Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20231017 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: gnome-sudoku (45.0 -> 45.1) gpg2 ncurses (6.4.20230909 -> 6.4.20231007) nghttp2 (1.55.1 -> 1.57.0) nodejs20 (20.8.0 -> 20.8.1) rubygem-rubocop (1.57.0 -> 1.57.1) rubygem-unicode-display_width (2.4.2 -> 2.5.0) xterm (385 -> 387) === Details === ==== gnome-sudoku ==== Version update (45.0 -> 45.1) - Update to version 45.1: + Fix right click not opening earmark popover. + Updated translations. ==== gpg2 ==== Subpackages: dirmngr - Fix Emacs EasyPG behavior when parsing output: * gpg: Report BEGIN_* status before examining the input. * Upstream task: https://dev.gnupg.org/T6481 * Add gnupg-Report-BEGIN_-status-before-examining-the-input.patch ==== ncurses ==== Version update (6.4.20230909 -> 6.4.20231007) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20231007 + improve loop-limit for get_position(). + improve manual description of immedok (Debian #1053603). + fix a few formatting issues with manpages (Debian #1053123). + improve formatting/style of manpages (patches by Branden Robinson). - Add ncurses patch 20231001 + modify setupterm to provide for using ANSI cursor-position report (in user6/user7 terminfo capabilities) to obtain screensize if neither environment variables or ioctl is used. The ncurses test-program with options "-E -T" demonstrates this feature. + improve error messages in tic (patch by Branden Robinson). + improve formatting/style of manpages (patches by Branden Robinson). + modify test/clip_printw.c to optionally test non-wrapped updates. + fix reallocation loop for vsnprintf() in _nc_sprintf_string() by copying the va_list variable (patch by Ian Abbott). - Add ncurses patch 20230923 + improve formatting of manpages (patches by Branden Robinson). + amend change to delscreen() to limit the windows which it creates to just those associated with the screen (report by Frederic Boiteux, cf: 20220813). - Add ncurses patch 20230918 + new tarball/errata (report by Sven Joachim). - Add ncurses patch 20230917 + improve formatting of manpages (integrated patches by Branden Robinson). + correct limit for name-length in write_entry.c (report/testcase by Luna Saphie Mittelbach). + limit delays to 30 seconds, i.e., padding delays in terminfo, as well as napms() and delay_output() functions. + improve a few pointer-checks. + improve parsing in _nc_msec_cost, allowing a single decimal point. ==== nghttp2 ==== Version update (1.55.1 -> 1.57.0) - version update to 1.57.0 [bsc#1216174] 1.57.0 * Fixes CVE-2023-44487 * Bump ngtcp2 by @tatsuhiro-t in #1944 * Add dependabot to update actions by @tatsuhiro-t in #1946 * Bump golang.org/x/net to v0.15.0 by @tatsuhiro-t in #1950 * Bump actions/setup-go from 3 to 4 by @dependabot in #1948 * Bump actions/checkout from 3 to 4 by @dependabot in #1949 * Bump actions/upload-artifact from 1 to 3 by @dependabot in #1947 * docker: Bump base image to debian 12 by @tatsuhiro-t in #1951 * nghttpx: Header field name must be lowercase by @tatsuhiro-t in #1953 * Bump quictls by @tatsuhiro-t in #1945 * Apps fix by @tatsuhiro-t in #1957 * nghttpx: Fix bug that --single-process does not work by @tatsuhiro-t in #1958 * Fix clang-format by @tatsuhiro-t in #1959 * Rework session management by @tatsuhiro-t in #1961 1.56.0 * doc: Bump boringssl by @tatsuhiro-t in #1928 * Fix memory leak by @tatsuhiro-t in #1930 * Return void by @tatsuhiro-t in #1931 * nghttpx: Rework sending and receiving ECN bits by @tatsuhiro-t in #1934 * CMSG_DATA does not necessarily return an aligned pointer by @tatsuhiro-t in #1935 * Bump quictls by @tatsuhiro-t in #1937 * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #1939 * nghttpx: Simplify std::unique_ptr get and release by @tatsuhiro-t in #1940 * Bump llhttp to 926c982942eb53a13f01c1e9e6b19bd3b196e7dd by @tatsuhiro-t in #1941 * Bump libbpf to v1.2.2 by @tatsuhiro-t in #1942 * Update Dockerfile by @tatsuhiro-t in #1943 ==== nodejs20 ==== Version update (20.8.0 -> 20.8.1) Subpackages: npm20 - Security fixes relase 20.8.1 * (CVE-2023-44487, bsc#1216190): nghttp2 Security Release * (CVE-2023-45143, bsc#1216205): undici Security Release * (CVE-2023-39332, bsc#1216271): Path traversal through path stored in Uint8Array * (CVE-2023-39331, bsc#1216270): Permission model improperly protects against path traversal * (CVE-2023-38552, bsc#1216272): Integrity checks according to policies can be circumvented * (CVE-2023-39333, bsc#1216273): Code injection via WebAssembly export names - fix_ci_tests.patch: refreshed ==== rubygem-rubocop ==== Version update (1.57.0 -> 1.57.1) - updated to version 1.57.1 [#]# 1.57.1 (2023-10-13) [#]## Bug fixes * [#12271](https://github.com/rubocop/rubocop/issues/12271): Fix a false positive for `Lint/RedundantSafeNavigation` when using snake case constant receiver. ([@koic][]) * [#12265](https://github.com/rubocop/rubocop/issues/12265): Fix an error for `Layout/MultilineMethodCallIndentation` when usingarithmetic operation with block inside a grouped expression. ([@koic][]) * [#12177](https://github.com/rubocop/rubocop/pull/12177): Fix an incorrect autocorrect for `Style/RedundantException`. ([@ydah][]) * [#12261](https://github.com/rubocop/rubocop/issues/12261): Fix an infinite loop for `Layout/MultilineMethodCallIndentation` when multiline method chain with a block argument and method chain. ([@ydah][]) * [#12263](https://github.com/rubocop/rubocop/issues/12263): Fix false positives for `Style/RedundantDoubleSplatHashBraces` when method call for no hash braced double splat receiver. ([@koic][]) * [#12262](https://github.com/rubocop/rubocop/pull/12262): Fix an incorrect autocorrect for `Style/RedundantDoubleSplatHashBraces` when using double splat hash braces with `merge` method call twice. ([@koic][]) ==== rubygem-unicode-display_width ==== Version update (2.4.2 -> 2.5.0) - updated to version 2.5.0 [#]# 2.5.0 - Unicode 15.1 ==== xterm ==== Version update (385 -> 387) Subpackages: xterm-bin xterm-resize - update 387: * add DECRQUPSS and DECAUPSS * add DECRQDE * correct indexing expression in title-stack - includes changes from 386: * improve references in ctlseqs.ms * make the maximum amount of memory used for buffering DCS and OSC strings configurable with maxStringParse resource * improve performance of ReGIS when initializing the largest fontsize * fix regression in SIXEL colors * fix typo in --with-wtmp