* This is a bug fix release.
- modified patches
% php-build-reproducible-phar.patch (refreshed)
==== pipewire ====
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Force using doxygen-1_10 in SLE where the default doxygen is too
old and generates broken docs (boo#1217886)
- Add a conflict in -pulseaudio with
pipewire-modules-%{apiver} < 1.0.0 since the
libpipewire-module-protocol-pulse.so module was included in
- modules before 1.0.0 so we should avoid a file conflict.
==== pkcs11-helper ====
Version update (1.29.0 -> 1.30.0)
- update to 1.30.0:
* core: add dynamic loader provider attribute
* openssl: support DSA in libressl-3.5.0
* openssl: fix openssl_ex_data_dup prototype
- get rid of almost empty pkcs11-helper package
==== pkgconf ====
Version update (1.8.0 -> 2.1.1)
Subpackages: pkgconf-m4 pkgconf-pkg-config
- update to 2.1.1:
* Fix --modversion with constraints
* Reintroduce an optimization to the dependency graph walker
which avoids revisiting already visited nodes
* Add a regression test to check that the dependency flattener is
working as expected
- update to 2.1.0:
* new solver for higher performance with complicated graphs
* Add --license selector to the pkgconf CLI
* Add flag --verbose and --solution to CLI
* Changes and fixes to --modversion
* bug fixes and developer visible changes
- drop pkgconf-CVE-2023-24056.patch, now included
==== poppler ====
Version update (23.12.0 -> 24.02.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools
- version update to 24.02.0
Release 24.02.0:
core:
* Fix reading some JBIG2 streams. Issue #1319
* Fix saving some annotation interior color when it's empty
* Make searching for fonts when adding annotations a bit faster
* Make sure images are compressed when adding them
* Small internal code cleanup
utils:
* pdfimages: return exit code 2 when error opening output files
Release 24.01.0:
core:
* Don't crash on certain documents on the NSS signature backend
* Fix infinite loop in some annotation code if there's not space for even one character
* Fix build on Android with generic font configuration
* Small internal code cleanup
==== poppler-qt5 ====
Version update (23.12.0 -> 24.02.0)
- version update to 24.02.0
Release 24.02.0:
core:
* Fix reading some JBIG2 streams. Issue #1319
* Fix saving some annotation interior color when it's empty
* Make searching for fonts when adding annotations a bit faster
* Make sure images are compressed when adding them
* Small internal code cleanup
utils:
* pdfimages: return exit code 2 when error opening output files
Release 24.01.0:
core:
* Don't crash on certain documents on the NSS signature backend
* Fix infinite loop in some annotation code if there's not space for even one character
* Fix build on Android with generic font configuration
* Small internal code cleanup
==== potrace ====
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
==== prctl ====
- Use %patch -P N instead of deprecated %patchN.
- Move license to %license section
==== publicsuffix ====
Version update (20240123 -> 20240212)
- Update to version 20240212:
* Add cprapid.com suffix to private section (#1892)
* util: gTLD data autopull updates for 2024-02-08T15:13:14 UTC (#1932)
* Added Cyclic Software (#1737)
* Update public_suffix_list.dat for scw.cloud subdomains (#1740)
* Update public_suffix_list.dat (#1926)
* Add ZAP-Hosting cloud domain (#1907)
* Add `flutterflow.app` (#1666)
* Update public_suffix_list.dat (#1614)
* Brave Submissions to the Public Suffix List - Q4 2023 (#1872)
* Add pley.games (#1881)
* Add panel.dev (#1916)
* add 12CHARS to private domains (#1915)
* Azure updates for Microsoft Corporate Domains (#1891)
* Remove blog.kg from private section (#1840)
* AWS Submissions to the Public Suffix List - Q4 2023 (#1876)
* Homebase requested the addition of id.pub kin.one kin.pub (#1768)
* Replace run.app and a.run.app with *.run.app (#1928)
* Add pages.gay (#1920)
* Update Platform.sh domains (#1792)
* fix(adobe): add aem.live and aem.page domains (#1874)
* Update code builder domains with the canary (#1802)
* Add atmeta.com to PSL and consolidate Meta entries (#1736)
* util: gTLD data autopull updates for 2024-01-24T15:14:29 UTC (#1923)
==== pulseaudio ====
Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup pulseaudio-utils system-user-pulse
- Add cherry-picks to fix UCM crashes
* pulseaudio-replace-port-device-UCM-context-assertion-with-an-error.patch
* pulseaudio-check-UCM-verb-before-working-with-device-status.patch
==== python-cryptography ====
Version update (41.0.7 -> 42.0.4)
- update to 42.0.4 (bsc#1220210, CVE-2024-26130):
* Fixed a null-pointer-dereference and segfault that could occur
when creating a PKCS#12 bundle. Credit to Alexander-Programming
for reporting the issue. CVE-2024-26130
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields
SMIMECapabilities and SignatureAlgorithmIdentifier should now be
correctly encoded according to the definitions in :rfc:2633
:rfc:3370.
- update to 42.0.3:
* Fixed an initialization issue that caused key loading failures for some
users.
- Drop patch skip_openssl_memleak_test.patch not needed anymore.
- update to 42.0.2:
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer
protocol objects in sign and verify methods on asymmetric
keys.
* Fixed an issue with incorrect keyword-argument naming with
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
s.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
X25519PrivateKey :meth:`~cryptography.hazmat.primitives.asymm
etric.x25519.X25519PrivateKey.exchange`, X448PrivateKey :meth
:`~cryptography.hazmat.primitives.asymmetric.x448.X448Private
Key.exchange`, and DHPrivateKey :meth:`~cryptography.hazmat.p
rimitives.asymmetric.dh.DHPrivateKey.exchange`.
- update to 42.0.1:
* Fixed an issue with incorrect keyword-argument naming with
EllipticCurvePrivateKey :meth:`~cryptography.hazmat.primitive
s.asymmetric.ec.EllipticCurvePrivateKey.sign`.
* Resolved compatibility issue with loading certain RSA public
keys in :func:`~cryptography.hazmat.primitives.serialization.
load_pem_public_key`.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.7.
* BACKWARDS INCOMPATIBLE: Loading a PKCS7 with no content field
using :func:`~cryptography.hazmat.primitives.serialization.pk
cs7.load_pem_pkcs7_certificates` or :func:`~cryptography.hazm
at.primitives.serialization.pkcs7.load_der_pkcs7_certificates
` will now raise a ValueError rather than return an empty
list.
* Parsing SSH certificates no longer permits malformed critical
options with values, as documented in the 41.0.2 release
notes.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0,
from 1.56.0.
* We now publish both py37 and py39 abi3 wheels. This should
resolve some errors relating to initializing a module
multiple times per process.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.pa
dding.PSS` for X.509 certificate signing requests and
certificate revocation lists with the keyword-only argument
rsa_padding on the sign methods for
:class:`~cryptography.x509.CertificateSigningRequestBuilder`
and
:class:`~cryptography.x509.CertificateRevocationListBuilder`.
* Added support for obtaining X.509 certificate signing request
signature algorithm parameters (including PSS) via :meth:`~cr
yptography.x509.CertificateSigningRequest.signature_algorithm
_parameters`.
* Added support for obtaining X.509 certificate revocation list
signature algorithm parameters (including PSS) via :meth:`~cr
yptography.x509.CertificateRevocationList.signature_algorithm
_parameters`.
* Added mgf property to :class:`~cryptography.hazmat.primitives
.asymmetric.padding.PSS`.
* Added algorithm and mgf properties to :class:`~cryptography.h
azmat.primitives.asymmetric.padding.OAEP`.
* Added the following properties that return timezone-aware
datetime objects:
:meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
:meth:`~cryptography.x509.Certificate.not_valid_after_utc`, :
meth:`~cryptography.x509.RevokedCertificate.revocation_date_u
tc`, :meth:`~cryptography.x509.CertificateRevocationList.next
_update_utc`, :meth:`~cryptography.x509.CertificateRevocation
List.last_update_utc`. These are timezone-aware variants of
existing properties that return naïve datetime objects.
* Deprecated the following properties that return naïve
datetime objects:
:meth:`~cryptography.x509.Certificate.not_valid_before`,
:meth:`~cryptography.x509.Certificate.not_valid_after`, :meth
:`~cryptography.x509.RevokedCertificate.revocation_date`, :me
th:`~cryptography.x509.CertificateRevocationList.next_update`
, :meth:`~cryptography.x509.CertificateRevocationList.last_up
date` in favor of the new timezone-aware variants mentioned
above.
* Added support for :class:`~cryptography.hazmat.primitives.cip
hers.algorithms.ChaCha20` on LibreSSL.
* Added support for RSA PSS signatures in PKCS7 with :meth:`~cr
yptography.hazmat.primitives.serialization.pkcs7.PKCS7Signatu
reBuilder.add_signer`.
* In the next release (43.0.0) of cryptography, loading an
X.509 certificate with a negative serial number will raise an
exception. This has been deprecated since 36.0.0.
* Added support for :class:`~cryptography.hazmat.primitives.cip
hers.aead.AESGCMSIV` when using OpenSSL 3.2.0+.
* Added the :mod:`X.509 path validation
participants (1)
-
Guillaume Gardet